1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #define LOG_TAG "installed"
17
18 #include <fcntl.h>
19 #include <stdlib.h>
20 #include <string.h>
21 #include <sys/capability.h>
22 #include <sys/file.h>
23 #include <sys/stat.h>
24 #include <sys/time.h>
25 #include <sys/types.h>
26 #include <sys/resource.h>
27 #include <sys/wait.h>
28 #include <unistd.h>
29
30 #include <android-base/logging.h>
31 #include <android-base/stringprintf.h>
32 #include <android-base/strings.h>
33 #include <android-base/unique_fd.h>
34 #include <cutils/fs.h>
35 #include <cutils/properties.h>
36 #include <cutils/sched_policy.h>
37 #include <log/log.h> // TODO: Move everything to base/logging.
38 #include <private/android_filesystem_config.h>
39 #include <selinux/android.h>
40 #include <system/thread_defs.h>
41
42 #include "dexopt.h"
43 #include "installd_deps.h"
44 #include "otapreopt_utils.h"
45 #include "utils.h"
46
47 using android::base::StringPrintf;
48 using android::base::EndsWith;
49 using android::base::unique_fd;
50
51 namespace android {
52 namespace installd {
53
54 // Deleter using free() for use with std::unique_ptr<>. See also UniqueCPtr<> below.
55 struct FreeDelete {
56 // NOTE: Deleting a const object is valid but free() takes a non-const pointer.
operator ()android::installd::FreeDelete57 void operator()(const void* ptr) const {
58 free(const_cast<void*>(ptr));
59 }
60 };
61
62 // Alias for std::unique_ptr<> that uses the C function free() to delete objects.
63 template <typename T>
64 using UniqueCPtr = std::unique_ptr<T, FreeDelete>;
65
invalid_unique_fd()66 static unique_fd invalid_unique_fd() {
67 return unique_fd(-1);
68 }
69
clear_profile(const std::string & profile)70 static bool clear_profile(const std::string& profile) {
71 unique_fd ufd(open(profile.c_str(), O_WRONLY | O_NOFOLLOW | O_CLOEXEC));
72 if (ufd.get() < 0) {
73 if (errno != ENOENT) {
74 PLOG(WARNING) << "Could not open profile " << profile;
75 return false;
76 } else {
77 // Nothing to clear. That's ok.
78 return true;
79 }
80 }
81
82 if (flock(ufd.get(), LOCK_EX | LOCK_NB) != 0) {
83 if (errno != EWOULDBLOCK) {
84 PLOG(WARNING) << "Error locking profile " << profile;
85 }
86 // This implies that the app owning this profile is running
87 // (and has acquired the lock).
88 //
89 // If we can't acquire the lock bail out since clearing is useless anyway
90 // (the app will write again to the profile).
91 //
92 // Note:
93 // This does not impact the this is not an issue for the profiling correctness.
94 // In case this is needed because of an app upgrade, profiles will still be
95 // eventually cleared by the app itself due to checksum mismatch.
96 // If this is needed because profman advised, then keeping the data around
97 // until the next run is again not an issue.
98 //
99 // If the app attempts to acquire a lock while we've held one here,
100 // it will simply skip the current write cycle.
101 return false;
102 }
103
104 bool truncated = ftruncate(ufd.get(), 0) == 0;
105 if (!truncated) {
106 PLOG(WARNING) << "Could not truncate " << profile;
107 }
108 if (flock(ufd.get(), LOCK_UN) != 0) {
109 PLOG(WARNING) << "Error unlocking profile " << profile;
110 }
111 return truncated;
112 }
113
114 // Clear the reference profile for the given location.
115 // The location is the package name for primary apks or the dex path for secondary dex files.
clear_reference_profile(const std::string & location,bool is_secondary_dex)116 static bool clear_reference_profile(const std::string& location, bool is_secondary_dex) {
117 return clear_profile(create_reference_profile_path(location, is_secondary_dex));
118 }
119
120 // Clear the reference profile for the given location.
121 // The location is the package name for primary apks or the dex path for secondary dex files.
clear_current_profile(const std::string & pkgname,userid_t user,bool is_secondary_dex)122 static bool clear_current_profile(const std::string& pkgname, userid_t user,
123 bool is_secondary_dex) {
124 return clear_profile(create_current_profile_path(user, pkgname, is_secondary_dex));
125 }
126
127 // Clear the reference profile for the primary apk of the given package.
clear_primary_reference_profile(const std::string & pkgname)128 bool clear_primary_reference_profile(const std::string& pkgname) {
129 return clear_reference_profile(pkgname, /*is_secondary_dex*/false);
130 }
131
132 // Clear all current profile for the primary apk of the given package.
clear_primary_current_profiles(const std::string & pkgname)133 bool clear_primary_current_profiles(const std::string& pkgname) {
134 bool success = true;
135 // For secondary dex files, we don't really need the user but we use it for sanity checks.
136 std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr);
137 for (auto user : users) {
138 success &= clear_current_profile(pkgname, user, /*is_secondary_dex*/false);
139 }
140 return success;
141 }
142
143 // Clear the current profile for the primary apk of the given package and user.
clear_primary_current_profile(const std::string & pkgname,userid_t user)144 bool clear_primary_current_profile(const std::string& pkgname, userid_t user) {
145 return clear_current_profile(pkgname, user, /*is_secondary_dex*/false);
146 }
147
split_count(const char * str)148 static int split_count(const char *str)
149 {
150 char *ctx;
151 int count = 0;
152 char buf[kPropertyValueMax];
153
154 strncpy(buf, str, sizeof(buf));
155 char *pBuf = buf;
156
157 while(strtok_r(pBuf, " ", &ctx) != NULL) {
158 count++;
159 pBuf = NULL;
160 }
161
162 return count;
163 }
164
split(char * buf,const char ** argv)165 static int split(char *buf, const char **argv)
166 {
167 char *ctx;
168 int count = 0;
169 char *tok;
170 char *pBuf = buf;
171
172 while((tok = strtok_r(pBuf, " ", &ctx)) != NULL) {
173 argv[count++] = tok;
174 pBuf = NULL;
175 }
176
177 return count;
178 }
179
get_location_from_path(const char * path)180 static const char* get_location_from_path(const char* path) {
181 static constexpr char kLocationSeparator = '/';
182 const char *location = strrchr(path, kLocationSeparator);
183 if (location == NULL) {
184 return path;
185 } else {
186 // Skip the separator character.
187 return location + 1;
188 }
189 }
190
run_dex2oat(int zip_fd,int oat_fd,int input_vdex_fd,int output_vdex_fd,int image_fd,const char * input_file_name,const char * output_file_name,int swap_fd,const char * instruction_set,const char * compiler_filter,bool debuggable,bool post_bootcomplete,int profile_fd,const char * shared_libraries)191 static void run_dex2oat(int zip_fd, int oat_fd, int input_vdex_fd, int output_vdex_fd, int image_fd,
192 const char* input_file_name, const char* output_file_name, int swap_fd,
193 const char* instruction_set, const char* compiler_filter,
194 bool debuggable, bool post_bootcomplete, int profile_fd, const char* shared_libraries) {
195 static const unsigned int MAX_INSTRUCTION_SET_LEN = 7;
196
197 if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) {
198 ALOGE("Instruction set %s longer than max length of %d",
199 instruction_set, MAX_INSTRUCTION_SET_LEN);
200 return;
201 }
202
203 // Get the relative path to the input file.
204 const char* relative_input_file_name = get_location_from_path(input_file_name);
205
206 char dex2oat_Xms_flag[kPropertyValueMax];
207 bool have_dex2oat_Xms_flag = get_property("dalvik.vm.dex2oat-Xms", dex2oat_Xms_flag, NULL) > 0;
208
209 char dex2oat_Xmx_flag[kPropertyValueMax];
210 bool have_dex2oat_Xmx_flag = get_property("dalvik.vm.dex2oat-Xmx", dex2oat_Xmx_flag, NULL) > 0;
211
212 char dex2oat_threads_buf[kPropertyValueMax];
213 bool have_dex2oat_threads_flag = get_property(post_bootcomplete
214 ? "dalvik.vm.dex2oat-threads"
215 : "dalvik.vm.boot-dex2oat-threads",
216 dex2oat_threads_buf,
217 NULL) > 0;
218 char dex2oat_threads_arg[kPropertyValueMax + 2];
219 if (have_dex2oat_threads_flag) {
220 sprintf(dex2oat_threads_arg, "-j%s", dex2oat_threads_buf);
221 }
222
223 char dex2oat_isa_features_key[kPropertyKeyMax];
224 sprintf(dex2oat_isa_features_key, "dalvik.vm.isa.%s.features", instruction_set);
225 char dex2oat_isa_features[kPropertyValueMax];
226 bool have_dex2oat_isa_features = get_property(dex2oat_isa_features_key,
227 dex2oat_isa_features, NULL) > 0;
228
229 char dex2oat_isa_variant_key[kPropertyKeyMax];
230 sprintf(dex2oat_isa_variant_key, "dalvik.vm.isa.%s.variant", instruction_set);
231 char dex2oat_isa_variant[kPropertyValueMax];
232 bool have_dex2oat_isa_variant = get_property(dex2oat_isa_variant_key,
233 dex2oat_isa_variant, NULL) > 0;
234
235 const char *dex2oat_norelocation = "-Xnorelocate";
236 bool have_dex2oat_relocation_skip_flag = false;
237
238 char dex2oat_flags[kPropertyValueMax];
239 int dex2oat_flags_count = get_property("dalvik.vm.dex2oat-flags",
240 dex2oat_flags, NULL) <= 0 ? 0 : split_count(dex2oat_flags);
241 ALOGV("dalvik.vm.dex2oat-flags=%s\n", dex2oat_flags);
242
243 // If we are booting without the real /data, don't spend time compiling.
244 char vold_decrypt[kPropertyValueMax];
245 bool have_vold_decrypt = get_property("vold.decrypt", vold_decrypt, "") > 0;
246 bool skip_compilation = (have_vold_decrypt &&
247 (strcmp(vold_decrypt, "trigger_restart_min_framework") == 0 ||
248 (strcmp(vold_decrypt, "1") == 0)));
249
250 bool generate_debug_info = property_get_bool("debug.generate-debug-info", false);
251
252 char app_image_format[kPropertyValueMax];
253 char image_format_arg[strlen("--image-format=") + kPropertyValueMax];
254 bool have_app_image_format =
255 image_fd >= 0 && get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0;
256 if (have_app_image_format) {
257 sprintf(image_format_arg, "--image-format=%s", app_image_format);
258 }
259
260 char dex2oat_large_app_threshold[kPropertyValueMax];
261 bool have_dex2oat_large_app_threshold =
262 get_property("dalvik.vm.dex2oat-very-large", dex2oat_large_app_threshold, NULL) > 0;
263 char dex2oat_large_app_threshold_arg[strlen("--very-large-app-threshold=") + kPropertyValueMax];
264 if (have_dex2oat_large_app_threshold) {
265 sprintf(dex2oat_large_app_threshold_arg,
266 "--very-large-app-threshold=%s",
267 dex2oat_large_app_threshold);
268 }
269
270 static const char* DEX2OAT_BIN = "/system/bin/dex2oat";
271
272 static const char* RUNTIME_ARG = "--runtime-arg";
273
274 static const int MAX_INT_LEN = 12; // '-'+10dig+'\0' -OR- 0x+8dig
275
276 // clang FORTIFY doesn't let us use strlen in constant array bounds, so we
277 // use arraysize instead.
278 char zip_fd_arg[arraysize("--zip-fd=") + MAX_INT_LEN];
279 char zip_location_arg[arraysize("--zip-location=") + PKG_PATH_MAX];
280 char input_vdex_fd_arg[arraysize("--input-vdex-fd=") + MAX_INT_LEN];
281 char output_vdex_fd_arg[arraysize("--output-vdex-fd=") + MAX_INT_LEN];
282 char oat_fd_arg[arraysize("--oat-fd=") + MAX_INT_LEN];
283 char oat_location_arg[arraysize("--oat-location=") + PKG_PATH_MAX];
284 char instruction_set_arg[arraysize("--instruction-set=") + MAX_INSTRUCTION_SET_LEN];
285 char instruction_set_variant_arg[arraysize("--instruction-set-variant=") + kPropertyValueMax];
286 char instruction_set_features_arg[arraysize("--instruction-set-features=") + kPropertyValueMax];
287 char dex2oat_Xms_arg[arraysize("-Xms") + kPropertyValueMax];
288 char dex2oat_Xmx_arg[arraysize("-Xmx") + kPropertyValueMax];
289 char dex2oat_compiler_filter_arg[arraysize("--compiler-filter=") + kPropertyValueMax];
290 bool have_dex2oat_swap_fd = false;
291 char dex2oat_swap_fd[arraysize("--swap-fd=") + MAX_INT_LEN];
292 bool have_dex2oat_image_fd = false;
293 char dex2oat_image_fd[arraysize("--app-image-fd=") + MAX_INT_LEN];
294
295 sprintf(zip_fd_arg, "--zip-fd=%d", zip_fd);
296 sprintf(zip_location_arg, "--zip-location=%s", relative_input_file_name);
297 sprintf(input_vdex_fd_arg, "--input-vdex-fd=%d", input_vdex_fd);
298 sprintf(output_vdex_fd_arg, "--output-vdex-fd=%d", output_vdex_fd);
299 sprintf(oat_fd_arg, "--oat-fd=%d", oat_fd);
300 sprintf(oat_location_arg, "--oat-location=%s", output_file_name);
301 sprintf(instruction_set_arg, "--instruction-set=%s", instruction_set);
302 sprintf(instruction_set_variant_arg, "--instruction-set-variant=%s", dex2oat_isa_variant);
303 sprintf(instruction_set_features_arg, "--instruction-set-features=%s", dex2oat_isa_features);
304 if (swap_fd >= 0) {
305 have_dex2oat_swap_fd = true;
306 sprintf(dex2oat_swap_fd, "--swap-fd=%d", swap_fd);
307 }
308 if (image_fd >= 0) {
309 have_dex2oat_image_fd = true;
310 sprintf(dex2oat_image_fd, "--app-image-fd=%d", image_fd);
311 }
312
313 if (have_dex2oat_Xms_flag) {
314 sprintf(dex2oat_Xms_arg, "-Xms%s", dex2oat_Xms_flag);
315 }
316 if (have_dex2oat_Xmx_flag) {
317 sprintf(dex2oat_Xmx_arg, "-Xmx%s", dex2oat_Xmx_flag);
318 }
319
320 // Compute compiler filter.
321
322 bool have_dex2oat_compiler_filter_flag = false;
323 if (skip_compilation) {
324 strcpy(dex2oat_compiler_filter_arg, "--compiler-filter=extract");
325 have_dex2oat_compiler_filter_flag = true;
326 have_dex2oat_relocation_skip_flag = true;
327 } else if (compiler_filter != nullptr) {
328 if (strlen(compiler_filter) + strlen("--compiler-filter=") <
329 arraysize(dex2oat_compiler_filter_arg)) {
330 sprintf(dex2oat_compiler_filter_arg, "--compiler-filter=%s", compiler_filter);
331 have_dex2oat_compiler_filter_flag = true;
332 } else {
333 ALOGW("Compiler filter name '%s' is too large (max characters is %zu)",
334 compiler_filter,
335 kPropertyValueMax);
336 }
337 }
338
339 if (!have_dex2oat_compiler_filter_flag) {
340 char dex2oat_compiler_filter_flag[kPropertyValueMax];
341 have_dex2oat_compiler_filter_flag = get_property("dalvik.vm.dex2oat-filter",
342 dex2oat_compiler_filter_flag, NULL) > 0;
343 if (have_dex2oat_compiler_filter_flag) {
344 sprintf(dex2oat_compiler_filter_arg,
345 "--compiler-filter=%s",
346 dex2oat_compiler_filter_flag);
347 }
348 }
349
350 // Check whether all apps should be compiled debuggable.
351 if (!debuggable) {
352 char prop_buf[kPropertyValueMax];
353 debuggable =
354 (get_property("dalvik.vm.always_debuggable", prop_buf, "0") > 0) &&
355 (prop_buf[0] == '1');
356 }
357 char profile_arg[strlen("--profile-file-fd=") + MAX_INT_LEN];
358 if (profile_fd != -1) {
359 sprintf(profile_arg, "--profile-file-fd=%d", profile_fd);
360 }
361
362 // Get the directory of the apk to pass as a base classpath directory.
363 char base_dir[arraysize("--classpath-dir=") + PKG_PATH_MAX];
364 std::string apk_dir(input_file_name);
365 unsigned long dir_index = apk_dir.rfind('/');
366 bool has_base_dir = dir_index != std::string::npos;
367 if (has_base_dir) {
368 apk_dir = apk_dir.substr(0, dir_index);
369 sprintf(base_dir, "--classpath-dir=%s", apk_dir.c_str());
370 }
371
372
373 ALOGV("Running %s in=%s out=%s\n", DEX2OAT_BIN, relative_input_file_name, output_file_name);
374
375 const char* argv[9 // program name, mandatory arguments and the final NULL
376 + (have_dex2oat_isa_variant ? 1 : 0)
377 + (have_dex2oat_isa_features ? 1 : 0)
378 + (have_dex2oat_Xms_flag ? 2 : 0)
379 + (have_dex2oat_Xmx_flag ? 2 : 0)
380 + (have_dex2oat_compiler_filter_flag ? 1 : 0)
381 + (have_dex2oat_threads_flag ? 1 : 0)
382 + (have_dex2oat_swap_fd ? 1 : 0)
383 + (have_dex2oat_image_fd ? 1 : 0)
384 + (have_dex2oat_relocation_skip_flag ? 2 : 0)
385 + (generate_debug_info ? 1 : 0)
386 + (debuggable ? 1 : 0)
387 + (have_app_image_format ? 1 : 0)
388 + dex2oat_flags_count
389 + (profile_fd == -1 ? 0 : 1)
390 + (shared_libraries != nullptr ? 4 : 0)
391 + (has_base_dir ? 1 : 0)
392 + (have_dex2oat_large_app_threshold ? 1 : 0)];
393 int i = 0;
394 argv[i++] = DEX2OAT_BIN;
395 argv[i++] = zip_fd_arg;
396 argv[i++] = zip_location_arg;
397 argv[i++] = input_vdex_fd_arg;
398 argv[i++] = output_vdex_fd_arg;
399 argv[i++] = oat_fd_arg;
400 argv[i++] = oat_location_arg;
401 argv[i++] = instruction_set_arg;
402 if (have_dex2oat_isa_variant) {
403 argv[i++] = instruction_set_variant_arg;
404 }
405 if (have_dex2oat_isa_features) {
406 argv[i++] = instruction_set_features_arg;
407 }
408 if (have_dex2oat_Xms_flag) {
409 argv[i++] = RUNTIME_ARG;
410 argv[i++] = dex2oat_Xms_arg;
411 }
412 if (have_dex2oat_Xmx_flag) {
413 argv[i++] = RUNTIME_ARG;
414 argv[i++] = dex2oat_Xmx_arg;
415 }
416 if (have_dex2oat_compiler_filter_flag) {
417 argv[i++] = dex2oat_compiler_filter_arg;
418 }
419 if (have_dex2oat_threads_flag) {
420 argv[i++] = dex2oat_threads_arg;
421 }
422 if (have_dex2oat_swap_fd) {
423 argv[i++] = dex2oat_swap_fd;
424 }
425 if (have_dex2oat_image_fd) {
426 argv[i++] = dex2oat_image_fd;
427 }
428 if (generate_debug_info) {
429 argv[i++] = "--generate-debug-info";
430 }
431 if (debuggable) {
432 argv[i++] = "--debuggable";
433 }
434 if (have_app_image_format) {
435 argv[i++] = image_format_arg;
436 }
437 if (have_dex2oat_large_app_threshold) {
438 argv[i++] = dex2oat_large_app_threshold_arg;
439 }
440 if (dex2oat_flags_count) {
441 i += split(dex2oat_flags, argv + i);
442 }
443 if (have_dex2oat_relocation_skip_flag) {
444 argv[i++] = RUNTIME_ARG;
445 argv[i++] = dex2oat_norelocation;
446 }
447 if (profile_fd != -1) {
448 argv[i++] = profile_arg;
449 }
450 if (shared_libraries != nullptr) {
451 argv[i++] = RUNTIME_ARG;
452 argv[i++] = "-classpath";
453 argv[i++] = RUNTIME_ARG;
454 argv[i++] = shared_libraries;
455 }
456 if (has_base_dir) {
457 argv[i++] = base_dir;
458 }
459 // Do not add after dex2oat_flags, they should override others for debugging.
460 argv[i] = NULL;
461
462 execv(DEX2OAT_BIN, (char * const *)argv);
463 ALOGE("execv(%s) failed: %s\n", DEX2OAT_BIN, strerror(errno));
464 }
465
466 /*
467 * Whether dexopt should use a swap file when compiling an APK.
468 *
469 * If kAlwaysProvideSwapFile, do this on all devices (dex2oat will make a more informed decision
470 * itself, anyways).
471 *
472 * Otherwise, read "dalvik.vm.dex2oat-swap". If the property exists, return whether it is "true".
473 *
474 * Otherwise, return true if this is a low-mem device.
475 *
476 * Otherwise, return default value.
477 */
478 static bool kAlwaysProvideSwapFile = false;
479 static bool kDefaultProvideSwapFile = true;
480
ShouldUseSwapFileForDexopt()481 static bool ShouldUseSwapFileForDexopt() {
482 if (kAlwaysProvideSwapFile) {
483 return true;
484 }
485
486 // Check the "override" property. If it exists, return value == "true".
487 char dex2oat_prop_buf[kPropertyValueMax];
488 if (get_property("dalvik.vm.dex2oat-swap", dex2oat_prop_buf, "") > 0) {
489 if (strcmp(dex2oat_prop_buf, "true") == 0) {
490 return true;
491 } else {
492 return false;
493 }
494 }
495
496 // Shortcut for default value. This is an implementation optimization for the process sketched
497 // above. If the default value is true, we can avoid to check whether this is a low-mem device,
498 // as low-mem is never returning false. The compiler will optimize this away if it can.
499 if (kDefaultProvideSwapFile) {
500 return true;
501 }
502
503 bool is_low_mem = property_get_bool("ro.config.low_ram", false);
504 if (is_low_mem) {
505 return true;
506 }
507
508 // Default value must be false here.
509 return kDefaultProvideSwapFile;
510 }
511
SetDex2OatScheduling(bool set_to_bg)512 static void SetDex2OatScheduling(bool set_to_bg) {
513 if (set_to_bg) {
514 if (set_sched_policy(0, SP_BACKGROUND) < 0) {
515 ALOGE("set_sched_policy failed: %s\n", strerror(errno));
516 exit(70);
517 }
518 if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) {
519 ALOGE("setpriority failed: %s\n", strerror(errno));
520 exit(71);
521 }
522 }
523 }
524
create_profile(int uid,const std::string & profile)525 static bool create_profile(int uid, const std::string& profile) {
526 unique_fd fd(TEMP_FAILURE_RETRY(open(profile.c_str(), O_CREAT | O_NOFOLLOW, 0600)));
527 if (fd.get() < 0) {
528 if (errno == EEXIST) {
529 return true;
530 } else {
531 PLOG(ERROR) << "Failed to create profile " << profile;
532 return false;
533 }
534 }
535 // Profiles should belong to the app; make sure of that by giving ownership to
536 // the app uid. If we cannot do that, there's no point in returning the fd
537 // since dex2oat/profman will fail with SElinux denials.
538 if (fchown(fd.get(), uid, uid) < 0) {
539 PLOG(ERROR) << "Could not chwon profile " << profile;
540 return false;
541 }
542 return true;
543 }
544
open_profile(int uid,const std::string & profile,bool read_write)545 static unique_fd open_profile(int uid, const std::string& profile, bool read_write) {
546 // Check if we need to open the profile for a read-write operation. If so, we
547 // might need to create the profile since the file might not be there. Reference
548 // profiles are created on the fly so they might not exist beforehand.
549 if (read_write) {
550 if (!create_profile(uid, profile)) {
551 return invalid_unique_fd();
552 }
553 }
554 int flags = read_write ? O_RDWR : O_RDONLY;
555 // Do not follow symlinks when opening a profile:
556 // - primary profiles should not contain symlinks in their paths
557 // - secondary dex paths should have been already resolved and validated
558 flags |= O_NOFOLLOW;
559
560 unique_fd fd(TEMP_FAILURE_RETRY(open(profile.c_str(), flags)));
561 if (fd.get() < 0) {
562 if (errno != ENOENT) {
563 // Profiles might be missing for various reasons. For example, in a
564 // multi-user environment, the profile directory for one user can be created
565 // after we start a merge. In this case the current profile for that user
566 // will not be found.
567 // Also, the secondary dex profiles might be deleted by the app at any time,
568 // so we can't we need to prepare if they are missing.
569 PLOG(ERROR) << "Failed to open profile " << profile;
570 }
571 return invalid_unique_fd();
572 }
573
574 return fd;
575 }
576
open_current_profile(uid_t uid,userid_t user,const std::string & location,bool is_secondary_dex)577 static unique_fd open_current_profile(uid_t uid, userid_t user, const std::string& location,
578 bool is_secondary_dex) {
579 std::string profile = create_current_profile_path(user, location, is_secondary_dex);
580 return open_profile(uid, profile, /*read_write*/false);
581 }
582
open_reference_profile(uid_t uid,const std::string & location,bool read_write,bool is_secondary_dex)583 static unique_fd open_reference_profile(uid_t uid, const std::string& location, bool read_write,
584 bool is_secondary_dex) {
585 std::string profile = create_reference_profile_path(location, is_secondary_dex);
586 return open_profile(uid, profile, read_write);
587 }
588
open_profile_files(uid_t uid,const std::string & location,bool is_secondary_dex,std::vector<unique_fd> * profiles_fd,unique_fd * reference_profile_fd)589 static void open_profile_files(uid_t uid, const std::string& location, bool is_secondary_dex,
590 /*out*/ std::vector<unique_fd>* profiles_fd, /*out*/ unique_fd* reference_profile_fd) {
591 // Open the reference profile in read-write mode as profman might need to save the merge.
592 *reference_profile_fd = open_reference_profile(uid, location, /*read_write*/ true,
593 is_secondary_dex);
594
595 // For secondary dex files, we don't really need the user but we use it for sanity checks.
596 // Note: the user owning the dex file should be the current user.
597 std::vector<userid_t> users;
598 if (is_secondary_dex){
599 users.push_back(multiuser_get_user_id(uid));
600 } else {
601 users = get_known_users(/*volume_uuid*/ nullptr);
602 }
603 for (auto user : users) {
604 unique_fd profile_fd = open_current_profile(uid, user, location, is_secondary_dex);
605 // Add to the lists only if both fds are valid.
606 if (profile_fd.get() >= 0) {
607 profiles_fd->push_back(std::move(profile_fd));
608 }
609 }
610 }
611
drop_capabilities(uid_t uid)612 static void drop_capabilities(uid_t uid) {
613 if (setgid(uid) != 0) {
614 ALOGE("setgid(%d) failed in installd during dexopt\n", uid);
615 exit(64);
616 }
617 if (setuid(uid) != 0) {
618 ALOGE("setuid(%d) failed in installd during dexopt\n", uid);
619 exit(65);
620 }
621 // drop capabilities
622 struct __user_cap_header_struct capheader;
623 struct __user_cap_data_struct capdata[2];
624 memset(&capheader, 0, sizeof(capheader));
625 memset(&capdata, 0, sizeof(capdata));
626 capheader.version = _LINUX_CAPABILITY_VERSION_3;
627 if (capset(&capheader, &capdata[0]) < 0) {
628 ALOGE("capset failed: %s\n", strerror(errno));
629 exit(66);
630 }
631 }
632
633 static constexpr int PROFMAN_BIN_RETURN_CODE_COMPILE = 0;
634 static constexpr int PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION = 1;
635 static constexpr int PROFMAN_BIN_RETURN_CODE_BAD_PROFILES = 2;
636 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_IO = 3;
637 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING = 4;
638
run_profman_merge(const std::vector<unique_fd> & profiles_fd,const unique_fd & reference_profile_fd)639 static void run_profman_merge(const std::vector<unique_fd>& profiles_fd,
640 const unique_fd& reference_profile_fd) {
641 static const size_t MAX_INT_LEN = 32;
642 static const char* PROFMAN_BIN = "/system/bin/profman";
643
644 std::vector<std::string> profile_args(profiles_fd.size());
645 char profile_buf[strlen("--profile-file-fd=") + MAX_INT_LEN];
646 for (size_t k = 0; k < profiles_fd.size(); k++) {
647 sprintf(profile_buf, "--profile-file-fd=%d", profiles_fd[k].get());
648 profile_args[k].assign(profile_buf);
649 }
650 char reference_profile_arg[strlen("--reference-profile-file-fd=") + MAX_INT_LEN];
651 sprintf(reference_profile_arg, "--reference-profile-file-fd=%d", reference_profile_fd.get());
652
653 // program name, reference profile fd, the final NULL and the profile fds
654 const char* argv[3 + profiles_fd.size()];
655 int i = 0;
656 argv[i++] = PROFMAN_BIN;
657 argv[i++] = reference_profile_arg;
658 for (size_t k = 0; k < profile_args.size(); k++) {
659 argv[i++] = profile_args[k].c_str();
660 }
661 // Do not add after dex2oat_flags, they should override others for debugging.
662 argv[i] = NULL;
663
664 execv(PROFMAN_BIN, (char * const *)argv);
665 ALOGE("execv(%s) failed: %s\n", PROFMAN_BIN, strerror(errno));
666 exit(68); /* only get here on exec failure */
667 }
668
669 // Decides if profile guided compilation is needed or not based on existing profiles.
670 // The location is the package name for primary apks or the dex path for secondary dex files.
671 // Returns true if there is enough information in the current profiles that makes it
672 // worth to recompile the given location.
673 // If the return value is true all the current profiles would have been merged into
674 // the reference profiles accessible with open_reference_profile().
analyze_profiles(uid_t uid,const std::string & location,bool is_secondary_dex)675 static bool analyze_profiles(uid_t uid, const std::string& location, bool is_secondary_dex) {
676 std::vector<unique_fd> profiles_fd;
677 unique_fd reference_profile_fd;
678 open_profile_files(uid, location, is_secondary_dex, &profiles_fd, &reference_profile_fd);
679 if (profiles_fd.empty() || (reference_profile_fd.get() < 0)) {
680 // Skip profile guided compilation because no profiles were found.
681 // Or if the reference profile info couldn't be opened.
682 return false;
683 }
684
685 pid_t pid = fork();
686 if (pid == 0) {
687 /* child -- drop privileges before continuing */
688 drop_capabilities(uid);
689 run_profman_merge(profiles_fd, reference_profile_fd);
690 exit(68); /* only get here on exec failure */
691 }
692 /* parent */
693 int return_code = wait_child(pid);
694 bool need_to_compile = false;
695 bool should_clear_current_profiles = false;
696 bool should_clear_reference_profile = false;
697 if (!WIFEXITED(return_code)) {
698 LOG(WARNING) << "profman failed for location " << location << ": " << return_code;
699 } else {
700 return_code = WEXITSTATUS(return_code);
701 switch (return_code) {
702 case PROFMAN_BIN_RETURN_CODE_COMPILE:
703 need_to_compile = true;
704 should_clear_current_profiles = true;
705 should_clear_reference_profile = false;
706 break;
707 case PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION:
708 need_to_compile = false;
709 should_clear_current_profiles = false;
710 should_clear_reference_profile = false;
711 break;
712 case PROFMAN_BIN_RETURN_CODE_BAD_PROFILES:
713 LOG(WARNING) << "Bad profiles for location " << location;
714 need_to_compile = false;
715 should_clear_current_profiles = true;
716 should_clear_reference_profile = true;
717 break;
718 case PROFMAN_BIN_RETURN_CODE_ERROR_IO: // fall-through
719 case PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING:
720 // Temporary IO problem (e.g. locking). Ignore but log a warning.
721 LOG(WARNING) << "IO error while reading profiles for location " << location;
722 need_to_compile = false;
723 should_clear_current_profiles = false;
724 should_clear_reference_profile = false;
725 break;
726 default:
727 // Unknown return code or error. Unlink profiles.
728 LOG(WARNING) << "Unknown error code while processing profiles for location "
729 << location << ": " << return_code;
730 need_to_compile = false;
731 should_clear_current_profiles = true;
732 should_clear_reference_profile = true;
733 break;
734 }
735 }
736
737 if (should_clear_current_profiles) {
738 if (is_secondary_dex) {
739 // For secondary dex files, the owning user is the current user.
740 clear_current_profile(location, multiuser_get_user_id(uid), is_secondary_dex);
741 } else {
742 clear_primary_current_profiles(location);
743 }
744 }
745 if (should_clear_reference_profile) {
746 clear_reference_profile(location, is_secondary_dex);
747 }
748 return need_to_compile;
749 }
750
751 // Decides if profile guided compilation is needed or not based on existing profiles.
752 // The analysis is done for the primary apks of the given package.
753 // Returns true if there is enough information in the current profiles that makes it
754 // worth to recompile the package.
755 // If the return value is true all the current profiles would have been merged into
756 // the reference profiles accessible with open_reference_profile().
analyze_primary_profiles(uid_t uid,const std::string & pkgname)757 bool analyze_primary_profiles(uid_t uid, const std::string& pkgname) {
758 return analyze_profiles(uid, pkgname, /*is_secondary_dex*/false);
759 }
760
run_profman_dump(const std::vector<unique_fd> & profile_fds,const unique_fd & reference_profile_fd,const std::vector<std::string> & dex_locations,const std::vector<unique_fd> & apk_fds,const unique_fd & output_fd)761 static void run_profman_dump(const std::vector<unique_fd>& profile_fds,
762 const unique_fd& reference_profile_fd,
763 const std::vector<std::string>& dex_locations,
764 const std::vector<unique_fd>& apk_fds,
765 const unique_fd& output_fd) {
766 std::vector<std::string> profman_args;
767 static const char* PROFMAN_BIN = "/system/bin/profman";
768 profman_args.push_back(PROFMAN_BIN);
769 profman_args.push_back("--dump-only");
770 profman_args.push_back(StringPrintf("--dump-output-to-fd=%d", output_fd.get()));
771 if (reference_profile_fd != -1) {
772 profman_args.push_back(StringPrintf("--reference-profile-file-fd=%d",
773 reference_profile_fd.get()));
774 }
775 for (size_t i = 0; i < profile_fds.size(); i++) {
776 profman_args.push_back(StringPrintf("--profile-file-fd=%d", profile_fds[i].get()));
777 }
778 for (const std::string& dex_location : dex_locations) {
779 profman_args.push_back(StringPrintf("--dex-location=%s", dex_location.c_str()));
780 }
781 for (size_t i = 0; i < apk_fds.size(); i++) {
782 profman_args.push_back(StringPrintf("--apk-fd=%d", apk_fds[i].get()));
783 }
784 const char **argv = new const char*[profman_args.size() + 1];
785 size_t i = 0;
786 for (const std::string& profman_arg : profman_args) {
787 argv[i++] = profman_arg.c_str();
788 }
789 argv[i] = NULL;
790
791 execv(PROFMAN_BIN, (char * const *)argv);
792 ALOGE("execv(%s) failed: %s\n", PROFMAN_BIN, strerror(errno));
793 exit(68); /* only get here on exec failure */
794 }
795
dump_profiles(int32_t uid,const std::string & pkgname,const char * code_paths)796 bool dump_profiles(int32_t uid, const std::string& pkgname, const char* code_paths) {
797 std::vector<unique_fd> profile_fds;
798 unique_fd reference_profile_fd;
799 std::string out_file_name = StringPrintf("/data/misc/profman/%s.txt", pkgname.c_str());
800
801 open_profile_files(uid, pkgname, /*is_secondary_dex*/false,
802 &profile_fds, &reference_profile_fd);
803
804 const bool has_reference_profile = (reference_profile_fd.get() != -1);
805 const bool has_profiles = !profile_fds.empty();
806
807 if (!has_reference_profile && !has_profiles) {
808 LOG(ERROR) << "profman dump: no profiles to dump for " << pkgname;
809 return false;
810 }
811
812 unique_fd output_fd(open(out_file_name.c_str(),
813 O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, 0644));
814 if (fchmod(output_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
815 ALOGE("installd cannot chmod '%s' dump_profile\n", out_file_name.c_str());
816 return false;
817 }
818 std::vector<std::string> code_full_paths = base::Split(code_paths, ";");
819 std::vector<std::string> dex_locations;
820 std::vector<unique_fd> apk_fds;
821 for (const std::string& code_full_path : code_full_paths) {
822 const char* full_path = code_full_path.c_str();
823 unique_fd apk_fd(open(full_path, O_RDONLY | O_NOFOLLOW));
824 if (apk_fd == -1) {
825 ALOGE("installd cannot open '%s'\n", full_path);
826 return false;
827 }
828 dex_locations.push_back(get_location_from_path(full_path));
829 apk_fds.push_back(std::move(apk_fd));
830 }
831
832 pid_t pid = fork();
833 if (pid == 0) {
834 /* child -- drop privileges before continuing */
835 drop_capabilities(uid);
836 run_profman_dump(profile_fds, reference_profile_fd, dex_locations,
837 apk_fds, output_fd);
838 exit(68); /* only get here on exec failure */
839 }
840 /* parent */
841 int return_code = wait_child(pid);
842 if (!WIFEXITED(return_code)) {
843 LOG(WARNING) << "profman failed for package " << pkgname << ": "
844 << return_code;
845 return false;
846 }
847 return true;
848 }
849
replace_file_extension(const std::string & oat_path,const std::string & new_ext)850 static std::string replace_file_extension(const std::string& oat_path, const std::string& new_ext) {
851 // A standard dalvik-cache entry. Replace ".dex" with `new_ext`.
852 if (EndsWith(oat_path, ".dex")) {
853 std::string new_path = oat_path;
854 new_path.replace(new_path.length() - strlen(".dex"), strlen(".dex"), new_ext);
855 CHECK(EndsWith(new_path, new_ext.c_str()));
856 return new_path;
857 }
858
859 // An odex entry. Not that this may not be an extension, e.g., in the OTA
860 // case (where the base name will have an extension for the B artifact).
861 size_t odex_pos = oat_path.rfind(".odex");
862 if (odex_pos != std::string::npos) {
863 std::string new_path = oat_path;
864 new_path.replace(odex_pos, strlen(".odex"), new_ext);
865 CHECK_NE(new_path.find(new_ext), std::string::npos);
866 return new_path;
867 }
868
869 // Don't know how to handle this.
870 return "";
871 }
872
873 // Translate the given oat path to an art (app image) path. An empty string
874 // denotes an error.
create_image_filename(const std::string & oat_path)875 static std::string create_image_filename(const std::string& oat_path) {
876 return replace_file_extension(oat_path, ".art");
877 }
878
879 // Translate the given oat path to a vdex path. An empty string denotes an error.
create_vdex_filename(const std::string & oat_path)880 static std::string create_vdex_filename(const std::string& oat_path) {
881 return replace_file_extension(oat_path, ".vdex");
882 }
883
add_extension_to_file_name(char * file_name,const char * extension)884 static bool add_extension_to_file_name(char* file_name, const char* extension) {
885 if (strlen(file_name) + strlen(extension) + 1 > PKG_PATH_MAX) {
886 return false;
887 }
888 strcat(file_name, extension);
889 return true;
890 }
891
open_output_file(const char * file_name,bool recreate,int permissions)892 static int open_output_file(const char* file_name, bool recreate, int permissions) {
893 int flags = O_RDWR | O_CREAT;
894 if (recreate) {
895 if (unlink(file_name) < 0) {
896 if (errno != ENOENT) {
897 PLOG(ERROR) << "open_output_file: Couldn't unlink " << file_name;
898 }
899 }
900 flags |= O_EXCL;
901 }
902 return open(file_name, flags, permissions);
903 }
904
set_permissions_and_ownership(int fd,bool is_public,int uid,const char * path,bool is_secondary_dex)905 static bool set_permissions_and_ownership(
906 int fd, bool is_public, int uid, const char* path, bool is_secondary_dex) {
907 // Primary apks are owned by the system. Secondary dex files are owned by the app.
908 int owning_uid = is_secondary_dex ? uid : AID_SYSTEM;
909 if (fchmod(fd,
910 S_IRUSR|S_IWUSR|S_IRGRP |
911 (is_public ? S_IROTH : 0)) < 0) {
912 ALOGE("installd cannot chmod '%s' during dexopt\n", path);
913 return false;
914 } else if (fchown(fd, owning_uid, uid) < 0) {
915 ALOGE("installd cannot chown '%s' during dexopt\n", path);
916 return false;
917 }
918 return true;
919 }
920
IsOutputDalvikCache(const char * oat_dir)921 static bool IsOutputDalvikCache(const char* oat_dir) {
922 // InstallerConnection.java (which invokes installd) transforms Java null arguments
923 // into '!'. Play it safe by handling it both.
924 // TODO: ensure we never get null.
925 // TODO: pass a flag instead of inferring if the output is dalvik cache.
926 return oat_dir == nullptr || oat_dir[0] == '!';
927 }
928
create_oat_out_path(const char * apk_path,const char * instruction_set,const char * oat_dir,bool is_secondary_dex,char * out_oat_path)929 static bool create_oat_out_path(const char* apk_path, const char* instruction_set,
930 const char* oat_dir, bool is_secondary_dex, /*out*/ char* out_oat_path) {
931 // Early best-effort check whether we can fit the the path into our buffers.
932 // Note: the cache path will require an additional 5 bytes for ".swap", but we'll try to run
933 // without a swap file, if necessary. Reference profiles file also add an extra ".prof"
934 // extension to the cache path (5 bytes).
935 if (strlen(apk_path) >= (PKG_PATH_MAX - 8)) {
936 ALOGE("apk_path too long '%s'\n", apk_path);
937 return false;
938 }
939
940 if (!IsOutputDalvikCache(oat_dir)) {
941 // Oat dirs for secondary dex files are already validated.
942 if (!is_secondary_dex && validate_apk_path(oat_dir)) {
943 ALOGE("cannot validate apk path with oat_dir '%s'\n", oat_dir);
944 return false;
945 }
946 if (!calculate_oat_file_path(out_oat_path, oat_dir, apk_path, instruction_set)) {
947 return false;
948 }
949 } else {
950 if (!create_cache_path(out_oat_path, apk_path, instruction_set)) {
951 return false;
952 }
953 }
954 return true;
955 }
956
957 // Helper for fd management. This is similar to a unique_fd in that it closes the file descriptor
958 // on destruction. It will also run the given cleanup (unless told not to) after closing.
959 //
960 // Usage example:
961 //
962 // Dex2oatFileWrapper file(open(...),
963 // [name]() {
964 // unlink(name.c_str());
965 // });
966 // // Note: care needs to be taken about name, as it needs to have a lifetime longer than the
967 // wrapper if captured as a reference.
968 //
969 // if (file.get() == -1) {
970 // // Error opening...
971 // }
972 //
973 // ...
974 // if (error) {
975 // // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will run
976 // // and delete the file (after the fd is closed).
977 // return -1;
978 // }
979 //
980 // (Success case)
981 // file.SetCleanup(false);
982 // // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will not run
983 // // (leaving the file around; after the fd is closed).
984 //
985 class Dex2oatFileWrapper {
986 public:
Dex2oatFileWrapper()987 Dex2oatFileWrapper() : value_(-1), cleanup_(), do_cleanup_(true), auto_close_(true) {
988 }
989
Dex2oatFileWrapper(int value,std::function<void ()> cleanup)990 Dex2oatFileWrapper(int value, std::function<void ()> cleanup)
991 : value_(value), cleanup_(cleanup), do_cleanup_(true), auto_close_(true) {}
992
Dex2oatFileWrapper(Dex2oatFileWrapper && other)993 Dex2oatFileWrapper(Dex2oatFileWrapper&& other) {
994 value_ = other.value_;
995 cleanup_ = other.cleanup_;
996 do_cleanup_ = other.do_cleanup_;
997 auto_close_ = other.auto_close_;
998 other.release();
999 }
1000
operator =(Dex2oatFileWrapper && other)1001 Dex2oatFileWrapper& operator=(Dex2oatFileWrapper&& other) {
1002 value_ = other.value_;
1003 cleanup_ = other.cleanup_;
1004 do_cleanup_ = other.do_cleanup_;
1005 auto_close_ = other.auto_close_;
1006 other.release();
1007 return *this;
1008 }
1009
~Dex2oatFileWrapper()1010 ~Dex2oatFileWrapper() {
1011 reset(-1);
1012 }
1013
get()1014 int get() {
1015 return value_;
1016 }
1017
SetCleanup(bool cleanup)1018 void SetCleanup(bool cleanup) {
1019 do_cleanup_ = cleanup;
1020 }
1021
reset(int new_value)1022 void reset(int new_value) {
1023 if (auto_close_ && value_ >= 0) {
1024 close(value_);
1025 }
1026 if (do_cleanup_ && cleanup_ != nullptr) {
1027 cleanup_();
1028 }
1029
1030 value_ = new_value;
1031 }
1032
reset(int new_value,std::function<void ()> new_cleanup)1033 void reset(int new_value, std::function<void ()> new_cleanup) {
1034 if (auto_close_ && value_ >= 0) {
1035 close(value_);
1036 }
1037 if (do_cleanup_ && cleanup_ != nullptr) {
1038 cleanup_();
1039 }
1040
1041 value_ = new_value;
1042 cleanup_ = new_cleanup;
1043 }
1044
DisableAutoClose()1045 void DisableAutoClose() {
1046 auto_close_ = false;
1047 }
1048
1049 private:
release()1050 void release() {
1051 value_ = -1;
1052 do_cleanup_ = false;
1053 cleanup_ = nullptr;
1054 }
1055 int value_;
1056 std::function<void ()> cleanup_;
1057 bool do_cleanup_;
1058 bool auto_close_;
1059 };
1060
1061 // (re)Creates the app image if needed.
maybe_open_app_image(const char * out_oat_path,bool profile_guided,bool is_public,int uid,bool is_secondary_dex)1062 Dex2oatFileWrapper maybe_open_app_image(const char* out_oat_path, bool profile_guided,
1063 bool is_public, int uid, bool is_secondary_dex) {
1064 // Use app images only if it is enabled (by a set image format) and we are compiling
1065 // profile-guided (so the app image doesn't conservatively contain all classes).
1066 // Note that we don't create an image for secondary dex files.
1067 if (is_secondary_dex || !profile_guided) {
1068 return Dex2oatFileWrapper();
1069 }
1070
1071 const std::string image_path = create_image_filename(out_oat_path);
1072 if (image_path.empty()) {
1073 // Happens when the out_oat_path has an unknown extension.
1074 return Dex2oatFileWrapper();
1075 }
1076 char app_image_format[kPropertyValueMax];
1077 bool have_app_image_format =
1078 get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0;
1079 if (!have_app_image_format) {
1080 return Dex2oatFileWrapper();
1081 }
1082 // Recreate is true since we do not want to modify a mapped image. If the app is
1083 // already running and we modify the image file, it can cause crashes (b/27493510).
1084 Dex2oatFileWrapper wrapper_fd(
1085 open_output_file(image_path.c_str(), true /*recreate*/, 0600 /*permissions*/),
1086 [image_path]() { unlink(image_path.c_str()); });
1087 if (wrapper_fd.get() < 0) {
1088 // Could not create application image file. Go on since we can compile without it.
1089 LOG(ERROR) << "installd could not create '" << image_path
1090 << "' for image file during dexopt";
1091 // If we have a valid image file path but no image fd, explicitly erase the image file.
1092 if (unlink(image_path.c_str()) < 0) {
1093 if (errno != ENOENT) {
1094 PLOG(ERROR) << "Couldn't unlink image file " << image_path;
1095 }
1096 }
1097 } else if (!set_permissions_and_ownership(
1098 wrapper_fd.get(), is_public, uid, image_path.c_str(), is_secondary_dex)) {
1099 ALOGE("installd cannot set owner '%s' for image during dexopt\n", image_path.c_str());
1100 wrapper_fd.reset(-1);
1101 }
1102
1103 return wrapper_fd;
1104 }
1105
1106 // Creates the dexopt swap file if necessary and return its fd.
1107 // Returns -1 if there's no need for a swap or in case of errors.
maybe_open_dexopt_swap_file(const char * out_oat_path)1108 unique_fd maybe_open_dexopt_swap_file(const char* out_oat_path) {
1109 if (!ShouldUseSwapFileForDexopt()) {
1110 return invalid_unique_fd();
1111 }
1112 // Make sure there really is enough space.
1113 char swap_file_name[PKG_PATH_MAX];
1114 strcpy(swap_file_name, out_oat_path);
1115 if (!add_extension_to_file_name(swap_file_name, ".swap")) {
1116 return invalid_unique_fd();
1117 }
1118 unique_fd swap_fd(open_output_file(
1119 swap_file_name, /*recreate*/true, /*permissions*/0600));
1120 if (swap_fd.get() < 0) {
1121 // Could not create swap file. Optimistically go on and hope that we can compile
1122 // without it.
1123 ALOGE("installd could not create '%s' for swap during dexopt\n", swap_file_name);
1124 } else {
1125 // Immediately unlink. We don't really want to hit flash.
1126 if (unlink(swap_file_name) < 0) {
1127 PLOG(ERROR) << "Couldn't unlink swap file " << swap_file_name;
1128 }
1129 }
1130 return swap_fd;
1131 }
1132
1133 // Opens the reference profiles if needed.
1134 // Note that the reference profile might not exist so it's OK if the fd will be -1.
maybe_open_reference_profile(const std::string & pkgname,const std::string & dex_path,bool profile_guided,bool is_public,int uid,bool is_secondary_dex)1135 Dex2oatFileWrapper maybe_open_reference_profile(const std::string& pkgname,
1136 const std::string& dex_path, bool profile_guided, bool is_public, int uid,
1137 bool is_secondary_dex) {
1138 // Public apps should not be compiled with profile information ever. Same goes for the special
1139 // package '*' used for the system server.
1140 if (!profile_guided || is_public || (pkgname[0] == '*')) {
1141 return Dex2oatFileWrapper();
1142 }
1143
1144 // Open reference profile in read only mode as dex2oat does not get write permissions.
1145 const std::string location = is_secondary_dex ? dex_path : pkgname;
1146 unique_fd ufd = open_reference_profile(uid, location, /*read_write*/false, is_secondary_dex);
1147 const auto& cleanup = [location, is_secondary_dex]() {
1148 clear_reference_profile(location.c_str(), is_secondary_dex);
1149 };
1150 return Dex2oatFileWrapper(ufd.release(), cleanup);
1151 }
1152
1153 // Opens the vdex files and assigns the input fd to in_vdex_wrapper_fd and the output fd to
1154 // out_vdex_wrapper_fd. Returns true for success or false in case of errors.
open_vdex_files(const char * apk_path,const char * out_oat_path,int dexopt_needed,const char * instruction_set,bool is_public,int uid,bool is_secondary_dex,bool profile_guided,Dex2oatFileWrapper * in_vdex_wrapper_fd,Dex2oatFileWrapper * out_vdex_wrapper_fd)1155 bool open_vdex_files(const char* apk_path, const char* out_oat_path, int dexopt_needed,
1156 const char* instruction_set, bool is_public, int uid, bool is_secondary_dex,
1157 bool profile_guided, Dex2oatFileWrapper* in_vdex_wrapper_fd,
1158 Dex2oatFileWrapper* out_vdex_wrapper_fd) {
1159 CHECK(in_vdex_wrapper_fd != nullptr);
1160 CHECK(out_vdex_wrapper_fd != nullptr);
1161 // Open the existing VDEX. We do this before creating the new output VDEX, which will
1162 // unlink the old one.
1163 char in_odex_path[PKG_PATH_MAX];
1164 int dexopt_action = abs(dexopt_needed);
1165 bool is_odex_location = dexopt_needed < 0;
1166 std::string in_vdex_path_str;
1167
1168 // Infer the name of the output VDEX.
1169 const std::string out_vdex_path_str = create_vdex_filename(out_oat_path);
1170 if (out_vdex_path_str.empty()) {
1171 return false;
1172 }
1173
1174 bool update_vdex_in_place = false;
1175 if (dexopt_action != DEX2OAT_FROM_SCRATCH) {
1176 // Open the possibly existing vdex. If none exist, we pass -1 to dex2oat for input-vdex-fd.
1177 const char* path = nullptr;
1178 if (is_odex_location) {
1179 if (calculate_odex_file_path(in_odex_path, apk_path, instruction_set)) {
1180 path = in_odex_path;
1181 } else {
1182 ALOGE("installd cannot compute input vdex location for '%s'\n", apk_path);
1183 return false;
1184 }
1185 } else {
1186 path = out_oat_path;
1187 }
1188 in_vdex_path_str = create_vdex_filename(path);
1189 if (in_vdex_path_str.empty()) {
1190 ALOGE("installd cannot compute input vdex location for '%s'\n", path);
1191 return false;
1192 }
1193 // We can update in place when all these conditions are met:
1194 // 1) The vdex location to write to is the same as the vdex location to read (vdex files
1195 // on /system typically cannot be updated in place).
1196 // 2) We dex2oat due to boot image change, because we then know the existing vdex file
1197 // cannot be currently used by a running process.
1198 // 3) We are not doing a profile guided compilation, because dexlayout requires two
1199 // different vdex files to operate.
1200 update_vdex_in_place =
1201 (in_vdex_path_str == out_vdex_path_str) &&
1202 (dexopt_action == DEX2OAT_FOR_BOOT_IMAGE) &&
1203 !profile_guided;
1204 if (update_vdex_in_place) {
1205 // Open the file read-write to be able to update it.
1206 in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDWR, 0));
1207 if (in_vdex_wrapper_fd->get() == -1) {
1208 // If we failed to open the file, we cannot update it in place.
1209 update_vdex_in_place = false;
1210 }
1211 } else {
1212 in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDONLY, 0));
1213 }
1214 }
1215
1216 // If we are updating the vdex in place, we do not need to recreate a vdex,
1217 // and can use the same existing one.
1218 if (update_vdex_in_place) {
1219 // We unlink the file in case the invocation of dex2oat fails, to ensure we don't
1220 // have bogus stale vdex files.
1221 out_vdex_wrapper_fd->reset(
1222 in_vdex_wrapper_fd->get(),
1223 [out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); });
1224 // Disable auto close for the in wrapper fd (it will be done when destructing the out
1225 // wrapper).
1226 in_vdex_wrapper_fd->DisableAutoClose();
1227 } else {
1228 out_vdex_wrapper_fd->reset(
1229 open_output_file(out_vdex_path_str.c_str(), /*recreate*/true, /*permissions*/0644),
1230 [out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); });
1231 if (out_vdex_wrapper_fd->get() < 0) {
1232 ALOGE("installd cannot open vdex'%s' during dexopt\n", out_vdex_path_str.c_str());
1233 return false;
1234 }
1235 }
1236 if (!set_permissions_and_ownership(out_vdex_wrapper_fd->get(), is_public, uid,
1237 out_vdex_path_str.c_str(), is_secondary_dex)) {
1238 ALOGE("installd cannot set owner '%s' for vdex during dexopt\n", out_vdex_path_str.c_str());
1239 return false;
1240 }
1241
1242 // If we got here we successfully opened the vdex files.
1243 return true;
1244 }
1245
1246 // Opens the output oat file for the given apk.
1247 // If successful it stores the output path into out_oat_path and returns true.
open_oat_out_file(const char * apk_path,const char * oat_dir,bool is_public,int uid,const char * instruction_set,bool is_secondary_dex,char * out_oat_path)1248 Dex2oatFileWrapper open_oat_out_file(const char* apk_path, const char* oat_dir,
1249 bool is_public, int uid, const char* instruction_set, bool is_secondary_dex,
1250 char* out_oat_path) {
1251 if (!create_oat_out_path(apk_path, instruction_set, oat_dir, is_secondary_dex, out_oat_path)) {
1252 return Dex2oatFileWrapper();
1253 }
1254 const std::string out_oat_path_str(out_oat_path);
1255 Dex2oatFileWrapper wrapper_fd(
1256 open_output_file(out_oat_path, /*recreate*/true, /*permissions*/0644),
1257 [out_oat_path_str]() { unlink(out_oat_path_str.c_str()); });
1258 if (wrapper_fd.get() < 0) {
1259 PLOG(ERROR) << "installd cannot open output during dexopt" << out_oat_path;
1260 } else if (!set_permissions_and_ownership(
1261 wrapper_fd.get(), is_public, uid, out_oat_path, is_secondary_dex)) {
1262 ALOGE("installd cannot set owner '%s' for output during dexopt\n", out_oat_path);
1263 wrapper_fd.reset(-1);
1264 }
1265 return wrapper_fd;
1266 }
1267
1268 // Updates the access times of out_oat_path based on those from apk_path.
update_out_oat_access_times(const char * apk_path,const char * out_oat_path)1269 void update_out_oat_access_times(const char* apk_path, const char* out_oat_path) {
1270 struct stat input_stat;
1271 memset(&input_stat, 0, sizeof(input_stat));
1272 if (stat(apk_path, &input_stat) != 0) {
1273 PLOG(ERROR) << "Could not stat " << apk_path << " during dexopt";
1274 return;
1275 }
1276
1277 struct utimbuf ut;
1278 ut.actime = input_stat.st_atime;
1279 ut.modtime = input_stat.st_mtime;
1280 if (utime(out_oat_path, &ut) != 0) {
1281 PLOG(WARNING) << "Could not update access times for " << apk_path << " during dexopt";
1282 }
1283 }
1284
1285 // Runs (execv) dexoptanalyzer on the given arguments.
1286 // The analyzer will check if the dex_file needs to be (re)compiled to match the compiler_filter.
1287 // If this is for a profile guided compilation, profile_was_updated will tell whether or not
1288 // the profile has changed.
exec_dexoptanalyzer(const std::string & dex_file,const char * instruction_set,const char * compiler_filter,bool profile_was_updated)1289 static void exec_dexoptanalyzer(const std::string& dex_file, const char* instruction_set,
1290 const char* compiler_filter, bool profile_was_updated) {
1291 static const char* DEXOPTANALYZER_BIN = "/system/bin/dexoptanalyzer";
1292 static const unsigned int MAX_INSTRUCTION_SET_LEN = 7;
1293
1294 if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) {
1295 ALOGE("Instruction set %s longer than max length of %d",
1296 instruction_set, MAX_INSTRUCTION_SET_LEN);
1297 return;
1298 }
1299
1300 char dex_file_arg[strlen("--dex-file=") + PKG_PATH_MAX];
1301 char isa_arg[strlen("--isa=") + MAX_INSTRUCTION_SET_LEN];
1302 char compiler_filter_arg[strlen("--compiler-filter=") + kPropertyValueMax];
1303 const char* assume_profile_changed = "--assume-profile-changed";
1304
1305 sprintf(dex_file_arg, "--dex-file=%s", dex_file.c_str());
1306 sprintf(isa_arg, "--isa=%s", instruction_set);
1307 sprintf(compiler_filter_arg, "--compiler-filter=%s", compiler_filter);
1308
1309 // program name, dex file, isa, filter, the final NULL
1310 const char* argv[5 + (profile_was_updated ? 1 : 0)];
1311 int i = 0;
1312 argv[i++] = DEXOPTANALYZER_BIN;
1313 argv[i++] = dex_file_arg;
1314 argv[i++] = isa_arg;
1315 argv[i++] = compiler_filter_arg;
1316 if (profile_was_updated) {
1317 argv[i++] = assume_profile_changed;
1318 }
1319 argv[i] = NULL;
1320
1321 execv(DEXOPTANALYZER_BIN, (char * const *)argv);
1322 ALOGE("execv(%s) failed: %s\n", DEXOPTANALYZER_BIN, strerror(errno));
1323 }
1324
1325 // Prepares the oat dir for the secondary dex files.
prepare_secondary_dex_oat_dir(const std::string & dex_path,int uid,const char * instruction_set,std::string * oat_dir_out)1326 static bool prepare_secondary_dex_oat_dir(const std::string& dex_path, int uid,
1327 const char* instruction_set, std::string* oat_dir_out) {
1328 unsigned long dirIndex = dex_path.rfind('/');
1329 if (dirIndex == std::string::npos) {
1330 LOG(ERROR ) << "Unexpected dir structure for secondary dex " << dex_path;
1331 return false;
1332 }
1333 std::string dex_dir = dex_path.substr(0, dirIndex);
1334
1335 // Create oat file output directory.
1336 mode_t oat_dir_mode = S_IRWXU | S_IRWXG | S_IXOTH;
1337 if (prepare_app_cache_dir(dex_dir, "oat", oat_dir_mode, uid, uid) != 0) {
1338 LOG(ERROR) << "Could not prepare oat dir for secondary dex: " << dex_path;
1339 return false;
1340 }
1341
1342 char oat_dir[PKG_PATH_MAX];
1343 snprintf(oat_dir, PKG_PATH_MAX, "%s/oat", dex_dir.c_str());
1344 oat_dir_out->assign(oat_dir);
1345
1346 // Create oat/isa output directory.
1347 if (prepare_app_cache_dir(*oat_dir_out, instruction_set, oat_dir_mode, uid, uid) != 0) {
1348 LOG(ERROR) << "Could not prepare oat/isa dir for secondary dex: " << dex_path;
1349 return false;
1350 }
1351
1352 return true;
1353 }
1354
1355 static int constexpr DEXOPTANALYZER_BIN_EXEC_ERROR = 200;
1356
1357 // Verifies the result of dexoptanalyzer executed for the apk_path.
1358 // If the result is valid returns true and sets dexopt_needed_out to a valid value.
1359 // Returns false for errors or unexpected result values.
process_dexoptanalyzer_result(const std::string & dex_path,int result,int * dexopt_needed_out)1360 static bool process_dexoptanalyzer_result(const std::string& dex_path, int result,
1361 int* dexopt_needed_out) {
1362 // The result values are defined in dexoptanalyzer.
1363 switch (result) {
1364 case 0: // no_dexopt_needed
1365 *dexopt_needed_out = NO_DEXOPT_NEEDED; return true;
1366 case 1: // dex2oat_from_scratch
1367 *dexopt_needed_out = DEX2OAT_FROM_SCRATCH; return true;
1368 case 5: // dex2oat_for_bootimage_odex
1369 *dexopt_needed_out = -DEX2OAT_FOR_BOOT_IMAGE; return true;
1370 case 6: // dex2oat_for_filter_odex
1371 *dexopt_needed_out = -DEX2OAT_FOR_FILTER; return true;
1372 case 7: // dex2oat_for_relocation_odex
1373 *dexopt_needed_out = -DEX2OAT_FOR_RELOCATION; return true;
1374 case 2: // dex2oat_for_bootimage_oat
1375 case 3: // dex2oat_for_filter_oat
1376 case 4: // dex2oat_for_relocation_oat
1377 LOG(ERROR) << "Dexoptnalyzer return the status of an oat file."
1378 << " Expected odex file status for secondary dex " << dex_path
1379 << " : dexoptanalyzer result=" << result;
1380 return false;
1381 default:
1382 LOG(ERROR) << "Unexpected result for dexoptanalyzer " << dex_path
1383 << " exec_dexoptanalyzer result=" << result;
1384 return false;
1385 }
1386 }
1387
1388 // Processes the dex_path as a secondary dex files and return true if the path dex file should
1389 // be compiled. Returns false for errors (logged) or true if the secondary dex path was process
1390 // successfully.
1391 // When returning true, the output parameters will be:
1392 // - is_public_out: whether or not the oat file should not be made public
1393 // - dexopt_needed_out: valid OatFileAsssitant::DexOptNeeded
1394 // - oat_dir_out: the oat dir path where the oat file should be stored
1395 // - dex_path_out: the real path of the dex file
process_secondary_dex_dexopt(const char * original_dex_path,const char * pkgname,int dexopt_flags,const char * volume_uuid,int uid,const char * instruction_set,const char * compiler_filter,bool * is_public_out,int * dexopt_needed_out,std::string * oat_dir_out,std::string * dex_path_out)1396 static bool process_secondary_dex_dexopt(const char* original_dex_path, const char* pkgname,
1397 int dexopt_flags, const char* volume_uuid, int uid, const char* instruction_set,
1398 const char* compiler_filter, bool* is_public_out, int* dexopt_needed_out,
1399 std::string* oat_dir_out, std::string* dex_path_out) {
1400 int storage_flag;
1401
1402 if ((dexopt_flags & DEXOPT_STORAGE_CE) != 0) {
1403 storage_flag = FLAG_STORAGE_CE;
1404 if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) {
1405 LOG(ERROR) << "Ambiguous secondary dex storage flag. Both, CE and DE, flags are set";
1406 return false;
1407 }
1408 } else if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) {
1409 storage_flag = FLAG_STORAGE_DE;
1410 } else {
1411 LOG(ERROR) << "Secondary dex storage flag must be set";
1412 return false;
1413 }
1414
1415 {
1416 // As opposed to the primary apk, secondary dex files might contain symlinks.
1417 // Resolve the path before passing it to the validate method to
1418 // make sure the verification is done on the real location.
1419 UniqueCPtr<char> dex_real_path_cstr(realpath(original_dex_path, nullptr));
1420 if (dex_real_path_cstr == nullptr) {
1421 PLOG(ERROR) << "Could not get the real path of the secondary dex file "
1422 << original_dex_path;
1423 return false;
1424 } else {
1425 dex_path_out->assign(dex_real_path_cstr.get());
1426 }
1427 }
1428 const std::string& dex_path = *dex_path_out;
1429 if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid, uid, storage_flag)) {
1430 LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
1431 return false;
1432 }
1433
1434 // Check if the path exist. If not, there's nothing to do.
1435 struct stat dex_path_stat;
1436 if (stat(dex_path.c_str(), &dex_path_stat) != 0) {
1437 if (errno == ENOENT) {
1438 // Secondary dex files might be deleted any time by the app.
1439 // Nothing to do if that's the case
1440 ALOGV("Secondary dex does not exist %s", dex_path.c_str());
1441 return NO_DEXOPT_NEEDED;
1442 } else {
1443 PLOG(ERROR) << "Could not access secondary dex " << dex_path;
1444 }
1445 }
1446
1447 // Check if we should make the oat file public.
1448 // Note that if the dex file is not public the compiled code cannot be made public.
1449 *is_public_out = ((dexopt_flags & DEXOPT_PUBLIC) != 0) &&
1450 ((dex_path_stat.st_mode & S_IROTH) != 0);
1451
1452 // Prepare the oat directories.
1453 if (!prepare_secondary_dex_oat_dir(dex_path, uid, instruction_set, oat_dir_out)) {
1454 return false;
1455 }
1456
1457 // Analyze profiles.
1458 bool profile_was_updated = analyze_profiles(uid, dex_path, /*is_secondary_dex*/true);
1459
1460 pid_t pid = fork();
1461 if (pid == 0) {
1462 // child -- drop privileges before continuing.
1463 drop_capabilities(uid);
1464 // Run dexoptanalyzer to get dexopt_needed code.
1465 exec_dexoptanalyzer(dex_path, instruction_set, compiler_filter, profile_was_updated);
1466 exit(DEXOPTANALYZER_BIN_EXEC_ERROR);
1467 }
1468
1469 /* parent */
1470
1471 int result = wait_child(pid);
1472 if (!WIFEXITED(result)) {
1473 LOG(ERROR) << "dexoptanalyzer failed for path " << dex_path << ": " << result;
1474 return false;
1475 }
1476 result = WEXITSTATUS(result);
1477 bool success = process_dexoptanalyzer_result(dex_path, result, dexopt_needed_out);
1478 // Run dexopt only if needed or forced.
1479 // Note that dexoptanalyzer is executed even if force compilation is enabled.
1480 // We ignore its valid dexopNeeded result, but still check (in process_dexoptanalyzer_result)
1481 // that we only get results for odex files (apk_dir/oat/isa/code.odex) and not
1482 // for oat files from dalvik-cache.
1483 if (success && ((dexopt_flags & DEXOPT_FORCE) != 0)) {
1484 *dexopt_needed_out = DEX2OAT_FROM_SCRATCH;
1485 }
1486
1487 return success;
1488 }
1489
dexopt(const char * dex_path,uid_t uid,const char * pkgname,const char * instruction_set,int dexopt_needed,const char * oat_dir,int dexopt_flags,const char * compiler_filter,const char * volume_uuid,const char * shared_libraries,const char * se_info)1490 int dexopt(const char* dex_path, uid_t uid, const char* pkgname, const char* instruction_set,
1491 int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter,
1492 const char* volume_uuid, const char* shared_libraries, const char* se_info) {
1493 CHECK(pkgname != nullptr);
1494 CHECK(pkgname[0] != 0);
1495 if ((dexopt_flags & ~DEXOPT_MASK) != 0) {
1496 LOG_FATAL("dexopt flags contains unknown fields\n");
1497 }
1498
1499 bool is_public = (dexopt_flags & DEXOPT_PUBLIC) != 0;
1500 bool debuggable = (dexopt_flags & DEXOPT_DEBUGGABLE) != 0;
1501 bool boot_complete = (dexopt_flags & DEXOPT_BOOTCOMPLETE) != 0;
1502 bool profile_guided = (dexopt_flags & DEXOPT_PROFILE_GUIDED) != 0;
1503 bool is_secondary_dex = (dexopt_flags & DEXOPT_SECONDARY_DEX) != 0;
1504
1505 // Check if we're dealing with a secondary dex file and if we need to compile it.
1506 std::string oat_dir_str;
1507 std::string dex_real_path;
1508 if (is_secondary_dex) {
1509 if (process_secondary_dex_dexopt(dex_path, pkgname, dexopt_flags, volume_uuid, uid,
1510 instruction_set, compiler_filter, &is_public, &dexopt_needed, &oat_dir_str,
1511 &dex_real_path)) {
1512 oat_dir = oat_dir_str.c_str();
1513 dex_path = dex_real_path.c_str();
1514 if (dexopt_needed == NO_DEXOPT_NEEDED) {
1515 return 0; // Nothing to do, report success.
1516 }
1517 } else {
1518 return -1; // We had an error, logged in the process method.
1519 }
1520 } else {
1521 // Currently these flags are only use for secondary dex files.
1522 // Verify that they are not set for primary apks.
1523 CHECK((dexopt_flags & DEXOPT_STORAGE_CE) == 0);
1524 CHECK((dexopt_flags & DEXOPT_STORAGE_DE) == 0);
1525 }
1526
1527 // Open the input file.
1528 unique_fd input_fd(open(dex_path, O_RDONLY, 0));
1529 if (input_fd.get() < 0) {
1530 ALOGE("installd cannot open '%s' for input during dexopt\n", dex_path);
1531 return -1;
1532 }
1533
1534 // Create the output OAT file.
1535 char out_oat_path[PKG_PATH_MAX];
1536 Dex2oatFileWrapper out_oat_fd = open_oat_out_file(dex_path, oat_dir, is_public, uid,
1537 instruction_set, is_secondary_dex, out_oat_path);
1538 if (out_oat_fd.get() < 0) {
1539 return -1;
1540 }
1541
1542 // Open vdex files.
1543 Dex2oatFileWrapper in_vdex_fd;
1544 Dex2oatFileWrapper out_vdex_fd;
1545 if (!open_vdex_files(dex_path, out_oat_path, dexopt_needed, instruction_set, is_public, uid,
1546 is_secondary_dex, profile_guided, &in_vdex_fd, &out_vdex_fd)) {
1547 return -1;
1548 }
1549
1550 // Ensure that the oat dir and the compiler artifacts of secondary dex files have the correct
1551 // selinux context (we generate them on the fly during the dexopt invocation and they don't
1552 // fully inherit their parent context).
1553 // Note that for primary apk the oat files are created before, in a separate installd
1554 // call which also does the restorecon. TODO(calin): unify the paths.
1555 if (is_secondary_dex) {
1556 if (selinux_android_restorecon_pkgdir(oat_dir, se_info, uid,
1557 SELINUX_ANDROID_RESTORECON_RECURSE)) {
1558 LOG(ERROR) << "Failed to restorecon " << oat_dir;
1559 return -1;
1560 }
1561 }
1562
1563 // Create a swap file if necessary.
1564 unique_fd swap_fd = maybe_open_dexopt_swap_file(out_oat_path);
1565
1566 // Create the app image file if needed.
1567 Dex2oatFileWrapper image_fd =
1568 maybe_open_app_image(out_oat_path, profile_guided, is_public, uid, is_secondary_dex);
1569
1570 // Open the reference profile if needed.
1571 Dex2oatFileWrapper reference_profile_fd = maybe_open_reference_profile(
1572 pkgname, dex_path, profile_guided, is_public, uid, is_secondary_dex);
1573
1574 ALOGV("DexInv: --- BEGIN '%s' ---\n", dex_path);
1575
1576 pid_t pid = fork();
1577 if (pid == 0) {
1578 /* child -- drop privileges before continuing */
1579 drop_capabilities(uid);
1580
1581 SetDex2OatScheduling(boot_complete);
1582 if (flock(out_oat_fd.get(), LOCK_EX | LOCK_NB) != 0) {
1583 ALOGE("flock(%s) failed: %s\n", out_oat_path, strerror(errno));
1584 _exit(67);
1585 }
1586
1587 run_dex2oat(input_fd.get(),
1588 out_oat_fd.get(),
1589 in_vdex_fd.get(),
1590 out_vdex_fd.get(),
1591 image_fd.get(),
1592 dex_path,
1593 out_oat_path,
1594 swap_fd.get(),
1595 instruction_set,
1596 compiler_filter,
1597 debuggable,
1598 boot_complete,
1599 reference_profile_fd.get(),
1600 shared_libraries);
1601 _exit(68); /* only get here on exec failure */
1602 } else {
1603 int res = wait_child(pid);
1604 if (res == 0) {
1605 ALOGV("DexInv: --- END '%s' (success) ---\n", dex_path);
1606 } else {
1607 ALOGE("DexInv: --- END '%s' --- status=0x%04x, process failed\n", dex_path, res);
1608 return res;
1609 }
1610 }
1611
1612 update_out_oat_access_times(dex_path, out_oat_path);
1613
1614 // We've been successful, don't delete output.
1615 out_oat_fd.SetCleanup(false);
1616 out_vdex_fd.SetCleanup(false);
1617 image_fd.SetCleanup(false);
1618 reference_profile_fd.SetCleanup(false);
1619
1620 return 0;
1621 }
1622
1623 // Try to remove the given directory. Log an error if the directory exists
1624 // and is empty but could not be removed.
rmdir_if_empty(const char * dir)1625 static bool rmdir_if_empty(const char* dir) {
1626 if (rmdir(dir) == 0) {
1627 return true;
1628 }
1629 if (errno == ENOENT || errno == ENOTEMPTY) {
1630 return true;
1631 }
1632 PLOG(ERROR) << "Failed to remove dir: " << dir;
1633 return false;
1634 }
1635
1636 // Try to unlink the given file. Log an error if the file exists and could not
1637 // be unlinked.
unlink_if_exists(const std::string & file)1638 static bool unlink_if_exists(const std::string& file) {
1639 if (unlink(file.c_str()) == 0) {
1640 return true;
1641 }
1642 if (errno == ENOENT) {
1643 return true;
1644
1645 }
1646 PLOG(ERROR) << "Could not unlink: " << file;
1647 return false;
1648 }
1649
1650 // Create the oat file structure for the secondary dex 'dex_path' and assign
1651 // the individual path component to the 'out_' parameters.
create_secondary_dex_oat_layout(const std::string & dex_path,const std::string & isa,char * out_oat_dir,char * out_oat_isa_dir,char * out_oat_path)1652 static bool create_secondary_dex_oat_layout(const std::string& dex_path, const std::string& isa,
1653 /*out*/char* out_oat_dir, /*out*/char* out_oat_isa_dir, /*out*/char* out_oat_path) {
1654 size_t dirIndex = dex_path.rfind('/');
1655 if (dirIndex == std::string::npos) {
1656 LOG(ERROR) << "Unexpected dir structure for dex file " << dex_path;
1657 return false;
1658 }
1659 // TODO(calin): we have similar computations in at lest 3 other places
1660 // (InstalldNativeService, otapropt and dexopt). Unify them and get rid of snprintf by
1661 // use string append.
1662 std::string apk_dir = dex_path.substr(0, dirIndex);
1663 snprintf(out_oat_dir, PKG_PATH_MAX, "%s/oat", apk_dir.c_str());
1664 snprintf(out_oat_isa_dir, PKG_PATH_MAX, "%s/%s", out_oat_dir, isa.c_str());
1665
1666 if (!create_oat_out_path(dex_path.c_str(), isa.c_str(), out_oat_dir,
1667 /*is_secondary_dex*/true, out_oat_path)) {
1668 LOG(ERROR) << "Could not create oat path for secondary dex " << dex_path;
1669 return false;
1670 }
1671 return true;
1672 }
1673
1674 // Reconcile the secondary dex 'dex_path' and its generated oat files.
1675 // Return true if all the parameters are valid and the secondary dex file was
1676 // processed successfully (i.e. the dex_path either exists, or if not, its corresponding
1677 // oat/vdex/art files where deleted successfully). In this case, out_secondary_dex_exists
1678 // will be true if the secondary dex file still exists. If the secondary dex file does not exist,
1679 // the method cleans up any previously generated compiler artifacts (oat, vdex, art).
1680 // Return false if there were errors during processing. In this case
1681 // out_secondary_dex_exists will be set to false.
reconcile_secondary_dex_file(const std::string & dex_path,const std::string & pkgname,int uid,const std::vector<std::string> & isas,const std::unique_ptr<std::string> & volume_uuid,int storage_flag,bool * out_secondary_dex_exists)1682 bool reconcile_secondary_dex_file(const std::string& dex_path,
1683 const std::string& pkgname, int uid, const std::vector<std::string>& isas,
1684 const std::unique_ptr<std::string>& volume_uuid, int storage_flag,
1685 /*out*/bool* out_secondary_dex_exists) {
1686 // Set out to false to start with, just in case we have validation errors.
1687 *out_secondary_dex_exists = false;
1688 if (isas.size() == 0) {
1689 LOG(ERROR) << "reconcile_secondary_dex_file called with empty isas vector";
1690 return false;
1691 }
1692
1693 const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str();
1694 if (!validate_secondary_dex_path(pkgname.c_str(), dex_path.c_str(), volume_uuid_cstr,
1695 uid, storage_flag)) {
1696 LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
1697 return false;
1698 }
1699
1700 if (access(dex_path.c_str(), F_OK) == 0) {
1701 // The path exists, nothing to do. The odex files (if any) will be left untouched.
1702 *out_secondary_dex_exists = true;
1703 return true;
1704 } else if (errno != ENOENT) {
1705 PLOG(ERROR) << "Failed to check access to secondary dex " << dex_path;
1706 return false;
1707 }
1708
1709 // The secondary dex does not exist anymore. Clear any generated files.
1710 char oat_path[PKG_PATH_MAX];
1711 char oat_dir[PKG_PATH_MAX];
1712 char oat_isa_dir[PKG_PATH_MAX];
1713 bool result = true;
1714 for (size_t i = 0; i < isas.size(); i++) {
1715 if (!create_secondary_dex_oat_layout(dex_path, isas[i], oat_dir, oat_isa_dir, oat_path)) {
1716 LOG(ERROR) << "Could not create secondary odex layout: " << dex_path;
1717 result = false;
1718 continue;
1719 }
1720
1721 // Delete oat/vdex/art files.
1722 result = unlink_if_exists(oat_path) && result;
1723 result = unlink_if_exists(create_vdex_filename(oat_path)) && result;
1724 result = unlink_if_exists(create_image_filename(oat_path)) && result;
1725
1726 // Delete profiles.
1727 std::string current_profile = create_current_profile_path(
1728 multiuser_get_user_id(uid), dex_path, /*is_secondary*/true);
1729 std::string reference_profile = create_reference_profile_path(
1730 dex_path, /*is_secondary*/true);
1731 result = unlink_if_exists(current_profile) && result;
1732 result = unlink_if_exists(reference_profile) && result;
1733
1734 // Try removing the directories as well, they might be empty.
1735 result = rmdir_if_empty(oat_isa_dir) && result;
1736 result = rmdir_if_empty(oat_dir) && result;
1737 }
1738
1739 return result;
1740 }
1741
1742 // Helper for move_ab, so that we can have common failure-case cleanup.
unlink_and_rename(const char * from,const char * to)1743 static bool unlink_and_rename(const char* from, const char* to) {
1744 // Check whether "from" exists, and if so whether it's regular. If it is, unlink. Otherwise,
1745 // return a failure.
1746 struct stat s;
1747 if (stat(to, &s) == 0) {
1748 if (!S_ISREG(s.st_mode)) {
1749 LOG(ERROR) << from << " is not a regular file to replace for A/B.";
1750 return false;
1751 }
1752 if (unlink(to) != 0) {
1753 LOG(ERROR) << "Could not unlink " << to << " to move A/B.";
1754 return false;
1755 }
1756 } else {
1757 // This may be a permission problem. We could investigate the error code, but we'll just
1758 // let the rename failure do the work for us.
1759 }
1760
1761 // Try to rename "to" to "from."
1762 if (rename(from, to) != 0) {
1763 PLOG(ERROR) << "Could not rename " << from << " to " << to;
1764 return false;
1765 }
1766 return true;
1767 }
1768
1769 // Move/rename a B artifact (from) to an A artifact (to).
move_ab_path(const std::string & b_path,const std::string & a_path)1770 static bool move_ab_path(const std::string& b_path, const std::string& a_path) {
1771 // Check whether B exists.
1772 {
1773 struct stat s;
1774 if (stat(b_path.c_str(), &s) != 0) {
1775 // Silently ignore for now. The service calling this isn't smart enough to understand
1776 // lack of artifacts at the moment.
1777 return false;
1778 }
1779 if (!S_ISREG(s.st_mode)) {
1780 LOG(ERROR) << "A/B artifact " << b_path << " is not a regular file.";
1781 // Try to unlink, but swallow errors.
1782 unlink(b_path.c_str());
1783 return false;
1784 }
1785 }
1786
1787 // Rename B to A.
1788 if (!unlink_and_rename(b_path.c_str(), a_path.c_str())) {
1789 // Delete the b_path so we don't try again (or fail earlier).
1790 if (unlink(b_path.c_str()) != 0) {
1791 PLOG(ERROR) << "Could not unlink " << b_path;
1792 }
1793
1794 return false;
1795 }
1796
1797 return true;
1798 }
1799
move_ab(const char * apk_path,const char * instruction_set,const char * oat_dir)1800 bool move_ab(const char* apk_path, const char* instruction_set, const char* oat_dir) {
1801 // Get the current slot suffix. No suffix, no A/B.
1802 std::string slot_suffix;
1803 {
1804 char buf[kPropertyValueMax];
1805 if (get_property("ro.boot.slot_suffix", buf, nullptr) <= 0) {
1806 return false;
1807 }
1808 slot_suffix = buf;
1809
1810 if (!ValidateTargetSlotSuffix(slot_suffix)) {
1811 LOG(ERROR) << "Target slot suffix not legal: " << slot_suffix;
1812 return false;
1813 }
1814 }
1815
1816 // Validate other inputs.
1817 if (validate_apk_path(apk_path) != 0) {
1818 LOG(ERROR) << "Invalid apk_path: " << apk_path;
1819 return false;
1820 }
1821 if (validate_apk_path(oat_dir) != 0) {
1822 LOG(ERROR) << "Invalid oat_dir: " << oat_dir;
1823 return false;
1824 }
1825
1826 char a_path[PKG_PATH_MAX];
1827 if (!calculate_oat_file_path(a_path, oat_dir, apk_path, instruction_set)) {
1828 return false;
1829 }
1830 const std::string a_vdex_path = create_vdex_filename(a_path);
1831 const std::string a_image_path = create_image_filename(a_path);
1832
1833 // B path = A path + slot suffix.
1834 const std::string b_path = StringPrintf("%s.%s", a_path, slot_suffix.c_str());
1835 const std::string b_vdex_path = StringPrintf("%s.%s", a_vdex_path.c_str(), slot_suffix.c_str());
1836 const std::string b_image_path = StringPrintf("%s.%s",
1837 a_image_path.c_str(),
1838 slot_suffix.c_str());
1839
1840 bool success = true;
1841 if (move_ab_path(b_path, a_path)) {
1842 if (move_ab_path(b_vdex_path, a_vdex_path)) {
1843 // Note: we can live without an app image. As such, ignore failure to move the image file.
1844 // If we decide to require the app image, or the app image being moved correctly,
1845 // then change accordingly.
1846 constexpr bool kIgnoreAppImageFailure = true;
1847
1848 if (!a_image_path.empty()) {
1849 if (!move_ab_path(b_image_path, a_image_path)) {
1850 unlink(a_image_path.c_str());
1851 if (!kIgnoreAppImageFailure) {
1852 success = false;
1853 }
1854 }
1855 }
1856 } else {
1857 // Cleanup: delete B image, ignore errors.
1858 unlink(b_image_path.c_str());
1859 success = false;
1860 }
1861 } else {
1862 // Cleanup: delete B image, ignore errors.
1863 unlink(b_vdex_path.c_str());
1864 unlink(b_image_path.c_str());
1865 success = false;
1866 }
1867 return success;
1868 }
1869
delete_odex(const char * apk_path,const char * instruction_set,const char * oat_dir)1870 bool delete_odex(const char* apk_path, const char* instruction_set, const char* oat_dir) {
1871 // Delete the oat/odex file.
1872 char out_path[PKG_PATH_MAX];
1873 if (!create_oat_out_path(apk_path, instruction_set, oat_dir,
1874 /*is_secondary_dex*/false, out_path)) {
1875 return false;
1876 }
1877
1878 // In case of a permission failure report the issue. Otherwise just print a warning.
1879 auto unlink_and_check = [](const char* path) -> bool {
1880 int result = unlink(path);
1881 if (result != 0) {
1882 if (errno == EACCES || errno == EPERM) {
1883 PLOG(ERROR) << "Could not unlink " << path;
1884 return false;
1885 }
1886 PLOG(WARNING) << "Could not unlink " << path;
1887 }
1888 return true;
1889 };
1890
1891 // Delete the oat/odex file.
1892 bool return_value_oat = unlink_and_check(out_path);
1893
1894 // Derive and delete the app image.
1895 bool return_value_art = unlink_and_check(create_image_filename(out_path).c_str());
1896
1897 // Derive and delete the vdex file.
1898 bool return_value_vdex = unlink_and_check(create_vdex_filename(out_path).c_str());
1899
1900 // Report success.
1901 return return_value_oat && return_value_art && return_value_vdex;
1902 }
1903
1904 } // namespace installd
1905 } // namespace android
1906