1 #include "idmap.h"
2
3 #include <private/android_filesystem_config.h> // for AID_SYSTEM
4
5 #include <stdlib.h>
6 #include <string.h>
7
8 namespace {
9 const char *usage = "NAME\n\
10 idmap - create or display idmap files\n\
11 \n\
12 SYNOPSIS \n\
13 idmap --help \n\
14 idmap --fd target overlay fd \n\
15 idmap --path target overlay idmap \n\
16 idmap --scan dir-to-scan target-to-look-for target dir-to-hold-idmaps \n\
17 idmap --inspect idmap \n\
18 \n\
19 DESCRIPTION \n\
20 Idmap files play an integral part in the runtime resource overlay framework. An idmap \n\
21 file contains a mapping of resource identifiers between overlay package and its target \n\
22 package; this mapping is used during resource lookup. Idmap files also act as control \n\
23 files by their existence: if not present, the corresponding overlay package is ignored \n\
24 when the resource context is created. \n\
25 \n\
26 Idmap files are stored in /data/resource-cache. For each pair (target package, overlay \n\
27 package), there exists exactly one idmap file, or none if the overlay should not be used. \n\
28 \n\
29 NOMENCLATURE \n\
30 target: the original, non-overlay, package. Each target package may be associated with \n\
31 any number of overlay packages. \n\
32 \n\
33 overlay: an overlay package. Each overlay package is associated with exactly one target \n\
34 package, specified in the overlay's manifest using the <overlay target=\"...\"/> \n\
35 tag. \n\
36 \n\
37 OPTIONS \n\
38 --help: display this help \n\
39 \n\
40 --fd: create idmap for target package 'target' (path to apk) and overlay package 'overlay' \n\
41 (path to apk); write results to file descriptor 'fd' (integer). This invocation \n\
42 version is intended to be used by a parent process with higher privileges to call \n\
43 idmap in a controlled way: the parent will open a suitable file descriptor, fork, \n\
44 drop its privileges and exec. This tool will continue execution without the extra \n\
45 privileges, but still have write access to a file it could not have opened on its \n\
46 own. \n\
47 \n\
48 --path: create idmap for target package 'target' (path to apk) and overlay package \n\
49 'overlay' (path to apk); write results to 'idmap' (path). \n\
50 \n\
51 --scan: non-recursively search directory 'dir-to-scan' (path) for overlay packages with \n\
52 target package 'target-to-look-for' (package name) present at 'target' (path to \n\
53 apk). For each overlay package found, create an idmap file in 'dir-to-hold-idmaps' \n\
54 (path). \n\
55 \n\
56 --inspect: decode the binary format of 'idmap' (path) and display the contents in a \n\
57 debug-friendly format. \n\
58 \n\
59 EXAMPLES \n\
60 Create an idmap file: \n\
61 \n\
62 $ adb shell idmap --path /system/app/target.apk \\ \n\
63 /vendor/overlay/overlay.apk \\ \n\
64 /data/resource-cache/vendor@overlay@overlay.apk@idmap \n\
65 \n\
66 Display an idmap file: \n\
67 \n\
68 $ adb shell idmap --inspect /data/resource-cache/vendor@overlay@overlay.apk@idmap \n\
69 SECTION ENTRY VALUE COMMENT \n\
70 IDMAP HEADER magic 0x706d6469 \n\
71 base crc 0xb65a383f \n\
72 overlay crc 0x7b9675e8 \n\
73 base path .......... /path/to/target.apk \n\
74 overlay path .......... /path/to/overlay.apk \n\
75 DATA HEADER target pkg 0x0000007f \n\
76 types count 0x00000003 \n\
77 DATA BLOCK target type 0x00000002 \n\
78 overlay type 0x00000002 \n\
79 entry count 0x00000001 \n\
80 entry offset 0x00000000 \n\
81 entry 0x00000000 drawable/drawable \n\
82 DATA BLOCK target type 0x00000003 \n\
83 overlay type 0x00000003 \n\
84 entry count 0x00000001 \n\
85 entry offset 0x00000000 \n\
86 entry 0x00000000 xml/integer \n\
87 DATA BLOCK target type 0x00000004 \n\
88 overlay type 0x00000004 \n\
89 entry count 0x00000001 \n\
90 entry offset 0x00000000 \n\
91 entry 0x00000000 raw/lorem_ipsum \n\
92 \n\
93 In this example, the overlay package provides three alternative resource values:\n\
94 drawable/drawable, xml/integer, and raw/lorem_ipsum \n\
95 \n\
96 NOTES \n\
97 This tool and its expected invocation from installd is modelled on dexopt.";
98
verify_directory_readable(const char * path)99 bool verify_directory_readable(const char *path)
100 {
101 return access(path, R_OK | X_OK) == 0;
102 }
103
verify_directory_writable(const char * path)104 bool verify_directory_writable(const char *path)
105 {
106 return access(path, W_OK) == 0;
107 }
108
verify_file_readable(const char * path)109 bool verify_file_readable(const char *path)
110 {
111 return access(path, R_OK) == 0;
112 }
113
verify_root_or_system()114 bool verify_root_or_system()
115 {
116 uid_t uid = getuid();
117 gid_t gid = getgid();
118
119 return (uid == 0 && gid == 0) || (uid == AID_SYSTEM && gid == AID_SYSTEM);
120 }
121
maybe_create_fd(const char * target_apk_path,const char * overlay_apk_path,const char * idmap_str)122 int maybe_create_fd(const char *target_apk_path, const char *overlay_apk_path,
123 const char *idmap_str)
124 {
125 // anyone (not just root or system) may do --fd -- the file has
126 // already been opened by someone else on our behalf
127
128 char *endptr;
129 int idmap_fd = strtol(idmap_str, &endptr, 10);
130 if (*endptr != '\0') {
131 fprintf(stderr, "error: failed to parse file descriptor argument %s\n", idmap_str);
132 return -1;
133 }
134
135 if (!verify_file_readable(target_apk_path)) {
136 ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
137 return -1;
138 }
139
140 if (!verify_file_readable(overlay_apk_path)) {
141 ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno));
142 return -1;
143 }
144
145 return idmap_create_fd(target_apk_path, overlay_apk_path, idmap_fd);
146 }
147
maybe_create_path(const char * target_apk_path,const char * overlay_apk_path,const char * idmap_path)148 int maybe_create_path(const char *target_apk_path, const char *overlay_apk_path,
149 const char *idmap_path)
150 {
151 if (!verify_root_or_system()) {
152 fprintf(stderr, "error: permission denied: not user root or user system\n");
153 return -1;
154 }
155
156 if (!verify_file_readable(target_apk_path)) {
157 ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
158 return -1;
159 }
160
161 if (!verify_file_readable(overlay_apk_path)) {
162 ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno));
163 return -1;
164 }
165
166 return idmap_create_path(target_apk_path, overlay_apk_path, idmap_path);
167 }
168
maybe_scan(const char * overlay_dir,const char * target_package_name,const char * target_apk_path,const char * idmap_dir)169 int maybe_scan(const char *overlay_dir, const char *target_package_name,
170 const char *target_apk_path, const char *idmap_dir)
171 {
172 if (!verify_root_or_system()) {
173 fprintf(stderr, "error: permission denied: not user root or user system\n");
174 return -1;
175 }
176
177 if (!verify_directory_readable(overlay_dir)) {
178 ALOGD("error: no read access to %s: %s\n", overlay_dir, strerror(errno));
179 return -1;
180 }
181
182 if (!verify_file_readable(target_apk_path)) {
183 ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
184 return -1;
185 }
186
187 if (!verify_directory_writable(idmap_dir)) {
188 ALOGD("error: no write access to %s: %s\n", idmap_dir, strerror(errno));
189 return -1;
190 }
191
192 return idmap_scan(overlay_dir, target_package_name, target_apk_path, idmap_dir);
193 }
194
maybe_inspect(const char * idmap_path)195 int maybe_inspect(const char *idmap_path)
196 {
197 // anyone (not just root or system) may do --inspect
198 if (!verify_file_readable(idmap_path)) {
199 ALOGD("error: failed to read idmap %s: %s\n", idmap_path, strerror(errno));
200 return -1;
201 }
202 return idmap_inspect(idmap_path);
203 }
204 }
205
main(int argc,char ** argv)206 int main(int argc, char **argv)
207 {
208 #if 0
209 {
210 char buf[1024];
211 buf[0] = '\0';
212 for (int i = 0; i < argc; ++i) {
213 strncat(buf, argv[i], sizeof(buf) - 1);
214 strncat(buf, " ", sizeof(buf) - 1);
215 }
216 ALOGD("%s:%d: uid=%d gid=%d argv=%s\n", __FILE__, __LINE__, getuid(), getgid(), buf);
217 }
218 #endif
219
220 if (argc == 2 && !strcmp(argv[1], "--help")) {
221 printf("%s\n", usage);
222 return 0;
223 }
224
225 if (argc == 5 && !strcmp(argv[1], "--fd")) {
226 return maybe_create_fd(argv[2], argv[3], argv[4]);
227 }
228
229 if (argc == 5 && !strcmp(argv[1], "--path")) {
230 return maybe_create_path(argv[2], argv[3], argv[4]);
231 }
232
233 if (argc == 6 && !strcmp(argv[1], "--scan")) {
234 return maybe_scan(argv[2], argv[3], argv[4], argv[5]);
235 }
236
237 if (argc == 3 && !strcmp(argv[1], "--inspect")) {
238 return maybe_inspect(argv[2]);
239 }
240
241 fprintf(stderr, "Usage: don't use this (cf dexopt usage).\n");
242 return EXIT_FAILURE;
243 }
244