1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "nativebridge/native_bridge.h"
18
19#include <cstring>
20#include <cutils/log.h>
21#include <dlfcn.h>
22#include <errno.h>
23#include <fcntl.h>
24#include <stdio.h>
25#include <sys/mount.h>
26#include <sys/stat.h>
27
28
29namespace android {
30
31// Environment values required by the apps running with native bridge.
32struct NativeBridgeRuntimeValues {
33    const char* os_arch;
34    const char* cpu_abi;
35    const char* cpu_abi2;
36    const char* *supported_abis;
37    int32_t abi_count;
38};
39
40// The symbol name exposed by native-bridge with the type of NativeBridgeCallbacks.
41static constexpr const char* kNativeBridgeInterfaceSymbol = "NativeBridgeItf";
42
43enum class NativeBridgeState {
44  kNotSetup,                        // Initial state.
45  kOpened,                          // After successful dlopen.
46  kPreInitialized,                  // After successful pre-initialization.
47  kInitialized,                     // After successful initialization.
48  kClosed                           // Closed or errors.
49};
50
51static constexpr const char* kNotSetupString = "kNotSetup";
52static constexpr const char* kOpenedString = "kOpened";
53static constexpr const char* kPreInitializedString = "kPreInitialized";
54static constexpr const char* kInitializedString = "kInitialized";
55static constexpr const char* kClosedString = "kClosed";
56
57static const char* GetNativeBridgeStateString(NativeBridgeState state) {
58  switch (state) {
59    case NativeBridgeState::kNotSetup:
60      return kNotSetupString;
61
62    case NativeBridgeState::kOpened:
63      return kOpenedString;
64
65    case NativeBridgeState::kPreInitialized:
66      return kPreInitializedString;
67
68    case NativeBridgeState::kInitialized:
69      return kInitializedString;
70
71    case NativeBridgeState::kClosed:
72      return kClosedString;
73  }
74}
75
76// Current state of the native bridge.
77static NativeBridgeState state = NativeBridgeState::kNotSetup;
78
79// Whether we had an error at some point.
80static bool had_error = false;
81
82// Handle of the loaded library.
83static void* native_bridge_handle = nullptr;
84// Pointer to the callbacks. Available as soon as LoadNativeBridge succeeds, but only initialized
85// later.
86static NativeBridgeCallbacks* callbacks = nullptr;
87// Callbacks provided by the environment to the bridge. Passed to LoadNativeBridge.
88static const NativeBridgeRuntimeCallbacks* runtime_callbacks = nullptr;
89
90// The app's code cache directory.
91static char* app_code_cache_dir = nullptr;
92
93// Code cache directory (relative to the application private directory)
94// Ideally we'd like to call into framework to retrieve this name. However that's considered an
95// implementation detail and will require either hacks or consistent refactorings. We compromise
96// and hard code the directory name again here.
97static constexpr const char* kCodeCacheDir = "code_cache";
98
99static constexpr uint32_t kNativeBridgeCallbackVersion = 1;
100
101// Characters allowed in a native bridge filename. The first character must
102// be in [a-zA-Z] (expected 'l' for "libx"). The rest must be in [a-zA-Z0-9._-].
103static bool CharacterAllowed(char c, bool first) {
104  if (first) {
105    return ('a' <= c && c <= 'z') || ('A' <= c && c <= 'Z');
106  } else {
107    return ('a' <= c && c <= 'z') || ('A' <= c && c <= 'Z') || ('0' <= c && c <= '9') ||
108           (c == '.') || (c == '_') || (c == '-');
109  }
110}
111
112// We only allow simple names for the library. It is supposed to be a file in
113// /system/lib or /vendor/lib. Only allow a small range of characters, that is
114// names consisting of [a-zA-Z0-9._-] and starting with [a-zA-Z].
115bool NativeBridgeNameAcceptable(const char* nb_library_filename) {
116  const char* ptr = nb_library_filename;
117  if (*ptr == 0) {
118    // Emptry string. Allowed, means no native bridge.
119    return true;
120  } else {
121    // First character must be [a-zA-Z].
122    if (!CharacterAllowed(*ptr, true))  {
123      // Found an invalid fist character, don't accept.
124      ALOGE("Native bridge library %s has been rejected for first character %c", nb_library_filename, *ptr);
125      return false;
126    } else {
127      // For the rest, be more liberal.
128      ptr++;
129      while (*ptr != 0) {
130        if (!CharacterAllowed(*ptr, false)) {
131          // Found an invalid character, don't accept.
132          ALOGE("Native bridge library %s has been rejected for %c", nb_library_filename, *ptr);
133          return false;
134        }
135        ptr++;
136      }
137    }
138    return true;
139  }
140}
141
142static bool VersionCheck(NativeBridgeCallbacks* cb) {
143  return cb != nullptr && cb->version == kNativeBridgeCallbackVersion;
144}
145
146static void CloseNativeBridge(bool with_error) {
147  state = NativeBridgeState::kClosed;
148  had_error |= with_error;
149  delete[] app_code_cache_dir;
150  app_code_cache_dir = nullptr;
151}
152
153bool LoadNativeBridge(const char* nb_library_filename,
154                      const NativeBridgeRuntimeCallbacks* runtime_cbs) {
155  // We expect only one place that calls LoadNativeBridge: Runtime::Init. At that point we are not
156  // multi-threaded, so we do not need locking here.
157
158  if (state != NativeBridgeState::kNotSetup) {
159    // Setup has been called before. Ignore this call.
160    if (nb_library_filename != nullptr) {  // Avoids some log-spam for dalvikvm.
161      ALOGW("Called LoadNativeBridge for an already set up native bridge. State is %s.",
162            GetNativeBridgeStateString(state));
163    }
164    // Note: counts as an error, even though the bridge may be functional.
165    had_error = true;
166    return false;
167  }
168
169  if (nb_library_filename == nullptr || *nb_library_filename == 0) {
170    CloseNativeBridge(false);
171    return false;
172  } else {
173    if (!NativeBridgeNameAcceptable(nb_library_filename)) {
174      CloseNativeBridge(true);
175    } else {
176      // Try to open the library.
177      void* handle = dlopen(nb_library_filename, RTLD_LAZY);
178      if (handle != nullptr) {
179        callbacks = reinterpret_cast<NativeBridgeCallbacks*>(dlsym(handle,
180                                                                   kNativeBridgeInterfaceSymbol));
181        if (callbacks != nullptr) {
182          if (VersionCheck(callbacks)) {
183            // Store the handle for later.
184            native_bridge_handle = handle;
185          } else {
186            callbacks = nullptr;
187            dlclose(handle);
188            ALOGW("Unsupported native bridge interface.");
189          }
190        } else {
191          dlclose(handle);
192        }
193      }
194
195      // Two failure conditions: could not find library (dlopen failed), or could not find native
196      // bridge interface (dlsym failed). Both are an error and close the native bridge.
197      if (callbacks == nullptr) {
198        CloseNativeBridge(true);
199      } else {
200        runtime_callbacks = runtime_cbs;
201        state = NativeBridgeState::kOpened;
202      }
203    }
204    return state == NativeBridgeState::kOpened;
205  }
206}
207
208#if defined(__arm__)
209static const char* kRuntimeISA = "arm";
210#elif defined(__aarch64__)
211static const char* kRuntimeISA = "arm64";
212#elif defined(__mips__)
213static const char* kRuntimeISA = "mips";
214#elif defined(__i386__)
215static const char* kRuntimeISA = "x86";
216#elif defined(__x86_64__)
217static const char* kRuntimeISA = "x86_64";
218#else
219static const char* kRuntimeISA = "unknown";
220#endif
221
222
223bool NeedsNativeBridge(const char* instruction_set) {
224  if (instruction_set == nullptr) {
225    ALOGE("Null instruction set in NeedsNativeBridge.");
226    return false;
227  }
228  return strncmp(instruction_set, kRuntimeISA, strlen(kRuntimeISA) + 1) != 0;
229}
230
231#ifdef __APPLE__
232template<typename T> void UNUSED(const T&) {}
233#endif
234
235bool PreInitializeNativeBridge(const char* app_data_dir_in, const char* instruction_set) {
236  if (state != NativeBridgeState::kOpened) {
237    ALOGE("Invalid state: native bridge is expected to be opened.");
238    CloseNativeBridge(true);
239    return false;
240  }
241
242  if (app_data_dir_in == nullptr) {
243    ALOGE("Application private directory cannot be null.");
244    CloseNativeBridge(true);
245    return false;
246  }
247
248  // Create the path to the application code cache directory.
249  // The memory will be release after Initialization or when the native bridge is closed.
250  const size_t len = strlen(app_data_dir_in) + strlen(kCodeCacheDir) + 2; // '\0' + '/'
251  app_code_cache_dir = new char[len];
252  snprintf(app_code_cache_dir, len, "%s/%s", app_data_dir_in, kCodeCacheDir);
253
254  // Bind-mount /system/lib{,64}/<isa>/cpuinfo to /proc/cpuinfo.
255  // Failure is not fatal and will keep the native bridge in kPreInitialized.
256  state = NativeBridgeState::kPreInitialized;
257
258#ifndef __APPLE__
259  if (instruction_set == nullptr) {
260    return true;
261  }
262  size_t isa_len = strlen(instruction_set);
263  if (isa_len > 10) {
264    // 10 is a loose upper bound on the currently known instruction sets (a tight bound is 7 for
265    // x86_64 [including the trailing \0]). This is so we don't have to change here if there will
266    // be another instruction set in the future.
267    ALOGW("Instruction set %s is malformed, must be less than or equal to 10 characters.",
268          instruction_set);
269    return true;
270  }
271
272  // If the file does not exist, the mount command will fail,
273  // so we save the extra file existence check.
274  char cpuinfo_path[1024];
275
276#ifdef HAVE_ANDROID_OS
277  snprintf(cpuinfo_path, sizeof(cpuinfo_path), "/system/lib"
278#ifdef __LP64__
279      "64"
280#endif  // __LP64__
281      "/%s/cpuinfo", instruction_set);
282#else   // !HAVE_ANDROID_OS
283  // To be able to test on the host, we hardwire a relative path.
284  snprintf(cpuinfo_path, sizeof(cpuinfo_path), "./cpuinfo");
285#endif
286
287  // Bind-mount.
288  if (TEMP_FAILURE_RETRY(mount(cpuinfo_path,        // Source.
289                               "/proc/cpuinfo",     // Target.
290                               nullptr,             // FS type.
291                               MS_BIND,             // Mount flags: bind mount.
292                               nullptr)) == -1) {   // "Data."
293    ALOGW("Failed to bind-mount %s as /proc/cpuinfo: %s", cpuinfo_path, strerror(errno));
294  }
295#else  // __APPLE__
296  UNUSED(instruction_set);
297  ALOGW("Mac OS does not support bind-mounting. Host simulation of native bridge impossible.");
298#endif
299
300  return true;
301}
302
303static void SetCpuAbi(JNIEnv* env, jclass build_class, const char* field, const char* value) {
304  if (value != nullptr) {
305    jfieldID field_id = env->GetStaticFieldID(build_class, field, "Ljava/lang/String;");
306    if (field_id == nullptr) {
307      env->ExceptionClear();
308      ALOGW("Could not find %s field.", field);
309      return;
310    }
311
312    jstring str = env->NewStringUTF(value);
313    if (str == nullptr) {
314      env->ExceptionClear();
315      ALOGW("Could not create string %s.", value);
316      return;
317    }
318
319    env->SetStaticObjectField(build_class, field_id, str);
320  }
321}
322
323// Set up the environment for the bridged app.
324static void SetupEnvironment(NativeBridgeCallbacks* callbacks, JNIEnv* env, const char* isa) {
325  // Need a JNIEnv* to do anything.
326  if (env == nullptr) {
327    ALOGW("No JNIEnv* to set up app environment.");
328    return;
329  }
330
331  // Query the bridge for environment values.
332  const struct NativeBridgeRuntimeValues* env_values = callbacks->getAppEnv(isa);
333  if (env_values == nullptr) {
334    return;
335  }
336
337  // Keep the JNIEnv clean.
338  jint success = env->PushLocalFrame(16);  // That should be small and large enough.
339  if (success < 0) {
340    // Out of memory, really borked.
341    ALOGW("Out of memory while setting up app environment.");
342    env->ExceptionClear();
343    return;
344  }
345
346  // Reset CPU_ABI & CPU_ABI2 to values required by the apps running with native bridge.
347  if (env_values->cpu_abi != nullptr || env_values->cpu_abi2 != nullptr ||
348      env_values->abi_count >= 0) {
349    jclass bclass_id = env->FindClass("android/os/Build");
350    if (bclass_id != nullptr) {
351      SetCpuAbi(env, bclass_id, "CPU_ABI", env_values->cpu_abi);
352      SetCpuAbi(env, bclass_id, "CPU_ABI2", env_values->cpu_abi2);
353    } else {
354      // For example in a host test environment.
355      env->ExceptionClear();
356      ALOGW("Could not find Build class.");
357    }
358  }
359
360  if (env_values->os_arch != nullptr) {
361    jclass sclass_id = env->FindClass("java/lang/System");
362    if (sclass_id != nullptr) {
363      jmethodID set_prop_id = env->GetStaticMethodID(sclass_id, "initUnchangeableSystemProperty",
364          "(Ljava/lang/String;Ljava/lang/String;)V");
365      if (set_prop_id != nullptr) {
366        // Init os.arch to the value reqired by the apps running with native bridge.
367        env->CallStaticVoidMethod(sclass_id, set_prop_id, env->NewStringUTF("os.arch"),
368            env->NewStringUTF(env_values->os_arch));
369      } else {
370        env->ExceptionClear();
371        ALOGW("Could not find initUnchangeableSystemProperty method.");
372      }
373    } else {
374      env->ExceptionClear();
375      ALOGW("Could not find System class.");
376    }
377  }
378
379  // Make it pristine again.
380  env->PopLocalFrame(nullptr);
381}
382
383bool InitializeNativeBridge(JNIEnv* env, const char* instruction_set) {
384  // We expect only one place that calls InitializeNativeBridge: Runtime::DidForkFromZygote. At that
385  // point we are not multi-threaded, so we do not need locking here.
386
387  if (state == NativeBridgeState::kPreInitialized) {
388    // Check for code cache: if it doesn't exist try to create it.
389    struct stat st;
390    if (stat(app_code_cache_dir, &st) == -1) {
391      if (errno == ENOENT) {
392        if (mkdir(app_code_cache_dir, S_IRWXU | S_IRWXG | S_IXOTH) == -1) {
393          ALOGE("Cannot create code cache directory %s: %s.", app_code_cache_dir, strerror(errno));
394          CloseNativeBridge(true);
395        }
396      } else {
397        ALOGE("Cannot stat code cache directory %s: %s.", app_code_cache_dir, strerror(errno));
398        CloseNativeBridge(true);
399      }
400    } else if (!S_ISDIR(st.st_mode)) {
401      ALOGE("Code cache is not a directory %s.", app_code_cache_dir);
402      CloseNativeBridge(true);
403    }
404
405    // If we're still PreInitialized (dind't fail the code cache checks) try to initialize.
406    if (state == NativeBridgeState::kPreInitialized) {
407      if (callbacks->initialize(runtime_callbacks, app_code_cache_dir, instruction_set)) {
408        SetupEnvironment(callbacks, env, instruction_set);
409        state = NativeBridgeState::kInitialized;
410        // We no longer need the code cache path, release the memory.
411        delete[] app_code_cache_dir;
412        app_code_cache_dir = nullptr;
413      } else {
414        // Unload the library.
415        dlclose(native_bridge_handle);
416        CloseNativeBridge(true);
417      }
418    }
419  } else {
420    CloseNativeBridge(true);
421  }
422
423  return state == NativeBridgeState::kInitialized;
424}
425
426void UnloadNativeBridge() {
427  // We expect only one place that calls UnloadNativeBridge: Runtime::DidForkFromZygote. At that
428  // point we are not multi-threaded, so we do not need locking here.
429
430  switch(state) {
431    case NativeBridgeState::kOpened:
432    case NativeBridgeState::kPreInitialized:
433    case NativeBridgeState::kInitialized:
434      // Unload.
435      dlclose(native_bridge_handle);
436      CloseNativeBridge(false);
437      break;
438
439    case NativeBridgeState::kNotSetup:
440      // Not even set up. Error.
441      CloseNativeBridge(true);
442      break;
443
444    case NativeBridgeState::kClosed:
445      // Ignore.
446      break;
447  }
448}
449
450bool NativeBridgeError() {
451  return had_error;
452}
453
454bool NativeBridgeAvailable() {
455  return state == NativeBridgeState::kOpened
456      || state == NativeBridgeState::kPreInitialized
457      || state == NativeBridgeState::kInitialized;
458}
459
460bool NativeBridgeInitialized() {
461  // Calls of this are supposed to happen in a state where the native bridge is stable, i.e., after
462  // Runtime::DidForkFromZygote. In that case we do not need a lock.
463  return state == NativeBridgeState::kInitialized;
464}
465
466void* NativeBridgeLoadLibrary(const char* libpath, int flag) {
467  if (NativeBridgeInitialized()) {
468    return callbacks->loadLibrary(libpath, flag);
469  }
470  return nullptr;
471}
472
473void* NativeBridgeGetTrampoline(void* handle, const char* name, const char* shorty,
474                                uint32_t len) {
475  if (NativeBridgeInitialized()) {
476    return callbacks->getTrampoline(handle, name, shorty, len);
477  }
478  return nullptr;
479}
480
481bool NativeBridgeIsSupported(const char* libpath) {
482  if (NativeBridgeInitialized()) {
483    return callbacks->isSupported(libpath);
484  }
485  return false;
486}
487
488};  // namespace android
489