1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #define LOG_TAG "installd"
17
18 #include <array>
19 #include <fcntl.h>
20 #include <stdlib.h>
21 #include <string.h>
22 #include <sys/capability.h>
23 #include <sys/file.h>
24 #include <sys/stat.h>
25 #include <sys/time.h>
26 #include <sys/types.h>
27 #include <sys/resource.h>
28 #include <sys/wait.h>
29 #include <unistd.h>
30
31 #include <iomanip>
32
33 #include <android-base/file.h>
34 #include <android-base/logging.h>
35 #include <android-base/properties.h>
36 #include <android-base/stringprintf.h>
37 #include <android-base/strings.h>
38 #include <android-base/unique_fd.h>
39 #include <cutils/fs.h>
40 #include <cutils/properties.h>
41 #include <cutils/sched_policy.h>
42 #include <dex2oat_return_codes.h>
43 #include <log/log.h> // TODO: Move everything to base/logging.
44 #include <openssl/sha.h>
45 #include <private/android_filesystem_config.h>
46 #include <processgroup/sched_policy.h>
47 #include <selinux/android.h>
48 #include <server_configurable_flags/get_flags.h>
49 #include <system/thread_defs.h>
50
51 #include "dexopt.h"
52 #include "dexopt_return_codes.h"
53 #include "globals.h"
54 #include "installd_deps.h"
55 #include "otapreopt_utils.h"
56 #include "utils.h"
57
58 using android::base::EndsWith;
59 using android::base::GetBoolProperty;
60 using android::base::GetProperty;
61 using android::base::ReadFdToString;
62 using android::base::ReadFully;
63 using android::base::StringPrintf;
64 using android::base::WriteFully;
65 using android::base::unique_fd;
66
67 namespace android {
68 namespace installd {
69
70 // Should minidebug info be included in compiled artifacts? Even if this value is
71 // "true," usage might still be conditional to other constraints, e.g., system
72 // property overrides.
73 static constexpr bool kEnableMinidebugInfo = true;
74
75 static constexpr const char* kMinidebugInfoSystemProperty = "dalvik.vm.dex2oat-minidebuginfo";
76 static constexpr bool kMinidebugInfoSystemPropertyDefault = false;
77 static constexpr const char* kMinidebugDex2oatFlag = "--generate-mini-debug-info";
78 static constexpr const char* kDisableCompactDexFlag = "--compact-dex-level=none";
79
80
81 // Deleter using free() for use with std::unique_ptr<>. See also UniqueCPtr<> below.
82 struct FreeDelete {
83 // NOTE: Deleting a const object is valid but free() takes a non-const pointer.
operator ()android::installd::FreeDelete84 void operator()(const void* ptr) const {
85 free(const_cast<void*>(ptr));
86 }
87 };
88
89 // Alias for std::unique_ptr<> that uses the C function free() to delete objects.
90 template <typename T>
91 using UniqueCPtr = std::unique_ptr<T, FreeDelete>;
92
invalid_unique_fd()93 static unique_fd invalid_unique_fd() {
94 return unique_fd(-1);
95 }
96
is_debug_runtime()97 static bool is_debug_runtime() {
98 return android::base::GetProperty("persist.sys.dalvik.vm.lib.2", "") == "libartd.so";
99 }
100
is_debuggable_build()101 static bool is_debuggable_build() {
102 return android::base::GetBoolProperty("ro.debuggable", false);
103 }
104
clear_profile(const std::string & profile)105 static bool clear_profile(const std::string& profile) {
106 unique_fd ufd(open(profile.c_str(), O_WRONLY | O_NOFOLLOW | O_CLOEXEC));
107 if (ufd.get() < 0) {
108 if (errno != ENOENT) {
109 PLOG(WARNING) << "Could not open profile " << profile;
110 return false;
111 } else {
112 // Nothing to clear. That's ok.
113 return true;
114 }
115 }
116
117 if (flock(ufd.get(), LOCK_EX | LOCK_NB) != 0) {
118 if (errno != EWOULDBLOCK) {
119 PLOG(WARNING) << "Error locking profile " << profile;
120 }
121 // This implies that the app owning this profile is running
122 // (and has acquired the lock).
123 //
124 // If we can't acquire the lock bail out since clearing is useless anyway
125 // (the app will write again to the profile).
126 //
127 // Note:
128 // This does not impact the this is not an issue for the profiling correctness.
129 // In case this is needed because of an app upgrade, profiles will still be
130 // eventually cleared by the app itself due to checksum mismatch.
131 // If this is needed because profman advised, then keeping the data around
132 // until the next run is again not an issue.
133 //
134 // If the app attempts to acquire a lock while we've held one here,
135 // it will simply skip the current write cycle.
136 return false;
137 }
138
139 bool truncated = ftruncate(ufd.get(), 0) == 0;
140 if (!truncated) {
141 PLOG(WARNING) << "Could not truncate " << profile;
142 }
143 if (flock(ufd.get(), LOCK_UN) != 0) {
144 PLOG(WARNING) << "Error unlocking profile " << profile;
145 }
146 return truncated;
147 }
148
149 // Clear the reference profile for the given location.
150 // The location is the profile name for primary apks or the dex path for secondary dex files.
clear_reference_profile(const std::string & package_name,const std::string & location,bool is_secondary_dex)151 static bool clear_reference_profile(const std::string& package_name, const std::string& location,
152 bool is_secondary_dex) {
153 return clear_profile(create_reference_profile_path(package_name, location, is_secondary_dex));
154 }
155
156 // Clear the reference profile for the given location.
157 // The location is the profile name for primary apks or the dex path for secondary dex files.
clear_current_profile(const std::string & package_name,const std::string & location,userid_t user,bool is_secondary_dex)158 static bool clear_current_profile(const std::string& package_name, const std::string& location,
159 userid_t user, bool is_secondary_dex) {
160 return clear_profile(create_current_profile_path(user, package_name, location,
161 is_secondary_dex));
162 }
163
164 // Clear the reference profile for the primary apk of the given package.
165 // The location is the profile name for primary apks or the dex path for secondary dex files.
clear_primary_reference_profile(const std::string & package_name,const std::string & location)166 bool clear_primary_reference_profile(const std::string& package_name,
167 const std::string& location) {
168 return clear_reference_profile(package_name, location, /*is_secondary_dex*/false);
169 }
170
171 // Clear all current profile for the primary apk of the given package.
172 // The location is the profile name for primary apks or the dex path for secondary dex files.
clear_primary_current_profiles(const std::string & package_name,const std::string & location)173 bool clear_primary_current_profiles(const std::string& package_name, const std::string& location) {
174 bool success = true;
175 // For secondary dex files, we don't really need the user but we use it for sanity checks.
176 std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr);
177 for (auto user : users) {
178 success &= clear_current_profile(package_name, location, user, /*is_secondary_dex*/false);
179 }
180 return success;
181 }
182
183 // Clear the current profile for the primary apk of the given package and user.
clear_primary_current_profile(const std::string & package_name,const std::string & location,userid_t user)184 bool clear_primary_current_profile(const std::string& package_name, const std::string& location,
185 userid_t user) {
186 return clear_current_profile(package_name, location, user, /*is_secondary_dex*/false);
187 }
188
SplitBySpaces(const std::string & str)189 static std::vector<std::string> SplitBySpaces(const std::string& str) {
190 if (str.empty()) {
191 return {};
192 }
193 return android::base::Split(str, " ");
194 }
195
get_location_from_path(const char * path)196 static const char* get_location_from_path(const char* path) {
197 static constexpr char kLocationSeparator = '/';
198 const char *location = strrchr(path, kLocationSeparator);
199 if (location == nullptr) {
200 return path;
201 } else {
202 // Skip the separator character.
203 return location + 1;
204 }
205 }
206
207 // ExecVHelper prepares and holds pointers to parsed command line arguments so that no allocations
208 // need to be performed between the fork and exec.
209 class ExecVHelper {
210 public:
211 // Store a placeholder for the binary name.
ExecVHelper()212 ExecVHelper() : args_(1u, std::string()) {}
213
PrepareArgs(const std::string & bin)214 void PrepareArgs(const std::string& bin) {
215 CHECK(!args_.empty());
216 CHECK(args_[0].empty());
217 args_[0] = bin;
218 // Write char* into array.
219 for (const std::string& arg : args_) {
220 argv_.push_back(arg.c_str());
221 }
222 argv_.push_back(nullptr); // Add null terminator.
223 }
224
225 [[ noreturn ]]
Exec(int exit_code)226 void Exec(int exit_code) {
227 execv(argv_[0], (char * const *)&argv_[0]);
228 PLOG(ERROR) << "execv(" << argv_[0] << ") failed";
229 exit(exit_code);
230 }
231
232 // Add an arg if it's not empty.
AddArg(const std::string & arg)233 void AddArg(const std::string& arg) {
234 if (!arg.empty()) {
235 args_.push_back(arg);
236 }
237 }
238
239 // Add a runtime arg if it's not empty.
AddRuntimeArg(const std::string & arg)240 void AddRuntimeArg(const std::string& arg) {
241 if (!arg.empty()) {
242 args_.push_back("--runtime-arg");
243 args_.push_back(arg);
244 }
245 }
246
247 protected:
248 // Holder arrays for backing arg storage.
249 std::vector<std::string> args_;
250
251 // Argument poiners.
252 std::vector<const char*> argv_;
253 };
254
MapPropertyToArg(const std::string & property,const std::string & format,const std::string & default_value="")255 static std::string MapPropertyToArg(const std::string& property,
256 const std::string& format,
257 const std::string& default_value = "") {
258 std::string prop = GetProperty(property, default_value);
259 if (!prop.empty()) {
260 return StringPrintf(format.c_str(), prop.c_str());
261 }
262 return "";
263 }
264
265 // Determines which binary we should use for execution (the debug or non-debug version).
266 // e.g. dex2oatd vs dex2oat
select_execution_binary(const char * binary,const char * debug_binary,bool background_job_compile)267 static const char* select_execution_binary(const char* binary, const char* debug_binary,
268 bool background_job_compile) {
269 return select_execution_binary(
270 binary,
271 debug_binary,
272 background_job_compile,
273 is_debug_runtime(),
274 (android::base::GetProperty("ro.build.version.codename", "") == "REL"),
275 is_debuggable_build());
276 }
277
278 // Determines which binary we should use for execution (the debug or non-debug version).
279 // e.g. dex2oatd vs dex2oat
280 // This is convenient method which is much easier to test because it doesn't read
281 // system properties.
select_execution_binary(const char * binary,const char * debug_binary,bool background_job_compile,bool is_debug_runtime,bool is_release,bool is_debuggable_build)282 const char* select_execution_binary(
283 const char* binary,
284 const char* debug_binary,
285 bool background_job_compile,
286 bool is_debug_runtime,
287 bool is_release,
288 bool is_debuggable_build) {
289 // Do not use debug binaries for release candidates (to give more soak time).
290 bool is_debug_bg_job = background_job_compile && is_debuggable_build && !is_release;
291
292 // If the runtime was requested to use libartd.so, we'll run the debug version - assuming
293 // the file is present (it may not be on images with very little space available).
294 bool useDebug = (is_debug_runtime || is_debug_bg_job) && (access(debug_binary, X_OK) == 0);
295
296 return useDebug ? debug_binary : binary;
297 }
298
299 // Namespace for Android Runtime flags applied during boot time.
300 static const char* RUNTIME_NATIVE_BOOT_NAMESPACE = "runtime_native_boot";
301 // Feature flag name for running the JIT in Zygote experiment, b/119800099.
302 static const char* ENABLE_APEX_IMAGE = "enable_apex_image";
303 // Location of the apex image.
304 static const char* kApexImage = "/system/framework/apex.art";
305
306 class RunDex2Oat : public ExecVHelper {
307 public:
RunDex2Oat(int zip_fd,int oat_fd,int input_vdex_fd,int output_vdex_fd,int image_fd,const char * input_file_name,const char * output_file_name,int swap_fd,const char * instruction_set,const char * compiler_filter,bool debuggable,bool post_bootcomplete,bool background_job_compile,int profile_fd,const char * class_loader_context,const std::string & class_loader_context_fds,int target_sdk_version,bool enable_hidden_api_checks,bool generate_compact_dex,int dex_metadata_fd,const char * compilation_reason)308 RunDex2Oat(int zip_fd,
309 int oat_fd,
310 int input_vdex_fd,
311 int output_vdex_fd,
312 int image_fd,
313 const char* input_file_name,
314 const char* output_file_name,
315 int swap_fd,
316 const char* instruction_set,
317 const char* compiler_filter,
318 bool debuggable,
319 bool post_bootcomplete,
320 bool background_job_compile,
321 int profile_fd,
322 const char* class_loader_context,
323 const std::string& class_loader_context_fds,
324 int target_sdk_version,
325 bool enable_hidden_api_checks,
326 bool generate_compact_dex,
327 int dex_metadata_fd,
328 const char* compilation_reason) {
329 // Get the relative path to the input file.
330 const char* relative_input_file_name = get_location_from_path(input_file_name);
331
332 std::string dex2oat_Xms_arg = MapPropertyToArg("dalvik.vm.dex2oat-Xms", "-Xms%s");
333 std::string dex2oat_Xmx_arg = MapPropertyToArg("dalvik.vm.dex2oat-Xmx", "-Xmx%s");
334
335 const char* threads_property = post_bootcomplete
336 ? "dalvik.vm.dex2oat-threads"
337 : "dalvik.vm.boot-dex2oat-threads";
338 std::string dex2oat_threads_arg = MapPropertyToArg(threads_property, "-j%s");
339
340 std::string bootclasspath;
341 char* dex2oat_bootclasspath = getenv("DEX2OATBOOTCLASSPATH");
342 if (dex2oat_bootclasspath != nullptr) {
343 bootclasspath = StringPrintf("-Xbootclasspath:%s", dex2oat_bootclasspath);
344 }
345 // If DEX2OATBOOTCLASSPATH is not in the environment, dex2oat is going to query
346 // BOOTCLASSPATH.
347
348 const std::string dex2oat_isa_features_key =
349 StringPrintf("dalvik.vm.isa.%s.features", instruction_set);
350 std::string instruction_set_features_arg =
351 MapPropertyToArg(dex2oat_isa_features_key, "--instruction-set-features=%s");
352
353 const std::string dex2oat_isa_variant_key =
354 StringPrintf("dalvik.vm.isa.%s.variant", instruction_set);
355 std::string instruction_set_variant_arg =
356 MapPropertyToArg(dex2oat_isa_variant_key, "--instruction-set-variant=%s");
357
358 const char* dex2oat_norelocation = "-Xnorelocate";
359
360 const std::string dex2oat_flags = GetProperty("dalvik.vm.dex2oat-flags", "");
361 std::vector<std::string> dex2oat_flags_args = SplitBySpaces(dex2oat_flags);
362 ALOGV("dalvik.vm.dex2oat-flags=%s\n", dex2oat_flags.c_str());
363
364 // If we are booting without the real /data, don't spend time compiling.
365 std::string vold_decrypt = GetProperty("vold.decrypt", "");
366 bool skip_compilation = vold_decrypt == "trigger_restart_min_framework" ||
367 vold_decrypt == "1";
368
369 std::string resolve_startup_string_arg =
370 MapPropertyToArg("persist.device_config.runtime.dex2oat_resolve_startup_strings",
371 "--resolve-startup-const-strings=%s");
372 if (resolve_startup_string_arg.empty()) {
373 // If empty, fall back to system property.
374 resolve_startup_string_arg =
375 MapPropertyToArg("dalvik.vm.dex2oat-resolve-startup-strings",
376 "--resolve-startup-const-strings=%s");
377 }
378
379 const std::string image_block_size_arg =
380 MapPropertyToArg("dalvik.vm.dex2oat-max-image-block-size",
381 "--max-image-block-size=%s");
382
383 const bool generate_debug_info = GetBoolProperty("debug.generate-debug-info", false);
384
385 std::string image_format_arg;
386 if (image_fd >= 0) {
387 image_format_arg = MapPropertyToArg("dalvik.vm.appimageformat", "--image-format=%s");
388 }
389
390 std::string dex2oat_large_app_threshold_arg =
391 MapPropertyToArg("dalvik.vm.dex2oat-very-large", "--very-large-app-threshold=%s");
392
393
394 const char* dex2oat_bin = select_execution_binary(
395 kDex2oatPath, kDex2oatDebugPath, background_job_compile);
396
397 bool generate_minidebug_info = kEnableMinidebugInfo &&
398 GetBoolProperty(kMinidebugInfoSystemProperty, kMinidebugInfoSystemPropertyDefault);
399
400 std::string boot_image;
401 std::string use_apex_image =
402 server_configurable_flags::GetServerConfigurableFlag(RUNTIME_NATIVE_BOOT_NAMESPACE,
403 ENABLE_APEX_IMAGE,
404 /*default_value=*/ "");
405 if (use_apex_image == "true") {
406 boot_image = StringPrintf("-Ximage:%s", kApexImage);
407 } else {
408 boot_image = MapPropertyToArg("dalvik.vm.boot-image", "-Ximage:%s");
409 }
410
411 // clang FORTIFY doesn't let us use strlen in constant array bounds, so we
412 // use arraysize instead.
413 std::string zip_fd_arg = StringPrintf("--zip-fd=%d", zip_fd);
414 std::string zip_location_arg = StringPrintf("--zip-location=%s", relative_input_file_name);
415 std::string input_vdex_fd_arg = StringPrintf("--input-vdex-fd=%d", input_vdex_fd);
416 std::string output_vdex_fd_arg = StringPrintf("--output-vdex-fd=%d", output_vdex_fd);
417 std::string oat_fd_arg = StringPrintf("--oat-fd=%d", oat_fd);
418 std::string oat_location_arg = StringPrintf("--oat-location=%s", output_file_name);
419 std::string instruction_set_arg = StringPrintf("--instruction-set=%s", instruction_set);
420 std::string dex2oat_compiler_filter_arg;
421 std::string dex2oat_swap_fd;
422 std::string dex2oat_image_fd;
423 std::string target_sdk_version_arg;
424 if (target_sdk_version != 0) {
425 target_sdk_version_arg = StringPrintf("-Xtarget-sdk-version:%d", target_sdk_version);
426 }
427 std::string class_loader_context_arg;
428 std::string class_loader_context_fds_arg;
429 if (class_loader_context != nullptr) {
430 class_loader_context_arg = StringPrintf("--class-loader-context=%s",
431 class_loader_context);
432 if (!class_loader_context_fds.empty()) {
433 class_loader_context_fds_arg = StringPrintf("--class-loader-context-fds=%s",
434 class_loader_context_fds.c_str());
435 }
436 }
437
438 if (swap_fd >= 0) {
439 dex2oat_swap_fd = StringPrintf("--swap-fd=%d", swap_fd);
440 }
441 if (image_fd >= 0) {
442 dex2oat_image_fd = StringPrintf("--app-image-fd=%d", image_fd);
443 }
444
445 // Compute compiler filter.
446 bool have_dex2oat_relocation_skip_flag = false;
447 if (skip_compilation) {
448 dex2oat_compiler_filter_arg = "--compiler-filter=extract";
449 have_dex2oat_relocation_skip_flag = true;
450 } else if (compiler_filter != nullptr) {
451 dex2oat_compiler_filter_arg = StringPrintf("--compiler-filter=%s", compiler_filter);
452 }
453
454 if (dex2oat_compiler_filter_arg.empty()) {
455 dex2oat_compiler_filter_arg = MapPropertyToArg("dalvik.vm.dex2oat-filter",
456 "--compiler-filter=%s");
457 }
458
459 // Check whether all apps should be compiled debuggable.
460 if (!debuggable) {
461 debuggable = GetProperty("dalvik.vm.always_debuggable", "") == "1";
462 }
463 std::string profile_arg;
464 if (profile_fd != -1) {
465 profile_arg = StringPrintf("--profile-file-fd=%d", profile_fd);
466 }
467
468 // Get the directory of the apk to pass as a base classpath directory.
469 std::string base_dir;
470 std::string apk_dir(input_file_name);
471 unsigned long dir_index = apk_dir.rfind('/');
472 bool has_base_dir = dir_index != std::string::npos;
473 if (has_base_dir) {
474 apk_dir = apk_dir.substr(0, dir_index);
475 base_dir = StringPrintf("--classpath-dir=%s", apk_dir.c_str());
476 }
477
478 std::string dex_metadata_fd_arg = "--dm-fd=" + std::to_string(dex_metadata_fd);
479
480 std::string compilation_reason_arg = compilation_reason == nullptr
481 ? ""
482 : std::string("--compilation-reason=") + compilation_reason;
483
484 ALOGV("Running %s in=%s out=%s\n", dex2oat_bin, relative_input_file_name, output_file_name);
485
486 // Disable cdex if update input vdex is true since this combination of options is not
487 // supported.
488 const bool disable_cdex = !generate_compact_dex || (input_vdex_fd == output_vdex_fd);
489
490 AddArg(zip_fd_arg);
491 AddArg(zip_location_arg);
492 AddArg(input_vdex_fd_arg);
493 AddArg(output_vdex_fd_arg);
494 AddArg(oat_fd_arg);
495 AddArg(oat_location_arg);
496 AddArg(instruction_set_arg);
497
498 AddArg(instruction_set_variant_arg);
499 AddArg(instruction_set_features_arg);
500
501 AddRuntimeArg(boot_image);
502 AddRuntimeArg(bootclasspath);
503 AddRuntimeArg(dex2oat_Xms_arg);
504 AddRuntimeArg(dex2oat_Xmx_arg);
505
506 AddArg(resolve_startup_string_arg);
507 AddArg(image_block_size_arg);
508 AddArg(dex2oat_compiler_filter_arg);
509 AddArg(dex2oat_threads_arg);
510 AddArg(dex2oat_swap_fd);
511 AddArg(dex2oat_image_fd);
512
513 if (generate_debug_info) {
514 AddArg("--generate-debug-info");
515 }
516 if (debuggable) {
517 AddArg("--debuggable");
518 }
519 AddArg(image_format_arg);
520 AddArg(dex2oat_large_app_threshold_arg);
521
522 if (have_dex2oat_relocation_skip_flag) {
523 AddRuntimeArg(dex2oat_norelocation);
524 }
525 AddArg(profile_arg);
526 AddArg(base_dir);
527 AddArg(class_loader_context_arg);
528 AddArg(class_loader_context_fds_arg);
529 if (generate_minidebug_info) {
530 AddArg(kMinidebugDex2oatFlag);
531 }
532 if (disable_cdex) {
533 AddArg(kDisableCompactDexFlag);
534 }
535 AddRuntimeArg(target_sdk_version_arg);
536 if (enable_hidden_api_checks) {
537 AddRuntimeArg("-Xhidden-api-policy:enabled");
538 }
539
540 if (dex_metadata_fd > -1) {
541 AddArg(dex_metadata_fd_arg);
542 }
543
544 AddArg(compilation_reason_arg);
545
546 // Do not add args after dex2oat_flags, they should override others for debugging.
547 args_.insert(args_.end(), dex2oat_flags_args.begin(), dex2oat_flags_args.end());
548
549 PrepareArgs(dex2oat_bin);
550 }
551 };
552
553 /*
554 * Whether dexopt should use a swap file when compiling an APK.
555 *
556 * If kAlwaysProvideSwapFile, do this on all devices (dex2oat will make a more informed decision
557 * itself, anyways).
558 *
559 * Otherwise, read "dalvik.vm.dex2oat-swap". If the property exists, return whether it is "true".
560 *
561 * Otherwise, return true if this is a low-mem device.
562 *
563 * Otherwise, return default value.
564 */
565 static bool kAlwaysProvideSwapFile = false;
566 static bool kDefaultProvideSwapFile = true;
567
ShouldUseSwapFileForDexopt()568 static bool ShouldUseSwapFileForDexopt() {
569 if (kAlwaysProvideSwapFile) {
570 return true;
571 }
572
573 // Check the "override" property. If it exists, return value == "true".
574 std::string dex2oat_prop_buf = GetProperty("dalvik.vm.dex2oat-swap", "");
575 if (!dex2oat_prop_buf.empty()) {
576 return dex2oat_prop_buf == "true";
577 }
578
579 // Shortcut for default value. This is an implementation optimization for the process sketched
580 // above. If the default value is true, we can avoid to check whether this is a low-mem device,
581 // as low-mem is never returning false. The compiler will optimize this away if it can.
582 if (kDefaultProvideSwapFile) {
583 return true;
584 }
585
586 if (GetBoolProperty("ro.config.low_ram", false)) {
587 return true;
588 }
589
590 // Default value must be false here.
591 return kDefaultProvideSwapFile;
592 }
593
SetDex2OatScheduling(bool set_to_bg)594 static void SetDex2OatScheduling(bool set_to_bg) {
595 if (set_to_bg) {
596 if (set_sched_policy(0, SP_BACKGROUND) < 0) {
597 PLOG(ERROR) << "set_sched_policy failed";
598 exit(DexoptReturnCodes::kSetSchedPolicy);
599 }
600 if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) {
601 PLOG(ERROR) << "setpriority failed";
602 exit(DexoptReturnCodes::kSetPriority);
603 }
604 }
605 }
606
create_profile(uid_t uid,const std::string & profile,int32_t flags)607 static unique_fd create_profile(uid_t uid, const std::string& profile, int32_t flags) {
608 unique_fd fd(TEMP_FAILURE_RETRY(open(profile.c_str(), flags, 0600)));
609 if (fd.get() < 0) {
610 if (errno != EEXIST) {
611 PLOG(ERROR) << "Failed to create profile " << profile;
612 return invalid_unique_fd();
613 }
614 }
615 // Profiles should belong to the app; make sure of that by giving ownership to
616 // the app uid. If we cannot do that, there's no point in returning the fd
617 // since dex2oat/profman will fail with SElinux denials.
618 if (fchown(fd.get(), uid, uid) < 0) {
619 PLOG(ERROR) << "Could not chown profile " << profile;
620 return invalid_unique_fd();
621 }
622 return fd;
623 }
624
open_profile(uid_t uid,const std::string & profile,int32_t flags)625 static unique_fd open_profile(uid_t uid, const std::string& profile, int32_t flags) {
626 // Do not follow symlinks when opening a profile:
627 // - primary profiles should not contain symlinks in their paths
628 // - secondary dex paths should have been already resolved and validated
629 flags |= O_NOFOLLOW;
630
631 // Check if we need to create the profile
632 // Reference profiles and snapshots are created on the fly; so they might not exist beforehand.
633 unique_fd fd;
634 if ((flags & O_CREAT) != 0) {
635 fd = create_profile(uid, profile, flags);
636 } else {
637 fd.reset(TEMP_FAILURE_RETRY(open(profile.c_str(), flags)));
638 }
639
640 if (fd.get() < 0) {
641 if (errno != ENOENT) {
642 // Profiles might be missing for various reasons. For example, in a
643 // multi-user environment, the profile directory for one user can be created
644 // after we start a merge. In this case the current profile for that user
645 // will not be found.
646 // Also, the secondary dex profiles might be deleted by the app at any time,
647 // so we can't we need to prepare if they are missing.
648 PLOG(ERROR) << "Failed to open profile " << profile;
649 }
650 return invalid_unique_fd();
651 }
652
653 return fd;
654 }
655
open_current_profile(uid_t uid,userid_t user,const std::string & package_name,const std::string & location,bool is_secondary_dex)656 static unique_fd open_current_profile(uid_t uid, userid_t user, const std::string& package_name,
657 const std::string& location, bool is_secondary_dex) {
658 std::string profile = create_current_profile_path(user, package_name, location,
659 is_secondary_dex);
660 return open_profile(uid, profile, O_RDONLY);
661 }
662
open_reference_profile(uid_t uid,const std::string & package_name,const std::string & location,bool read_write,bool is_secondary_dex)663 static unique_fd open_reference_profile(uid_t uid, const std::string& package_name,
664 const std::string& location, bool read_write, bool is_secondary_dex) {
665 std::string profile = create_reference_profile_path(package_name, location, is_secondary_dex);
666 return open_profile(uid, profile, read_write ? (O_CREAT | O_RDWR) : O_RDONLY);
667 }
668
open_spnashot_profile(uid_t uid,const std::string & package_name,const std::string & location)669 static unique_fd open_spnashot_profile(uid_t uid, const std::string& package_name,
670 const std::string& location) {
671 std::string profile = create_snapshot_profile_path(package_name, location);
672 return open_profile(uid, profile, O_CREAT | O_RDWR | O_TRUNC);
673 }
674
open_profile_files(uid_t uid,const std::string & package_name,const std::string & location,bool is_secondary_dex,std::vector<unique_fd> * profiles_fd,unique_fd * reference_profile_fd)675 static void open_profile_files(uid_t uid, const std::string& package_name,
676 const std::string& location, bool is_secondary_dex,
677 /*out*/ std::vector<unique_fd>* profiles_fd, /*out*/ unique_fd* reference_profile_fd) {
678 // Open the reference profile in read-write mode as profman might need to save the merge.
679 *reference_profile_fd = open_reference_profile(uid, package_name, location,
680 /*read_write*/ true, is_secondary_dex);
681
682 // For secondary dex files, we don't really need the user but we use it for sanity checks.
683 // Note: the user owning the dex file should be the current user.
684 std::vector<userid_t> users;
685 if (is_secondary_dex){
686 users.push_back(multiuser_get_user_id(uid));
687 } else {
688 users = get_known_users(/*volume_uuid*/ nullptr);
689 }
690 for (auto user : users) {
691 unique_fd profile_fd = open_current_profile(uid, user, package_name, location,
692 is_secondary_dex);
693 // Add to the lists only if both fds are valid.
694 if (profile_fd.get() >= 0) {
695 profiles_fd->push_back(std::move(profile_fd));
696 }
697 }
698 }
699
700 static constexpr int PROFMAN_BIN_RETURN_CODE_COMPILE = 0;
701 static constexpr int PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION = 1;
702 static constexpr int PROFMAN_BIN_RETURN_CODE_BAD_PROFILES = 2;
703 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_IO = 3;
704 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING = 4;
705
706 class RunProfman : public ExecVHelper {
707 public:
SetupArgs(const std::vector<unique_fd> & profile_fds,const unique_fd & reference_profile_fd,const std::vector<unique_fd> & apk_fds,const std::vector<std::string> & dex_locations,bool copy_and_update,bool store_aggregation_counters)708 void SetupArgs(const std::vector<unique_fd>& profile_fds,
709 const unique_fd& reference_profile_fd,
710 const std::vector<unique_fd>& apk_fds,
711 const std::vector<std::string>& dex_locations,
712 bool copy_and_update,
713 bool store_aggregation_counters) {
714
715 // TODO(calin): Assume for now we run in the bg compile job (which is in
716 // most of the invocation). With the current data flow, is not very easy or
717 // clean to discover this in RunProfman (it will require quite a messy refactoring).
718 const char* profman_bin = select_execution_binary(
719 kProfmanPath, kProfmanDebugPath, /*background_job_compile=*/ true);
720
721 if (copy_and_update) {
722 CHECK_EQ(1u, profile_fds.size());
723 CHECK_EQ(1u, apk_fds.size());
724 }
725 if (reference_profile_fd != -1) {
726 AddArg("--reference-profile-file-fd=" + std::to_string(reference_profile_fd.get()));
727 }
728
729 for (const unique_fd& fd : profile_fds) {
730 AddArg("--profile-file-fd=" + std::to_string(fd.get()));
731 }
732
733 for (const unique_fd& fd : apk_fds) {
734 AddArg("--apk-fd=" + std::to_string(fd.get()));
735 }
736
737 for (const std::string& dex_location : dex_locations) {
738 AddArg("--dex-location=" + dex_location);
739 }
740
741 if (copy_and_update) {
742 AddArg("--copy-and-update-profile-key");
743 }
744
745 if (store_aggregation_counters) {
746 AddArg("--store-aggregation-counters");
747 }
748
749 // Do not add after dex2oat_flags, they should override others for debugging.
750 PrepareArgs(profman_bin);
751 }
752
SetupMerge(const std::vector<unique_fd> & profiles_fd,const unique_fd & reference_profile_fd,const std::vector<unique_fd> & apk_fds=std::vector<unique_fd> (),const std::vector<std::string> & dex_locations=std::vector<std::string> (),bool store_aggregation_counters=false)753 void SetupMerge(const std::vector<unique_fd>& profiles_fd,
754 const unique_fd& reference_profile_fd,
755 const std::vector<unique_fd>& apk_fds = std::vector<unique_fd>(),
756 const std::vector<std::string>& dex_locations = std::vector<std::string>(),
757 bool store_aggregation_counters = false) {
758 SetupArgs(profiles_fd,
759 reference_profile_fd,
760 apk_fds,
761 dex_locations,
762 /*copy_and_update=*/false,
763 store_aggregation_counters);
764 }
765
SetupCopyAndUpdate(unique_fd && profile_fd,unique_fd && reference_profile_fd,unique_fd && apk_fd,const std::string & dex_location)766 void SetupCopyAndUpdate(unique_fd&& profile_fd,
767 unique_fd&& reference_profile_fd,
768 unique_fd&& apk_fd,
769 const std::string& dex_location) {
770 // The fds need to stay open longer than the scope of the function, so put them into a local
771 // variable vector.
772 profiles_fd_.push_back(std::move(profile_fd));
773 apk_fds_.push_back(std::move(apk_fd));
774 reference_profile_fd_ = std::move(reference_profile_fd);
775 std::vector<std::string> dex_locations = {dex_location};
776 SetupArgs(profiles_fd_,
777 reference_profile_fd_,
778 apk_fds_,
779 dex_locations,
780 /*copy_and_update=*/true,
781 /*store_aggregation_counters=*/false);
782 }
783
SetupDump(const std::vector<unique_fd> & profiles_fd,const unique_fd & reference_profile_fd,const std::vector<std::string> & dex_locations,const std::vector<unique_fd> & apk_fds,const unique_fd & output_fd)784 void SetupDump(const std::vector<unique_fd>& profiles_fd,
785 const unique_fd& reference_profile_fd,
786 const std::vector<std::string>& dex_locations,
787 const std::vector<unique_fd>& apk_fds,
788 const unique_fd& output_fd) {
789 AddArg("--dump-only");
790 AddArg(StringPrintf("--dump-output-to-fd=%d", output_fd.get()));
791 SetupArgs(profiles_fd,
792 reference_profile_fd,
793 apk_fds,
794 dex_locations,
795 /*copy_and_update=*/false,
796 /*store_aggregation_counters=*/false);
797 }
798
Exec()799 void Exec() {
800 ExecVHelper::Exec(DexoptReturnCodes::kProfmanExec);
801 }
802
803 private:
804 unique_fd reference_profile_fd_;
805 std::vector<unique_fd> profiles_fd_;
806 std::vector<unique_fd> apk_fds_;
807 };
808
809
810
811 // Decides if profile guided compilation is needed or not based on existing profiles.
812 // The location is the package name for primary apks or the dex path for secondary dex files.
813 // Returns true if there is enough information in the current profiles that makes it
814 // worth to recompile the given location.
815 // If the return value is true all the current profiles would have been merged into
816 // the reference profiles accessible with open_reference_profile().
analyze_profiles(uid_t uid,const std::string & package_name,const std::string & location,bool is_secondary_dex)817 static bool analyze_profiles(uid_t uid, const std::string& package_name,
818 const std::string& location, bool is_secondary_dex) {
819 std::vector<unique_fd> profiles_fd;
820 unique_fd reference_profile_fd;
821 open_profile_files(uid, package_name, location, is_secondary_dex,
822 &profiles_fd, &reference_profile_fd);
823 if (profiles_fd.empty() || (reference_profile_fd.get() < 0)) {
824 // Skip profile guided compilation because no profiles were found.
825 // Or if the reference profile info couldn't be opened.
826 return false;
827 }
828
829 RunProfman profman_merge;
830 profman_merge.SetupMerge(profiles_fd, reference_profile_fd);
831 pid_t pid = fork();
832 if (pid == 0) {
833 /* child -- drop privileges before continuing */
834 drop_capabilities(uid);
835 profman_merge.Exec();
836 }
837 /* parent */
838 int return_code = wait_child(pid);
839 bool need_to_compile = false;
840 bool should_clear_current_profiles = false;
841 bool should_clear_reference_profile = false;
842 if (!WIFEXITED(return_code)) {
843 LOG(WARNING) << "profman failed for location " << location << ": " << return_code;
844 } else {
845 return_code = WEXITSTATUS(return_code);
846 switch (return_code) {
847 case PROFMAN_BIN_RETURN_CODE_COMPILE:
848 need_to_compile = true;
849 should_clear_current_profiles = true;
850 should_clear_reference_profile = false;
851 break;
852 case PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION:
853 need_to_compile = false;
854 should_clear_current_profiles = false;
855 should_clear_reference_profile = false;
856 break;
857 case PROFMAN_BIN_RETURN_CODE_BAD_PROFILES:
858 LOG(WARNING) << "Bad profiles for location " << location;
859 need_to_compile = false;
860 should_clear_current_profiles = true;
861 should_clear_reference_profile = true;
862 break;
863 case PROFMAN_BIN_RETURN_CODE_ERROR_IO: // fall-through
864 case PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING:
865 // Temporary IO problem (e.g. locking). Ignore but log a warning.
866 LOG(WARNING) << "IO error while reading profiles for location " << location;
867 need_to_compile = false;
868 should_clear_current_profiles = false;
869 should_clear_reference_profile = false;
870 break;
871 default:
872 // Unknown return code or error. Unlink profiles.
873 LOG(WARNING) << "Unknown error code while processing profiles for location "
874 << location << ": " << return_code;
875 need_to_compile = false;
876 should_clear_current_profiles = true;
877 should_clear_reference_profile = true;
878 break;
879 }
880 }
881
882 if (should_clear_current_profiles) {
883 if (is_secondary_dex) {
884 // For secondary dex files, the owning user is the current user.
885 clear_current_profile(package_name, location, multiuser_get_user_id(uid),
886 is_secondary_dex);
887 } else {
888 clear_primary_current_profiles(package_name, location);
889 }
890 }
891 if (should_clear_reference_profile) {
892 clear_reference_profile(package_name, location, is_secondary_dex);
893 }
894 return need_to_compile;
895 }
896
897 // Decides if profile guided compilation is needed or not based on existing profiles.
898 // The analysis is done for the primary apks of the given package.
899 // Returns true if there is enough information in the current profiles that makes it
900 // worth to recompile the package.
901 // If the return value is true all the current profiles would have been merged into
902 // the reference profiles accessible with open_reference_profile().
analyze_primary_profiles(uid_t uid,const std::string & package_name,const std::string & profile_name)903 bool analyze_primary_profiles(uid_t uid, const std::string& package_name,
904 const std::string& profile_name) {
905 return analyze_profiles(uid, package_name, profile_name, /*is_secondary_dex*/false);
906 }
907
dump_profiles(int32_t uid,const std::string & pkgname,const std::string & profile_name,const std::string & code_path)908 bool dump_profiles(int32_t uid, const std::string& pkgname, const std::string& profile_name,
909 const std::string& code_path) {
910 std::vector<unique_fd> profile_fds;
911 unique_fd reference_profile_fd;
912 std::string out_file_name = StringPrintf("/data/misc/profman/%s-%s.txt",
913 pkgname.c_str(), profile_name.c_str());
914
915 open_profile_files(uid, pkgname, profile_name, /*is_secondary_dex*/false,
916 &profile_fds, &reference_profile_fd);
917
918 const bool has_reference_profile = (reference_profile_fd.get() != -1);
919 const bool has_profiles = !profile_fds.empty();
920
921 if (!has_reference_profile && !has_profiles) {
922 LOG(ERROR) << "profman dump: no profiles to dump for " << pkgname;
923 return false;
924 }
925
926 unique_fd output_fd(open(out_file_name.c_str(),
927 O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, 0644));
928 if (fchmod(output_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
929 LOG(ERROR) << "installd cannot chmod file for dump_profile" << out_file_name;
930 return false;
931 }
932
933 std::vector<std::string> dex_locations;
934 std::vector<unique_fd> apk_fds;
935 unique_fd apk_fd(open(code_path.c_str(), O_RDONLY | O_NOFOLLOW));
936 if (apk_fd == -1) {
937 PLOG(ERROR) << "installd cannot open " << code_path.c_str();
938 return false;
939 }
940 dex_locations.push_back(get_location_from_path(code_path.c_str()));
941 apk_fds.push_back(std::move(apk_fd));
942
943
944 RunProfman profman_dump;
945 profman_dump.SetupDump(profile_fds, reference_profile_fd, dex_locations, apk_fds, output_fd);
946 pid_t pid = fork();
947 if (pid == 0) {
948 /* child -- drop privileges before continuing */
949 drop_capabilities(uid);
950 profman_dump.Exec();
951 }
952 /* parent */
953 int return_code = wait_child(pid);
954 if (!WIFEXITED(return_code)) {
955 LOG(WARNING) << "profman failed for package " << pkgname << ": "
956 << return_code;
957 return false;
958 }
959 return true;
960 }
961
copy_system_profile(const std::string & system_profile,uid_t packageUid,const std::string & package_name,const std::string & profile_name)962 bool copy_system_profile(const std::string& system_profile,
963 uid_t packageUid, const std::string& package_name, const std::string& profile_name) {
964 unique_fd in_fd(open(system_profile.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC));
965 unique_fd out_fd(open_reference_profile(packageUid,
966 package_name,
967 profile_name,
968 /*read_write*/ true,
969 /*secondary*/ false));
970 if (in_fd.get() < 0) {
971 PLOG(WARNING) << "Could not open profile " << system_profile;
972 return false;
973 }
974 if (out_fd.get() < 0) {
975 PLOG(WARNING) << "Could not open profile " << package_name;
976 return false;
977 }
978
979 // As a security measure we want to write the profile information with the reduced capabilities
980 // of the package user id. So we fork and drop capabilities in the child.
981 pid_t pid = fork();
982 if (pid == 0) {
983 /* child -- drop privileges before continuing */
984 drop_capabilities(packageUid);
985
986 if (flock(out_fd.get(), LOCK_EX | LOCK_NB) != 0) {
987 if (errno != EWOULDBLOCK) {
988 PLOG(WARNING) << "Error locking profile " << package_name;
989 }
990 // This implies that the app owning this profile is running
991 // (and has acquired the lock).
992 //
993 // The app never acquires the lock for the reference profiles of primary apks.
994 // Only dex2oat from installd will do that. Since installd is single threaded
995 // we should not see this case. Nevertheless be prepared for it.
996 PLOG(WARNING) << "Failed to flock " << package_name;
997 return false;
998 }
999
1000 bool truncated = ftruncate(out_fd.get(), 0) == 0;
1001 if (!truncated) {
1002 PLOG(WARNING) << "Could not truncate " << package_name;
1003 }
1004
1005 // Copy over data.
1006 static constexpr size_t kBufferSize = 4 * 1024;
1007 char buffer[kBufferSize];
1008 while (true) {
1009 ssize_t bytes = read(in_fd.get(), buffer, kBufferSize);
1010 if (bytes == 0) {
1011 break;
1012 }
1013 write(out_fd.get(), buffer, bytes);
1014 }
1015 if (flock(out_fd.get(), LOCK_UN) != 0) {
1016 PLOG(WARNING) << "Error unlocking profile " << package_name;
1017 }
1018 // Use _exit since we don't want to run the global destructors in the child.
1019 // b/62597429
1020 _exit(0);
1021 }
1022 /* parent */
1023 int return_code = wait_child(pid);
1024 return return_code == 0;
1025 }
1026
replace_file_extension(const std::string & oat_path,const std::string & new_ext)1027 static std::string replace_file_extension(const std::string& oat_path, const std::string& new_ext) {
1028 // A standard dalvik-cache entry. Replace ".dex" with `new_ext`.
1029 if (EndsWith(oat_path, ".dex")) {
1030 std::string new_path = oat_path;
1031 new_path.replace(new_path.length() - strlen(".dex"), strlen(".dex"), new_ext);
1032 CHECK(EndsWith(new_path, new_ext));
1033 return new_path;
1034 }
1035
1036 // An odex entry. Not that this may not be an extension, e.g., in the OTA
1037 // case (where the base name will have an extension for the B artifact).
1038 size_t odex_pos = oat_path.rfind(".odex");
1039 if (odex_pos != std::string::npos) {
1040 std::string new_path = oat_path;
1041 new_path.replace(odex_pos, strlen(".odex"), new_ext);
1042 CHECK_NE(new_path.find(new_ext), std::string::npos);
1043 return new_path;
1044 }
1045
1046 // Don't know how to handle this.
1047 return "";
1048 }
1049
1050 // Translate the given oat path to an art (app image) path. An empty string
1051 // denotes an error.
create_image_filename(const std::string & oat_path)1052 static std::string create_image_filename(const std::string& oat_path) {
1053 return replace_file_extension(oat_path, ".art");
1054 }
1055
1056 // Translate the given oat path to a vdex path. An empty string denotes an error.
create_vdex_filename(const std::string & oat_path)1057 static std::string create_vdex_filename(const std::string& oat_path) {
1058 return replace_file_extension(oat_path, ".vdex");
1059 }
1060
open_output_file(const char * file_name,bool recreate,int permissions)1061 static int open_output_file(const char* file_name, bool recreate, int permissions) {
1062 int flags = O_RDWR | O_CREAT;
1063 if (recreate) {
1064 if (unlink(file_name) < 0) {
1065 if (errno != ENOENT) {
1066 PLOG(ERROR) << "open_output_file: Couldn't unlink " << file_name;
1067 }
1068 }
1069 flags |= O_EXCL;
1070 }
1071 return open(file_name, flags, permissions);
1072 }
1073
set_permissions_and_ownership(int fd,bool is_public,int uid,const char * path,bool is_secondary_dex)1074 static bool set_permissions_and_ownership(
1075 int fd, bool is_public, int uid, const char* path, bool is_secondary_dex) {
1076 // Primary apks are owned by the system. Secondary dex files are owned by the app.
1077 int owning_uid = is_secondary_dex ? uid : AID_SYSTEM;
1078 if (fchmod(fd,
1079 S_IRUSR|S_IWUSR|S_IRGRP |
1080 (is_public ? S_IROTH : 0)) < 0) {
1081 ALOGE("installd cannot chmod '%s' during dexopt\n", path);
1082 return false;
1083 } else if (fchown(fd, owning_uid, uid) < 0) {
1084 ALOGE("installd cannot chown '%s' during dexopt\n", path);
1085 return false;
1086 }
1087 return true;
1088 }
1089
IsOutputDalvikCache(const char * oat_dir)1090 static bool IsOutputDalvikCache(const char* oat_dir) {
1091 // InstallerConnection.java (which invokes installd) transforms Java null arguments
1092 // into '!'. Play it safe by handling it both.
1093 // TODO: ensure we never get null.
1094 // TODO: pass a flag instead of inferring if the output is dalvik cache.
1095 return oat_dir == nullptr || oat_dir[0] == '!';
1096 }
1097
1098 // Best-effort check whether we can fit the the path into our buffers.
1099 // Note: the cache path will require an additional 5 bytes for ".swap", but we'll try to run
1100 // without a swap file, if necessary. Reference profiles file also add an extra ".prof"
1101 // extension to the cache path (5 bytes).
1102 // TODO(calin): move away from char* buffers and PKG_PATH_MAX.
validate_dex_path_size(const std::string & dex_path)1103 static bool validate_dex_path_size(const std::string& dex_path) {
1104 if (dex_path.size() >= (PKG_PATH_MAX - 8)) {
1105 LOG(ERROR) << "dex_path too long: " << dex_path;
1106 return false;
1107 }
1108 return true;
1109 }
1110
create_oat_out_path(const char * apk_path,const char * instruction_set,const char * oat_dir,bool is_secondary_dex,char * out_oat_path)1111 static bool create_oat_out_path(const char* apk_path, const char* instruction_set,
1112 const char* oat_dir, bool is_secondary_dex, /*out*/ char* out_oat_path) {
1113 if (!validate_dex_path_size(apk_path)) {
1114 return false;
1115 }
1116
1117 if (!IsOutputDalvikCache(oat_dir)) {
1118 // Oat dirs for secondary dex files are already validated.
1119 if (!is_secondary_dex && validate_apk_path(oat_dir)) {
1120 ALOGE("cannot validate apk path with oat_dir '%s'\n", oat_dir);
1121 return false;
1122 }
1123 if (!calculate_oat_file_path(out_oat_path, oat_dir, apk_path, instruction_set)) {
1124 return false;
1125 }
1126 } else {
1127 if (!create_cache_path(out_oat_path, apk_path, instruction_set)) {
1128 return false;
1129 }
1130 }
1131 return true;
1132 }
1133
1134 // Helper for fd management. This is similar to a unique_fd in that it closes the file descriptor
1135 // on destruction. It will also run the given cleanup (unless told not to) after closing.
1136 //
1137 // Usage example:
1138 //
1139 // Dex2oatFileWrapper file(open(...),
1140 // [name]() {
1141 // unlink(name.c_str());
1142 // });
1143 // // Note: care needs to be taken about name, as it needs to have a lifetime longer than the
1144 // wrapper if captured as a reference.
1145 //
1146 // if (file.get() == -1) {
1147 // // Error opening...
1148 // }
1149 //
1150 // ...
1151 // if (error) {
1152 // // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will run
1153 // // and delete the file (after the fd is closed).
1154 // return -1;
1155 // }
1156 //
1157 // (Success case)
1158 // file.SetCleanup(false);
1159 // // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will not run
1160 // // (leaving the file around; after the fd is closed).
1161 //
1162 class Dex2oatFileWrapper {
1163 public:
Dex2oatFileWrapper()1164 Dex2oatFileWrapper() : value_(-1), cleanup_(), do_cleanup_(true), auto_close_(true) {
1165 }
1166
Dex2oatFileWrapper(int value,std::function<void ()> cleanup)1167 Dex2oatFileWrapper(int value, std::function<void ()> cleanup)
1168 : value_(value), cleanup_(cleanup), do_cleanup_(true), auto_close_(true) {}
1169
Dex2oatFileWrapper(Dex2oatFileWrapper && other)1170 Dex2oatFileWrapper(Dex2oatFileWrapper&& other) {
1171 value_ = other.value_;
1172 cleanup_ = other.cleanup_;
1173 do_cleanup_ = other.do_cleanup_;
1174 auto_close_ = other.auto_close_;
1175 other.release();
1176 }
1177
operator =(Dex2oatFileWrapper && other)1178 Dex2oatFileWrapper& operator=(Dex2oatFileWrapper&& other) {
1179 value_ = other.value_;
1180 cleanup_ = other.cleanup_;
1181 do_cleanup_ = other.do_cleanup_;
1182 auto_close_ = other.auto_close_;
1183 other.release();
1184 return *this;
1185 }
1186
~Dex2oatFileWrapper()1187 ~Dex2oatFileWrapper() {
1188 reset(-1);
1189 }
1190
get()1191 int get() {
1192 return value_;
1193 }
1194
SetCleanup(bool cleanup)1195 void SetCleanup(bool cleanup) {
1196 do_cleanup_ = cleanup;
1197 }
1198
reset(int new_value)1199 void reset(int new_value) {
1200 if (auto_close_ && value_ >= 0) {
1201 close(value_);
1202 }
1203 if (do_cleanup_ && cleanup_ != nullptr) {
1204 cleanup_();
1205 }
1206
1207 value_ = new_value;
1208 }
1209
reset(int new_value,std::function<void ()> new_cleanup)1210 void reset(int new_value, std::function<void ()> new_cleanup) {
1211 if (auto_close_ && value_ >= 0) {
1212 close(value_);
1213 }
1214 if (do_cleanup_ && cleanup_ != nullptr) {
1215 cleanup_();
1216 }
1217
1218 value_ = new_value;
1219 cleanup_ = new_cleanup;
1220 }
1221
DisableAutoClose()1222 void DisableAutoClose() {
1223 auto_close_ = false;
1224 }
1225
1226 private:
release()1227 void release() {
1228 value_ = -1;
1229 do_cleanup_ = false;
1230 cleanup_ = nullptr;
1231 }
1232 int value_;
1233 std::function<void ()> cleanup_;
1234 bool do_cleanup_;
1235 bool auto_close_;
1236 };
1237
1238 // (re)Creates the app image if needed.
maybe_open_app_image(const char * out_oat_path,bool generate_app_image,bool is_public,int uid,bool is_secondary_dex)1239 Dex2oatFileWrapper maybe_open_app_image(const char* out_oat_path,
1240 bool generate_app_image, bool is_public, int uid, bool is_secondary_dex) {
1241
1242 // We don't create an image for secondary dex files.
1243 if (is_secondary_dex) {
1244 return Dex2oatFileWrapper();
1245 }
1246
1247 const std::string image_path = create_image_filename(out_oat_path);
1248 if (image_path.empty()) {
1249 // Happens when the out_oat_path has an unknown extension.
1250 return Dex2oatFileWrapper();
1251 }
1252
1253 // In case there is a stale image, remove it now. Ignore any error.
1254 unlink(image_path.c_str());
1255
1256 // Not enabled, exit.
1257 if (!generate_app_image) {
1258 return Dex2oatFileWrapper();
1259 }
1260 std::string app_image_format = GetProperty("dalvik.vm.appimageformat", "");
1261 if (app_image_format.empty()) {
1262 return Dex2oatFileWrapper();
1263 }
1264 // Recreate is true since we do not want to modify a mapped image. If the app is
1265 // already running and we modify the image file, it can cause crashes (b/27493510).
1266 Dex2oatFileWrapper wrapper_fd(
1267 open_output_file(image_path.c_str(), true /*recreate*/, 0600 /*permissions*/),
1268 [image_path]() { unlink(image_path.c_str()); });
1269 if (wrapper_fd.get() < 0) {
1270 // Could not create application image file. Go on since we can compile without it.
1271 LOG(ERROR) << "installd could not create '" << image_path
1272 << "' for image file during dexopt";
1273 // If we have a valid image file path but no image fd, explicitly erase the image file.
1274 if (unlink(image_path.c_str()) < 0) {
1275 if (errno != ENOENT) {
1276 PLOG(ERROR) << "Couldn't unlink image file " << image_path;
1277 }
1278 }
1279 } else if (!set_permissions_and_ownership(
1280 wrapper_fd.get(), is_public, uid, image_path.c_str(), is_secondary_dex)) {
1281 ALOGE("installd cannot set owner '%s' for image during dexopt\n", image_path.c_str());
1282 wrapper_fd.reset(-1);
1283 }
1284
1285 return wrapper_fd;
1286 }
1287
1288 // Creates the dexopt swap file if necessary and return its fd.
1289 // Returns -1 if there's no need for a swap or in case of errors.
maybe_open_dexopt_swap_file(const char * out_oat_path)1290 unique_fd maybe_open_dexopt_swap_file(const char* out_oat_path) {
1291 if (!ShouldUseSwapFileForDexopt()) {
1292 return invalid_unique_fd();
1293 }
1294 auto swap_file_name = std::string(out_oat_path) + ".swap";
1295 unique_fd swap_fd(open_output_file(
1296 swap_file_name.c_str(), /*recreate*/true, /*permissions*/0600));
1297 if (swap_fd.get() < 0) {
1298 // Could not create swap file. Optimistically go on and hope that we can compile
1299 // without it.
1300 ALOGE("installd could not create '%s' for swap during dexopt\n", swap_file_name.c_str());
1301 } else {
1302 // Immediately unlink. We don't really want to hit flash.
1303 if (unlink(swap_file_name.c_str()) < 0) {
1304 PLOG(ERROR) << "Couldn't unlink swap file " << swap_file_name;
1305 }
1306 }
1307 return swap_fd;
1308 }
1309
1310 // Opens the reference profiles if needed.
1311 // Note that the reference profile might not exist so it's OK if the fd will be -1.
maybe_open_reference_profile(const std::string & pkgname,const std::string & dex_path,const char * profile_name,bool profile_guided,bool is_public,int uid,bool is_secondary_dex)1312 Dex2oatFileWrapper maybe_open_reference_profile(const std::string& pkgname,
1313 const std::string& dex_path, const char* profile_name, bool profile_guided,
1314 bool is_public, int uid, bool is_secondary_dex) {
1315 // If we are not profile guided compilation, or we are compiling system server
1316 // do not bother to open the profiles; we won't be using them.
1317 if (!profile_guided || (pkgname[0] == '*')) {
1318 return Dex2oatFileWrapper();
1319 }
1320
1321 // If this is a secondary dex path which is public do not open the profile.
1322 // We cannot compile public secondary dex paths with profiles. That's because
1323 // it will expose how the dex files are used by their owner.
1324 //
1325 // Note that the PackageManager is responsible to set the is_public flag for
1326 // primary apks and we do not check it here. In some cases, e.g. when
1327 // compiling with a public profile from the .dm file the PackageManager will
1328 // set is_public toghether with the profile guided compilation.
1329 if (is_secondary_dex && is_public) {
1330 return Dex2oatFileWrapper();
1331 }
1332
1333 // Open reference profile in read only mode as dex2oat does not get write permissions.
1334 std::string location;
1335 if (is_secondary_dex) {
1336 location = dex_path;
1337 } else {
1338 if (profile_name == nullptr) {
1339 // This path is taken for system server re-compilation lunched from ZygoteInit.
1340 return Dex2oatFileWrapper();
1341 } else {
1342 location = profile_name;
1343 }
1344 }
1345 unique_fd ufd = open_reference_profile(uid, pkgname, location, /*read_write*/false,
1346 is_secondary_dex);
1347 const auto& cleanup = [pkgname, location, is_secondary_dex]() {
1348 clear_reference_profile(pkgname, location, is_secondary_dex);
1349 };
1350 return Dex2oatFileWrapper(ufd.release(), cleanup);
1351 }
1352
1353 // Opens the vdex files and assigns the input fd to in_vdex_wrapper_fd and the output fd to
1354 // out_vdex_wrapper_fd. Returns true for success or false in case of errors.
open_vdex_files_for_dex2oat(const char * apk_path,const char * out_oat_path,int dexopt_needed,const char * instruction_set,bool is_public,int uid,bool is_secondary_dex,bool profile_guided,Dex2oatFileWrapper * in_vdex_wrapper_fd,Dex2oatFileWrapper * out_vdex_wrapper_fd)1355 bool open_vdex_files_for_dex2oat(const char* apk_path, const char* out_oat_path, int dexopt_needed,
1356 const char* instruction_set, bool is_public, int uid, bool is_secondary_dex,
1357 bool profile_guided, Dex2oatFileWrapper* in_vdex_wrapper_fd,
1358 Dex2oatFileWrapper* out_vdex_wrapper_fd) {
1359 CHECK(in_vdex_wrapper_fd != nullptr);
1360 CHECK(out_vdex_wrapper_fd != nullptr);
1361 // Open the existing VDEX. We do this before creating the new output VDEX, which will
1362 // unlink the old one.
1363 char in_odex_path[PKG_PATH_MAX];
1364 int dexopt_action = abs(dexopt_needed);
1365 bool is_odex_location = dexopt_needed < 0;
1366 std::string in_vdex_path_str;
1367
1368 // Infer the name of the output VDEX.
1369 const std::string out_vdex_path_str = create_vdex_filename(out_oat_path);
1370 if (out_vdex_path_str.empty()) {
1371 return false;
1372 }
1373
1374 bool update_vdex_in_place = false;
1375 if (dexopt_action != DEX2OAT_FROM_SCRATCH) {
1376 // Open the possibly existing vdex. If none exist, we pass -1 to dex2oat for input-vdex-fd.
1377 const char* path = nullptr;
1378 if (is_odex_location) {
1379 if (calculate_odex_file_path(in_odex_path, apk_path, instruction_set)) {
1380 path = in_odex_path;
1381 } else {
1382 ALOGE("installd cannot compute input vdex location for '%s'\n", apk_path);
1383 return false;
1384 }
1385 } else {
1386 path = out_oat_path;
1387 }
1388 in_vdex_path_str = create_vdex_filename(path);
1389 if (in_vdex_path_str.empty()) {
1390 ALOGE("installd cannot compute input vdex location for '%s'\n", path);
1391 return false;
1392 }
1393 // We can update in place when all these conditions are met:
1394 // 1) The vdex location to write to is the same as the vdex location to read (vdex files
1395 // on /system typically cannot be updated in place).
1396 // 2) We dex2oat due to boot image change, because we then know the existing vdex file
1397 // cannot be currently used by a running process.
1398 // 3) We are not doing a profile guided compilation, because dexlayout requires two
1399 // different vdex files to operate.
1400 update_vdex_in_place =
1401 (in_vdex_path_str == out_vdex_path_str) &&
1402 (dexopt_action == DEX2OAT_FOR_BOOT_IMAGE) &&
1403 !profile_guided;
1404 if (update_vdex_in_place) {
1405 // Open the file read-write to be able to update it.
1406 in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDWR, 0));
1407 if (in_vdex_wrapper_fd->get() == -1) {
1408 // If we failed to open the file, we cannot update it in place.
1409 update_vdex_in_place = false;
1410 }
1411 } else {
1412 in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDONLY, 0));
1413 }
1414 }
1415
1416 // If we are updating the vdex in place, we do not need to recreate a vdex,
1417 // and can use the same existing one.
1418 if (update_vdex_in_place) {
1419 // We unlink the file in case the invocation of dex2oat fails, to ensure we don't
1420 // have bogus stale vdex files.
1421 out_vdex_wrapper_fd->reset(
1422 in_vdex_wrapper_fd->get(),
1423 [out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); });
1424 // Disable auto close for the in wrapper fd (it will be done when destructing the out
1425 // wrapper).
1426 in_vdex_wrapper_fd->DisableAutoClose();
1427 } else {
1428 out_vdex_wrapper_fd->reset(
1429 open_output_file(out_vdex_path_str.c_str(), /*recreate*/true, /*permissions*/0644),
1430 [out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); });
1431 if (out_vdex_wrapper_fd->get() < 0) {
1432 ALOGE("installd cannot open vdex'%s' during dexopt\n", out_vdex_path_str.c_str());
1433 return false;
1434 }
1435 }
1436 if (!set_permissions_and_ownership(out_vdex_wrapper_fd->get(), is_public, uid,
1437 out_vdex_path_str.c_str(), is_secondary_dex)) {
1438 ALOGE("installd cannot set owner '%s' for vdex during dexopt\n", out_vdex_path_str.c_str());
1439 return false;
1440 }
1441
1442 // If we got here we successfully opened the vdex files.
1443 return true;
1444 }
1445
1446 // Opens the output oat file for the given apk.
1447 // If successful it stores the output path into out_oat_path and returns true.
open_oat_out_file(const char * apk_path,const char * oat_dir,bool is_public,int uid,const char * instruction_set,bool is_secondary_dex,char * out_oat_path)1448 Dex2oatFileWrapper open_oat_out_file(const char* apk_path, const char* oat_dir,
1449 bool is_public, int uid, const char* instruction_set, bool is_secondary_dex,
1450 char* out_oat_path) {
1451 if (!create_oat_out_path(apk_path, instruction_set, oat_dir, is_secondary_dex, out_oat_path)) {
1452 return Dex2oatFileWrapper();
1453 }
1454 const std::string out_oat_path_str(out_oat_path);
1455 Dex2oatFileWrapper wrapper_fd(
1456 open_output_file(out_oat_path, /*recreate*/true, /*permissions*/0644),
1457 [out_oat_path_str]() { unlink(out_oat_path_str.c_str()); });
1458 if (wrapper_fd.get() < 0) {
1459 PLOG(ERROR) << "installd cannot open output during dexopt" << out_oat_path;
1460 } else if (!set_permissions_and_ownership(
1461 wrapper_fd.get(), is_public, uid, out_oat_path, is_secondary_dex)) {
1462 ALOGE("installd cannot set owner '%s' for output during dexopt\n", out_oat_path);
1463 wrapper_fd.reset(-1);
1464 }
1465 return wrapper_fd;
1466 }
1467
1468 // Creates RDONLY fds for oat and vdex files, if exist.
1469 // Returns false if it fails to create oat out path for the given apk path.
1470 // Note that the method returns true even if the files could not be opened.
maybe_open_oat_and_vdex_file(const std::string & apk_path,const std::string & oat_dir,const std::string & instruction_set,bool is_secondary_dex,unique_fd * oat_file_fd,unique_fd * vdex_file_fd)1471 bool maybe_open_oat_and_vdex_file(const std::string& apk_path,
1472 const std::string& oat_dir,
1473 const std::string& instruction_set,
1474 bool is_secondary_dex,
1475 unique_fd* oat_file_fd,
1476 unique_fd* vdex_file_fd) {
1477 char oat_path[PKG_PATH_MAX];
1478 if (!create_oat_out_path(apk_path.c_str(),
1479 instruction_set.c_str(),
1480 oat_dir.c_str(),
1481 is_secondary_dex,
1482 oat_path)) {
1483 LOG(ERROR) << "Could not create oat out path for "
1484 << apk_path << " with oat dir " << oat_dir;
1485 return false;
1486 }
1487 oat_file_fd->reset(open(oat_path, O_RDONLY));
1488 if (oat_file_fd->get() < 0) {
1489 PLOG(INFO) << "installd cannot open oat file during dexopt" << oat_path;
1490 }
1491
1492 std::string vdex_filename = create_vdex_filename(oat_path);
1493 vdex_file_fd->reset(open(vdex_filename.c_str(), O_RDONLY));
1494 if (vdex_file_fd->get() < 0) {
1495 PLOG(INFO) << "installd cannot open vdex file during dexopt" << vdex_filename;
1496 }
1497
1498 return true;
1499 }
1500
1501 // Updates the access times of out_oat_path based on those from apk_path.
update_out_oat_access_times(const char * apk_path,const char * out_oat_path)1502 void update_out_oat_access_times(const char* apk_path, const char* out_oat_path) {
1503 struct stat input_stat;
1504 memset(&input_stat, 0, sizeof(input_stat));
1505 if (stat(apk_path, &input_stat) != 0) {
1506 PLOG(ERROR) << "Could not stat " << apk_path << " during dexopt";
1507 return;
1508 }
1509
1510 struct utimbuf ut;
1511 ut.actime = input_stat.st_atime;
1512 ut.modtime = input_stat.st_mtime;
1513 if (utime(out_oat_path, &ut) != 0) {
1514 PLOG(WARNING) << "Could not update access times for " << apk_path << " during dexopt";
1515 }
1516 }
1517
1518 // Runs (execv) dexoptanalyzer on the given arguments.
1519 // The analyzer will check if the dex_file needs to be (re)compiled to match the compiler_filter.
1520 // If this is for a profile guided compilation, profile_was_updated will tell whether or not
1521 // the profile has changed.
1522 class RunDexoptAnalyzer : public ExecVHelper {
1523 public:
RunDexoptAnalyzer(const std::string & dex_file,int vdex_fd,int oat_fd,int zip_fd,const std::string & instruction_set,const std::string & compiler_filter,bool profile_was_updated,bool downgrade,const char * class_loader_context,const std::string & class_loader_context_fds)1524 RunDexoptAnalyzer(const std::string& dex_file,
1525 int vdex_fd,
1526 int oat_fd,
1527 int zip_fd,
1528 const std::string& instruction_set,
1529 const std::string& compiler_filter,
1530 bool profile_was_updated,
1531 bool downgrade,
1532 const char* class_loader_context,
1533 const std::string& class_loader_context_fds) {
1534 CHECK_GE(zip_fd, 0);
1535
1536 // We always run the analyzer in the background job.
1537 const char* dexoptanalyzer_bin = select_execution_binary(
1538 kDexoptanalyzerPath, kDexoptanalyzerDebugPath, /*background_job_compile=*/ true);
1539
1540 std::string dex_file_arg = "--dex-file=" + dex_file;
1541 std::string oat_fd_arg = "--oat-fd=" + std::to_string(oat_fd);
1542 std::string vdex_fd_arg = "--vdex-fd=" + std::to_string(vdex_fd);
1543 std::string zip_fd_arg = "--zip-fd=" + std::to_string(zip_fd);
1544 std::string isa_arg = "--isa=" + instruction_set;
1545 std::string compiler_filter_arg = "--compiler-filter=" + compiler_filter;
1546 const char* assume_profile_changed = "--assume-profile-changed";
1547 const char* downgrade_flag = "--downgrade";
1548 std::string class_loader_context_arg = "--class-loader-context=";
1549 if (class_loader_context != nullptr) {
1550 class_loader_context_arg += class_loader_context;
1551 }
1552 std::string class_loader_context_fds_arg = "--class-loader-context-fds=";
1553 if (!class_loader_context_fds.empty()) {
1554 class_loader_context_fds_arg += class_loader_context_fds;
1555 }
1556
1557 // program name, dex file, isa, filter
1558 AddArg(dex_file_arg);
1559 AddArg(isa_arg);
1560 AddArg(compiler_filter_arg);
1561 if (oat_fd >= 0) {
1562 AddArg(oat_fd_arg);
1563 }
1564 if (vdex_fd >= 0) {
1565 AddArg(vdex_fd_arg);
1566 }
1567 AddArg(zip_fd_arg);
1568 if (profile_was_updated) {
1569 AddArg(assume_profile_changed);
1570 }
1571 if (downgrade) {
1572 AddArg(downgrade_flag);
1573 }
1574 if (class_loader_context != nullptr) {
1575 AddArg(class_loader_context_arg);
1576 if (!class_loader_context_fds.empty()) {
1577 AddArg(class_loader_context_fds_arg);
1578 }
1579 }
1580
1581 PrepareArgs(dexoptanalyzer_bin);
1582 }
1583
1584 // Dexoptanalyzer mode which flattens the given class loader context and
1585 // prints a list of its dex files in that flattened order.
RunDexoptAnalyzer(const char * class_loader_context)1586 RunDexoptAnalyzer(const char* class_loader_context) {
1587 CHECK(class_loader_context != nullptr);
1588
1589 // We always run the analyzer in the background job.
1590 const char* dexoptanalyzer_bin = select_execution_binary(
1591 kDexoptanalyzerPath, kDexoptanalyzerDebugPath, /*background_job_compile=*/ true);
1592
1593 AddArg("--flatten-class-loader-context");
1594 AddArg(std::string("--class-loader-context=") + class_loader_context);
1595 PrepareArgs(dexoptanalyzer_bin);
1596 }
1597 };
1598
1599 // Prepares the oat dir for the secondary dex files.
prepare_secondary_dex_oat_dir(const std::string & dex_path,int uid,const char * instruction_set)1600 static bool prepare_secondary_dex_oat_dir(const std::string& dex_path, int uid,
1601 const char* instruction_set) {
1602 unsigned long dirIndex = dex_path.rfind('/');
1603 if (dirIndex == std::string::npos) {
1604 LOG(ERROR ) << "Unexpected dir structure for secondary dex " << dex_path;
1605 return false;
1606 }
1607 std::string dex_dir = dex_path.substr(0, dirIndex);
1608
1609 // Create oat file output directory.
1610 mode_t oat_dir_mode = S_IRWXU | S_IRWXG | S_IXOTH;
1611 if (prepare_app_cache_dir(dex_dir, "oat", oat_dir_mode, uid, uid) != 0) {
1612 LOG(ERROR) << "Could not prepare oat dir for secondary dex: " << dex_path;
1613 return false;
1614 }
1615
1616 char oat_dir[PKG_PATH_MAX];
1617 snprintf(oat_dir, PKG_PATH_MAX, "%s/oat", dex_dir.c_str());
1618
1619 if (prepare_app_cache_dir(oat_dir, instruction_set, oat_dir_mode, uid, uid) != 0) {
1620 LOG(ERROR) << "Could not prepare oat/isa dir for secondary dex: " << dex_path;
1621 return false;
1622 }
1623
1624 return true;
1625 }
1626
1627 // Return codes for identifying the reason why dexoptanalyzer was not invoked when processing
1628 // secondary dex files. This return codes are returned by the child process created for
1629 // analyzing secondary dex files in process_secondary_dex_dexopt.
1630
1631 enum DexoptAnalyzerSkipCodes {
1632 // The dexoptanalyzer was not invoked because of validation or IO errors.
1633 // Specific errors are encoded in the name.
1634 kSecondaryDexDexoptAnalyzerSkippedValidatePath = 200,
1635 kSecondaryDexDexoptAnalyzerSkippedOpenZip = 201,
1636 kSecondaryDexDexoptAnalyzerSkippedPrepareDir = 202,
1637 kSecondaryDexDexoptAnalyzerSkippedOpenOutput = 203,
1638 kSecondaryDexDexoptAnalyzerSkippedFailExec = 204,
1639 // The dexoptanalyzer was not invoked because the dex file does not exist anymore.
1640 kSecondaryDexDexoptAnalyzerSkippedNoFile = 205,
1641 };
1642
1643 // Verifies the result of analyzing secondary dex files from process_secondary_dex_dexopt.
1644 // If the result is valid returns true and sets dexopt_needed_out to a valid value.
1645 // Returns false for errors or unexpected result values.
1646 // The result is expected to be either one of SECONDARY_DEX_* codes or a valid exit code
1647 // of dexoptanalyzer.
process_secondary_dexoptanalyzer_result(const std::string & dex_path,int result,int * dexopt_needed_out,std::string * error_msg)1648 static bool process_secondary_dexoptanalyzer_result(const std::string& dex_path, int result,
1649 int* dexopt_needed_out, std::string* error_msg) {
1650 // The result values are defined in dexoptanalyzer.
1651 switch (result) {
1652 case 0: // dexoptanalyzer: no_dexopt_needed
1653 *dexopt_needed_out = NO_DEXOPT_NEEDED; return true;
1654 case 1: // dexoptanalyzer: dex2oat_from_scratch
1655 *dexopt_needed_out = DEX2OAT_FROM_SCRATCH; return true;
1656 case 4: // dexoptanalyzer: dex2oat_for_bootimage_odex
1657 *dexopt_needed_out = -DEX2OAT_FOR_BOOT_IMAGE; return true;
1658 case 5: // dexoptanalyzer: dex2oat_for_filter_odex
1659 *dexopt_needed_out = -DEX2OAT_FOR_FILTER; return true;
1660 case 2: // dexoptanalyzer: dex2oat_for_bootimage_oat
1661 case 3: // dexoptanalyzer: dex2oat_for_filter_oat
1662 *error_msg = StringPrintf("Dexoptanalyzer return the status of an oat file."
1663 " Expected odex file status for secondary dex %s"
1664 " : dexoptanalyzer result=%d",
1665 dex_path.c_str(),
1666 result);
1667 return false;
1668 }
1669
1670 // Use a second switch for enum switch-case analysis.
1671 switch (static_cast<DexoptAnalyzerSkipCodes>(result)) {
1672 case kSecondaryDexDexoptAnalyzerSkippedNoFile:
1673 // If the file does not exist there's no need for dexopt.
1674 *dexopt_needed_out = NO_DEXOPT_NEEDED;
1675 return true;
1676
1677 case kSecondaryDexDexoptAnalyzerSkippedValidatePath:
1678 *error_msg = "Dexoptanalyzer path validation failed";
1679 return false;
1680 case kSecondaryDexDexoptAnalyzerSkippedOpenZip:
1681 *error_msg = "Dexoptanalyzer open zip failed";
1682 return false;
1683 case kSecondaryDexDexoptAnalyzerSkippedPrepareDir:
1684 *error_msg = "Dexoptanalyzer dir preparation failed";
1685 return false;
1686 case kSecondaryDexDexoptAnalyzerSkippedOpenOutput:
1687 *error_msg = "Dexoptanalyzer open output failed";
1688 return false;
1689 case kSecondaryDexDexoptAnalyzerSkippedFailExec:
1690 *error_msg = "Dexoptanalyzer failed to execute";
1691 return false;
1692 }
1693
1694 *error_msg = StringPrintf("Unexpected result from analyzing secondary dex %s result=%d",
1695 dex_path.c_str(),
1696 result);
1697 return false;
1698 }
1699
1700 enum SecondaryDexAccess {
1701 kSecondaryDexAccessReadOk = 0,
1702 kSecondaryDexAccessDoesNotExist = 1,
1703 kSecondaryDexAccessPermissionError = 2,
1704 kSecondaryDexAccessIOError = 3
1705 };
1706
check_secondary_dex_access(const std::string & dex_path)1707 static SecondaryDexAccess check_secondary_dex_access(const std::string& dex_path) {
1708 // Check if the path exists and can be read. If not, there's nothing to do.
1709 if (access(dex_path.c_str(), R_OK) == 0) {
1710 return kSecondaryDexAccessReadOk;
1711 } else {
1712 if (errno == ENOENT) {
1713 LOG(INFO) << "Secondary dex does not exist: " << dex_path;
1714 return kSecondaryDexAccessDoesNotExist;
1715 } else {
1716 PLOG(ERROR) << "Could not access secondary dex " << dex_path;
1717 return errno == EACCES
1718 ? kSecondaryDexAccessPermissionError
1719 : kSecondaryDexAccessIOError;
1720 }
1721 }
1722 }
1723
is_file_public(const std::string & filename)1724 static bool is_file_public(const std::string& filename) {
1725 struct stat file_stat;
1726 if (stat(filename.c_str(), &file_stat) == 0) {
1727 return (file_stat.st_mode & S_IROTH) != 0;
1728 }
1729 return false;
1730 }
1731
1732 // Create the oat file structure for the secondary dex 'dex_path' and assign
1733 // the individual path component to the 'out_' parameters.
create_secondary_dex_oat_layout(const std::string & dex_path,const std::string & isa,char * out_oat_dir,char * out_oat_isa_dir,char * out_oat_path,std::string * error_msg)1734 static bool create_secondary_dex_oat_layout(const std::string& dex_path, const std::string& isa,
1735 char* out_oat_dir, char* out_oat_isa_dir, char* out_oat_path, std::string* error_msg) {
1736 size_t dirIndex = dex_path.rfind('/');
1737 if (dirIndex == std::string::npos) {
1738 *error_msg = std::string("Unexpected dir structure for dex file ").append(dex_path);
1739 return false;
1740 }
1741 // TODO(calin): we have similar computations in at lest 3 other places
1742 // (InstalldNativeService, otapropt and dexopt). Unify them and get rid of snprintf by
1743 // using string append.
1744 std::string apk_dir = dex_path.substr(0, dirIndex);
1745 snprintf(out_oat_dir, PKG_PATH_MAX, "%s/oat", apk_dir.c_str());
1746 snprintf(out_oat_isa_dir, PKG_PATH_MAX, "%s/%s", out_oat_dir, isa.c_str());
1747
1748 if (!create_oat_out_path(dex_path.c_str(), isa.c_str(), out_oat_dir,
1749 /*is_secondary_dex*/true, out_oat_path)) {
1750 *error_msg = std::string("Could not create oat path for secondary dex ").append(dex_path);
1751 return false;
1752 }
1753 return true;
1754 }
1755
1756 // Validate that the dexopt_flags contain a valid storage flag and convert that to an installd
1757 // recognized storage flags (FLAG_STORAGE_CE or FLAG_STORAGE_DE).
validate_dexopt_storage_flags(int dexopt_flags,int * out_storage_flag,std::string * error_msg)1758 static bool validate_dexopt_storage_flags(int dexopt_flags,
1759 int* out_storage_flag,
1760 std::string* error_msg) {
1761 if ((dexopt_flags & DEXOPT_STORAGE_CE) != 0) {
1762 *out_storage_flag = FLAG_STORAGE_CE;
1763 if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) {
1764 *error_msg = "Ambiguous secondary dex storage flag. Both, CE and DE, flags are set";
1765 return false;
1766 }
1767 } else if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) {
1768 *out_storage_flag = FLAG_STORAGE_DE;
1769 } else {
1770 *error_msg = "Secondary dex storage flag must be set";
1771 return false;
1772 }
1773 return true;
1774 }
1775
get_class_loader_context_dex_paths(const char * class_loader_context,int uid,std::vector<std::string> * context_dex_paths)1776 static bool get_class_loader_context_dex_paths(const char* class_loader_context, int uid,
1777 /* out */ std::vector<std::string>* context_dex_paths) {
1778 if (class_loader_context == nullptr) {
1779 return true;
1780 }
1781
1782 LOG(DEBUG) << "Getting dex paths for context " << class_loader_context;
1783
1784 // Pipe to get the hash result back from our child process.
1785 unique_fd pipe_read, pipe_write;
1786 if (!Pipe(&pipe_read, &pipe_write)) {
1787 PLOG(ERROR) << "Failed to create pipe";
1788 return false;
1789 }
1790
1791 pid_t pid = fork();
1792 if (pid == 0) {
1793 // child -- drop privileges before continuing.
1794 drop_capabilities(uid);
1795
1796 // Route stdout to `pipe_write`
1797 while ((dup2(pipe_write, STDOUT_FILENO) == -1) && (errno == EINTR)) {}
1798 pipe_write.reset();
1799 pipe_read.reset();
1800
1801 RunDexoptAnalyzer run_dexopt_analyzer(class_loader_context);
1802 run_dexopt_analyzer.Exec(kSecondaryDexDexoptAnalyzerSkippedFailExec);
1803 }
1804
1805 /* parent */
1806 pipe_write.reset();
1807
1808 std::string str_dex_paths;
1809 if (!ReadFdToString(pipe_read, &str_dex_paths)) {
1810 PLOG(ERROR) << "Failed to read from pipe";
1811 return false;
1812 }
1813 pipe_read.reset();
1814
1815 int return_code = wait_child(pid);
1816 if (!WIFEXITED(return_code)) {
1817 PLOG(ERROR) << "Error waiting for child dexoptanalyzer process";
1818 return false;
1819 }
1820
1821 constexpr int kFlattenClassLoaderContextSuccess = 50;
1822 return_code = WEXITSTATUS(return_code);
1823 if (return_code != kFlattenClassLoaderContextSuccess) {
1824 LOG(ERROR) << "Dexoptanalyzer could not flatten class loader context, code=" << return_code;
1825 return false;
1826 }
1827
1828 if (!str_dex_paths.empty()) {
1829 *context_dex_paths = android::base::Split(str_dex_paths, ":");
1830 }
1831 return true;
1832 }
1833
open_dex_paths(const std::vector<std::string> & dex_paths,std::vector<unique_fd> * zip_fds,std::string * error_msg)1834 static int open_dex_paths(const std::vector<std::string>& dex_paths,
1835 /* out */ std::vector<unique_fd>* zip_fds, /* out */ std::string* error_msg) {
1836 for (const std::string& dex_path : dex_paths) {
1837 zip_fds->emplace_back(open(dex_path.c_str(), O_RDONLY));
1838 if (zip_fds->back().get() < 0) {
1839 *error_msg = StringPrintf(
1840 "installd cannot open '%s' for input during dexopt", dex_path.c_str());
1841 if (errno == ENOENT) {
1842 return kSecondaryDexDexoptAnalyzerSkippedNoFile;
1843 } else {
1844 return kSecondaryDexDexoptAnalyzerSkippedOpenZip;
1845 }
1846 }
1847 }
1848 return 0;
1849 }
1850
join_fds(const std::vector<unique_fd> & fds)1851 static std::string join_fds(const std::vector<unique_fd>& fds) {
1852 std::stringstream ss;
1853 bool is_first = true;
1854 for (const unique_fd& fd : fds) {
1855 if (is_first) {
1856 is_first = false;
1857 } else {
1858 ss << ":";
1859 }
1860 ss << fd.get();
1861 }
1862 return ss.str();
1863 }
1864
1865 // Processes the dex_path as a secondary dex files and return true if the path dex file should
1866 // be compiled. Returns false for errors (logged) or true if the secondary dex path was process
1867 // successfully.
1868 // When returning true, the output parameters will be:
1869 // - is_public_out: whether or not the oat file should not be made public
1870 // - dexopt_needed_out: valid OatFileAsssitant::DexOptNeeded
1871 // - oat_dir_out: the oat dir path where the oat file should be stored
process_secondary_dex_dexopt(const std::string & dex_path,const char * pkgname,int dexopt_flags,const char * volume_uuid,int uid,const char * instruction_set,const char * compiler_filter,bool * is_public_out,int * dexopt_needed_out,std::string * oat_dir_out,bool downgrade,const char * class_loader_context,const std::vector<std::string> & context_dex_paths,std::string * error_msg)1872 static bool process_secondary_dex_dexopt(const std::string& dex_path, const char* pkgname,
1873 int dexopt_flags, const char* volume_uuid, int uid, const char* instruction_set,
1874 const char* compiler_filter, bool* is_public_out, int* dexopt_needed_out,
1875 std::string* oat_dir_out, bool downgrade, const char* class_loader_context,
1876 const std::vector<std::string>& context_dex_paths, /* out */ std::string* error_msg) {
1877 LOG(DEBUG) << "Processing secondary dex path " << dex_path;
1878 int storage_flag;
1879 if (!validate_dexopt_storage_flags(dexopt_flags, &storage_flag, error_msg)) {
1880 LOG(ERROR) << *error_msg;
1881 return false;
1882 }
1883 // Compute the oat dir as it's not easy to extract it from the child computation.
1884 char oat_path[PKG_PATH_MAX];
1885 char oat_dir[PKG_PATH_MAX];
1886 char oat_isa_dir[PKG_PATH_MAX];
1887 if (!create_secondary_dex_oat_layout(
1888 dex_path, instruction_set, oat_dir, oat_isa_dir, oat_path, error_msg)) {
1889 LOG(ERROR) << "Could not create secondary odex layout: " << *error_msg;
1890 return false;
1891 }
1892 oat_dir_out->assign(oat_dir);
1893
1894 pid_t pid = fork();
1895 if (pid == 0) {
1896 // child -- drop privileges before continuing.
1897 drop_capabilities(uid);
1898
1899 // Validate the path structure.
1900 if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid, uid, storage_flag)) {
1901 LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
1902 _exit(kSecondaryDexDexoptAnalyzerSkippedValidatePath);
1903 }
1904
1905 // Open the dex file.
1906 unique_fd zip_fd;
1907 zip_fd.reset(open(dex_path.c_str(), O_RDONLY));
1908 if (zip_fd.get() < 0) {
1909 if (errno == ENOENT) {
1910 _exit(kSecondaryDexDexoptAnalyzerSkippedNoFile);
1911 } else {
1912 _exit(kSecondaryDexDexoptAnalyzerSkippedOpenZip);
1913 }
1914 }
1915
1916 // Open class loader context dex files.
1917 std::vector<unique_fd> context_zip_fds;
1918 int open_dex_paths_rc = open_dex_paths(context_dex_paths, &context_zip_fds, error_msg);
1919 if (open_dex_paths_rc != 0) {
1920 _exit(open_dex_paths_rc);
1921 }
1922
1923 // Prepare the oat directories.
1924 if (!prepare_secondary_dex_oat_dir(dex_path, uid, instruction_set)) {
1925 _exit(kSecondaryDexDexoptAnalyzerSkippedPrepareDir);
1926 }
1927
1928 // Open the vdex/oat files if any.
1929 unique_fd oat_file_fd;
1930 unique_fd vdex_file_fd;
1931 if (!maybe_open_oat_and_vdex_file(dex_path,
1932 *oat_dir_out,
1933 instruction_set,
1934 true /* is_secondary_dex */,
1935 &oat_file_fd,
1936 &vdex_file_fd)) {
1937 _exit(kSecondaryDexDexoptAnalyzerSkippedOpenOutput);
1938 }
1939
1940 // Analyze profiles.
1941 bool profile_was_updated = analyze_profiles(uid, pkgname, dex_path,
1942 /*is_secondary_dex*/true);
1943
1944 // Run dexoptanalyzer to get dexopt_needed code. This is not expected to return.
1945 // Note that we do not do it before the fork since opening the files is required to happen
1946 // after forking.
1947 RunDexoptAnalyzer run_dexopt_analyzer(dex_path,
1948 vdex_file_fd.get(),
1949 oat_file_fd.get(),
1950 zip_fd.get(),
1951 instruction_set,
1952 compiler_filter, profile_was_updated,
1953 downgrade,
1954 class_loader_context,
1955 join_fds(context_zip_fds));
1956 run_dexopt_analyzer.Exec(kSecondaryDexDexoptAnalyzerSkippedFailExec);
1957 }
1958
1959 /* parent */
1960 int result = wait_child(pid);
1961 if (!WIFEXITED(result)) {
1962 *error_msg = StringPrintf("dexoptanalyzer failed for path %s: 0x%04x",
1963 dex_path.c_str(),
1964 result);
1965 LOG(ERROR) << *error_msg;
1966 return false;
1967 }
1968 result = WEXITSTATUS(result);
1969 // Check that we successfully executed dexoptanalyzer.
1970 bool success = process_secondary_dexoptanalyzer_result(dex_path,
1971 result,
1972 dexopt_needed_out,
1973 error_msg);
1974 if (!success) {
1975 LOG(ERROR) << *error_msg;
1976 }
1977
1978 LOG(DEBUG) << "Processed secondary dex file " << dex_path << " result=" << result;
1979
1980 // Run dexopt only if needed or forced.
1981 // Note that dexoptanalyzer is executed even if force compilation is enabled (because it
1982 // makes the code simpler; force compilation is only needed during tests).
1983 if (success &&
1984 (result != kSecondaryDexDexoptAnalyzerSkippedNoFile) &&
1985 ((dexopt_flags & DEXOPT_FORCE) != 0)) {
1986 *dexopt_needed_out = DEX2OAT_FROM_SCRATCH;
1987 }
1988
1989 // Check if we should make the oat file public.
1990 // Note that if the dex file is not public the compiled code cannot be made public.
1991 // It is ok to check this flag outside in the parent process.
1992 *is_public_out = ((dexopt_flags & DEXOPT_PUBLIC) != 0) && is_file_public(dex_path);
1993
1994 return success;
1995 }
1996
format_dexopt_error(int status,const char * dex_path)1997 static std::string format_dexopt_error(int status, const char* dex_path) {
1998 if (WIFEXITED(status)) {
1999 int int_code = WEXITSTATUS(status);
2000 const char* code_name = get_return_code_name(static_cast<DexoptReturnCodes>(int_code));
2001 if (code_name != nullptr) {
2002 return StringPrintf("Dex2oat invocation for %s failed: %s", dex_path, code_name);
2003 }
2004 }
2005 return StringPrintf("Dex2oat invocation for %s failed with 0x%04x", dex_path, status);
2006 }
2007
dexopt(const char * dex_path,uid_t uid,const char * pkgname,const char * instruction_set,int dexopt_needed,const char * oat_dir,int dexopt_flags,const char * compiler_filter,const char * volume_uuid,const char * class_loader_context,const char * se_info,bool downgrade,int target_sdk_version,const char * profile_name,const char * dex_metadata_path,const char * compilation_reason,std::string * error_msg)2008 int dexopt(const char* dex_path, uid_t uid, const char* pkgname, const char* instruction_set,
2009 int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter,
2010 const char* volume_uuid, const char* class_loader_context, const char* se_info,
2011 bool downgrade, int target_sdk_version, const char* profile_name,
2012 const char* dex_metadata_path, const char* compilation_reason, std::string* error_msg) {
2013 CHECK(pkgname != nullptr);
2014 CHECK(pkgname[0] != 0);
2015 CHECK(error_msg != nullptr);
2016 CHECK_EQ(dexopt_flags & ~DEXOPT_MASK, 0)
2017 << "dexopt flags contains unknown fields: " << dexopt_flags;
2018
2019 if (!validate_dex_path_size(dex_path)) {
2020 *error_msg = StringPrintf("Failed to validate %s", dex_path);
2021 return -1;
2022 }
2023
2024 if (class_loader_context != nullptr && strlen(class_loader_context) > PKG_PATH_MAX) {
2025 *error_msg = StringPrintf("Class loader context exceeds the allowed size: %s",
2026 class_loader_context);
2027 LOG(ERROR) << *error_msg;
2028 return -1;
2029 }
2030
2031 bool is_public = (dexopt_flags & DEXOPT_PUBLIC) != 0;
2032 bool debuggable = (dexopt_flags & DEXOPT_DEBUGGABLE) != 0;
2033 bool boot_complete = (dexopt_flags & DEXOPT_BOOTCOMPLETE) != 0;
2034 bool profile_guided = (dexopt_flags & DEXOPT_PROFILE_GUIDED) != 0;
2035 bool is_secondary_dex = (dexopt_flags & DEXOPT_SECONDARY_DEX) != 0;
2036 bool background_job_compile = (dexopt_flags & DEXOPT_IDLE_BACKGROUND_JOB) != 0;
2037 bool enable_hidden_api_checks = (dexopt_flags & DEXOPT_ENABLE_HIDDEN_API_CHECKS) != 0;
2038 bool generate_compact_dex = (dexopt_flags & DEXOPT_GENERATE_COMPACT_DEX) != 0;
2039 bool generate_app_image = (dexopt_flags & DEXOPT_GENERATE_APP_IMAGE) != 0;
2040
2041 // Check if we're dealing with a secondary dex file and if we need to compile it.
2042 std::string oat_dir_str;
2043 std::vector<std::string> context_dex_paths;
2044 if (is_secondary_dex) {
2045 if (!get_class_loader_context_dex_paths(class_loader_context, uid, &context_dex_paths)) {
2046 *error_msg = "Failed acquiring context dex paths";
2047 return -1; // We had an error, logged in the process method.
2048 }
2049
2050 if (process_secondary_dex_dexopt(dex_path, pkgname, dexopt_flags, volume_uuid, uid,
2051 instruction_set, compiler_filter, &is_public, &dexopt_needed, &oat_dir_str,
2052 downgrade, class_loader_context, context_dex_paths, error_msg)) {
2053 oat_dir = oat_dir_str.c_str();
2054 if (dexopt_needed == NO_DEXOPT_NEEDED) {
2055 return 0; // Nothing to do, report success.
2056 }
2057 } else {
2058 if (error_msg->empty()) { // TODO: Make this a CHECK.
2059 *error_msg = "Failed processing secondary.";
2060 }
2061 return -1; // We had an error, logged in the process method.
2062 }
2063 } else {
2064 // Currently these flags are only used for secondary dex files.
2065 // Verify that they are not set for primary apks.
2066 CHECK((dexopt_flags & DEXOPT_STORAGE_CE) == 0);
2067 CHECK((dexopt_flags & DEXOPT_STORAGE_DE) == 0);
2068 }
2069
2070 // Open the input file.
2071 unique_fd input_fd(open(dex_path, O_RDONLY, 0));
2072 if (input_fd.get() < 0) {
2073 *error_msg = StringPrintf("installd cannot open '%s' for input during dexopt", dex_path);
2074 LOG(ERROR) << *error_msg;
2075 return -1;
2076 }
2077
2078 // Open class loader context dex files.
2079 std::vector<unique_fd> context_input_fds;
2080 if (open_dex_paths(context_dex_paths, &context_input_fds, error_msg) != 0) {
2081 LOG(ERROR) << *error_msg;
2082 return -1;
2083 }
2084
2085 // Create the output OAT file.
2086 char out_oat_path[PKG_PATH_MAX];
2087 Dex2oatFileWrapper out_oat_fd = open_oat_out_file(dex_path, oat_dir, is_public, uid,
2088 instruction_set, is_secondary_dex, out_oat_path);
2089 if (out_oat_fd.get() < 0) {
2090 *error_msg = "Could not open out oat file.";
2091 return -1;
2092 }
2093
2094 // Open vdex files.
2095 Dex2oatFileWrapper in_vdex_fd;
2096 Dex2oatFileWrapper out_vdex_fd;
2097 if (!open_vdex_files_for_dex2oat(dex_path, out_oat_path, dexopt_needed, instruction_set,
2098 is_public, uid, is_secondary_dex, profile_guided, &in_vdex_fd, &out_vdex_fd)) {
2099 *error_msg = "Could not open vdex files.";
2100 return -1;
2101 }
2102
2103 // Ensure that the oat dir and the compiler artifacts of secondary dex files have the correct
2104 // selinux context (we generate them on the fly during the dexopt invocation and they don't
2105 // fully inherit their parent context).
2106 // Note that for primary apk the oat files are created before, in a separate installd
2107 // call which also does the restorecon. TODO(calin): unify the paths.
2108 if (is_secondary_dex) {
2109 if (selinux_android_restorecon_pkgdir(oat_dir, se_info, uid,
2110 SELINUX_ANDROID_RESTORECON_RECURSE)) {
2111 *error_msg = std::string("Failed to restorecon ").append(oat_dir);
2112 LOG(ERROR) << *error_msg;
2113 return -1;
2114 }
2115 }
2116
2117 // Create a swap file if necessary.
2118 unique_fd swap_fd = maybe_open_dexopt_swap_file(out_oat_path);
2119
2120 // Create the app image file if needed.
2121 Dex2oatFileWrapper image_fd = maybe_open_app_image(
2122 out_oat_path, generate_app_image, is_public, uid, is_secondary_dex);
2123
2124 // Open the reference profile if needed.
2125 Dex2oatFileWrapper reference_profile_fd = maybe_open_reference_profile(
2126 pkgname, dex_path, profile_name, profile_guided, is_public, uid, is_secondary_dex);
2127
2128 unique_fd dex_metadata_fd;
2129 if (dex_metadata_path != nullptr) {
2130 dex_metadata_fd.reset(TEMP_FAILURE_RETRY(open(dex_metadata_path, O_RDONLY | O_NOFOLLOW)));
2131 if (dex_metadata_fd.get() < 0) {
2132 PLOG(ERROR) << "Failed to open dex metadata file " << dex_metadata_path;
2133 }
2134 }
2135
2136 LOG(VERBOSE) << "DexInv: --- BEGIN '" << dex_path << "' ---";
2137
2138 RunDex2Oat runner(input_fd.get(),
2139 out_oat_fd.get(),
2140 in_vdex_fd.get(),
2141 out_vdex_fd.get(),
2142 image_fd.get(),
2143 dex_path,
2144 out_oat_path,
2145 swap_fd.get(),
2146 instruction_set,
2147 compiler_filter,
2148 debuggable,
2149 boot_complete,
2150 background_job_compile,
2151 reference_profile_fd.get(),
2152 class_loader_context,
2153 join_fds(context_input_fds),
2154 target_sdk_version,
2155 enable_hidden_api_checks,
2156 generate_compact_dex,
2157 dex_metadata_fd.get(),
2158 compilation_reason);
2159
2160 pid_t pid = fork();
2161 if (pid == 0) {
2162 /* child -- drop privileges before continuing */
2163 drop_capabilities(uid);
2164
2165 SetDex2OatScheduling(boot_complete);
2166 if (flock(out_oat_fd.get(), LOCK_EX | LOCK_NB) != 0) {
2167 PLOG(ERROR) << "flock(" << out_oat_path << ") failed";
2168 _exit(DexoptReturnCodes::kFlock);
2169 }
2170
2171 runner.Exec(DexoptReturnCodes::kDex2oatExec);
2172 } else {
2173 int res = wait_child(pid);
2174 if (res == 0) {
2175 LOG(VERBOSE) << "DexInv: --- END '" << dex_path << "' (success) ---";
2176 } else {
2177 LOG(VERBOSE) << "DexInv: --- END '" << dex_path << "' --- status=0x"
2178 << std::hex << std::setw(4) << res << ", process failed";
2179 *error_msg = format_dexopt_error(res, dex_path);
2180 return res;
2181 }
2182 }
2183
2184 update_out_oat_access_times(dex_path, out_oat_path);
2185
2186 // We've been successful, don't delete output.
2187 out_oat_fd.SetCleanup(false);
2188 out_vdex_fd.SetCleanup(false);
2189 image_fd.SetCleanup(false);
2190 reference_profile_fd.SetCleanup(false);
2191
2192 return 0;
2193 }
2194
2195 // Try to remove the given directory. Log an error if the directory exists
2196 // and is empty but could not be removed.
rmdir_if_empty(const char * dir)2197 static bool rmdir_if_empty(const char* dir) {
2198 if (rmdir(dir) == 0) {
2199 return true;
2200 }
2201 if (errno == ENOENT || errno == ENOTEMPTY) {
2202 return true;
2203 }
2204 PLOG(ERROR) << "Failed to remove dir: " << dir;
2205 return false;
2206 }
2207
2208 // Try to unlink the given file. Log an error if the file exists and could not
2209 // be unlinked.
unlink_if_exists(const std::string & file)2210 static bool unlink_if_exists(const std::string& file) {
2211 if (unlink(file.c_str()) == 0) {
2212 return true;
2213 }
2214 if (errno == ENOENT) {
2215 return true;
2216
2217 }
2218 PLOG(ERROR) << "Could not unlink: " << file;
2219 return false;
2220 }
2221
2222 enum ReconcileSecondaryDexResult {
2223 kReconcileSecondaryDexExists = 0,
2224 kReconcileSecondaryDexCleanedUp = 1,
2225 kReconcileSecondaryDexValidationError = 2,
2226 kReconcileSecondaryDexCleanUpError = 3,
2227 kReconcileSecondaryDexAccessIOError = 4,
2228 };
2229
2230 // Reconcile the secondary dex 'dex_path' and its generated oat files.
2231 // Return true if all the parameters are valid and the secondary dex file was
2232 // processed successfully (i.e. the dex_path either exists, or if not, its corresponding
2233 // oat/vdex/art files where deleted successfully). In this case, out_secondary_dex_exists
2234 // will be true if the secondary dex file still exists. If the secondary dex file does not exist,
2235 // the method cleans up any previously generated compiler artifacts (oat, vdex, art).
2236 // Return false if there were errors during processing. In this case
2237 // out_secondary_dex_exists will be set to false.
reconcile_secondary_dex_file(const std::string & dex_path,const std::string & pkgname,int uid,const std::vector<std::string> & isas,const std::unique_ptr<std::string> & volume_uuid,int storage_flag,bool * out_secondary_dex_exists)2238 bool reconcile_secondary_dex_file(const std::string& dex_path,
2239 const std::string& pkgname, int uid, const std::vector<std::string>& isas,
2240 const std::unique_ptr<std::string>& volume_uuid, int storage_flag,
2241 /*out*/bool* out_secondary_dex_exists) {
2242 *out_secondary_dex_exists = false; // start by assuming the file does not exist.
2243 if (isas.size() == 0) {
2244 LOG(ERROR) << "reconcile_secondary_dex_file called with empty isas vector";
2245 return false;
2246 }
2247
2248 if (storage_flag != FLAG_STORAGE_CE && storage_flag != FLAG_STORAGE_DE) {
2249 LOG(ERROR) << "reconcile_secondary_dex_file called with invalid storage_flag: "
2250 << storage_flag;
2251 return false;
2252 }
2253
2254 // As a security measure we want to unlink art artifacts with the reduced capabilities
2255 // of the package user id. So we fork and drop capabilities in the child.
2256 pid_t pid = fork();
2257 if (pid == 0) {
2258 /* child -- drop privileges before continuing */
2259 drop_capabilities(uid);
2260
2261 const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str();
2262 if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid_cstr,
2263 uid, storage_flag)) {
2264 LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
2265 _exit(kReconcileSecondaryDexValidationError);
2266 }
2267
2268 SecondaryDexAccess access_check = check_secondary_dex_access(dex_path);
2269 switch (access_check) {
2270 case kSecondaryDexAccessDoesNotExist:
2271 // File does not exist. Proceed with cleaning.
2272 break;
2273 case kSecondaryDexAccessReadOk: _exit(kReconcileSecondaryDexExists);
2274 case kSecondaryDexAccessIOError: _exit(kReconcileSecondaryDexAccessIOError);
2275 case kSecondaryDexAccessPermissionError: _exit(kReconcileSecondaryDexValidationError);
2276 default:
2277 LOG(ERROR) << "Unexpected result from check_secondary_dex_access: " << access_check;
2278 _exit(kReconcileSecondaryDexValidationError);
2279 }
2280
2281 // The secondary dex does not exist anymore or it's. Clear any generated files.
2282 char oat_path[PKG_PATH_MAX];
2283 char oat_dir[PKG_PATH_MAX];
2284 char oat_isa_dir[PKG_PATH_MAX];
2285 bool result = true;
2286 for (size_t i = 0; i < isas.size(); i++) {
2287 std::string error_msg;
2288 if (!create_secondary_dex_oat_layout(
2289 dex_path,isas[i], oat_dir, oat_isa_dir, oat_path, &error_msg)) {
2290 LOG(ERROR) << error_msg;
2291 _exit(kReconcileSecondaryDexValidationError);
2292 }
2293
2294 // Delete oat/vdex/art files.
2295 result = unlink_if_exists(oat_path) && result;
2296 result = unlink_if_exists(create_vdex_filename(oat_path)) && result;
2297 result = unlink_if_exists(create_image_filename(oat_path)) && result;
2298
2299 // Delete profiles.
2300 std::string current_profile = create_current_profile_path(
2301 multiuser_get_user_id(uid), pkgname, dex_path, /*is_secondary*/true);
2302 std::string reference_profile = create_reference_profile_path(
2303 pkgname, dex_path, /*is_secondary*/true);
2304 result = unlink_if_exists(current_profile) && result;
2305 result = unlink_if_exists(reference_profile) && result;
2306
2307 // We upgraded once the location of current profile for secondary dex files.
2308 // Check for any previous left-overs and remove them as well.
2309 std::string old_current_profile = dex_path + ".prof";
2310 result = unlink_if_exists(old_current_profile);
2311
2312 // Try removing the directories as well, they might be empty.
2313 result = rmdir_if_empty(oat_isa_dir) && result;
2314 result = rmdir_if_empty(oat_dir) && result;
2315 }
2316 if (!result) {
2317 PLOG(ERROR) << "Failed to clean secondary dex artifacts for location " << dex_path;
2318 }
2319 _exit(result ? kReconcileSecondaryDexCleanedUp : kReconcileSecondaryDexAccessIOError);
2320 }
2321
2322 int return_code = wait_child(pid);
2323 if (!WIFEXITED(return_code)) {
2324 LOG(WARNING) << "reconcile dex failed for location " << dex_path << ": " << return_code;
2325 } else {
2326 return_code = WEXITSTATUS(return_code);
2327 }
2328
2329 LOG(DEBUG) << "Reconcile secondary dex path " << dex_path << " result=" << return_code;
2330
2331 switch (return_code) {
2332 case kReconcileSecondaryDexCleanedUp:
2333 case kReconcileSecondaryDexValidationError:
2334 // If we couldn't validate assume the dex file does not exist.
2335 // This will purge the entry from the PM records.
2336 *out_secondary_dex_exists = false;
2337 return true;
2338 case kReconcileSecondaryDexExists:
2339 *out_secondary_dex_exists = true;
2340 return true;
2341 case kReconcileSecondaryDexAccessIOError:
2342 // We had an access IO error.
2343 // Return false so that we can try again.
2344 // The value of out_secondary_dex_exists does not matter in this case and by convention
2345 // is set to false.
2346 *out_secondary_dex_exists = false;
2347 return false;
2348 default:
2349 LOG(ERROR) << "Unexpected code from reconcile_secondary_dex_file: " << return_code;
2350 *out_secondary_dex_exists = false;
2351 return false;
2352 }
2353 }
2354
2355 // Compute and return the hash (SHA-256) of the secondary dex file at dex_path.
2356 // Returns true if all parameters are valid and the hash successfully computed and stored in
2357 // out_secondary_dex_hash.
2358 // Also returns true with an empty hash if the file does not currently exist or is not accessible to
2359 // the app.
2360 // For any other errors (e.g. if any of the parameters are invalid) returns false.
hash_secondary_dex_file(const std::string & dex_path,const std::string & pkgname,int uid,const std::unique_ptr<std::string> & volume_uuid,int storage_flag,std::vector<uint8_t> * out_secondary_dex_hash)2361 bool hash_secondary_dex_file(const std::string& dex_path, const std::string& pkgname, int uid,
2362 const std::unique_ptr<std::string>& volume_uuid, int storage_flag,
2363 std::vector<uint8_t>* out_secondary_dex_hash) {
2364 out_secondary_dex_hash->clear();
2365
2366 const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str();
2367
2368 if (storage_flag != FLAG_STORAGE_CE && storage_flag != FLAG_STORAGE_DE) {
2369 LOG(ERROR) << "hash_secondary_dex_file called with invalid storage_flag: "
2370 << storage_flag;
2371 return false;
2372 }
2373
2374 // Pipe to get the hash result back from our child process.
2375 unique_fd pipe_read, pipe_write;
2376 if (!Pipe(&pipe_read, &pipe_write)) {
2377 PLOG(ERROR) << "Failed to create pipe";
2378 return false;
2379 }
2380
2381 // Fork so that actual access to the files is done in the app's own UID, to ensure we only
2382 // access data the app itself can access.
2383 pid_t pid = fork();
2384 if (pid == 0) {
2385 // child -- drop privileges before continuing
2386 drop_capabilities(uid);
2387 pipe_read.reset();
2388
2389 if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid_cstr, uid, storage_flag)) {
2390 LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
2391 _exit(DexoptReturnCodes::kHashValidatePath);
2392 }
2393
2394 unique_fd fd(TEMP_FAILURE_RETRY(open(dex_path.c_str(), O_RDONLY | O_CLOEXEC | O_NOFOLLOW)));
2395 if (fd == -1) {
2396 if (errno == EACCES || errno == ENOENT) {
2397 // Not treated as an error.
2398 _exit(0);
2399 }
2400 PLOG(ERROR) << "Failed to open secondary dex " << dex_path;
2401 _exit(DexoptReturnCodes::kHashOpenPath);
2402 }
2403
2404 SHA256_CTX ctx;
2405 SHA256_Init(&ctx);
2406
2407 std::vector<uint8_t> buffer(65536);
2408 while (true) {
2409 ssize_t bytes_read = TEMP_FAILURE_RETRY(read(fd, buffer.data(), buffer.size()));
2410 if (bytes_read == 0) {
2411 break;
2412 } else if (bytes_read == -1) {
2413 PLOG(ERROR) << "Failed to read secondary dex " << dex_path;
2414 _exit(DexoptReturnCodes::kHashReadDex);
2415 }
2416
2417 SHA256_Update(&ctx, buffer.data(), bytes_read);
2418 }
2419
2420 std::array<uint8_t, SHA256_DIGEST_LENGTH> hash;
2421 SHA256_Final(hash.data(), &ctx);
2422 if (!WriteFully(pipe_write, hash.data(), hash.size())) {
2423 _exit(DexoptReturnCodes::kHashWrite);
2424 }
2425
2426 _exit(0);
2427 }
2428
2429 // parent
2430 pipe_write.reset();
2431
2432 out_secondary_dex_hash->resize(SHA256_DIGEST_LENGTH);
2433 if (!ReadFully(pipe_read, out_secondary_dex_hash->data(), out_secondary_dex_hash->size())) {
2434 out_secondary_dex_hash->clear();
2435 }
2436 return wait_child(pid) == 0;
2437 }
2438
2439 // Helper for move_ab, so that we can have common failure-case cleanup.
unlink_and_rename(const char * from,const char * to)2440 static bool unlink_and_rename(const char* from, const char* to) {
2441 // Check whether "from" exists, and if so whether it's regular. If it is, unlink. Otherwise,
2442 // return a failure.
2443 struct stat s;
2444 if (stat(to, &s) == 0) {
2445 if (!S_ISREG(s.st_mode)) {
2446 LOG(ERROR) << from << " is not a regular file to replace for A/B.";
2447 return false;
2448 }
2449 if (unlink(to) != 0) {
2450 LOG(ERROR) << "Could not unlink " << to << " to move A/B.";
2451 return false;
2452 }
2453 } else {
2454 // This may be a permission problem. We could investigate the error code, but we'll just
2455 // let the rename failure do the work for us.
2456 }
2457
2458 // Try to rename "to" to "from."
2459 if (rename(from, to) != 0) {
2460 PLOG(ERROR) << "Could not rename " << from << " to " << to;
2461 return false;
2462 }
2463 return true;
2464 }
2465
2466 // Move/rename a B artifact (from) to an A artifact (to).
move_ab_path(const std::string & b_path,const std::string & a_path)2467 static bool move_ab_path(const std::string& b_path, const std::string& a_path) {
2468 // Check whether B exists.
2469 {
2470 struct stat s;
2471 if (stat(b_path.c_str(), &s) != 0) {
2472 // Silently ignore for now. The service calling this isn't smart enough to understand
2473 // lack of artifacts at the moment.
2474 return false;
2475 }
2476 if (!S_ISREG(s.st_mode)) {
2477 LOG(ERROR) << "A/B artifact " << b_path << " is not a regular file.";
2478 // Try to unlink, but swallow errors.
2479 unlink(b_path.c_str());
2480 return false;
2481 }
2482 }
2483
2484 // Rename B to A.
2485 if (!unlink_and_rename(b_path.c_str(), a_path.c_str())) {
2486 // Delete the b_path so we don't try again (or fail earlier).
2487 if (unlink(b_path.c_str()) != 0) {
2488 PLOG(ERROR) << "Could not unlink " << b_path;
2489 }
2490
2491 return false;
2492 }
2493
2494 return true;
2495 }
2496
move_ab(const char * apk_path,const char * instruction_set,const char * oat_dir)2497 bool move_ab(const char* apk_path, const char* instruction_set, const char* oat_dir) {
2498 // Get the current slot suffix. No suffix, no A/B.
2499 const std::string slot_suffix = GetProperty("ro.boot.slot_suffix", "");
2500 if (slot_suffix.empty()) {
2501 return false;
2502 }
2503
2504 if (!ValidateTargetSlotSuffix(slot_suffix)) {
2505 LOG(ERROR) << "Target slot suffix not legal: " << slot_suffix;
2506 return false;
2507 }
2508
2509 // Validate other inputs.
2510 if (validate_apk_path(apk_path) != 0) {
2511 LOG(ERROR) << "Invalid apk_path: " << apk_path;
2512 return false;
2513 }
2514 if (validate_apk_path(oat_dir) != 0) {
2515 LOG(ERROR) << "Invalid oat_dir: " << oat_dir;
2516 return false;
2517 }
2518
2519 char a_path[PKG_PATH_MAX];
2520 if (!calculate_oat_file_path(a_path, oat_dir, apk_path, instruction_set)) {
2521 return false;
2522 }
2523 const std::string a_vdex_path = create_vdex_filename(a_path);
2524 const std::string a_image_path = create_image_filename(a_path);
2525
2526 // B path = A path + slot suffix.
2527 const std::string b_path = StringPrintf("%s.%s", a_path, slot_suffix.c_str());
2528 const std::string b_vdex_path = StringPrintf("%s.%s", a_vdex_path.c_str(), slot_suffix.c_str());
2529 const std::string b_image_path = StringPrintf("%s.%s",
2530 a_image_path.c_str(),
2531 slot_suffix.c_str());
2532
2533 bool success = true;
2534 if (move_ab_path(b_path, a_path)) {
2535 if (move_ab_path(b_vdex_path, a_vdex_path)) {
2536 // Note: we can live without an app image. As such, ignore failure to move the image file.
2537 // If we decide to require the app image, or the app image being moved correctly,
2538 // then change accordingly.
2539 constexpr bool kIgnoreAppImageFailure = true;
2540
2541 if (!a_image_path.empty()) {
2542 if (!move_ab_path(b_image_path, a_image_path)) {
2543 unlink(a_image_path.c_str());
2544 if (!kIgnoreAppImageFailure) {
2545 success = false;
2546 }
2547 }
2548 }
2549 } else {
2550 // Cleanup: delete B image, ignore errors.
2551 unlink(b_image_path.c_str());
2552 success = false;
2553 }
2554 } else {
2555 // Cleanup: delete B image, ignore errors.
2556 unlink(b_vdex_path.c_str());
2557 unlink(b_image_path.c_str());
2558 success = false;
2559 }
2560 return success;
2561 }
2562
delete_odex(const char * apk_path,const char * instruction_set,const char * oat_dir)2563 bool delete_odex(const char* apk_path, const char* instruction_set, const char* oat_dir) {
2564 // Delete the oat/odex file.
2565 char out_path[PKG_PATH_MAX];
2566 if (!create_oat_out_path(apk_path, instruction_set, oat_dir,
2567 /*is_secondary_dex*/false, out_path)) {
2568 return false;
2569 }
2570
2571 // In case of a permission failure report the issue. Otherwise just print a warning.
2572 auto unlink_and_check = [](const char* path) -> bool {
2573 int result = unlink(path);
2574 if (result != 0) {
2575 if (errno == EACCES || errno == EPERM) {
2576 PLOG(ERROR) << "Could not unlink " << path;
2577 return false;
2578 }
2579 PLOG(WARNING) << "Could not unlink " << path;
2580 }
2581 return true;
2582 };
2583
2584 // Delete the oat/odex file.
2585 bool return_value_oat = unlink_and_check(out_path);
2586
2587 // Derive and delete the app image.
2588 bool return_value_art = unlink_and_check(create_image_filename(out_path).c_str());
2589
2590 // Derive and delete the vdex file.
2591 bool return_value_vdex = unlink_and_check(create_vdex_filename(out_path).c_str());
2592
2593 // Report success.
2594 return return_value_oat && return_value_art && return_value_vdex;
2595 }
2596
is_absolute_path(const std::string & path)2597 static bool is_absolute_path(const std::string& path) {
2598 if (path.find('/') != 0 || path.find("..") != std::string::npos) {
2599 LOG(ERROR) << "Invalid absolute path " << path;
2600 return false;
2601 } else {
2602 return true;
2603 }
2604 }
2605
is_valid_instruction_set(const std::string & instruction_set)2606 static bool is_valid_instruction_set(const std::string& instruction_set) {
2607 // TODO: add explicit whitelisting of instruction sets
2608 if (instruction_set.find('/') != std::string::npos) {
2609 LOG(ERROR) << "Invalid instruction set " << instruction_set;
2610 return false;
2611 } else {
2612 return true;
2613 }
2614 }
2615
calculate_oat_file_path_default(char path[PKG_PATH_MAX],const char * oat_dir,const char * apk_path,const char * instruction_set)2616 bool calculate_oat_file_path_default(char path[PKG_PATH_MAX], const char *oat_dir,
2617 const char *apk_path, const char *instruction_set) {
2618 std::string oat_dir_ = oat_dir;
2619 std::string apk_path_ = apk_path;
2620 std::string instruction_set_ = instruction_set;
2621
2622 if (!is_absolute_path(oat_dir_)) return false;
2623 if (!is_absolute_path(apk_path_)) return false;
2624 if (!is_valid_instruction_set(instruction_set_)) return false;
2625
2626 std::string::size_type end = apk_path_.rfind('.');
2627 std::string::size_type start = apk_path_.rfind('/', end);
2628 if (end == std::string::npos || start == std::string::npos) {
2629 LOG(ERROR) << "Invalid apk_path " << apk_path_;
2630 return false;
2631 }
2632
2633 std::string res_ = oat_dir_ + '/' + instruction_set + '/'
2634 + apk_path_.substr(start + 1, end - start - 1) + ".odex";
2635 const char* res = res_.c_str();
2636 if (strlen(res) >= PKG_PATH_MAX) {
2637 LOG(ERROR) << "Result too large";
2638 return false;
2639 } else {
2640 strlcpy(path, res, PKG_PATH_MAX);
2641 return true;
2642 }
2643 }
2644
calculate_odex_file_path_default(char path[PKG_PATH_MAX],const char * apk_path,const char * instruction_set)2645 bool calculate_odex_file_path_default(char path[PKG_PATH_MAX], const char *apk_path,
2646 const char *instruction_set) {
2647 std::string apk_path_ = apk_path;
2648 std::string instruction_set_ = instruction_set;
2649
2650 if (!is_absolute_path(apk_path_)) return false;
2651 if (!is_valid_instruction_set(instruction_set_)) return false;
2652
2653 std::string::size_type end = apk_path_.rfind('.');
2654 std::string::size_type start = apk_path_.rfind('/', end);
2655 if (end == std::string::npos || start == std::string::npos) {
2656 LOG(ERROR) << "Invalid apk_path " << apk_path_;
2657 return false;
2658 }
2659
2660 std::string oat_dir = apk_path_.substr(0, start + 1) + "oat";
2661 return calculate_oat_file_path_default(path, oat_dir.c_str(), apk_path, instruction_set);
2662 }
2663
create_cache_path_default(char path[PKG_PATH_MAX],const char * src,const char * instruction_set)2664 bool create_cache_path_default(char path[PKG_PATH_MAX], const char *src,
2665 const char *instruction_set) {
2666 std::string src_ = src;
2667 std::string instruction_set_ = instruction_set;
2668
2669 if (!is_absolute_path(src_)) return false;
2670 if (!is_valid_instruction_set(instruction_set_)) return false;
2671
2672 for (auto it = src_.begin() + 1; it < src_.end(); ++it) {
2673 if (*it == '/') {
2674 *it = '@';
2675 }
2676 }
2677
2678 std::string res_ = android_data_dir + DALVIK_CACHE + '/' + instruction_set_ + src_
2679 + DALVIK_CACHE_POSTFIX;
2680 const char* res = res_.c_str();
2681 if (strlen(res) >= PKG_PATH_MAX) {
2682 LOG(ERROR) << "Result too large";
2683 return false;
2684 } else {
2685 strlcpy(path, res, PKG_PATH_MAX);
2686 return true;
2687 }
2688 }
2689
open_classpath_files(const std::string & classpath,std::vector<unique_fd> * apk_fds,std::vector<std::string> * dex_locations)2690 bool open_classpath_files(const std::string& classpath, std::vector<unique_fd>* apk_fds,
2691 std::vector<std::string>* dex_locations) {
2692 std::vector<std::string> classpaths_elems = base::Split(classpath, ":");
2693 for (const std::string& elem : classpaths_elems) {
2694 unique_fd fd(TEMP_FAILURE_RETRY(open(elem.c_str(), O_RDONLY)));
2695 if (fd < 0) {
2696 PLOG(ERROR) << "Could not open classpath elem " << elem;
2697 return false;
2698 } else {
2699 apk_fds->push_back(std::move(fd));
2700 dex_locations->push_back(elem);
2701 }
2702 }
2703 return true;
2704 }
2705
create_app_profile_snapshot(int32_t app_id,const std::string & package_name,const std::string & profile_name,const std::string & classpath)2706 static bool create_app_profile_snapshot(int32_t app_id,
2707 const std::string& package_name,
2708 const std::string& profile_name,
2709 const std::string& classpath) {
2710 int app_shared_gid = multiuser_get_shared_gid(/*user_id*/ 0, app_id);
2711
2712 unique_fd snapshot_fd = open_spnashot_profile(AID_SYSTEM, package_name, profile_name);
2713 if (snapshot_fd < 0) {
2714 return false;
2715 }
2716
2717 std::vector<unique_fd> profiles_fd;
2718 unique_fd reference_profile_fd;
2719 open_profile_files(app_shared_gid, package_name, profile_name, /*is_secondary_dex*/ false,
2720 &profiles_fd, &reference_profile_fd);
2721 if (profiles_fd.empty() || (reference_profile_fd.get() < 0)) {
2722 return false;
2723 }
2724
2725 profiles_fd.push_back(std::move(reference_profile_fd));
2726
2727 // Open the class paths elements. These will be used to filter out profile data that does
2728 // not belong to the classpath during merge.
2729 std::vector<unique_fd> apk_fds;
2730 std::vector<std::string> dex_locations;
2731 if (!open_classpath_files(classpath, &apk_fds, &dex_locations)) {
2732 return false;
2733 }
2734
2735 RunProfman args;
2736 args.SetupMerge(profiles_fd, snapshot_fd, apk_fds, dex_locations);
2737 pid_t pid = fork();
2738 if (pid == 0) {
2739 /* child -- drop privileges before continuing */
2740 drop_capabilities(app_shared_gid);
2741 args.Exec();
2742 }
2743
2744 /* parent */
2745 int return_code = wait_child(pid);
2746 if (!WIFEXITED(return_code)) {
2747 LOG(WARNING) << "profman failed for " << package_name << ":" << profile_name;
2748 return false;
2749 }
2750
2751 return true;
2752 }
2753
create_boot_image_profile_snapshot(const std::string & package_name,const std::string & profile_name,const std::string & classpath)2754 static bool create_boot_image_profile_snapshot(const std::string& package_name,
2755 const std::string& profile_name,
2756 const std::string& classpath) {
2757 // The reference profile directory for the android package might not be prepared. Do it now.
2758 const std::string ref_profile_dir =
2759 create_primary_reference_profile_package_dir_path(package_name);
2760 if (fs_prepare_dir(ref_profile_dir.c_str(), 0770, AID_SYSTEM, AID_SYSTEM) != 0) {
2761 PLOG(ERROR) << "Failed to prepare " << ref_profile_dir;
2762 return false;
2763 }
2764
2765 // Return false for empty class path since it may otherwise return true below if profiles is
2766 // empty.
2767 if (classpath.empty()) {
2768 PLOG(ERROR) << "Class path is empty";
2769 return false;
2770 }
2771
2772 // Open and create the snapshot profile.
2773 unique_fd snapshot_fd = open_spnashot_profile(AID_SYSTEM, package_name, profile_name);
2774
2775 // Collect all non empty profiles.
2776 // The collection will traverse all applications profiles and find the non empty files.
2777 // This has the potential of inspecting a large number of files and directories (depending
2778 // on the number of applications and users). So there is a slight increase in the chance
2779 // to get get occasionally I/O errors (e.g. for opening the file). When that happens do not
2780 // fail the snapshot and aggregate whatever profile we could open.
2781 //
2782 // The profile snapshot is a best effort based on available data it's ok if some data
2783 // from some apps is missing. It will be counter productive for the snapshot to fail
2784 // because we could not open or read some of the files.
2785 std::vector<std::string> profiles;
2786 if (!collect_profiles(&profiles)) {
2787 LOG(WARNING) << "There were errors while collecting the profiles for the boot image.";
2788 }
2789
2790 // If we have no profiles return early.
2791 if (profiles.empty()) {
2792 return true;
2793 }
2794
2795 // Open the classpath elements. These will be used to filter out profile data that does
2796 // not belong to the classpath during merge.
2797 std::vector<unique_fd> apk_fds;
2798 std::vector<std::string> dex_locations;
2799 if (!open_classpath_files(classpath, &apk_fds, &dex_locations)) {
2800 return false;
2801 }
2802
2803 // If we could not open any files from the classpath return an error.
2804 if (apk_fds.empty()) {
2805 LOG(ERROR) << "Could not open any of the classpath elements.";
2806 return false;
2807 }
2808
2809 // Aggregate the profiles in batches of kAggregationBatchSize.
2810 // We do this to avoid opening a huge a amount of files.
2811 static constexpr size_t kAggregationBatchSize = 10;
2812
2813 std::vector<unique_fd> profiles_fd;
2814 for (size_t i = 0; i < profiles.size(); ) {
2815 for (size_t k = 0; k < kAggregationBatchSize && i < profiles.size(); k++, i++) {
2816 unique_fd fd = open_profile(AID_SYSTEM, profiles[i], O_RDONLY);
2817 if (fd.get() >= 0) {
2818 profiles_fd.push_back(std::move(fd));
2819 }
2820 }
2821 RunProfman args;
2822 args.SetupMerge(profiles_fd,
2823 snapshot_fd,
2824 apk_fds,
2825 dex_locations,
2826 /*store_aggregation_counters=*/true);
2827 pid_t pid = fork();
2828 if (pid == 0) {
2829 /* child -- drop privileges before continuing */
2830 drop_capabilities(AID_SYSTEM);
2831
2832 // The introduction of new access flags into boot jars causes them to
2833 // fail dex file verification.
2834 args.Exec();
2835 }
2836
2837 /* parent */
2838 int return_code = wait_child(pid);
2839 if (!WIFEXITED(return_code)) {
2840 PLOG(WARNING) << "profman failed for " << package_name << ":" << profile_name;
2841 return false;
2842 }
2843 return true;
2844 }
2845 return true;
2846 }
2847
create_profile_snapshot(int32_t app_id,const std::string & package_name,const std::string & profile_name,const std::string & classpath)2848 bool create_profile_snapshot(int32_t app_id, const std::string& package_name,
2849 const std::string& profile_name, const std::string& classpath) {
2850 if (app_id == -1) {
2851 return create_boot_image_profile_snapshot(package_name, profile_name, classpath);
2852 } else {
2853 return create_app_profile_snapshot(app_id, package_name, profile_name, classpath);
2854 }
2855 }
2856
prepare_app_profile(const std::string & package_name,userid_t user_id,appid_t app_id,const std::string & profile_name,const std::string & code_path,const std::unique_ptr<std::string> & dex_metadata)2857 bool prepare_app_profile(const std::string& package_name,
2858 userid_t user_id,
2859 appid_t app_id,
2860 const std::string& profile_name,
2861 const std::string& code_path,
2862 const std::unique_ptr<std::string>& dex_metadata) {
2863 // Prepare the current profile.
2864 std::string cur_profile = create_current_profile_path(user_id, package_name, profile_name,
2865 /*is_secondary_dex*/ false);
2866 uid_t uid = multiuser_get_uid(user_id, app_id);
2867 if (fs_prepare_file_strict(cur_profile.c_str(), 0600, uid, uid) != 0) {
2868 PLOG(ERROR) << "Failed to prepare " << cur_profile;
2869 return false;
2870 }
2871
2872 // Check if we need to install the profile from the dex metadata.
2873 if (dex_metadata == nullptr) {
2874 return true;
2875 }
2876
2877 // We have a dex metdata. Merge the profile into the reference profile.
2878 unique_fd ref_profile_fd = open_reference_profile(uid, package_name, profile_name,
2879 /*read_write*/ true, /*is_secondary_dex*/ false);
2880 unique_fd dex_metadata_fd(TEMP_FAILURE_RETRY(
2881 open(dex_metadata->c_str(), O_RDONLY | O_NOFOLLOW)));
2882 unique_fd apk_fd(TEMP_FAILURE_RETRY(open(code_path.c_str(), O_RDONLY | O_NOFOLLOW)));
2883 if (apk_fd < 0) {
2884 PLOG(ERROR) << "Could not open code path " << code_path;
2885 return false;
2886 }
2887
2888 RunProfman args;
2889 args.SetupCopyAndUpdate(std::move(dex_metadata_fd),
2890 std::move(ref_profile_fd),
2891 std::move(apk_fd),
2892 code_path);
2893 pid_t pid = fork();
2894 if (pid == 0) {
2895 /* child -- drop privileges before continuing */
2896 gid_t app_shared_gid = multiuser_get_shared_gid(user_id, app_id);
2897 drop_capabilities(app_shared_gid);
2898
2899 // The copy and update takes ownership over the fds.
2900 args.Exec();
2901 }
2902
2903 /* parent */
2904 int return_code = wait_child(pid);
2905 if (!WIFEXITED(return_code)) {
2906 PLOG(WARNING) << "profman failed for " << package_name << ":" << profile_name;
2907 return false;
2908 }
2909 return true;
2910 }
2911
2912 } // namespace installd
2913 } // namespace android
2914