1#include "idmap.h"
2
3#include <private/android_filesystem_config.h> // for AID_SYSTEM
4
5#include <stdlib.h>
6#include <string.h>
7
8namespace {
9    const char *usage = "NAME\n\
10      idmap - create or display idmap files\n\
11\n\
12SYNOPSIS \n\
13      idmap --help \n\
14      idmap --fd target overlay fd \n\
15      idmap --path target overlay idmap \n\
16      idmap --scan dir-to-scan target-to-look-for target dir-to-hold-idmaps \n\
17      idmap --inspect idmap \n\
18\n\
19DESCRIPTION \n\
20      Idmap files play an integral part in the runtime resource overlay framework. An idmap \n\
21      file contains a mapping of resource identifiers between overlay package and its target \n\
22      package; this mapping is used during resource lookup. Idmap files also act as control \n\
23      files by their existence: if not present, the corresponding overlay package is ignored \n\
24      when the resource context is created. \n\
25\n\
26      Idmap files are stored in /data/resource-cache. For each pair (target package, overlay \n\
27      package), there exists exactly one idmap file, or none if the overlay should not be used. \n\
28\n\
29NOMENCLATURE \n\
30      target: the original, non-overlay, package. Each target package may be associated with \n\
31              any number of overlay packages. \n\
32\n\
33      overlay: an overlay package. Each overlay package is associated with exactly one target \n\
34               package, specified in the overlay's manifest using the <overlay target=\"...\"/> \n\
35               tag. \n\
36\n\
37OPTIONS \n\
38      --help: display this help \n\
39\n\
40      --fd: create idmap for target package 'target' (path to apk) and overlay package 'overlay' \n\
41            (path to apk); write results to file descriptor 'fd' (integer). This invocation \n\
42            version is intended to be used by a parent process with higher privileges to call \n\
43            idmap in a controlled way: the parent will open a suitable file descriptor, fork, \n\
44            drop its privileges and exec. This tool will continue execution without the extra \n\
45            privileges, but still have write access to a file it could not have opened on its \n\
46            own. \n\
47\n\
48      --path: create idmap for target package 'target' (path to apk) and overlay package \n\
49              'overlay' (path to apk); write results to 'idmap' (path). \n\
50\n\
51      --scan: non-recursively search directory 'dir-to-scan' (path) for overlay packages with \n\
52              target package 'target-to-look-for' (package name) present at 'target' (path to \n\
53              apk). For each overlay package found, create an idmap file in 'dir-to-hold-idmaps' \n\
54              (path). \n\
55\n\
56      --inspect: decode the binary format of 'idmap' (path) and display the contents in a \n\
57                 debug-friendly format. \n\
58\n\
59EXAMPLES \n\
60      Create an idmap file: \n\
61\n\
62      $ adb shell idmap --path /system/app/target.apk \\ \n\
63                               /vendor/overlay/overlay.apk \\ \n\
64                               /data/resource-cache/vendor@overlay@overlay.apk@idmap \n\
65\n\
66      Display an idmap file: \n\
67\n\
68      $ adb shell idmap --inspect /data/resource-cache/vendor@overlay@overlay.apk@idmap \n\
69      SECTION      ENTRY        VALUE      COMMENT \n\
70      IDMAP HEADER magic        0x706d6469 \n\
71                   base crc     0xb65a383f \n\
72                   overlay crc  0x7b9675e8 \n\
73                   base path    .......... /path/to/target.apk \n\
74                   overlay path .......... /path/to/overlay.apk \n\
75      DATA HEADER  target pkg   0x0000007f \n\
76                   types count  0x00000003 \n\
77      DATA BLOCK   target type  0x00000002 \n\
78                   overlay type 0x00000002 \n\
79                   entry count  0x00000001 \n\
80                   entry offset 0x00000000 \n\
81                   entry        0x00000000 drawable/drawable \n\
82      DATA BLOCK   target type  0x00000003 \n\
83                   overlay type 0x00000003 \n\
84                   entry count  0x00000001 \n\
85                   entry offset 0x00000000 \n\
86                   entry        0x00000000 xml/integer \n\
87      DATA BLOCK   target type  0x00000004 \n\
88                   overlay type 0x00000004 \n\
89                   entry count  0x00000001 \n\
90                   entry offset 0x00000000 \n\
91                   entry        0x00000000 raw/lorem_ipsum \n\
92\n\
93      In this example, the overlay package provides three alternative resource values:\n\
94      drawable/drawable, xml/integer, and raw/lorem_ipsum \n\
95\n\
96NOTES \n\
97      This tool and its expected invocation from installd is modelled on dexopt.";
98
99    bool verify_directory_readable(const char *path)
100    {
101        return access(path, R_OK | X_OK) == 0;
102    }
103
104    bool verify_directory_writable(const char *path)
105    {
106        return access(path, W_OK) == 0;
107    }
108
109    bool verify_file_readable(const char *path)
110    {
111        return access(path, R_OK) == 0;
112    }
113
114    bool verify_root_or_system()
115    {
116        uid_t uid = getuid();
117        gid_t gid = getgid();
118
119        return (uid == 0 && gid == 0) || (uid == AID_SYSTEM && gid == AID_SYSTEM);
120    }
121
122    int maybe_create_fd(const char *target_apk_path, const char *overlay_apk_path,
123            const char *idmap_str)
124    {
125        // anyone (not just root or system) may do --fd -- the file has
126        // already been opened by someone else on our behalf
127
128        char *endptr;
129        int idmap_fd = strtol(idmap_str, &endptr, 10);
130        if (*endptr != '\0') {
131            fprintf(stderr, "error: failed to parse file descriptor argument %s\n", idmap_str);
132            return -1;
133        }
134
135        if (!verify_file_readable(target_apk_path)) {
136            ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
137            return -1;
138        }
139
140        if (!verify_file_readable(overlay_apk_path)) {
141            ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno));
142            return -1;
143        }
144
145        return idmap_create_fd(target_apk_path, overlay_apk_path, idmap_fd);
146    }
147
148    int maybe_create_path(const char *target_apk_path, const char *overlay_apk_path,
149            const char *idmap_path)
150    {
151        if (!verify_root_or_system()) {
152            fprintf(stderr, "error: permission denied: not user root or user system\n");
153            return -1;
154        }
155
156        if (!verify_file_readable(target_apk_path)) {
157            ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
158            return -1;
159        }
160
161        if (!verify_file_readable(overlay_apk_path)) {
162            ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno));
163            return -1;
164        }
165
166        return idmap_create_path(target_apk_path, overlay_apk_path, idmap_path);
167    }
168
169    int maybe_scan(const char *overlay_dir, const char *target_package_name,
170            const char *target_apk_path, const char *idmap_dir)
171    {
172        if (!verify_root_or_system()) {
173            fprintf(stderr, "error: permission denied: not user root or user system\n");
174            return -1;
175        }
176
177        if (!verify_directory_readable(overlay_dir)) {
178            ALOGD("error: no read access to %s: %s\n", overlay_dir, strerror(errno));
179            return -1;
180        }
181
182        if (!verify_file_readable(target_apk_path)) {
183            ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
184            return -1;
185        }
186
187        if (!verify_directory_writable(idmap_dir)) {
188            ALOGD("error: no write access to %s: %s\n", idmap_dir, strerror(errno));
189            return -1;
190        }
191
192        return idmap_scan(overlay_dir, target_package_name, target_apk_path, idmap_dir);
193    }
194
195    int maybe_inspect(const char *idmap_path)
196    {
197        // anyone (not just root or system) may do --inspect
198        if (!verify_file_readable(idmap_path)) {
199            ALOGD("error: failed to read idmap %s: %s\n", idmap_path, strerror(errno));
200            return -1;
201        }
202        return idmap_inspect(idmap_path);
203    }
204}
205
206int main(int argc, char **argv)
207{
208#if 0
209    {
210        char buf[1024];
211        buf[0] = '\0';
212        for (int i = 0; i < argc; ++i) {
213            strncat(buf, argv[i], sizeof(buf) - 1);
214            strncat(buf, " ", sizeof(buf) - 1);
215        }
216        ALOGD("%s:%d: uid=%d gid=%d argv=%s\n", __FILE__, __LINE__, getuid(), getgid(), buf);
217    }
218#endif
219
220    if (argc == 2 && !strcmp(argv[1], "--help")) {
221        printf("%s\n", usage);
222        return 0;
223    }
224
225    if (argc == 5 && !strcmp(argv[1], "--fd")) {
226        return maybe_create_fd(argv[2], argv[3], argv[4]);
227    }
228
229    if (argc == 5 && !strcmp(argv[1], "--path")) {
230        return maybe_create_path(argv[2], argv[3], argv[4]);
231    }
232
233    if (argc == 6 && !strcmp(argv[1], "--scan")) {
234        return maybe_scan(argv[2], argv[3], argv[4], argv[5]);
235    }
236
237    if (argc == 3 && !strcmp(argv[1], "--inspect")) {
238        return maybe_inspect(argv[2]);
239    }
240
241    fprintf(stderr, "Usage: don't use this (cf dexopt usage).\n");
242    return EXIT_FAILURE;
243}
244