1/*
2** Copyright 2008, The Android Open Source Project
3**
4** Licensed under the Apache License, Version 2.0 (the "License");
5** you may not use this file except in compliance with the License.
6** You may obtain a copy of the License at
7**
8**     http://www.apache.org/licenses/LICENSE-2.0
9**
10** Unless required by applicable law or agreed to in writing, software
11** distributed under the License is distributed on an "AS IS" BASIS,
12** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13** See the License for the specific language governing permissions and
14** limitations under the License.
15*/
16
17#include "installd.h"
18
19#include <base/stringprintf.h>
20#include <base/logging.h>
21
22#define CACHE_NOISY(x) //x
23
24using android::base::StringPrintf;
25
26/**
27 * Check that given string is valid filename, and that it attempts no
28 * parent or child directory traversal.
29 */
30static bool is_valid_filename(const std::string& name) {
31    if (name.empty() || (name == ".") || (name == "..")
32            || (name.find('/') != std::string::npos)) {
33        return false;
34    } else {
35        return true;
36    }
37}
38
39/**
40 * Create the path name where package app contents should be stored for
41 * the given volume UUID and package name.  An empty UUID is assumed to
42 * be internal storage.
43 */
44std::string create_data_app_package_path(const char* volume_uuid,
45        const char* package_name) {
46    CHECK(is_valid_filename(package_name));
47    CHECK(is_valid_package_name(package_name) == 0);
48
49    return StringPrintf("%s/%s",
50            create_data_app_path(volume_uuid).c_str(), package_name);
51}
52
53/**
54 * Create the path name where package data should be stored for the given
55 * volume UUID, package name, and user ID. An empty UUID is assumed to be
56 * internal storage.
57 */
58std::string create_data_user_package_path(const char* volume_uuid,
59        userid_t user, const char* package_name) {
60    CHECK(is_valid_filename(package_name));
61    CHECK(is_valid_package_name(package_name) == 0);
62
63    return StringPrintf("%s/%s",
64            create_data_user_path(volume_uuid, user).c_str(), package_name);
65}
66
67int create_pkg_path(char path[PKG_PATH_MAX], const char *pkgname,
68        const char *postfix, userid_t userid) {
69    if (is_valid_package_name(pkgname) != 0) {
70        path[0] = '\0';
71        return -1;
72    }
73
74    std::string _tmp(create_data_user_package_path(nullptr, userid, pkgname) + postfix);
75    const char* tmp = _tmp.c_str();
76    if (strlen(tmp) >= PKG_PATH_MAX) {
77        path[0] = '\0';
78        return -1;
79    } else {
80        strcpy(path, tmp);
81        return 0;
82    }
83}
84
85std::string create_data_path(const char* volume_uuid) {
86    if (volume_uuid == nullptr) {
87        return "/data";
88    } else {
89        CHECK(is_valid_filename(volume_uuid));
90        return StringPrintf("/mnt/expand/%s", volume_uuid);
91    }
92}
93
94/**
95 * Create the path name for app data.
96 */
97std::string create_data_app_path(const char* volume_uuid) {
98    return StringPrintf("%s/app", create_data_path(volume_uuid).c_str());
99}
100
101/**
102 * Create the path name for user data for a certain userid.
103 */
104std::string create_data_user_path(const char* volume_uuid, userid_t userid) {
105    std::string data(create_data_path(volume_uuid));
106    if (volume_uuid == nullptr) {
107        if (userid == 0) {
108            return StringPrintf("%s/data", data.c_str());
109        } else {
110            return StringPrintf("%s/user/%u", data.c_str(), userid);
111        }
112    } else {
113        return StringPrintf("%s/user/%u", data.c_str(), userid);
114    }
115}
116
117/**
118 * Create the path name for media for a certain userid.
119 */
120std::string create_data_media_path(const char* volume_uuid, userid_t userid) {
121    return StringPrintf("%s/media/%u", create_data_path(volume_uuid).c_str(), userid);
122}
123
124std::vector<userid_t> get_known_users(const char* volume_uuid) {
125    std::vector<userid_t> users;
126
127    // We always have an owner
128    users.push_back(0);
129
130    std::string path(create_data_path(volume_uuid) + "/" + SECONDARY_USER_PREFIX);
131    DIR* dir = opendir(path.c_str());
132    if (dir == NULL) {
133        // Unable to discover other users, but at least return owner
134        PLOG(ERROR) << "Failed to opendir " << path;
135        return users;
136    }
137
138    struct dirent* ent;
139    while ((ent = readdir(dir))) {
140        if (ent->d_type != DT_DIR) {
141            continue;
142        }
143
144        char* end;
145        userid_t user = strtol(ent->d_name, &end, 10);
146        if (*end == '\0' && user != 0) {
147            LOG(DEBUG) << "Found valid user " << user;
148            users.push_back(user);
149        }
150    }
151    closedir(dir);
152
153    return users;
154}
155
156/**
157 * Create the path name for config for a certain userid.
158 * Returns 0 on success, and -1 on failure.
159 */
160int create_user_config_path(char path[PATH_MAX], userid_t userid) {
161    if (snprintf(path, PATH_MAX, "%s%d", "/data/misc/user/", userid) > PATH_MAX) {
162        return -1;
163    }
164    return 0;
165}
166
167int create_move_path(char path[PKG_PATH_MAX],
168    const char* pkgname,
169    const char* leaf,
170    userid_t userid __unused)
171{
172    if ((android_data_dir.len + strlen(PRIMARY_USER_PREFIX) + strlen(pkgname) + strlen(leaf) + 1)
173            >= PKG_PATH_MAX) {
174        return -1;
175    }
176
177    sprintf(path, "%s%s%s/%s", android_data_dir.path, PRIMARY_USER_PREFIX, pkgname, leaf);
178    return 0;
179}
180
181/**
182 * Checks whether the package name is valid. Returns -1 on error and
183 * 0 on success.
184 */
185int is_valid_package_name(const char* pkgname) {
186    const char *x = pkgname;
187    int alpha = -1;
188
189    if (strlen(pkgname) > PKG_NAME_MAX) {
190        return -1;
191    }
192
193    while (*x) {
194        if (isalnum(*x) || (*x == '_')) {
195                /* alphanumeric or underscore are fine */
196        } else if (*x == '.') {
197            if ((x == pkgname) || (x[1] == '.') || (x[1] == 0)) {
198                    /* periods must not be first, last, or doubled */
199                ALOGE("invalid package name '%s'\n", pkgname);
200                return -1;
201            }
202        } else if (*x == '-') {
203            /* Suffix -X is fine to let versioning of packages.
204               But whatever follows should be alphanumeric.*/
205            alpha = 1;
206        } else {
207                /* anything not A-Z, a-z, 0-9, _, or . is invalid */
208            ALOGE("invalid package name '%s'\n", pkgname);
209            return -1;
210        }
211
212        x++;
213    }
214
215    if (alpha == 1) {
216        // Skip current character
217        x++;
218        while (*x) {
219            if (!isalnum(*x)) {
220                ALOGE("invalid package name '%s' should include only numbers after -\n", pkgname);
221                return -1;
222            }
223            x++;
224        }
225    }
226
227    return 0;
228}
229
230static int _delete_dir_contents(DIR *d,
231                                int (*exclusion_predicate)(const char *name, const int is_dir))
232{
233    int result = 0;
234    struct dirent *de;
235    int dfd;
236
237    dfd = dirfd(d);
238
239    if (dfd < 0) return -1;
240
241    while ((de = readdir(d))) {
242        const char *name = de->d_name;
243
244            /* check using the exclusion predicate, if provided */
245        if (exclusion_predicate && exclusion_predicate(name, (de->d_type == DT_DIR))) {
246            continue;
247        }
248
249        if (de->d_type == DT_DIR) {
250            int subfd;
251            DIR *subdir;
252
253                /* always skip "." and ".." */
254            if (name[0] == '.') {
255                if (name[1] == 0) continue;
256                if ((name[1] == '.') && (name[2] == 0)) continue;
257            }
258
259            subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
260            if (subfd < 0) {
261                ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
262                result = -1;
263                continue;
264            }
265            subdir = fdopendir(subfd);
266            if (subdir == NULL) {
267                ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
268                close(subfd);
269                result = -1;
270                continue;
271            }
272            if (_delete_dir_contents(subdir, exclusion_predicate)) {
273                result = -1;
274            }
275            closedir(subdir);
276            if (unlinkat(dfd, name, AT_REMOVEDIR) < 0) {
277                ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
278                result = -1;
279            }
280        } else {
281            if (unlinkat(dfd, name, 0) < 0) {
282                ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
283                result = -1;
284            }
285        }
286    }
287
288    return result;
289}
290
291int delete_dir_contents(const char *pathname,
292                        int also_delete_dir,
293                        int (*exclusion_predicate)(const char*, const int))
294{
295    int res = 0;
296    DIR *d;
297
298    d = opendir(pathname);
299    if (d == NULL) {
300        ALOGE("Couldn't opendir %s: %s\n", pathname, strerror(errno));
301        return -errno;
302    }
303    res = _delete_dir_contents(d, exclusion_predicate);
304    closedir(d);
305    if (also_delete_dir) {
306        if (rmdir(pathname)) {
307            ALOGE("Couldn't rmdir %s: %s\n", pathname, strerror(errno));
308            res = -1;
309        }
310    }
311    return res;
312}
313
314int delete_dir_contents_fd(int dfd, const char *name)
315{
316    int fd, res;
317    DIR *d;
318
319    fd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
320    if (fd < 0) {
321        ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
322        return -1;
323    }
324    d = fdopendir(fd);
325    if (d == NULL) {
326        ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
327        close(fd);
328        return -1;
329    }
330    res = _delete_dir_contents(d, 0);
331    closedir(d);
332    return res;
333}
334
335static int _copy_owner_permissions(int srcfd, int dstfd)
336{
337    struct stat st;
338    if (fstat(srcfd, &st) != 0) {
339        return -1;
340    }
341    if (fchmod(dstfd, st.st_mode) != 0) {
342        return -1;
343    }
344    return 0;
345}
346
347static int _copy_dir_files(int sdfd, int ddfd, uid_t owner, gid_t group)
348{
349    int result = 0;
350    if (_copy_owner_permissions(sdfd, ddfd) != 0) {
351        ALOGE("_copy_dir_files failed to copy dir permissions\n");
352    }
353    if (fchown(ddfd, owner, group) != 0) {
354        ALOGE("_copy_dir_files failed to change dir owner\n");
355    }
356
357    DIR *ds = fdopendir(sdfd);
358    if (ds == NULL) {
359        ALOGE("Couldn't fdopendir: %s\n", strerror(errno));
360        return -1;
361    }
362    struct dirent *de;
363    while ((de = readdir(ds))) {
364        if (de->d_type != DT_REG) {
365            continue;
366        }
367
368        const char *name = de->d_name;
369        int fsfd = openat(sdfd, name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
370        int fdfd = openat(ddfd, name, O_WRONLY | O_NOFOLLOW | O_CLOEXEC | O_CREAT, 0600);
371        if (fsfd == -1 || fdfd == -1) {
372            ALOGW("Couldn't copy %s: %s\n", name, strerror(errno));
373        } else {
374            if (_copy_owner_permissions(fsfd, fdfd) != 0) {
375                ALOGE("Failed to change file permissions\n");
376            }
377            if (fchown(fdfd, owner, group) != 0) {
378                ALOGE("Failed to change file owner\n");
379            }
380
381            char buf[8192];
382            ssize_t size;
383            while ((size = read(fsfd, buf, sizeof(buf))) > 0) {
384                write(fdfd, buf, size);
385            }
386            if (size < 0) {
387                ALOGW("Couldn't copy %s: %s\n", name, strerror(errno));
388                result = -1;
389            }
390        }
391        close(fdfd);
392        close(fsfd);
393    }
394
395    return result;
396}
397
398int copy_dir_files(const char *srcname,
399                   const char *dstname,
400                   uid_t owner,
401                   uid_t group)
402{
403    int res = 0;
404    DIR *ds = NULL;
405    DIR *dd = NULL;
406
407    ds = opendir(srcname);
408    if (ds == NULL) {
409        ALOGE("Couldn't opendir %s: %s\n", srcname, strerror(errno));
410        return -errno;
411    }
412
413    mkdir(dstname, 0600);
414    dd = opendir(dstname);
415    if (dd == NULL) {
416        ALOGE("Couldn't opendir %s: %s\n", dstname, strerror(errno));
417        closedir(ds);
418        return -errno;
419    }
420
421    int sdfd = dirfd(ds);
422    int ddfd = dirfd(dd);
423    if (sdfd != -1 && ddfd != -1) {
424        res = _copy_dir_files(sdfd, ddfd, owner, group);
425    } else {
426        res = -errno;
427    }
428    closedir(dd);
429    closedir(ds);
430    return res;
431}
432
433int lookup_media_dir(char basepath[PATH_MAX], const char *dir)
434{
435    DIR *d;
436    struct dirent *de;
437    struct stat s;
438    char* dirpos = basepath + strlen(basepath);
439
440    if ((*(dirpos-1)) != '/') {
441        *dirpos = '/';
442        dirpos++;
443    }
444
445    CACHE_NOISY(ALOGI("Looking up %s in %s\n", dir, basepath));
446    // Verify the path won't extend beyond our buffer, to avoid
447    // repeated checking later.
448    if ((dirpos-basepath+strlen(dir)) >= (PATH_MAX-1)) {
449        ALOGW("Path exceeds limit: %s%s", basepath, dir);
450        return -1;
451    }
452
453    // First, can we find this directory with the case that is given?
454    strcpy(dirpos, dir);
455    if (stat(basepath, &s) >= 0) {
456        CACHE_NOISY(ALOGI("Found direct: %s\n", basepath));
457        return 0;
458    }
459
460    // Not found with that case...  search through all entries to find
461    // one that matches regardless of case.
462    *dirpos = 0;
463
464    d = opendir(basepath);
465    if (d == NULL) {
466        return -1;
467    }
468
469    while ((de = readdir(d))) {
470        if (strcasecmp(de->d_name, dir) == 0) {
471            strcpy(dirpos, de->d_name);
472            closedir(d);
473            CACHE_NOISY(ALOGI("Found search: %s\n", basepath));
474            return 0;
475        }
476    }
477
478    ALOGW("Couldn't find %s in %s", dir, basepath);
479    closedir(d);
480    return -1;
481}
482
483int64_t data_disk_free(const std::string& data_path)
484{
485    struct statfs sfs;
486    if (statfs(data_path.c_str(), &sfs) == 0) {
487        return sfs.f_bavail * sfs.f_bsize;
488    } else {
489        PLOG(ERROR) << "Couldn't statfs " << data_path;
490        return -1;
491    }
492}
493
494cache_t* start_cache_collection()
495{
496    cache_t* cache = (cache_t*)calloc(1, sizeof(cache_t));
497    return cache;
498}
499
500#define CACHE_BLOCK_SIZE (512*1024)
501
502static void* _cache_malloc(cache_t* cache, size_t len)
503{
504    len = (len+3)&~3;
505    if (len > (CACHE_BLOCK_SIZE/2)) {
506        // It doesn't make sense to try to put this allocation into one
507        // of our blocks, because it is so big.  Instead, make a new dedicated
508        // block for it.
509        int8_t* res = (int8_t*)malloc(len+sizeof(void*));
510        if (res == NULL) {
511            return NULL;
512        }
513        CACHE_NOISY(ALOGI("Allocated large cache mem block: %p size %d", res, len));
514        // Link it into our list of blocks, not disrupting the current one.
515        if (cache->memBlocks == NULL) {
516            *(void**)res = NULL;
517            cache->memBlocks = res;
518        } else {
519            *(void**)res = *(void**)cache->memBlocks;
520            *(void**)cache->memBlocks = res;
521        }
522        return res + sizeof(void*);
523    }
524    int8_t* res = cache->curMemBlockAvail;
525    int8_t* nextPos = res + len;
526    if (cache->memBlocks == NULL || nextPos > cache->curMemBlockEnd) {
527        int8_t* newBlock = (int8_t*) malloc(CACHE_BLOCK_SIZE);
528        if (newBlock == NULL) {
529            return NULL;
530        }
531        CACHE_NOISY(ALOGI("Allocated new cache mem block: %p", newBlock));
532        *(void**)newBlock = cache->memBlocks;
533        cache->memBlocks = newBlock;
534        res = cache->curMemBlockAvail = newBlock + sizeof(void*);
535        cache->curMemBlockEnd = newBlock + CACHE_BLOCK_SIZE;
536        nextPos = res + len;
537    }
538    CACHE_NOISY(ALOGI("cache_malloc: ret %p size %d, block=%p, nextPos=%p",
539            res, len, cache->memBlocks, nextPos));
540    cache->curMemBlockAvail = nextPos;
541    return res;
542}
543
544static void* _cache_realloc(cache_t* cache, void* cur, size_t origLen, size_t len)
545{
546    // This isn't really a realloc, but it is good enough for our purposes here.
547    void* alloc = _cache_malloc(cache, len);
548    if (alloc != NULL && cur != NULL) {
549        memcpy(alloc, cur, origLen < len ? origLen : len);
550    }
551    return alloc;
552}
553
554static void _inc_num_cache_collected(cache_t* cache)
555{
556    cache->numCollected++;
557    if ((cache->numCollected%20000) == 0) {
558        ALOGI("Collected cache so far: %zd directories, %zd files",
559            cache->numDirs, cache->numFiles);
560    }
561}
562
563static cache_dir_t* _add_cache_dir_t(cache_t* cache, cache_dir_t* parent, const char *name)
564{
565    size_t nameLen = strlen(name);
566    cache_dir_t* dir = (cache_dir_t*)_cache_malloc(cache, sizeof(cache_dir_t)+nameLen+1);
567    if (dir != NULL) {
568        dir->parent = parent;
569        dir->childCount = 0;
570        dir->hiddenCount = 0;
571        dir->deleted = 0;
572        strcpy(dir->name, name);
573        if (cache->numDirs >= cache->availDirs) {
574            size_t newAvail = cache->availDirs < 1000 ? 1000 : cache->availDirs*2;
575            cache_dir_t** newDirs = (cache_dir_t**)_cache_realloc(cache, cache->dirs,
576                    cache->availDirs*sizeof(cache_dir_t*), newAvail*sizeof(cache_dir_t*));
577            if (newDirs == NULL) {
578                ALOGE("Failure growing cache dirs array for %s\n", name);
579                return NULL;
580            }
581            cache->availDirs = newAvail;
582            cache->dirs = newDirs;
583        }
584        cache->dirs[cache->numDirs] = dir;
585        cache->numDirs++;
586        if (parent != NULL) {
587            parent->childCount++;
588        }
589        _inc_num_cache_collected(cache);
590    } else {
591        ALOGE("Failure allocating cache_dir_t for %s\n", name);
592    }
593    return dir;
594}
595
596static cache_file_t* _add_cache_file_t(cache_t* cache, cache_dir_t* dir, time_t modTime,
597        const char *name)
598{
599    size_t nameLen = strlen(name);
600    cache_file_t* file = (cache_file_t*)_cache_malloc(cache, sizeof(cache_file_t)+nameLen+1);
601    if (file != NULL) {
602        file->dir = dir;
603        file->modTime = modTime;
604        strcpy(file->name, name);
605        if (cache->numFiles >= cache->availFiles) {
606            size_t newAvail = cache->availFiles < 1000 ? 1000 : cache->availFiles*2;
607            cache_file_t** newFiles = (cache_file_t**)_cache_realloc(cache, cache->files,
608                    cache->availFiles*sizeof(cache_file_t*), newAvail*sizeof(cache_file_t*));
609            if (newFiles == NULL) {
610                ALOGE("Failure growing cache file array for %s\n", name);
611                return NULL;
612            }
613            cache->availFiles = newAvail;
614            cache->files = newFiles;
615        }
616        CACHE_NOISY(ALOGI("Setting file %p at position %d in array %p", file,
617                cache->numFiles, cache->files));
618        cache->files[cache->numFiles] = file;
619        cache->numFiles++;
620        dir->childCount++;
621        _inc_num_cache_collected(cache);
622    } else {
623        ALOGE("Failure allocating cache_file_t for %s\n", name);
624    }
625    return file;
626}
627
628static int _add_cache_files(cache_t *cache, cache_dir_t *parentDir, const char *dirName,
629        DIR* dir, char *pathBase, char *pathPos, size_t pathAvailLen)
630{
631    struct dirent *de;
632    cache_dir_t* cacheDir = NULL;
633    int dfd;
634
635    CACHE_NOISY(ALOGI("_add_cache_files: parent=%p dirName=%s dir=%p pathBase=%s",
636            parentDir, dirName, dir, pathBase));
637
638    dfd = dirfd(dir);
639
640    if (dfd < 0) return 0;
641
642    // Sub-directories always get added to the data structure, so if they
643    // are empty we will know about them to delete them later.
644    cacheDir = _add_cache_dir_t(cache, parentDir, dirName);
645
646    while ((de = readdir(dir))) {
647        const char *name = de->d_name;
648
649        if (de->d_type == DT_DIR) {
650            int subfd;
651            DIR *subdir;
652
653                /* always skip "." and ".." */
654            if (name[0] == '.') {
655                if (name[1] == 0) continue;
656                if ((name[1] == '.') && (name[2] == 0)) continue;
657            }
658
659            subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
660            if (subfd < 0) {
661                ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
662                continue;
663            }
664            subdir = fdopendir(subfd);
665            if (subdir == NULL) {
666                ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
667                close(subfd);
668                continue;
669            }
670            if (cacheDir == NULL) {
671                cacheDir = _add_cache_dir_t(cache, parentDir, dirName);
672            }
673            if (cacheDir != NULL) {
674                // Update pathBase for the new path...  this may change dirName
675                // if that is also pointing to the path, but we are done with it
676                // now.
677                size_t finallen = snprintf(pathPos, pathAvailLen, "/%s", name);
678                CACHE_NOISY(ALOGI("Collecting dir %s\n", pathBase));
679                if (finallen < pathAvailLen) {
680                    _add_cache_files(cache, cacheDir, name, subdir, pathBase,
681                            pathPos+finallen, pathAvailLen-finallen);
682                } else {
683                    // Whoops, the final path is too long!  We'll just delete
684                    // this directory.
685                    ALOGW("Cache dir %s truncated in path %s; deleting dir\n",
686                            name, pathBase);
687                    _delete_dir_contents(subdir, NULL);
688                    if (unlinkat(dfd, name, AT_REMOVEDIR) < 0) {
689                        ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
690                    }
691                }
692            }
693            closedir(subdir);
694        } else if (de->d_type == DT_REG) {
695            // Skip files that start with '.'; they will be deleted if
696            // their entire directory is deleted.  This allows for metadata
697            // like ".nomedia" to remain in the directory until the entire
698            // directory is deleted.
699            if (cacheDir == NULL) {
700                cacheDir = _add_cache_dir_t(cache, parentDir, dirName);
701            }
702            if (name[0] == '.') {
703                cacheDir->hiddenCount++;
704                continue;
705            }
706            if (cacheDir != NULL) {
707                // Build final full path for file...  this may change dirName
708                // if that is also pointing to the path, but we are done with it
709                // now.
710                size_t finallen = snprintf(pathPos, pathAvailLen, "/%s", name);
711                CACHE_NOISY(ALOGI("Collecting file %s\n", pathBase));
712                if (finallen < pathAvailLen) {
713                    struct stat s;
714                    if (stat(pathBase, &s) >= 0) {
715                        _add_cache_file_t(cache, cacheDir, s.st_mtime, name);
716                    } else {
717                        ALOGW("Unable to stat cache file %s; deleting\n", pathBase);
718                        if (unlink(pathBase) < 0) {
719                            ALOGE("Couldn't unlink %s: %s\n", pathBase, strerror(errno));
720                        }
721                    }
722                } else {
723                    // Whoops, the final path is too long!  We'll just delete
724                    // this file.
725                    ALOGW("Cache file %s truncated in path %s; deleting\n",
726                            name, pathBase);
727                    if (unlinkat(dfd, name, 0) < 0) {
728                        *pathPos = 0;
729                        ALOGE("Couldn't unlinkat %s in %s: %s\n", name, pathBase,
730                                strerror(errno));
731                    }
732                }
733            }
734        } else {
735            cacheDir->hiddenCount++;
736        }
737    }
738    return 0;
739}
740
741void add_cache_files(cache_t* cache, const char *basepath, const char *cachedir)
742{
743    DIR *d;
744    struct dirent *de;
745    char dirname[PATH_MAX];
746
747    CACHE_NOISY(ALOGI("add_cache_files: base=%s cachedir=%s\n", basepath, cachedir));
748
749    d = opendir(basepath);
750    if (d == NULL) {
751        return;
752    }
753
754    while ((de = readdir(d))) {
755        if (de->d_type == DT_DIR) {
756            DIR* subdir;
757            const char *name = de->d_name;
758            char* pathpos;
759
760                /* always skip "." and ".." */
761            if (name[0] == '.') {
762                if (name[1] == 0) continue;
763                if ((name[1] == '.') && (name[2] == 0)) continue;
764            }
765
766            strcpy(dirname, basepath);
767            pathpos = dirname + strlen(dirname);
768            if ((*(pathpos-1)) != '/') {
769                *pathpos = '/';
770                pathpos++;
771                *pathpos = 0;
772            }
773            if (cachedir != NULL) {
774                snprintf(pathpos, sizeof(dirname)-(pathpos-dirname), "%s/%s", name, cachedir);
775            } else {
776                snprintf(pathpos, sizeof(dirname)-(pathpos-dirname), "%s", name);
777            }
778            CACHE_NOISY(ALOGI("Adding cache files from dir: %s\n", dirname));
779            subdir = opendir(dirname);
780            if (subdir != NULL) {
781                size_t dirnameLen = strlen(dirname);
782                _add_cache_files(cache, NULL, dirname, subdir, dirname, dirname+dirnameLen,
783                        PATH_MAX - dirnameLen);
784                closedir(subdir);
785            }
786        }
787    }
788
789    closedir(d);
790}
791
792static char *create_dir_path(char path[PATH_MAX], cache_dir_t* dir)
793{
794    char *pos = path;
795    if (dir->parent != NULL) {
796        pos = create_dir_path(path, dir->parent);
797    }
798    // Note that we don't need to worry about going beyond the buffer,
799    // since when we were constructing the cache entries our maximum
800    // buffer size for full paths was PATH_MAX.
801    strcpy(pos, dir->name);
802    pos += strlen(pos);
803    *pos = '/';
804    pos++;
805    *pos = 0;
806    return pos;
807}
808
809static void delete_cache_dir(char path[PATH_MAX], cache_dir_t* dir)
810{
811    if (dir->parent != NULL) {
812        create_dir_path(path, dir);
813        ALOGI("DEL DIR %s\n", path);
814        if (dir->hiddenCount <= 0) {
815            if (rmdir(path)) {
816                ALOGE("Couldn't rmdir %s: %s\n", path, strerror(errno));
817                return;
818            }
819        } else {
820            // The directory contains hidden files so we need to delete
821            // them along with the directory itself.
822            if (delete_dir_contents(path, 1, NULL)) {
823                return;
824            }
825        }
826        dir->parent->childCount--;
827        dir->deleted = 1;
828        if (dir->parent->childCount <= 0) {
829            delete_cache_dir(path, dir->parent);
830        }
831    } else if (dir->hiddenCount > 0) {
832        // This is a root directory, but it has hidden files.  Get rid of
833        // all of those files, but not the directory itself.
834        create_dir_path(path, dir);
835        ALOGI("DEL CONTENTS %s\n", path);
836        delete_dir_contents(path, 0, NULL);
837    }
838}
839
840static int cache_modtime_sort(const void *lhsP, const void *rhsP)
841{
842    const cache_file_t *lhs = *(const cache_file_t**)lhsP;
843    const cache_file_t *rhs = *(const cache_file_t**)rhsP;
844    return lhs->modTime < rhs->modTime ? -1 : (lhs->modTime > rhs->modTime ? 1 : 0);
845}
846
847void clear_cache_files(const std::string& data_path, cache_t* cache, int64_t free_size)
848{
849    size_t i;
850    int skip = 0;
851    char path[PATH_MAX];
852
853    ALOGI("Collected cache files: %zd directories, %zd files",
854        cache->numDirs, cache->numFiles);
855
856    CACHE_NOISY(ALOGI("Sorting files..."));
857    qsort(cache->files, cache->numFiles, sizeof(cache_file_t*),
858            cache_modtime_sort);
859
860    CACHE_NOISY(ALOGI("Cleaning empty directories..."));
861    for (i=cache->numDirs; i>0; i--) {
862        cache_dir_t* dir = cache->dirs[i-1];
863        if (dir->childCount <= 0 && !dir->deleted) {
864            delete_cache_dir(path, dir);
865        }
866    }
867
868    CACHE_NOISY(ALOGI("Trimming files..."));
869    for (i=0; i<cache->numFiles; i++) {
870        skip++;
871        if (skip > 10) {
872            if (data_disk_free(data_path) > free_size) {
873                return;
874            }
875            skip = 0;
876        }
877        cache_file_t* file = cache->files[i];
878        strcpy(create_dir_path(path, file->dir), file->name);
879        ALOGI("DEL (mod %d) %s\n", (int)file->modTime, path);
880        if (unlink(path) < 0) {
881            ALOGE("Couldn't unlink %s: %s\n", path, strerror(errno));
882        }
883        file->dir->childCount--;
884        if (file->dir->childCount <= 0) {
885            delete_cache_dir(path, file->dir);
886        }
887    }
888}
889
890void finish_cache_collection(cache_t* cache)
891{
892    CACHE_NOISY(size_t i;)
893
894    CACHE_NOISY(ALOGI("clear_cache_files: %d dirs, %d files\n", cache->numDirs, cache->numFiles));
895    CACHE_NOISY(
896        for (i=0; i<cache->numDirs; i++) {
897            cache_dir_t* dir = cache->dirs[i];
898            ALOGI("dir #%d: %p %s parent=%p\n", i, dir, dir->name, dir->parent);
899        })
900    CACHE_NOISY(
901        for (i=0; i<cache->numFiles; i++) {
902            cache_file_t* file = cache->files[i];
903            ALOGI("file #%d: %p %s time=%d dir=%p\n", i, file, file->name,
904                    (int)file->modTime, file->dir);
905        })
906    void* block = cache->memBlocks;
907    while (block != NULL) {
908        void* nextBlock = *(void**)block;
909        CACHE_NOISY(ALOGI("Freeing cache mem block: %p", block));
910        free(block);
911        block = nextBlock;
912    }
913    free(cache);
914}
915
916/**
917 * Validate that the path is valid in the context of the provided directory.
918 * The path is allowed to have at most one subdirectory and no indirections
919 * to top level directories (i.e. have "..").
920 */
921static int validate_path(const dir_rec_t* dir, const char* path, int maxSubdirs) {
922    size_t dir_len = dir->len;
923    const char* subdir = strchr(path + dir_len, '/');
924
925    // Only allow the path to have at most one subdirectory.
926    if (subdir != NULL) {
927        ++subdir;
928        if ((--maxSubdirs == 0) && strchr(subdir, '/') != NULL) {
929            ALOGE("invalid apk path '%s' (subdir?)\n", path);
930            return -1;
931        }
932    }
933
934    // Directories can't have a period directly after the directory markers to prevent "..".
935    if ((path[dir_len] == '.') || ((subdir != NULL) && (*subdir == '.'))) {
936        ALOGE("invalid apk path '%s' (trickery)\n", path);
937        return -1;
938    }
939
940    return 0;
941}
942
943/**
944 * Checks whether a path points to a system app (.apk file). Returns 0
945 * if it is a system app or -1 if it is not.
946 */
947int validate_system_app_path(const char* path) {
948    size_t i;
949
950    for (i = 0; i < android_system_dirs.count; i++) {
951        const size_t dir_len = android_system_dirs.dirs[i].len;
952        if (!strncmp(path, android_system_dirs.dirs[i].path, dir_len)) {
953            return validate_path(android_system_dirs.dirs + i, path, 1);
954        }
955    }
956
957    return -1;
958}
959
960/**
961 * Get the contents of a environment variable that contains a path. Caller
962 * owns the string that is inserted into the directory record. Returns
963 * 0 on success and -1 on error.
964 */
965int get_path_from_env(dir_rec_t* rec, const char* var) {
966    const char* path = getenv(var);
967    int ret = get_path_from_string(rec, path);
968    if (ret < 0) {
969        ALOGW("Problem finding value for environment variable %s\n", var);
970    }
971    return ret;
972}
973
974/**
975 * Puts the string into the record as a directory. Appends '/' to the end
976 * of all paths. Caller owns the string that is inserted into the directory
977 * record. A null value will result in an error.
978 *
979 * Returns 0 on success and -1 on error.
980 */
981int get_path_from_string(dir_rec_t* rec, const char* path) {
982    if (path == NULL) {
983        return -1;
984    } else {
985        const size_t path_len = strlen(path);
986        if (path_len <= 0) {
987            return -1;
988        }
989
990        // Make sure path is absolute.
991        if (path[0] != '/') {
992            return -1;
993        }
994
995        if (path[path_len - 1] == '/') {
996            // Path ends with a forward slash. Make our own copy.
997
998            rec->path = strdup(path);
999            if (rec->path == NULL) {
1000                return -1;
1001            }
1002
1003            rec->len = path_len;
1004        } else {
1005            // Path does not end with a slash. Generate a new string.
1006            char *dst;
1007
1008            // Add space for slash and terminating null.
1009            size_t dst_size = path_len + 2;
1010
1011            rec->path = (char*) malloc(dst_size);
1012            if (rec->path == NULL) {
1013                return -1;
1014            }
1015
1016            dst = rec->path;
1017
1018            if (append_and_increment(&dst, path, &dst_size) < 0
1019                    || append_and_increment(&dst, "/", &dst_size)) {
1020                ALOGE("Error canonicalizing path");
1021                return -1;
1022            }
1023
1024            rec->len = dst - rec->path;
1025        }
1026    }
1027    return 0;
1028}
1029
1030int copy_and_append(dir_rec_t* dst, const dir_rec_t* src, const char* suffix) {
1031    dst->len = src->len + strlen(suffix);
1032    const size_t dstSize = dst->len + 1;
1033    dst->path = (char*) malloc(dstSize);
1034
1035    if (dst->path == NULL
1036            || snprintf(dst->path, dstSize, "%s%s", src->path, suffix)
1037                    != (ssize_t) dst->len) {
1038        ALOGE("Could not allocate memory to hold appended path; aborting\n");
1039        return -1;
1040    }
1041
1042    return 0;
1043}
1044
1045/**
1046 * Check whether path points to a valid path for an APK file. The path must
1047 * begin with a whitelisted prefix path and must be no deeper than |maxSubdirs| within
1048 * that path. Returns -1 when an invalid path is encountered and 0 when a valid path
1049 * is encountered.
1050 */
1051static int validate_apk_path_internal(const char *path, int maxSubdirs) {
1052    const dir_rec_t* dir = NULL;
1053    if (!strncmp(path, android_app_dir.path, android_app_dir.len)) {
1054        dir = &android_app_dir;
1055    } else if (!strncmp(path, android_app_private_dir.path, android_app_private_dir.len)) {
1056        dir = &android_app_private_dir;
1057    } else if (!strncmp(path, android_asec_dir.path, android_asec_dir.len)) {
1058        dir = &android_asec_dir;
1059    } else if (!strncmp(path, android_mnt_expand_dir.path, android_mnt_expand_dir.len)) {
1060        dir = &android_mnt_expand_dir;
1061        if (maxSubdirs < 2) {
1062            maxSubdirs = 2;
1063        }
1064    } else {
1065        return -1;
1066    }
1067
1068    return validate_path(dir, path, maxSubdirs);
1069}
1070
1071int validate_apk_path(const char* path) {
1072    return validate_apk_path_internal(path, 1 /* maxSubdirs */);
1073}
1074
1075int validate_apk_path_subdirs(const char* path) {
1076    return validate_apk_path_internal(path, 3 /* maxSubdirs */);
1077}
1078
1079int append_and_increment(char** dst, const char* src, size_t* dst_size) {
1080    ssize_t ret = strlcpy(*dst, src, *dst_size);
1081    if (ret < 0 || (size_t) ret >= *dst_size) {
1082        return -1;
1083    }
1084    *dst += ret;
1085    *dst_size -= ret;
1086    return 0;
1087}
1088
1089char *build_string2(const char *s1, const char *s2) {
1090    if (s1 == NULL || s2 == NULL) return NULL;
1091
1092    int len_s1 = strlen(s1);
1093    int len_s2 = strlen(s2);
1094    int len = len_s1 + len_s2 + 1;
1095    char *result = (char *) malloc(len);
1096    if (result == NULL) return NULL;
1097
1098    strcpy(result, s1);
1099    strcpy(result + len_s1, s2);
1100
1101    return result;
1102}
1103
1104char *build_string3(const char *s1, const char *s2, const char *s3) {
1105    if (s1 == NULL || s2 == NULL || s3 == NULL) return NULL;
1106
1107    int len_s1 = strlen(s1);
1108    int len_s2 = strlen(s2);
1109    int len_s3 = strlen(s3);
1110    int len = len_s1 + len_s2 + len_s3 + 1;
1111    char *result = (char *) malloc(len);
1112    if (result == NULL) return NULL;
1113
1114    strcpy(result, s1);
1115    strcpy(result + len_s1, s2);
1116    strcpy(result + len_s1 + len_s2, s3);
1117
1118    return result;
1119}
1120
1121/* Ensure that /data/media directories are prepared for given user. */
1122int ensure_media_user_dirs(const char* uuid, userid_t userid) {
1123    std::string media_user_path(create_data_media_path(uuid, userid));
1124    if (fs_prepare_dir(media_user_path.c_str(), 0770, AID_MEDIA_RW, AID_MEDIA_RW) == -1) {
1125        return -1;
1126    }
1127
1128    return 0;
1129}
1130
1131int ensure_config_user_dirs(userid_t userid) {
1132    char config_user_path[PATH_MAX];
1133
1134    // writable by system, readable by any app within the same user
1135    const int uid = multiuser_get_uid(userid, AID_SYSTEM);
1136    const int gid = multiuser_get_uid(userid, AID_EVERYBODY);
1137
1138    // Ensure /data/misc/user/<userid> exists
1139    create_user_config_path(config_user_path, userid);
1140    if (fs_prepare_dir(config_user_path, 0750, uid, gid) == -1) {
1141        return -1;
1142    }
1143
1144   return 0;
1145}
1146
1147int create_profile_file(const char *pkgname, gid_t gid) {
1148    const char *profile_dir = DALVIK_CACHE_PREFIX "profiles";
1149    char profile_file[PKG_PATH_MAX];
1150
1151    snprintf(profile_file, sizeof(profile_file), "%s/%s", profile_dir, pkgname);
1152
1153    // The 'system' user needs to be able to read the profile to determine if dex2oat
1154    // needs to be run.  This is done in dalvik.system.DexFile.isDexOptNeededInternal().  So
1155    // we assign ownership to AID_SYSTEM and ensure it's not world-readable.
1156
1157    int fd = open(profile_file, O_WRONLY | O_CREAT | O_NOFOLLOW | O_CLOEXEC, 0660);
1158
1159    // Always set the uid/gid/permissions. The file could have been previously created
1160    // with different permissions.
1161    if (fd >= 0) {
1162        if (fchown(fd, AID_SYSTEM, gid) < 0) {
1163            ALOGE("cannot chown profile file '%s': %s\n", profile_file, strerror(errno));
1164            close(fd);
1165            unlink(profile_file);
1166            return -1;
1167        }
1168
1169        if (fchmod(fd, 0660) < 0) {
1170            ALOGE("cannot chmod profile file '%s': %s\n", profile_file, strerror(errno));
1171            close(fd);
1172            unlink(profile_file);
1173            return -1;
1174        }
1175        close(fd);
1176    }
1177    return 0;
1178}
1179
1180void remove_profile_file(const char *pkgname) {
1181    char profile_file[PKG_PATH_MAX];
1182    snprintf(profile_file, sizeof(profile_file), "%s/%s", DALVIK_CACHE_PREFIX "profiles", pkgname);
1183    unlink(profile_file);
1184}
1185