1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #define LOG_TAG "installd"
17
18 #include <fcntl.h>
19 #include <signal.h>
20 #include <stdlib.h>
21 #include <string.h>
22 #include <sys/capability.h>
23 #include <sys/file.h>
24 #include <sys/stat.h>
25 #include <sys/time.h>
26 #include <sys/types.h>
27 #include <sys/resource.h>
28 #include <sys/wait.h>
29 #include <unistd.h>
30
31 #include <array>
32 #include <iomanip>
33 #include <mutex>
34 #include <unordered_set>
35
36 #include <android-base/file.h>
37 #include <android-base/logging.h>
38 #include <android-base/no_destructor.h>
39 #include <android-base/properties.h>
40 #include <android-base/stringprintf.h>
41 #include <android-base/strings.h>
42 #include <android-base/unique_fd.h>
43 #include <async_safe/log.h>
44 #include <cutils/fs.h>
45 #include <cutils/properties.h>
46 #include <cutils/sched_policy.h>
47 #include <log/log.h> // TODO: Move everything to base/logging.
48 #include <openssl/sha.h>
49 #include <private/android_filesystem_config.h>
50 #include <processgroup/processgroup.h>
51 #include <selinux/android.h>
52 #include <server_configurable_flags/get_flags.h>
53 #include <system/thread_defs.h>
54 #include <utils/Mutex.h>
55 #include <ziparchive/zip_archive.h>
56
57 #include "dexopt.h"
58 #include "dexopt_return_codes.h"
59 #include "execv_helper.h"
60 #include "globals.h"
61 #include "installd_constants.h"
62 #include "installd_deps.h"
63 #include "otapreopt_utils.h"
64 #include "restorable_file.h"
65 #include "run_dex2oat.h"
66 #include "unique_file.h"
67 #include "utils.h"
68
69 using android::base::Basename;
70 using android::base::EndsWith;
71 using android::base::GetBoolProperty;
72 using android::base::GetProperty;
73 using android::base::ReadFdToString;
74 using android::base::ReadFully;
75 using android::base::StringPrintf;
76 using android::base::WriteFully;
77 using android::base::borrowed_fd;
78 using android::base::unique_fd;
79
80 namespace {
81
82 // Timeout for short operations, such as merging profiles.
83 constexpr int kShortTimeoutMs = 60000; // 1 minute.
84
85 // Timeout for long operations, such as compilation. This should be smaller than the Package Manager
86 // watchdog (PackageManagerService.WATCHDOG_TIMEOUT, 10 minutes), so that the operation will be
87 // aborted before that watchdog would take down the system server.
88 constexpr int kLongTimeoutMs = 570000; // 9.5 minutes.
89
90 class DexOptStatus {
91 public:
92 // Check if dexopt is cancelled and fork if it is not cancelled.
93 // cancelled is set to true if cancelled. Otherwise it will be set to false.
94 // If it is not cancelled, it will return the return value of fork() call.
95 // If cancelled, fork will not happen and it will return -1.
check_cancellation_and_fork(bool * cancelled)96 pid_t check_cancellation_and_fork(/* out */ bool *cancelled) {
97 std::lock_guard<std::mutex> lock(dexopt_lock_);
98 if (dexopt_blocked_) {
99 *cancelled = true;
100 return -1;
101 }
102 pid_t pid = fork();
103 *cancelled = false;
104 if (pid > 0) { // parent
105 dexopt_pids_.insert(pid);
106 }
107 return pid;
108 }
109
110 // Returns true if pid was killed (is in killed list). It could have finished if killing
111 // happened after the process is finished.
check_if_killed_and_remove_dexopt_pid(pid_t pid)112 bool check_if_killed_and_remove_dexopt_pid(pid_t pid) {
113 std::lock_guard<std::mutex> lock(dexopt_lock_);
114 dexopt_pids_.erase(pid);
115 if (dexopt_killed_pids_.erase(pid) == 1) {
116 return true;
117 }
118 return false;
119 }
120
121 // Tells whether dexopt is blocked or not.
is_dexopt_blocked()122 bool is_dexopt_blocked() {
123 std::lock_guard<std::mutex> lock(dexopt_lock_);
124 return dexopt_blocked_;
125 }
126
127 // Enable or disable dexopt blocking.
control_dexopt_blocking(bool block)128 void control_dexopt_blocking(bool block) {
129 std::lock_guard<std::mutex> lock(dexopt_lock_);
130 dexopt_blocked_ = block;
131 if (!block) {
132 return;
133 }
134 // Blocked, also kill currently running tasks
135 for (auto pid : dexopt_pids_) {
136 LOG(INFO) << "control_dexopt_blocking kill pid:" << pid;
137 kill(pid, SIGKILL);
138 dexopt_killed_pids_.insert(pid);
139 }
140 dexopt_pids_.clear();
141 }
142
143 private:
144 std::mutex dexopt_lock_;
145 // when true, dexopt is blocked and will not run.
146 bool dexopt_blocked_ GUARDED_BY(dexopt_lock_) = false;
147 // PIDs of child process while runinng dexopt.
148 // If the child process is finished, it should be removed.
149 std::unordered_set<pid_t> dexopt_pids_ GUARDED_BY(dexopt_lock_);
150 // PIDs of child processes killed by cancellation.
151 std::unordered_set<pid_t> dexopt_killed_pids_ GUARDED_BY(dexopt_lock_);
152 };
153
154 android::base::NoDestructor<DexOptStatus> dexopt_status_;
155
156 } // namespace
157
158 namespace android {
159 namespace installd {
160
161
162 // Deleter using free() for use with std::unique_ptr<>. See also UniqueCPtr<> below.
163 struct FreeDelete {
164 // NOTE: Deleting a const object is valid but free() takes a non-const pointer.
operator ()android::installd::FreeDelete165 void operator()(const void* ptr) const {
166 free(const_cast<void*>(ptr));
167 }
168 };
169
170 // Alias for std::unique_ptr<> that uses the C function free() to delete objects.
171 template <typename T>
172 using UniqueCPtr = std::unique_ptr<T, FreeDelete>;
173
invalid_unique_fd()174 static unique_fd invalid_unique_fd() {
175 return unique_fd(-1);
176 }
177
is_debug_runtime()178 static bool is_debug_runtime() {
179 return android::base::GetProperty("persist.sys.dalvik.vm.lib.2", "") == "libartd.so";
180 }
181
is_debuggable_build()182 static bool is_debuggable_build() {
183 return android::base::GetBoolProperty("ro.debuggable", false);
184 }
185
clear_profile(const std::string & profile)186 static bool clear_profile(const std::string& profile) {
187 unique_fd ufd(open(profile.c_str(), O_WRONLY | O_NOFOLLOW | O_CLOEXEC));
188 if (ufd.get() < 0) {
189 if (errno != ENOENT) {
190 PLOG(WARNING) << "Could not open profile " << profile;
191 return false;
192 } else {
193 // Nothing to clear. That's ok.
194 return true;
195 }
196 }
197
198 if (flock(ufd.get(), LOCK_EX | LOCK_NB) != 0) {
199 if (errno != EWOULDBLOCK) {
200 PLOG(WARNING) << "Error locking profile " << profile;
201 }
202 // This implies that the app owning this profile is running
203 // (and has acquired the lock).
204 //
205 // If we can't acquire the lock bail out since clearing is useless anyway
206 // (the app will write again to the profile).
207 //
208 // Note:
209 // This does not impact the this is not an issue for the profiling correctness.
210 // In case this is needed because of an app upgrade, profiles will still be
211 // eventually cleared by the app itself due to checksum mismatch.
212 // If this is needed because profman advised, then keeping the data around
213 // until the next run is again not an issue.
214 //
215 // If the app attempts to acquire a lock while we've held one here,
216 // it will simply skip the current write cycle.
217 return false;
218 }
219
220 bool truncated = ftruncate(ufd.get(), 0) == 0;
221 if (!truncated) {
222 PLOG(WARNING) << "Could not truncate " << profile;
223 }
224 if (flock(ufd.get(), LOCK_UN) != 0) {
225 PLOG(WARNING) << "Error unlocking profile " << profile;
226 }
227 return truncated;
228 }
229
230 // Clear the reference profile for the given location.
231 // The location is the profile name for primary apks or the dex path for secondary dex files.
clear_reference_profile(const std::string & package_name,const std::string & location,bool is_secondary_dex)232 static bool clear_reference_profile(const std::string& package_name, const std::string& location,
233 bool is_secondary_dex) {
234 return clear_profile(create_reference_profile_path(package_name, location, is_secondary_dex));
235 }
236
237 // Clear the reference profile for the given location.
238 // The location is the profile name for primary apks or the dex path for secondary dex files.
clear_current_profile(const std::string & package_name,const std::string & location,userid_t user,bool is_secondary_dex)239 static bool clear_current_profile(const std::string& package_name, const std::string& location,
240 userid_t user, bool is_secondary_dex) {
241 return clear_profile(create_current_profile_path(user, package_name, location,
242 is_secondary_dex));
243 }
244
245 // Clear the reference profile for the primary apk of the given package.
246 // The location is the profile name for primary apks or the dex path for secondary dex files.
clear_primary_reference_profile(const std::string & package_name,const std::string & location)247 bool clear_primary_reference_profile(const std::string& package_name,
248 const std::string& location) {
249 return clear_reference_profile(package_name, location, /*is_secondary_dex*/false);
250 }
251
252 // Clear all current profile for the primary apk of the given package.
253 // The location is the profile name for primary apks or the dex path for secondary dex files.
clear_primary_current_profiles(const std::string & package_name,const std::string & location)254 bool clear_primary_current_profiles(const std::string& package_name, const std::string& location) {
255 bool success = true;
256 // For secondary dex files, we don't really need the user but we use it for validity checks.
257 std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr);
258 for (auto user : users) {
259 success &= clear_current_profile(package_name, location, user, /*is_secondary_dex*/false);
260 }
261 return success;
262 }
263
264 // Clear the current profile for the primary apk of the given package and user.
clear_primary_current_profile(const std::string & package_name,const std::string & location,userid_t user)265 bool clear_primary_current_profile(const std::string& package_name, const std::string& location,
266 userid_t user) {
267 return clear_current_profile(package_name, location, user, /*is_secondary_dex*/false);
268 }
269
270 // Determines which binary we should use for execution (the debug or non-debug version).
271 // e.g. dex2oatd vs dex2oat
select_execution_binary(const char * binary,const char * debug_binary,bool background_job_compile)272 static const char* select_execution_binary(const char* binary, const char* debug_binary,
273 bool background_job_compile) {
274 return select_execution_binary(
275 binary,
276 debug_binary,
277 background_job_compile,
278 is_debug_runtime(),
279 (android::base::GetProperty("ro.build.version.codename", "") == "REL"),
280 is_debuggable_build());
281 }
282
283 // Determines which binary we should use for execution (the debug or non-debug version).
284 // e.g. dex2oatd vs dex2oat
285 // This is convenient method which is much easier to test because it doesn't read
286 // system properties.
select_execution_binary(const char * binary,const char * debug_binary,bool background_job_compile,bool is_debug_runtime,bool is_release,bool is_debuggable_build)287 const char* select_execution_binary(
288 const char* binary,
289 const char* debug_binary,
290 bool background_job_compile,
291 bool is_debug_runtime,
292 bool is_release,
293 bool is_debuggable_build) {
294 // Do not use debug binaries for release candidates (to give more soak time).
295 bool is_debug_bg_job = background_job_compile && is_debuggable_build && !is_release;
296
297 // If the runtime was requested to use libartd.so, we'll run the debug version - assuming
298 // the file is present (it may not be on images with very little space available).
299 bool useDebug = (is_debug_runtime || is_debug_bg_job) && (access(debug_binary, X_OK) == 0);
300
301 return useDebug ? debug_binary : binary;
302 }
303
304 // Namespace for Android Runtime flags applied during boot time.
305 static const char* RUNTIME_NATIVE_BOOT_NAMESPACE = "runtime_native_boot";
306 // Feature flag name for running the JIT in Zygote experiment, b/119800099.
307 static const char* ENABLE_JITZYGOTE_IMAGE = "enable_apex_image";
308
309 // Phenotype property name for enabling profiling the boot class path.
310 static const char* PROFILE_BOOT_CLASS_PATH = "profilebootclasspath";
311
IsBootClassPathProfilingEnable()312 static bool IsBootClassPathProfilingEnable() {
313 std::string profile_boot_class_path = GetProperty("dalvik.vm.profilebootclasspath", "");
314 profile_boot_class_path =
315 server_configurable_flags::GetServerConfigurableFlag(
316 RUNTIME_NATIVE_BOOT_NAMESPACE,
317 PROFILE_BOOT_CLASS_PATH,
318 /*default_value=*/ profile_boot_class_path);
319 return profile_boot_class_path == "true";
320 }
321
322 /*
323 * Whether dexopt should use a swap file when compiling an APK.
324 *
325 * If kAlwaysProvideSwapFile, do this on all devices (dex2oat will make a more informed decision
326 * itself, anyways).
327 *
328 * Otherwise, read "dalvik.vm.dex2oat-swap". If the property exists, return whether it is "true".
329 *
330 * Otherwise, return true if this is a low-mem device.
331 *
332 * Otherwise, return default value.
333 */
334 static bool kAlwaysProvideSwapFile = false;
335 static bool kDefaultProvideSwapFile = true;
336
ShouldUseSwapFileForDexopt()337 static bool ShouldUseSwapFileForDexopt() {
338 if (kAlwaysProvideSwapFile) {
339 return true;
340 }
341
342 // Check the "override" property. If it exists, return value == "true".
343 std::string dex2oat_prop_buf = GetProperty("dalvik.vm.dex2oat-swap", "");
344 if (!dex2oat_prop_buf.empty()) {
345 return dex2oat_prop_buf == "true";
346 }
347
348 // Shortcut for default value. This is an implementation optimization for the process sketched
349 // above. If the default value is true, we can avoid to check whether this is a low-mem device,
350 // as low-mem is never returning false. The compiler will optimize this away if it can.
351 if (kDefaultProvideSwapFile) {
352 return true;
353 }
354
355 if (GetBoolProperty("ro.config.low_ram", false)) {
356 return true;
357 }
358
359 // Default value must be false here.
360 return kDefaultProvideSwapFile;
361 }
362
SetDex2OatScheduling(bool set_to_bg)363 static void SetDex2OatScheduling(bool set_to_bg) {
364 if (set_to_bg) {
365 if (!SetTaskProfiles(0, {"Dex2OatBootComplete"})) {
366 LOG(ERROR) << "Failed to set dex2oat task profile";
367 exit(DexoptReturnCodes::kSetSchedPolicy);
368 }
369 if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) {
370 PLOG(ERROR) << "setpriority failed";
371 exit(DexoptReturnCodes::kSetPriority);
372 }
373 }
374 }
375
create_profile(uid_t uid,const std::string & profile,int32_t flags,mode_t mode)376 static unique_fd create_profile(uid_t uid, const std::string& profile, int32_t flags, mode_t mode) {
377 unique_fd fd(TEMP_FAILURE_RETRY(open(profile.c_str(), flags, mode)));
378 if (fd.get() < 0) {
379 if (errno != EEXIST) {
380 PLOG(ERROR) << "Failed to create profile " << profile;
381 return invalid_unique_fd();
382 }
383 }
384 // Profiles should belong to the app; make sure of that by giving ownership to
385 // the app uid. If we cannot do that, there's no point in returning the fd
386 // since dex2oat/profman will fail with SElinux denials.
387 if (fchown(fd.get(), uid, uid) < 0) {
388 PLOG(ERROR) << "Could not chown profile " << profile;
389 return invalid_unique_fd();
390 }
391 return fd;
392 }
393
open_profile(uid_t uid,const std::string & profile,int32_t flags,mode_t mode)394 static unique_fd open_profile(uid_t uid, const std::string& profile, int32_t flags, mode_t mode) {
395 // Do not follow symlinks when opening a profile:
396 // - primary profiles should not contain symlinks in their paths
397 // - secondary dex paths should have been already resolved and validated
398 flags |= O_NOFOLLOW;
399
400 // Check if we need to create the profile
401 // Reference profiles and snapshots are created on the fly; so they might not exist beforehand.
402 unique_fd fd;
403 if ((flags & O_CREAT) != 0) {
404 fd = create_profile(uid, profile, flags, mode);
405 } else {
406 fd.reset(TEMP_FAILURE_RETRY(open(profile.c_str(), flags)));
407 }
408
409 if (fd.get() < 0) {
410 if (errno != ENOENT) {
411 // Profiles might be missing for various reasons. For example, in a
412 // multi-user environment, the profile directory for one user can be created
413 // after we start a merge. In this case the current profile for that user
414 // will not be found.
415 // Also, the secondary dex profiles might be deleted by the app at any time,
416 // so we can't we need to prepare if they are missing.
417 PLOG(ERROR) << "Failed to open profile " << profile;
418 }
419 return invalid_unique_fd();
420 } else {
421 // If we just create the file we need to set its mode because on Android
422 // open has a mask that only allows owner access.
423 if ((flags & O_CREAT) != 0) {
424 if (fchmod(fd.get(), mode) != 0) {
425 PLOG(ERROR) << "Could not set mode " << std::hex << mode << std::dec
426 << " on profile" << profile;
427 // Not a terminal failure.
428 }
429 }
430 }
431
432 return fd;
433 }
434
open_current_profile(uid_t uid,userid_t user,const std::string & package_name,const std::string & location,bool is_secondary_dex)435 static unique_fd open_current_profile(uid_t uid, userid_t user, const std::string& package_name,
436 const std::string& location, bool is_secondary_dex) {
437 std::string profile = create_current_profile_path(user, package_name, location,
438 is_secondary_dex);
439 return open_profile(uid, profile, O_RDONLY, /*mode=*/ 0);
440 }
441
open_reference_profile(uid_t uid,const std::string & package_name,const std::string & location,bool read_write,bool is_secondary_dex)442 static unique_fd open_reference_profile(uid_t uid, const std::string& package_name,
443 const std::string& location, bool read_write, bool is_secondary_dex) {
444 std::string profile = create_reference_profile_path(package_name, location, is_secondary_dex);
445 return open_profile(
446 uid,
447 profile,
448 read_write ? (O_CREAT | O_RDWR) : O_RDONLY,
449 S_IRUSR | S_IWUSR | S_IRGRP); // so that ART can also read it when apps run.
450 }
451
open_reference_profile_as_unique_file(uid_t uid,const std::string & package_name,const std::string & location,bool read_write,bool is_secondary_dex)452 static UniqueFile open_reference_profile_as_unique_file(uid_t uid, const std::string& package_name,
453 const std::string& location, bool read_write, bool is_secondary_dex) {
454 std::string profile_path = create_reference_profile_path(package_name, location,
455 is_secondary_dex);
456 unique_fd ufd = open_profile(
457 uid,
458 profile_path,
459 read_write ? (O_CREAT | O_RDWR) : O_RDONLY,
460 S_IRUSR | S_IWUSR | S_IRGRP); // so that ART can also read it when apps run.
461
462 return UniqueFile(ufd.release(), profile_path, [](const std::string& path) {
463 clear_profile(path);
464 });
465 }
466
open_snapshot_profile(uid_t uid,const std::string & package_name,const std::string & location)467 static unique_fd open_snapshot_profile(uid_t uid, const std::string& package_name,
468 const std::string& location) {
469 std::string profile = create_snapshot_profile_path(package_name, location);
470 return open_profile(uid, profile, O_CREAT | O_RDWR | O_TRUNC, S_IRUSR | S_IWUSR);
471 }
472
open_profile_files(uid_t uid,const std::string & package_name,const std::string & location,bool is_secondary_dex,std::vector<unique_fd> * profiles_fd,unique_fd * reference_profile_fd)473 static void open_profile_files(uid_t uid, const std::string& package_name,
474 const std::string& location, bool is_secondary_dex,
475 /*out*/ std::vector<unique_fd>* profiles_fd, /*out*/ unique_fd* reference_profile_fd) {
476 // Open the reference profile in read-write mode as profman might need to save the merge.
477 *reference_profile_fd = open_reference_profile(uid, package_name, location,
478 /*read_write*/ true, is_secondary_dex);
479
480 // For secondary dex files, we don't really need the user but we use it for validity checks.
481 // Note: the user owning the dex file should be the current user.
482 std::vector<userid_t> users;
483 if (is_secondary_dex){
484 users.push_back(multiuser_get_user_id(uid));
485 } else {
486 users = get_known_users(/*volume_uuid*/ nullptr);
487 }
488 for (auto user : users) {
489 unique_fd profile_fd = open_current_profile(uid, user, package_name, location,
490 is_secondary_dex);
491 // Add to the lists only if both fds are valid.
492 if (profile_fd.get() >= 0) {
493 profiles_fd->push_back(std::move(profile_fd));
494 }
495 }
496 }
497
498 // Cleans up an output file specified by a file descriptor. This function should be called whenever
499 // a subprocess that modifies a system-managed file crashes.
500 // If the subprocess crashes while it's writing to the file, the file is likely corrupted, so we
501 // should remove it.
502 // If the subprocess times out and is killed while it's acquiring a flock on the file, there is
503 // probably a deadlock, so it's also good to remove the file so that later operations won't
504 // encounter the same problem. It's safe to do so because the process that is holding the flock will
505 // still have access to the file until the file descriptor is closed.
506 // Note that we can't do `clear_reference_profile` here even if the fd points to a reference profile
507 // because that also requires a flock and is therefore likely to be stuck in the second case.
cleanup_output_fd(int fd)508 static bool cleanup_output_fd(int fd) {
509 std::string path;
510 bool ret = remove_file_at_fd(fd, &path);
511 if (ret) {
512 LOG(INFO) << "Removed file at path " << path;
513 }
514 return ret;
515 }
516
517 static constexpr int PROFMAN_BIN_RETURN_CODE_SUCCESS = 0;
518 static constexpr int PROFMAN_BIN_RETURN_CODE_COMPILE = 1;
519 static constexpr int PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION_NOT_ENOUGH_DELTA = 2;
520 static constexpr int PROFMAN_BIN_RETURN_CODE_BAD_PROFILES = 3;
521 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_IO = 4;
522 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING = 5;
523 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_DIFFERENT_VERSIONS = 6;
524 static constexpr int PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION_EMPTY_PROFILES = 7;
525
526 class RunProfman : public ExecVHelper {
527 public:
528 template <typename T, typename U>
SetupArgs(const std::vector<T> & profile_fds,const unique_fd & reference_profile_fd,const std::vector<U> & apk_fds,const std::vector<std::string> & dex_locations,bool copy_and_update,bool for_snapshot,bool for_boot_image)529 void SetupArgs(const std::vector<T>& profile_fds,
530 const unique_fd& reference_profile_fd,
531 const std::vector<U>& apk_fds,
532 const std::vector<std::string>& dex_locations,
533 bool copy_and_update,
534 bool for_snapshot,
535 bool for_boot_image) {
536
537 // TODO(calin): Assume for now we run in the bg compile job (which is in
538 // most of the invocation). With the current data flow, is not very easy or
539 // clean to discover this in RunProfman (it will require quite a messy refactoring).
540 const char* profman_bin = select_execution_binary(
541 kProfmanPath, kProfmanDebugPath, /*background_job_compile=*/ true);
542
543 if (copy_and_update) {
544 CHECK_EQ(1u, profile_fds.size());
545 CHECK_EQ(1u, apk_fds.size());
546 }
547 if (reference_profile_fd != -1) {
548 AddArg("--reference-profile-file-fd=" + std::to_string(reference_profile_fd.get()));
549 }
550
551 for (const T& fd : profile_fds) {
552 AddArg("--profile-file-fd=" + std::to_string(fd.get()));
553 }
554
555 for (const U& fd : apk_fds) {
556 AddArg("--apk-fd=" + std::to_string(fd.get()));
557 }
558
559 for (const std::string& dex_location : dex_locations) {
560 AddArg("--dex-location=" + dex_location);
561 }
562
563 if (copy_and_update) {
564 AddArg("--copy-and-update-profile-key");
565 }
566
567 if (for_snapshot) {
568 AddArg("--force-merge");
569 }
570
571 if (for_boot_image) {
572 AddArg("--boot-image-merge");
573 }
574
575 // The percent won't exceed 100, otherwise, don't set it and use the
576 // default one set in profman.
577 uint32_t min_new_classes_percent_change = ::android::base::GetUintProperty<uint32_t>(
578 "dalvik.vm.bgdexopt.new-classes-percent",
579 /*default*/std::numeric_limits<uint32_t>::max());
580 if (min_new_classes_percent_change <= 100) {
581 AddArg("--min-new-classes-percent-change=" +
582 std::to_string(min_new_classes_percent_change));
583 }
584
585 // The percent won't exceed 100, otherwise, don't set it and use the
586 // default one set in profman.
587 uint32_t min_new_methods_percent_change = ::android::base::GetUintProperty<uint32_t>(
588 "dalvik.vm.bgdexopt.new-methods-percent",
589 /*default*/std::numeric_limits<uint32_t>::max());
590 if (min_new_methods_percent_change <= 100) {
591 AddArg("--min-new-methods-percent-change=" +
592 std::to_string(min_new_methods_percent_change));
593 }
594
595 // Do not add after dex2oat_flags, they should override others for debugging.
596 PrepareArgs(profman_bin);
597 }
598
SetupMerge(const std::vector<unique_fd> & profiles_fd,const unique_fd & reference_profile_fd,const std::vector<unique_fd> & apk_fds=std::vector<unique_fd> (),const std::vector<std::string> & dex_locations=std::vector<std::string> (),bool for_snapshot=false,bool for_boot_image=false)599 void SetupMerge(const std::vector<unique_fd>& profiles_fd,
600 const unique_fd& reference_profile_fd,
601 const std::vector<unique_fd>& apk_fds = std::vector<unique_fd>(),
602 const std::vector<std::string>& dex_locations = std::vector<std::string>(),
603 bool for_snapshot = false,
604 bool for_boot_image = false) {
605 SetupArgs(profiles_fd,
606 reference_profile_fd,
607 apk_fds,
608 dex_locations,
609 /*copy_and_update=*/ false,
610 for_snapshot,
611 for_boot_image);
612 }
613
SetupCopyAndUpdate(const unique_fd & profile_fd,const unique_fd & reference_profile_fd,const unique_fd & apk_fd,const std::string & dex_location)614 void SetupCopyAndUpdate(const unique_fd& profile_fd,
615 const unique_fd& reference_profile_fd,
616 const unique_fd& apk_fd,
617 const std::string& dex_location) {
618 SetupArgs(std::vector<borrowed_fd>{profile_fd},
619 reference_profile_fd,
620 std::vector<borrowed_fd>{apk_fd},
621 {dex_location},
622 /*copy_and_update=*/true,
623 /*for_snapshot*/false,
624 /*for_boot_image*/false);
625 }
626
SetupDump(const std::vector<unique_fd> & profiles_fd,const unique_fd & reference_profile_fd,const std::vector<std::string> & dex_locations,const std::vector<unique_fd> & apk_fds,bool dump_classes_and_methods,const unique_fd & output_fd)627 void SetupDump(const std::vector<unique_fd>& profiles_fd, const unique_fd& reference_profile_fd,
628 const std::vector<std::string>& dex_locations,
629 const std::vector<unique_fd>& apk_fds, bool dump_classes_and_methods,
630 const unique_fd& output_fd) {
631 if (dump_classes_and_methods) {
632 AddArg("--dump-classes-and-methods");
633 } else {
634 AddArg("--dump-only");
635 }
636 AddArg(StringPrintf("--dump-output-to-fd=%d", output_fd.get()));
637 SetupArgs(profiles_fd,
638 reference_profile_fd,
639 apk_fds,
640 dex_locations,
641 /*copy_and_update=*/false,
642 /*for_snapshot*/false,
643 /*for_boot_image*/false);
644 }
645
646 using ExecVHelper::Exec; // To suppress -Wno-overloaded-virtual
Exec()647 void Exec() {
648 ExecVHelper::Exec(DexoptReturnCodes::kProfmanExec);
649 }
650 };
651
analyze_profiles(uid_t uid,const std::string & package_name,const std::string & location,bool is_secondary_dex)652 static int analyze_profiles(uid_t uid, const std::string& package_name,
653 const std::string& location, bool is_secondary_dex) {
654 std::vector<unique_fd> profiles_fd;
655 unique_fd reference_profile_fd;
656 open_profile_files(uid, package_name, location, is_secondary_dex,
657 &profiles_fd, &reference_profile_fd);
658 if (profiles_fd.empty() || (reference_profile_fd.get() < 0)) {
659 // Skip profile guided compilation because no profiles were found.
660 // Or if the reference profile info couldn't be opened.
661 return PROFILES_ANALYSIS_DONT_OPTIMIZE_EMPTY_PROFILES;
662 }
663
664 RunProfman profman_merge;
665 const std::vector<unique_fd>& apk_fds = std::vector<unique_fd>();
666 const std::vector<std::string>& dex_locations = std::vector<std::string>();
667 profman_merge.SetupMerge(
668 profiles_fd,
669 reference_profile_fd,
670 apk_fds,
671 dex_locations,
672 /* for_snapshot= */ false,
673 IsBootClassPathProfilingEnable());
674 pid_t pid = fork();
675 if (pid == 0) {
676 /* child -- drop privileges before continuing */
677 drop_capabilities(uid);
678 profman_merge.Exec();
679 }
680 /* parent */
681 int return_code = wait_child_with_timeout(pid, kShortTimeoutMs);
682 bool need_to_compile = false;
683 bool empty_profiles = false;
684 bool should_clear_current_profiles = false;
685 bool should_clear_reference_profile = false;
686 if (!WIFEXITED(return_code)) {
687 LOG(WARNING) << "profman failed for location " << location << ": " << return_code;
688 cleanup_output_fd(reference_profile_fd.get());
689 } else {
690 return_code = WEXITSTATUS(return_code);
691 switch (return_code) {
692 case PROFMAN_BIN_RETURN_CODE_COMPILE:
693 need_to_compile = true;
694 should_clear_current_profiles = true;
695 should_clear_reference_profile = false;
696 break;
697 case PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION_NOT_ENOUGH_DELTA:
698 need_to_compile = false;
699 should_clear_current_profiles = false;
700 should_clear_reference_profile = false;
701 break;
702 case PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION_EMPTY_PROFILES:
703 need_to_compile = false;
704 empty_profiles = true;
705 should_clear_current_profiles = false;
706 should_clear_reference_profile = false;
707 break;
708 case PROFMAN_BIN_RETURN_CODE_BAD_PROFILES:
709 LOG(WARNING) << "Bad profiles for location " << location;
710 need_to_compile = false;
711 should_clear_current_profiles = true;
712 should_clear_reference_profile = true;
713 break;
714 case PROFMAN_BIN_RETURN_CODE_ERROR_IO: // fall-through
715 case PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING:
716 // Temporary IO problem (e.g. locking). Ignore but log a warning.
717 LOG(WARNING) << "IO error while reading profiles for location " << location;
718 need_to_compile = false;
719 should_clear_current_profiles = false;
720 should_clear_reference_profile = false;
721 break;
722 case PROFMAN_BIN_RETURN_CODE_ERROR_DIFFERENT_VERSIONS:
723 need_to_compile = false;
724 should_clear_current_profiles = true;
725 should_clear_reference_profile = true;
726 break;
727 default:
728 // Unknown return code or error. Unlink profiles.
729 LOG(WARNING) << "Unexpected error code while processing profiles for location "
730 << location << ": " << return_code;
731 need_to_compile = false;
732 should_clear_current_profiles = true;
733 should_clear_reference_profile = true;
734 break;
735 }
736 }
737
738 if (should_clear_current_profiles) {
739 if (is_secondary_dex) {
740 // For secondary dex files, the owning user is the current user.
741 clear_current_profile(package_name, location, multiuser_get_user_id(uid),
742 is_secondary_dex);
743 } else {
744 clear_primary_current_profiles(package_name, location);
745 }
746 }
747 if (should_clear_reference_profile) {
748 clear_reference_profile(package_name, location, is_secondary_dex);
749 }
750 int result = 0;
751 if (need_to_compile) {
752 result = PROFILES_ANALYSIS_OPTIMIZE;
753 } else if (empty_profiles) {
754 result = PROFILES_ANALYSIS_DONT_OPTIMIZE_EMPTY_PROFILES;
755 } else {
756 result = PROFILES_ANALYSIS_DONT_OPTIMIZE_SMALL_DELTA;
757 }
758 return result;
759 }
760
761 // Decides if profile guided compilation is needed or not based on existing profiles.
762 // The analysis is done for a single profile name (which corresponds to a single code path).
763 //
764 // Returns PROFILES_ANALYSIS_OPTIMIZE if there is enough information in the current profiles
765 // that makes it worth to recompile the package.
766 // If the return value is PROFILES_ANALYSIS_OPTIMIZE all the current profiles would have been
767 // merged into the reference profiles accessible with open_reference_profile().
768 //
769 // Return PROFILES_ANALYSIS_DONT_OPTIMIZE_SMALL_DELTA if the package should not optimize.
770 // As a special case returns PROFILES_ANALYSIS_DONT_OPTIMIZE_EMPTY_PROFILES if all profiles are
771 // empty.
analyze_primary_profiles(uid_t uid,const std::string & package_name,const std::string & profile_name)772 int analyze_primary_profiles(uid_t uid, const std::string& package_name,
773 const std::string& profile_name) {
774 return analyze_profiles(uid, package_name, profile_name, /*is_secondary_dex*/false);
775 }
776
dump_profiles(int32_t uid,const std::string & pkgname,const std::string & profile_name,const std::string & code_path,bool dump_classes_and_methods)777 bool dump_profiles(int32_t uid, const std::string& pkgname, const std::string& profile_name,
778 const std::string& code_path, bool dump_classes_and_methods) {
779 std::vector<unique_fd> profile_fds;
780 unique_fd reference_profile_fd;
781 std::string out_file_name = StringPrintf("/data/misc/profman/%s-%s.txt",
782 pkgname.c_str(), profile_name.c_str());
783
784 open_profile_files(uid, pkgname, profile_name, /*is_secondary_dex*/false,
785 &profile_fds, &reference_profile_fd);
786
787 const bool has_reference_profile = (reference_profile_fd.get() != -1);
788 const bool has_profiles = !profile_fds.empty();
789
790 if (!has_reference_profile && !has_profiles) {
791 LOG(ERROR) << "profman dump: no profiles to dump for " << pkgname;
792 return false;
793 }
794
795 unique_fd output_fd(open(out_file_name.c_str(),
796 O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, 0644));
797 if (fchmod(output_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
798 LOG(ERROR) << "installd cannot chmod file for dump_profile" << out_file_name;
799 return false;
800 }
801
802 std::vector<std::string> dex_locations;
803 std::vector<unique_fd> apk_fds;
804 unique_fd apk_fd(open(code_path.c_str(), O_RDONLY | O_NOFOLLOW));
805 if (apk_fd == -1) {
806 PLOG(ERROR) << "installd cannot open " << code_path.c_str();
807 return false;
808 }
809 dex_locations.push_back(Basename(code_path));
810 apk_fds.push_back(std::move(apk_fd));
811
812
813 RunProfman profman_dump;
814 profman_dump.SetupDump(profile_fds, reference_profile_fd, dex_locations, apk_fds,
815 dump_classes_and_methods, output_fd);
816 pid_t pid = fork();
817 if (pid == 0) {
818 /* child -- drop privileges before continuing */
819 drop_capabilities(uid);
820 profman_dump.Exec();
821 }
822 /* parent */
823 int return_code = wait_child_with_timeout(pid, kShortTimeoutMs);
824 if (!WIFEXITED(return_code)) {
825 LOG(WARNING) << "profman failed for package " << pkgname << ": " << return_code;
826 cleanup_output_fd(output_fd.get());
827 return false;
828 }
829 return true;
830 }
831
copy_system_profile(const std::string & system_profile,uid_t packageUid,const std::string & package_name,const std::string & profile_name)832 bool copy_system_profile(const std::string& system_profile,
833 uid_t packageUid, const std::string& package_name, const std::string& profile_name) {
834 unique_fd in_fd(open(system_profile.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC));
835 unique_fd out_fd(open_reference_profile(packageUid,
836 package_name,
837 profile_name,
838 /*read_write*/ true,
839 /*secondary*/ false));
840 if (in_fd.get() < 0) {
841 PLOG(WARNING) << "Could not open profile " << system_profile;
842 return false;
843 }
844 if (out_fd.get() < 0) {
845 PLOG(WARNING) << "Could not open profile " << package_name;
846 return false;
847 }
848
849 // As a security measure we want to write the profile information with the reduced capabilities
850 // of the package user id. So we fork and drop capabilities in the child.
851 pid_t pid = fork();
852 if (pid == 0) {
853 /* child -- drop privileges before continuing */
854 drop_capabilities(packageUid);
855
856 if (flock(out_fd.get(), LOCK_EX | LOCK_NB) != 0) {
857 if (errno != EWOULDBLOCK) {
858 async_safe_format_log(ANDROID_LOG_WARN, LOG_TAG, "Error locking profile %s: %d",
859 package_name.c_str(), errno);
860 }
861 // This implies that the app owning this profile is running
862 // (and has acquired the lock).
863 //
864 // The app never acquires the lock for the reference profiles of primary apks.
865 // Only dex2oat from installd will do that. Since installd is single threaded
866 // we should not see this case. Nevertheless be prepared for it.
867 async_safe_format_log(ANDROID_LOG_WARN, LOG_TAG, "Failed to flock %s: %d",
868 package_name.c_str(), errno);
869 return false;
870 }
871
872 bool truncated = ftruncate(out_fd.get(), 0) == 0;
873 if (!truncated) {
874 async_safe_format_log(ANDROID_LOG_WARN, LOG_TAG, "Could not truncate %s: %d",
875 package_name.c_str(), errno);
876 }
877
878 // Copy over data.
879 static constexpr size_t kBufferSize = 4 * 1024;
880 char buffer[kBufferSize];
881 while (true) {
882 ssize_t bytes = read(in_fd.get(), buffer, kBufferSize);
883 if (bytes == 0) {
884 break;
885 }
886 write(out_fd.get(), buffer, bytes);
887 }
888 if (flock(out_fd.get(), LOCK_UN) != 0) {
889 async_safe_format_log(ANDROID_LOG_WARN, LOG_TAG, "Error unlocking profile %s: %d",
890 package_name.c_str(), errno);
891 }
892 // Use _exit since we don't want to run the global destructors in the child.
893 // b/62597429
894 _exit(0);
895 }
896 /* parent */
897 int return_code = wait_child_with_timeout(pid, kShortTimeoutMs);
898 if (!WIFEXITED(return_code)) {
899 cleanup_output_fd(out_fd.get());
900 return false;
901 }
902 return return_code == 0;
903 }
904
replace_file_extension(const std::string & oat_path,const std::string & new_ext)905 static std::string replace_file_extension(const std::string& oat_path, const std::string& new_ext) {
906 // A standard dalvik-cache entry. Replace ".dex" with `new_ext`.
907 if (EndsWith(oat_path, ".dex")) {
908 std::string new_path = oat_path;
909 new_path.replace(new_path.length() - strlen(".dex"), strlen(".dex"), new_ext);
910 CHECK(EndsWith(new_path, new_ext));
911 return new_path;
912 }
913
914 // An odex entry. Not that this may not be an extension, e.g., in the OTA
915 // case (where the base name will have an extension for the B artifact).
916 size_t odex_pos = oat_path.rfind(".odex");
917 if (odex_pos != std::string::npos) {
918 std::string new_path = oat_path;
919 new_path.replace(odex_pos, strlen(".odex"), new_ext);
920 CHECK_NE(new_path.find(new_ext), std::string::npos);
921 return new_path;
922 }
923
924 // Don't know how to handle this.
925 return "";
926 }
927
928 // Translate the given oat path to an art (app image) path. An empty string
929 // denotes an error.
create_image_filename(const std::string & oat_path)930 static std::string create_image_filename(const std::string& oat_path) {
931 return replace_file_extension(oat_path, ".art");
932 }
933
934 // Translate the given oat path to a vdex path. An empty string denotes an error.
create_vdex_filename(const std::string & oat_path)935 static std::string create_vdex_filename(const std::string& oat_path) {
936 return replace_file_extension(oat_path, ".vdex");
937 }
938
open_output_file(const char * file_name,bool recreate,int permissions)939 static int open_output_file(const char* file_name, bool recreate, int permissions) {
940 int flags = O_RDWR | O_CREAT;
941 if (recreate) {
942 if (unlink(file_name) < 0) {
943 if (errno != ENOENT) {
944 PLOG(ERROR) << "open_output_file: Couldn't unlink " << file_name;
945 }
946 }
947 flags |= O_EXCL;
948 }
949 return open(file_name, flags, permissions);
950 }
951
set_permissions_and_ownership(int fd,bool is_public,int uid,const char * path,bool is_secondary_dex)952 static bool set_permissions_and_ownership(
953 int fd, bool is_public, int uid, const char* path, bool is_secondary_dex) {
954 // Primary apks are owned by the system. Secondary dex files are owned by the app.
955 int owning_uid = is_secondary_dex ? uid : AID_SYSTEM;
956 if (fchmod(fd,
957 S_IRUSR|S_IWUSR|S_IRGRP |
958 (is_public ? S_IROTH : 0)) < 0) {
959 ALOGE("installd cannot chmod '%s' during dexopt\n", path);
960 return false;
961 } else if (fchown(fd, owning_uid, uid) < 0) {
962 ALOGE("installd cannot chown '%s' during dexopt\n", path);
963 return false;
964 }
965 return true;
966 }
967
IsOutputDalvikCache(const char * oat_dir)968 static bool IsOutputDalvikCache(const char* oat_dir) {
969 // InstallerConnection.java (which invokes installd) transforms Java null arguments
970 // into '!'. Play it safe by handling it both.
971 // TODO: ensure we never get null.
972 // TODO: pass a flag instead of inferring if the output is dalvik cache.
973 return oat_dir == nullptr || oat_dir[0] == '!';
974 }
975
976 // Best-effort check whether we can fit the the path into our buffers.
977 // Note: the cache path will require an additional 5 bytes for ".swap", but we'll try to run
978 // without a swap file, if necessary. Reference profiles file also add an extra ".prof"
979 // extension to the cache path (5 bytes).
980 // TODO(calin): move away from char* buffers and PKG_PATH_MAX.
validate_dex_path_size(const std::string & dex_path)981 static bool validate_dex_path_size(const std::string& dex_path) {
982 if (dex_path.size() >= (PKG_PATH_MAX - 8)) {
983 LOG(ERROR) << "dex_path too long: " << dex_path;
984 return false;
985 }
986 return true;
987 }
988
create_oat_out_path(const char * apk_path,const char * instruction_set,const char * oat_dir,bool is_secondary_dex,char * out_oat_path)989 static bool create_oat_out_path(const char* apk_path, const char* instruction_set,
990 const char* oat_dir, bool is_secondary_dex, /*out*/ char* out_oat_path) {
991 if (!validate_dex_path_size(apk_path)) {
992 return false;
993 }
994
995 if (!IsOutputDalvikCache(oat_dir)) {
996 // Oat dirs for secondary dex files are already validated.
997 if (!is_secondary_dex && validate_apk_path(oat_dir)) {
998 ALOGE("cannot validate apk path with oat_dir '%s'\n", oat_dir);
999 return false;
1000 }
1001 if (!calculate_oat_file_path(out_oat_path, oat_dir, apk_path, instruction_set)) {
1002 return false;
1003 }
1004 } else {
1005 if (!create_cache_path(out_oat_path, apk_path, instruction_set)) {
1006 return false;
1007 }
1008 }
1009 return true;
1010 }
1011
1012 // (re)Creates the app image if needed.
maybe_open_app_image(const std::string & out_oat_path,bool generate_app_image,bool is_public,int uid,bool is_secondary_dex)1013 RestorableFile maybe_open_app_image(const std::string& out_oat_path, bool generate_app_image,
1014 bool is_public, int uid, bool is_secondary_dex) {
1015 const std::string image_path = create_image_filename(out_oat_path);
1016 if (image_path.empty()) {
1017 // Happens when the out_oat_path has an unknown extension.
1018 return RestorableFile();
1019 }
1020
1021 // Not enabled, exit.
1022 if (!generate_app_image) {
1023 RestorableFile::RemoveAllFiles(image_path);
1024 return RestorableFile();
1025 }
1026 std::string app_image_format = GetProperty("dalvik.vm.appimageformat", "");
1027 if (app_image_format.empty()) {
1028 RestorableFile::RemoveAllFiles(image_path);
1029 return RestorableFile();
1030 }
1031 // If the app is already running and we modify the image file, it can cause crashes
1032 // (b/27493510).
1033 RestorableFile image_file = RestorableFile::CreateWritableFile(image_path,
1034 /*permissions*/ 0600);
1035 if (image_file.fd() < 0) {
1036 // Could not create application image file. Go on since we can compile without it.
1037 LOG(ERROR) << "installd could not create '" << image_path
1038 << "' for image file during dexopt";
1039 // If we have a valid image file path but cannot create tmp file, reset it.
1040 image_file.reset();
1041 } else if (!set_permissions_and_ownership(
1042 image_file.fd(), is_public, uid, image_path.c_str(), is_secondary_dex)) {
1043 ALOGE("installd cannot set owner '%s' for image during dexopt\n", image_path.c_str());
1044 image_file.reset();
1045 }
1046
1047 return image_file;
1048 }
1049
1050 // Creates the dexopt swap file if necessary and return its fd.
1051 // Returns -1 if there's no need for a swap or in case of errors.
maybe_open_dexopt_swap_file(const std::string & out_oat_path)1052 unique_fd maybe_open_dexopt_swap_file(const std::string& out_oat_path) {
1053 if (!ShouldUseSwapFileForDexopt()) {
1054 return invalid_unique_fd();
1055 }
1056 auto swap_file_name = out_oat_path + ".swap";
1057 unique_fd swap_fd(open_output_file(
1058 swap_file_name.c_str(), /*recreate*/true, /*permissions*/0600));
1059 if (swap_fd.get() < 0) {
1060 // Could not create swap file. Optimistically go on and hope that we can compile
1061 // without it.
1062 ALOGE("installd could not create '%s' for swap during dexopt\n", swap_file_name.c_str());
1063 } else {
1064 // Immediately unlink. We don't really want to hit flash.
1065 if (unlink(swap_file_name.c_str()) < 0) {
1066 PLOG(ERROR) << "Couldn't unlink swap file " << swap_file_name;
1067 }
1068 }
1069 return swap_fd;
1070 }
1071
1072 // Opens the reference profiles if needed.
1073 // Note that the reference profile might not exist so it's OK if the fd will be -1.
maybe_open_reference_profile(const std::string & pkgname,const std::string & dex_path,const char * profile_name,bool profile_guided,bool is_public,int uid,bool is_secondary_dex)1074 UniqueFile maybe_open_reference_profile(const std::string& pkgname,
1075 const std::string& dex_path, const char* profile_name, bool profile_guided,
1076 bool is_public, int uid, bool is_secondary_dex) {
1077 // If we are not profile guided compilation, or we are compiling system server
1078 // do not bother to open the profiles; we won't be using them.
1079 if (!profile_guided || (pkgname[0] == '*')) {
1080 return UniqueFile();
1081 }
1082
1083 // If this is a secondary dex path which is public do not open the profile.
1084 // We cannot compile public secondary dex paths with profiles. That's because
1085 // it will expose how the dex files are used by their owner.
1086 //
1087 // Note that the PackageManager is responsible to set the is_public flag for
1088 // primary apks and we do not check it here. In some cases, e.g. when
1089 // compiling with a public profile from the .dm file the PackageManager will
1090 // set is_public toghether with the profile guided compilation.
1091 if (is_secondary_dex && is_public) {
1092 return UniqueFile();
1093 }
1094
1095 // Open reference profile in read only mode as dex2oat does not get write permissions.
1096 std::string location;
1097 if (is_secondary_dex) {
1098 location = dex_path;
1099 } else {
1100 if (profile_name == nullptr) {
1101 // This path is taken for system server re-compilation lunched from ZygoteInit.
1102 return UniqueFile();
1103 } else {
1104 location = profile_name;
1105 }
1106 }
1107 return open_reference_profile_as_unique_file(uid, pkgname, location, /*read_write*/false,
1108 is_secondary_dex);
1109 }
1110
1111 // Opens the vdex files and assigns the input fd to in_vdex_wrapper and the output fd to
1112 // out_vdex_wrapper. Returns true for success or false in case of errors.
open_vdex_files_for_dex2oat(const char * apk_path,const char * out_oat_path,int dexopt_needed,const char * instruction_set,bool is_public,int uid,bool is_secondary_dex,bool profile_guided,UniqueFile * in_vdex_wrapper,RestorableFile * out_vdex_wrapper)1113 bool open_vdex_files_for_dex2oat(const char* apk_path, const char* out_oat_path, int dexopt_needed,
1114 const char* instruction_set, bool is_public, int uid,
1115 bool is_secondary_dex, bool profile_guided,
1116 UniqueFile* in_vdex_wrapper, RestorableFile* out_vdex_wrapper) {
1117 CHECK(in_vdex_wrapper != nullptr);
1118 CHECK(out_vdex_wrapper != nullptr);
1119 // Open the existing VDEX. We do this before creating the new output VDEX, which will
1120 // unlink the old one.
1121 char in_odex_path[PKG_PATH_MAX];
1122 int dexopt_action = abs(dexopt_needed);
1123 bool is_odex_location = dexopt_needed < 0;
1124
1125 // Infer the name of the output VDEX.
1126 const std::string out_vdex_path_str = create_vdex_filename(out_oat_path);
1127 if (out_vdex_path_str.empty()) {
1128 return false;
1129 }
1130
1131 // Create work file first. All files will be deleted when it fails.
1132 *out_vdex_wrapper = RestorableFile::CreateWritableFile(out_vdex_path_str,
1133 /*permissions*/ 0644);
1134 if (out_vdex_wrapper->fd() < 0) {
1135 ALOGE("installd cannot open vdex '%s' during dexopt\n", out_vdex_path_str.c_str());
1136 return false;
1137 }
1138
1139 bool update_vdex_in_place = false;
1140 if (dexopt_action != DEX2OAT_FROM_SCRATCH) {
1141 // Open the possibly existing vdex. If none exist, we pass -1 to dex2oat for input-vdex-fd.
1142 const char* path = nullptr;
1143 if (is_odex_location) {
1144 if (calculate_odex_file_path(in_odex_path, apk_path, instruction_set)) {
1145 path = in_odex_path;
1146 } else {
1147 ALOGE("installd cannot compute input vdex location for '%s'\n", apk_path);
1148 return false;
1149 }
1150 } else {
1151 path = out_oat_path;
1152 }
1153 std::string in_vdex_path_str = create_vdex_filename(path);
1154 if (in_vdex_path_str.empty()) {
1155 ALOGE("installd cannot compute input vdex location for '%s'\n", path);
1156 return false;
1157 }
1158 // We can update in place when all these conditions are met:
1159 // 1) The vdex location to write to is the same as the vdex location to read (vdex files
1160 // on /system typically cannot be updated in place).
1161 // 2) We dex2oat due to boot image change, because we then know the existing vdex file
1162 // cannot be currently used by a running process.
1163 // 3) We are not doing a profile guided compilation, because dexlayout requires two
1164 // different vdex files to operate.
1165 update_vdex_in_place =
1166 (in_vdex_path_str == out_vdex_path_str) &&
1167 (dexopt_action == DEX2OAT_FOR_BOOT_IMAGE) &&
1168 !profile_guided;
1169 if (update_vdex_in_place) {
1170 // dex2oat marks it invalid anyway. So delete it and set work file fd.
1171 unlink(in_vdex_path_str.c_str());
1172 // Open the file read-write to be able to update it.
1173 in_vdex_wrapper->reset(out_vdex_wrapper->fd(), in_vdex_path_str);
1174 // Disable auto close for the in wrapper fd (it will be done when destructing the out
1175 // wrapper).
1176 in_vdex_wrapper->DisableAutoClose();
1177 } else {
1178 in_vdex_wrapper->reset(open(in_vdex_path_str.c_str(), O_RDONLY, 0),
1179 in_vdex_path_str);
1180 }
1181 }
1182
1183 if (!set_permissions_and_ownership(out_vdex_wrapper->fd(), is_public, uid,
1184 out_vdex_path_str.c_str(), is_secondary_dex)) {
1185 ALOGE("installd cannot set owner '%s' for vdex during dexopt\n", out_vdex_path_str.c_str());
1186 return false;
1187 }
1188
1189 // If we got here we successfully opened the vdex files.
1190 return true;
1191 }
1192
1193 // Opens the output oat file for the given apk.
open_oat_out_file(const char * apk_path,const char * oat_dir,bool is_public,int uid,const char * instruction_set,bool is_secondary_dex)1194 RestorableFile open_oat_out_file(const char* apk_path, const char* oat_dir, bool is_public, int uid,
1195 const char* instruction_set, bool is_secondary_dex) {
1196 char out_oat_path[PKG_PATH_MAX];
1197 if (!create_oat_out_path(apk_path, instruction_set, oat_dir, is_secondary_dex, out_oat_path)) {
1198 return RestorableFile();
1199 }
1200 RestorableFile oat = RestorableFile::CreateWritableFile(out_oat_path, /*permissions*/ 0644);
1201 if (oat.fd() < 0) {
1202 PLOG(ERROR) << "installd cannot open output during dexopt" << out_oat_path;
1203 } else if (!set_permissions_and_ownership(
1204 oat.fd(), is_public, uid, out_oat_path, is_secondary_dex)) {
1205 ALOGE("installd cannot set owner '%s' for output during dexopt\n", out_oat_path);
1206 oat.reset();
1207 }
1208 return oat;
1209 }
1210
1211 // Creates RDONLY fds for oat and vdex files, if exist.
1212 // Returns false if it fails to create oat out path for the given apk path.
1213 // Note that the method returns true even if the files could not be opened.
maybe_open_oat_and_vdex_file(const std::string & apk_path,const std::string & oat_dir,const std::string & instruction_set,bool is_secondary_dex,unique_fd * oat_file_fd,unique_fd * vdex_file_fd)1214 bool maybe_open_oat_and_vdex_file(const std::string& apk_path,
1215 const std::string& oat_dir,
1216 const std::string& instruction_set,
1217 bool is_secondary_dex,
1218 unique_fd* oat_file_fd,
1219 unique_fd* vdex_file_fd) {
1220 char oat_path[PKG_PATH_MAX];
1221 if (!create_oat_out_path(apk_path.c_str(),
1222 instruction_set.c_str(),
1223 oat_dir.c_str(),
1224 is_secondary_dex,
1225 oat_path)) {
1226 LOG(ERROR) << "Could not create oat out path for "
1227 << apk_path << " with oat dir " << oat_dir;
1228 return false;
1229 }
1230 oat_file_fd->reset(open(oat_path, O_RDONLY));
1231 if (oat_file_fd->get() < 0) {
1232 PLOG(INFO) << "installd cannot open oat file during dexopt" << oat_path;
1233 }
1234
1235 std::string vdex_filename = create_vdex_filename(oat_path);
1236 vdex_file_fd->reset(open(vdex_filename.c_str(), O_RDONLY));
1237 if (vdex_file_fd->get() < 0) {
1238 PLOG(INFO) << "installd cannot open vdex file during dexopt" << vdex_filename;
1239 }
1240
1241 return true;
1242 }
1243
1244 // Runs (execv) dexoptanalyzer on the given arguments.
1245 // The analyzer will check if the dex_file needs to be (re)compiled to match the compiler_filter.
1246 // If this is for a profile guided compilation, profile_was_updated will tell whether or not
1247 // the profile has changed.
1248 class RunDexoptAnalyzer : public ExecVHelper {
1249 public:
RunDexoptAnalyzer(const std::string & dex_file,int vdex_fd,int oat_fd,int zip_fd,const std::string & instruction_set,const std::string & compiler_filter,int profile_analysis_result,bool downgrade,const char * class_loader_context,const std::string & class_loader_context_fds)1250 RunDexoptAnalyzer(const std::string& dex_file,
1251 int vdex_fd,
1252 int oat_fd,
1253 int zip_fd,
1254 const std::string& instruction_set,
1255 const std::string& compiler_filter,
1256 int profile_analysis_result,
1257 bool downgrade,
1258 const char* class_loader_context,
1259 const std::string& class_loader_context_fds) {
1260 CHECK_GE(zip_fd, 0);
1261
1262 // We always run the analyzer in the background job.
1263 const char* dexoptanalyzer_bin = select_execution_binary(
1264 kDexoptanalyzerPath, kDexoptanalyzerDebugPath, /*background_job_compile=*/ true);
1265
1266 std::string dex_file_arg = "--dex-file=" + dex_file;
1267 std::string oat_fd_arg = "--oat-fd=" + std::to_string(oat_fd);
1268 std::string vdex_fd_arg = "--vdex-fd=" + std::to_string(vdex_fd);
1269 std::string zip_fd_arg = "--zip-fd=" + std::to_string(zip_fd);
1270 std::string isa_arg = "--isa=" + instruction_set;
1271 std::string compiler_filter_arg = "--compiler-filter=" + compiler_filter;
1272 std::string profile_analysis_arg = "--profile-analysis-result="
1273 + std::to_string(profile_analysis_result);
1274 const char* downgrade_flag = "--downgrade";
1275 std::string class_loader_context_arg = "--class-loader-context=";
1276 if (class_loader_context != nullptr) {
1277 class_loader_context_arg += class_loader_context;
1278 }
1279 std::string class_loader_context_fds_arg = "--class-loader-context-fds=";
1280 if (!class_loader_context_fds.empty()) {
1281 class_loader_context_fds_arg += class_loader_context_fds;
1282 }
1283
1284 // program name, dex file, isa, filter
1285 AddArg(dex_file_arg);
1286 AddArg(isa_arg);
1287 AddArg(compiler_filter_arg);
1288 if (oat_fd >= 0) {
1289 AddArg(oat_fd_arg);
1290 }
1291 if (vdex_fd >= 0) {
1292 AddArg(vdex_fd_arg);
1293 }
1294 AddArg(zip_fd_arg);
1295 AddArg(profile_analysis_arg);
1296
1297 if (downgrade) {
1298 AddArg(downgrade_flag);
1299 }
1300 if (class_loader_context != nullptr) {
1301 AddArg(class_loader_context_arg);
1302 if (!class_loader_context_fds.empty()) {
1303 AddArg(class_loader_context_fds_arg);
1304 }
1305 }
1306
1307 // On-device signing related. odsign sets the system property odsign.verification.success if
1308 // AOT artifacts have the expected signatures.
1309 const bool trust_art_apex_data_files =
1310 ::android::base::GetBoolProperty("odsign.verification.success", false);
1311 if (!trust_art_apex_data_files) {
1312 AddRuntimeArg("-Xdeny-art-apex-data-files");
1313 }
1314
1315 PrepareArgs(dexoptanalyzer_bin);
1316 }
1317
1318 // Dexoptanalyzer mode which flattens the given class loader context and
1319 // prints a list of its dex files in that flattened order.
RunDexoptAnalyzer(const char * class_loader_context)1320 RunDexoptAnalyzer(const char* class_loader_context) {
1321 CHECK(class_loader_context != nullptr);
1322
1323 // We always run the analyzer in the background job.
1324 const char* dexoptanalyzer_bin = select_execution_binary(
1325 kDexoptanalyzerPath, kDexoptanalyzerDebugPath, /*background_job_compile=*/ true);
1326
1327 AddArg("--flatten-class-loader-context");
1328 AddArg(std::string("--class-loader-context=") + class_loader_context);
1329 PrepareArgs(dexoptanalyzer_bin);
1330 }
1331 };
1332
1333 // Prepares the oat dir for the secondary dex files.
prepare_secondary_dex_oat_dir(const std::string & dex_path,int uid,const char * instruction_set)1334 static bool prepare_secondary_dex_oat_dir(const std::string& dex_path, int uid,
1335 const char* instruction_set) {
1336 unsigned long dirIndex = dex_path.rfind('/');
1337 if (dirIndex == std::string::npos) {
1338 LOG(ERROR ) << "Unexpected dir structure for secondary dex " << dex_path;
1339 return false;
1340 }
1341 std::string dex_dir = dex_path.substr(0, dirIndex);
1342
1343 // Create oat file output directory.
1344 mode_t oat_dir_mode = S_IRWXU | S_IRWXG | S_IXOTH;
1345 if (prepare_app_cache_dir(dex_dir, "oat", oat_dir_mode, uid, uid) != 0) {
1346 LOG(ERROR) << "Could not prepare oat dir for secondary dex: " << dex_path;
1347 return false;
1348 }
1349
1350 char oat_dir[PKG_PATH_MAX];
1351 snprintf(oat_dir, PKG_PATH_MAX, "%s/oat", dex_dir.c_str());
1352
1353 if (prepare_app_cache_dir(oat_dir, instruction_set, oat_dir_mode, uid, uid) != 0) {
1354 LOG(ERROR) << "Could not prepare oat/isa dir for secondary dex: " << dex_path;
1355 return false;
1356 }
1357
1358 return true;
1359 }
1360
1361 // Return codes for identifying the reason why dexoptanalyzer was not invoked when processing
1362 // secondary dex files. This return codes are returned by the child process created for
1363 // analyzing secondary dex files in process_secondary_dex_dexopt.
1364
1365 enum DexoptAnalyzerSkipCodes {
1366 // The dexoptanalyzer was not invoked because of validation or IO errors.
1367 // Specific errors are encoded in the name.
1368 kSecondaryDexDexoptAnalyzerSkippedValidatePath = 200,
1369 kSecondaryDexDexoptAnalyzerSkippedOpenZip = 201,
1370 kSecondaryDexDexoptAnalyzerSkippedPrepareDir = 202,
1371 kSecondaryDexDexoptAnalyzerSkippedOpenOutput = 203,
1372 kSecondaryDexDexoptAnalyzerSkippedFailExec = 204,
1373 // The dexoptanalyzer was not invoked because the dex file does not exist anymore.
1374 kSecondaryDexDexoptAnalyzerSkippedNoFile = 205,
1375 };
1376
1377 // Verifies the result of analyzing secondary dex files from process_secondary_dex_dexopt.
1378 // If the result is valid returns true and sets dexopt_needed_out to a valid value.
1379 // Returns false for errors or unexpected result values.
1380 // The result is expected to be either one of SECONDARY_DEX_* codes or a valid exit code
1381 // of dexoptanalyzer.
process_secondary_dexoptanalyzer_result(const std::string & dex_path,int result,int * dexopt_needed_out,std::string * error_msg)1382 static bool process_secondary_dexoptanalyzer_result(const std::string& dex_path, int result,
1383 int* dexopt_needed_out, std::string* error_msg) {
1384 // The result values are defined in dexoptanalyzer.
1385 switch (result) {
1386 case 0: // dexoptanalyzer: no_dexopt_needed
1387 *dexopt_needed_out = NO_DEXOPT_NEEDED; return true;
1388 case 1: // dexoptanalyzer: dex2oat_from_scratch
1389 *dexopt_needed_out = DEX2OAT_FROM_SCRATCH; return true;
1390 case 4: // dexoptanalyzer: dex2oat_for_bootimage_odex
1391 *dexopt_needed_out = -DEX2OAT_FOR_BOOT_IMAGE; return true;
1392 case 5: // dexoptanalyzer: dex2oat_for_filter_odex
1393 *dexopt_needed_out = -DEX2OAT_FOR_FILTER; return true;
1394 case 2: // dexoptanalyzer: dex2oat_for_bootimage_oat
1395 case 3: // dexoptanalyzer: dex2oat_for_filter_oat
1396 *error_msg = StringPrintf("Dexoptanalyzer return the status of an oat file."
1397 " Expected odex file status for secondary dex %s"
1398 " : dexoptanalyzer result=%d",
1399 dex_path.c_str(),
1400 result);
1401 return false;
1402 }
1403
1404 // Use a second switch for enum switch-case analysis.
1405 switch (static_cast<DexoptAnalyzerSkipCodes>(result)) {
1406 case kSecondaryDexDexoptAnalyzerSkippedNoFile:
1407 // If the file does not exist there's no need for dexopt.
1408 *dexopt_needed_out = NO_DEXOPT_NEEDED;
1409 return true;
1410
1411 case kSecondaryDexDexoptAnalyzerSkippedValidatePath:
1412 *error_msg = "Dexoptanalyzer path validation failed";
1413 return false;
1414 case kSecondaryDexDexoptAnalyzerSkippedOpenZip:
1415 *error_msg = "Dexoptanalyzer open zip failed";
1416 return false;
1417 case kSecondaryDexDexoptAnalyzerSkippedPrepareDir:
1418 *error_msg = "Dexoptanalyzer dir preparation failed";
1419 return false;
1420 case kSecondaryDexDexoptAnalyzerSkippedOpenOutput:
1421 *error_msg = "Dexoptanalyzer open output failed";
1422 return false;
1423 case kSecondaryDexDexoptAnalyzerSkippedFailExec:
1424 *error_msg = "Dexoptanalyzer failed to execute";
1425 return false;
1426 }
1427
1428 *error_msg = StringPrintf("Unexpected result from analyzing secondary dex %s result=%d",
1429 dex_path.c_str(),
1430 result);
1431 return false;
1432 }
1433
1434 enum SecondaryDexAccess {
1435 kSecondaryDexAccessReadOk = 0,
1436 kSecondaryDexAccessDoesNotExist = 1,
1437 kSecondaryDexAccessPermissionError = 2,
1438 kSecondaryDexAccessIOError = 3
1439 };
1440
check_secondary_dex_access(const std::string & dex_path)1441 static SecondaryDexAccess check_secondary_dex_access(const std::string& dex_path) {
1442 // Check if the path exists and can be read. If not, there's nothing to do.
1443 if (access(dex_path.c_str(), R_OK) == 0) {
1444 return kSecondaryDexAccessReadOk;
1445 } else {
1446 if (errno == ENOENT) {
1447 async_safe_format_log(ANDROID_LOG_INFO, LOG_TAG,
1448 "Secondary dex does not exist: %s", dex_path.c_str());
1449 return kSecondaryDexAccessDoesNotExist;
1450 } else {
1451 async_safe_format_log(ANDROID_LOG_ERROR, LOG_TAG,
1452 "Could not access secondary dex: %s (%d)", dex_path.c_str(), errno);
1453 return errno == EACCES
1454 ? kSecondaryDexAccessPermissionError
1455 : kSecondaryDexAccessIOError;
1456 }
1457 }
1458 }
1459
is_file_public(const std::string & filename)1460 static bool is_file_public(const std::string& filename) {
1461 struct stat file_stat;
1462 if (stat(filename.c_str(), &file_stat) == 0) {
1463 return (file_stat.st_mode & S_IROTH) != 0;
1464 }
1465 return false;
1466 }
1467
1468 // Create the oat file structure for the secondary dex 'dex_path' and assign
1469 // the individual path component to the 'out_' parameters.
create_secondary_dex_oat_layout(const std::string & dex_path,const std::string & isa,char * out_oat_dir,char * out_oat_isa_dir,char * out_oat_path,std::string * error_msg)1470 static bool create_secondary_dex_oat_layout(const std::string& dex_path, const std::string& isa,
1471 char* out_oat_dir, char* out_oat_isa_dir, char* out_oat_path, std::string* error_msg) {
1472 size_t dirIndex = dex_path.rfind('/');
1473 if (dirIndex == std::string::npos) {
1474 *error_msg = std::string("Unexpected dir structure for dex file ").append(dex_path);
1475 return false;
1476 }
1477 // TODO(calin): we have similar computations in at lest 3 other places
1478 // (InstalldNativeService, otapropt and dexopt). Unify them and get rid of snprintf by
1479 // using string append.
1480 std::string apk_dir = dex_path.substr(0, dirIndex);
1481 snprintf(out_oat_dir, PKG_PATH_MAX, "%s/oat", apk_dir.c_str());
1482 snprintf(out_oat_isa_dir, PKG_PATH_MAX, "%s/%s", out_oat_dir, isa.c_str());
1483
1484 if (!create_oat_out_path(dex_path.c_str(), isa.c_str(), out_oat_dir,
1485 /*is_secondary_dex*/true, out_oat_path)) {
1486 *error_msg = std::string("Could not create oat path for secondary dex ").append(dex_path);
1487 return false;
1488 }
1489 return true;
1490 }
1491
1492 // Validate that the dexopt_flags contain a valid storage flag and convert that to an installd
1493 // recognized storage flags (FLAG_STORAGE_CE or FLAG_STORAGE_DE).
validate_dexopt_storage_flags(int dexopt_flags,int * out_storage_flag,std::string * error_msg)1494 static bool validate_dexopt_storage_flags(int dexopt_flags,
1495 int* out_storage_flag,
1496 std::string* error_msg) {
1497 if ((dexopt_flags & DEXOPT_STORAGE_CE) != 0) {
1498 *out_storage_flag = FLAG_STORAGE_CE;
1499 if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) {
1500 *error_msg = "Ambiguous secondary dex storage flag. Both, CE and DE, flags are set";
1501 return false;
1502 }
1503 } else if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) {
1504 *out_storage_flag = FLAG_STORAGE_DE;
1505 } else {
1506 *error_msg = "Secondary dex storage flag must be set";
1507 return false;
1508 }
1509 return true;
1510 }
1511
get_class_loader_context_dex_paths(const char * class_loader_context,int uid,std::vector<std::string> * context_dex_paths)1512 static bool get_class_loader_context_dex_paths(const char* class_loader_context, int uid,
1513 /* out */ std::vector<std::string>* context_dex_paths) {
1514 if (class_loader_context == nullptr) {
1515 return true;
1516 }
1517
1518 LOG(DEBUG) << "Getting dex paths for context " << class_loader_context;
1519
1520 // Pipe to get the hash result back from our child process.
1521 unique_fd pipe_read, pipe_write;
1522 if (!Pipe(&pipe_read, &pipe_write)) {
1523 PLOG(ERROR) << "Failed to create pipe";
1524 return false;
1525 }
1526
1527 pid_t pid = fork();
1528 if (pid == 0) {
1529 // child -- drop privileges before continuing.
1530 drop_capabilities(uid);
1531
1532 // Route stdout to `pipe_write`
1533 while ((dup2(pipe_write, STDOUT_FILENO) == -1) && (errno == EINTR)) {}
1534 pipe_write.reset();
1535 pipe_read.reset();
1536
1537 RunDexoptAnalyzer run_dexopt_analyzer(class_loader_context);
1538 run_dexopt_analyzer.Exec(kSecondaryDexDexoptAnalyzerSkippedFailExec);
1539 }
1540
1541 /* parent */
1542 pipe_write.reset();
1543
1544 std::string str_dex_paths;
1545 if (!ReadFdToString(pipe_read, &str_dex_paths)) {
1546 PLOG(ERROR) << "Failed to read from pipe";
1547 return false;
1548 }
1549 pipe_read.reset();
1550
1551 int return_code = wait_child_with_timeout(pid, kShortTimeoutMs);
1552 if (!WIFEXITED(return_code)) {
1553 PLOG(ERROR) << "Error waiting for child dexoptanalyzer process";
1554 return false;
1555 }
1556
1557 constexpr int kFlattenClassLoaderContextSuccess = 50;
1558 return_code = WEXITSTATUS(return_code);
1559 if (return_code != kFlattenClassLoaderContextSuccess) {
1560 LOG(ERROR) << "Dexoptanalyzer could not flatten class loader context, code=" << return_code;
1561 return false;
1562 }
1563
1564 if (!str_dex_paths.empty()) {
1565 *context_dex_paths = android::base::Split(str_dex_paths, ":");
1566 }
1567 return true;
1568 }
1569
open_dex_paths(const std::vector<std::string> & dex_paths,std::vector<unique_fd> * zip_fds,std::string * error_msg)1570 static int open_dex_paths(const std::vector<std::string>& dex_paths,
1571 /* out */ std::vector<unique_fd>* zip_fds, /* out */ std::string* error_msg) {
1572 for (const std::string& dex_path : dex_paths) {
1573 zip_fds->emplace_back(open(dex_path.c_str(), O_RDONLY));
1574 if (zip_fds->back().get() < 0) {
1575 *error_msg = StringPrintf(
1576 "installd cannot open '%s' for input during dexopt", dex_path.c_str());
1577 if (errno == ENOENT) {
1578 return kSecondaryDexDexoptAnalyzerSkippedNoFile;
1579 } else {
1580 return kSecondaryDexDexoptAnalyzerSkippedOpenZip;
1581 }
1582 }
1583 }
1584 return 0;
1585 }
1586
join_fds(const std::vector<unique_fd> & fds)1587 static std::string join_fds(const std::vector<unique_fd>& fds) {
1588 std::stringstream ss;
1589 bool is_first = true;
1590 for (const unique_fd& fd : fds) {
1591 if (is_first) {
1592 is_first = false;
1593 } else {
1594 ss << ":";
1595 }
1596 ss << fd.get();
1597 }
1598 return ss.str();
1599 }
1600
control_dexopt_blocking(bool block)1601 void control_dexopt_blocking(bool block) {
1602 dexopt_status_->control_dexopt_blocking(block);
1603 }
1604
is_dexopt_blocked()1605 bool is_dexopt_blocked() {
1606 return dexopt_status_->is_dexopt_blocked();
1607 }
1608
1609 enum SecondaryDexOptProcessResult {
1610 kSecondaryDexOptProcessOk = 0,
1611 kSecondaryDexOptProcessCancelled = 1,
1612 kSecondaryDexOptProcessError = 2
1613 };
1614
1615 // Processes the dex_path as a secondary dex files and return true if the path dex file should
1616 // be compiled.
1617 // Returns: kSecondaryDexOptProcessError for errors (logged).
1618 // kSecondaryDexOptProcessOk if the secondary dex path was process successfully.
1619 // kSecondaryDexOptProcessCancelled if the processing was cancelled.
1620 //
1621 // When returning kSecondaryDexOptProcessOk, the output parameters will be:
1622 // - is_public_out: whether or not the oat file should not be made public
1623 // - dexopt_needed_out: valid OatFileAsssitant::DexOptNeeded
1624 // - oat_dir_out: the oat dir path where the oat file should be stored
process_secondary_dex_dexopt(const std::string & dex_path,const char * pkgname,int dexopt_flags,const char * volume_uuid,int uid,const char * instruction_set,const char * compiler_filter,bool * is_public_out,int * dexopt_needed_out,std::string * oat_dir_out,bool downgrade,const char * class_loader_context,const std::vector<std::string> & context_dex_paths,std::string * error_msg)1625 static SecondaryDexOptProcessResult process_secondary_dex_dexopt(const std::string& dex_path,
1626 const char* pkgname, int dexopt_flags, const char* volume_uuid, int uid,
1627 const char* instruction_set, const char* compiler_filter, bool* is_public_out,
1628 int* dexopt_needed_out, std::string* oat_dir_out, bool downgrade,
1629 const char* class_loader_context, const std::vector<std::string>& context_dex_paths,
1630 /* out */ std::string* error_msg) {
1631 LOG(DEBUG) << "Processing secondary dex path " << dex_path;
1632
1633 if (dexopt_status_->is_dexopt_blocked()) {
1634 return kSecondaryDexOptProcessCancelled;
1635 }
1636
1637 int storage_flag;
1638 if (!validate_dexopt_storage_flags(dexopt_flags, &storage_flag, error_msg)) {
1639 LOG(ERROR) << *error_msg;
1640 return kSecondaryDexOptProcessError;
1641 }
1642 // Compute the oat dir as it's not easy to extract it from the child computation.
1643 char oat_path[PKG_PATH_MAX];
1644 char oat_dir[PKG_PATH_MAX];
1645 char oat_isa_dir[PKG_PATH_MAX];
1646 if (!create_secondary_dex_oat_layout(
1647 dex_path, instruction_set, oat_dir, oat_isa_dir, oat_path, error_msg)) {
1648 LOG(ERROR) << "Could not create secondary odex layout: " << *error_msg;
1649 return kSecondaryDexOptProcessError;
1650 }
1651 oat_dir_out->assign(oat_dir);
1652
1653 bool cancelled = false;
1654 pid_t pid = dexopt_status_->check_cancellation_and_fork(&cancelled);
1655 if (cancelled) {
1656 return kSecondaryDexOptProcessCancelled;
1657 }
1658 if (pid == 0) {
1659 // child -- drop privileges before continuing.
1660 drop_capabilities(uid);
1661
1662 // Validate the path structure.
1663 if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid, uid, storage_flag)) {
1664 async_safe_format_log(ANDROID_LOG_ERROR, LOG_TAG,
1665 "Could not validate secondary dex path %s", dex_path.c_str());
1666 _exit(kSecondaryDexDexoptAnalyzerSkippedValidatePath);
1667 }
1668
1669 // Open the dex file.
1670 unique_fd zip_fd;
1671 zip_fd.reset(open(dex_path.c_str(), O_RDONLY));
1672 if (zip_fd.get() < 0) {
1673 if (errno == ENOENT) {
1674 _exit(kSecondaryDexDexoptAnalyzerSkippedNoFile);
1675 } else {
1676 _exit(kSecondaryDexDexoptAnalyzerSkippedOpenZip);
1677 }
1678 }
1679
1680 // Open class loader context dex files.
1681 std::vector<unique_fd> context_zip_fds;
1682 int open_dex_paths_rc = open_dex_paths(context_dex_paths, &context_zip_fds, error_msg);
1683 if (open_dex_paths_rc != 0) {
1684 _exit(open_dex_paths_rc);
1685 }
1686
1687 // Prepare the oat directories.
1688 if (!prepare_secondary_dex_oat_dir(dex_path, uid, instruction_set)) {
1689 _exit(kSecondaryDexDexoptAnalyzerSkippedPrepareDir);
1690 }
1691
1692 // Open the vdex/oat files if any.
1693 unique_fd oat_file_fd;
1694 unique_fd vdex_file_fd;
1695 if (!maybe_open_oat_and_vdex_file(dex_path,
1696 *oat_dir_out,
1697 instruction_set,
1698 true /* is_secondary_dex */,
1699 &oat_file_fd,
1700 &vdex_file_fd)) {
1701 _exit(kSecondaryDexDexoptAnalyzerSkippedOpenOutput);
1702 }
1703
1704 // Analyze profiles.
1705 int profile_analysis_result = analyze_profiles(uid, pkgname, dex_path,
1706 /*is_secondary_dex*/true);
1707
1708 // Run dexoptanalyzer to get dexopt_needed code. This is not expected to return.
1709 // Note that we do not do it before the fork since opening the files is required to happen
1710 // after forking.
1711 RunDexoptAnalyzer run_dexopt_analyzer(dex_path,
1712 vdex_file_fd.get(),
1713 oat_file_fd.get(),
1714 zip_fd.get(),
1715 instruction_set,
1716 compiler_filter,
1717 profile_analysis_result,
1718 downgrade,
1719 class_loader_context,
1720 join_fds(context_zip_fds));
1721 run_dexopt_analyzer.Exec(kSecondaryDexDexoptAnalyzerSkippedFailExec);
1722 }
1723
1724 /* parent */
1725 int result = wait_child_with_timeout(pid, kShortTimeoutMs);
1726 cancelled = dexopt_status_->check_if_killed_and_remove_dexopt_pid(pid);
1727 if (!WIFEXITED(result)) {
1728 if ((WTERMSIG(result) == SIGKILL) && cancelled) {
1729 LOG(INFO) << "dexoptanalyzer cancelled for path:" << dex_path;
1730 return kSecondaryDexOptProcessCancelled;
1731 }
1732 *error_msg = StringPrintf("dexoptanalyzer failed for path %s: 0x%04x",
1733 dex_path.c_str(),
1734 result);
1735 LOG(ERROR) << *error_msg;
1736 return kSecondaryDexOptProcessError;
1737 }
1738 result = WEXITSTATUS(result);
1739 // Check that we successfully executed dexoptanalyzer.
1740 bool success = process_secondary_dexoptanalyzer_result(dex_path,
1741 result,
1742 dexopt_needed_out,
1743 error_msg);
1744 if (!success) {
1745 LOG(ERROR) << *error_msg;
1746 }
1747
1748 LOG(DEBUG) << "Processed secondary dex file " << dex_path << " result=" << result;
1749
1750 // Run dexopt only if needed or forced.
1751 // Note that dexoptanalyzer is executed even if force compilation is enabled (because it
1752 // makes the code simpler; force compilation is only needed during tests).
1753 if (success &&
1754 (result != kSecondaryDexDexoptAnalyzerSkippedNoFile) &&
1755 ((dexopt_flags & DEXOPT_FORCE) != 0)) {
1756 *dexopt_needed_out = DEX2OAT_FROM_SCRATCH;
1757 }
1758
1759 // Check if we should make the oat file public.
1760 // Note that if the dex file is not public the compiled code cannot be made public.
1761 // It is ok to check this flag outside in the parent process.
1762 *is_public_out = ((dexopt_flags & DEXOPT_PUBLIC) != 0) && is_file_public(dex_path);
1763
1764 return success ? kSecondaryDexOptProcessOk : kSecondaryDexOptProcessError;
1765 }
1766
format_dexopt_error(int status,const char * dex_path)1767 static std::string format_dexopt_error(int status, const char* dex_path) {
1768 if (WIFEXITED(status)) {
1769 int int_code = WEXITSTATUS(status);
1770 const char* code_name = get_return_code_name(static_cast<DexoptReturnCodes>(int_code));
1771 if (code_name != nullptr) {
1772 return StringPrintf("Dex2oat invocation for %s failed: %s", dex_path, code_name);
1773 }
1774 }
1775 return StringPrintf("Dex2oat invocation for %s failed with 0x%04x", dex_path, status);
1776 }
1777
1778
dexopt(const char * dex_path,uid_t uid,const char * pkgname,const char * instruction_set,int dexopt_needed,const char * oat_dir,int dexopt_flags,const char * compiler_filter,const char * volume_uuid,const char * class_loader_context,const char * se_info,bool downgrade,int target_sdk_version,const char * profile_name,const char * dex_metadata_path,const char * compilation_reason,std::string * error_msg,bool * completed)1779 int dexopt(const char* dex_path, uid_t uid, const char* pkgname, const char* instruction_set,
1780 int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter,
1781 const char* volume_uuid, const char* class_loader_context, const char* se_info,
1782 bool downgrade, int target_sdk_version, const char* profile_name,
1783 const char* dex_metadata_path, const char* compilation_reason, std::string* error_msg,
1784 /* out */ bool* completed) {
1785 CHECK(pkgname != nullptr);
1786 CHECK(pkgname[0] != 0);
1787 CHECK(error_msg != nullptr);
1788 CHECK_EQ(dexopt_flags & ~DEXOPT_MASK, 0)
1789 << "dexopt flags contains unknown fields: " << dexopt_flags;
1790
1791 bool local_completed; // local placeholder for nullptr case
1792 if (completed == nullptr) {
1793 completed = &local_completed;
1794 }
1795 *completed = true;
1796 if (dexopt_status_->is_dexopt_blocked()) {
1797 *completed = false;
1798 return 0;
1799 }
1800
1801 if (!validate_dex_path_size(dex_path)) {
1802 *error_msg = StringPrintf("Failed to validate %s", dex_path);
1803 return -1;
1804 }
1805
1806 if (class_loader_context != nullptr && strlen(class_loader_context) > PKG_PATH_MAX) {
1807 *error_msg = StringPrintf("Class loader context exceeds the allowed size: %s",
1808 class_loader_context);
1809 LOG(ERROR) << *error_msg;
1810 return -1;
1811 }
1812
1813 bool is_public = (dexopt_flags & DEXOPT_PUBLIC) != 0;
1814 bool debuggable = (dexopt_flags & DEXOPT_DEBUGGABLE) != 0;
1815 bool boot_complete = (dexopt_flags & DEXOPT_BOOTCOMPLETE) != 0;
1816 bool profile_guided = (dexopt_flags & DEXOPT_PROFILE_GUIDED) != 0;
1817 bool is_secondary_dex = (dexopt_flags & DEXOPT_SECONDARY_DEX) != 0;
1818 bool background_job_compile = (dexopt_flags & DEXOPT_IDLE_BACKGROUND_JOB) != 0;
1819 bool enable_hidden_api_checks = (dexopt_flags & DEXOPT_ENABLE_HIDDEN_API_CHECKS) != 0;
1820 bool generate_compact_dex = (dexopt_flags & DEXOPT_GENERATE_COMPACT_DEX) != 0;
1821 bool generate_app_image = (dexopt_flags & DEXOPT_GENERATE_APP_IMAGE) != 0;
1822 bool for_restore = (dexopt_flags & DEXOPT_FOR_RESTORE) != 0;
1823
1824 // Check if we're dealing with a secondary dex file and if we need to compile it.
1825 std::string oat_dir_str;
1826 std::vector<std::string> context_dex_paths;
1827 if (is_secondary_dex) {
1828 if (!get_class_loader_context_dex_paths(class_loader_context, uid, &context_dex_paths)) {
1829 *error_msg = "Failed acquiring context dex paths";
1830 return -1; // We had an error, logged in the process method.
1831 }
1832 SecondaryDexOptProcessResult sec_dex_result = process_secondary_dex_dexopt(dex_path,
1833 pkgname, dexopt_flags, volume_uuid, uid,instruction_set, compiler_filter,
1834 &is_public, &dexopt_needed, &oat_dir_str, downgrade, class_loader_context,
1835 context_dex_paths, error_msg);
1836 if (sec_dex_result == kSecondaryDexOptProcessOk) {
1837 oat_dir = oat_dir_str.c_str();
1838 if (dexopt_needed == NO_DEXOPT_NEEDED) {
1839 *completed = true;
1840 return 0; // Nothing to do, report success.
1841 }
1842 } else if (sec_dex_result == kSecondaryDexOptProcessCancelled) {
1843 // cancelled, not an error.
1844 *completed = false;
1845 return 0;
1846 } else {
1847 if (error_msg->empty()) { // TODO: Make this a CHECK.
1848 *error_msg = "Failed processing secondary.";
1849 }
1850 return -1; // We had an error, logged in the process method.
1851 }
1852 } else {
1853 // Currently these flags are only used for secondary dex files.
1854 // Verify that they are not set for primary apks.
1855 CHECK((dexopt_flags & DEXOPT_STORAGE_CE) == 0);
1856 CHECK((dexopt_flags & DEXOPT_STORAGE_DE) == 0);
1857 }
1858
1859 // Open the input file.
1860 UniqueFile in_dex(open(dex_path, O_RDONLY, 0), dex_path);
1861 if (in_dex.fd() < 0) {
1862 *error_msg = StringPrintf("installd cannot open '%s' for input during dexopt", dex_path);
1863 LOG(ERROR) << *error_msg;
1864 return -1;
1865 }
1866
1867 // Open class loader context dex files.
1868 std::vector<unique_fd> context_input_fds;
1869 if (open_dex_paths(context_dex_paths, &context_input_fds, error_msg) != 0) {
1870 LOG(ERROR) << *error_msg;
1871 return -1;
1872 }
1873
1874 // Create the output OAT file.
1875 RestorableFile out_oat =
1876 open_oat_out_file(dex_path, oat_dir, is_public, uid, instruction_set, is_secondary_dex);
1877 if (out_oat.fd() < 0) {
1878 *error_msg = "Could not open out oat file.";
1879 return -1;
1880 }
1881
1882 // Open vdex files.
1883 UniqueFile in_vdex;
1884 RestorableFile out_vdex;
1885 if (!open_vdex_files_for_dex2oat(dex_path, out_oat.path().c_str(), dexopt_needed,
1886 instruction_set, is_public, uid, is_secondary_dex, profile_guided, &in_vdex,
1887 &out_vdex)) {
1888 *error_msg = "Could not open vdex files.";
1889 return -1;
1890 }
1891
1892 // Ensure that the oat dir and the compiler artifacts of secondary dex files have the correct
1893 // selinux context (we generate them on the fly during the dexopt invocation and they don't
1894 // fully inherit their parent context).
1895 // Note that for primary apk the oat files are created before, in a separate installd
1896 // call which also does the restorecon. TODO(calin): unify the paths.
1897 if (is_secondary_dex) {
1898 if (selinux_android_restorecon_pkgdir(oat_dir, se_info, uid,
1899 SELINUX_ANDROID_RESTORECON_RECURSE)) {
1900 *error_msg = std::string("Failed to restorecon ").append(oat_dir);
1901 LOG(ERROR) << *error_msg;
1902 return -1;
1903 }
1904 }
1905
1906 // Create a swap file if necessary.
1907 unique_fd swap_fd = maybe_open_dexopt_swap_file(out_oat.path());
1908
1909 // Open the reference profile if needed.
1910 UniqueFile reference_profile = maybe_open_reference_profile(
1911 pkgname, dex_path, profile_name, profile_guided, is_public, uid, is_secondary_dex);
1912
1913 if (reference_profile.fd() == -1) {
1914 // We don't create an app image without reference profile since there is no speedup from
1915 // loading it in that case and instead will be a small overhead.
1916 generate_app_image = false;
1917 }
1918
1919 // Create the app image file if needed.
1920 RestorableFile out_image = maybe_open_app_image(out_oat.path(), generate_app_image, is_public,
1921 uid, is_secondary_dex);
1922
1923 UniqueFile dex_metadata;
1924 if (dex_metadata_path != nullptr) {
1925 dex_metadata.reset(TEMP_FAILURE_RETRY(open(dex_metadata_path, O_RDONLY | O_NOFOLLOW)),
1926 dex_metadata_path);
1927 if (dex_metadata.fd() < 0) {
1928 PLOG(ERROR) << "Failed to open dex metadata file " << dex_metadata_path;
1929 }
1930 }
1931
1932 std::string jitzygote_flag = server_configurable_flags::GetServerConfigurableFlag(
1933 RUNTIME_NATIVE_BOOT_NAMESPACE,
1934 ENABLE_JITZYGOTE_IMAGE,
1935 /*default_value=*/ "");
1936 bool use_jitzygote_image = jitzygote_flag == "true" || IsBootClassPathProfilingEnable();
1937
1938 // Decide whether to use dex2oat64.
1939 bool use_dex2oat64 = false;
1940 // Check whether the device even supports 64-bit ABIs.
1941 if (!GetProperty("ro.product.cpu.abilist64", "").empty()) {
1942 use_dex2oat64 = GetBoolProperty("dalvik.vm.dex2oat64.enabled", false);
1943 }
1944 const char* dex2oat_bin = select_execution_binary(
1945 (use_dex2oat64 ? kDex2oat64Path : kDex2oat32Path),
1946 (use_dex2oat64 ? kDex2oatDebug64Path : kDex2oatDebug32Path),
1947 background_job_compile);
1948
1949 auto execv_helper = std::make_unique<ExecVHelper>();
1950
1951 LOG(VERBOSE) << "DexInv: --- BEGIN '" << dex_path << "' ---";
1952
1953 RunDex2Oat runner(dex2oat_bin, execv_helper.get());
1954 runner.Initialize(out_oat.GetUniqueFile(), out_vdex.GetUniqueFile(), out_image.GetUniqueFile(),
1955 in_dex, in_vdex, dex_metadata, reference_profile, class_loader_context,
1956 join_fds(context_input_fds), swap_fd.get(), instruction_set, compiler_filter,
1957 debuggable, boot_complete, for_restore, target_sdk_version,
1958 enable_hidden_api_checks, generate_compact_dex, use_jitzygote_image,
1959 compilation_reason);
1960
1961 bool cancelled = false;
1962 pid_t pid = dexopt_status_->check_cancellation_and_fork(&cancelled);
1963 if (cancelled) {
1964 *completed = false;
1965 reference_profile.DisableCleanup();
1966 return 0;
1967 }
1968 if (pid == 0) {
1969 // Need to set schedpolicy before dropping privileges
1970 // for cgroup migration. See details at b/175178520.
1971 SetDex2OatScheduling(boot_complete);
1972
1973 /* child -- drop privileges before continuing */
1974 drop_capabilities(uid);
1975
1976 if (flock(out_oat.fd(), LOCK_EX | LOCK_NB) != 0) {
1977 async_safe_format_log(ANDROID_LOG_ERROR, LOG_TAG, "flock(%s) failed",
1978 out_oat.path().c_str());
1979 _exit(DexoptReturnCodes::kFlock);
1980 }
1981
1982 runner.Exec(DexoptReturnCodes::kDex2oatExec);
1983 } else {
1984 int res = wait_child_with_timeout(pid, kLongTimeoutMs);
1985 bool cancelled = dexopt_status_->check_if_killed_and_remove_dexopt_pid(pid);
1986 if (res == 0) {
1987 LOG(VERBOSE) << "DexInv: --- END '" << dex_path << "' (success) ---";
1988 } else {
1989 if ((WTERMSIG(res) == SIGKILL) && cancelled) {
1990 LOG(VERBOSE) << "DexInv: --- END '" << dex_path << "' --- cancelled";
1991 // cancelled, not an error
1992 *completed = false;
1993 reference_profile.DisableCleanup();
1994 return 0;
1995 }
1996 LOG(VERBOSE) << "DexInv: --- END '" << dex_path << "' --- status=0x"
1997 << std::hex << std::setw(4) << res << ", process failed";
1998 *error_msg = format_dexopt_error(res, dex_path);
1999 return res;
2000 }
2001 }
2002
2003 // dex2oat ran successfully, so profile is safe to keep.
2004 reference_profile.DisableCleanup();
2005
2006 // We've been successful, commit work files.
2007 // If committing (=renaming tmp to regular) fails, try to restore backup files.
2008 // If restoring fails as well, as a last resort, remove all files.
2009 if (!out_oat.CreateBackupFile() || !out_vdex.CreateBackupFile() ||
2010 !out_image.CreateBackupFile()) {
2011 // Renaming failure can mean that the original file may not be accessible from installd.
2012 LOG(ERROR) << "Cannot create backup file from existing file, file in wrong state?"
2013 << ", out_oat:" << out_oat.path() << " ,out_vdex:" << out_vdex.path()
2014 << " ,out_image:" << out_image.path();
2015 out_oat.ResetAndRemoveAllFiles();
2016 out_vdex.ResetAndRemoveAllFiles();
2017 out_image.ResetAndRemoveAllFiles();
2018 return -1;
2019 }
2020 if (!out_oat.CommitWorkFile() || !out_vdex.CommitWorkFile() || !out_image.CommitWorkFile()) {
2021 LOG(ERROR) << "Cannot commit, out_oat:" << out_oat.path()
2022 << " ,out_vdex:" << out_vdex.path() << " ,out_image:" << out_image.path();
2023 if (!out_oat.RestoreBackupFile() || !out_vdex.RestoreBackupFile() ||
2024 !out_image.RestoreBackupFile()) {
2025 LOG(ERROR) << "Cannot cancel commit, out_oat:" << out_oat.path()
2026 << " ,out_vdex:" << out_vdex.path() << " ,out_image:" << out_image.path();
2027 // Restoring failed.
2028 out_oat.ResetAndRemoveAllFiles();
2029 out_vdex.ResetAndRemoveAllFiles();
2030 out_image.ResetAndRemoveAllFiles();
2031 }
2032 return -1;
2033 }
2034 // Now remove remaining backup files.
2035 out_oat.RemoveBackupFile();
2036 out_vdex.RemoveBackupFile();
2037 out_image.RemoveBackupFile();
2038
2039 *completed = true;
2040 return 0;
2041 }
2042
2043 // Try to remove the given directory. Log an error if the directory exists
2044 // and is empty but could not be removed.
rmdir_if_empty(const char * dir)2045 static bool rmdir_if_empty(const char* dir) {
2046 if (rmdir(dir) == 0) {
2047 return true;
2048 }
2049 if (errno == ENOENT || errno == ENOTEMPTY) {
2050 return true;
2051 }
2052 PLOG(ERROR) << "Failed to remove dir: " << dir;
2053 return false;
2054 }
2055
2056 // Try to unlink the given file. Log an error if the file exists and could not
2057 // be unlinked.
unlink_if_exists(const std::string & file)2058 static bool unlink_if_exists(const std::string& file) {
2059 if (unlink(file.c_str()) == 0) {
2060 return true;
2061 }
2062 if (errno == ENOENT) {
2063 return true;
2064
2065 }
2066 PLOG(ERROR) << "Could not unlink: " << file;
2067 return false;
2068 }
2069
2070 enum ReconcileSecondaryDexResult {
2071 kReconcileSecondaryDexExists = 0,
2072 kReconcileSecondaryDexCleanedUp = 1,
2073 kReconcileSecondaryDexValidationError = 2,
2074 kReconcileSecondaryDexCleanUpError = 3,
2075 kReconcileSecondaryDexAccessIOError = 4,
2076 };
2077
2078 // Reconcile the secondary dex 'dex_path' and its generated oat files.
2079 // Return true if all the parameters are valid and the secondary dex file was
2080 // processed successfully (i.e. the dex_path either exists, or if not, its corresponding
2081 // oat/vdex/art files where deleted successfully). In this case, out_secondary_dex_exists
2082 // will be true if the secondary dex file still exists. If the secondary dex file does not exist,
2083 // the method cleans up any previously generated compiler artifacts (oat, vdex, art).
2084 // Return false if there were errors during processing. In this case
2085 // out_secondary_dex_exists will be set to false.
reconcile_secondary_dex_file(const std::string & dex_path,const std::string & pkgname,int uid,const std::vector<std::string> & isas,const std::optional<std::string> & volume_uuid,int storage_flag,bool * out_secondary_dex_exists)2086 bool reconcile_secondary_dex_file(const std::string& dex_path,
2087 const std::string& pkgname, int uid, const std::vector<std::string>& isas,
2088 const std::optional<std::string>& volume_uuid, int storage_flag,
2089 /*out*/bool* out_secondary_dex_exists) {
2090 *out_secondary_dex_exists = false; // start by assuming the file does not exist.
2091 if (isas.size() == 0) {
2092 LOG(ERROR) << "reconcile_secondary_dex_file called with empty isas vector";
2093 return false;
2094 }
2095
2096 if (storage_flag != FLAG_STORAGE_CE && storage_flag != FLAG_STORAGE_DE) {
2097 LOG(ERROR) << "reconcile_secondary_dex_file called with invalid storage_flag: "
2098 << storage_flag;
2099 return false;
2100 }
2101
2102 // As a security measure we want to unlink art artifacts with the reduced capabilities
2103 // of the package user id. So we fork and drop capabilities in the child.
2104 pid_t pid = fork();
2105 if (pid == 0) {
2106 /* child -- drop privileges before continuing */
2107 drop_capabilities(uid);
2108
2109 const char* volume_uuid_cstr = volume_uuid ? volume_uuid->c_str() : nullptr;
2110 if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid_cstr,
2111 uid, storage_flag)) {
2112 async_safe_format_log(ANDROID_LOG_ERROR, LOG_TAG,
2113 "Could not validate secondary dex path %s", dex_path.c_str());
2114 _exit(kReconcileSecondaryDexValidationError);
2115 }
2116
2117 SecondaryDexAccess access_check = check_secondary_dex_access(dex_path);
2118 switch (access_check) {
2119 case kSecondaryDexAccessDoesNotExist:
2120 // File does not exist. Proceed with cleaning.
2121 break;
2122 case kSecondaryDexAccessReadOk: _exit(kReconcileSecondaryDexExists);
2123 case kSecondaryDexAccessIOError: _exit(kReconcileSecondaryDexAccessIOError);
2124 case kSecondaryDexAccessPermissionError: _exit(kReconcileSecondaryDexValidationError);
2125 default:
2126 async_safe_format_log(ANDROID_LOG_ERROR, LOG_TAG,
2127 "Unexpected result from check_secondary_dex_access: %d", access_check);
2128 _exit(kReconcileSecondaryDexValidationError);
2129 }
2130
2131 // The secondary dex does not exist anymore or it's. Clear any generated files.
2132 char oat_path[PKG_PATH_MAX];
2133 char oat_dir[PKG_PATH_MAX];
2134 char oat_isa_dir[PKG_PATH_MAX];
2135 bool result = true;
2136 for (size_t i = 0; i < isas.size(); i++) {
2137 std::string error_msg;
2138 if (!create_secondary_dex_oat_layout(
2139 dex_path,isas[i], oat_dir, oat_isa_dir, oat_path, &error_msg)) {
2140 async_safe_format_log(ANDROID_LOG_ERROR, LOG_TAG, "%s", error_msg.c_str());
2141 _exit(kReconcileSecondaryDexValidationError);
2142 }
2143
2144 // Delete oat/vdex/art files.
2145 result = unlink_if_exists(oat_path) && result;
2146 result = unlink_if_exists(create_vdex_filename(oat_path)) && result;
2147 result = unlink_if_exists(create_image_filename(oat_path)) && result;
2148
2149 // Delete profiles.
2150 std::string current_profile = create_current_profile_path(
2151 multiuser_get_user_id(uid), pkgname, dex_path, /*is_secondary*/true);
2152 std::string reference_profile = create_reference_profile_path(
2153 pkgname, dex_path, /*is_secondary*/true);
2154 result = unlink_if_exists(current_profile) && result;
2155 result = unlink_if_exists(reference_profile) && result;
2156
2157 // We upgraded once the location of current profile for secondary dex files.
2158 // Check for any previous left-overs and remove them as well.
2159 std::string old_current_profile = dex_path + ".prof";
2160 result = unlink_if_exists(old_current_profile);
2161
2162 // Try removing the directories as well, they might be empty.
2163 result = rmdir_if_empty(oat_isa_dir) && result;
2164 result = rmdir_if_empty(oat_dir) && result;
2165 }
2166 if (!result) {
2167 async_safe_format_log(ANDROID_LOG_ERROR, LOG_TAG,
2168 "Could not validate secondary dex path %s", dex_path.c_str());
2169 }
2170 _exit(result ? kReconcileSecondaryDexCleanedUp : kReconcileSecondaryDexAccessIOError);
2171 }
2172
2173 int return_code = wait_child_with_timeout(pid, kShortTimeoutMs);
2174 if (!WIFEXITED(return_code)) {
2175 LOG(WARNING) << "reconcile dex failed for location " << dex_path << ": " << return_code;
2176 } else {
2177 return_code = WEXITSTATUS(return_code);
2178 }
2179
2180 LOG(DEBUG) << "Reconcile secondary dex path " << dex_path << " result=" << return_code;
2181
2182 switch (return_code) {
2183 case kReconcileSecondaryDexCleanedUp:
2184 case kReconcileSecondaryDexValidationError:
2185 // If we couldn't validate assume the dex file does not exist.
2186 // This will purge the entry from the PM records.
2187 *out_secondary_dex_exists = false;
2188 return true;
2189 case kReconcileSecondaryDexExists:
2190 *out_secondary_dex_exists = true;
2191 return true;
2192 case kReconcileSecondaryDexAccessIOError:
2193 // We had an access IO error.
2194 // Return false so that we can try again.
2195 // The value of out_secondary_dex_exists does not matter in this case and by convention
2196 // is set to false.
2197 *out_secondary_dex_exists = false;
2198 return false;
2199 default:
2200 LOG(ERROR) << "Unexpected code from reconcile_secondary_dex_file: " << return_code;
2201 *out_secondary_dex_exists = false;
2202 return false;
2203 }
2204 }
2205
2206 // Compute and return the hash (SHA-256) of the secondary dex file at dex_path.
2207 // Returns true if all parameters are valid and the hash successfully computed and stored in
2208 // out_secondary_dex_hash.
2209 // Also returns true with an empty hash if the file does not currently exist or is not accessible to
2210 // the app.
2211 // For any other errors (e.g. if any of the parameters are invalid) returns false.
hash_secondary_dex_file(const std::string & dex_path,const std::string & pkgname,int uid,const std::optional<std::string> & volume_uuid,int storage_flag,std::vector<uint8_t> * out_secondary_dex_hash)2212 bool hash_secondary_dex_file(const std::string& dex_path, const std::string& pkgname, int uid,
2213 const std::optional<std::string>& volume_uuid, int storage_flag,
2214 std::vector<uint8_t>* out_secondary_dex_hash) {
2215 out_secondary_dex_hash->clear();
2216
2217 const char* volume_uuid_cstr = volume_uuid ? volume_uuid->c_str() : nullptr;
2218
2219 if (storage_flag != FLAG_STORAGE_CE && storage_flag != FLAG_STORAGE_DE) {
2220 LOG(ERROR) << "hash_secondary_dex_file called with invalid storage_flag: "
2221 << storage_flag;
2222 return false;
2223 }
2224
2225 // Pipe to get the hash result back from our child process.
2226 unique_fd pipe_read, pipe_write;
2227 if (!Pipe(&pipe_read, &pipe_write)) {
2228 PLOG(ERROR) << "Failed to create pipe";
2229 return false;
2230 }
2231
2232 // Fork so that actual access to the files is done in the app's own UID, to ensure we only
2233 // access data the app itself can access.
2234 pid_t pid = fork();
2235 if (pid == 0) {
2236 // child -- drop privileges before continuing
2237 drop_capabilities(uid);
2238 pipe_read.reset();
2239
2240 if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid_cstr, uid, storage_flag)) {
2241 async_safe_format_log(ANDROID_LOG_ERROR, LOG_TAG,
2242 "Could not validate secondary dex path %s", dex_path.c_str());
2243 _exit(DexoptReturnCodes::kHashValidatePath);
2244 }
2245
2246 unique_fd fd(TEMP_FAILURE_RETRY(open(dex_path.c_str(), O_RDONLY | O_CLOEXEC | O_NOFOLLOW)));
2247 if (fd == -1) {
2248 if (errno == EACCES || errno == ENOENT) {
2249 // Not treated as an error.
2250 _exit(0);
2251 }
2252 PLOG(ERROR) << "Failed to open secondary dex " << dex_path;
2253 async_safe_format_log(ANDROID_LOG_ERROR, LOG_TAG,
2254 "Failed to open secondary dex %s: %d", dex_path.c_str(), errno);
2255 _exit(DexoptReturnCodes::kHashOpenPath);
2256 }
2257
2258 SHA256_CTX ctx;
2259 SHA256_Init(&ctx);
2260
2261 std::vector<uint8_t> buffer(65536);
2262 while (true) {
2263 ssize_t bytes_read = TEMP_FAILURE_RETRY(read(fd, buffer.data(), buffer.size()));
2264 if (bytes_read == 0) {
2265 break;
2266 } else if (bytes_read == -1) {
2267 async_safe_format_log(ANDROID_LOG_ERROR, LOG_TAG,
2268 "Failed to read secondary dex %s: %d", dex_path.c_str(), errno);
2269 _exit(DexoptReturnCodes::kHashReadDex);
2270 }
2271
2272 SHA256_Update(&ctx, buffer.data(), bytes_read);
2273 }
2274
2275 std::array<uint8_t, SHA256_DIGEST_LENGTH> hash;
2276 SHA256_Final(hash.data(), &ctx);
2277 if (!WriteFully(pipe_write, hash.data(), hash.size())) {
2278 _exit(DexoptReturnCodes::kHashWrite);
2279 }
2280
2281 _exit(0);
2282 }
2283
2284 // parent
2285 pipe_write.reset();
2286
2287 out_secondary_dex_hash->resize(SHA256_DIGEST_LENGTH);
2288 if (!ReadFully(pipe_read, out_secondary_dex_hash->data(), out_secondary_dex_hash->size())) {
2289 out_secondary_dex_hash->clear();
2290 }
2291 return wait_child_with_timeout(pid, kShortTimeoutMs) == 0;
2292 }
2293
2294 // Helper for move_ab, so that we can have common failure-case cleanup.
unlink_and_rename(const char * from,const char * to)2295 static bool unlink_and_rename(const char* from, const char* to) {
2296 // Check whether "from" exists, and if so whether it's regular. If it is, unlink. Otherwise,
2297 // return a failure.
2298 struct stat s;
2299 if (stat(to, &s) == 0) {
2300 if (!S_ISREG(s.st_mode)) {
2301 LOG(ERROR) << from << " is not a regular file to replace for A/B.";
2302 return false;
2303 }
2304 if (unlink(to) != 0) {
2305 LOG(ERROR) << "Could not unlink " << to << " to move A/B.";
2306 return false;
2307 }
2308 } else {
2309 // This may be a permission problem. We could investigate the error code, but we'll just
2310 // let the rename failure do the work for us.
2311 }
2312
2313 // Try to rename "to" to "from."
2314 if (rename(from, to) != 0) {
2315 PLOG(ERROR) << "Could not rename " << from << " to " << to;
2316 return false;
2317 }
2318 return true;
2319 }
2320
2321 // Move/rename a B artifact (from) to an A artifact (to).
move_ab_path(const std::string & b_path,const std::string & a_path)2322 static bool move_ab_path(const std::string& b_path, const std::string& a_path) {
2323 // Check whether B exists.
2324 {
2325 struct stat s;
2326 if (stat(b_path.c_str(), &s) != 0) {
2327 // Ignore for now. The service calling this isn't smart enough to
2328 // understand lack of artifacts at the moment.
2329 LOG(VERBOSE) << "A/B artifact " << b_path << " does not exist!";
2330 return false;
2331 }
2332 if (!S_ISREG(s.st_mode)) {
2333 LOG(ERROR) << "A/B artifact " << b_path << " is not a regular file.";
2334 // Try to unlink, but swallow errors.
2335 unlink(b_path.c_str());
2336 return false;
2337 }
2338 }
2339
2340 // Rename B to A.
2341 if (!unlink_and_rename(b_path.c_str(), a_path.c_str())) {
2342 // Delete the b_path so we don't try again (or fail earlier).
2343 if (unlink(b_path.c_str()) != 0) {
2344 PLOG(ERROR) << "Could not unlink " << b_path;
2345 }
2346
2347 return false;
2348 }
2349
2350 return true;
2351 }
2352
move_ab(const char * apk_path,const char * instruction_set,const char * oat_dir)2353 bool move_ab(const char* apk_path, const char* instruction_set, const char* oat_dir) {
2354 // Get the current slot suffix. No suffix, no A/B.
2355 const std::string slot_suffix = GetProperty("ro.boot.slot_suffix", "");
2356 if (slot_suffix.empty()) {
2357 return false;
2358 }
2359
2360 if (!ValidateTargetSlotSuffix(slot_suffix)) {
2361 LOG(ERROR) << "Target slot suffix not legal: " << slot_suffix;
2362 return false;
2363 }
2364
2365 // Validate other inputs.
2366 if (validate_apk_path(apk_path) != 0) {
2367 LOG(ERROR) << "Invalid apk_path: " << apk_path;
2368 return false;
2369 }
2370 if (validate_apk_path(oat_dir) != 0) {
2371 LOG(ERROR) << "Invalid oat_dir: " << oat_dir;
2372 return false;
2373 }
2374
2375 char a_path[PKG_PATH_MAX];
2376 if (!calculate_oat_file_path(a_path, oat_dir, apk_path, instruction_set)) {
2377 return false;
2378 }
2379 const std::string a_vdex_path = create_vdex_filename(a_path);
2380 const std::string a_image_path = create_image_filename(a_path);
2381
2382 // B path = A path + slot suffix.
2383 const std::string b_path = StringPrintf("%s.%s", a_path, slot_suffix.c_str());
2384 const std::string b_vdex_path = StringPrintf("%s.%s", a_vdex_path.c_str(), slot_suffix.c_str());
2385 const std::string b_image_path = StringPrintf("%s.%s",
2386 a_image_path.c_str(),
2387 slot_suffix.c_str());
2388
2389 bool success = true;
2390 if (move_ab_path(b_path, a_path)) {
2391 if (move_ab_path(b_vdex_path, a_vdex_path)) {
2392 // Note: we can live without an app image. As such, ignore failure to move the image file.
2393 // If we decide to require the app image, or the app image being moved correctly,
2394 // then change accordingly.
2395 constexpr bool kIgnoreAppImageFailure = true;
2396
2397 if (!a_image_path.empty()) {
2398 if (!move_ab_path(b_image_path, a_image_path)) {
2399 unlink(a_image_path.c_str());
2400 if (!kIgnoreAppImageFailure) {
2401 success = false;
2402 }
2403 }
2404 }
2405 } else {
2406 // Cleanup: delete B image, ignore errors.
2407 unlink(b_image_path.c_str());
2408 success = false;
2409 }
2410 } else {
2411 // Cleanup: delete B image, ignore errors.
2412 unlink(b_vdex_path.c_str());
2413 unlink(b_image_path.c_str());
2414 success = false;
2415 }
2416 return success;
2417 }
2418
delete_odex(const char * apk_path,const char * instruction_set,const char * oat_dir)2419 int64_t delete_odex(const char* apk_path, const char* instruction_set, const char* oat_dir) {
2420 // Delete the oat/odex file.
2421 char out_path[PKG_PATH_MAX];
2422 if (!create_oat_out_path(apk_path, instruction_set, oat_dir,
2423 /*is_secondary_dex*/false, out_path)) {
2424 LOG(ERROR) << "Cannot create apk path for " << apk_path;
2425 return -1;
2426 }
2427
2428 // In case of a permission failure report the issue. Otherwise just print a warning.
2429 auto unlink_and_check = [](const char* path) -> int64_t {
2430 struct stat file_stat;
2431 if (stat(path, &file_stat) != 0) {
2432 if (errno != ENOENT) {
2433 PLOG(ERROR) << "Could not stat " << path;
2434 return -1;
2435 }
2436 return 0;
2437 }
2438
2439 if (unlink(path) != 0) {
2440 if (errno != ENOENT) {
2441 PLOG(ERROR) << "Could not unlink " << path;
2442 return -1;
2443 }
2444 }
2445 return static_cast<int64_t>(file_stat.st_size);
2446 };
2447
2448 // Delete the oat/odex file.
2449 int64_t return_value_oat = unlink_and_check(out_path);
2450
2451 // Derive and delete the app image.
2452 int64_t return_value_art = unlink_and_check(create_image_filename(out_path).c_str());
2453
2454 // Derive and delete the vdex file.
2455 int64_t return_value_vdex = unlink_and_check(create_vdex_filename(out_path).c_str());
2456
2457 // Report result
2458 if (return_value_oat == -1
2459 || return_value_art == -1
2460 || return_value_vdex == -1) {
2461 return -1;
2462 }
2463
2464 return return_value_oat + return_value_art + return_value_vdex;
2465 }
2466
is_absolute_path(const std::string & path)2467 static bool is_absolute_path(const std::string& path) {
2468 if (path.find('/') != 0 || path.find("..") != std::string::npos) {
2469 LOG(ERROR) << "Invalid absolute path " << path;
2470 return false;
2471 } else {
2472 return true;
2473 }
2474 }
2475
is_valid_instruction_set(const std::string & instruction_set)2476 static bool is_valid_instruction_set(const std::string& instruction_set) {
2477 // TODO: add explicit whitelisting of instruction sets
2478 if (instruction_set.find('/') != std::string::npos) {
2479 LOG(ERROR) << "Invalid instruction set " << instruction_set;
2480 return false;
2481 } else {
2482 return true;
2483 }
2484 }
2485
calculate_oat_file_path_default(char path[PKG_PATH_MAX],const char * oat_dir,const char * apk_path,const char * instruction_set)2486 bool calculate_oat_file_path_default(char path[PKG_PATH_MAX], const char *oat_dir,
2487 const char *apk_path, const char *instruction_set) {
2488 std::string oat_dir_ = oat_dir;
2489 std::string apk_path_ = apk_path;
2490 std::string instruction_set_ = instruction_set;
2491
2492 if (!is_absolute_path(oat_dir_)) return false;
2493 if (!is_absolute_path(apk_path_)) return false;
2494 if (!is_valid_instruction_set(instruction_set_)) return false;
2495
2496 std::string::size_type end = apk_path_.rfind('.');
2497 std::string::size_type start = apk_path_.rfind('/', end);
2498 if (end == std::string::npos || start == std::string::npos) {
2499 LOG(ERROR) << "Invalid apk_path " << apk_path_;
2500 return false;
2501 }
2502
2503 std::string res_ = oat_dir_ + '/' + instruction_set + '/'
2504 + apk_path_.substr(start + 1, end - start - 1) + ".odex";
2505 const char* res = res_.c_str();
2506 if (strlen(res) >= PKG_PATH_MAX) {
2507 LOG(ERROR) << "Result too large";
2508 return false;
2509 } else {
2510 strlcpy(path, res, PKG_PATH_MAX);
2511 return true;
2512 }
2513 }
2514
calculate_odex_file_path_default(char path[PKG_PATH_MAX],const char * apk_path,const char * instruction_set)2515 bool calculate_odex_file_path_default(char path[PKG_PATH_MAX], const char *apk_path,
2516 const char *instruction_set) {
2517 std::string apk_path_ = apk_path;
2518 std::string instruction_set_ = instruction_set;
2519
2520 if (!is_absolute_path(apk_path_)) return false;
2521 if (!is_valid_instruction_set(instruction_set_)) return false;
2522
2523 std::string::size_type end = apk_path_.rfind('.');
2524 std::string::size_type start = apk_path_.rfind('/', end);
2525 if (end == std::string::npos || start == std::string::npos) {
2526 LOG(ERROR) << "Invalid apk_path " << apk_path_;
2527 return false;
2528 }
2529
2530 std::string oat_dir = apk_path_.substr(0, start + 1) + "oat";
2531 return calculate_oat_file_path_default(path, oat_dir.c_str(), apk_path, instruction_set);
2532 }
2533
create_cache_path_default(char path[PKG_PATH_MAX],const char * src,const char * instruction_set)2534 bool create_cache_path_default(char path[PKG_PATH_MAX], const char *src,
2535 const char *instruction_set) {
2536 std::string src_ = src;
2537 std::string instruction_set_ = instruction_set;
2538
2539 if (!is_absolute_path(src_)) return false;
2540 if (!is_valid_instruction_set(instruction_set_)) return false;
2541
2542 for (auto it = src_.begin() + 1; it < src_.end(); ++it) {
2543 if (*it == '/') {
2544 *it = '@';
2545 }
2546 }
2547
2548 std::string res_ = android_data_dir + DALVIK_CACHE + '/' + instruction_set_ + src_
2549 + DALVIK_CACHE_POSTFIX;
2550 const char* res = res_.c_str();
2551 if (strlen(res) >= PKG_PATH_MAX) {
2552 LOG(ERROR) << "Result too large";
2553 return false;
2554 } else {
2555 strlcpy(path, res, PKG_PATH_MAX);
2556 return true;
2557 }
2558 }
2559
open_classpath_files(const std::string & classpath,std::vector<unique_fd> * apk_fds,std::vector<std::string> * dex_locations)2560 bool open_classpath_files(const std::string& classpath, std::vector<unique_fd>* apk_fds,
2561 std::vector<std::string>* dex_locations) {
2562 std::vector<std::string> classpaths_elems = base::Split(classpath, ":");
2563 for (const std::string& elem : classpaths_elems) {
2564 unique_fd fd(TEMP_FAILURE_RETRY(open(elem.c_str(), O_RDONLY)));
2565 if (fd < 0) {
2566 PLOG(ERROR) << "Could not open classpath elem " << elem;
2567 return false;
2568 } else {
2569 apk_fds->push_back(std::move(fd));
2570 dex_locations->push_back(elem);
2571 }
2572 }
2573 return true;
2574 }
2575
create_app_profile_snapshot(int32_t app_id,const std::string & package_name,const std::string & profile_name,const std::string & classpath)2576 static bool create_app_profile_snapshot(int32_t app_id,
2577 const std::string& package_name,
2578 const std::string& profile_name,
2579 const std::string& classpath) {
2580 int app_shared_gid = multiuser_get_shared_gid(/*user_id*/ 0, app_id);
2581
2582 unique_fd snapshot_fd = open_snapshot_profile(AID_SYSTEM, package_name, profile_name);
2583 if (snapshot_fd < 0) {
2584 return false;
2585 }
2586
2587 std::vector<unique_fd> profiles_fd;
2588 unique_fd reference_profile_fd;
2589 open_profile_files(app_shared_gid, package_name, profile_name, /*is_secondary_dex*/ false,
2590 &profiles_fd, &reference_profile_fd);
2591 if (profiles_fd.empty() || (reference_profile_fd.get() < 0)) {
2592 return false;
2593 }
2594
2595 profiles_fd.push_back(std::move(reference_profile_fd));
2596
2597 // Open the class paths elements. These will be used to filter out profile data that does
2598 // not belong to the classpath during merge.
2599 std::vector<unique_fd> apk_fds;
2600 std::vector<std::string> dex_locations;
2601 if (!open_classpath_files(classpath, &apk_fds, &dex_locations)) {
2602 return false;
2603 }
2604
2605 RunProfman args;
2606 // This is specifically a snapshot for an app, so don't use boot image profiles.
2607 args.SetupMerge(profiles_fd,
2608 snapshot_fd,
2609 apk_fds,
2610 dex_locations,
2611 /* for_snapshot= */ true,
2612 /* for_boot_image= */ false);
2613 pid_t pid = fork();
2614 if (pid == 0) {
2615 /* child -- drop privileges before continuing */
2616 drop_capabilities(app_shared_gid);
2617 args.Exec();
2618 }
2619
2620 /* parent */
2621 int return_code = wait_child_with_timeout(pid, kShortTimeoutMs);
2622 if (!WIFEXITED(return_code)) {
2623 LOG(WARNING) << "profman failed for " << package_name << ":" << profile_name;
2624 cleanup_output_fd(snapshot_fd.get());
2625 return false;
2626 }
2627
2628 // Verify that profman finished successfully.
2629 int profman_code = WEXITSTATUS(return_code);
2630 if (profman_code != PROFMAN_BIN_RETURN_CODE_SUCCESS) {
2631 LOG(WARNING) << "profman error for " << package_name << ":" << profile_name
2632 << ":" << profman_code;
2633 return false;
2634 }
2635 return true;
2636 }
2637
create_boot_image_profile_snapshot(const std::string & package_name,const std::string & profile_name,const std::string & classpath)2638 static bool create_boot_image_profile_snapshot(const std::string& package_name,
2639 const std::string& profile_name,
2640 const std::string& classpath) {
2641 // The reference profile directory for the android package might not be prepared. Do it now.
2642 const std::string ref_profile_dir =
2643 create_primary_reference_profile_package_dir_path(package_name);
2644 if (fs_prepare_dir(ref_profile_dir.c_str(), 0770, AID_SYSTEM, AID_SYSTEM) != 0) {
2645 PLOG(ERROR) << "Failed to prepare " << ref_profile_dir;
2646 return false;
2647 }
2648
2649 // Return false for empty class path since it may otherwise return true below if profiles is
2650 // empty.
2651 if (classpath.empty()) {
2652 PLOG(ERROR) << "Class path is empty";
2653 return false;
2654 }
2655
2656 // Open and create the snapshot profile.
2657 unique_fd snapshot_fd = open_snapshot_profile(AID_SYSTEM, package_name, profile_name);
2658
2659 // Collect all non empty profiles.
2660 // The collection will traverse all applications profiles and find the non empty files.
2661 // This has the potential of inspecting a large number of files and directories (depending
2662 // on the number of applications and users). So there is a slight increase in the chance
2663 // to get get occasionally I/O errors (e.g. for opening the file). When that happens do not
2664 // fail the snapshot and aggregate whatever profile we could open.
2665 //
2666 // The profile snapshot is a best effort based on available data it's ok if some data
2667 // from some apps is missing. It will be counter productive for the snapshot to fail
2668 // because we could not open or read some of the files.
2669 std::vector<std::string> profiles;
2670 if (!collect_profiles(&profiles)) {
2671 LOG(WARNING) << "There were errors while collecting the profiles for the boot image.";
2672 }
2673
2674 // If we have no profiles return early.
2675 if (profiles.empty()) {
2676 return true;
2677 }
2678
2679 // Open the classpath elements. These will be used to filter out profile data that does
2680 // not belong to the classpath during merge.
2681 std::vector<unique_fd> apk_fds;
2682 std::vector<std::string> dex_locations;
2683 if (!open_classpath_files(classpath, &apk_fds, &dex_locations)) {
2684 return false;
2685 }
2686
2687 // If we could not open any files from the classpath return an error.
2688 if (apk_fds.empty()) {
2689 LOG(ERROR) << "Could not open any of the classpath elements.";
2690 return false;
2691 }
2692
2693 // Aggregate the profiles in batches of kAggregationBatchSize.
2694 // We do this to avoid opening a huge a amount of files.
2695 static constexpr size_t kAggregationBatchSize = 10;
2696
2697 for (size_t i = 0; i < profiles.size(); ) {
2698 std::vector<unique_fd> profiles_fd;
2699 for (size_t k = 0; k < kAggregationBatchSize && i < profiles.size(); k++, i++) {
2700 unique_fd fd = open_profile(AID_SYSTEM, profiles[i], O_RDONLY, /*mode=*/ 0);
2701 if (fd.get() >= 0) {
2702 profiles_fd.push_back(std::move(fd));
2703 }
2704 }
2705
2706 // We aggregate (read & write) into the same fd multiple times in a row.
2707 // We need to reset the cursor every time to ensure we read the whole file every time.
2708 if (TEMP_FAILURE_RETRY(lseek(snapshot_fd, 0, SEEK_SET)) == static_cast<off_t>(-1)) {
2709 PLOG(ERROR) << "Cannot reset position for snapshot profile";
2710 return false;
2711 }
2712
2713 RunProfman args;
2714 args.SetupMerge(profiles_fd,
2715 snapshot_fd,
2716 apk_fds,
2717 dex_locations,
2718 /*for_snapshot=*/true,
2719 /*for_boot_image=*/true);
2720 pid_t pid = fork();
2721 if (pid == 0) {
2722 /* child -- drop privileges before continuing */
2723 drop_capabilities(AID_SYSTEM);
2724
2725 // The introduction of new access flags into boot jars causes them to
2726 // fail dex file verification.
2727 args.Exec();
2728 }
2729
2730 /* parent */
2731 int return_code = wait_child_with_timeout(pid, kShortTimeoutMs);
2732
2733 if (!WIFEXITED(return_code)) {
2734 PLOG(WARNING) << "profman failed for " << package_name << ":" << profile_name;
2735 cleanup_output_fd(snapshot_fd.get());
2736 return false;
2737 }
2738
2739 // Verify that profman finished successfully.
2740 int profman_code = WEXITSTATUS(return_code);
2741 if (profman_code != PROFMAN_BIN_RETURN_CODE_SUCCESS) {
2742 LOG(WARNING) << "profman error for " << package_name << ":" << profile_name
2743 << ":" << profman_code;
2744 return false;
2745 }
2746 }
2747
2748 return true;
2749 }
2750
create_profile_snapshot(int32_t app_id,const std::string & package_name,const std::string & profile_name,const std::string & classpath)2751 bool create_profile_snapshot(int32_t app_id, const std::string& package_name,
2752 const std::string& profile_name, const std::string& classpath) {
2753 if (app_id == -1) {
2754 return create_boot_image_profile_snapshot(package_name, profile_name, classpath);
2755 } else {
2756 return create_app_profile_snapshot(app_id, package_name, profile_name, classpath);
2757 }
2758 }
2759
check_profile_exists_in_dexmetadata(const std::string & dex_metadata)2760 static bool check_profile_exists_in_dexmetadata(const std::string& dex_metadata) {
2761 ZipArchiveHandle zip = nullptr;
2762 if (OpenArchive(dex_metadata.c_str(), &zip) != 0) {
2763 PLOG(ERROR) << "Failed to open dm '" << dex_metadata << "'";
2764 return false;
2765 }
2766
2767 ZipEntry64 entry;
2768 int result = FindEntry(zip, "primary.prof", &entry);
2769 CloseArchive(zip);
2770
2771 return result != 0 ? false : true;
2772 }
2773
prepare_app_profile(const std::string & package_name,userid_t user_id,appid_t app_id,const std::string & profile_name,const std::string & code_path,const std::optional<std::string> & dex_metadata)2774 bool prepare_app_profile(const std::string& package_name,
2775 userid_t user_id,
2776 appid_t app_id,
2777 const std::string& profile_name,
2778 const std::string& code_path,
2779 const std::optional<std::string>& dex_metadata) {
2780 if (user_id != USER_NULL) {
2781 if (user_id < 0) {
2782 LOG(ERROR) << "Unexpected user ID " << user_id;
2783 return false;
2784 }
2785
2786 // Prepare the current profile.
2787 std::string cur_profile = create_current_profile_path(user_id, package_name, profile_name,
2788 /*is_secondary_dex*/ false);
2789 uid_t uid = multiuser_get_uid(user_id, app_id);
2790 if (fs_prepare_file_strict(cur_profile.c_str(), 0600, uid, uid) != 0) {
2791 PLOG(ERROR) << "Failed to prepare " << cur_profile;
2792 return false;
2793 }
2794 } else {
2795 // Prepare the reference profile as the system user.
2796 user_id = USER_SYSTEM;
2797 }
2798
2799 // Check if we need to install the profile from the dex metadata.
2800 if (!dex_metadata || !check_profile_exists_in_dexmetadata(dex_metadata->c_str())) {
2801 return true;
2802 }
2803
2804 // We have a dex metdata. Merge the profile into the reference profile.
2805 unique_fd ref_profile_fd =
2806 open_reference_profile(multiuser_get_uid(user_id, app_id), package_name, profile_name,
2807 /*read_write*/ true, /*is_secondary_dex*/ false);
2808 unique_fd dex_metadata_fd(TEMP_FAILURE_RETRY(
2809 open(dex_metadata->c_str(), O_RDONLY | O_NOFOLLOW)));
2810 unique_fd apk_fd(TEMP_FAILURE_RETRY(open(code_path.c_str(), O_RDONLY | O_NOFOLLOW)));
2811 if (apk_fd < 0) {
2812 PLOG(ERROR) << "Could not open code path " << code_path;
2813 return false;
2814 }
2815
2816 RunProfman args;
2817 args.SetupCopyAndUpdate(dex_metadata_fd,
2818 ref_profile_fd,
2819 apk_fd,
2820 code_path);
2821 pid_t pid = fork();
2822 if (pid == 0) {
2823 /* child -- drop privileges before continuing */
2824 gid_t app_shared_gid = multiuser_get_shared_gid(user_id, app_id);
2825 drop_capabilities(app_shared_gid);
2826
2827 // The copy and update takes ownership over the fds.
2828 args.Exec();
2829 }
2830
2831 /* parent */
2832 int return_code = wait_child_with_timeout(pid, kShortTimeoutMs);
2833 if (!WIFEXITED(return_code)) {
2834 PLOG(WARNING) << "profman failed for " << package_name << ":" << profile_name;
2835 cleanup_output_fd(ref_profile_fd.get());
2836 return false;
2837 }
2838 return true;
2839 }
2840
get_odex_visibility(const char * apk_path,const char * instruction_set,const char * oat_dir)2841 int get_odex_visibility(const char* apk_path, const char* instruction_set, const char* oat_dir) {
2842 char oat_path[PKG_PATH_MAX];
2843 if (!create_oat_out_path(apk_path, instruction_set, oat_dir, /*is_secondary_dex=*/false,
2844 oat_path)) {
2845 return -1;
2846 }
2847 struct stat st;
2848 if (stat(oat_path, &st) == -1) {
2849 if (errno == ENOENT) {
2850 return ODEX_NOT_FOUND;
2851 }
2852 PLOG(ERROR) << "Could not stat " << oat_path;
2853 return -1;
2854 }
2855 return (st.st_mode & S_IROTH) ? ODEX_IS_PUBLIC : ODEX_IS_PRIVATE;
2856 }
2857
2858 } // namespace installd
2859 } // namespace android
2860