• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #include "idmap.h"
2 
3 #include <private/android_filesystem_config.h> // for AID_SYSTEM
4 
5 #include <stdlib.h>
6 #include <string.h>
7 
8 namespace {
9     const char *usage = "NAME\n\
10       idmap - create or display idmap files\n\
11 \n\
12 SYNOPSIS \n\
13       idmap --help \n\
14       idmap --fd target overlay fd \n\
15       idmap --path target overlay idmap \n\
16       idmap --scan target-package-name-to-look-for path-to-target-apk dir-to-hold-idmaps \\\
17                    dir-to-scan [additional-dir-to-scan [additional-dir-to-scan [...]]]\n\
18       idmap --inspect idmap \n\
19 \n\
20 DESCRIPTION \n\
21       Idmap files play an integral part in the runtime resource overlay framework. An idmap \n\
22       file contains a mapping of resource identifiers between overlay package and its target \n\
23       package; this mapping is used during resource lookup. Idmap files also act as control \n\
24       files by their existence: if not present, the corresponding overlay package is ignored \n\
25       when the resource context is created. \n\
26 \n\
27       Idmap files are stored in /data/resource-cache. For each pair (target package, overlay \n\
28       package), there exists exactly one idmap file, or none if the overlay should not be used. \n\
29 \n\
30 NOMENCLATURE \n\
31       target: the original, non-overlay, package. Each target package may be associated with \n\
32               any number of overlay packages. \n\
33 \n\
34       overlay: an overlay package. Each overlay package is associated with exactly one target \n\
35                package, specified in the overlay's manifest using the <overlay target=\"...\"/> \n\
36                tag. \n\
37 \n\
38 OPTIONS \n\
39       --help: display this help \n\
40 \n\
41       --fd: create idmap for target package 'target' (path to apk) and overlay package 'overlay' \n\
42             (path to apk); write results to file descriptor 'fd' (integer). This invocation \n\
43             version is intended to be used by a parent process with higher privileges to call \n\
44             idmap in a controlled way: the parent will open a suitable file descriptor, fork, \n\
45             drop its privileges and exec. This tool will continue execution without the extra \n\
46             privileges, but still have write access to a file it could not have opened on its \n\
47             own. \n\
48 \n\
49       --path: create idmap for target package 'target' (path to apk) and overlay package \n\
50               'overlay' (path to apk); write results to 'idmap' (path). \n\
51 \n\
52       --scan: non-recursively search directory 'dir-to-scan' (path) for overlay packages with \n\
53               target package 'target-package-name-to-look-for' (package name) present at\n\
54               'path-to-target-apk' (path to apk). For each overlay package found, create an\n\
55               idmap file in 'dir-to-hold-idmaps' (path). \n\
56 \n\
57       --inspect: decode the binary format of 'idmap' (path) and display the contents in a \n\
58                  debug-friendly format. \n\
59 \n\
60 EXAMPLES \n\
61       Create an idmap file: \n\
62 \n\
63       $ adb shell idmap --path /system/app/target.apk \\ \n\
64                                /vendor/overlay/overlay.apk \\ \n\
65                                /data/resource-cache/vendor@overlay@overlay.apk@idmap \n\
66 \n\
67       Display an idmap file: \n\
68 \n\
69       $ adb shell idmap --inspect /data/resource-cache/vendor@overlay@overlay.apk@idmap \n\
70       SECTION      ENTRY        VALUE      COMMENT \n\
71       IDMAP HEADER magic        0x706d6469 \n\
72                    base crc     0xb65a383f \n\
73                    overlay crc  0x7b9675e8 \n\
74                    base path    .......... /path/to/target.apk \n\
75                    overlay path .......... /path/to/overlay.apk \n\
76       DATA HEADER  target pkg   0x0000007f \n\
77                    types count  0x00000003 \n\
78       DATA BLOCK   target type  0x00000002 \n\
79                    overlay type 0x00000002 \n\
80                    entry count  0x00000001 \n\
81                    entry offset 0x00000000 \n\
82                    entry        0x00000000 drawable/drawable \n\
83       DATA BLOCK   target type  0x00000003 \n\
84                    overlay type 0x00000003 \n\
85                    entry count  0x00000001 \n\
86                    entry offset 0x00000000 \n\
87                    entry        0x00000000 xml/integer \n\
88       DATA BLOCK   target type  0x00000004 \n\
89                    overlay type 0x00000004 \n\
90                    entry count  0x00000001 \n\
91                    entry offset 0x00000000 \n\
92                    entry        0x00000000 raw/lorem_ipsum \n\
93 \n\
94       In this example, the overlay package provides three alternative resource values:\n\
95       drawable/drawable, xml/integer, and raw/lorem_ipsum \n\
96 \n\
97 NOTES \n\
98       This tool and its expected invocation from installd is modelled on dexopt.";
99 
verify_directory_readable(const char * path)100     bool verify_directory_readable(const char *path)
101     {
102         return access(path, R_OK | X_OK) == 0;
103     }
104 
verify_directory_writable(const char * path)105     bool verify_directory_writable(const char *path)
106     {
107         return access(path, W_OK) == 0;
108     }
109 
verify_file_readable(const char * path)110     bool verify_file_readable(const char *path)
111     {
112         return access(path, R_OK) == 0;
113     }
114 
verify_root_or_system()115     bool verify_root_or_system()
116     {
117         uid_t uid = getuid();
118         gid_t gid = getgid();
119 
120         return (uid == 0 && gid == 0) || (uid == AID_SYSTEM && gid == AID_SYSTEM);
121     }
122 
maybe_create_fd(const char * target_apk_path,const char * overlay_apk_path,const char * idmap_str)123     int maybe_create_fd(const char *target_apk_path, const char *overlay_apk_path,
124             const char *idmap_str)
125     {
126         // anyone (not just root or system) may do --fd -- the file has
127         // already been opened by someone else on our behalf
128 
129         char *endptr;
130         int idmap_fd = strtol(idmap_str, &endptr, 10);
131         if (*endptr != '\0') {
132             fprintf(stderr, "error: failed to parse file descriptor argument %s\n", idmap_str);
133             return -1;
134         }
135 
136         if (!verify_file_readable(target_apk_path)) {
137             ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
138             return -1;
139         }
140 
141         if (!verify_file_readable(overlay_apk_path)) {
142             ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno));
143             return -1;
144         }
145 
146         return idmap_create_fd(target_apk_path, overlay_apk_path, idmap_fd);
147     }
148 
maybe_create_path(const char * target_apk_path,const char * overlay_apk_path,const char * idmap_path)149     int maybe_create_path(const char *target_apk_path, const char *overlay_apk_path,
150             const char *idmap_path)
151     {
152         if (!verify_root_or_system()) {
153             fprintf(stderr, "error: permission denied: not user root or user system\n");
154             return -1;
155         }
156 
157         if (!verify_file_readable(target_apk_path)) {
158             ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
159             return -1;
160         }
161 
162         if (!verify_file_readable(overlay_apk_path)) {
163             ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno));
164             return -1;
165         }
166 
167         return idmap_create_path(target_apk_path, overlay_apk_path, idmap_path);
168     }
169 
maybe_scan(const char * target_package_name,const char * target_apk_path,const char * idmap_dir,const android::Vector<const char * > * overlay_dirs)170     int maybe_scan(const char *target_package_name, const char *target_apk_path,
171             const char *idmap_dir, const android::Vector<const char *> *overlay_dirs)
172     {
173         if (!verify_root_or_system()) {
174             fprintf(stderr, "error: permission denied: not user root or user system\n");
175             return -1;
176         }
177 
178         if (!verify_file_readable(target_apk_path)) {
179             ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
180             return -1;
181         }
182 
183         if (!verify_directory_writable(idmap_dir)) {
184             ALOGD("error: no write access to %s: %s\n", idmap_dir, strerror(errno));
185             return -1;
186         }
187 
188         const size_t N = overlay_dirs->size();
189         for (size_t i = 0; i < N; i++) {
190             const char *dir = overlay_dirs->itemAt(i);
191             if (!verify_directory_readable(dir)) {
192                 ALOGD("error: no read access to %s: %s\n", dir, strerror(errno));
193                 return -1;
194             }
195         }
196 
197         return idmap_scan(target_package_name, target_apk_path, idmap_dir, overlay_dirs);
198     }
199 
maybe_inspect(const char * idmap_path)200     int maybe_inspect(const char *idmap_path)
201     {
202         // anyone (not just root or system) may do --inspect
203         if (!verify_file_readable(idmap_path)) {
204             ALOGD("error: failed to read idmap %s: %s\n", idmap_path, strerror(errno));
205             return -1;
206         }
207         return idmap_inspect(idmap_path);
208     }
209 }
210 
main(int argc,char ** argv)211 int main(int argc, char **argv)
212 {
213 #if 0
214     {
215         char buf[1024];
216         buf[0] = '\0';
217         for (int i = 0; i < argc; ++i) {
218             strncat(buf, argv[i], sizeof(buf) - 1);
219             strncat(buf, " ", sizeof(buf) - 1);
220         }
221         ALOGD("%s:%d: uid=%d gid=%d argv=%s\n", __FILE__, __LINE__, getuid(), getgid(), buf);
222     }
223 #endif
224 
225     if (argc == 2 && !strcmp(argv[1], "--help")) {
226         printf("%s\n", usage);
227         return 0;
228     }
229 
230     if (argc == 5 && !strcmp(argv[1], "--fd")) {
231         return maybe_create_fd(argv[2], argv[3], argv[4]);
232     }
233 
234     if (argc == 5 && !strcmp(argv[1], "--path")) {
235         return maybe_create_path(argv[2], argv[3], argv[4]);
236     }
237 
238     if (argc >= 6 && !strcmp(argv[1], "--scan")) {
239         android::Vector<const char *> v;
240         for (int i = 5; i < argc; i++) {
241             v.push(argv[i]);
242         }
243         return maybe_scan(argv[2], argv[3], argv[4], &v);
244     }
245 
246     if (argc == 3 && !strcmp(argv[1], "--inspect")) {
247         return maybe_inspect(argv[2]);
248     }
249 
250     fprintf(stderr, "Usage: don't use this (cf dexopt usage).\n");
251     return EXIT_FAILURE;
252 }
253