1 /*
2 ** Copyright 2016, The Android Open Source Project
3 **
4 ** Licensed under the Apache License, Version 2.0 (the "License");
5 ** you may not use this file except in compliance with the License.
6 ** You may obtain a copy of the License at
7 **
8 ** http://www.apache.org/licenses/LICENSE-2.0
9 **
10 ** Unless required by applicable law or agreed to in writing, software
11 ** distributed under the License is distributed on an "AS IS" BASIS,
12 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 ** See the License for the specific language governing permissions and
14 ** limitations under the License.
15 */
16
17 #include <fcntl.h>
18 #include <linux/unistd.h>
19 #include <sys/mount.h>
20 #include <sys/stat.h>
21 #include <sys/wait.h>
22
23 #include <sstream>
24
25 #include <android-base/logging.h>
26 #include <android-base/macros.h>
27 #include <android-base/stringprintf.h>
28 #include <libdm/dm.h>
29 #include <selinux/android.h>
30
31 #include <apexd.h>
32
33 #include "installd_constants.h"
34 #include "otapreopt_utils.h"
35
36 #ifndef LOG_TAG
37 #define LOG_TAG "otapreopt"
38 #endif
39
40 using android::base::StringPrintf;
41
42 namespace android {
43 namespace installd {
44
CloseDescriptor(int fd)45 static void CloseDescriptor(int fd) {
46 if (fd >= 0) {
47 int result = close(fd);
48 UNUSED(result); // Ignore result. Printing to logcat will open a new descriptor
49 // that we do *not* want.
50 }
51 }
52
CloseDescriptor(const char * descriptor_string)53 static void CloseDescriptor(const char* descriptor_string) {
54 int fd = -1;
55 std::istringstream stream(descriptor_string);
56 stream >> fd;
57 if (!stream.fail()) {
58 CloseDescriptor(fd);
59 }
60 }
61
ActivateApexPackages()62 static std::vector<apex::ApexFile> ActivateApexPackages() {
63 // The logic here is (partially) copied and adapted from
64 // system/apex/apexd/apexd_main.cpp.
65 //
66 // Only scan the APEX directory under /system (within the chroot dir).
67 apex::scanPackagesDirAndActivate(apex::kApexPackageSystemDir);
68 return apex::getActivePackages();
69 }
70
DeactivateApexPackages(const std::vector<apex::ApexFile> & active_packages)71 static void DeactivateApexPackages(const std::vector<apex::ApexFile>& active_packages) {
72 for (const apex::ApexFile& apex_file : active_packages) {
73 const std::string& package_path = apex_file.GetPath();
74 apex::Status status = apex::deactivatePackage(package_path);
75 if (!status.Ok()) {
76 LOG(ERROR) << "Failed to deactivate " << package_path << ": " << status.ErrorMessage();
77 }
78 }
79 }
80
TryExtraMount(const char * name,const char * slot,const char * target)81 static void TryExtraMount(const char* name, const char* slot, const char* target) {
82 std::string partition_name = StringPrintf("%s%s", name, slot);
83
84 // See whether update_engine mounted a logical partition.
85 {
86 auto& dm = dm::DeviceMapper::Instance();
87 if (dm.GetState(partition_name) != dm::DmDeviceState::INVALID) {
88 std::string path;
89 if (dm.GetDmDevicePathByName(partition_name, &path)) {
90 int mount_result = mount(path.c_str(),
91 target,
92 "ext4",
93 MS_RDONLY,
94 /* data */ nullptr);
95 if (mount_result == 0) {
96 return;
97 }
98 }
99 }
100 }
101
102 // Fall back and attempt a direct mount.
103 std::string block_device = StringPrintf("/dev/block/by-name/%s", partition_name.c_str());
104 int mount_result = mount(block_device.c_str(),
105 target,
106 "ext4",
107 MS_RDONLY,
108 /* data */ nullptr);
109 UNUSED(mount_result);
110 }
111
112 // Entry for otapreopt_chroot. Expected parameters are:
113 // [cmd] [status-fd] [target-slot] "dexopt" [dexopt-params]
114 // The file descriptor denoted by status-fd will be closed. The rest of the parameters will
115 // be passed on to otapreopt in the chroot.
otapreopt_chroot(const int argc,char ** arg)116 static int otapreopt_chroot(const int argc, char **arg) {
117 // Validate arguments
118 // We need the command, status channel and target slot, at a minimum.
119 if(argc < 3) {
120 PLOG(ERROR) << "Not enough arguments.";
121 exit(208);
122 }
123 // Close all file descriptors. They are coming from the caller, we do not want to pass them
124 // on across our fork/exec into a different domain.
125 // 1) Default descriptors.
126 CloseDescriptor(STDIN_FILENO);
127 CloseDescriptor(STDOUT_FILENO);
128 CloseDescriptor(STDERR_FILENO);
129 // 2) The status channel.
130 CloseDescriptor(arg[1]);
131
132 // We need to run the otapreopt tool from the postinstall partition. As such, set up a
133 // mount namespace and change root.
134
135 // Create our own mount namespace.
136 if (unshare(CLONE_NEWNS) != 0) {
137 PLOG(ERROR) << "Failed to unshare() for otapreopt.";
138 exit(200);
139 }
140
141 // Make postinstall private, so that our changes don't propagate.
142 if (mount("", "/postinstall", nullptr, MS_PRIVATE, nullptr) != 0) {
143 PLOG(ERROR) << "Failed to mount private.";
144 exit(201);
145 }
146
147 // Bind mount necessary directories.
148 constexpr const char* kBindMounts[] = {
149 "/data", "/dev", "/proc", "/sys"
150 };
151 for (size_t i = 0; i < arraysize(kBindMounts); ++i) {
152 std::string trg = StringPrintf("/postinstall%s", kBindMounts[i]);
153 if (mount(kBindMounts[i], trg.c_str(), nullptr, MS_BIND, nullptr) != 0) {
154 PLOG(ERROR) << "Failed to bind-mount " << kBindMounts[i];
155 exit(202);
156 }
157 }
158
159 // Try to mount the vendor partition. update_engine doesn't do this for us, but we
160 // want it for vendor APKs.
161 // Notes:
162 // 1) We pretty much guess a name here and hope to find the partition by name.
163 // It is just as complicated and brittle to scan /proc/mounts. But this requires
164 // validating the target-slot so as not to try to mount some totally random path.
165 // 2) We're in a mount namespace here, so when we die, this will be cleaned up.
166 // 3) Ignore errors. Printing anything at this stage will open a file descriptor
167 // for logging.
168 if (!ValidateTargetSlotSuffix(arg[2])) {
169 LOG(ERROR) << "Target slot suffix not legal: " << arg[2];
170 exit(207);
171 }
172 TryExtraMount("vendor", arg[2], "/postinstall/vendor");
173
174 // Try to mount the product partition. update_engine doesn't do this for us, but we
175 // want it for product APKs. Same notes as vendor above.
176 TryExtraMount("product", arg[2], "/postinstall/product");
177
178 // Setup APEX mount point and its security context.
179 static constexpr const char* kPostinstallApexDir = "/postinstall/apex";
180 // The following logic is similar to the one in system/core/rootdir/init.rc:
181 //
182 // mount tmpfs tmpfs /apex nodev noexec nosuid
183 // chmod 0755 /apex
184 // chown root root /apex
185 // restorecon /apex
186 //
187 // except we perform the `restorecon` step just after mounting the tmpfs
188 // filesystem in /postinstall/apex, so that this directory is correctly
189 // labeled (with type `postinstall_apex_mnt_dir`) and may be manipulated in
190 // following operations (`chmod`, `chown`, etc.) following policies
191 // restricted to `postinstall_apex_mnt_dir`:
192 //
193 // mount tmpfs tmpfs /postinstall/apex nodev noexec nosuid
194 // restorecon /postinstall/apex
195 // chmod 0755 /postinstall/apex
196 // chown root root /postinstall/apex
197 //
198 if (mount("tmpfs", kPostinstallApexDir, "tmpfs", MS_NODEV | MS_NOEXEC | MS_NOSUID, nullptr)
199 != 0) {
200 PLOG(ERROR) << "Failed to mount tmpfs in " << kPostinstallApexDir;
201 exit(209);
202 }
203 if (selinux_android_restorecon(kPostinstallApexDir, 0) < 0) {
204 PLOG(ERROR) << "Failed to restorecon " << kPostinstallApexDir;
205 exit(214);
206 }
207 if (chmod(kPostinstallApexDir, 0755) != 0) {
208 PLOG(ERROR) << "Failed to chmod " << kPostinstallApexDir << " to 0755";
209 exit(210);
210 }
211 if (chown(kPostinstallApexDir, 0, 0) != 0) {
212 PLOG(ERROR) << "Failed to chown " << kPostinstallApexDir << " to root:root";
213 exit(211);
214 }
215
216 // Chdir into /postinstall.
217 if (chdir("/postinstall") != 0) {
218 PLOG(ERROR) << "Unable to chdir into /postinstall.";
219 exit(203);
220 }
221
222 // Make /postinstall the root in our mount namespace.
223 if (chroot(".") != 0) {
224 PLOG(ERROR) << "Failed to chroot";
225 exit(204);
226 }
227
228 if (chdir("/") != 0) {
229 PLOG(ERROR) << "Unable to chdir into /.";
230 exit(205);
231 }
232
233 // Try to mount APEX packages in "/apex" in the chroot dir. We need at least
234 // the Android Runtime APEX, as it is required by otapreopt to run dex2oat.
235 std::vector<apex::ApexFile> active_packages = ActivateApexPackages();
236
237 // Now go on and run otapreopt.
238
239 // Incoming: cmd + status-fd + target-slot + cmd... | Incoming | = argc
240 // Outgoing: cmd + target-slot + cmd... | Outgoing | = argc - 1
241 std::vector<std::string> cmd;
242 cmd.reserve(argc);
243 cmd.push_back("/system/bin/otapreopt");
244
245 // The first parameter is the status file descriptor, skip.
246 for (size_t i = 2; i < static_cast<size_t>(argc); ++i) {
247 cmd.push_back(arg[i]);
248 }
249
250 // Fork and execute otapreopt in its own process.
251 std::string error_msg;
252 bool exec_result = Exec(cmd, &error_msg);
253 if (!exec_result) {
254 LOG(ERROR) << "Running otapreopt failed: " << error_msg;
255 }
256
257 // Tear down the work down by the apexd logic. (i.e. deactivate packages).
258 DeactivateApexPackages(active_packages);
259
260 if (!exec_result) {
261 exit(213);
262 }
263
264 return 0;
265 }
266
267 } // namespace installd
268 } // namespace android
269
main(const int argc,char * argv[])270 int main(const int argc, char *argv[]) {
271 return android::installd::otapreopt_chroot(argc, argv);
272 }
273