1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#define LOG_TAG "installed"
17
18#include <fcntl.h>
19#include <stdlib.h>
20#include <string.h>
21#include <sys/capability.h>
22#include <sys/file.h>
23#include <sys/stat.h>
24#include <sys/time.h>
25#include <sys/types.h>
26#include <sys/resource.h>
27#include <sys/wait.h>
28#include <unistd.h>
29
30#include <android-base/logging.h>
31#include <android-base/stringprintf.h>
32#include <android-base/strings.h>
33#include <android-base/unique_fd.h>
34#include <cutils/fs.h>
35#include <cutils/properties.h>
36#include <cutils/sched_policy.h>
37#include <log/log.h>               // TODO: Move everything to base/logging.
38#include <private/android_filesystem_config.h>
39#include <selinux/android.h>
40#include <system/thread_defs.h>
41
42#include "dexopt.h"
43#include "installd_deps.h"
44#include "otapreopt_utils.h"
45#include "utils.h"
46
47using android::base::StringPrintf;
48using android::base::EndsWith;
49using android::base::unique_fd;
50
51namespace android {
52namespace installd {
53
54// Deleter using free() for use with std::unique_ptr<>. See also UniqueCPtr<> below.
55struct FreeDelete {
56  // NOTE: Deleting a const object is valid but free() takes a non-const pointer.
57  void operator()(const void* ptr) const {
58    free(const_cast<void*>(ptr));
59  }
60};
61
62// Alias for std::unique_ptr<> that uses the C function free() to delete objects.
63template <typename T>
64using UniqueCPtr = std::unique_ptr<T, FreeDelete>;
65
66static unique_fd invalid_unique_fd() {
67    return unique_fd(-1);
68}
69
70static bool clear_profile(const std::string& profile) {
71    unique_fd ufd(open(profile.c_str(), O_WRONLY | O_NOFOLLOW | O_CLOEXEC));
72    if (ufd.get() < 0) {
73        if (errno != ENOENT) {
74            PLOG(WARNING) << "Could not open profile " << profile;
75            return false;
76        } else {
77            // Nothing to clear. That's ok.
78            return true;
79        }
80    }
81
82    if (flock(ufd.get(), LOCK_EX | LOCK_NB) != 0) {
83        if (errno != EWOULDBLOCK) {
84            PLOG(WARNING) << "Error locking profile " << profile;
85        }
86        // This implies that the app owning this profile is running
87        // (and has acquired the lock).
88        //
89        // If we can't acquire the lock bail out since clearing is useless anyway
90        // (the app will write again to the profile).
91        //
92        // Note:
93        // This does not impact the this is not an issue for the profiling correctness.
94        // In case this is needed because of an app upgrade, profiles will still be
95        // eventually cleared by the app itself due to checksum mismatch.
96        // If this is needed because profman advised, then keeping the data around
97        // until the next run is again not an issue.
98        //
99        // If the app attempts to acquire a lock while we've held one here,
100        // it will simply skip the current write cycle.
101        return false;
102    }
103
104    bool truncated = ftruncate(ufd.get(), 0) == 0;
105    if (!truncated) {
106        PLOG(WARNING) << "Could not truncate " << profile;
107    }
108    if (flock(ufd.get(), LOCK_UN) != 0) {
109        PLOG(WARNING) << "Error unlocking profile " << profile;
110    }
111    return truncated;
112}
113
114// Clear the reference profile for the given location.
115// The location is the package name for primary apks or the dex path for secondary dex files.
116static bool clear_reference_profile(const std::string& location, bool is_secondary_dex) {
117    return clear_profile(create_reference_profile_path(location, is_secondary_dex));
118}
119
120// Clear the reference profile for the given location.
121// The location is the package name for primary apks or the dex path for secondary dex files.
122static bool clear_current_profile(const std::string& pkgname, userid_t user,
123        bool is_secondary_dex) {
124    return clear_profile(create_current_profile_path(user, pkgname, is_secondary_dex));
125}
126
127// Clear the reference profile for the primary apk of the given package.
128bool clear_primary_reference_profile(const std::string& pkgname) {
129    return clear_reference_profile(pkgname, /*is_secondary_dex*/false);
130}
131
132// Clear all current profile for the primary apk of the given package.
133bool clear_primary_current_profiles(const std::string& pkgname) {
134    bool success = true;
135    // For secondary dex files, we don't really need the user but we use it for sanity checks.
136    std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr);
137    for (auto user : users) {
138        success &= clear_current_profile(pkgname, user, /*is_secondary_dex*/false);
139    }
140    return success;
141}
142
143// Clear the current profile for the primary apk of the given package and user.
144bool clear_primary_current_profile(const std::string& pkgname, userid_t user) {
145    return clear_current_profile(pkgname, user, /*is_secondary_dex*/false);
146}
147
148static int split_count(const char *str)
149{
150  char *ctx;
151  int count = 0;
152  char buf[kPropertyValueMax];
153
154  strncpy(buf, str, sizeof(buf));
155  char *pBuf = buf;
156
157  while(strtok_r(pBuf, " ", &ctx) != NULL) {
158    count++;
159    pBuf = NULL;
160  }
161
162  return count;
163}
164
165static int split(char *buf, const char **argv)
166{
167  char *ctx;
168  int count = 0;
169  char *tok;
170  char *pBuf = buf;
171
172  while((tok = strtok_r(pBuf, " ", &ctx)) != NULL) {
173    argv[count++] = tok;
174    pBuf = NULL;
175  }
176
177  return count;
178}
179
180static const char* get_location_from_path(const char* path) {
181    static constexpr char kLocationSeparator = '/';
182    const char *location = strrchr(path, kLocationSeparator);
183    if (location == NULL) {
184        return path;
185    } else {
186        // Skip the separator character.
187        return location + 1;
188    }
189}
190
191static void run_dex2oat(int zip_fd, int oat_fd, int input_vdex_fd, int output_vdex_fd, int image_fd,
192        const char* input_file_name, const char* output_file_name, int swap_fd,
193        const char* instruction_set, const char* compiler_filter,
194        bool debuggable, bool post_bootcomplete, int profile_fd, const char* shared_libraries) {
195    static const unsigned int MAX_INSTRUCTION_SET_LEN = 7;
196
197    if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) {
198        ALOGE("Instruction set %s longer than max length of %d",
199              instruction_set, MAX_INSTRUCTION_SET_LEN);
200        return;
201    }
202
203    // Get the relative path to the input file.
204    const char* relative_input_file_name = get_location_from_path(input_file_name);
205
206    char dex2oat_Xms_flag[kPropertyValueMax];
207    bool have_dex2oat_Xms_flag = get_property("dalvik.vm.dex2oat-Xms", dex2oat_Xms_flag, NULL) > 0;
208
209    char dex2oat_Xmx_flag[kPropertyValueMax];
210    bool have_dex2oat_Xmx_flag = get_property("dalvik.vm.dex2oat-Xmx", dex2oat_Xmx_flag, NULL) > 0;
211
212    char dex2oat_threads_buf[kPropertyValueMax];
213    bool have_dex2oat_threads_flag = get_property(post_bootcomplete
214                                                      ? "dalvik.vm.dex2oat-threads"
215                                                      : "dalvik.vm.boot-dex2oat-threads",
216                                                  dex2oat_threads_buf,
217                                                  NULL) > 0;
218    char dex2oat_threads_arg[kPropertyValueMax + 2];
219    if (have_dex2oat_threads_flag) {
220        sprintf(dex2oat_threads_arg, "-j%s", dex2oat_threads_buf);
221    }
222
223    char dex2oat_isa_features_key[kPropertyKeyMax];
224    sprintf(dex2oat_isa_features_key, "dalvik.vm.isa.%s.features", instruction_set);
225    char dex2oat_isa_features[kPropertyValueMax];
226    bool have_dex2oat_isa_features = get_property(dex2oat_isa_features_key,
227                                                  dex2oat_isa_features, NULL) > 0;
228
229    char dex2oat_isa_variant_key[kPropertyKeyMax];
230    sprintf(dex2oat_isa_variant_key, "dalvik.vm.isa.%s.variant", instruction_set);
231    char dex2oat_isa_variant[kPropertyValueMax];
232    bool have_dex2oat_isa_variant = get_property(dex2oat_isa_variant_key,
233                                                 dex2oat_isa_variant, NULL) > 0;
234
235    const char *dex2oat_norelocation = "-Xnorelocate";
236    bool have_dex2oat_relocation_skip_flag = false;
237
238    char dex2oat_flags[kPropertyValueMax];
239    int dex2oat_flags_count = get_property("dalvik.vm.dex2oat-flags",
240                                 dex2oat_flags, NULL) <= 0 ? 0 : split_count(dex2oat_flags);
241    ALOGV("dalvik.vm.dex2oat-flags=%s\n", dex2oat_flags);
242
243    // If we are booting without the real /data, don't spend time compiling.
244    char vold_decrypt[kPropertyValueMax];
245    bool have_vold_decrypt = get_property("vold.decrypt", vold_decrypt, "") > 0;
246    bool skip_compilation = (have_vold_decrypt &&
247                             (strcmp(vold_decrypt, "trigger_restart_min_framework") == 0 ||
248                             (strcmp(vold_decrypt, "1") == 0)));
249
250    bool generate_debug_info = property_get_bool("debug.generate-debug-info", false);
251
252    char app_image_format[kPropertyValueMax];
253    char image_format_arg[strlen("--image-format=") + kPropertyValueMax];
254    bool have_app_image_format =
255            image_fd >= 0 && get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0;
256    if (have_app_image_format) {
257        sprintf(image_format_arg, "--image-format=%s", app_image_format);
258    }
259
260    char dex2oat_large_app_threshold[kPropertyValueMax];
261    bool have_dex2oat_large_app_threshold =
262            get_property("dalvik.vm.dex2oat-very-large", dex2oat_large_app_threshold, NULL) > 0;
263    char dex2oat_large_app_threshold_arg[strlen("--very-large-app-threshold=") + kPropertyValueMax];
264    if (have_dex2oat_large_app_threshold) {
265        sprintf(dex2oat_large_app_threshold_arg,
266                "--very-large-app-threshold=%s",
267                dex2oat_large_app_threshold);
268    }
269
270    static const char* DEX2OAT_BIN = "/system/bin/dex2oat";
271
272    static const char* RUNTIME_ARG = "--runtime-arg";
273
274    static const int MAX_INT_LEN = 12;      // '-'+10dig+'\0' -OR- 0x+8dig
275
276    // clang FORTIFY doesn't let us use strlen in constant array bounds, so we
277    // use arraysize instead.
278    char zip_fd_arg[arraysize("--zip-fd=") + MAX_INT_LEN];
279    char zip_location_arg[arraysize("--zip-location=") + PKG_PATH_MAX];
280    char input_vdex_fd_arg[arraysize("--input-vdex-fd=") + MAX_INT_LEN];
281    char output_vdex_fd_arg[arraysize("--output-vdex-fd=") + MAX_INT_LEN];
282    char oat_fd_arg[arraysize("--oat-fd=") + MAX_INT_LEN];
283    char oat_location_arg[arraysize("--oat-location=") + PKG_PATH_MAX];
284    char instruction_set_arg[arraysize("--instruction-set=") + MAX_INSTRUCTION_SET_LEN];
285    char instruction_set_variant_arg[arraysize("--instruction-set-variant=") + kPropertyValueMax];
286    char instruction_set_features_arg[arraysize("--instruction-set-features=") + kPropertyValueMax];
287    char dex2oat_Xms_arg[arraysize("-Xms") + kPropertyValueMax];
288    char dex2oat_Xmx_arg[arraysize("-Xmx") + kPropertyValueMax];
289    char dex2oat_compiler_filter_arg[arraysize("--compiler-filter=") + kPropertyValueMax];
290    bool have_dex2oat_swap_fd = false;
291    char dex2oat_swap_fd[arraysize("--swap-fd=") + MAX_INT_LEN];
292    bool have_dex2oat_image_fd = false;
293    char dex2oat_image_fd[arraysize("--app-image-fd=") + MAX_INT_LEN];
294
295    sprintf(zip_fd_arg, "--zip-fd=%d", zip_fd);
296    sprintf(zip_location_arg, "--zip-location=%s", relative_input_file_name);
297    sprintf(input_vdex_fd_arg, "--input-vdex-fd=%d", input_vdex_fd);
298    sprintf(output_vdex_fd_arg, "--output-vdex-fd=%d", output_vdex_fd);
299    sprintf(oat_fd_arg, "--oat-fd=%d", oat_fd);
300    sprintf(oat_location_arg, "--oat-location=%s", output_file_name);
301    sprintf(instruction_set_arg, "--instruction-set=%s", instruction_set);
302    sprintf(instruction_set_variant_arg, "--instruction-set-variant=%s", dex2oat_isa_variant);
303    sprintf(instruction_set_features_arg, "--instruction-set-features=%s", dex2oat_isa_features);
304    if (swap_fd >= 0) {
305        have_dex2oat_swap_fd = true;
306        sprintf(dex2oat_swap_fd, "--swap-fd=%d", swap_fd);
307    }
308    if (image_fd >= 0) {
309        have_dex2oat_image_fd = true;
310        sprintf(dex2oat_image_fd, "--app-image-fd=%d", image_fd);
311    }
312
313    if (have_dex2oat_Xms_flag) {
314        sprintf(dex2oat_Xms_arg, "-Xms%s", dex2oat_Xms_flag);
315    }
316    if (have_dex2oat_Xmx_flag) {
317        sprintf(dex2oat_Xmx_arg, "-Xmx%s", dex2oat_Xmx_flag);
318    }
319
320    // Compute compiler filter.
321
322    bool have_dex2oat_compiler_filter_flag = false;
323    if (skip_compilation) {
324        strcpy(dex2oat_compiler_filter_arg, "--compiler-filter=extract");
325        have_dex2oat_compiler_filter_flag = true;
326        have_dex2oat_relocation_skip_flag = true;
327    } else if (compiler_filter != nullptr) {
328        if (strlen(compiler_filter) + strlen("--compiler-filter=") <
329                    arraysize(dex2oat_compiler_filter_arg)) {
330            sprintf(dex2oat_compiler_filter_arg, "--compiler-filter=%s", compiler_filter);
331            have_dex2oat_compiler_filter_flag = true;
332        } else {
333            ALOGW("Compiler filter name '%s' is too large (max characters is %zu)",
334                  compiler_filter,
335                  kPropertyValueMax);
336        }
337    }
338
339    if (!have_dex2oat_compiler_filter_flag) {
340        char dex2oat_compiler_filter_flag[kPropertyValueMax];
341        have_dex2oat_compiler_filter_flag = get_property("dalvik.vm.dex2oat-filter",
342                                                         dex2oat_compiler_filter_flag, NULL) > 0;
343        if (have_dex2oat_compiler_filter_flag) {
344            sprintf(dex2oat_compiler_filter_arg,
345                    "--compiler-filter=%s",
346                    dex2oat_compiler_filter_flag);
347        }
348    }
349
350    // Check whether all apps should be compiled debuggable.
351    if (!debuggable) {
352        char prop_buf[kPropertyValueMax];
353        debuggable =
354                (get_property("dalvik.vm.always_debuggable", prop_buf, "0") > 0) &&
355                (prop_buf[0] == '1');
356    }
357    char profile_arg[strlen("--profile-file-fd=") + MAX_INT_LEN];
358    if (profile_fd != -1) {
359        sprintf(profile_arg, "--profile-file-fd=%d", profile_fd);
360    }
361
362    // Get the directory of the apk to pass as a base classpath directory.
363    char base_dir[arraysize("--classpath-dir=") + PKG_PATH_MAX];
364    std::string apk_dir(input_file_name);
365    unsigned long dir_index = apk_dir.rfind('/');
366    bool has_base_dir = dir_index != std::string::npos;
367    if (has_base_dir) {
368        apk_dir = apk_dir.substr(0, dir_index);
369        sprintf(base_dir, "--classpath-dir=%s", apk_dir.c_str());
370    }
371
372
373    ALOGV("Running %s in=%s out=%s\n", DEX2OAT_BIN, relative_input_file_name, output_file_name);
374
375    const char* argv[9  // program name, mandatory arguments and the final NULL
376                     + (have_dex2oat_isa_variant ? 1 : 0)
377                     + (have_dex2oat_isa_features ? 1 : 0)
378                     + (have_dex2oat_Xms_flag ? 2 : 0)
379                     + (have_dex2oat_Xmx_flag ? 2 : 0)
380                     + (have_dex2oat_compiler_filter_flag ? 1 : 0)
381                     + (have_dex2oat_threads_flag ? 1 : 0)
382                     + (have_dex2oat_swap_fd ? 1 : 0)
383                     + (have_dex2oat_image_fd ? 1 : 0)
384                     + (have_dex2oat_relocation_skip_flag ? 2 : 0)
385                     + (generate_debug_info ? 1 : 0)
386                     + (debuggable ? 1 : 0)
387                     + (have_app_image_format ? 1 : 0)
388                     + dex2oat_flags_count
389                     + (profile_fd == -1 ? 0 : 1)
390                     + (shared_libraries != nullptr ? 4 : 0)
391                     + (has_base_dir ? 1 : 0)
392                     + (have_dex2oat_large_app_threshold ? 1 : 0)];
393    int i = 0;
394    argv[i++] = DEX2OAT_BIN;
395    argv[i++] = zip_fd_arg;
396    argv[i++] = zip_location_arg;
397    argv[i++] = input_vdex_fd_arg;
398    argv[i++] = output_vdex_fd_arg;
399    argv[i++] = oat_fd_arg;
400    argv[i++] = oat_location_arg;
401    argv[i++] = instruction_set_arg;
402    if (have_dex2oat_isa_variant) {
403        argv[i++] = instruction_set_variant_arg;
404    }
405    if (have_dex2oat_isa_features) {
406        argv[i++] = instruction_set_features_arg;
407    }
408    if (have_dex2oat_Xms_flag) {
409        argv[i++] = RUNTIME_ARG;
410        argv[i++] = dex2oat_Xms_arg;
411    }
412    if (have_dex2oat_Xmx_flag) {
413        argv[i++] = RUNTIME_ARG;
414        argv[i++] = dex2oat_Xmx_arg;
415    }
416    if (have_dex2oat_compiler_filter_flag) {
417        argv[i++] = dex2oat_compiler_filter_arg;
418    }
419    if (have_dex2oat_threads_flag) {
420        argv[i++] = dex2oat_threads_arg;
421    }
422    if (have_dex2oat_swap_fd) {
423        argv[i++] = dex2oat_swap_fd;
424    }
425    if (have_dex2oat_image_fd) {
426        argv[i++] = dex2oat_image_fd;
427    }
428    if (generate_debug_info) {
429        argv[i++] = "--generate-debug-info";
430    }
431    if (debuggable) {
432        argv[i++] = "--debuggable";
433    }
434    if (have_app_image_format) {
435        argv[i++] = image_format_arg;
436    }
437    if (have_dex2oat_large_app_threshold) {
438        argv[i++] = dex2oat_large_app_threshold_arg;
439    }
440    if (dex2oat_flags_count) {
441        i += split(dex2oat_flags, argv + i);
442    }
443    if (have_dex2oat_relocation_skip_flag) {
444        argv[i++] = RUNTIME_ARG;
445        argv[i++] = dex2oat_norelocation;
446    }
447    if (profile_fd != -1) {
448        argv[i++] = profile_arg;
449    }
450    if (shared_libraries != nullptr) {
451        argv[i++] = RUNTIME_ARG;
452        argv[i++] = "-classpath";
453        argv[i++] = RUNTIME_ARG;
454        argv[i++] = shared_libraries;
455    }
456    if (has_base_dir) {
457        argv[i++] = base_dir;
458    }
459    // Do not add after dex2oat_flags, they should override others for debugging.
460    argv[i] = NULL;
461
462    execv(DEX2OAT_BIN, (char * const *)argv);
463    ALOGE("execv(%s) failed: %s\n", DEX2OAT_BIN, strerror(errno));
464}
465
466/*
467 * Whether dexopt should use a swap file when compiling an APK.
468 *
469 * If kAlwaysProvideSwapFile, do this on all devices (dex2oat will make a more informed decision
470 * itself, anyways).
471 *
472 * Otherwise, read "dalvik.vm.dex2oat-swap". If the property exists, return whether it is "true".
473 *
474 * Otherwise, return true if this is a low-mem device.
475 *
476 * Otherwise, return default value.
477 */
478static bool kAlwaysProvideSwapFile = false;
479static bool kDefaultProvideSwapFile = true;
480
481static bool ShouldUseSwapFileForDexopt() {
482    if (kAlwaysProvideSwapFile) {
483        return true;
484    }
485
486    // Check the "override" property. If it exists, return value == "true".
487    char dex2oat_prop_buf[kPropertyValueMax];
488    if (get_property("dalvik.vm.dex2oat-swap", dex2oat_prop_buf, "") > 0) {
489        if (strcmp(dex2oat_prop_buf, "true") == 0) {
490            return true;
491        } else {
492            return false;
493        }
494    }
495
496    // Shortcut for default value. This is an implementation optimization for the process sketched
497    // above. If the default value is true, we can avoid to check whether this is a low-mem device,
498    // as low-mem is never returning false. The compiler will optimize this away if it can.
499    if (kDefaultProvideSwapFile) {
500        return true;
501    }
502
503    bool is_low_mem = property_get_bool("ro.config.low_ram", false);
504    if (is_low_mem) {
505        return true;
506    }
507
508    // Default value must be false here.
509    return kDefaultProvideSwapFile;
510}
511
512static void SetDex2OatScheduling(bool set_to_bg) {
513    if (set_to_bg) {
514        if (set_sched_policy(0, SP_BACKGROUND) < 0) {
515            ALOGE("set_sched_policy failed: %s\n", strerror(errno));
516            exit(70);
517        }
518        if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) {
519            ALOGE("setpriority failed: %s\n", strerror(errno));
520            exit(71);
521        }
522    }
523}
524
525static bool create_profile(int uid, const std::string& profile) {
526    unique_fd fd(TEMP_FAILURE_RETRY(open(profile.c_str(), O_CREAT | O_NOFOLLOW, 0600)));
527    if (fd.get() < 0) {
528        if (errno == EEXIST) {
529            return true;
530        } else {
531            PLOG(ERROR) << "Failed to create profile " << profile;
532            return false;
533        }
534    }
535    // Profiles should belong to the app; make sure of that by giving ownership to
536    // the app uid. If we cannot do that, there's no point in returning the fd
537    // since dex2oat/profman will fail with SElinux denials.
538    if (fchown(fd.get(), uid, uid) < 0) {
539        PLOG(ERROR) << "Could not chwon profile " << profile;
540        return false;
541    }
542    return true;
543}
544
545static unique_fd open_profile(int uid, const std::string& profile, bool read_write) {
546    // Check if we need to open the profile for a read-write operation. If so, we
547    // might need to create the profile since the file might not be there. Reference
548    // profiles are created on the fly so they might not exist beforehand.
549    if (read_write) {
550        if (!create_profile(uid, profile)) {
551            return invalid_unique_fd();
552        }
553    }
554    int flags = read_write ? O_RDWR : O_RDONLY;
555    // Do not follow symlinks when opening a profile:
556    //   - primary profiles should not contain symlinks in their paths
557    //   - secondary dex paths should have been already resolved and validated
558    flags |= O_NOFOLLOW;
559
560    unique_fd fd(TEMP_FAILURE_RETRY(open(profile.c_str(), flags)));
561    if (fd.get() < 0) {
562        if (errno != ENOENT) {
563            // Profiles might be missing for various reasons. For example, in a
564            // multi-user environment, the profile directory for one user can be created
565            // after we start a merge. In this case the current profile for that user
566            // will not be found.
567            // Also, the secondary dex profiles might be deleted by the app at any time,
568            // so we can't we need to prepare if they are missing.
569            PLOG(ERROR) << "Failed to open profile " << profile;
570        }
571        return invalid_unique_fd();
572    }
573
574    return fd;
575}
576
577static unique_fd open_current_profile(uid_t uid, userid_t user, const std::string& location,
578        bool is_secondary_dex) {
579    std::string profile = create_current_profile_path(user, location, is_secondary_dex);
580    return open_profile(uid, profile, /*read_write*/false);
581}
582
583static unique_fd open_reference_profile(uid_t uid, const std::string& location, bool read_write,
584        bool is_secondary_dex) {
585    std::string profile = create_reference_profile_path(location, is_secondary_dex);
586    return open_profile(uid, profile, read_write);
587}
588
589static void open_profile_files(uid_t uid, const std::string& location, bool is_secondary_dex,
590            /*out*/ std::vector<unique_fd>* profiles_fd, /*out*/ unique_fd* reference_profile_fd) {
591    // Open the reference profile in read-write mode as profman might need to save the merge.
592    *reference_profile_fd = open_reference_profile(uid, location, /*read_write*/ true,
593            is_secondary_dex);
594
595    // For secondary dex files, we don't really need the user but we use it for sanity checks.
596    // Note: the user owning the dex file should be the current user.
597    std::vector<userid_t> users;
598    if (is_secondary_dex){
599        users.push_back(multiuser_get_user_id(uid));
600    } else {
601        users = get_known_users(/*volume_uuid*/ nullptr);
602    }
603    for (auto user : users) {
604        unique_fd profile_fd = open_current_profile(uid, user, location, is_secondary_dex);
605        // Add to the lists only if both fds are valid.
606        if (profile_fd.get() >= 0) {
607            profiles_fd->push_back(std::move(profile_fd));
608        }
609    }
610}
611
612static void drop_capabilities(uid_t uid) {
613    if (setgid(uid) != 0) {
614        ALOGE("setgid(%d) failed in installd during dexopt\n", uid);
615        exit(64);
616    }
617    if (setuid(uid) != 0) {
618        ALOGE("setuid(%d) failed in installd during dexopt\n", uid);
619        exit(65);
620    }
621    // drop capabilities
622    struct __user_cap_header_struct capheader;
623    struct __user_cap_data_struct capdata[2];
624    memset(&capheader, 0, sizeof(capheader));
625    memset(&capdata, 0, sizeof(capdata));
626    capheader.version = _LINUX_CAPABILITY_VERSION_3;
627    if (capset(&capheader, &capdata[0]) < 0) {
628        ALOGE("capset failed: %s\n", strerror(errno));
629        exit(66);
630    }
631}
632
633static constexpr int PROFMAN_BIN_RETURN_CODE_COMPILE = 0;
634static constexpr int PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION = 1;
635static constexpr int PROFMAN_BIN_RETURN_CODE_BAD_PROFILES = 2;
636static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_IO = 3;
637static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING = 4;
638
639static void run_profman_merge(const std::vector<unique_fd>& profiles_fd,
640        const unique_fd& reference_profile_fd) {
641    static const size_t MAX_INT_LEN = 32;
642    static const char* PROFMAN_BIN = "/system/bin/profman";
643
644    std::vector<std::string> profile_args(profiles_fd.size());
645    char profile_buf[strlen("--profile-file-fd=") + MAX_INT_LEN];
646    for (size_t k = 0; k < profiles_fd.size(); k++) {
647        sprintf(profile_buf, "--profile-file-fd=%d", profiles_fd[k].get());
648        profile_args[k].assign(profile_buf);
649    }
650    char reference_profile_arg[strlen("--reference-profile-file-fd=") + MAX_INT_LEN];
651    sprintf(reference_profile_arg, "--reference-profile-file-fd=%d", reference_profile_fd.get());
652
653    // program name, reference profile fd, the final NULL and the profile fds
654    const char* argv[3 + profiles_fd.size()];
655    int i = 0;
656    argv[i++] = PROFMAN_BIN;
657    argv[i++] = reference_profile_arg;
658    for (size_t k = 0; k < profile_args.size(); k++) {
659        argv[i++] = profile_args[k].c_str();
660    }
661    // Do not add after dex2oat_flags, they should override others for debugging.
662    argv[i] = NULL;
663
664    execv(PROFMAN_BIN, (char * const *)argv);
665    ALOGE("execv(%s) failed: %s\n", PROFMAN_BIN, strerror(errno));
666    exit(68);   /* only get here on exec failure */
667}
668
669// Decides if profile guided compilation is needed or not based on existing profiles.
670// The location is the package name for primary apks or the dex path for secondary dex files.
671// Returns true if there is enough information in the current profiles that makes it
672// worth to recompile the given location.
673// If the return value is true all the current profiles would have been merged into
674// the reference profiles accessible with open_reference_profile().
675static bool analyze_profiles(uid_t uid, const std::string& location, bool is_secondary_dex) {
676    std::vector<unique_fd> profiles_fd;
677    unique_fd reference_profile_fd;
678    open_profile_files(uid, location, is_secondary_dex, &profiles_fd, &reference_profile_fd);
679    if (profiles_fd.empty() || (reference_profile_fd.get() < 0)) {
680        // Skip profile guided compilation because no profiles were found.
681        // Or if the reference profile info couldn't be opened.
682        return false;
683    }
684
685    pid_t pid = fork();
686    if (pid == 0) {
687        /* child -- drop privileges before continuing */
688        drop_capabilities(uid);
689        run_profman_merge(profiles_fd, reference_profile_fd);
690        exit(68);   /* only get here on exec failure */
691    }
692    /* parent */
693    int return_code = wait_child(pid);
694    bool need_to_compile = false;
695    bool should_clear_current_profiles = false;
696    bool should_clear_reference_profile = false;
697    if (!WIFEXITED(return_code)) {
698        LOG(WARNING) << "profman failed for location " << location << ": " << return_code;
699    } else {
700        return_code = WEXITSTATUS(return_code);
701        switch (return_code) {
702            case PROFMAN_BIN_RETURN_CODE_COMPILE:
703                need_to_compile = true;
704                should_clear_current_profiles = true;
705                should_clear_reference_profile = false;
706                break;
707            case PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION:
708                need_to_compile = false;
709                should_clear_current_profiles = false;
710                should_clear_reference_profile = false;
711                break;
712            case PROFMAN_BIN_RETURN_CODE_BAD_PROFILES:
713                LOG(WARNING) << "Bad profiles for location " << location;
714                need_to_compile = false;
715                should_clear_current_profiles = true;
716                should_clear_reference_profile = true;
717                break;
718            case PROFMAN_BIN_RETURN_CODE_ERROR_IO:  // fall-through
719            case PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING:
720                // Temporary IO problem (e.g. locking). Ignore but log a warning.
721                LOG(WARNING) << "IO error while reading profiles for location " << location;
722                need_to_compile = false;
723                should_clear_current_profiles = false;
724                should_clear_reference_profile = false;
725                break;
726           default:
727                // Unknown return code or error. Unlink profiles.
728                LOG(WARNING) << "Unknown error code while processing profiles for location "
729                        << location << ": " << return_code;
730                need_to_compile = false;
731                should_clear_current_profiles = true;
732                should_clear_reference_profile = true;
733                break;
734        }
735    }
736
737    if (should_clear_current_profiles) {
738        if (is_secondary_dex) {
739            // For secondary dex files, the owning user is the current user.
740            clear_current_profile(location, multiuser_get_user_id(uid), is_secondary_dex);
741        } else  {
742            clear_primary_current_profiles(location);
743        }
744    }
745    if (should_clear_reference_profile) {
746        clear_reference_profile(location, is_secondary_dex);
747    }
748    return need_to_compile;
749}
750
751// Decides if profile guided compilation is needed or not based on existing profiles.
752// The analysis is done for the primary apks of the given package.
753// Returns true if there is enough information in the current profiles that makes it
754// worth to recompile the package.
755// If the return value is true all the current profiles would have been merged into
756// the reference profiles accessible with open_reference_profile().
757bool analyze_primary_profiles(uid_t uid, const std::string& pkgname) {
758    return analyze_profiles(uid, pkgname, /*is_secondary_dex*/false);
759}
760
761static void run_profman_dump(const std::vector<unique_fd>& profile_fds,
762                             const unique_fd& reference_profile_fd,
763                             const std::vector<std::string>& dex_locations,
764                             const std::vector<unique_fd>& apk_fds,
765                             const unique_fd& output_fd) {
766    std::vector<std::string> profman_args;
767    static const char* PROFMAN_BIN = "/system/bin/profman";
768    profman_args.push_back(PROFMAN_BIN);
769    profman_args.push_back("--dump-only");
770    profman_args.push_back(StringPrintf("--dump-output-to-fd=%d", output_fd.get()));
771    if (reference_profile_fd != -1) {
772        profman_args.push_back(StringPrintf("--reference-profile-file-fd=%d",
773                                            reference_profile_fd.get()));
774    }
775    for (size_t i = 0; i < profile_fds.size(); i++) {
776        profman_args.push_back(StringPrintf("--profile-file-fd=%d", profile_fds[i].get()));
777    }
778    for (const std::string& dex_location : dex_locations) {
779        profman_args.push_back(StringPrintf("--dex-location=%s", dex_location.c_str()));
780    }
781    for (size_t i = 0; i < apk_fds.size(); i++) {
782        profman_args.push_back(StringPrintf("--apk-fd=%d", apk_fds[i].get()));
783    }
784    const char **argv = new const char*[profman_args.size() + 1];
785    size_t i = 0;
786    for (const std::string& profman_arg : profman_args) {
787        argv[i++] = profman_arg.c_str();
788    }
789    argv[i] = NULL;
790
791    execv(PROFMAN_BIN, (char * const *)argv);
792    ALOGE("execv(%s) failed: %s\n", PROFMAN_BIN, strerror(errno));
793    exit(68);   /* only get here on exec failure */
794}
795
796bool dump_profiles(int32_t uid, const std::string& pkgname, const char* code_paths) {
797    std::vector<unique_fd> profile_fds;
798    unique_fd reference_profile_fd;
799    std::string out_file_name = StringPrintf("/data/misc/profman/%s.txt", pkgname.c_str());
800
801    open_profile_files(uid, pkgname, /*is_secondary_dex*/false,
802            &profile_fds, &reference_profile_fd);
803
804    const bool has_reference_profile = (reference_profile_fd.get() != -1);
805    const bool has_profiles = !profile_fds.empty();
806
807    if (!has_reference_profile && !has_profiles) {
808        LOG(ERROR)  << "profman dump: no profiles to dump for " << pkgname;
809        return false;
810    }
811
812    unique_fd output_fd(open(out_file_name.c_str(),
813            O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, 0644));
814    if (fchmod(output_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
815        ALOGE("installd cannot chmod '%s' dump_profile\n", out_file_name.c_str());
816        return false;
817    }
818    std::vector<std::string> code_full_paths = base::Split(code_paths, ";");
819    std::vector<std::string> dex_locations;
820    std::vector<unique_fd> apk_fds;
821    for (const std::string& code_full_path : code_full_paths) {
822        const char* full_path = code_full_path.c_str();
823        unique_fd apk_fd(open(full_path, O_RDONLY | O_NOFOLLOW));
824        if (apk_fd == -1) {
825            ALOGE("installd cannot open '%s'\n", full_path);
826            return false;
827        }
828        dex_locations.push_back(get_location_from_path(full_path));
829        apk_fds.push_back(std::move(apk_fd));
830    }
831
832    pid_t pid = fork();
833    if (pid == 0) {
834        /* child -- drop privileges before continuing */
835        drop_capabilities(uid);
836        run_profman_dump(profile_fds, reference_profile_fd, dex_locations,
837                         apk_fds, output_fd);
838        exit(68);   /* only get here on exec failure */
839    }
840    /* parent */
841    int return_code = wait_child(pid);
842    if (!WIFEXITED(return_code)) {
843        LOG(WARNING) << "profman failed for package " << pkgname << ": "
844                << return_code;
845        return false;
846    }
847    return true;
848}
849
850static std::string replace_file_extension(const std::string& oat_path, const std::string& new_ext) {
851  // A standard dalvik-cache entry. Replace ".dex" with `new_ext`.
852  if (EndsWith(oat_path, ".dex")) {
853    std::string new_path = oat_path;
854    new_path.replace(new_path.length() - strlen(".dex"), strlen(".dex"), new_ext);
855    CHECK(EndsWith(new_path, new_ext.c_str()));
856    return new_path;
857  }
858
859  // An odex entry. Not that this may not be an extension, e.g., in the OTA
860  // case (where the base name will have an extension for the B artifact).
861  size_t odex_pos = oat_path.rfind(".odex");
862  if (odex_pos != std::string::npos) {
863    std::string new_path = oat_path;
864    new_path.replace(odex_pos, strlen(".odex"), new_ext);
865    CHECK_NE(new_path.find(new_ext), std::string::npos);
866    return new_path;
867  }
868
869  // Don't know how to handle this.
870  return "";
871}
872
873// Translate the given oat path to an art (app image) path. An empty string
874// denotes an error.
875static std::string create_image_filename(const std::string& oat_path) {
876    return replace_file_extension(oat_path, ".art");
877}
878
879// Translate the given oat path to a vdex path. An empty string denotes an error.
880static std::string create_vdex_filename(const std::string& oat_path) {
881    return replace_file_extension(oat_path, ".vdex");
882}
883
884static bool add_extension_to_file_name(char* file_name, const char* extension) {
885    if (strlen(file_name) + strlen(extension) + 1 > PKG_PATH_MAX) {
886        return false;
887    }
888    strcat(file_name, extension);
889    return true;
890}
891
892static int open_output_file(const char* file_name, bool recreate, int permissions) {
893    int flags = O_RDWR | O_CREAT;
894    if (recreate) {
895        if (unlink(file_name) < 0) {
896            if (errno != ENOENT) {
897                PLOG(ERROR) << "open_output_file: Couldn't unlink " << file_name;
898            }
899        }
900        flags |= O_EXCL;
901    }
902    return open(file_name, flags, permissions);
903}
904
905static bool set_permissions_and_ownership(
906        int fd, bool is_public, int uid, const char* path, bool is_secondary_dex) {
907    // Primary apks are owned by the system. Secondary dex files are owned by the app.
908    int owning_uid = is_secondary_dex ? uid : AID_SYSTEM;
909    if (fchmod(fd,
910               S_IRUSR|S_IWUSR|S_IRGRP |
911               (is_public ? S_IROTH : 0)) < 0) {
912        ALOGE("installd cannot chmod '%s' during dexopt\n", path);
913        return false;
914    } else if (fchown(fd, owning_uid, uid) < 0) {
915        ALOGE("installd cannot chown '%s' during dexopt\n", path);
916        return false;
917    }
918    return true;
919}
920
921static bool IsOutputDalvikCache(const char* oat_dir) {
922  // InstallerConnection.java (which invokes installd) transforms Java null arguments
923  // into '!'. Play it safe by handling it both.
924  // TODO: ensure we never get null.
925  // TODO: pass a flag instead of inferring if the output is dalvik cache.
926  return oat_dir == nullptr || oat_dir[0] == '!';
927}
928
929static bool create_oat_out_path(const char* apk_path, const char* instruction_set,
930            const char* oat_dir, bool is_secondary_dex, /*out*/ char* out_oat_path) {
931    // Early best-effort check whether we can fit the the path into our buffers.
932    // Note: the cache path will require an additional 5 bytes for ".swap", but we'll try to run
933    // without a swap file, if necessary. Reference profiles file also add an extra ".prof"
934    // extension to the cache path (5 bytes).
935    if (strlen(apk_path) >= (PKG_PATH_MAX - 8)) {
936        ALOGE("apk_path too long '%s'\n", apk_path);
937        return false;
938    }
939
940    if (!IsOutputDalvikCache(oat_dir)) {
941        // Oat dirs for secondary dex files are already validated.
942        if (!is_secondary_dex && validate_apk_path(oat_dir)) {
943            ALOGE("cannot validate apk path with oat_dir '%s'\n", oat_dir);
944            return false;
945        }
946        if (!calculate_oat_file_path(out_oat_path, oat_dir, apk_path, instruction_set)) {
947            return false;
948        }
949    } else {
950        if (!create_cache_path(out_oat_path, apk_path, instruction_set)) {
951            return false;
952        }
953    }
954    return true;
955}
956
957// Helper for fd management. This is similar to a unique_fd in that it closes the file descriptor
958// on destruction. It will also run the given cleanup (unless told not to) after closing.
959//
960// Usage example:
961//
962//   Dex2oatFileWrapper file(open(...),
963//                                                   [name]() {
964//                                                       unlink(name.c_str());
965//                                                   });
966//   // Note: care needs to be taken about name, as it needs to have a lifetime longer than the
967//            wrapper if captured as a reference.
968//
969//   if (file.get() == -1) {
970//       // Error opening...
971//   }
972//
973//   ...
974//   if (error) {
975//       // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will run
976//       // and delete the file (after the fd is closed).
977//       return -1;
978//   }
979//
980//   (Success case)
981//   file.SetCleanup(false);
982//   // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will not run
983//   // (leaving the file around; after the fd is closed).
984//
985class Dex2oatFileWrapper {
986 public:
987    Dex2oatFileWrapper() : value_(-1), cleanup_(), do_cleanup_(true), auto_close_(true) {
988    }
989
990    Dex2oatFileWrapper(int value, std::function<void ()> cleanup)
991            : value_(value), cleanup_(cleanup), do_cleanup_(true), auto_close_(true) {}
992
993    Dex2oatFileWrapper(Dex2oatFileWrapper&& other) {
994        value_ = other.value_;
995        cleanup_ = other.cleanup_;
996        do_cleanup_ = other.do_cleanup_;
997        auto_close_ = other.auto_close_;
998        other.release();
999    }
1000
1001    Dex2oatFileWrapper& operator=(Dex2oatFileWrapper&& other) {
1002        value_ = other.value_;
1003        cleanup_ = other.cleanup_;
1004        do_cleanup_ = other.do_cleanup_;
1005        auto_close_ = other.auto_close_;
1006        other.release();
1007        return *this;
1008    }
1009
1010    ~Dex2oatFileWrapper() {
1011        reset(-1);
1012    }
1013
1014    int get() {
1015        return value_;
1016    }
1017
1018    void SetCleanup(bool cleanup) {
1019        do_cleanup_ = cleanup;
1020    }
1021
1022    void reset(int new_value) {
1023        if (auto_close_ && value_ >= 0) {
1024            close(value_);
1025        }
1026        if (do_cleanup_ && cleanup_ != nullptr) {
1027            cleanup_();
1028        }
1029
1030        value_ = new_value;
1031    }
1032
1033    void reset(int new_value, std::function<void ()> new_cleanup) {
1034        if (auto_close_ && value_ >= 0) {
1035            close(value_);
1036        }
1037        if (do_cleanup_ && cleanup_ != nullptr) {
1038            cleanup_();
1039        }
1040
1041        value_ = new_value;
1042        cleanup_ = new_cleanup;
1043    }
1044
1045    void DisableAutoClose() {
1046        auto_close_ = false;
1047    }
1048
1049 private:
1050    void release() {
1051        value_ = -1;
1052        do_cleanup_ = false;
1053        cleanup_ = nullptr;
1054    }
1055    int value_;
1056    std::function<void ()> cleanup_;
1057    bool do_cleanup_;
1058    bool auto_close_;
1059};
1060
1061// (re)Creates the app image if needed.
1062Dex2oatFileWrapper maybe_open_app_image(const char* out_oat_path, bool profile_guided,
1063        bool is_public, int uid, bool is_secondary_dex) {
1064    // Use app images only if it is enabled (by a set image format) and we are compiling
1065    // profile-guided (so the app image doesn't conservatively contain all classes).
1066    // Note that we don't create an image for secondary dex files.
1067    if (is_secondary_dex || !profile_guided) {
1068        return Dex2oatFileWrapper();
1069    }
1070
1071    const std::string image_path = create_image_filename(out_oat_path);
1072    if (image_path.empty()) {
1073        // Happens when the out_oat_path has an unknown extension.
1074        return Dex2oatFileWrapper();
1075    }
1076    char app_image_format[kPropertyValueMax];
1077    bool have_app_image_format =
1078            get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0;
1079    if (!have_app_image_format) {
1080        return Dex2oatFileWrapper();
1081    }
1082    // Recreate is true since we do not want to modify a mapped image. If the app is
1083    // already running and we modify the image file, it can cause crashes (b/27493510).
1084    Dex2oatFileWrapper wrapper_fd(
1085            open_output_file(image_path.c_str(), true /*recreate*/, 0600 /*permissions*/),
1086            [image_path]() { unlink(image_path.c_str()); });
1087    if (wrapper_fd.get() < 0) {
1088        // Could not create application image file. Go on since we can compile without it.
1089        LOG(ERROR) << "installd could not create '" << image_path
1090                << "' for image file during dexopt";
1091         // If we have a valid image file path but no image fd, explicitly erase the image file.
1092        if (unlink(image_path.c_str()) < 0) {
1093            if (errno != ENOENT) {
1094                PLOG(ERROR) << "Couldn't unlink image file " << image_path;
1095            }
1096        }
1097    } else if (!set_permissions_and_ownership(
1098                wrapper_fd.get(), is_public, uid, image_path.c_str(), is_secondary_dex)) {
1099        ALOGE("installd cannot set owner '%s' for image during dexopt\n", image_path.c_str());
1100        wrapper_fd.reset(-1);
1101    }
1102
1103    return wrapper_fd;
1104}
1105
1106// Creates the dexopt swap file if necessary and return its fd.
1107// Returns -1 if there's no need for a swap or in case of errors.
1108unique_fd maybe_open_dexopt_swap_file(const char* out_oat_path) {
1109    if (!ShouldUseSwapFileForDexopt()) {
1110        return invalid_unique_fd();
1111    }
1112    // Make sure there really is enough space.
1113    char swap_file_name[PKG_PATH_MAX];
1114    strcpy(swap_file_name, out_oat_path);
1115    if (!add_extension_to_file_name(swap_file_name, ".swap")) {
1116        return invalid_unique_fd();
1117    }
1118    unique_fd swap_fd(open_output_file(
1119            swap_file_name, /*recreate*/true, /*permissions*/0600));
1120    if (swap_fd.get() < 0) {
1121        // Could not create swap file. Optimistically go on and hope that we can compile
1122        // without it.
1123        ALOGE("installd could not create '%s' for swap during dexopt\n", swap_file_name);
1124    } else {
1125        // Immediately unlink. We don't really want to hit flash.
1126        if (unlink(swap_file_name) < 0) {
1127            PLOG(ERROR) << "Couldn't unlink swap file " << swap_file_name;
1128        }
1129    }
1130    return swap_fd;
1131}
1132
1133// Opens the reference profiles if needed.
1134// Note that the reference profile might not exist so it's OK if the fd will be -1.
1135Dex2oatFileWrapper maybe_open_reference_profile(const std::string& pkgname,
1136        const std::string& dex_path, bool profile_guided, bool is_public, int uid,
1137        bool is_secondary_dex) {
1138    // Public apps should not be compiled with profile information ever. Same goes for the special
1139    // package '*' used for the system server.
1140    if (!profile_guided || is_public || (pkgname[0] == '*')) {
1141        return Dex2oatFileWrapper();
1142    }
1143
1144    // Open reference profile in read only mode as dex2oat does not get write permissions.
1145    const std::string location = is_secondary_dex ? dex_path : pkgname;
1146    unique_fd ufd = open_reference_profile(uid, location, /*read_write*/false, is_secondary_dex);
1147    const auto& cleanup = [location, is_secondary_dex]() {
1148        clear_reference_profile(location.c_str(), is_secondary_dex);
1149    };
1150    return Dex2oatFileWrapper(ufd.release(), cleanup);
1151}
1152
1153// Opens the vdex files and assigns the input fd to in_vdex_wrapper_fd and the output fd to
1154// out_vdex_wrapper_fd. Returns true for success or false in case of errors.
1155bool open_vdex_files(const char* apk_path, const char* out_oat_path, int dexopt_needed,
1156        const char* instruction_set, bool is_public, int uid, bool is_secondary_dex,
1157        bool profile_guided, Dex2oatFileWrapper* in_vdex_wrapper_fd,
1158        Dex2oatFileWrapper* out_vdex_wrapper_fd) {
1159    CHECK(in_vdex_wrapper_fd != nullptr);
1160    CHECK(out_vdex_wrapper_fd != nullptr);
1161    // Open the existing VDEX. We do this before creating the new output VDEX, which will
1162    // unlink the old one.
1163    char in_odex_path[PKG_PATH_MAX];
1164    int dexopt_action = abs(dexopt_needed);
1165    bool is_odex_location = dexopt_needed < 0;
1166    std::string in_vdex_path_str;
1167
1168    // Infer the name of the output VDEX.
1169    const std::string out_vdex_path_str = create_vdex_filename(out_oat_path);
1170    if (out_vdex_path_str.empty()) {
1171        return false;
1172    }
1173
1174    bool update_vdex_in_place = false;
1175    if (dexopt_action != DEX2OAT_FROM_SCRATCH) {
1176        // Open the possibly existing vdex. If none exist, we pass -1 to dex2oat for input-vdex-fd.
1177        const char* path = nullptr;
1178        if (is_odex_location) {
1179            if (calculate_odex_file_path(in_odex_path, apk_path, instruction_set)) {
1180                path = in_odex_path;
1181            } else {
1182                ALOGE("installd cannot compute input vdex location for '%s'\n", apk_path);
1183                return false;
1184            }
1185        } else {
1186            path = out_oat_path;
1187        }
1188        in_vdex_path_str = create_vdex_filename(path);
1189        if (in_vdex_path_str.empty()) {
1190            ALOGE("installd cannot compute input vdex location for '%s'\n", path);
1191            return false;
1192        }
1193        // We can update in place when all these conditions are met:
1194        // 1) The vdex location to write to is the same as the vdex location to read (vdex files
1195        //    on /system typically cannot be updated in place).
1196        // 2) We dex2oat due to boot image change, because we then know the existing vdex file
1197        //    cannot be currently used by a running process.
1198        // 3) We are not doing a profile guided compilation, because dexlayout requires two
1199        //    different vdex files to operate.
1200        update_vdex_in_place =
1201            (in_vdex_path_str == out_vdex_path_str) &&
1202            (dexopt_action == DEX2OAT_FOR_BOOT_IMAGE) &&
1203            !profile_guided;
1204        if (update_vdex_in_place) {
1205            // Open the file read-write to be able to update it.
1206            in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDWR, 0));
1207            if (in_vdex_wrapper_fd->get() == -1) {
1208                // If we failed to open the file, we cannot update it in place.
1209                update_vdex_in_place = false;
1210            }
1211        } else {
1212            in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDONLY, 0));
1213        }
1214    }
1215
1216    // If we are updating the vdex in place, we do not need to recreate a vdex,
1217    // and can use the same existing one.
1218    if (update_vdex_in_place) {
1219        // We unlink the file in case the invocation of dex2oat fails, to ensure we don't
1220        // have bogus stale vdex files.
1221        out_vdex_wrapper_fd->reset(
1222              in_vdex_wrapper_fd->get(),
1223              [out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); });
1224        // Disable auto close for the in wrapper fd (it will be done when destructing the out
1225        // wrapper).
1226        in_vdex_wrapper_fd->DisableAutoClose();
1227    } else {
1228        out_vdex_wrapper_fd->reset(
1229              open_output_file(out_vdex_path_str.c_str(), /*recreate*/true, /*permissions*/0644),
1230              [out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); });
1231        if (out_vdex_wrapper_fd->get() < 0) {
1232            ALOGE("installd cannot open vdex'%s' during dexopt\n", out_vdex_path_str.c_str());
1233            return false;
1234        }
1235    }
1236    if (!set_permissions_and_ownership(out_vdex_wrapper_fd->get(), is_public, uid,
1237            out_vdex_path_str.c_str(), is_secondary_dex)) {
1238        ALOGE("installd cannot set owner '%s' for vdex during dexopt\n", out_vdex_path_str.c_str());
1239        return false;
1240    }
1241
1242    // If we got here we successfully opened the vdex files.
1243    return true;
1244}
1245
1246// Opens the output oat file for the given apk.
1247// If successful it stores the output path into out_oat_path and returns true.
1248Dex2oatFileWrapper open_oat_out_file(const char* apk_path, const char* oat_dir,
1249        bool is_public, int uid, const char* instruction_set, bool is_secondary_dex,
1250        char* out_oat_path) {
1251    if (!create_oat_out_path(apk_path, instruction_set, oat_dir, is_secondary_dex, out_oat_path)) {
1252        return Dex2oatFileWrapper();
1253    }
1254    const std::string out_oat_path_str(out_oat_path);
1255    Dex2oatFileWrapper wrapper_fd(
1256            open_output_file(out_oat_path, /*recreate*/true, /*permissions*/0644),
1257            [out_oat_path_str]() { unlink(out_oat_path_str.c_str()); });
1258    if (wrapper_fd.get() < 0) {
1259        PLOG(ERROR) << "installd cannot open output during dexopt" <<  out_oat_path;
1260    } else if (!set_permissions_and_ownership(
1261                wrapper_fd.get(), is_public, uid, out_oat_path, is_secondary_dex)) {
1262        ALOGE("installd cannot set owner '%s' for output during dexopt\n", out_oat_path);
1263        wrapper_fd.reset(-1);
1264    }
1265    return wrapper_fd;
1266}
1267
1268// Updates the access times of out_oat_path based on those from apk_path.
1269void update_out_oat_access_times(const char* apk_path, const char* out_oat_path) {
1270    struct stat input_stat;
1271    memset(&input_stat, 0, sizeof(input_stat));
1272    if (stat(apk_path, &input_stat) != 0) {
1273        PLOG(ERROR) << "Could not stat " << apk_path << " during dexopt";
1274        return;
1275    }
1276
1277    struct utimbuf ut;
1278    ut.actime = input_stat.st_atime;
1279    ut.modtime = input_stat.st_mtime;
1280    if (utime(out_oat_path, &ut) != 0) {
1281        PLOG(WARNING) << "Could not update access times for " << apk_path << " during dexopt";
1282    }
1283}
1284
1285// Runs (execv) dexoptanalyzer on the given arguments.
1286// The analyzer will check if the dex_file needs to be (re)compiled to match the compiler_filter.
1287// If this is for a profile guided compilation, profile_was_updated will tell whether or not
1288// the profile has changed.
1289static void exec_dexoptanalyzer(const std::string& dex_file, const char* instruction_set,
1290        const char* compiler_filter, bool profile_was_updated) {
1291    static const char* DEXOPTANALYZER_BIN = "/system/bin/dexoptanalyzer";
1292    static const unsigned int MAX_INSTRUCTION_SET_LEN = 7;
1293
1294    if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) {
1295        ALOGE("Instruction set %s longer than max length of %d",
1296              instruction_set, MAX_INSTRUCTION_SET_LEN);
1297        return;
1298    }
1299
1300    char dex_file_arg[strlen("--dex-file=") + PKG_PATH_MAX];
1301    char isa_arg[strlen("--isa=") + MAX_INSTRUCTION_SET_LEN];
1302    char compiler_filter_arg[strlen("--compiler-filter=") + kPropertyValueMax];
1303    const char* assume_profile_changed = "--assume-profile-changed";
1304
1305    sprintf(dex_file_arg, "--dex-file=%s", dex_file.c_str());
1306    sprintf(isa_arg, "--isa=%s", instruction_set);
1307    sprintf(compiler_filter_arg, "--compiler-filter=%s", compiler_filter);
1308
1309    // program name, dex file, isa, filter, the final NULL
1310    const char* argv[5 + (profile_was_updated ? 1 : 0)];
1311    int i = 0;
1312    argv[i++] = DEXOPTANALYZER_BIN;
1313    argv[i++] = dex_file_arg;
1314    argv[i++] = isa_arg;
1315    argv[i++] = compiler_filter_arg;
1316    if (profile_was_updated) {
1317        argv[i++] = assume_profile_changed;
1318    }
1319    argv[i] = NULL;
1320
1321    execv(DEXOPTANALYZER_BIN, (char * const *)argv);
1322    ALOGE("execv(%s) failed: %s\n", DEXOPTANALYZER_BIN, strerror(errno));
1323}
1324
1325// Prepares the oat dir for the secondary dex files.
1326static bool prepare_secondary_dex_oat_dir(const std::string& dex_path, int uid,
1327        const char* instruction_set, std::string* oat_dir_out) {
1328    unsigned long dirIndex = dex_path.rfind('/');
1329    if (dirIndex == std::string::npos) {
1330        LOG(ERROR ) << "Unexpected dir structure for secondary dex " << dex_path;
1331        return false;
1332    }
1333    std::string dex_dir = dex_path.substr(0, dirIndex);
1334
1335    // Create oat file output directory.
1336    mode_t oat_dir_mode = S_IRWXU | S_IRWXG | S_IXOTH;
1337    if (prepare_app_cache_dir(dex_dir, "oat", oat_dir_mode, uid, uid) != 0) {
1338        LOG(ERROR) << "Could not prepare oat dir for secondary dex: " << dex_path;
1339        return false;
1340    }
1341
1342    char oat_dir[PKG_PATH_MAX];
1343    snprintf(oat_dir, PKG_PATH_MAX, "%s/oat", dex_dir.c_str());
1344    oat_dir_out->assign(oat_dir);
1345
1346    // Create oat/isa output directory.
1347    if (prepare_app_cache_dir(*oat_dir_out, instruction_set, oat_dir_mode, uid, uid) != 0) {
1348        LOG(ERROR) << "Could not prepare oat/isa dir for secondary dex: " << dex_path;
1349        return false;
1350    }
1351
1352    return true;
1353}
1354
1355static int constexpr DEXOPTANALYZER_BIN_EXEC_ERROR = 200;
1356
1357// Verifies the result of dexoptanalyzer executed for the apk_path.
1358// If the result is valid returns true and sets dexopt_needed_out to a valid value.
1359// Returns false for errors or unexpected result values.
1360static bool process_dexoptanalyzer_result(const std::string& dex_path, int result,
1361            int* dexopt_needed_out) {
1362    // The result values are defined in dexoptanalyzer.
1363    switch (result) {
1364        case 0:  // no_dexopt_needed
1365            *dexopt_needed_out = NO_DEXOPT_NEEDED; return true;
1366        case 1:  // dex2oat_from_scratch
1367            *dexopt_needed_out = DEX2OAT_FROM_SCRATCH; return true;
1368        case 5:  // dex2oat_for_bootimage_odex
1369            *dexopt_needed_out = -DEX2OAT_FOR_BOOT_IMAGE; return true;
1370        case 6:  // dex2oat_for_filter_odex
1371            *dexopt_needed_out = -DEX2OAT_FOR_FILTER; return true;
1372        case 7:  // dex2oat_for_relocation_odex
1373            *dexopt_needed_out = -DEX2OAT_FOR_RELOCATION; return true;
1374        case 2:  // dex2oat_for_bootimage_oat
1375        case 3:  // dex2oat_for_filter_oat
1376        case 4:  // dex2oat_for_relocation_oat
1377            LOG(ERROR) << "Dexoptnalyzer return the status of an oat file."
1378                    << " Expected odex file status for secondary dex " << dex_path
1379                    << " : dexoptanalyzer result=" << result;
1380            return false;
1381        default:
1382            LOG(ERROR) << "Unexpected result for dexoptanalyzer " << dex_path
1383                    << " exec_dexoptanalyzer result=" << result;
1384            return false;
1385    }
1386}
1387
1388// Processes the dex_path as a secondary dex files and return true if the path dex file should
1389// be compiled. Returns false for errors (logged) or true if the secondary dex path was process
1390// successfully.
1391// When returning true, the output parameters will be:
1392//   - is_public_out: whether or not the oat file should not be made public
1393//   - dexopt_needed_out: valid OatFileAsssitant::DexOptNeeded
1394//   - oat_dir_out: the oat dir path where the oat file should be stored
1395//   - dex_path_out: the real path of the dex file
1396static bool process_secondary_dex_dexopt(const char* original_dex_path, const char* pkgname,
1397        int dexopt_flags, const char* volume_uuid, int uid, const char* instruction_set,
1398        const char* compiler_filter, bool* is_public_out, int* dexopt_needed_out,
1399        std::string* oat_dir_out, std::string* dex_path_out) {
1400    int storage_flag;
1401
1402    if ((dexopt_flags & DEXOPT_STORAGE_CE) != 0) {
1403        storage_flag = FLAG_STORAGE_CE;
1404        if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) {
1405            LOG(ERROR) << "Ambiguous secondary dex storage flag. Both, CE and DE, flags are set";
1406            return false;
1407        }
1408    } else if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) {
1409        storage_flag = FLAG_STORAGE_DE;
1410    } else {
1411        LOG(ERROR) << "Secondary dex storage flag must be set";
1412        return false;
1413    }
1414
1415    {
1416        // As opposed to the primary apk, secondary dex files might contain symlinks.
1417        // Resolve the path before passing it to the validate method to
1418        // make sure the verification is done on the real location.
1419        UniqueCPtr<char> dex_real_path_cstr(realpath(original_dex_path, nullptr));
1420        if (dex_real_path_cstr == nullptr) {
1421            PLOG(ERROR) << "Could not get the real path of the secondary dex file "
1422                    << original_dex_path;
1423            return false;
1424        } else {
1425            dex_path_out->assign(dex_real_path_cstr.get());
1426        }
1427    }
1428    const std::string& dex_path = *dex_path_out;
1429    if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid, uid, storage_flag)) {
1430        LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
1431        return false;
1432    }
1433
1434    // Check if the path exist. If not, there's nothing to do.
1435    struct stat dex_path_stat;
1436    if (stat(dex_path.c_str(), &dex_path_stat) != 0) {
1437        if (errno == ENOENT) {
1438            // Secondary dex files might be deleted any time by the app.
1439            // Nothing to do if that's the case
1440            ALOGV("Secondary dex does not exist %s", dex_path.c_str());
1441            return NO_DEXOPT_NEEDED;
1442        } else {
1443            PLOG(ERROR) << "Could not access secondary dex " << dex_path;
1444        }
1445    }
1446
1447    // Check if we should make the oat file public.
1448    // Note that if the dex file is not public the compiled code cannot be made public.
1449    *is_public_out = ((dexopt_flags & DEXOPT_PUBLIC) != 0) &&
1450            ((dex_path_stat.st_mode & S_IROTH) != 0);
1451
1452    // Prepare the oat directories.
1453    if (!prepare_secondary_dex_oat_dir(dex_path, uid, instruction_set, oat_dir_out)) {
1454        return false;
1455    }
1456
1457    // Analyze profiles.
1458    bool profile_was_updated = analyze_profiles(uid, dex_path, /*is_secondary_dex*/true);
1459
1460    pid_t pid = fork();
1461    if (pid == 0) {
1462        // child -- drop privileges before continuing.
1463        drop_capabilities(uid);
1464        // Run dexoptanalyzer to get dexopt_needed code.
1465        exec_dexoptanalyzer(dex_path, instruction_set, compiler_filter, profile_was_updated);
1466        exit(DEXOPTANALYZER_BIN_EXEC_ERROR);
1467    }
1468
1469    /* parent */
1470
1471    int result = wait_child(pid);
1472    if (!WIFEXITED(result)) {
1473        LOG(ERROR) << "dexoptanalyzer failed for path " << dex_path << ": " << result;
1474        return false;
1475    }
1476    result = WEXITSTATUS(result);
1477    bool success = process_dexoptanalyzer_result(dex_path, result, dexopt_needed_out);
1478    // Run dexopt only if needed or forced.
1479    // Note that dexoptanalyzer is executed even if force compilation is enabled.
1480    // We ignore its valid dexopNeeded result, but still check (in process_dexoptanalyzer_result)
1481    // that we only get results for odex files (apk_dir/oat/isa/code.odex) and not
1482    // for oat files from dalvik-cache.
1483    if (success && ((dexopt_flags & DEXOPT_FORCE) != 0)) {
1484        *dexopt_needed_out = DEX2OAT_FROM_SCRATCH;
1485    }
1486
1487    return success;
1488}
1489
1490int dexopt(const char* dex_path, uid_t uid, const char* pkgname, const char* instruction_set,
1491        int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter,
1492        const char* volume_uuid, const char* shared_libraries, const char* se_info) {
1493    CHECK(pkgname != nullptr);
1494    CHECK(pkgname[0] != 0);
1495    if ((dexopt_flags & ~DEXOPT_MASK) != 0) {
1496        LOG_FATAL("dexopt flags contains unknown fields\n");
1497    }
1498
1499    bool is_public = (dexopt_flags & DEXOPT_PUBLIC) != 0;
1500    bool debuggable = (dexopt_flags & DEXOPT_DEBUGGABLE) != 0;
1501    bool boot_complete = (dexopt_flags & DEXOPT_BOOTCOMPLETE) != 0;
1502    bool profile_guided = (dexopt_flags & DEXOPT_PROFILE_GUIDED) != 0;
1503    bool is_secondary_dex = (dexopt_flags & DEXOPT_SECONDARY_DEX) != 0;
1504
1505    // Check if we're dealing with a secondary dex file and if we need to compile it.
1506    std::string oat_dir_str;
1507    std::string dex_real_path;
1508    if (is_secondary_dex) {
1509        if (process_secondary_dex_dexopt(dex_path, pkgname, dexopt_flags, volume_uuid, uid,
1510                instruction_set, compiler_filter, &is_public, &dexopt_needed, &oat_dir_str,
1511                &dex_real_path)) {
1512            oat_dir = oat_dir_str.c_str();
1513            dex_path = dex_real_path.c_str();
1514            if (dexopt_needed == NO_DEXOPT_NEEDED) {
1515                return 0;  // Nothing to do, report success.
1516            }
1517        } else {
1518            return -1;  // We had an error, logged in the process method.
1519        }
1520    } else {
1521        // Currently these flags are only use for secondary dex files.
1522        // Verify that they are not set for primary apks.
1523        CHECK((dexopt_flags & DEXOPT_STORAGE_CE) == 0);
1524        CHECK((dexopt_flags & DEXOPT_STORAGE_DE) == 0);
1525    }
1526
1527    // Open the input file.
1528    unique_fd input_fd(open(dex_path, O_RDONLY, 0));
1529    if (input_fd.get() < 0) {
1530        ALOGE("installd cannot open '%s' for input during dexopt\n", dex_path);
1531        return -1;
1532    }
1533
1534    // Create the output OAT file.
1535    char out_oat_path[PKG_PATH_MAX];
1536    Dex2oatFileWrapper out_oat_fd = open_oat_out_file(dex_path, oat_dir, is_public, uid,
1537            instruction_set, is_secondary_dex, out_oat_path);
1538    if (out_oat_fd.get() < 0) {
1539        return -1;
1540    }
1541
1542    // Open vdex files.
1543    Dex2oatFileWrapper in_vdex_fd;
1544    Dex2oatFileWrapper out_vdex_fd;
1545    if (!open_vdex_files(dex_path, out_oat_path, dexopt_needed, instruction_set, is_public, uid,
1546            is_secondary_dex, profile_guided, &in_vdex_fd, &out_vdex_fd)) {
1547        return -1;
1548    }
1549
1550    // Ensure that the oat dir and the compiler artifacts of secondary dex files have the correct
1551    // selinux context (we generate them on the fly during the dexopt invocation and they don't
1552    // fully inherit their parent context).
1553    // Note that for primary apk the oat files are created before, in a separate installd
1554    // call which also does the restorecon. TODO(calin): unify the paths.
1555    if (is_secondary_dex) {
1556        if (selinux_android_restorecon_pkgdir(oat_dir, se_info, uid,
1557                SELINUX_ANDROID_RESTORECON_RECURSE)) {
1558            LOG(ERROR) << "Failed to restorecon " << oat_dir;
1559            return -1;
1560        }
1561    }
1562
1563    // Create a swap file if necessary.
1564    unique_fd swap_fd = maybe_open_dexopt_swap_file(out_oat_path);
1565
1566    // Create the app image file if needed.
1567    Dex2oatFileWrapper image_fd =
1568            maybe_open_app_image(out_oat_path, profile_guided, is_public, uid, is_secondary_dex);
1569
1570    // Open the reference profile if needed.
1571    Dex2oatFileWrapper reference_profile_fd = maybe_open_reference_profile(
1572            pkgname, dex_path, profile_guided, is_public, uid, is_secondary_dex);
1573
1574    ALOGV("DexInv: --- BEGIN '%s' ---\n", dex_path);
1575
1576    pid_t pid = fork();
1577    if (pid == 0) {
1578        /* child -- drop privileges before continuing */
1579        drop_capabilities(uid);
1580
1581        SetDex2OatScheduling(boot_complete);
1582        if (flock(out_oat_fd.get(), LOCK_EX | LOCK_NB) != 0) {
1583            ALOGE("flock(%s) failed: %s\n", out_oat_path, strerror(errno));
1584            _exit(67);
1585        }
1586
1587        run_dex2oat(input_fd.get(),
1588                    out_oat_fd.get(),
1589                    in_vdex_fd.get(),
1590                    out_vdex_fd.get(),
1591                    image_fd.get(),
1592                    dex_path,
1593                    out_oat_path,
1594                    swap_fd.get(),
1595                    instruction_set,
1596                    compiler_filter,
1597                    debuggable,
1598                    boot_complete,
1599                    reference_profile_fd.get(),
1600                    shared_libraries);
1601        _exit(68);   /* only get here on exec failure */
1602    } else {
1603        int res = wait_child(pid);
1604        if (res == 0) {
1605            ALOGV("DexInv: --- END '%s' (success) ---\n", dex_path);
1606        } else {
1607            ALOGE("DexInv: --- END '%s' --- status=0x%04x, process failed\n", dex_path, res);
1608            return res;
1609        }
1610    }
1611
1612    update_out_oat_access_times(dex_path, out_oat_path);
1613
1614    // We've been successful, don't delete output.
1615    out_oat_fd.SetCleanup(false);
1616    out_vdex_fd.SetCleanup(false);
1617    image_fd.SetCleanup(false);
1618    reference_profile_fd.SetCleanup(false);
1619
1620    return 0;
1621}
1622
1623// Try to remove the given directory. Log an error if the directory exists
1624// and is empty but could not be removed.
1625static bool rmdir_if_empty(const char* dir) {
1626    if (rmdir(dir) == 0) {
1627        return true;
1628    }
1629    if (errno == ENOENT || errno == ENOTEMPTY) {
1630        return true;
1631    }
1632    PLOG(ERROR) << "Failed to remove dir: " << dir;
1633    return false;
1634}
1635
1636// Try to unlink the given file. Log an error if the file exists and could not
1637// be unlinked.
1638static bool unlink_if_exists(const std::string& file) {
1639    if (unlink(file.c_str()) == 0) {
1640        return true;
1641    }
1642    if (errno == ENOENT) {
1643        return true;
1644
1645    }
1646    PLOG(ERROR) << "Could not unlink: " << file;
1647    return false;
1648}
1649
1650// Create the oat file structure for the secondary dex 'dex_path' and assign
1651// the individual path component to the 'out_' parameters.
1652static bool create_secondary_dex_oat_layout(const std::string& dex_path, const std::string& isa,
1653        /*out*/char* out_oat_dir, /*out*/char* out_oat_isa_dir, /*out*/char* out_oat_path) {
1654    size_t dirIndex = dex_path.rfind('/');
1655    if (dirIndex == std::string::npos) {
1656        LOG(ERROR) << "Unexpected dir structure for dex file " << dex_path;
1657        return false;
1658    }
1659    // TODO(calin): we have similar computations in at lest 3 other places
1660    // (InstalldNativeService, otapropt and dexopt). Unify them and get rid of snprintf by
1661    // use string append.
1662    std::string apk_dir = dex_path.substr(0, dirIndex);
1663    snprintf(out_oat_dir, PKG_PATH_MAX, "%s/oat", apk_dir.c_str());
1664    snprintf(out_oat_isa_dir, PKG_PATH_MAX, "%s/%s", out_oat_dir, isa.c_str());
1665
1666    if (!create_oat_out_path(dex_path.c_str(), isa.c_str(), out_oat_dir,
1667            /*is_secondary_dex*/true, out_oat_path)) {
1668        LOG(ERROR) << "Could not create oat path for secondary dex " << dex_path;
1669        return false;
1670    }
1671    return true;
1672}
1673
1674// Reconcile the secondary dex 'dex_path' and its generated oat files.
1675// Return true if all the parameters are valid and the secondary dex file was
1676//   processed successfully (i.e. the dex_path either exists, or if not, its corresponding
1677//   oat/vdex/art files where deleted successfully). In this case, out_secondary_dex_exists
1678//   will be true if the secondary dex file still exists. If the secondary dex file does not exist,
1679//   the method cleans up any previously generated compiler artifacts (oat, vdex, art).
1680// Return false if there were errors during processing. In this case
1681//   out_secondary_dex_exists will be set to false.
1682bool reconcile_secondary_dex_file(const std::string& dex_path,
1683        const std::string& pkgname, int uid, const std::vector<std::string>& isas,
1684        const std::unique_ptr<std::string>& volume_uuid, int storage_flag,
1685        /*out*/bool* out_secondary_dex_exists) {
1686    // Set out to false to start with, just in case we have validation errors.
1687    *out_secondary_dex_exists = false;
1688    if (isas.size() == 0) {
1689        LOG(ERROR) << "reconcile_secondary_dex_file called with empty isas vector";
1690        return false;
1691    }
1692
1693    const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str();
1694    if (!validate_secondary_dex_path(pkgname.c_str(), dex_path.c_str(), volume_uuid_cstr,
1695            uid, storage_flag)) {
1696        LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
1697        return false;
1698    }
1699
1700    if (access(dex_path.c_str(), F_OK) == 0) {
1701        // The path exists, nothing to do. The odex files (if any) will be left untouched.
1702        *out_secondary_dex_exists = true;
1703        return true;
1704    } else if (errno != ENOENT) {
1705        PLOG(ERROR) << "Failed to check access to secondary dex " << dex_path;
1706        return false;
1707    }
1708
1709    // The secondary dex does not exist anymore. Clear any generated files.
1710    char oat_path[PKG_PATH_MAX];
1711    char oat_dir[PKG_PATH_MAX];
1712    char oat_isa_dir[PKG_PATH_MAX];
1713    bool result = true;
1714    for (size_t i = 0; i < isas.size(); i++) {
1715        if (!create_secondary_dex_oat_layout(dex_path, isas[i], oat_dir, oat_isa_dir, oat_path)) {
1716            LOG(ERROR) << "Could not create secondary odex layout: " << dex_path;
1717            result = false;
1718            continue;
1719        }
1720
1721        // Delete oat/vdex/art files.
1722        result = unlink_if_exists(oat_path) && result;
1723        result = unlink_if_exists(create_vdex_filename(oat_path)) && result;
1724        result = unlink_if_exists(create_image_filename(oat_path)) && result;
1725
1726        // Delete profiles.
1727        std::string current_profile = create_current_profile_path(
1728                multiuser_get_user_id(uid), dex_path, /*is_secondary*/true);
1729        std::string reference_profile = create_reference_profile_path(
1730                dex_path, /*is_secondary*/true);
1731        result = unlink_if_exists(current_profile) && result;
1732        result = unlink_if_exists(reference_profile) && result;
1733
1734        // Try removing the directories as well, they might be empty.
1735        result = rmdir_if_empty(oat_isa_dir) && result;
1736        result = rmdir_if_empty(oat_dir) && result;
1737    }
1738
1739    return result;
1740}
1741
1742// Helper for move_ab, so that we can have common failure-case cleanup.
1743static bool unlink_and_rename(const char* from, const char* to) {
1744    // Check whether "from" exists, and if so whether it's regular. If it is, unlink. Otherwise,
1745    // return a failure.
1746    struct stat s;
1747    if (stat(to, &s) == 0) {
1748        if (!S_ISREG(s.st_mode)) {
1749            LOG(ERROR) << from << " is not a regular file to replace for A/B.";
1750            return false;
1751        }
1752        if (unlink(to) != 0) {
1753            LOG(ERROR) << "Could not unlink " << to << " to move A/B.";
1754            return false;
1755        }
1756    } else {
1757        // This may be a permission problem. We could investigate the error code, but we'll just
1758        // let the rename failure do the work for us.
1759    }
1760
1761    // Try to rename "to" to "from."
1762    if (rename(from, to) != 0) {
1763        PLOG(ERROR) << "Could not rename " << from << " to " << to;
1764        return false;
1765    }
1766    return true;
1767}
1768
1769// Move/rename a B artifact (from) to an A artifact (to).
1770static bool move_ab_path(const std::string& b_path, const std::string& a_path) {
1771    // Check whether B exists.
1772    {
1773        struct stat s;
1774        if (stat(b_path.c_str(), &s) != 0) {
1775            // Silently ignore for now. The service calling this isn't smart enough to understand
1776            // lack of artifacts at the moment.
1777            return false;
1778        }
1779        if (!S_ISREG(s.st_mode)) {
1780            LOG(ERROR) << "A/B artifact " << b_path << " is not a regular file.";
1781            // Try to unlink, but swallow errors.
1782            unlink(b_path.c_str());
1783            return false;
1784        }
1785    }
1786
1787    // Rename B to A.
1788    if (!unlink_and_rename(b_path.c_str(), a_path.c_str())) {
1789        // Delete the b_path so we don't try again (or fail earlier).
1790        if (unlink(b_path.c_str()) != 0) {
1791            PLOG(ERROR) << "Could not unlink " << b_path;
1792        }
1793
1794        return false;
1795    }
1796
1797    return true;
1798}
1799
1800bool move_ab(const char* apk_path, const char* instruction_set, const char* oat_dir) {
1801    // Get the current slot suffix. No suffix, no A/B.
1802    std::string slot_suffix;
1803    {
1804        char buf[kPropertyValueMax];
1805        if (get_property("ro.boot.slot_suffix", buf, nullptr) <= 0) {
1806            return false;
1807        }
1808        slot_suffix = buf;
1809
1810        if (!ValidateTargetSlotSuffix(slot_suffix)) {
1811            LOG(ERROR) << "Target slot suffix not legal: " << slot_suffix;
1812            return false;
1813        }
1814    }
1815
1816    // Validate other inputs.
1817    if (validate_apk_path(apk_path) != 0) {
1818        LOG(ERROR) << "Invalid apk_path: " << apk_path;
1819        return false;
1820    }
1821    if (validate_apk_path(oat_dir) != 0) {
1822        LOG(ERROR) << "Invalid oat_dir: " << oat_dir;
1823        return false;
1824    }
1825
1826    char a_path[PKG_PATH_MAX];
1827    if (!calculate_oat_file_path(a_path, oat_dir, apk_path, instruction_set)) {
1828        return false;
1829    }
1830    const std::string a_vdex_path = create_vdex_filename(a_path);
1831    const std::string a_image_path = create_image_filename(a_path);
1832
1833    // B path = A path + slot suffix.
1834    const std::string b_path = StringPrintf("%s.%s", a_path, slot_suffix.c_str());
1835    const std::string b_vdex_path = StringPrintf("%s.%s", a_vdex_path.c_str(), slot_suffix.c_str());
1836    const std::string b_image_path = StringPrintf("%s.%s",
1837                                                  a_image_path.c_str(),
1838                                                  slot_suffix.c_str());
1839
1840    bool success = true;
1841    if (move_ab_path(b_path, a_path)) {
1842        if (move_ab_path(b_vdex_path, a_vdex_path)) {
1843            // Note: we can live without an app image. As such, ignore failure to move the image file.
1844            //       If we decide to require the app image, or the app image being moved correctly,
1845            //       then change accordingly.
1846            constexpr bool kIgnoreAppImageFailure = true;
1847
1848            if (!a_image_path.empty()) {
1849                if (!move_ab_path(b_image_path, a_image_path)) {
1850                    unlink(a_image_path.c_str());
1851                    if (!kIgnoreAppImageFailure) {
1852                        success = false;
1853                    }
1854                }
1855            }
1856        } else {
1857            // Cleanup: delete B image, ignore errors.
1858            unlink(b_image_path.c_str());
1859            success = false;
1860        }
1861    } else {
1862        // Cleanup: delete B image, ignore errors.
1863        unlink(b_vdex_path.c_str());
1864        unlink(b_image_path.c_str());
1865        success = false;
1866    }
1867    return success;
1868}
1869
1870bool delete_odex(const char* apk_path, const char* instruction_set, const char* oat_dir) {
1871    // Delete the oat/odex file.
1872    char out_path[PKG_PATH_MAX];
1873    if (!create_oat_out_path(apk_path, instruction_set, oat_dir,
1874            /*is_secondary_dex*/false, out_path)) {
1875        return false;
1876    }
1877
1878    // In case of a permission failure report the issue. Otherwise just print a warning.
1879    auto unlink_and_check = [](const char* path) -> bool {
1880        int result = unlink(path);
1881        if (result != 0) {
1882            if (errno == EACCES || errno == EPERM) {
1883                PLOG(ERROR) << "Could not unlink " << path;
1884                return false;
1885            }
1886            PLOG(WARNING) << "Could not unlink " << path;
1887        }
1888        return true;
1889    };
1890
1891    // Delete the oat/odex file.
1892    bool return_value_oat = unlink_and_check(out_path);
1893
1894    // Derive and delete the app image.
1895    bool return_value_art = unlink_and_check(create_image_filename(out_path).c_str());
1896
1897    // Derive and delete the vdex file.
1898    bool return_value_vdex = unlink_and_check(create_vdex_filename(out_path).c_str());
1899
1900    // Report success.
1901    return return_value_oat && return_value_art && return_value_vdex;
1902}
1903
1904}  // namespace installd
1905}  // namespace android
1906