1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "linkerconfig/namespace.h"
18
19 #include <android-base/strings.h>
20
21 #include "linkerconfig/apex.h"
22 #include "linkerconfig/log.h"
23
24 using android::base::Result;
25
26 namespace {
27 constexpr const char* kDataAsanPath = "/data/asan";
28
VerifyIfApexNamespaceContainsAllSharedLink(const android::linkerconfig::modules::Namespace & ns)29 Result<void> VerifyIfApexNamespaceContainsAllSharedLink(
30 const android::linkerconfig::modules::Namespace& ns) {
31 auto apex_name = ns.GetApexSource();
32 // If namespace is not from APEX there is no need to check this.
33 if (apex_name == "") {
34 return {};
35 }
36
37 const auto& links = ns.Links();
38 for (const auto& link : links) {
39 if (link.IsAllSharedLibsAllowed()) {
40 return Errorf(
41 "APEX namespace {} is not allowed to have link with all shared libs "
42 "allowed.",
43 ns.GetName());
44 }
45 }
46 return {};
47 }
48
49 } // namespace
50
51 namespace android {
52 namespace linkerconfig {
53 namespace modules {
54
InitializeWithApex(Namespace & ns,const ApexInfo & apex_info)55 void InitializeWithApex(Namespace& ns, const ApexInfo& apex_info) {
56 ns.AddSearchPath(apex_info.path + "/${LIB}");
57 if (apex_info.InVendor()) {
58 ns.AddSearchPath(apex_info.path + "/${LIB}/hw");
59 ns.AddSearchPath(apex_info.path + "/${LIB}/egl");
60 }
61 ns.AddPermittedPath(apex_info.path + "/${LIB}");
62 ns.AddPermittedPath("/system/${LIB}");
63 ns.AddPermittedPath("/system_ext/${LIB}");
64 for (const auto& permitted_path : apex_info.permitted_paths) {
65 ns.AddPermittedPath(permitted_path);
66 }
67 if (apex_info.has_shared_lib) {
68 ns.AddPermittedPath("/apex");
69 }
70 ns.AddProvides(apex_info.provide_libs);
71 ns.AddRequires(apex_info.require_libs);
72 ns.SetApexSource(apex_info.name);
73 }
74
GetLink(const std::string & target_namespace)75 Link& Namespace::GetLink(const std::string& target_namespace) {
76 for (auto& link : links_) {
77 if (link.To() == target_namespace) {
78 return link;
79 }
80 }
81 return links_.emplace_back(name_, target_namespace);
82 }
83
WriteConfig(ConfigWriter & writer)84 void Namespace::WriteConfig(ConfigWriter& writer) {
85 auto verify_result = VerifyContents();
86 if (!verify_result.ok()) {
87 LOG(ERROR) << "Namespace " << name_
88 << " is not valid : " << verify_result.error();
89 return;
90 }
91
92 const auto prefix = "namespace." + name_ + ".";
93
94 writer.WriteLine(prefix + "isolated = " + (is_isolated_ ? "true" : "false"));
95
96 if (is_visible_) {
97 writer.WriteLine(prefix + "visible = true");
98 }
99
100 writer.WriteVars(prefix + "search.paths", search_paths_);
101 writer.WriteVars(prefix + "permitted.paths", permitted_paths_);
102 writer.WriteVars(prefix + "asan.search.paths", asan_search_paths_);
103 writer.WriteVars(prefix + "asan.permitted.paths", asan_permitted_paths_);
104 writer.WriteVars(prefix + "hwasan.search.paths", hwasan_search_paths_);
105 writer.WriteVars(prefix + "hwasan.permitted.paths", hwasan_permitted_paths_);
106 writer.WriteVars(prefix + "allowed_libs", allowed_libs_);
107
108 std::vector<std::string> link_list;
109 link_list.reserve(links_.size());
110 for (const auto& link : links_) {
111 if (link.Empty()) continue;
112 link_list.push_back(link.To());
113 }
114 if (!link_list.empty()) {
115 writer.WriteLine(prefix + "links = " + android::base::Join(link_list, ","));
116 for (const auto& link : links_) {
117 if (link.Empty()) continue;
118 link.WriteConfig(writer);
119 }
120 }
121 }
122
AddSearchPath(const std::string & path)123 void Namespace::AddSearchPath(const std::string& path) {
124 search_paths_.push_back(path);
125
126 if (RequiresAsanPath(path)) {
127 asan_search_paths_.push_back(CreateAsanPath(path));
128 }
129 asan_search_paths_.push_back(path);
130 hwasan_search_paths_.push_back(CreateHwasanPath(path));
131 hwasan_search_paths_.push_back(path);
132 }
133
AddPermittedPath(const std::string & path)134 void Namespace::AddPermittedPath(const std::string& path) {
135 permitted_paths_.push_back(path);
136
137 if (RequiresAsanPath(path)) {
138 asan_permitted_paths_.push_back(CreateAsanPath(path));
139 }
140 asan_permitted_paths_.push_back(path);
141 hwasan_permitted_paths_.push_back(CreateHwasanPath(path));
142 hwasan_permitted_paths_.push_back(path);
143 }
144
AddAllowedLib(const std::string & path)145 void Namespace::AddAllowedLib(const std::string& path) {
146 allowed_libs_.push_back(path);
147 }
148
GetName() const149 std::string Namespace::GetName() const {
150 return name_;
151 }
152
RequiresAsanPath(const std::string & path)153 bool Namespace::RequiresAsanPath(const std::string& path) {
154 return !android::base::StartsWith(path, "/apex");
155 }
156
CreateAsanPath(const std::string & path)157 const std::string Namespace::CreateAsanPath(const std::string& path) {
158 return kDataAsanPath + path;
159 }
160
CreateHwasanPath(const std::string & path)161 const std::string Namespace::CreateHwasanPath(const std::string& path) {
162 return path + "/hwasan";
163 }
164
VerifyContents()165 Result<void> Namespace::VerifyContents() {
166 auto apex_with_all_shared_link =
167 VerifyIfApexNamespaceContainsAllSharedLink(*this);
168 if (!apex_with_all_shared_link.ok()) {
169 return apex_with_all_shared_link.error();
170 }
171
172 return {};
173 }
174
175 } // namespace modules
176 } // namespace linkerconfig
177 } // namespace android
178