1#include "idmap.h"
2
3#include <private/android_filesystem_config.h> // for AID_SYSTEM
4
5#include <stdlib.h>
6#include <string.h>
7
8namespace {
9    const char *usage = "NAME\n\
10      idmap - create or display idmap files\n\
11\n\
12SYNOPSIS \n\
13      idmap --help \n\
14      idmap --fd target overlay fd \n\
15      idmap --path target overlay idmap \n\
16      idmap --scan target-package-name-to-look-for path-to-target-apk dir-to-hold-idmaps \\\
17                   dir-to-scan [additional-dir-to-scan [additional-dir-to-scan [...]]]\n\
18      idmap --inspect idmap \n\
19\n\
20DESCRIPTION \n\
21      Idmap files play an integral part in the runtime resource overlay framework. An idmap \n\
22      file contains a mapping of resource identifiers between overlay package and its target \n\
23      package; this mapping is used during resource lookup. Idmap files also act as control \n\
24      files by their existence: if not present, the corresponding overlay package is ignored \n\
25      when the resource context is created. \n\
26\n\
27      Idmap files are stored in /data/resource-cache. For each pair (target package, overlay \n\
28      package), there exists exactly one idmap file, or none if the overlay should not be used. \n\
29\n\
30NOMENCLATURE \n\
31      target: the original, non-overlay, package. Each target package may be associated with \n\
32              any number of overlay packages. \n\
33\n\
34      overlay: an overlay package. Each overlay package is associated with exactly one target \n\
35               package, specified in the overlay's manifest using the <overlay target=\"...\"/> \n\
36               tag. \n\
37\n\
38OPTIONS \n\
39      --help: display this help \n\
40\n\
41      --fd: create idmap for target package 'target' (path to apk) and overlay package 'overlay' \n\
42            (path to apk); write results to file descriptor 'fd' (integer). This invocation \n\
43            version is intended to be used by a parent process with higher privileges to call \n\
44            idmap in a controlled way: the parent will open a suitable file descriptor, fork, \n\
45            drop its privileges and exec. This tool will continue execution without the extra \n\
46            privileges, but still have write access to a file it could not have opened on its \n\
47            own. \n\
48\n\
49      --path: create idmap for target package 'target' (path to apk) and overlay package \n\
50              'overlay' (path to apk); write results to 'idmap' (path). \n\
51\n\
52      --scan: non-recursively search directory 'dir-to-scan' (path) for overlay packages with \n\
53              target package 'target-package-name-to-look-for' (package name) present at\n\
54              'path-to-target-apk' (path to apk). For each overlay package found, create an\n\
55              idmap file in 'dir-to-hold-idmaps' (path). \n\
56\n\
57      --inspect: decode the binary format of 'idmap' (path) and display the contents in a \n\
58                 debug-friendly format. \n\
59\n\
60EXAMPLES \n\
61      Create an idmap file: \n\
62\n\
63      $ adb shell idmap --path /system/app/target.apk \\ \n\
64                               /vendor/overlay/overlay.apk \\ \n\
65                               /data/resource-cache/vendor@overlay@overlay.apk@idmap \n\
66\n\
67      Display an idmap file: \n\
68\n\
69      $ adb shell idmap --inspect /data/resource-cache/vendor@overlay@overlay.apk@idmap \n\
70      SECTION      ENTRY        VALUE      COMMENT \n\
71      IDMAP HEADER magic        0x706d6469 \n\
72                   base crc     0xb65a383f \n\
73                   overlay crc  0x7b9675e8 \n\
74                   base path    .......... /path/to/target.apk \n\
75                   overlay path .......... /path/to/overlay.apk \n\
76      DATA HEADER  target pkg   0x0000007f \n\
77                   types count  0x00000003 \n\
78      DATA BLOCK   target type  0x00000002 \n\
79                   overlay type 0x00000002 \n\
80                   entry count  0x00000001 \n\
81                   entry offset 0x00000000 \n\
82                   entry        0x00000000 drawable/drawable \n\
83      DATA BLOCK   target type  0x00000003 \n\
84                   overlay type 0x00000003 \n\
85                   entry count  0x00000001 \n\
86                   entry offset 0x00000000 \n\
87                   entry        0x00000000 xml/integer \n\
88      DATA BLOCK   target type  0x00000004 \n\
89                   overlay type 0x00000004 \n\
90                   entry count  0x00000001 \n\
91                   entry offset 0x00000000 \n\
92                   entry        0x00000000 raw/lorem_ipsum \n\
93\n\
94      In this example, the overlay package provides three alternative resource values:\n\
95      drawable/drawable, xml/integer, and raw/lorem_ipsum \n\
96\n\
97NOTES \n\
98      This tool and its expected invocation from installd is modelled on dexopt.";
99
100    bool verify_directory_readable(const char *path)
101    {
102        return access(path, R_OK | X_OK) == 0;
103    }
104
105    bool verify_directory_writable(const char *path)
106    {
107        return access(path, W_OK) == 0;
108    }
109
110    bool verify_file_readable(const char *path)
111    {
112        return access(path, R_OK) == 0;
113    }
114
115    bool verify_root_or_system()
116    {
117        uid_t uid = getuid();
118        gid_t gid = getgid();
119
120        return (uid == 0 && gid == 0) || (uid == AID_SYSTEM && gid == AID_SYSTEM);
121    }
122
123    int maybe_create_fd(const char *target_apk_path, const char *overlay_apk_path,
124            const char *idmap_str)
125    {
126        // anyone (not just root or system) may do --fd -- the file has
127        // already been opened by someone else on our behalf
128
129        char *endptr;
130        int idmap_fd = strtol(idmap_str, &endptr, 10);
131        if (*endptr != '\0') {
132            fprintf(stderr, "error: failed to parse file descriptor argument %s\n", idmap_str);
133            return -1;
134        }
135
136        if (!verify_file_readable(target_apk_path)) {
137            ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
138            return -1;
139        }
140
141        if (!verify_file_readable(overlay_apk_path)) {
142            ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno));
143            return -1;
144        }
145
146        return idmap_create_fd(target_apk_path, overlay_apk_path, idmap_fd);
147    }
148
149    int maybe_create_path(const char *target_apk_path, const char *overlay_apk_path,
150            const char *idmap_path)
151    {
152        if (!verify_root_or_system()) {
153            fprintf(stderr, "error: permission denied: not user root or user system\n");
154            return -1;
155        }
156
157        if (!verify_file_readable(target_apk_path)) {
158            ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
159            return -1;
160        }
161
162        if (!verify_file_readable(overlay_apk_path)) {
163            ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno));
164            return -1;
165        }
166
167        return idmap_create_path(target_apk_path, overlay_apk_path, idmap_path);
168    }
169
170    int maybe_scan(const char *target_package_name, const char *target_apk_path,
171            const char *idmap_dir, const android::Vector<const char *> *overlay_dirs)
172    {
173        if (!verify_root_or_system()) {
174            fprintf(stderr, "error: permission denied: not user root or user system\n");
175            return -1;
176        }
177
178        if (!verify_file_readable(target_apk_path)) {
179            ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
180            return -1;
181        }
182
183        if (!verify_directory_writable(idmap_dir)) {
184            ALOGD("error: no write access to %s: %s\n", idmap_dir, strerror(errno));
185            return -1;
186        }
187
188        const size_t N = overlay_dirs->size();
189        for (size_t i = 0; i < N; i++) {
190            const char *dir = overlay_dirs->itemAt(i);
191            if (!verify_directory_readable(dir)) {
192                ALOGD("error: no read access to %s: %s\n", dir, strerror(errno));
193                return -1;
194            }
195        }
196
197        return idmap_scan(target_package_name, target_apk_path, idmap_dir, overlay_dirs);
198    }
199
200    int maybe_inspect(const char *idmap_path)
201    {
202        // anyone (not just root or system) may do --inspect
203        if (!verify_file_readable(idmap_path)) {
204            ALOGD("error: failed to read idmap %s: %s\n", idmap_path, strerror(errno));
205            return -1;
206        }
207        return idmap_inspect(idmap_path);
208    }
209}
210
211int main(int argc, char **argv)
212{
213#if 0
214    {
215        char buf[1024];
216        buf[0] = '\0';
217        for (int i = 0; i < argc; ++i) {
218            strncat(buf, argv[i], sizeof(buf) - 1);
219            strncat(buf, " ", sizeof(buf) - 1);
220        }
221        ALOGD("%s:%d: uid=%d gid=%d argv=%s\n", __FILE__, __LINE__, getuid(), getgid(), buf);
222    }
223#endif
224
225    if (argc == 2 && !strcmp(argv[1], "--help")) {
226        printf("%s\n", usage);
227        return 0;
228    }
229
230    if (argc == 5 && !strcmp(argv[1], "--fd")) {
231        return maybe_create_fd(argv[2], argv[3], argv[4]);
232    }
233
234    if (argc == 5 && !strcmp(argv[1], "--path")) {
235        return maybe_create_path(argv[2], argv[3], argv[4]);
236    }
237
238    if (argc >= 6 && !strcmp(argv[1], "--scan")) {
239        android::Vector<const char *> v;
240        for (int i = 5; i < argc; i++) {
241            v.push(argv[i]);
242        }
243        return maybe_scan(argv[2], argv[3], argv[4], &v);
244    }
245
246    if (argc == 3 && !strcmp(argv[1], "--inspect")) {
247        return maybe_inspect(argv[2]);
248    }
249
250    fprintf(stderr, "Usage: don't use this (cf dexopt usage).\n");
251    return EXIT_FAILURE;
252}
253