1 #include "idmap.h"
2
3 #include <private/android_filesystem_config.h> // for AID_SYSTEM
4
5 #include <stdlib.h>
6 #include <string.h>
7
8 namespace {
9 const char *usage = "NAME\n\
10 idmap - create or display idmap files\n\
11 \n\
12 SYNOPSIS \n\
13 idmap --help \n\
14 idmap --fd target overlay fd \n\
15 idmap --path target overlay idmap \n\
16 idmap --scan target-package-name-to-look-for path-to-target-apk dir-to-hold-idmaps \\\
17 dir-to-scan [additional-dir-to-scan [additional-dir-to-scan [...]]]\n\
18 idmap --inspect idmap \n\
19 \n\
20 DESCRIPTION \n\
21 Idmap files play an integral part in the runtime resource overlay framework. An idmap \n\
22 file contains a mapping of resource identifiers between overlay package and its target \n\
23 package; this mapping is used during resource lookup. Idmap files also act as control \n\
24 files by their existence: if not present, the corresponding overlay package is ignored \n\
25 when the resource context is created. \n\
26 \n\
27 Idmap files are stored in /data/resource-cache. For each pair (target package, overlay \n\
28 package), there exists exactly one idmap file, or none if the overlay should not be used. \n\
29 \n\
30 NOMENCLATURE \n\
31 target: the original, non-overlay, package. Each target package may be associated with \n\
32 any number of overlay packages. \n\
33 \n\
34 overlay: an overlay package. Each overlay package is associated with exactly one target \n\
35 package, specified in the overlay's manifest using the <overlay target=\"...\"/> \n\
36 tag. \n\
37 \n\
38 OPTIONS \n\
39 --help: display this help \n\
40 \n\
41 --fd: create idmap for target package 'target' (path to apk) and overlay package 'overlay' \n\
42 (path to apk); write results to file descriptor 'fd' (integer). This invocation \n\
43 version is intended to be used by a parent process with higher privileges to call \n\
44 idmap in a controlled way: the parent will open a suitable file descriptor, fork, \n\
45 drop its privileges and exec. This tool will continue execution without the extra \n\
46 privileges, but still have write access to a file it could not have opened on its \n\
47 own. \n\
48 \n\
49 --path: create idmap for target package 'target' (path to apk) and overlay package \n\
50 'overlay' (path to apk); write results to 'idmap' (path). \n\
51 \n\
52 --scan: non-recursively search directory 'dir-to-scan' (path) for overlay packages with \n\
53 target package 'target-package-name-to-look-for' (package name) present at\n\
54 'path-to-target-apk' (path to apk). For each overlay package found, create an\n\
55 idmap file in 'dir-to-hold-idmaps' (path). \n\
56 \n\
57 --inspect: decode the binary format of 'idmap' (path) and display the contents in a \n\
58 debug-friendly format. \n\
59 \n\
60 EXAMPLES \n\
61 Create an idmap file: \n\
62 \n\
63 $ adb shell idmap --path /system/app/target.apk \\ \n\
64 /vendor/overlay/overlay.apk \\ \n\
65 /data/resource-cache/vendor@overlay@overlay.apk@idmap \n\
66 \n\
67 Display an idmap file: \n\
68 \n\
69 $ adb shell idmap --inspect /data/resource-cache/vendor@overlay@overlay.apk@idmap \n\
70 SECTION ENTRY VALUE COMMENT \n\
71 IDMAP HEADER magic 0x706d6469 \n\
72 base crc 0xb65a383f \n\
73 overlay crc 0x7b9675e8 \n\
74 base path .......... /path/to/target.apk \n\
75 overlay path .......... /path/to/overlay.apk \n\
76 DATA HEADER target pkg 0x0000007f \n\
77 types count 0x00000003 \n\
78 DATA BLOCK target type 0x00000002 \n\
79 overlay type 0x00000002 \n\
80 entry count 0x00000001 \n\
81 entry offset 0x00000000 \n\
82 entry 0x00000000 drawable/drawable \n\
83 DATA BLOCK target type 0x00000003 \n\
84 overlay type 0x00000003 \n\
85 entry count 0x00000001 \n\
86 entry offset 0x00000000 \n\
87 entry 0x00000000 xml/integer \n\
88 DATA BLOCK target type 0x00000004 \n\
89 overlay type 0x00000004 \n\
90 entry count 0x00000001 \n\
91 entry offset 0x00000000 \n\
92 entry 0x00000000 raw/lorem_ipsum \n\
93 \n\
94 In this example, the overlay package provides three alternative resource values:\n\
95 drawable/drawable, xml/integer, and raw/lorem_ipsum \n\
96 \n\
97 NOTES \n\
98 This tool and its expected invocation from installd is modelled on dexopt.";
99
verify_directory_readable(const char * path)100 bool verify_directory_readable(const char *path)
101 {
102 return access(path, R_OK | X_OK) == 0;
103 }
104
verify_directory_writable(const char * path)105 bool verify_directory_writable(const char *path)
106 {
107 return access(path, W_OK) == 0;
108 }
109
verify_file_readable(const char * path)110 bool verify_file_readable(const char *path)
111 {
112 return access(path, R_OK) == 0;
113 }
114
verify_root_or_system()115 bool verify_root_or_system()
116 {
117 uid_t uid = getuid();
118 gid_t gid = getgid();
119
120 return (uid == 0 && gid == 0) || (uid == AID_SYSTEM && gid == AID_SYSTEM);
121 }
122
maybe_create_fd(const char * target_apk_path,const char * overlay_apk_path,const char * idmap_str)123 int maybe_create_fd(const char *target_apk_path, const char *overlay_apk_path,
124 const char *idmap_str)
125 {
126 // anyone (not just root or system) may do --fd -- the file has
127 // already been opened by someone else on our behalf
128
129 char *endptr;
130 int idmap_fd = strtol(idmap_str, &endptr, 10);
131 if (*endptr != '\0') {
132 fprintf(stderr, "error: failed to parse file descriptor argument %s\n", idmap_str);
133 return -1;
134 }
135
136 if (!verify_file_readable(target_apk_path)) {
137 ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
138 return -1;
139 }
140
141 if (!verify_file_readable(overlay_apk_path)) {
142 ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno));
143 return -1;
144 }
145
146 return idmap_create_fd(target_apk_path, overlay_apk_path, idmap_fd);
147 }
148
maybe_create_path(const char * target_apk_path,const char * overlay_apk_path,const char * idmap_path)149 int maybe_create_path(const char *target_apk_path, const char *overlay_apk_path,
150 const char *idmap_path)
151 {
152 if (!verify_root_or_system()) {
153 fprintf(stderr, "error: permission denied: not user root or user system\n");
154 return -1;
155 }
156
157 if (!verify_file_readable(target_apk_path)) {
158 ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
159 return -1;
160 }
161
162 if (!verify_file_readable(overlay_apk_path)) {
163 ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno));
164 return -1;
165 }
166
167 return idmap_create_path(target_apk_path, overlay_apk_path, idmap_path);
168 }
169
maybe_scan(const char * target_package_name,const char * target_apk_path,const char * idmap_dir,const android::Vector<const char * > * overlay_dirs)170 int maybe_scan(const char *target_package_name, const char *target_apk_path,
171 const char *idmap_dir, const android::Vector<const char *> *overlay_dirs)
172 {
173 if (!verify_root_or_system()) {
174 fprintf(stderr, "error: permission denied: not user root or user system\n");
175 return -1;
176 }
177
178 if (!verify_file_readable(target_apk_path)) {
179 ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
180 return -1;
181 }
182
183 if (!verify_directory_writable(idmap_dir)) {
184 ALOGD("error: no write access to %s: %s\n", idmap_dir, strerror(errno));
185 return -1;
186 }
187
188 const size_t N = overlay_dirs->size();
189 for (size_t i = 0; i < N; i++) {
190 const char *dir = overlay_dirs->itemAt(i);
191 if (!verify_directory_readable(dir)) {
192 ALOGD("error: no read access to %s: %s\n", dir, strerror(errno));
193 return -1;
194 }
195 }
196
197 return idmap_scan(target_package_name, target_apk_path, idmap_dir, overlay_dirs);
198 }
199
maybe_inspect(const char * idmap_path)200 int maybe_inspect(const char *idmap_path)
201 {
202 // anyone (not just root or system) may do --inspect
203 if (!verify_file_readable(idmap_path)) {
204 ALOGD("error: failed to read idmap %s: %s\n", idmap_path, strerror(errno));
205 return -1;
206 }
207 return idmap_inspect(idmap_path);
208 }
209 }
210
main(int argc,char ** argv)211 int main(int argc, char **argv)
212 {
213 #if 0
214 {
215 char buf[1024];
216 buf[0] = '\0';
217 for (int i = 0; i < argc; ++i) {
218 strncat(buf, argv[i], sizeof(buf) - 1);
219 strncat(buf, " ", sizeof(buf) - 1);
220 }
221 ALOGD("%s:%d: uid=%d gid=%d argv=%s\n", __FILE__, __LINE__, getuid(), getgid(), buf);
222 }
223 #endif
224
225 if (argc == 2 && !strcmp(argv[1], "--help")) {
226 printf("%s\n", usage);
227 return 0;
228 }
229
230 if (argc == 5 && !strcmp(argv[1], "--fd")) {
231 return maybe_create_fd(argv[2], argv[3], argv[4]);
232 }
233
234 if (argc == 5 && !strcmp(argv[1], "--path")) {
235 return maybe_create_path(argv[2], argv[3], argv[4]);
236 }
237
238 if (argc >= 6 && !strcmp(argv[1], "--scan")) {
239 android::Vector<const char *> v;
240 for (int i = 5; i < argc; i++) {
241 v.push(argv[i]);
242 }
243 return maybe_scan(argv[2], argv[3], argv[4], &v);
244 }
245
246 if (argc == 3 && !strcmp(argv[1], "--inspect")) {
247 return maybe_inspect(argv[2]);
248 }
249
250 fprintf(stderr, "Usage: don't use this (cf dexopt usage).\n");
251 return EXIT_FAILURE;
252 }
253