1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <android-base/result.h> 20 21 #include <functional> 22 #include <optional> 23 #include <string> 24 #include <unordered_map> 25 #include <unordered_set> 26 #include <vector> 27 28 #include "apex_constants.h" 29 #include "apex_file.h" 30 31 namespace android { 32 namespace apex { 33 34 using ApexFileRef = std::reference_wrapper<const android::apex::ApexFile>; 35 36 // This class serves as a ApexFile repository for all apexes on device. It also 37 // provides information about the ApexFiles it hosts, such as which are 38 // pre-installed and which are data. Such information can be used, for example, 39 // to verify validity of an apex before trying to mount it. 40 // 41 // It's expected to have a single instance of this class in a process that 42 // mounts apexes (e.g. apexd, otapreopt_chroot). 43 class ApexFileRepository final { 44 public: 45 // c-tors and d-tor are exposed for testing. 46 explicit ApexFileRepository( 47 const std::string& decompression_dir = kApexDecompressedDir) decompression_dir_(decompression_dir)48 : decompression_dir_(decompression_dir){}; ApexFileRepository(bool enforce_multi_install_partition,const std::vector<std::string> & multi_install_select_prop_prefixes)49 explicit ApexFileRepository( 50 bool enforce_multi_install_partition, 51 const std::vector<std::string>& multi_install_select_prop_prefixes) 52 : multi_install_select_prop_prefixes_(multi_install_select_prop_prefixes), 53 enforce_multi_install_partition_(enforce_multi_install_partition){}; 54 ApexFileRepository(const std::string & decompression_dir,bool ignore_duplicate_apex_definitions)55 explicit ApexFileRepository(const std::string& decompression_dir, 56 bool ignore_duplicate_apex_definitions) 57 : ignore_duplicate_apex_definitions_(ignore_duplicate_apex_definitions), 58 decompression_dir_(decompression_dir){}; 59 ~ApexFileRepository()60 ~ApexFileRepository() { 61 pre_installed_store_.clear(); 62 data_store_.clear(); 63 }; 64 65 // Returns a singletone instance of this class. 66 static ApexFileRepository& GetInstance(); 67 68 // Populate instance by collecting pre-installed apex files from the given 69 // |prebuilt_dirs|. 70 // Note: this call is **not thread safe** and is expected to be performed in a 71 // single thread during initialization of apexd. After initialization is 72 // finished, all queries to the instance are thread safe. 73 android::base::Result<void> AddPreInstalledApex( 74 const std::vector<std::string>& prebuilt_dirs); 75 76 // Populate instance by collecting host-provided apex files via 77 // |metadata_partition|. Host can provide its apexes to a VM instance via the 78 // virtual disk image which has partitions: (see 79 // /packages/modules/Virtualization/microdroid for the details) 80 // - metadata partition(/dev/block/vd*1) should be accessed by 81 // setting the system property apexd.payload_metadata.prop. On microdroid, 82 // this is /dev/block/by-name/payload-metadata. 83 // - each subsequence partition(/dev/block/vd*{2,3,..}) represents an APEX 84 // archive. 85 // It will fail if there is more than one apex with the same name in 86 // pre-installed and block apexes. Note: this call is **not thread safe** and 87 // is expected to be performed in a single thread during initialization of 88 // apexd. After initialization is finished, all queries to the instance are 89 // thread safe. 90 // This will return the number of block apexes that were added. 91 android::base::Result<int> AddBlockApex( 92 const std::string& metadata_partition); 93 94 // Populate instance by collecting data apex files from the given |data_dir|. 95 // Note: this call is **not thread safe** and is expected to be performed in a 96 // single thread during initialization of apexd. After initialization is 97 // finished, all queries to the instance are thread safe. 98 android::base::Result<void> AddDataApex(const std::string& data_dir); 99 100 // Returns trusted public key for an apex with the given |name|. 101 android::base::Result<const std::string> GetPublicKey( 102 const std::string& name) const; 103 104 // Returns path to the pre-installed version of an apex with the given |name|. 105 android::base::Result<const std::string> GetPreinstalledPath( 106 const std::string& name) const; 107 108 // Returns path to the data version of an apex with the given |name|. 109 android::base::Result<const std::string> GetDataPath( 110 const std::string& name) const; 111 112 // Returns root digest of an apex with the given |path| for block apexes. 113 std::optional<std::string> GetBlockApexRootDigest( 114 const std::string& path) const; 115 116 // Returns timestamp to be used for the block apex of the given |path|. 117 std::optional<int64_t> GetBlockApexLastUpdateSeconds( 118 const std::string& path) const; 119 120 // Checks whether there is a pre-installed version of an apex with the given 121 // |name|. 122 bool HasPreInstalledVersion(const std::string& name) const; 123 124 // Checks whether there is a data version of an apex with the given |name|. 125 bool HasDataVersion(const std::string& name) const; 126 127 // Checks if given |apex| is pre-installed. 128 bool IsPreInstalledApex(const ApexFile& apex) const; 129 130 // Checks if given |apex| is decompressed from a pre-installed APEX 131 bool IsDecompressedApex(const ApexFile& apex) const; 132 133 // Checks if given |apex| is loaded from block device. 134 bool IsBlockApex(const ApexFile& apex) const; 135 136 // Returns reference to all pre-installed APEX on device 137 std::vector<ApexFileRef> GetPreInstalledApexFiles() const; 138 139 // Returns reference to all data APEX on device 140 std::vector<ApexFileRef> GetDataApexFiles() const; 141 142 // Group all ApexFiles on device by their package name 143 std::unordered_map<std::string, std::vector<ApexFileRef>> AllApexFilesByName() 144 const; 145 146 // Returns a pre-installed version of apex with the given name. Caller is 147 // expected to check if there is a pre-installed apex with the given name 148 // using |HasPreinstalledVersion| function. 149 ApexFileRef GetPreInstalledApex(const std::string& name) const; 150 // Returns a data version of apex with the given name. Caller is 151 // expected to check if there is a data apex with the given name 152 // using |HasDataVersion| function. 153 ApexFileRef GetDataApex(const std::string& name) const; 154 155 // Clears ApexFileRepostiry. 156 // Only use in tests. 157 void Reset(const std::string& decompression_dir = kApexDecompressedDir) { 158 pre_installed_store_.clear(); 159 data_store_.clear(); 160 block_apex_overrides_.clear(); 161 decompression_dir_ = decompression_dir; 162 block_disk_path_.reset(); 163 } 164 165 private: 166 // Non-copyable && non-moveable. 167 ApexFileRepository(const ApexFileRepository&) = delete; 168 ApexFileRepository& operator=(const ApexFileRepository&) = delete; 169 ApexFileRepository& operator=(ApexFileRepository&&) = delete; 170 ApexFileRepository(ApexFileRepository&&) = delete; 171 172 // Scans apexes in the given directory and adds collected data into 173 // |pre_installed_store_|. 174 android::base::Result<void> ScanBuiltInDir(const std::string& dir); 175 176 std::unordered_map<std::string, ApexFile> pre_installed_store_, data_store_; 177 178 // Multi-installed APEX name -> all encountered public keys for this APEX. 179 std::unordered_map<std::string, std::unordered_set<std::string>> 180 multi_install_public_keys_; 181 182 // Prefixes used when looking for multi-installed APEX sysprops. 183 // Order matters: the first non-empty prop value is returned. 184 std::vector<std::string> multi_install_select_prop_prefixes_ = 185 kMultiApexSelectPrefix; 186 187 // Allows multi-install APEXes outside of expected partitions. 188 // Only set false in tests. 189 bool enforce_multi_install_partition_ = true; 190 191 // Ignore duplicate vendor APEX definitions, normally a duplicate definition 192 // is considered an error. 193 bool ignore_duplicate_apex_definitions_ = false; 194 195 // Decompression directory which will be used to determine if apex is 196 // decompressed or not 197 std::string decompression_dir_; 198 199 // Disk path where block apexes are read from. AddBlockApex() sets this. 200 std::optional<std::string> block_disk_path_; 201 202 // Information from the metadata for block apexes, overriding the file data. 203 struct BlockApexOverride { 204 // Root digest for the APEX. When specified in block apex config, it 205 // should be used/checked when activating the apex to avoid 206 // TOCTOU(time-of-check to time-of-use). 207 std::optional<std::string> block_apex_root_digest; 208 // The last update time of the APEX. 209 std::optional<int64_t> last_update_seconds; 210 }; 211 212 // Use "path" as key instead of APEX name because there can be multiple 213 // versions of sharedlibs APEXes. 214 std::unordered_map<std::string, BlockApexOverride> block_apex_overrides_; 215 }; 216 217 std::string GetApexSelectFilenameFromProp( 218 const std::vector<std::string>& prefixes, const std::string& apex_name); 219 220 } // namespace apex 221 } // namespace android 222