1 //
2 // Copyright (C) 2012 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include "update_engine/common/utils.h"
18
19 #include <stdint.h>
20
21 #include <dirent.h>
22 #include <elf.h>
23 #include <endian.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <sys/mount.h>
30 #include <sys/resource.h>
31 #include <sys/sendfile.h>
32 #include <sys/stat.h>
33 #include <sys/types.h>
34 #include <time.h>
35 #include <unistd.h>
36
37 #include <algorithm>
38 #include <filesystem>
39 #include <utility>
40 #include <vector>
41
42 #include <android-base/strings.h>
43 #include <base/callback.h>
44 #include <base/files/file_path.h>
45 #include <base/files/file_util.h>
46 #include <base/files/scoped_file.h>
47 #include <base/format_macros.h>
48 #include <base/location.h>
49 #include <base/logging.h>
50 #include <base/posix/eintr_wrapper.h>
51 #include <base/rand_util.h>
52 #include <base/strings/string_number_conversions.h>
53 #include <base/strings/string_split.h>
54 #include <base/strings/string_util.h>
55 #include <base/strings/stringprintf.h>
56 #include <brillo/data_encoding.h>
57
58 #include "update_engine/common/constants.h"
59 #include "update_engine/common/subprocess.h"
60 #include "update_engine/common/platform_constants.h"
61 #include "update_engine/payload_consumer/file_descriptor.h"
62
63 using base::Time;
64 using base::TimeDelta;
65 using std::min;
66 using std::numeric_limits;
67 using std::string;
68 using std::vector;
69
70 namespace chromeos_update_engine {
71
72 namespace {
73
74 // The following constants control how UnmountFilesystem should retry if
75 // umount() fails with an errno EBUSY, i.e. retry 5 times over the course of
76 // one second.
77 const int kUnmountMaxNumOfRetries = 5;
78 const int kUnmountRetryIntervalInMicroseconds = 200 * 1000; // 200 ms
79
80 // Number of bytes to read from a file to attempt to detect its contents. Used
81 // in GetFileFormat.
82 const int kGetFileFormatMaxHeaderSize = 32;
83
84 // The path to the kernel's boot_id.
85 const char kBootIdPath[] = "/proc/sys/kernel/random/boot_id";
86
87 // If |path| is absolute, or explicit relative to the current working directory,
88 // leaves it as is. Otherwise, uses the system's temp directory, as defined by
89 // base::GetTempDir() and prepends it to |path|. On success stores the full
90 // temporary path in |template_path| and returns true.
GetTempName(const string & path,base::FilePath * template_path)91 bool GetTempName(const string& path, base::FilePath* template_path) {
92 if (path[0] == '/' ||
93 base::StartsWith(path, "./", base::CompareCase::SENSITIVE) ||
94 base::StartsWith(path, "../", base::CompareCase::SENSITIVE)) {
95 *template_path = base::FilePath(path);
96 return true;
97 }
98
99 base::FilePath temp_dir;
100 #ifdef __ANDROID__
101 temp_dir = base::FilePath(constants::kNonVolatileDirectory).Append("tmp");
102 #else
103 TEST_AND_RETURN_FALSE(base::GetTempDir(&temp_dir));
104 #endif // __ANDROID__
105 if (!base::PathExists(temp_dir))
106 TEST_AND_RETURN_FALSE(base::CreateDirectory(temp_dir));
107 *template_path = temp_dir.Append(path);
108 return true;
109 }
110
111 } // namespace
112
113 namespace utils {
114
WriteFile(const char * path,const void * data,size_t data_len)115 bool WriteFile(const char* path, const void* data, size_t data_len) {
116 int fd = HANDLE_EINTR(open(path, O_WRONLY | O_CREAT | O_TRUNC, 0600));
117 TEST_AND_RETURN_FALSE_ERRNO(fd >= 0);
118 ScopedFdCloser fd_closer(&fd);
119 return WriteAll(fd, data, data_len);
120 }
121
ReadAll(int fd,void * buf,size_t count,size_t * out_bytes_read,bool * eof)122 bool ReadAll(
123 int fd, void* buf, size_t count, size_t* out_bytes_read, bool* eof) {
124 char* c_buf = static_cast<char*>(buf);
125 size_t bytes_read = 0;
126 *eof = false;
127 while (bytes_read < count) {
128 ssize_t rc = HANDLE_EINTR(read(fd, c_buf + bytes_read, count - bytes_read));
129 if (rc < 0) {
130 // EAGAIN and EWOULDBLOCK are normal return values when there's no more
131 // input and we are in non-blocking mode.
132 if (errno != EWOULDBLOCK && errno != EAGAIN) {
133 PLOG(ERROR) << "Error reading fd " << fd;
134 *out_bytes_read = bytes_read;
135 return false;
136 }
137 break;
138 } else if (rc == 0) {
139 // A value of 0 means that we reached EOF and there is nothing else to
140 // read from this fd.
141 *eof = true;
142 break;
143 } else {
144 bytes_read += rc;
145 }
146 }
147 *out_bytes_read = bytes_read;
148 return true;
149 }
150
WriteAll(int fd,const void * buf,size_t count)151 bool WriteAll(int fd, const void* buf, size_t count) {
152 const char* c_buf = static_cast<const char*>(buf);
153 ssize_t bytes_written = 0;
154 while (bytes_written < static_cast<ssize_t>(count)) {
155 ssize_t rc = write(fd, c_buf + bytes_written, count - bytes_written);
156 TEST_AND_RETURN_FALSE_ERRNO(rc >= 0);
157 bytes_written += rc;
158 }
159 return true;
160 }
161
PWriteAll(int fd,const void * buf,size_t count,off_t offset)162 bool PWriteAll(int fd, const void* buf, size_t count, off_t offset) {
163 const char* c_buf = static_cast<const char*>(buf);
164 size_t bytes_written = 0;
165 int num_attempts = 0;
166 while (bytes_written < count) {
167 num_attempts++;
168 ssize_t rc = pwrite(fd,
169 c_buf + bytes_written,
170 count - bytes_written,
171 offset + bytes_written);
172 // TODO(garnold) for debugging failure in chromium-os:31077; to be removed.
173 if (rc < 0) {
174 PLOG(ERROR) << "pwrite error; num_attempts=" << num_attempts
175 << " bytes_written=" << bytes_written << " count=" << count
176 << " offset=" << offset;
177 }
178 TEST_AND_RETURN_FALSE_ERRNO(rc >= 0);
179 bytes_written += rc;
180 }
181 return true;
182 }
183
WriteAll(FileDescriptor * fd,const void * buf,size_t count)184 bool WriteAll(FileDescriptor* fd, const void* buf, size_t count) {
185 const char* c_buf = static_cast<const char*>(buf);
186 ssize_t bytes_written = 0;
187 while (bytes_written < static_cast<ssize_t>(count)) {
188 ssize_t rc = fd->Write(c_buf + bytes_written, count - bytes_written);
189 TEST_AND_RETURN_FALSE_ERRNO(rc >= 0);
190 bytes_written += rc;
191 }
192 return true;
193 }
194
WriteAll(const FileDescriptorPtr & fd,const void * buf,size_t count,off_t offset)195 bool WriteAll(const FileDescriptorPtr& fd,
196 const void* buf,
197 size_t count,
198 off_t offset) {
199 TEST_AND_RETURN_FALSE_ERRNO(fd->Seek(offset, SEEK_SET) !=
200 static_cast<off_t>(-1));
201 return WriteAll(fd, buf, count);
202 }
203
PReadAll(int fd,void * buf,size_t count,off_t offset,ssize_t * out_bytes_read)204 bool PReadAll(
205 int fd, void* buf, size_t count, off_t offset, ssize_t* out_bytes_read) {
206 char* c_buf = static_cast<char*>(buf);
207 ssize_t bytes_read = 0;
208 while (bytes_read < static_cast<ssize_t>(count)) {
209 ssize_t rc =
210 pread(fd, c_buf + bytes_read, count - bytes_read, offset + bytes_read);
211 TEST_AND_RETURN_FALSE_ERRNO(rc >= 0);
212 if (rc == 0) {
213 break;
214 }
215 bytes_read += rc;
216 }
217 *out_bytes_read = bytes_read;
218 return true;
219 }
220
ReadAll(FileDescriptor * fd,void * buf,size_t count,off_t offset,ssize_t * out_bytes_read)221 bool ReadAll(FileDescriptor* fd,
222 void* buf,
223 size_t count,
224 off_t offset,
225 ssize_t* out_bytes_read) {
226 TEST_AND_RETURN_FALSE_ERRNO(fd->Seek(offset, SEEK_SET) !=
227 static_cast<off_t>(-1));
228 char* c_buf = static_cast<char*>(buf);
229 ssize_t bytes_read = 0;
230 while (bytes_read < static_cast<ssize_t>(count)) {
231 ssize_t rc = fd->Read(c_buf + bytes_read, count - bytes_read);
232 TEST_AND_RETURN_FALSE_ERRNO(rc >= 0);
233 if (rc == 0) {
234 break;
235 }
236 bytes_read += rc;
237 }
238 *out_bytes_read = bytes_read;
239 return true;
240 }
241
PReadAll(FileDescriptor * fd,void * buf,size_t count,off_t offset,ssize_t * out_bytes_read)242 bool PReadAll(FileDescriptor* fd,
243 void* buf,
244 size_t count,
245 off_t offset,
246 ssize_t* out_bytes_read) {
247 auto old_off = fd->Seek(0, SEEK_CUR);
248 TEST_AND_RETURN_FALSE_ERRNO(old_off >= 0);
249
250 auto success = ReadAll(fd, buf, count, offset, out_bytes_read);
251 TEST_AND_RETURN_FALSE_ERRNO(fd->Seek(old_off, SEEK_SET) == old_off);
252 return success;
253 }
254
PWriteAll(const FileDescriptorPtr & fd,const void * buf,size_t count,off_t offset)255 bool PWriteAll(const FileDescriptorPtr& fd,
256 const void* buf,
257 size_t count,
258 off_t offset) {
259 auto old_off = fd->Seek(0, SEEK_CUR);
260 TEST_AND_RETURN_FALSE_ERRNO(old_off >= 0);
261
262 auto success = WriteAll(fd, buf, count, offset);
263 TEST_AND_RETURN_FALSE_ERRNO(fd->Seek(old_off, SEEK_SET) == old_off);
264 return success;
265 }
266
267 // Append |nbytes| of content from |buf| to the vector pointed to by either
268 // |vec_p| or |str_p|.
AppendBytes(const uint8_t * buf,size_t nbytes,brillo::Blob * vec_p)269 static void AppendBytes(const uint8_t* buf,
270 size_t nbytes,
271 brillo::Blob* vec_p) {
272 CHECK(buf);
273 CHECK(vec_p);
274 vec_p->insert(vec_p->end(), buf, buf + nbytes);
275 }
AppendBytes(const uint8_t * buf,size_t nbytes,string * str_p)276 static void AppendBytes(const uint8_t* buf, size_t nbytes, string* str_p) {
277 CHECK(buf);
278 CHECK(str_p);
279 str_p->append(buf, buf + nbytes);
280 }
281
282 // Reads from an open file |fp|, appending the read content to the container
283 // pointer to by |out_p|. Returns true upon successful reading all of the
284 // file's content, false otherwise. If |size| is not -1, reads up to |size|
285 // bytes.
286 template <class T>
Read(FILE * fp,off_t size,T * out_p)287 static bool Read(FILE* fp, off_t size, T* out_p) {
288 CHECK(fp);
289 CHECK(size == -1 || size >= 0);
290 uint8_t buf[1024];
291 while (size == -1 || size > 0) {
292 off_t bytes_to_read = sizeof(buf);
293 if (size > 0 && bytes_to_read > size) {
294 bytes_to_read = size;
295 }
296 size_t nbytes = fread(buf, 1, bytes_to_read, fp);
297 if (!nbytes) {
298 break;
299 }
300 AppendBytes(buf, nbytes, out_p);
301 if (size != -1) {
302 CHECK(size >= static_cast<off_t>(nbytes));
303 size -= nbytes;
304 }
305 }
306 if (ferror(fp)) {
307 return false;
308 }
309 return size == 0 || feof(fp);
310 }
311
312 // Opens a file |path| for reading and appends its the contents to a container
313 // |out_p|. Starts reading the file from |offset|. If |offset| is beyond the end
314 // of the file, returns success. If |size| is not -1, reads up to |size| bytes.
315 template <class T>
ReadFileChunkAndAppend(const string & path,off_t offset,off_t size,T * out_p)316 static bool ReadFileChunkAndAppend(const string& path,
317 off_t offset,
318 off_t size,
319 T* out_p) {
320 CHECK_GE(offset, 0);
321 CHECK(size == -1 || size >= 0);
322 base::ScopedFILE fp(fopen(path.c_str(), "r"));
323 if (!fp.get())
324 return false;
325 if (offset) {
326 // Return success without appending any data if a chunk beyond the end of
327 // the file is requested.
328 if (offset >= FileSize(path)) {
329 return true;
330 }
331 TEST_AND_RETURN_FALSE_ERRNO(fseek(fp.get(), offset, SEEK_SET) == 0);
332 }
333 return Read(fp.get(), size, out_p);
334 }
335
336 // TODO(deymo): This is only used in unittest, but requires the private
337 // Read<string>() defined here. Expose Read<string>() or move to base/ version.
ReadPipe(const string & cmd,string * out_p)338 bool ReadPipe(const string& cmd, string* out_p) {
339 FILE* fp = popen(cmd.c_str(), "r");
340 if (!fp)
341 return false;
342 bool success = Read(fp, -1, out_p);
343 return (success && pclose(fp) >= 0);
344 }
345
ReadFile(const string & path,brillo::Blob * out_p)346 bool ReadFile(const string& path, brillo::Blob* out_p) {
347 return ReadFileChunkAndAppend(path, 0, -1, out_p);
348 }
349
ReadFile(const string & path,string * out_p)350 bool ReadFile(const string& path, string* out_p) {
351 return ReadFileChunkAndAppend(path, 0, -1, out_p);
352 }
353
ReadFileChunk(const string & path,off_t offset,off_t size,brillo::Blob * out_p)354 bool ReadFileChunk(const string& path,
355 off_t offset,
356 off_t size,
357 brillo::Blob* out_p) {
358 return ReadFileChunkAndAppend(path, offset, size, out_p);
359 }
360
BlockDevSize(int fd)361 off_t BlockDevSize(int fd) {
362 uint64_t dev_size{};
363 int rc = ioctl(fd, BLKGETSIZE64, &dev_size);
364 if (rc == -1) {
365 dev_size = -1;
366 PLOG(ERROR) << "Error running ioctl(BLKGETSIZE64) on " << fd;
367 }
368 return dev_size;
369 }
370
FileSize(int fd)371 off_t FileSize(int fd) {
372 struct stat stbuf {};
373 int rc = fstat(fd, &stbuf);
374 CHECK_EQ(rc, 0);
375 if (rc < 0) {
376 PLOG(ERROR) << "Error stat-ing " << fd;
377 return rc;
378 }
379 if (S_ISREG(stbuf.st_mode))
380 return stbuf.st_size;
381 if (S_ISBLK(stbuf.st_mode))
382 return BlockDevSize(fd);
383 LOG(ERROR) << "Couldn't determine the type of " << fd;
384 return -1;
385 }
386
FileSize(const string & path)387 off_t FileSize(const string& path) {
388 int fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
389 if (fd == -1) {
390 PLOG(ERROR) << "Error opening " << path;
391 return fd;
392 }
393 off_t size = FileSize(fd);
394 if (size == -1)
395 PLOG(ERROR) << "Error getting file size of " << path;
396 close(fd);
397 return size;
398 }
399
SendFile(int out_fd,int in_fd,size_t count)400 bool SendFile(int out_fd, int in_fd, size_t count) {
401 off64_t offset = lseek(in_fd, 0, SEEK_CUR);
402 TEST_AND_RETURN_FALSE_ERRNO(offset >= 0);
403 constexpr size_t BUFFER_SIZE = 4096;
404 while (count > 0) {
405 const auto bytes_written =
406 sendfile(out_fd, in_fd, &offset, std::min(count, BUFFER_SIZE));
407 TEST_AND_RETURN_FALSE_ERRNO(bytes_written > 0);
408 count -= bytes_written;
409 }
410 return true;
411 }
412
FsyncDirectory(const char * dirname)413 bool FsyncDirectory(const char* dirname) {
414 android::base::unique_fd fd(
415 TEMP_FAILURE_RETRY(open(dirname, O_RDONLY | O_CLOEXEC)));
416 if (fd == -1) {
417 PLOG(ERROR) << "Failed to open " << dirname;
418 return false;
419 }
420 if (fsync(fd) == -1) {
421 if (errno == EROFS || errno == EINVAL) {
422 PLOG(WARNING) << "Skip fsync " << dirname
423 << " on a file system does not support synchronization";
424 } else {
425 PLOG(ERROR) << "Failed to fsync " << dirname;
426 return false;
427 }
428 }
429 return true;
430 }
431
WriteStringToFileAtomic(const std::string & path,std::string_view content)432 bool WriteStringToFileAtomic(const std::string& path,
433 std::string_view content) {
434 const std::string tmp_path = path + ".tmp";
435 {
436 const int flags = O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC;
437 android::base::unique_fd fd(
438 TEMP_FAILURE_RETRY(open(tmp_path.c_str(), flags, 0644)));
439 if (fd == -1) {
440 PLOG(ERROR) << "Failed to open " << path;
441 return false;
442 }
443 if (!WriteAll(fd.get(), content.data(), content.size())) {
444 PLOG(ERROR) << "Failed to write to fd " << fd;
445 return false;
446 }
447 // rename() without fsync() is not safe. Data could still be living on page
448 // cache. To ensure atomiticity, call fsync()
449 if (fsync(fd) != 0) {
450 PLOG(ERROR) << "Failed to fsync " << tmp_path;
451 }
452 }
453 if (rename(tmp_path.c_str(), path.c_str()) == -1) {
454 PLOG(ERROR) << "rename failed from " << tmp_path << " to " << path;
455 return false;
456 }
457 return FsyncDirectory(std::filesystem::path(path).parent_path().c_str());
458 }
459
HexDumpArray(const uint8_t * const arr,const size_t length)460 void HexDumpArray(const uint8_t* const arr, const size_t length) {
461 LOG(INFO) << "Logging array of length: " << length;
462 const unsigned int bytes_per_line = 16;
463 for (uint32_t i = 0; i < length; i += bytes_per_line) {
464 const unsigned int bytes_remaining = length - i;
465 const unsigned int bytes_per_this_line =
466 min(bytes_per_line, bytes_remaining);
467 char header[100];
468 int r = snprintf(header, sizeof(header), "0x%08x : ", i);
469 TEST_AND_RETURN(r == 13);
470 string line = header;
471 for (unsigned int j = 0; j < bytes_per_this_line; j++) {
472 char buf[20];
473 uint8_t c = arr[i + j];
474 r = snprintf(buf, sizeof(buf), "%02x ", static_cast<unsigned int>(c));
475 TEST_AND_RETURN(r == 3);
476 line += buf;
477 }
478 LOG(INFO) << line;
479 }
480 }
481
SplitPartitionName(const string & partition_name,string * out_disk_name,int * out_partition_num)482 bool SplitPartitionName(const string& partition_name,
483 string* out_disk_name,
484 int* out_partition_num) {
485 if (!base::StartsWith(
486 partition_name, "/dev/", base::CompareCase::SENSITIVE)) {
487 LOG(ERROR) << "Invalid partition device name: " << partition_name;
488 return false;
489 }
490
491 size_t last_nondigit_pos = partition_name.find_last_not_of("0123456789");
492 if (last_nondigit_pos == string::npos ||
493 (last_nondigit_pos + 1) == partition_name.size()) {
494 LOG(ERROR) << "Unable to parse partition device name: " << partition_name;
495 return false;
496 }
497
498 if (out_disk_name) {
499 // Special case for MMC devices which have the following naming scheme:
500 // mmcblk0p2
501 size_t disk_name_len = last_nondigit_pos;
502 if (partition_name[last_nondigit_pos] != 'p' || last_nondigit_pos == 0 ||
503 !isdigit(partition_name[last_nondigit_pos - 1])) {
504 disk_name_len++;
505 }
506 *out_disk_name = partition_name.substr(0, disk_name_len);
507 }
508
509 if (out_partition_num) {
510 string partition_str = partition_name.substr(last_nondigit_pos + 1);
511 *out_partition_num = atoi(partition_str.c_str());
512 }
513 return true;
514 }
515
MakePartitionName(const string & disk_name,int partition_num)516 string MakePartitionName(const string& disk_name, int partition_num) {
517 if (partition_num < 1) {
518 LOG(ERROR) << "Invalid partition number: " << partition_num;
519 return string();
520 }
521
522 if (!base::StartsWith(disk_name, "/dev/", base::CompareCase::SENSITIVE)) {
523 LOG(ERROR) << "Invalid disk name: " << disk_name;
524 return string();
525 }
526
527 string partition_name = disk_name;
528 if (isdigit(partition_name.back())) {
529 // Special case for devices with names ending with a digit.
530 // Add "p" to separate the disk name from partition number,
531 // e.g. "/dev/loop0p2"
532 partition_name += 'p';
533 }
534
535 partition_name += std::to_string(partition_num);
536
537 return partition_name;
538 }
539
FileExists(const char * path)540 bool FileExists(const char* path) {
541 struct stat stbuf {};
542 return 0 == lstat(path, &stbuf);
543 }
544
IsSymlink(const char * path)545 bool IsSymlink(const char* path) {
546 struct stat stbuf {};
547 return lstat(path, &stbuf) == 0 && S_ISLNK(stbuf.st_mode) != 0;
548 }
549
IsRegFile(const char * path)550 bool IsRegFile(const char* path) {
551 struct stat stbuf {};
552 return lstat(path, &stbuf) == 0 && S_ISREG(stbuf.st_mode) != 0;
553 }
554
MakeTempFile(const string & base_filename_template,string * filename,int * fd)555 bool MakeTempFile(const string& base_filename_template,
556 string* filename,
557 int* fd) {
558 base::FilePath filename_template;
559 TEST_AND_RETURN_FALSE(
560 GetTempName(base_filename_template, &filename_template));
561 DCHECK(filename || fd);
562 vector<char> buf(filename_template.value().size() + 1);
563 memcpy(buf.data(),
564 filename_template.value().data(),
565 filename_template.value().size());
566 buf[filename_template.value().size()] = '\0';
567
568 int mkstemp_fd = mkstemp(buf.data());
569 TEST_AND_RETURN_FALSE_ERRNO(mkstemp_fd >= 0);
570 if (filename) {
571 *filename = buf.data();
572 }
573 if (fd) {
574 *fd = mkstemp_fd;
575 } else {
576 close(mkstemp_fd);
577 }
578 return true;
579 }
580
SetBlockDeviceReadOnly(const string & device,bool read_only)581 bool SetBlockDeviceReadOnly(const string& device, bool read_only) {
582 int fd = HANDLE_EINTR(open(device.c_str(), O_RDONLY | O_CLOEXEC));
583 if (fd < 0) {
584 PLOG(ERROR) << "Opening block device " << device;
585 return false;
586 }
587 ScopedFdCloser fd_closer(&fd);
588 // We take no action if not needed.
589 int read_only_flag{};
590 int expected_flag = read_only ? 1 : 0;
591 int rc = ioctl(fd, BLKROGET, &read_only_flag);
592 // In case of failure reading the setting we will try to set it anyway.
593 if (rc == 0 && read_only_flag == expected_flag)
594 return true;
595
596 rc = ioctl(fd, BLKROSET, &expected_flag);
597 if (rc != 0) {
598 PLOG(ERROR) << "Marking block device " << device
599 << " as read_only=" << expected_flag;
600 return false;
601 }
602 return true;
603 }
604
MountFilesystem(const string & device,const string & mountpoint,unsigned long mountflags,const string & type,const string & fs_mount_options)605 bool MountFilesystem(const string& device,
606 const string& mountpoint,
607 unsigned long mountflags, // NOLINT(runtime/int)
608 const string& type,
609 const string& fs_mount_options) {
610 vector<const char*> fstypes;
611 if (type.empty()) {
612 fstypes = {"ext2", "ext3", "ext4", "squashfs", "erofs"};
613 } else {
614 fstypes = {type.c_str()};
615 }
616 for (const char* fstype : fstypes) {
617 int rc = mount(device.c_str(),
618 mountpoint.c_str(),
619 fstype,
620 mountflags,
621 fs_mount_options.c_str());
622 if (rc == 0)
623 return true;
624
625 PLOG(WARNING) << "Unable to mount destination device " << device << " on "
626 << mountpoint << " as " << fstype;
627 }
628 if (!type.empty()) {
629 LOG(ERROR) << "Unable to mount " << device << " with any supported type";
630 }
631 return false;
632 }
633
UnmountFilesystem(const string & mountpoint)634 bool UnmountFilesystem(const string& mountpoint) {
635 int num_retries = 1;
636 for (;; ++num_retries) {
637 if (umount(mountpoint.c_str()) == 0)
638 return true;
639 if (errno != EBUSY || num_retries >= kUnmountMaxNumOfRetries)
640 break;
641 usleep(kUnmountRetryIntervalInMicroseconds);
642 }
643 if (errno == EINVAL) {
644 LOG(INFO) << "Not a mountpoint: " << mountpoint;
645 return false;
646 }
647 PLOG(WARNING) << "Error unmounting " << mountpoint << " after " << num_retries
648 << " attempts. Lazy unmounting instead, error was";
649 if (umount2(mountpoint.c_str(), MNT_DETACH) != 0) {
650 PLOG(ERROR) << "Lazy unmount failed";
651 return false;
652 }
653 return true;
654 }
655
IsMountpoint(const std::string & mountpoint)656 bool IsMountpoint(const std::string& mountpoint) {
657 struct stat stdir {
658 }, stparent{};
659
660 // Check whether the passed mountpoint is a directory and the /.. is in the
661 // same device or not. If mountpoint/.. is in a different device it means that
662 // there is a filesystem mounted there. If it is not, but they both point to
663 // the same inode it basically is the special case of /.. pointing to /. This
664 // test doesn't play well with bind mount but that's out of the scope of what
665 // we want to detect here.
666 if (lstat(mountpoint.c_str(), &stdir) != 0) {
667 PLOG(ERROR) << "Error stat'ing " << mountpoint;
668 return false;
669 }
670 if (!S_ISDIR(stdir.st_mode))
671 return false;
672
673 base::FilePath parent(mountpoint);
674 parent = parent.Append("..");
675 if (lstat(parent.value().c_str(), &stparent) != 0) {
676 PLOG(ERROR) << "Error stat'ing " << parent.value();
677 return false;
678 }
679 return S_ISDIR(stparent.st_mode) &&
680 (stparent.st_dev != stdir.st_dev || stparent.st_ino == stdir.st_ino);
681 }
682
683 // Tries to parse the header of an ELF file to obtain a human-readable
684 // description of it on the |output| string.
GetFileFormatELF(const uint8_t * buffer,size_t size,string * output)685 static bool GetFileFormatELF(const uint8_t* buffer,
686 size_t size,
687 string* output) {
688 // 0x00: EI_MAG - ELF magic header, 4 bytes.
689 if (size < SELFMAG || memcmp(buffer, ELFMAG, SELFMAG) != 0)
690 return false;
691 *output = "ELF";
692
693 // 0x04: EI_CLASS, 1 byte.
694 if (size < EI_CLASS + 1)
695 return true;
696 switch (buffer[EI_CLASS]) {
697 case ELFCLASS32:
698 *output += " 32-bit";
699 break;
700 case ELFCLASS64:
701 *output += " 64-bit";
702 break;
703 default:
704 *output += " ?-bit";
705 }
706
707 // 0x05: EI_DATA, endianness, 1 byte.
708 if (size < EI_DATA + 1)
709 return true;
710 uint8_t ei_data = buffer[EI_DATA];
711 switch (ei_data) {
712 case ELFDATA2LSB:
713 *output += " little-endian";
714 break;
715 case ELFDATA2MSB:
716 *output += " big-endian";
717 break;
718 default:
719 *output += " ?-endian";
720 // Don't parse anything after the 0x10 offset if endianness is unknown.
721 return true;
722 }
723
724 const Elf32_Ehdr* hdr = reinterpret_cast<const Elf32_Ehdr*>(buffer);
725 // 0x12: e_machine, 2 byte endianness based on ei_data. The position (0x12)
726 // and size is the same for both 32 and 64 bits.
727 if (size < offsetof(Elf32_Ehdr, e_machine) + sizeof(hdr->e_machine))
728 return true;
729 uint16_t e_machine{};
730 // Fix endianness regardless of the host endianness.
731 if (ei_data == ELFDATA2LSB)
732 e_machine = le16toh(hdr->e_machine);
733 else
734 e_machine = be16toh(hdr->e_machine);
735
736 switch (e_machine) {
737 case EM_386:
738 *output += " x86";
739 break;
740 case EM_MIPS:
741 *output += " mips";
742 break;
743 case EM_ARM:
744 *output += " arm";
745 break;
746 case EM_X86_64:
747 *output += " x86-64";
748 break;
749 default:
750 *output += " unknown-arch";
751 }
752 return true;
753 }
754
GetFileFormat(const string & path)755 string GetFileFormat(const string& path) {
756 brillo::Blob buffer;
757 if (!ReadFileChunkAndAppend(path, 0, kGetFileFormatMaxHeaderSize, &buffer))
758 return "File not found.";
759
760 string result;
761 if (GetFileFormatELF(buffer.data(), buffer.size(), &result))
762 return result;
763
764 return "data";
765 }
766
FuzzInt(int value,unsigned int range)767 int FuzzInt(int value, unsigned int range) {
768 int min = value - range / 2;
769 int max = value + range - range / 2;
770 return base::RandInt(min, max);
771 }
772
FormatSecs(unsigned secs)773 string FormatSecs(unsigned secs) {
774 return FormatTimeDelta(TimeDelta::FromSeconds(secs));
775 }
776
FormatTimeDelta(TimeDelta delta)777 string FormatTimeDelta(TimeDelta delta) {
778 string str;
779
780 // Handle negative durations by prefixing with a minus.
781 if (delta.ToInternalValue() < 0) {
782 delta *= -1;
783 str = "-";
784 }
785
786 // Canonicalize into days, hours, minutes, seconds and microseconds.
787 unsigned days = delta.InDays();
788 delta -= TimeDelta::FromDays(days);
789 unsigned hours = delta.InHours();
790 delta -= TimeDelta::FromHours(hours);
791 unsigned mins = delta.InMinutes();
792 delta -= TimeDelta::FromMinutes(mins);
793 unsigned secs = delta.InSeconds();
794 delta -= TimeDelta::FromSeconds(secs);
795 unsigned usecs = delta.InMicroseconds();
796
797 if (days)
798 base::StringAppendF(&str, "%ud", days);
799 if (days || hours)
800 base::StringAppendF(&str, "%uh", hours);
801 if (days || hours || mins)
802 base::StringAppendF(&str, "%um", mins);
803 base::StringAppendF(&str, "%u", secs);
804 if (usecs) {
805 int width = 6;
806 while ((usecs / 10) * 10 == usecs) {
807 usecs /= 10;
808 width--;
809 }
810 base::StringAppendF(&str, ".%0*u", width, usecs);
811 }
812 base::StringAppendF(&str, "s");
813 return str;
814 }
815
ToString(const Time utc_time)816 string ToString(const Time utc_time) {
817 Time::Exploded exp_time{};
818 utc_time.UTCExplode(&exp_time);
819 return base::StringPrintf("%d/%d/%d %d:%02d:%02d GMT",
820 exp_time.month,
821 exp_time.day_of_month,
822 exp_time.year,
823 exp_time.hour,
824 exp_time.minute,
825 exp_time.second);
826 }
827
ToString(bool b)828 string ToString(bool b) {
829 return (b ? "true" : "false");
830 }
831
ToString(DownloadSource source)832 string ToString(DownloadSource source) {
833 switch (source) {
834 case kDownloadSourceHttpsServer:
835 return "HttpsServer";
836 case kDownloadSourceHttpServer:
837 return "HttpServer";
838 case kDownloadSourceHttpPeer:
839 return "HttpPeer";
840 case kNumDownloadSources:
841 return "Unknown";
842 // Don't add a default case to let the compiler warn about newly added
843 // download sources which should be added here.
844 }
845
846 return "Unknown";
847 }
848
ToString(PayloadType payload_type)849 string ToString(PayloadType payload_type) {
850 switch (payload_type) {
851 case kPayloadTypeDelta:
852 return "Delta";
853 case kPayloadTypeFull:
854 return "Full";
855 case kPayloadTypeForcedFull:
856 return "ForcedFull";
857 case kNumPayloadTypes:
858 return "Unknown";
859 // Don't add a default case to let the compiler warn about newly added
860 // payload types which should be added here.
861 }
862
863 return "Unknown";
864 }
865
GetBaseErrorCode(ErrorCode code)866 ErrorCode GetBaseErrorCode(ErrorCode code) {
867 // Ignore the higher order bits in the code by applying the mask as
868 // we want the enumerations to be in the small contiguous range
869 // with values less than ErrorCode::kUmaReportedMax.
870 ErrorCode base_code = static_cast<ErrorCode>(
871 static_cast<int>(code) & ~static_cast<int>(ErrorCode::kSpecialFlags));
872
873 // Make additional adjustments required for UMA and error classification.
874 // TODO(jaysri): Move this logic to UeErrorCode.cc when we fix
875 // chromium-os:34369.
876 if (base_code >= ErrorCode::kOmahaRequestHTTPResponseBase) {
877 // Since we want to keep the enums to a small value, aggregate all HTTP
878 // errors into this one bucket for UMA and error classification purposes.
879 LOG(INFO) << "Converting error code " << base_code
880 << " to ErrorCode::kOmahaErrorInHTTPResponse";
881 base_code = ErrorCode::kOmahaErrorInHTTPResponse;
882 }
883
884 return base_code;
885 }
886
StringVectorToString(const vector<string> & vec_str)887 string StringVectorToString(const vector<string>& vec_str) {
888 string str = "[";
889 for (vector<string>::const_iterator i = vec_str.begin(); i != vec_str.end();
890 ++i) {
891 if (i != vec_str.begin())
892 str += ", ";
893 str += '"';
894 str += *i;
895 str += '"';
896 }
897 str += "]";
898 return str;
899 }
900
901 // The P2P file id should be the same for devices running new version and old
902 // version so that they can share it with each other. The hash in the response
903 // was base64 encoded, but now that we switched to use "hash_sha256" field which
904 // is hex encoded, we have to convert them back to base64 for P2P. However, the
905 // base64 encoded hash was base64 encoded here again historically for some
906 // reason, so we keep the same behavior here.
CalculateP2PFileId(const brillo::Blob & payload_hash,size_t payload_size)907 string CalculateP2PFileId(const brillo::Blob& payload_hash,
908 size_t payload_size) {
909 string encoded_hash = brillo::data_encoding::Base64Encode(
910 brillo::data_encoding::Base64Encode(payload_hash));
911 return base::StringPrintf("cros_update_size_%" PRIuS "_hash_%s",
912 payload_size,
913 encoded_hash.c_str());
914 }
915
ConvertToOmahaInstallDate(Time time,int * out_num_days)916 bool ConvertToOmahaInstallDate(Time time, int* out_num_days) {
917 time_t unix_time = time.ToTimeT();
918 // Output of: date +"%s" --date="Jan 1, 2007 0:00 PST".
919 const time_t kOmahaEpoch = 1167638400;
920 const int64_t kNumSecondsPerWeek = 7 * 24 * 3600;
921 const int64_t kNumDaysPerWeek = 7;
922
923 time_t omaha_time = unix_time - kOmahaEpoch;
924
925 if (omaha_time < 0)
926 return false;
927
928 // Note, as per the comment in utils.h we are deliberately not
929 // handling DST correctly.
930
931 int64_t num_weeks_since_omaha_epoch = omaha_time / kNumSecondsPerWeek;
932 *out_num_days = num_weeks_since_omaha_epoch * kNumDaysPerWeek;
933
934 return true;
935 }
936
GetMinorVersion(const brillo::KeyValueStore & store,uint32_t * minor_version)937 bool GetMinorVersion(const brillo::KeyValueStore& store,
938 uint32_t* minor_version) {
939 string result;
940 if (store.GetString("PAYLOAD_MINOR_VERSION", &result)) {
941 if (!base::StringToUint(result, minor_version)) {
942 LOG(ERROR) << "StringToUint failed when parsing delta minor version.";
943 return false;
944 }
945 return true;
946 }
947 return false;
948 }
949
ReadExtents(const std::string & path,const google::protobuf::RepeatedPtrField<Extent> & extents,brillo::Blob * out_data,size_t block_size)950 bool ReadExtents(const std::string& path,
951 const google::protobuf::RepeatedPtrField<Extent>& extents,
952 brillo::Blob* out_data,
953 size_t block_size) {
954 return ReadExtents(path,
955 {extents.begin(), extents.end()},
956 out_data,
957 utils::BlocksInExtents(extents) * block_size,
958 block_size);
959 }
960
WriteExtents(const std::string & path,const google::protobuf::RepeatedPtrField<Extent> & extents,const brillo::Blob & data,size_t block_size)961 bool WriteExtents(const std::string& path,
962 const google::protobuf::RepeatedPtrField<Extent>& extents,
963 const brillo::Blob& data,
964 size_t block_size) {
965 EintrSafeFileDescriptor fd;
966 TEST_AND_RETURN_FALSE(fd.Open(path.c_str(), O_RDWR));
967 size_t bytes_written = 0;
968 for (const auto& ext : extents) {
969 TEST_AND_RETURN_FALSE_ERRNO(
970 fd.Seek(ext.start_block() * block_size, SEEK_SET));
971 TEST_AND_RETURN_FALSE_ERRNO(
972 fd.Write(data.data() + bytes_written, ext.num_blocks() * block_size));
973 bytes_written += ext.num_blocks() * block_size;
974 }
975 return true;
976 }
ReadExtents(const std::string & path,const vector<Extent> & extents,brillo::Blob * out_data,ssize_t out_data_size,size_t block_size)977 bool ReadExtents(const std::string& path,
978 const vector<Extent>& extents,
979 brillo::Blob* out_data,
980 ssize_t out_data_size,
981 size_t block_size) {
982 FileDescriptorPtr fd = std::make_shared<EintrSafeFileDescriptor>();
983 fd->Open(path.c_str(), O_RDONLY);
984 return ReadExtents(fd, extents, out_data, out_data_size, block_size);
985 }
986
ReadExtents(FileDescriptorPtr fd,const google::protobuf::RepeatedPtrField<Extent> & extents,brillo::Blob * out_data,size_t block_size)987 bool ReadExtents(FileDescriptorPtr fd,
988 const google::protobuf::RepeatedPtrField<Extent>& extents,
989 brillo::Blob* out_data,
990 size_t block_size) {
991 return ReadExtents(fd,
992 {extents.begin(), extents.end()},
993 out_data,
994 utils::BlocksInExtents(extents) * block_size,
995 block_size);
996 }
997
ReadExtents(FileDescriptorPtr fd,const vector<Extent> & extents,brillo::Blob * out_data,ssize_t out_data_size,size_t block_size)998 bool ReadExtents(FileDescriptorPtr fd,
999 const vector<Extent>& extents,
1000 brillo::Blob* out_data,
1001 ssize_t out_data_size,
1002 size_t block_size) {
1003 brillo::Blob data(out_data_size);
1004 ssize_t bytes_read = 0;
1005
1006 for (const Extent& extent : extents) {
1007 ssize_t bytes_read_this_iteration = 0;
1008 ssize_t bytes = extent.num_blocks() * block_size;
1009 TEST_LE(bytes_read + bytes, out_data_size);
1010 TEST_AND_RETURN_FALSE(utils::PReadAll(fd,
1011 &data[bytes_read],
1012 bytes,
1013 extent.start_block() * block_size,
1014 &bytes_read_this_iteration));
1015 TEST_AND_RETURN_FALSE(bytes_read_this_iteration == bytes);
1016 bytes_read += bytes_read_this_iteration;
1017 }
1018 TEST_AND_RETURN_FALSE(out_data_size == bytes_read);
1019 *out_data = data;
1020 return true;
1021 }
1022
GetVpdValue(string key,string * result)1023 bool GetVpdValue(string key, string* result) {
1024 int exit_code = 0;
1025 string value, error;
1026 vector<string> cmd = {"vpd_get_value", key};
1027 if (!chromeos_update_engine::Subprocess::SynchronousExec(
1028 cmd, &exit_code, &value, &error) ||
1029 exit_code) {
1030 LOG(ERROR) << "Failed to get vpd key for " << value
1031 << " with exit code: " << exit_code << " and error: " << error;
1032 return false;
1033 } else if (!error.empty()) {
1034 LOG(INFO) << "vpd_get_value succeeded but with following errors: " << error;
1035 }
1036
1037 base::TrimWhitespaceASCII(value, base::TRIM_ALL, &value);
1038 *result = value;
1039 return true;
1040 }
1041
GetBootId(string * boot_id)1042 bool GetBootId(string* boot_id) {
1043 TEST_AND_RETURN_FALSE(
1044 base::ReadFileToString(base::FilePath(kBootIdPath), boot_id));
1045 base::TrimWhitespaceASCII(*boot_id, base::TRIM_TRAILING, boot_id);
1046 return true;
1047 }
1048
VersionPrefix(const std::string & version)1049 int VersionPrefix(const std::string& version) {
1050 if (version.empty()) {
1051 return 0;
1052 }
1053 vector<string> tokens = base::SplitString(
1054 version, ".", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL);
1055 int value{};
1056 if (tokens.empty() || !base::StringToInt(tokens[0], &value))
1057 return -1; // Target version is invalid.
1058 return value;
1059 }
1060
ParseRollbackKeyVersion(const string & raw_version,uint16_t * high_version,uint16_t * low_version)1061 void ParseRollbackKeyVersion(const string& raw_version,
1062 uint16_t* high_version,
1063 uint16_t* low_version) {
1064 DCHECK(high_version);
1065 DCHECK(low_version);
1066 *high_version = numeric_limits<uint16_t>::max();
1067 *low_version = numeric_limits<uint16_t>::max();
1068
1069 vector<string> parts = base::SplitString(
1070 raw_version, ".", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
1071 if (parts.size() != 2) {
1072 // The version string must have exactly one period.
1073 return;
1074 }
1075
1076 int high{};
1077 int low{};
1078 if (!(base::StringToInt(parts[0], &high) &&
1079 base::StringToInt(parts[1], &low))) {
1080 // Both parts of the version could not be parsed correctly.
1081 return;
1082 }
1083
1084 if (high >= 0 && high < numeric_limits<uint16_t>::max() && low >= 0 &&
1085 low < numeric_limits<uint16_t>::max()) {
1086 *high_version = static_cast<uint16_t>(high);
1087 *low_version = static_cast<uint16_t>(low);
1088 }
1089 }
1090
GetFilePath(int fd)1091 string GetFilePath(int fd) {
1092 base::FilePath proc("/proc/self/fd/" + std::to_string(fd));
1093 base::FilePath file_name;
1094
1095 if (!base::ReadSymbolicLink(proc, &file_name)) {
1096 return "not found";
1097 }
1098 return file_name.value();
1099 }
1100
GetTimeAsString(time_t utime)1101 string GetTimeAsString(time_t utime) {
1102 struct tm tm {};
1103 CHECK_EQ(localtime_r(&utime, &tm), &tm);
1104 char str[16];
1105 CHECK_EQ(strftime(str, sizeof(str), "%Y%m%d-%H%M%S", &tm), 15u);
1106 return str;
1107 }
1108
GetExclusionName(const string & str_to_convert)1109 string GetExclusionName(const string& str_to_convert) {
1110 return base::NumberToString(base::StringPieceHash()(str_to_convert));
1111 }
1112
ParseTimestamp(std::string_view str,int64_t * out)1113 static bool ParseTimestamp(std::string_view str, int64_t* out) {
1114 if (!base::StringToInt64(base::StringPiece(str.data(), str.size()), out)) {
1115 LOG(WARNING) << "Invalid timestamp: " << str;
1116 return false;
1117 }
1118 return true;
1119 }
1120
IsTimestampNewer(const std::string_view old_version,const std::string_view new_version)1121 ErrorCode IsTimestampNewer(const std::string_view old_version,
1122 const std::string_view new_version) {
1123 if (old_version.empty() || new_version.empty()) {
1124 LOG(WARNING)
1125 << "One of old/new timestamp is empty, permit update anyway. Old: "
1126 << old_version << " New: " << new_version;
1127 return ErrorCode::kSuccess;
1128 }
1129 int64_t old_ver = 0;
1130 if (!ParseTimestamp(old_version, &old_ver)) {
1131 return ErrorCode::kError;
1132 }
1133 int64_t new_ver = 0;
1134 if (!ParseTimestamp(new_version, &new_ver)) {
1135 return ErrorCode::kDownloadManifestParseError;
1136 }
1137 if (old_ver > new_ver) {
1138 return ErrorCode::kPayloadTimestampError;
1139 }
1140 return ErrorCode::kSuccess;
1141 }
1142
GetReadonlyZeroBlock(size_t size)1143 std::unique_ptr<android::base::MappedFile> GetReadonlyZeroBlock(size_t size) {
1144 android::base::unique_fd fd{HANDLE_EINTR(open("/dev/zero", O_RDONLY))};
1145 return android::base::MappedFile::FromFd(fd, 0, size, PROT_READ);
1146 }
1147
GetReadonlyZeroString(size_t size)1148 std::string_view GetReadonlyZeroString(size_t size) {
1149 // Reserve 512MB of Virtual Address Space. No actual memory will be used.
1150 static auto zero_block = GetReadonlyZeroBlock(1024 * 1024 * 512);
1151 if (size > zero_block->size()) {
1152 auto larger_block = GetReadonlyZeroBlock(size);
1153 zero_block = std::move(larger_block);
1154 }
1155 return {zero_block->data(), size};
1156 }
1157
1158 } // namespace utils
1159
HexEncode(const brillo::Blob & blob)1160 std::string HexEncode(const brillo::Blob& blob) noexcept {
1161 return base::HexEncode(blob.data(), blob.size());
1162 }
1163
HexEncode(const std::string_view blob)1164 std::string HexEncode(const std::string_view blob) noexcept {
1165 return base::HexEncode(blob.data(), blob.size());
1166 }
1167
ToStringView(const std::vector<unsigned char> & blob)1168 [[nodiscard]] std::string_view ToStringView(
1169 const std::vector<unsigned char>& blob) noexcept {
1170 return std::string_view{reinterpret_cast<const char*>(blob.data()),
1171 blob.size()};
1172 }
1173
ToStringView(const void * data,size_t size)1174 [[nodiscard]] std::string_view ToStringView(const void* data,
1175 size_t size) noexcept {
1176 return std::string_view(reinterpret_cast<const char*>(data), size);
1177 }
1178
1179 } // namespace chromeos_update_engine
1180