1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "linkerconfig/namespace.h"
18
19 #include <android-base/strings.h>
20
21 #include "linkerconfig/apex.h"
22 #include "linkerconfig/log.h"
23
24 using android::base::Result;
25
26 namespace {
27 constexpr const char* kDataAsanPath = "/data/asan";
28
VerifyIfApexNamespaceContainsAllSharedLink(const android::linkerconfig::modules::Namespace & ns)29 Result<void> VerifyIfApexNamespaceContainsAllSharedLink(
30 const android::linkerconfig::modules::Namespace& ns) {
31 auto apex_name = ns.GetApexSource();
32 // If namespace is not from APEX there is no need to check this.
33 if (apex_name == "") {
34 return {};
35 }
36
37 const auto& links = ns.Links();
38 for (const auto& link : links) {
39 if (link.IsAllSharedLibsAllowed()) {
40 return Errorf(
41 "APEX namespace {} is not allowed to have link with all shared libs "
42 "allowed.",
43 ns.GetName());
44 }
45 }
46 return {};
47 }
48
49 } // namespace
50
51 namespace android {
52 namespace linkerconfig {
53 namespace modules {
54
InitializeWithApex(Namespace & ns,const ApexInfo & apex_info)55 void InitializeWithApex(Namespace& ns, const ApexInfo& apex_info) {
56 ns.AddSearchPath(apex_info.path + "/${LIB}");
57 if (apex_info.InVendor()) {
58 ns.AddSearchPath(apex_info.path + "/${LIB}/hw");
59 ns.AddSearchPath(apex_info.path + "/${LIB}/egl");
60 }
61 ns.AddPermittedPath(apex_info.path + "/${LIB}");
62 ns.AddPermittedPath("/system/${LIB}");
63 for (const auto& permitted_path : apex_info.permitted_paths) {
64 ns.AddPermittedPath(permitted_path);
65 }
66 if (apex_info.has_shared_lib) {
67 ns.AddPermittedPath("/apex");
68 }
69 ns.AddProvides(apex_info.provide_libs);
70 ns.AddRequires(apex_info.require_libs);
71 ns.SetApexSource(apex_info.name);
72 }
73
GetLink(const std::string & target_namespace)74 Link& Namespace::GetLink(const std::string& target_namespace) {
75 for (auto& link : links_) {
76 if (link.To() == target_namespace) {
77 return link;
78 }
79 }
80 return links_.emplace_back(name_, target_namespace);
81 }
82
WriteConfig(ConfigWriter & writer)83 void Namespace::WriteConfig(ConfigWriter& writer) {
84 auto verify_result = VerifyContents();
85 if (!verify_result.ok()) {
86 LOG(ERROR) << "Namespace " << name_
87 << " is not valid : " << verify_result.error();
88 return;
89 }
90
91 const auto prefix = "namespace." + name_ + ".";
92
93 writer.WriteLine(prefix + "isolated = " + (is_isolated_ ? "true" : "false"));
94
95 if (is_visible_) {
96 writer.WriteLine(prefix + "visible = true");
97 }
98
99 writer.WriteVars(prefix + "search.paths", search_paths_);
100 writer.WriteVars(prefix + "permitted.paths", permitted_paths_);
101 writer.WriteVars(prefix + "asan.search.paths", asan_search_paths_);
102 writer.WriteVars(prefix + "asan.permitted.paths", asan_permitted_paths_);
103 writer.WriteVars(prefix + "allowed_libs", allowed_libs_);
104
105 std::vector<std::string> link_list;
106 link_list.reserve(links_.size());
107 for (const auto& link : links_) {
108 if (link.Empty()) continue;
109 link_list.push_back(link.To());
110 }
111 if (!link_list.empty()) {
112 writer.WriteLine(prefix + "links = " + android::base::Join(link_list, ","));
113 for (const auto& link : links_) {
114 if (link.Empty()) continue;
115 link.WriteConfig(writer);
116 }
117 }
118 }
119
AddSearchPath(const std::string & path)120 void Namespace::AddSearchPath(const std::string& path) {
121 search_paths_.push_back(path);
122
123 if (RequiresAsanPath(path)) {
124 asan_search_paths_.push_back(CreateAsanPath(path));
125 }
126 asan_search_paths_.push_back(path);
127 }
128
AddPermittedPath(const std::string & path)129 void Namespace::AddPermittedPath(const std::string& path) {
130 permitted_paths_.push_back(path);
131
132 if (RequiresAsanPath(path)) {
133 asan_permitted_paths_.push_back(CreateAsanPath(path));
134 }
135 asan_permitted_paths_.push_back(path);
136 }
137
AddAllowedLib(const std::string & path)138 void Namespace::AddAllowedLib(const std::string& path) {
139 allowed_libs_.push_back(path);
140 }
141
GetName() const142 std::string Namespace::GetName() const {
143 return name_;
144 }
145
RequiresAsanPath(const std::string & path)146 bool Namespace::RequiresAsanPath(const std::string& path) {
147 return !android::base::StartsWith(path, "/apex");
148 }
149
CreateAsanPath(const std::string & path)150 const std::string Namespace::CreateAsanPath(const std::string& path) {
151 return kDataAsanPath + path;
152 }
153
VerifyContents()154 Result<void> Namespace::VerifyContents() {
155 auto apex_with_all_shared_link =
156 VerifyIfApexNamespaceContainsAllSharedLink(*this);
157 if (!apex_with_all_shared_link.ok()) {
158 return apex_with_all_shared_link.error();
159 }
160
161 return {};
162 }
163
164 } // namespace modules
165 } // namespace linkerconfig
166 } // namespace android
167