1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "apex_shim.h"
18
19 #include <android-base/file.h>
20 #include <android-base/logging.h>
21 #include <android-base/stringprintf.h>
22 #include <android-base/strings.h>
23 #include <openssl/sha.h>
24 #include <filesystem>
25 #include <fstream>
26 #include <sstream>
27 #include <unordered_set>
28
29 #include "apex_file.h"
30 #include "status.h"
31 #include "status_or.h"
32 #include "string_log.h"
33
34 namespace android {
35 namespace apex {
36 namespace shim {
37
38 namespace fs = std::filesystem;
39
40 namespace {
41
42 static constexpr const char* kApexCtsShimPackage = "com.android.apex.cts.shim";
43 static constexpr const char* kHashFileName = "hash.txt";
44 static constexpr const int kBufSize = 1024;
45 static constexpr const char* kApexManifestFileName = "apex_manifest.json";
46 static constexpr const char* kEtcFolderName = "etc";
47 static constexpr const char* kLostFoundFolderName = "lost+found";
48 static constexpr const fs::perms kFordbiddenFilePermissions =
49 fs::perms::owner_exec | fs::perms::group_exec | fs::perms::others_exec;
50
CalculateSha512(const std::string & path)51 StatusOr<std::string> CalculateSha512(const std::string& path) {
52 using StatusT = StatusOr<std::string>;
53 LOG(DEBUG) << "Calculating SHA512 of " << path;
54 SHA512_CTX ctx;
55 SHA512_Init(&ctx);
56 std::ifstream apex(path, std::ios::binary);
57 if (apex.bad()) {
58 return StatusT::MakeError(StringLog() << "Failed to open " << path);
59 }
60 char buf[kBufSize];
61 while (!apex.eof()) {
62 apex.read(buf, kBufSize);
63 if (apex.bad()) {
64 return StatusT::MakeError(StringLog() << "Failed to read " << path);
65 }
66 int bytes_read = apex.gcount();
67 SHA512_Update(&ctx, buf, bytes_read);
68 }
69 uint8_t hash[SHA512_DIGEST_LENGTH];
70 SHA512_Final(hash, &ctx);
71 std::stringstream ss;
72 ss << std::hex;
73 for (int i = 0; i < SHA512_DIGEST_LENGTH; i++) {
74 ss << std::setw(2) << std::setfill('0') << static_cast<int>(hash[i]);
75 }
76 return StatusT(ss.str());
77 }
78
ReadSha512(const std::string & path)79 StatusOr<std::vector<std::string>> ReadSha512(const std::string& path) {
80 using android::base::ReadFileToString;
81 using android::base::StringPrintf;
82 using StatusT = StatusOr<std::vector<std::string>>;
83 const std::string& file_path =
84 StringPrintf("%s/%s/%s", path.c_str(), kEtcFolderName, kHashFileName);
85 LOG(DEBUG) << "Reading SHA512 from " << file_path;
86 std::string hash;
87 if (!ReadFileToString(file_path, &hash, false /* follows symlinks */)) {
88 return StatusT::MakeError(PStringLog() << "Failed to read " << file_path);
89 }
90 return StatusT(android::base::Split(hash, "\n"));
91 }
92
IsRegularFile(const fs::directory_entry & entry)93 Status IsRegularFile(const fs::directory_entry& entry) {
94 const fs::path& path = entry.path();
95 std::error_code ec;
96 fs::file_status status = entry.status(ec);
97 if (ec) {
98 return Status::Fail(StringLog()
99 << "Failed to stat " << path << " : " << ec);
100 }
101 if (!fs::is_regular_file(status)) {
102 return Status::Fail(StringLog() << path << " is not a file");
103 }
104 if ((status.permissions() & kFordbiddenFilePermissions) != fs::perms::none) {
105 return Status::Fail(StringLog() << path << " has illegal permissions");
106 }
107 // TODO: consider checking that file only contains ascii characters.
108 return Status::Success();
109 }
110
IsHashTxt(const fs::directory_entry & entry)111 Status IsHashTxt(const fs::directory_entry& entry) {
112 LOG(DEBUG) << "Checking if " << entry.path() << " is an allowed file";
113 const Status& status = IsRegularFile(entry);
114 if (!status.Ok()) {
115 return status;
116 }
117 if (entry.path().filename() != kHashFileName) {
118 return Status::Fail(StringLog() << "Illegal file " << entry.path());
119 }
120 return Status::Success();
121 }
122
IsWhitelistedTopLevelEntry(const fs::directory_entry & entry)123 Status IsWhitelistedTopLevelEntry(const fs::directory_entry& entry) {
124 LOG(DEBUG) << "Checking if " << entry.path() << " is an allowed directory";
125 std::error_code ec;
126 const fs::path& path = entry.path();
127 if (path.filename() == kLostFoundFolderName) {
128 bool is_empty = fs::is_empty(path, ec);
129 if (ec) {
130 return Status::Fail(StringLog()
131 << "Failed to scan " << path << " : " << ec);
132 }
133 if (is_empty) {
134 return Status::Success();
135 } else {
136 return Status::Fail(StringLog() << path << " is not empty");
137 }
138 } else if (path.filename() == kEtcFolderName) {
139 auto iter = fs::directory_iterator(path, ec);
140 if (ec) {
141 return Status::Fail(StringLog()
142 << "Failed to scan " << path << " : " << ec);
143 }
144 bool is_empty = fs::is_empty(path, ec);
145 if (ec) {
146 return Status::Fail(StringLog()
147 << "Failed to scan " << path << " : " << ec);
148 }
149 if (is_empty) {
150 return Status::Fail(StringLog()
151 << path << " should contain " << kHashFileName);
152 }
153 // TODO: change to non-throwing iterator.
154 while (iter != fs::end(iter)) {
155 const Status& status = IsHashTxt(*iter);
156 if (!status.Ok()) {
157 return status;
158 }
159 iter = iter.increment(ec);
160 if (ec) {
161 return Status::Fail(StringLog()
162 << "Failed to scan " << path << " : " << ec);
163 }
164 }
165 return Status::Success();
166 } else if (path.filename() == kApexManifestFileName) {
167 return IsRegularFile(entry);
168 } else {
169 return Status::Fail(StringLog() << "Illegal entry " << path);
170 }
171 }
172
173 } // namespace
174
IsShimApex(const ApexFile & apex_file)175 bool IsShimApex(const ApexFile& apex_file) {
176 return apex_file.GetManifest().name() == kApexCtsShimPackage;
177 }
178
ValidateShimApex(const std::string & mount_point,const ApexFile & apex_file)179 Status ValidateShimApex(const std::string& mount_point,
180 const ApexFile& apex_file) {
181 LOG(DEBUG) << "Validating shim apex " << mount_point;
182 const ApexManifest& manifest = apex_file.GetManifest();
183 if (!manifest.preinstallhook().empty() ||
184 !manifest.postinstallhook().empty()) {
185 return Status::Fail(
186 "Shim apex is not allowed to have pre or post install hooks");
187 }
188 std::error_code ec;
189 auto iter = fs::directory_iterator(mount_point, ec);
190 if (ec) {
191 return Status::Fail(StringLog()
192 << "Failed to scan " << mount_point << " : " << ec);
193 }
194 // Unfortunately fs::directory_iterator::operator++ can throw an exception,
195 // which means that it's impossible to use range-based for loop here.
196 // TODO: wrap into a non-throwing iterator to support range-based for loop.
197 while (iter != fs::end(iter)) {
198 const Status& status = IsWhitelistedTopLevelEntry(*iter);
199 if (!status.Ok()) {
200 return status;
201 }
202 iter = iter.increment(ec);
203 if (ec) {
204 return Status::Fail(StringLog()
205 << "Failed to scan " << mount_point << " : " << ec);
206 }
207 }
208 return Status::Success();
209 }
210
ValidateUpdate(const std::string & system_apex_path,const std::string & new_apex_path)211 Status ValidateUpdate(const std::string& system_apex_path,
212 const std::string& new_apex_path) {
213 LOG(DEBUG) << "Validating update of shim apex to " << new_apex_path
214 << " using system shim apex " << system_apex_path;
215 auto allowed = ReadSha512(system_apex_path);
216 if (!allowed.Ok()) {
217 return allowed.ErrorStatus();
218 }
219 auto actual = CalculateSha512(new_apex_path);
220 if (!actual.Ok()) {
221 return actual.ErrorStatus();
222 }
223 auto it = std::find(allowed->begin(), allowed->end(), *actual);
224 if (it == allowed->end()) {
225 return Status::Fail(StringLog()
226 << new_apex_path << " has unexpected SHA512 hash "
227 << *actual);
228 }
229 return Status::Success();
230 }
231
232 } // namespace shim
233 } // namespace apex
234 } // namespace android
235