1/* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#ifndef ART_RUNTIME_GC_SPACE_IMAGE_SPACE_FS_H_ 18#define ART_RUNTIME_GC_SPACE_IMAGE_SPACE_FS_H_ 19 20#include <dirent.h> 21#include <dlfcn.h> 22 23#include "base/logging.h" 24#include "base/macros.h" 25#include "base/stringprintf.h" 26#include "base/unix_file/fd_file.h" 27#include "globals.h" 28#include "os.h" 29#include "runtime.h" 30#include "utils.h" 31 32namespace art { 33namespace gc { 34namespace space { 35 36// This file contains helper code for ImageSpace. It has most of the file-system 37// related code, including handling A/B OTA. 38 39namespace impl { 40 41// Delete the directory and its (regular or link) contents. If the recurse flag is true, delete 42// sub-directories recursively. 43static void DeleteDirectoryContents(const std::string& dir, bool recurse) { 44 if (!OS::DirectoryExists(dir.c_str())) { 45 return; 46 } 47 DIR* c_dir = opendir(dir.c_str()); 48 if (c_dir == nullptr) { 49 PLOG(WARNING) << "Unable to open " << dir << " to delete it's contents"; 50 return; 51 } 52 53 for (struct dirent* de = readdir(c_dir); de != nullptr; de = readdir(c_dir)) { 54 const char* name = de->d_name; 55 if (strcmp(name, ".") == 0 || strcmp(name, "..") == 0) { 56 continue; 57 } 58 // We only want to delete regular files and symbolic links. 59 std::string file = StringPrintf("%s/%s", dir.c_str(), name); 60 if (de->d_type != DT_REG && de->d_type != DT_LNK) { 61 if (de->d_type == DT_DIR) { 62 if (recurse) { 63 DeleteDirectoryContents(file, recurse); 64 // Try to rmdir the directory. 65 if (rmdir(file.c_str()) != 0) { 66 PLOG(ERROR) << "Unable to rmdir " << file; 67 } 68 } 69 } else { 70 LOG(WARNING) << "Unexpected file type of " << std::hex << de->d_type << " encountered."; 71 } 72 } else { 73 // Try to unlink the file. 74 if (unlink(file.c_str()) != 0) { 75 PLOG(ERROR) << "Unable to unlink " << file; 76 } 77 } 78 } 79 CHECK_EQ(0, closedir(c_dir)) << "Unable to close directory."; 80} 81 82static bool HasContent(const char* dir) { 83 if (!OS::DirectoryExists(dir)) { 84 return false; 85 } 86 DIR* c_dir = opendir(dir); 87 if (c_dir == nullptr) { 88 PLOG(WARNING) << "Unable to open " << dir << " to delete it if empty"; 89 return false; 90 } 91 92 for (struct dirent* de = readdir(c_dir); de != nullptr; de = readdir(c_dir)) { 93 const char* name = de->d_name; 94 if (strcmp(name, ".") == 0 || strcmp(name, "..") == 0) { 95 continue; 96 } 97 // Something here. 98 CHECK_EQ(0, closedir(c_dir)) << "Unable to close directory."; 99 return true; 100 } 101 CHECK_EQ(0, closedir(c_dir)) << "Unable to close directory."; 102 return false; 103} 104 105// Delete this directory, if empty. Then repeat with the parents. Skips non-existing directories. 106// If stop_at isn't null, the recursion will stop when a directory with the given name is found. 107static void DeleteEmptyDirectoriesUpTo(const std::string& dir, const char* stop_at) { 108 if (HasContent(dir.c_str())) { 109 return; 110 } 111 if (stop_at != nullptr) { 112 // This check isn't precise, but good enough in practice. 113 if (EndsWith(dir, stop_at)) { 114 return; 115 } 116 } 117 if (OS::DirectoryExists(dir.c_str())) { 118 if (rmdir(dir.c_str()) != 0) { 119 PLOG(ERROR) << "Unable to rmdir " << dir; 120 return; 121 } 122 } 123 size_t last_slash = dir.rfind('/'); 124 if (last_slash != std::string::npos) { 125 DeleteEmptyDirectoriesUpTo(dir.substr(0, last_slash), stop_at); 126 } 127} 128 129static void MoveOTAArtifacts(const char* src, const char* trg) { 130 DCHECK(OS::DirectoryExists(src)); 131 DCHECK(OS::DirectoryExists(trg)); 132 133 if (HasContent(trg)) { 134 LOG(WARNING) << "We do not support merging caches, but the target isn't empty: " << src 135 << " to " << trg; 136 return; 137 } 138 139 if (rename(src, trg) != 0) { 140 PLOG(ERROR) << "Could not rename OTA cache " << src << " to target " << trg; 141 } 142} 143 144// This is some dlopen/dlsym and hardcoded data to avoid a dependency on libselinux. Make sure 145// this stays in sync! 146static bool RelabelOTAFiles(const std::string& dalvik_cache_dir) { 147 // We only expect selinux on devices. Don't even attempt this on the host. 148 if (!kIsTargetBuild) { 149 return true; 150 } 151 152 // Custom deleter, so we can use std::unique_ptr. 153 struct HandleDeleter { 154 void operator()(void* in) { 155 if (in != nullptr && dlclose(in) != 0) { 156 PLOG(ERROR) << "Could not close selinux handle."; 157 } 158 } 159 }; 160 161 // Look for selinux library. 162 std::unique_ptr<void, HandleDeleter> selinux_handle(dlopen("libselinux.so", RTLD_NOW)); 163 if (selinux_handle == nullptr) { 164 // Assume everything's OK if we can't open the library. 165 return true; 166 } 167 dlerror(); // Clean dlerror string. 168 169 void* restorecon_ptr = dlsym(selinux_handle.get(), "selinux_android_restorecon"); 170 if (restorecon_ptr == nullptr) { 171 // Can't find the relabel function. That's bad. Make sure the zygote fails, as we have no 172 // other recourse to make this error obvious. 173 const char* error_string = dlerror(); 174 LOG(FATAL) << "Could not find selinux restorecon function: " 175 << ((error_string != nullptr) ? error_string : "(unknown error)"); 176 UNREACHABLE(); 177 } 178 179 using RestoreconFn = int (*)(const char*, unsigned int); 180 constexpr unsigned int kRecursive = 4U; 181 182 RestoreconFn restorecon_fn = reinterpret_cast<RestoreconFn>(restorecon_ptr); 183 if (restorecon_fn(dalvik_cache_dir.c_str(), kRecursive) != 0) { 184 LOG(ERROR) << "Failed to restorecon " << dalvik_cache_dir; 185 return false; 186 } 187 188 return true; 189} 190 191} // namespace impl 192 193 194// We are relocating or generating the core image. We should get rid of everything. It is all 195// out-of-date. We also don't really care if this fails since it is just a convenience. 196// Adapted from prune_dex_cache(const char* subdir) in frameworks/native/cmds/installd/commands.c 197// Note this should only be used during first boot. 198static void PruneDalvikCache(InstructionSet isa) { 199 CHECK_NE(isa, kNone); 200 // Prune the base /data/dalvik-cache. 201 impl::DeleteDirectoryContents(GetDalvikCacheOrDie(".", false), false); 202 // Prune /data/dalvik-cache/<isa>. 203 impl::DeleteDirectoryContents(GetDalvikCacheOrDie(GetInstructionSetString(isa), false), false); 204 205 // Be defensive. There should be a runtime created here, but this may be called in a test. 206 if (Runtime::Current() != nullptr) { 207 Runtime::Current()->SetPrunedDalvikCache(true); 208 } 209} 210 211// We write out an empty file to the zygote's ISA specific cache dir at the start of 212// every zygote boot and delete it when the boot completes. If we find a file already 213// present, it usually means the boot didn't complete. We wipe the entire dalvik 214// cache if that's the case. 215static void MarkZygoteStart(const InstructionSet isa, const uint32_t max_failed_boots) { 216 const std::string isa_subdir = GetDalvikCacheOrDie(GetInstructionSetString(isa), false); 217 const std::string boot_marker = isa_subdir + "/.booting"; 218 const char* file_name = boot_marker.c_str(); 219 220 uint32_t num_failed_boots = 0; 221 std::unique_ptr<File> file(OS::OpenFileReadWrite(file_name)); 222 if (file.get() == nullptr) { 223 file.reset(OS::CreateEmptyFile(file_name)); 224 225 if (file.get() == nullptr) { 226 PLOG(WARNING) << "Failed to create boot marker."; 227 return; 228 } 229 } else { 230 if (!file->ReadFully(&num_failed_boots, sizeof(num_failed_boots))) { 231 PLOG(WARNING) << "Failed to read boot marker."; 232 file->Erase(); 233 return; 234 } 235 } 236 237 if (max_failed_boots != 0 && num_failed_boots > max_failed_boots) { 238 LOG(WARNING) << "Incomplete boot detected. Pruning dalvik cache"; 239 impl::DeleteDirectoryContents(isa_subdir, false); 240 } 241 242 ++num_failed_boots; 243 VLOG(startup) << "Number of failed boots on : " << boot_marker << " = " << num_failed_boots; 244 245 if (lseek(file->Fd(), 0, SEEK_SET) == -1) { 246 PLOG(WARNING) << "Failed to write boot marker."; 247 file->Erase(); 248 return; 249 } 250 251 if (!file->WriteFully(&num_failed_boots, sizeof(num_failed_boots))) { 252 PLOG(WARNING) << "Failed to write boot marker."; 253 file->Erase(); 254 return; 255 } 256 257 if (file->FlushCloseOrErase() != 0) { 258 PLOG(WARNING) << "Failed to flush boot marker."; 259 } 260} 261 262static void TryMoveOTAArtifacts(const std::string& cache_filename, bool dalvik_cache_exists) { 263 // We really assume here global means /data/dalvik-cache, and we'll inject 'ota.' Make sure 264 // that's true. 265 CHECK(StartsWith(cache_filename, "/data/dalvik-cache")) << cache_filename; 266 267 // Inject ota subdirectory. 268 std::string ota_filename(cache_filename); 269 ota_filename = ota_filename.insert(strlen("/data/"), "ota/"); 270 CHECK(StartsWith(ota_filename, "/data/ota/dalvik-cache")) << ota_filename; 271 272 // See if the file exists. 273 if (OS::FileExists(ota_filename.c_str())) { 274 VLOG(startup) << "OTA directory does exist, checking for artifacts"; 275 276 size_t last_slash = ota_filename.rfind('/'); 277 CHECK_NE(last_slash, std::string::npos); 278 std::string ota_source_dir = ota_filename.substr(0, last_slash); 279 280 // We need the dalvik cache now, really. 281 if (dalvik_cache_exists) { 282 size_t last_cache_slash = cache_filename.rfind('/'); 283 DCHECK_NE(last_cache_slash, std::string::npos); 284 std::string dalvik_cache_target_dir = cache_filename.substr(0, last_cache_slash); 285 286 // First clean the target cache. 287 impl::DeleteDirectoryContents(dalvik_cache_target_dir.c_str(), false); 288 289 // Now move things over. 290 impl::MoveOTAArtifacts(ota_source_dir.c_str(), dalvik_cache_target_dir.c_str()); 291 292 // Last step: ensure the files have the right selinux label. 293 if (!impl::RelabelOTAFiles(dalvik_cache_target_dir)) { 294 // This isn't good. We potentially moved files, but they have the wrong label. Delete the 295 // files. 296 LOG(WARNING) << "Could not relabel files, must delete dalvik-cache."; 297 impl::DeleteDirectoryContents(dalvik_cache_target_dir.c_str(), false); 298 } 299 } 300 301 // Cleanup. 302 impl::DeleteDirectoryContents(ota_source_dir.c_str(), true); 303 impl::DeleteEmptyDirectoriesUpTo(ota_source_dir, "ota"); 304 } else { 305 VLOG(startup) << "No OTA directory."; 306 } 307} 308 309} // namespace space 310} // namespace gc 311} // namespace art 312 313#endif // ART_RUNTIME_GC_SPACE_IMAGE_SPACE_FS_H_ 314