1 //
2 // Copyright (C) 2018 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include "host_init_verifier.h"
18
19 #include <errno.h>
20 #include <getopt.h>
21 #include <pwd.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24
25 #include <fstream>
26 #include <iostream>
27 #include <iterator>
28 #include <map>
29 #include <set>
30 #include <string>
31 #include <vector>
32
33 #include <android-base/file.h>
34 #include <android-base/logging.h>
35 #include <android-base/parseint.h>
36 #include <android-base/strings.h>
37 #include <generated_android_ids.h>
38 #include <hidl/metadata.h>
39 #include <property_info_serializer/property_info_serializer.h>
40
41 #include "action.h"
42 #include "action_manager.h"
43 #include "action_parser.h"
44 #include "check_builtins.h"
45 #include "host_import_parser.h"
46 #include "host_init_stubs.h"
47 #include "interface_utils.h"
48 #include "parser.h"
49 #include "result.h"
50 #include "service.h"
51 #include "service_list.h"
52 #include "service_parser.h"
53
54 using namespace std::literals;
55
56 using android::base::EndsWith;
57 using android::base::ParseInt;
58 using android::base::ReadFileToString;
59 using android::base::Split;
60 using android::properties::BuildTrie;
61 using android::properties::ParsePropertyInfoFile;
62 using android::properties::PropertyInfoArea;
63 using android::properties::PropertyInfoEntry;
64
65 static std::vector<std::string> passwd_files;
66
67 // NOTE: Keep this in sync with the order used by init.cpp LoadBootScripts()
68 static const std::vector<std::string> partition_search_order =
69 std::vector<std::string>({"system", "system_ext", "odm", "vendor", "product"});
70
GetVendorPasswd(const std::string & passwd_file)71 static std::vector<std::pair<std::string, int>> GetVendorPasswd(const std::string& passwd_file) {
72 std::string passwd;
73 if (!ReadFileToString(passwd_file, &passwd)) {
74 return {};
75 }
76
77 std::vector<std::pair<std::string, int>> result;
78 auto passwd_lines = Split(passwd, "\n");
79 for (const auto& line : passwd_lines) {
80 auto split_line = Split(line, ":");
81 if (split_line.size() < 3) {
82 continue;
83 }
84 int uid = 0;
85 if (!ParseInt(split_line[2], &uid)) {
86 continue;
87 }
88 result.emplace_back(split_line[0], uid);
89 }
90 return result;
91 }
92
GetVendorPasswd()93 static std::vector<std::pair<std::string, int>> GetVendorPasswd() {
94 std::vector<std::pair<std::string, int>> result;
95 for (const auto& passwd_file : passwd_files) {
96 auto individual_result = GetVendorPasswd(passwd_file);
97 std::move(individual_result.begin(), individual_result.end(),
98 std::back_insert_iterator(result));
99 }
100 return result;
101 }
102
getpwnam(const char * login)103 passwd* getpwnam(const char* login) { // NOLINT: implementing bad function.
104 // This isn't thread safe, but that's okay for our purposes.
105 static char static_name[32] = "";
106 static char static_dir[32] = "/";
107 static char static_shell[32] = "/system/bin/sh";
108 static passwd static_passwd = {
109 .pw_name = static_name,
110 .pw_dir = static_dir,
111 .pw_shell = static_shell,
112 .pw_uid = 0,
113 .pw_gid = 0,
114 };
115
116 for (size_t n = 0; n < android_id_count; ++n) {
117 if (!strcmp(android_ids[n].name, login)) {
118 snprintf(static_name, sizeof(static_name), "%s", android_ids[n].name);
119 static_passwd.pw_uid = android_ids[n].aid;
120 static_passwd.pw_gid = android_ids[n].aid;
121 return &static_passwd;
122 }
123 }
124
125 static const auto vendor_passwd = GetVendorPasswd();
126
127 for (const auto& [name, uid] : vendor_passwd) {
128 if (name == login) {
129 snprintf(static_name, sizeof(static_name), "%s", name.c_str());
130 static_passwd.pw_uid = uid;
131 static_passwd.pw_gid = uid;
132 return &static_passwd;
133 }
134 }
135
136 unsigned int oem_uid;
137 if (sscanf(login, "oem_%u", &oem_uid) == 1) {
138 snprintf(static_name, sizeof(static_name), "%s", login);
139 static_passwd.pw_uid = oem_uid;
140 static_passwd.pw_gid = oem_uid;
141 return &static_passwd;
142 }
143
144 errno = ENOENT;
145 return nullptr;
146 }
147
148 namespace android {
149 namespace init {
150
check_stub(const BuiltinArguments & args)151 static Result<void> check_stub(const BuiltinArguments& args) {
152 return {};
153 }
154
155 #include "generated_stub_builtin_function_map.h"
156
PrintUsage()157 void PrintUsage() {
158 fprintf(stdout, R"(usage: host_init_verifier [options]
159
160 Tests init script(s) for correctness.
161
162 Generic options:
163 -p FILE Search this passwd file for users and groups.
164 --property_contexts=FILE Use this file for property_contexts.
165
166 Single script mode options:
167 [init rc file] Positional argument; test this init script.
168
169 Multiple script mode options:
170 --out_system=DIR Path to the output product directory for the system partition.
171 --out_system_ext=DIR Path to the output product directory for the system_ext partition.
172 --out_odm=DIR Path to the output product directory for the odm partition.
173 --out_vendor=DIR Path to the output product directory for the vendor partition.
174 --out_product=DIR Path to the output product directory for the product partition.
175 )");
176 }
177
ReadInterfaceInheritanceHierarchy()178 Result<InterfaceInheritanceHierarchyMap> ReadInterfaceInheritanceHierarchy() {
179 InterfaceInheritanceHierarchyMap result;
180 for (const HidlInterfaceMetadata& iface : HidlInterfaceMetadata::all()) {
181 std::set<FQName> inherited_interfaces;
182 for (const std::string& intf : iface.inherited) {
183 FQName fqname;
184 if (!fqname.setTo(intf)) {
185 return Error() << "Unable to parse interface '" << intf << "'";
186 }
187 inherited_interfaces.insert(fqname);
188 }
189 FQName fqname;
190 if (!fqname.setTo(iface.name)) {
191 return Error() << "Unable to parse interface '" << iface.name << "'";
192 }
193 result[fqname] = inherited_interfaces;
194 }
195
196 return result;
197 }
198
199 const PropertyInfoArea* property_info_area;
200
HandlePropertyContexts(const std::string & filename,std::vector<PropertyInfoEntry> * property_infos)201 void HandlePropertyContexts(const std::string& filename,
202 std::vector<PropertyInfoEntry>* property_infos) {
203 auto file_contents = std::string();
204 if (!ReadFileToString(filename, &file_contents)) {
205 PLOG(ERROR) << "Could not read properties from '" << filename << "'";
206 exit(EXIT_FAILURE);
207 }
208
209 auto errors = std::vector<std::string>{};
210 ParsePropertyInfoFile(file_contents, true, property_infos, &errors);
211 for (const auto& error : errors) {
212 LOG(ERROR) << "Could not read line from '" << filename << "': " << error;
213 }
214 if (!errors.empty()) {
215 exit(EXIT_FAILURE);
216 }
217 }
218
main(int argc,char ** argv)219 int main(int argc, char** argv) {
220 android::base::InitLogging(argv, &android::base::StdioLogger);
221 android::base::SetMinimumLogSeverity(android::base::ERROR);
222
223 auto property_infos = std::vector<PropertyInfoEntry>();
224 std::map<std::string, std::string> partition_map;
225
226 while (true) {
227 static const char kPropertyContexts[] = "property-contexts=";
228 static const struct option long_options[] = {
229 {"help", no_argument, nullptr, 'h'},
230 {kPropertyContexts, required_argument, nullptr, 0},
231 {"out_system", required_argument, nullptr, 0},
232 {"out_system_ext", required_argument, nullptr, 0},
233 {"out_odm", required_argument, nullptr, 0},
234 {"out_vendor", required_argument, nullptr, 0},
235 {"out_product", required_argument, nullptr, 0},
236 {nullptr, 0, nullptr, 0},
237 };
238
239 int option_index;
240 int arg = getopt_long(argc, argv, "p:", long_options, &option_index);
241
242 if (arg == -1) {
243 break;
244 }
245
246 switch (arg) {
247 case 0:
248 if (long_options[option_index].name == kPropertyContexts) {
249 HandlePropertyContexts(optarg, &property_infos);
250 }
251 for (const auto& p : partition_search_order) {
252 if (long_options[option_index].name == "out_" + p) {
253 if (partition_map.find(p) != partition_map.end()) {
254 PrintUsage();
255 return EXIT_FAILURE;
256 }
257 partition_map[p] =
258 EndsWith(optarg, "/") ? optarg : std::string(optarg) + "/";
259 }
260 }
261 break;
262 case 'h':
263 PrintUsage();
264 return EXIT_FAILURE;
265 case 'p':
266 passwd_files.emplace_back(optarg);
267 break;
268 default:
269 std::cerr << "getprop: getopt returned invalid result: " << arg << std::endl;
270 return EXIT_FAILURE;
271 }
272 }
273
274 argc -= optind;
275 argv += optind;
276
277 // If provided, use the partition map to check multiple init rc files.
278 // Otherwise, check a single init rc file.
279 if ((!partition_map.empty() && argc != 0) || (partition_map.empty() && argc != 1)) {
280 PrintUsage();
281 return EXIT_FAILURE;
282 }
283
284 auto interface_inheritance_hierarchy_map = ReadInterfaceInheritanceHierarchy();
285 if (!interface_inheritance_hierarchy_map.ok()) {
286 LOG(ERROR) << interface_inheritance_hierarchy_map.error();
287 return EXIT_FAILURE;
288 }
289 SetKnownInterfaces(*interface_inheritance_hierarchy_map);
290
291 std::string serialized_contexts;
292 std::string trie_error;
293 if (!BuildTrie(property_infos, "u:object_r:default_prop:s0", "string", &serialized_contexts,
294 &trie_error)) {
295 LOG(ERROR) << "Unable to serialize property contexts: " << trie_error;
296 return EXIT_FAILURE;
297 }
298
299 property_info_area = reinterpret_cast<const PropertyInfoArea*>(serialized_contexts.c_str());
300
301 if (!partition_map.empty()) {
302 std::vector<std::string> vendor_prefixes;
303 for (const auto& partition : {"vendor", "odm"}) {
304 if (partition_map.find(partition) != partition_map.end()) {
305 vendor_prefixes.push_back(partition_map.at(partition));
306 }
307 }
308 InitializeHostSubcontext(vendor_prefixes);
309 }
310
311 const BuiltinFunctionMap& function_map = GetBuiltinFunctionMap();
312 Action::set_function_map(&function_map);
313 ActionManager& am = ActionManager::GetInstance();
314 ServiceList& sl = ServiceList::GetInstance();
315 Parser parser;
316 parser.AddSectionParser("service",
317 std::make_unique<ServiceParser>(&sl, GetSubcontext(),
318 *interface_inheritance_hierarchy_map));
319 parser.AddSectionParser("on", std::make_unique<ActionParser>(&am, GetSubcontext()));
320 parser.AddSectionParser("import", std::make_unique<HostImportParser>());
321
322 if (!partition_map.empty()) {
323 for (const auto& p : partition_search_order) {
324 if (partition_map.find(p) != partition_map.end()) {
325 parser.ParseConfig(partition_map.at(p) + "etc/init");
326 }
327 }
328 } else {
329 if (!parser.ParseConfigFileInsecure(*argv)) {
330 LOG(ERROR) << "Failed to open init rc script '" << *argv << "'";
331 return EXIT_FAILURE;
332 }
333 }
334 size_t failures = parser.parse_error_count() + am.CheckAllCommands() + sl.CheckAllCommands();
335 if (failures > 0) {
336 LOG(ERROR) << "Failed to parse init scripts with " << failures << " error(s).";
337 return EXIT_FAILURE;
338 }
339 return EXIT_SUCCESS;
340 }
341
342 } // namespace init
343 } // namespace android
344
main(int argc,char ** argv)345 int main(int argc, char** argv) {
346 return android::init::main(argc, argv);
347 }
348