1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include "idmap2/Idmap.h" 18 19 #include <algorithm> 20 #include <iostream> 21 #include <iterator> 22 #include <limits> 23 #include <map> 24 #include <memory> 25 #include <set> 26 #include <string> 27 #include <utility> 28 #include <vector> 29 30 #include "android-base/macros.h" 31 #include "android-base/stringprintf.h" 32 #include "androidfw/AssetManager2.h" 33 #include "idmap2/ResourceUtils.h" 34 #include "idmap2/Result.h" 35 #include "idmap2/SysTrace.h" 36 #include "idmap2/ZipFile.h" 37 #include "utils/String16.h" 38 #include "utils/String8.h" 39 40 namespace android::idmap2 { 41 42 namespace { 43 44 #define EXTRACT_TYPE(resid) ((0x00ff0000 & (resid)) >> 16) 45 46 #define EXTRACT_ENTRY(resid) (0x0000ffff & (resid)) 47 48 class MatchingResources { 49 public: 50 void Add(ResourceId target_resid, ResourceId overlay_resid) { 51 TypeId target_typeid = EXTRACT_TYPE(target_resid); 52 if (map_.find(target_typeid) == map_.end()) { 53 map_.emplace(target_typeid, std::set<std::pair<ResourceId, ResourceId>>()); 54 } 55 map_[target_typeid].insert(std::make_pair(target_resid, overlay_resid)); 56 } 57 58 inline const std::map<TypeId, std::set<std::pair<ResourceId, ResourceId>>>& WARN_UNUSED 59 Map() const { 60 return map_; 61 } 62 63 private: 64 // target type id -> set { pair { overlay entry id, overlay entry id } } 65 std::map<TypeId, std::set<std::pair<ResourceId, ResourceId>>> map_; 66 }; 67 68 bool WARN_UNUSED Read16(std::istream& stream, uint16_t* out) { 69 uint16_t value; 70 if (stream.read(reinterpret_cast<char*>(&value), sizeof(uint16_t))) { 71 *out = dtohl(value); 72 return true; 73 } 74 return false; 75 } 76 77 bool WARN_UNUSED Read32(std::istream& stream, uint32_t* out) { 78 uint32_t value; 79 if (stream.read(reinterpret_cast<char*>(&value), sizeof(uint32_t))) { 80 *out = dtohl(value); 81 return true; 82 } 83 return false; 84 } 85 86 // a string is encoded as a kIdmapStringLength char array; the array is always null-terminated 87 bool WARN_UNUSED ReadString(std::istream& stream, char out[kIdmapStringLength]) { 88 char buf[kIdmapStringLength]; 89 memset(buf, 0, sizeof(buf)); 90 if (!stream.read(buf, sizeof(buf))) { 91 return false; 92 } 93 if (buf[sizeof(buf) - 1] != '\0') { 94 return false; 95 } 96 memcpy(out, buf, sizeof(buf)); 97 return true; 98 } 99 100 ResourceId NameToResid(const AssetManager2& am, const std::string& name) { 101 return am.GetResourceId(name); 102 } 103 104 // TODO(martenkongstad): scan for package name instead of assuming package at index 0 105 // 106 // idmap version 0x01 naively assumes that the package to use is always the first ResTable_package 107 // in the resources.arsc blob. In most cases, there is only a single ResTable_package anyway, so 108 // this assumption tends to work out. That said, the correct thing to do is to scan 109 // resources.arsc for a package with a given name as read from the package manifest instead of 110 // relying on a hard-coded index. This however requires storing the package name in the idmap 111 // header, which in turn requires incrementing the idmap version. Because the initial version of 112 // idmap2 is compatible with idmap, this will have to wait for now. 113 const LoadedPackage* GetPackageAtIndex0(const LoadedArsc& loaded_arsc) { 114 const std::vector<std::unique_ptr<const LoadedPackage>>& packages = loaded_arsc.GetPackages(); 115 if (packages.empty()) { 116 return nullptr; 117 } 118 int id = packages[0]->GetPackageId(); 119 return loaded_arsc.GetPackageById(id); 120 } 121 122 Result<uint32_t> GetCrc(const ZipFile& zip) { 123 const Result<uint32_t> a = zip.Crc("resources.arsc"); 124 const Result<uint32_t> b = zip.Crc("AndroidManifest.xml"); 125 return a && b 126 ? Result<uint32_t>(*a ^ *b) 127 : Error("failed to get CRC for \"%s\"", a ? "AndroidManifest.xml" : "resources.arsc"); 128 } 129 130 } // namespace 131 132 std::unique_ptr<const IdmapHeader> IdmapHeader::FromBinaryStream(std::istream& stream) { 133 std::unique_ptr<IdmapHeader> idmap_header(new IdmapHeader()); 134 135 if (!Read32(stream, &idmap_header->magic_) || !Read32(stream, &idmap_header->version_) || 136 !Read32(stream, &idmap_header->target_crc_) || !Read32(stream, &idmap_header->overlay_crc_) || 137 !ReadString(stream, idmap_header->target_path_) || 138 !ReadString(stream, idmap_header->overlay_path_)) { 139 return nullptr; 140 } 141 142 return std::move(idmap_header); 143 } 144 145 Result<Unit> IdmapHeader::IsUpToDate() const { 146 if (magic_ != kIdmapMagic) { 147 return Error("bad magic: actual 0x%08x, expected 0x%08x", magic_, kIdmapMagic); 148 } 149 150 if (version_ != kIdmapCurrentVersion) { 151 return Error("bad version: actual 0x%08x, expected 0x%08x", version_, kIdmapCurrentVersion); 152 } 153 154 const std::unique_ptr<const ZipFile> target_zip = ZipFile::Open(target_path_); 155 if (!target_zip) { 156 return Error("failed to open target %s", GetTargetPath().to_string().c_str()); 157 } 158 159 Result<uint32_t> target_crc = GetCrc(*target_zip); 160 if (!target_crc) { 161 return Error("failed to get target crc"); 162 } 163 164 if (target_crc_ != *target_crc) { 165 return Error("bad target crc: idmap version 0x%08x, file system version 0x%08x", target_crc_, 166 *target_crc); 167 } 168 169 const std::unique_ptr<const ZipFile> overlay_zip = ZipFile::Open(overlay_path_); 170 if (!overlay_zip) { 171 return Error("failed to open overlay %s", GetOverlayPath().to_string().c_str()); 172 } 173 174 Result<uint32_t> overlay_crc = GetCrc(*overlay_zip); 175 if (!overlay_crc) { 176 return Error("failed to get overlay crc"); 177 } 178 179 if (overlay_crc_ != *overlay_crc) { 180 return Error("bad overlay crc: idmap version 0x%08x, file system version 0x%08x", overlay_crc_, 181 *overlay_crc); 182 } 183 184 return Unit{}; 185 } 186 187 std::unique_ptr<const IdmapData::Header> IdmapData::Header::FromBinaryStream(std::istream& stream) { 188 std::unique_ptr<IdmapData::Header> idmap_data_header(new IdmapData::Header()); 189 190 uint16_t target_package_id16; 191 if (!Read16(stream, &target_package_id16) || !Read16(stream, &idmap_data_header->type_count_)) { 192 return nullptr; 193 } 194 idmap_data_header->target_package_id_ = target_package_id16; 195 196 return std::move(idmap_data_header); 197 } 198 199 std::unique_ptr<const IdmapData::TypeEntry> IdmapData::TypeEntry::FromBinaryStream( 200 std::istream& stream) { 201 std::unique_ptr<IdmapData::TypeEntry> data(new IdmapData::TypeEntry()); 202 uint16_t target_type16; 203 uint16_t overlay_type16; 204 uint16_t entry_count; 205 if (!Read16(stream, &target_type16) || !Read16(stream, &overlay_type16) || 206 !Read16(stream, &entry_count) || !Read16(stream, &data->entry_offset_)) { 207 return nullptr; 208 } 209 data->target_type_id_ = target_type16; 210 data->overlay_type_id_ = overlay_type16; 211 for (uint16_t i = 0; i < entry_count; i++) { 212 ResourceId resid; 213 if (!Read32(stream, &resid)) { 214 return nullptr; 215 } 216 data->entries_.push_back(resid); 217 } 218 219 return std::move(data); 220 } 221 222 std::unique_ptr<const IdmapData> IdmapData::FromBinaryStream(std::istream& stream) { 223 std::unique_ptr<IdmapData> data(new IdmapData()); 224 data->header_ = IdmapData::Header::FromBinaryStream(stream); 225 if (!data->header_) { 226 return nullptr; 227 } 228 for (size_t type_count = 0; type_count < data->header_->GetTypeCount(); type_count++) { 229 std::unique_ptr<const TypeEntry> type = IdmapData::TypeEntry::FromBinaryStream(stream); 230 if (!type) { 231 return nullptr; 232 } 233 data->type_entries_.push_back(std::move(type)); 234 } 235 return std::move(data); 236 } 237 238 std::string Idmap::CanonicalIdmapPathFor(const std::string& absolute_dir, 239 const std::string& absolute_apk_path) { 240 assert(absolute_dir.size() > 0 && absolute_dir[0] == "/"); 241 assert(absolute_apk_path.size() > 0 && absolute_apk_path[0] == "/"); 242 std::string copy(++absolute_apk_path.cbegin(), absolute_apk_path.cend()); 243 replace(copy.begin(), copy.end(), '/', '@'); 244 return absolute_dir + "/" + copy + "@idmap"; 245 } 246 247 Result<std::unique_ptr<const Idmap>> Idmap::FromBinaryStream(std::istream& stream) { 248 SYSTRACE << "Idmap::FromBinaryStream"; 249 std::unique_ptr<Idmap> idmap(new Idmap()); 250 251 idmap->header_ = IdmapHeader::FromBinaryStream(stream); 252 if (!idmap->header_) { 253 return Error("failed to parse idmap header"); 254 } 255 256 // idmap version 0x01 does not specify the number of data blocks that follow 257 // the idmap header; assume exactly one data block 258 for (int i = 0; i < 1; i++) { 259 std::unique_ptr<const IdmapData> data = IdmapData::FromBinaryStream(stream); 260 if (!data) { 261 return Error("failed to parse data block %d", i); 262 } 263 idmap->data_.push_back(std::move(data)); 264 } 265 266 return {std::move(idmap)}; 267 } 268 269 std::string ConcatPolicies(const std::vector<std::string>& policies) { 270 std::string message; 271 for (const std::string& policy : policies) { 272 if (!message.empty()) { 273 message.append("|"); 274 } 275 message.append(policy); 276 } 277 278 return message; 279 } 280 281 Result<Unit> CheckOverlayable(const LoadedPackage& target_package, 282 const utils::OverlayManifestInfo& overlay_info, 283 const PolicyBitmask& fulfilled_policies, const ResourceId& resid) { 284 static constexpr const PolicyBitmask sDefaultPolicies = 285 PolicyFlags::POLICY_ODM_PARTITION | PolicyFlags::POLICY_OEM_PARTITION | 286 PolicyFlags::POLICY_SYSTEM_PARTITION | PolicyFlags::POLICY_VENDOR_PARTITION | 287 PolicyFlags::POLICY_PRODUCT_PARTITION | PolicyFlags::POLICY_SIGNATURE; 288 289 // If the resource does not have an overlayable definition, allow the resource to be overlaid if 290 // the overlay is preinstalled or signed with the same signature as the target. 291 if (!target_package.DefinesOverlayable()) { 292 return (sDefaultPolicies & fulfilled_policies) != 0 293 ? Result<Unit>({}) 294 : Error( 295 "overlay must be preinstalled or signed with the same signature as the " 296 "target"); 297 } 298 299 const OverlayableInfo* overlayable_info = target_package.GetOverlayableInfo(resid); 300 if (overlayable_info == nullptr) { 301 // Do not allow non-overlayable resources to be overlaid. 302 return Error("resource has no overlayable declaration"); 303 } 304 305 if (overlay_info.target_name != overlayable_info->name) { 306 // If the overlay supplies a target overlayable name, the resource must belong to the 307 // overlayable defined with the specified name to be overlaid. 308 return Error("<overlay> android:targetName '%s' does not match overlayable name '%s'", 309 overlay_info.target_name.c_str(), overlayable_info->name.c_str()); 310 } 311 312 // Enforce policy restrictions if the resource is declared as overlayable. 313 if ((overlayable_info->policy_flags & fulfilled_policies) == 0) { 314 return Error("overlay with policies '%s' does not fulfill any overlayable policies '%s'", 315 ConcatPolicies(BitmaskToPolicies(fulfilled_policies)).c_str(), 316 ConcatPolicies(BitmaskToPolicies(overlayable_info->policy_flags)).c_str()); 317 } 318 319 return Result<Unit>({}); 320 } 321 322 Result<std::unique_ptr<const Idmap>> Idmap::FromApkAssets(const std::string& target_apk_path, 323 const ApkAssets& target_apk_assets, 324 const std::string& overlay_apk_path, 325 const ApkAssets& overlay_apk_assets, 326 const PolicyBitmask& fulfilled_policies, 327 bool enforce_overlayable) { 328 SYSTRACE << "Idmap::FromApkAssets"; 329 AssetManager2 target_asset_manager; 330 if (!target_asset_manager.SetApkAssets({&target_apk_assets}, true, false)) { 331 return Error("failed to create target asset manager"); 332 } 333 334 AssetManager2 overlay_asset_manager; 335 if (!overlay_asset_manager.SetApkAssets({&overlay_apk_assets}, true, false)) { 336 return Error("failed to create overlay asset manager"); 337 } 338 339 const LoadedArsc* target_arsc = target_apk_assets.GetLoadedArsc(); 340 if (target_arsc == nullptr) { 341 return Error("failed to load target resources.arsc"); 342 } 343 344 const LoadedArsc* overlay_arsc = overlay_apk_assets.GetLoadedArsc(); 345 if (overlay_arsc == nullptr) { 346 return Error("failed to load overlay resources.arsc"); 347 } 348 349 const LoadedPackage* target_pkg = GetPackageAtIndex0(*target_arsc); 350 if (target_pkg == nullptr) { 351 return Error("failed to load target package from resources.arsc"); 352 } 353 354 const LoadedPackage* overlay_pkg = GetPackageAtIndex0(*overlay_arsc); 355 if (overlay_pkg == nullptr) { 356 return Error("failed to load overlay package from resources.arsc"); 357 } 358 359 const std::unique_ptr<const ZipFile> target_zip = ZipFile::Open(target_apk_path); 360 if (!target_zip) { 361 return Error("failed to open target as zip"); 362 } 363 364 const std::unique_ptr<const ZipFile> overlay_zip = ZipFile::Open(overlay_apk_path); 365 if (!overlay_zip) { 366 return Error("failed to open overlay as zip"); 367 } 368 369 auto overlay_info = utils::ExtractOverlayManifestInfo(overlay_apk_path); 370 if (!overlay_info) { 371 return overlay_info.GetError(); 372 } 373 374 std::unique_ptr<IdmapHeader> header(new IdmapHeader()); 375 header->magic_ = kIdmapMagic; 376 header->version_ = kIdmapCurrentVersion; 377 378 Result<uint32_t> crc = GetCrc(*target_zip); 379 if (!crc) { 380 return Error(crc.GetError(), "failed to get zip CRC for target"); 381 } 382 header->target_crc_ = *crc; 383 384 crc = GetCrc(*overlay_zip); 385 if (!crc) { 386 return Error(crc.GetError(), "failed to get zip CRC for overlay"); 387 } 388 header->overlay_crc_ = *crc; 389 390 if (target_apk_path.size() > sizeof(header->target_path_)) { 391 return Error("target apk path \"%s\" longer than maximum size %zu", target_apk_path.c_str(), 392 sizeof(header->target_path_)); 393 } 394 memset(header->target_path_, 0, sizeof(header->target_path_)); 395 memcpy(header->target_path_, target_apk_path.data(), target_apk_path.size()); 396 397 if (overlay_apk_path.size() > sizeof(header->overlay_path_)) { 398 return Error("overlay apk path \"%s\" longer than maximum size %zu", target_apk_path.c_str(), 399 sizeof(header->target_path_)); 400 } 401 memset(header->overlay_path_, 0, sizeof(header->overlay_path_)); 402 memcpy(header->overlay_path_, overlay_apk_path.data(), overlay_apk_path.size()); 403 404 std::unique_ptr<Idmap> idmap(new Idmap()); 405 idmap->header_ = std::move(header); 406 407 // find the resources that exist in both packages 408 MatchingResources matching_resources; 409 const auto end = overlay_pkg->end(); 410 for (auto iter = overlay_pkg->begin(); iter != end; ++iter) { 411 const ResourceId overlay_resid = *iter; 412 Result<std::string> name = utils::ResToTypeEntryName(overlay_asset_manager, overlay_resid); 413 if (!name) { 414 continue; 415 } 416 // prepend "<package>:" to turn name into "<package>:<type>/<name>" 417 const std::string full_name = 418 base::StringPrintf("%s:%s", target_pkg->GetPackageName().c_str(), name->c_str()); 419 const ResourceId target_resid = NameToResid(target_asset_manager, full_name); 420 if (target_resid == 0) { 421 continue; 422 } 423 424 if (enforce_overlayable) { 425 Result<Unit> success = 426 CheckOverlayable(*target_pkg, *overlay_info, fulfilled_policies, target_resid); 427 if (!success) { 428 LOG(WARNING) << "overlay \"" << overlay_apk_path 429 << "\" is not allowed to overlay resource \"" << full_name 430 << "\": " << success.GetErrorMessage(); 431 continue; 432 } 433 } 434 435 matching_resources.Add(target_resid, overlay_resid); 436 } 437 438 if (matching_resources.Map().empty()) { 439 return Error("overlay \"%s\" does not successfully overlay any resource", 440 overlay_apk_path.c_str()); 441 } 442 443 // encode idmap data 444 std::unique_ptr<IdmapData> data(new IdmapData()); 445 const auto types_end = matching_resources.Map().cend(); 446 for (auto ti = matching_resources.Map().cbegin(); ti != types_end; ++ti) { 447 auto ei = ti->second.cbegin(); 448 std::unique_ptr<IdmapData::TypeEntry> type(new IdmapData::TypeEntry()); 449 type->target_type_id_ = EXTRACT_TYPE(ei->first); 450 type->overlay_type_id_ = EXTRACT_TYPE(ei->second); 451 type->entry_offset_ = EXTRACT_ENTRY(ei->first); 452 EntryId last_target_entry = kNoEntry; 453 for (; ei != ti->second.cend(); ++ei) { 454 if (last_target_entry != kNoEntry) { 455 int count = EXTRACT_ENTRY(ei->first) - last_target_entry - 1; 456 type->entries_.insert(type->entries_.end(), count, kNoEntry); 457 } 458 type->entries_.push_back(EXTRACT_ENTRY(ei->second)); 459 last_target_entry = EXTRACT_ENTRY(ei->first); 460 } 461 data->type_entries_.push_back(std::move(type)); 462 } 463 464 std::unique_ptr<IdmapData::Header> data_header(new IdmapData::Header()); 465 data_header->target_package_id_ = target_pkg->GetPackageId(); 466 data_header->type_count_ = data->type_entries_.size(); 467 data->header_ = std::move(data_header); 468 469 idmap->data_.push_back(std::move(data)); 470 471 return {std::move(idmap)}; 472 } 473 474 void IdmapHeader::accept(Visitor* v) const { 475 assert(v != nullptr); 476 v->visit(*this); 477 } 478 479 void IdmapData::Header::accept(Visitor* v) const { 480 assert(v != nullptr); 481 v->visit(*this); 482 } 483 484 void IdmapData::TypeEntry::accept(Visitor* v) const { 485 assert(v != nullptr); 486 v->visit(*this); 487 } 488 489 void IdmapData::accept(Visitor* v) const { 490 assert(v != nullptr); 491 v->visit(*this); 492 header_->accept(v); 493 auto end = type_entries_.cend(); 494 for (auto iter = type_entries_.cbegin(); iter != end; ++iter) { 495 (*iter)->accept(v); 496 } 497 } 498 499 void Idmap::accept(Visitor* v) const { 500 assert(v != nullptr); 501 v->visit(*this); 502 header_->accept(v); 503 auto end = data_.cend(); 504 for (auto iter = data_.cbegin(); iter != end; ++iter) { 505 (*iter)->accept(v); 506 } 507 } 508 509 } // namespace android::idmap2 510