1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #define LOG_TAG "installed" 17 18 #include <fcntl.h> 19 #include <stdlib.h> 20 #include <string.h> 21 #include <sys/capability.h> 22 #include <sys/file.h> 23 #include <sys/stat.h> 24 #include <sys/time.h> 25 #include <sys/types.h> 26 #include <sys/resource.h> 27 #include <sys/wait.h> 28 #include <unistd.h> 29 30 #include <android-base/logging.h> 31 #include <android-base/stringprintf.h> 32 #include <android-base/strings.h> 33 #include <android-base/unique_fd.h> 34 #include <cutils/fs.h> 35 #include <cutils/properties.h> 36 #include <cutils/sched_policy.h> 37 #include <log/log.h> // TODO: Move everything to base/logging. 38 #include <private/android_filesystem_config.h> 39 #include <selinux/android.h> 40 #include <system/thread_defs.h> 41 42 #include "dexopt.h" 43 #include "installd_deps.h" 44 #include "otapreopt_utils.h" 45 #include "utils.h" 46 47 using android::base::StringPrintf; 48 using android::base::EndsWith; 49 using android::base::unique_fd; 50 51 namespace android { 52 namespace installd { 53 54 // Deleter using free() for use with std::unique_ptr<>. See also UniqueCPtr<> below. 55 struct FreeDelete { 56 // NOTE: Deleting a const object is valid but free() takes a non-const pointer. 57 void operator()(const void* ptr) const { 58 free(const_cast<void*>(ptr)); 59 } 60 }; 61 62 // Alias for std::unique_ptr<> that uses the C function free() to delete objects. 63 template <typename T> 64 using UniqueCPtr = std::unique_ptr<T, FreeDelete>; 65 66 static unique_fd invalid_unique_fd() { 67 return unique_fd(-1); 68 } 69 70 static bool clear_profile(const std::string& profile) { 71 unique_fd ufd(open(profile.c_str(), O_WRONLY | O_NOFOLLOW | O_CLOEXEC)); 72 if (ufd.get() < 0) { 73 if (errno != ENOENT) { 74 PLOG(WARNING) << "Could not open profile " << profile; 75 return false; 76 } else { 77 // Nothing to clear. That's ok. 78 return true; 79 } 80 } 81 82 if (flock(ufd.get(), LOCK_EX | LOCK_NB) != 0) { 83 if (errno != EWOULDBLOCK) { 84 PLOG(WARNING) << "Error locking profile " << profile; 85 } 86 // This implies that the app owning this profile is running 87 // (and has acquired the lock). 88 // 89 // If we can't acquire the lock bail out since clearing is useless anyway 90 // (the app will write again to the profile). 91 // 92 // Note: 93 // This does not impact the this is not an issue for the profiling correctness. 94 // In case this is needed because of an app upgrade, profiles will still be 95 // eventually cleared by the app itself due to checksum mismatch. 96 // If this is needed because profman advised, then keeping the data around 97 // until the next run is again not an issue. 98 // 99 // If the app attempts to acquire a lock while we've held one here, 100 // it will simply skip the current write cycle. 101 return false; 102 } 103 104 bool truncated = ftruncate(ufd.get(), 0) == 0; 105 if (!truncated) { 106 PLOG(WARNING) << "Could not truncate " << profile; 107 } 108 if (flock(ufd.get(), LOCK_UN) != 0) { 109 PLOG(WARNING) << "Error unlocking profile " << profile; 110 } 111 return truncated; 112 } 113 114 // Clear the reference profile for the given location. 115 // The location is the package name for primary apks or the dex path for secondary dex files. 116 static bool clear_reference_profile(const std::string& location, bool is_secondary_dex) { 117 return clear_profile(create_reference_profile_path(location, is_secondary_dex)); 118 } 119 120 // Clear the reference profile for the given location. 121 // The location is the package name for primary apks or the dex path for secondary dex files. 122 static bool clear_current_profile(const std::string& pkgname, userid_t user, 123 bool is_secondary_dex) { 124 return clear_profile(create_current_profile_path(user, pkgname, is_secondary_dex)); 125 } 126 127 // Clear the reference profile for the primary apk of the given package. 128 bool clear_primary_reference_profile(const std::string& pkgname) { 129 return clear_reference_profile(pkgname, /*is_secondary_dex*/false); 130 } 131 132 // Clear all current profile for the primary apk of the given package. 133 bool clear_primary_current_profiles(const std::string& pkgname) { 134 bool success = true; 135 // For secondary dex files, we don't really need the user but we use it for sanity checks. 136 std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr); 137 for (auto user : users) { 138 success &= clear_current_profile(pkgname, user, /*is_secondary_dex*/false); 139 } 140 return success; 141 } 142 143 // Clear the current profile for the primary apk of the given package and user. 144 bool clear_primary_current_profile(const std::string& pkgname, userid_t user) { 145 return clear_current_profile(pkgname, user, /*is_secondary_dex*/false); 146 } 147 148 static int split_count(const char *str) 149 { 150 char *ctx; 151 int count = 0; 152 char buf[kPropertyValueMax]; 153 154 strncpy(buf, str, sizeof(buf)); 155 char *pBuf = buf; 156 157 while(strtok_r(pBuf, " ", &ctx) != NULL) { 158 count++; 159 pBuf = NULL; 160 } 161 162 return count; 163 } 164 165 static int split(char *buf, const char **argv) 166 { 167 char *ctx; 168 int count = 0; 169 char *tok; 170 char *pBuf = buf; 171 172 while((tok = strtok_r(pBuf, " ", &ctx)) != NULL) { 173 argv[count++] = tok; 174 pBuf = NULL; 175 } 176 177 return count; 178 } 179 180 static const char* get_location_from_path(const char* path) { 181 static constexpr char kLocationSeparator = '/'; 182 const char *location = strrchr(path, kLocationSeparator); 183 if (location == NULL) { 184 return path; 185 } else { 186 // Skip the separator character. 187 return location + 1; 188 } 189 } 190 191 static void run_dex2oat(int zip_fd, int oat_fd, int input_vdex_fd, int output_vdex_fd, int image_fd, 192 const char* input_file_name, const char* output_file_name, int swap_fd, 193 const char* instruction_set, const char* compiler_filter, 194 bool debuggable, bool post_bootcomplete, int profile_fd, const char* shared_libraries) { 195 static const unsigned int MAX_INSTRUCTION_SET_LEN = 7; 196 197 if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) { 198 ALOGE("Instruction set %s longer than max length of %d", 199 instruction_set, MAX_INSTRUCTION_SET_LEN); 200 return; 201 } 202 203 // Get the relative path to the input file. 204 const char* relative_input_file_name = get_location_from_path(input_file_name); 205 206 char dex2oat_Xms_flag[kPropertyValueMax]; 207 bool have_dex2oat_Xms_flag = get_property("dalvik.vm.dex2oat-Xms", dex2oat_Xms_flag, NULL) > 0; 208 209 char dex2oat_Xmx_flag[kPropertyValueMax]; 210 bool have_dex2oat_Xmx_flag = get_property("dalvik.vm.dex2oat-Xmx", dex2oat_Xmx_flag, NULL) > 0; 211 212 char dex2oat_threads_buf[kPropertyValueMax]; 213 bool have_dex2oat_threads_flag = get_property(post_bootcomplete 214 ? "dalvik.vm.dex2oat-threads" 215 : "dalvik.vm.boot-dex2oat-threads", 216 dex2oat_threads_buf, 217 NULL) > 0; 218 char dex2oat_threads_arg[kPropertyValueMax + 2]; 219 if (have_dex2oat_threads_flag) { 220 sprintf(dex2oat_threads_arg, "-j%s", dex2oat_threads_buf); 221 } 222 223 char dex2oat_isa_features_key[kPropertyKeyMax]; 224 sprintf(dex2oat_isa_features_key, "dalvik.vm.isa.%s.features", instruction_set); 225 char dex2oat_isa_features[kPropertyValueMax]; 226 bool have_dex2oat_isa_features = get_property(dex2oat_isa_features_key, 227 dex2oat_isa_features, NULL) > 0; 228 229 char dex2oat_isa_variant_key[kPropertyKeyMax]; 230 sprintf(dex2oat_isa_variant_key, "dalvik.vm.isa.%s.variant", instruction_set); 231 char dex2oat_isa_variant[kPropertyValueMax]; 232 bool have_dex2oat_isa_variant = get_property(dex2oat_isa_variant_key, 233 dex2oat_isa_variant, NULL) > 0; 234 235 const char *dex2oat_norelocation = "-Xnorelocate"; 236 bool have_dex2oat_relocation_skip_flag = false; 237 238 char dex2oat_flags[kPropertyValueMax]; 239 int dex2oat_flags_count = get_property("dalvik.vm.dex2oat-flags", 240 dex2oat_flags, NULL) <= 0 ? 0 : split_count(dex2oat_flags); 241 ALOGV("dalvik.vm.dex2oat-flags=%s\n", dex2oat_flags); 242 243 // If we are booting without the real /data, don't spend time compiling. 244 char vold_decrypt[kPropertyValueMax]; 245 bool have_vold_decrypt = get_property("vold.decrypt", vold_decrypt, "") > 0; 246 bool skip_compilation = (have_vold_decrypt && 247 (strcmp(vold_decrypt, "trigger_restart_min_framework") == 0 || 248 (strcmp(vold_decrypt, "1") == 0))); 249 250 bool generate_debug_info = property_get_bool("debug.generate-debug-info", false); 251 252 char app_image_format[kPropertyValueMax]; 253 char image_format_arg[strlen("--image-format=") + kPropertyValueMax]; 254 bool have_app_image_format = 255 image_fd >= 0 && get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0; 256 if (have_app_image_format) { 257 sprintf(image_format_arg, "--image-format=%s", app_image_format); 258 } 259 260 char dex2oat_large_app_threshold[kPropertyValueMax]; 261 bool have_dex2oat_large_app_threshold = 262 get_property("dalvik.vm.dex2oat-very-large", dex2oat_large_app_threshold, NULL) > 0; 263 char dex2oat_large_app_threshold_arg[strlen("--very-large-app-threshold=") + kPropertyValueMax]; 264 if (have_dex2oat_large_app_threshold) { 265 sprintf(dex2oat_large_app_threshold_arg, 266 "--very-large-app-threshold=%s", 267 dex2oat_large_app_threshold); 268 } 269 270 static const char* DEX2OAT_BIN = "/system/bin/dex2oat"; 271 272 static const char* RUNTIME_ARG = "--runtime-arg"; 273 274 static const int MAX_INT_LEN = 12; // '-'+10dig+'\0' -OR- 0x+8dig 275 276 // clang FORTIFY doesn't let us use strlen in constant array bounds, so we 277 // use arraysize instead. 278 char zip_fd_arg[arraysize("--zip-fd=") + MAX_INT_LEN]; 279 char zip_location_arg[arraysize("--zip-location=") + PKG_PATH_MAX]; 280 char input_vdex_fd_arg[arraysize("--input-vdex-fd=") + MAX_INT_LEN]; 281 char output_vdex_fd_arg[arraysize("--output-vdex-fd=") + MAX_INT_LEN]; 282 char oat_fd_arg[arraysize("--oat-fd=") + MAX_INT_LEN]; 283 char oat_location_arg[arraysize("--oat-location=") + PKG_PATH_MAX]; 284 char instruction_set_arg[arraysize("--instruction-set=") + MAX_INSTRUCTION_SET_LEN]; 285 char instruction_set_variant_arg[arraysize("--instruction-set-variant=") + kPropertyValueMax]; 286 char instruction_set_features_arg[arraysize("--instruction-set-features=") + kPropertyValueMax]; 287 char dex2oat_Xms_arg[arraysize("-Xms") + kPropertyValueMax]; 288 char dex2oat_Xmx_arg[arraysize("-Xmx") + kPropertyValueMax]; 289 char dex2oat_compiler_filter_arg[arraysize("--compiler-filter=") + kPropertyValueMax]; 290 bool have_dex2oat_swap_fd = false; 291 char dex2oat_swap_fd[arraysize("--swap-fd=") + MAX_INT_LEN]; 292 bool have_dex2oat_image_fd = false; 293 char dex2oat_image_fd[arraysize("--app-image-fd=") + MAX_INT_LEN]; 294 295 sprintf(zip_fd_arg, "--zip-fd=%d", zip_fd); 296 sprintf(zip_location_arg, "--zip-location=%s", relative_input_file_name); 297 sprintf(input_vdex_fd_arg, "--input-vdex-fd=%d", input_vdex_fd); 298 sprintf(output_vdex_fd_arg, "--output-vdex-fd=%d", output_vdex_fd); 299 sprintf(oat_fd_arg, "--oat-fd=%d", oat_fd); 300 sprintf(oat_location_arg, "--oat-location=%s", output_file_name); 301 sprintf(instruction_set_arg, "--instruction-set=%s", instruction_set); 302 sprintf(instruction_set_variant_arg, "--instruction-set-variant=%s", dex2oat_isa_variant); 303 sprintf(instruction_set_features_arg, "--instruction-set-features=%s", dex2oat_isa_features); 304 if (swap_fd >= 0) { 305 have_dex2oat_swap_fd = true; 306 sprintf(dex2oat_swap_fd, "--swap-fd=%d", swap_fd); 307 } 308 if (image_fd >= 0) { 309 have_dex2oat_image_fd = true; 310 sprintf(dex2oat_image_fd, "--app-image-fd=%d", image_fd); 311 } 312 313 if (have_dex2oat_Xms_flag) { 314 sprintf(dex2oat_Xms_arg, "-Xms%s", dex2oat_Xms_flag); 315 } 316 if (have_dex2oat_Xmx_flag) { 317 sprintf(dex2oat_Xmx_arg, "-Xmx%s", dex2oat_Xmx_flag); 318 } 319 320 // Compute compiler filter. 321 322 bool have_dex2oat_compiler_filter_flag = false; 323 if (skip_compilation) { 324 strcpy(dex2oat_compiler_filter_arg, "--compiler-filter=extract"); 325 have_dex2oat_compiler_filter_flag = true; 326 have_dex2oat_relocation_skip_flag = true; 327 } else if (compiler_filter != nullptr) { 328 if (strlen(compiler_filter) + strlen("--compiler-filter=") < 329 arraysize(dex2oat_compiler_filter_arg)) { 330 sprintf(dex2oat_compiler_filter_arg, "--compiler-filter=%s", compiler_filter); 331 have_dex2oat_compiler_filter_flag = true; 332 } else { 333 ALOGW("Compiler filter name '%s' is too large (max characters is %zu)", 334 compiler_filter, 335 kPropertyValueMax); 336 } 337 } 338 339 if (!have_dex2oat_compiler_filter_flag) { 340 char dex2oat_compiler_filter_flag[kPropertyValueMax]; 341 have_dex2oat_compiler_filter_flag = get_property("dalvik.vm.dex2oat-filter", 342 dex2oat_compiler_filter_flag, NULL) > 0; 343 if (have_dex2oat_compiler_filter_flag) { 344 sprintf(dex2oat_compiler_filter_arg, 345 "--compiler-filter=%s", 346 dex2oat_compiler_filter_flag); 347 } 348 } 349 350 // Check whether all apps should be compiled debuggable. 351 if (!debuggable) { 352 char prop_buf[kPropertyValueMax]; 353 debuggable = 354 (get_property("dalvik.vm.always_debuggable", prop_buf, "0") > 0) && 355 (prop_buf[0] == '1'); 356 } 357 char profile_arg[strlen("--profile-file-fd=") + MAX_INT_LEN]; 358 if (profile_fd != -1) { 359 sprintf(profile_arg, "--profile-file-fd=%d", profile_fd); 360 } 361 362 // Get the directory of the apk to pass as a base classpath directory. 363 char base_dir[arraysize("--classpath-dir=") + PKG_PATH_MAX]; 364 std::string apk_dir(input_file_name); 365 unsigned long dir_index = apk_dir.rfind('/'); 366 bool has_base_dir = dir_index != std::string::npos; 367 if (has_base_dir) { 368 apk_dir = apk_dir.substr(0, dir_index); 369 sprintf(base_dir, "--classpath-dir=%s", apk_dir.c_str()); 370 } 371 372 373 ALOGV("Running %s in=%s out=%s\n", DEX2OAT_BIN, relative_input_file_name, output_file_name); 374 375 const char* argv[9 // program name, mandatory arguments and the final NULL 376 + (have_dex2oat_isa_variant ? 1 : 0) 377 + (have_dex2oat_isa_features ? 1 : 0) 378 + (have_dex2oat_Xms_flag ? 2 : 0) 379 + (have_dex2oat_Xmx_flag ? 2 : 0) 380 + (have_dex2oat_compiler_filter_flag ? 1 : 0) 381 + (have_dex2oat_threads_flag ? 1 : 0) 382 + (have_dex2oat_swap_fd ? 1 : 0) 383 + (have_dex2oat_image_fd ? 1 : 0) 384 + (have_dex2oat_relocation_skip_flag ? 2 : 0) 385 + (generate_debug_info ? 1 : 0) 386 + (debuggable ? 1 : 0) 387 + (have_app_image_format ? 1 : 0) 388 + dex2oat_flags_count 389 + (profile_fd == -1 ? 0 : 1) 390 + (shared_libraries != nullptr ? 4 : 0) 391 + (has_base_dir ? 1 : 0) 392 + (have_dex2oat_large_app_threshold ? 1 : 0)]; 393 int i = 0; 394 argv[i++] = DEX2OAT_BIN; 395 argv[i++] = zip_fd_arg; 396 argv[i++] = zip_location_arg; 397 argv[i++] = input_vdex_fd_arg; 398 argv[i++] = output_vdex_fd_arg; 399 argv[i++] = oat_fd_arg; 400 argv[i++] = oat_location_arg; 401 argv[i++] = instruction_set_arg; 402 if (have_dex2oat_isa_variant) { 403 argv[i++] = instruction_set_variant_arg; 404 } 405 if (have_dex2oat_isa_features) { 406 argv[i++] = instruction_set_features_arg; 407 } 408 if (have_dex2oat_Xms_flag) { 409 argv[i++] = RUNTIME_ARG; 410 argv[i++] = dex2oat_Xms_arg; 411 } 412 if (have_dex2oat_Xmx_flag) { 413 argv[i++] = RUNTIME_ARG; 414 argv[i++] = dex2oat_Xmx_arg; 415 } 416 if (have_dex2oat_compiler_filter_flag) { 417 argv[i++] = dex2oat_compiler_filter_arg; 418 } 419 if (have_dex2oat_threads_flag) { 420 argv[i++] = dex2oat_threads_arg; 421 } 422 if (have_dex2oat_swap_fd) { 423 argv[i++] = dex2oat_swap_fd; 424 } 425 if (have_dex2oat_image_fd) { 426 argv[i++] = dex2oat_image_fd; 427 } 428 if (generate_debug_info) { 429 argv[i++] = "--generate-debug-info"; 430 } 431 if (debuggable) { 432 argv[i++] = "--debuggable"; 433 } 434 if (have_app_image_format) { 435 argv[i++] = image_format_arg; 436 } 437 if (have_dex2oat_large_app_threshold) { 438 argv[i++] = dex2oat_large_app_threshold_arg; 439 } 440 if (dex2oat_flags_count) { 441 i += split(dex2oat_flags, argv + i); 442 } 443 if (have_dex2oat_relocation_skip_flag) { 444 argv[i++] = RUNTIME_ARG; 445 argv[i++] = dex2oat_norelocation; 446 } 447 if (profile_fd != -1) { 448 argv[i++] = profile_arg; 449 } 450 if (shared_libraries != nullptr) { 451 argv[i++] = RUNTIME_ARG; 452 argv[i++] = "-classpath"; 453 argv[i++] = RUNTIME_ARG; 454 argv[i++] = shared_libraries; 455 } 456 if (has_base_dir) { 457 argv[i++] = base_dir; 458 } 459 // Do not add after dex2oat_flags, they should override others for debugging. 460 argv[i] = NULL; 461 462 execv(DEX2OAT_BIN, (char * const *)argv); 463 ALOGE("execv(%s) failed: %s\n", DEX2OAT_BIN, strerror(errno)); 464 } 465 466 /* 467 * Whether dexopt should use a swap file when compiling an APK. 468 * 469 * If kAlwaysProvideSwapFile, do this on all devices (dex2oat will make a more informed decision 470 * itself, anyways). 471 * 472 * Otherwise, read "dalvik.vm.dex2oat-swap". If the property exists, return whether it is "true". 473 * 474 * Otherwise, return true if this is a low-mem device. 475 * 476 * Otherwise, return default value. 477 */ 478 static bool kAlwaysProvideSwapFile = false; 479 static bool kDefaultProvideSwapFile = true; 480 481 static bool ShouldUseSwapFileForDexopt() { 482 if (kAlwaysProvideSwapFile) { 483 return true; 484 } 485 486 // Check the "override" property. If it exists, return value == "true". 487 char dex2oat_prop_buf[kPropertyValueMax]; 488 if (get_property("dalvik.vm.dex2oat-swap", dex2oat_prop_buf, "") > 0) { 489 if (strcmp(dex2oat_prop_buf, "true") == 0) { 490 return true; 491 } else { 492 return false; 493 } 494 } 495 496 // Shortcut for default value. This is an implementation optimization for the process sketched 497 // above. If the default value is true, we can avoid to check whether this is a low-mem device, 498 // as low-mem is never returning false. The compiler will optimize this away if it can. 499 if (kDefaultProvideSwapFile) { 500 return true; 501 } 502 503 bool is_low_mem = property_get_bool("ro.config.low_ram", false); 504 if (is_low_mem) { 505 return true; 506 } 507 508 // Default value must be false here. 509 return kDefaultProvideSwapFile; 510 } 511 512 static void SetDex2OatScheduling(bool set_to_bg) { 513 if (set_to_bg) { 514 if (set_sched_policy(0, SP_BACKGROUND) < 0) { 515 ALOGE("set_sched_policy failed: %s\n", strerror(errno)); 516 exit(70); 517 } 518 if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) { 519 ALOGE("setpriority failed: %s\n", strerror(errno)); 520 exit(71); 521 } 522 } 523 } 524 525 static bool create_profile(int uid, const std::string& profile) { 526 unique_fd fd(TEMP_FAILURE_RETRY(open(profile.c_str(), O_CREAT | O_NOFOLLOW, 0600))); 527 if (fd.get() < 0) { 528 if (errno == EEXIST) { 529 return true; 530 } else { 531 PLOG(ERROR) << "Failed to create profile " << profile; 532 return false; 533 } 534 } 535 // Profiles should belong to the app; make sure of that by giving ownership to 536 // the app uid. If we cannot do that, there's no point in returning the fd 537 // since dex2oat/profman will fail with SElinux denials. 538 if (fchown(fd.get(), uid, uid) < 0) { 539 PLOG(ERROR) << "Could not chwon profile " << profile; 540 return false; 541 } 542 return true; 543 } 544 545 static unique_fd open_profile(int uid, const std::string& profile, bool read_write) { 546 // Check if we need to open the profile for a read-write operation. If so, we 547 // might need to create the profile since the file might not be there. Reference 548 // profiles are created on the fly so they might not exist beforehand. 549 if (read_write) { 550 if (!create_profile(uid, profile)) { 551 return invalid_unique_fd(); 552 } 553 } 554 int flags = read_write ? O_RDWR : O_RDONLY; 555 // Do not follow symlinks when opening a profile: 556 // - primary profiles should not contain symlinks in their paths 557 // - secondary dex paths should have been already resolved and validated 558 flags |= O_NOFOLLOW; 559 560 unique_fd fd(TEMP_FAILURE_RETRY(open(profile.c_str(), flags))); 561 if (fd.get() < 0) { 562 if (errno != ENOENT) { 563 // Profiles might be missing for various reasons. For example, in a 564 // multi-user environment, the profile directory for one user can be created 565 // after we start a merge. In this case the current profile for that user 566 // will not be found. 567 // Also, the secondary dex profiles might be deleted by the app at any time, 568 // so we can't we need to prepare if they are missing. 569 PLOG(ERROR) << "Failed to open profile " << profile; 570 } 571 return invalid_unique_fd(); 572 } 573 574 return fd; 575 } 576 577 static unique_fd open_current_profile(uid_t uid, userid_t user, const std::string& location, 578 bool is_secondary_dex) { 579 std::string profile = create_current_profile_path(user, location, is_secondary_dex); 580 return open_profile(uid, profile, /*read_write*/false); 581 } 582 583 static unique_fd open_reference_profile(uid_t uid, const std::string& location, bool read_write, 584 bool is_secondary_dex) { 585 std::string profile = create_reference_profile_path(location, is_secondary_dex); 586 return open_profile(uid, profile, read_write); 587 } 588 589 static void open_profile_files(uid_t uid, const std::string& location, bool is_secondary_dex, 590 /*out*/ std::vector<unique_fd>* profiles_fd, /*out*/ unique_fd* reference_profile_fd) { 591 // Open the reference profile in read-write mode as profman might need to save the merge. 592 *reference_profile_fd = open_reference_profile(uid, location, /*read_write*/ true, 593 is_secondary_dex); 594 595 // For secondary dex files, we don't really need the user but we use it for sanity checks. 596 // Note: the user owning the dex file should be the current user. 597 std::vector<userid_t> users; 598 if (is_secondary_dex){ 599 users.push_back(multiuser_get_user_id(uid)); 600 } else { 601 users = get_known_users(/*volume_uuid*/ nullptr); 602 } 603 for (auto user : users) { 604 unique_fd profile_fd = open_current_profile(uid, user, location, is_secondary_dex); 605 // Add to the lists only if both fds are valid. 606 if (profile_fd.get() >= 0) { 607 profiles_fd->push_back(std::move(profile_fd)); 608 } 609 } 610 } 611 612 static void drop_capabilities(uid_t uid) { 613 if (setgid(uid) != 0) { 614 ALOGE("setgid(%d) failed in installd during dexopt\n", uid); 615 exit(64); 616 } 617 if (setuid(uid) != 0) { 618 ALOGE("setuid(%d) failed in installd during dexopt\n", uid); 619 exit(65); 620 } 621 // drop capabilities 622 struct __user_cap_header_struct capheader; 623 struct __user_cap_data_struct capdata[2]; 624 memset(&capheader, 0, sizeof(capheader)); 625 memset(&capdata, 0, sizeof(capdata)); 626 capheader.version = _LINUX_CAPABILITY_VERSION_3; 627 if (capset(&capheader, &capdata[0]) < 0) { 628 ALOGE("capset failed: %s\n", strerror(errno)); 629 exit(66); 630 } 631 } 632 633 static constexpr int PROFMAN_BIN_RETURN_CODE_COMPILE = 0; 634 static constexpr int PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION = 1; 635 static constexpr int PROFMAN_BIN_RETURN_CODE_BAD_PROFILES = 2; 636 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_IO = 3; 637 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING = 4; 638 639 static void run_profman_merge(const std::vector<unique_fd>& profiles_fd, 640 const unique_fd& reference_profile_fd) { 641 static const size_t MAX_INT_LEN = 32; 642 static const char* PROFMAN_BIN = "/system/bin/profman"; 643 644 std::vector<std::string> profile_args(profiles_fd.size()); 645 char profile_buf[strlen("--profile-file-fd=") + MAX_INT_LEN]; 646 for (size_t k = 0; k < profiles_fd.size(); k++) { 647 sprintf(profile_buf, "--profile-file-fd=%d", profiles_fd[k].get()); 648 profile_args[k].assign(profile_buf); 649 } 650 char reference_profile_arg[strlen("--reference-profile-file-fd=") + MAX_INT_LEN]; 651 sprintf(reference_profile_arg, "--reference-profile-file-fd=%d", reference_profile_fd.get()); 652 653 // program name, reference profile fd, the final NULL and the profile fds 654 const char* argv[3 + profiles_fd.size()]; 655 int i = 0; 656 argv[i++] = PROFMAN_BIN; 657 argv[i++] = reference_profile_arg; 658 for (size_t k = 0; k < profile_args.size(); k++) { 659 argv[i++] = profile_args[k].c_str(); 660 } 661 // Do not add after dex2oat_flags, they should override others for debugging. 662 argv[i] = NULL; 663 664 execv(PROFMAN_BIN, (char * const *)argv); 665 ALOGE("execv(%s) failed: %s\n", PROFMAN_BIN, strerror(errno)); 666 exit(68); /* only get here on exec failure */ 667 } 668 669 // Decides if profile guided compilation is needed or not based on existing profiles. 670 // The location is the package name for primary apks or the dex path for secondary dex files. 671 // Returns true if there is enough information in the current profiles that makes it 672 // worth to recompile the given location. 673 // If the return value is true all the current profiles would have been merged into 674 // the reference profiles accessible with open_reference_profile(). 675 static bool analyze_profiles(uid_t uid, const std::string& location, bool is_secondary_dex) { 676 std::vector<unique_fd> profiles_fd; 677 unique_fd reference_profile_fd; 678 open_profile_files(uid, location, is_secondary_dex, &profiles_fd, &reference_profile_fd); 679 if (profiles_fd.empty() || (reference_profile_fd.get() < 0)) { 680 // Skip profile guided compilation because no profiles were found. 681 // Or if the reference profile info couldn't be opened. 682 return false; 683 } 684 685 pid_t pid = fork(); 686 if (pid == 0) { 687 /* child -- drop privileges before continuing */ 688 drop_capabilities(uid); 689 run_profman_merge(profiles_fd, reference_profile_fd); 690 exit(68); /* only get here on exec failure */ 691 } 692 /* parent */ 693 int return_code = wait_child(pid); 694 bool need_to_compile = false; 695 bool should_clear_current_profiles = false; 696 bool should_clear_reference_profile = false; 697 if (!WIFEXITED(return_code)) { 698 LOG(WARNING) << "profman failed for location " << location << ": " << return_code; 699 } else { 700 return_code = WEXITSTATUS(return_code); 701 switch (return_code) { 702 case PROFMAN_BIN_RETURN_CODE_COMPILE: 703 need_to_compile = true; 704 should_clear_current_profiles = true; 705 should_clear_reference_profile = false; 706 break; 707 case PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION: 708 need_to_compile = false; 709 should_clear_current_profiles = false; 710 should_clear_reference_profile = false; 711 break; 712 case PROFMAN_BIN_RETURN_CODE_BAD_PROFILES: 713 LOG(WARNING) << "Bad profiles for location " << location; 714 need_to_compile = false; 715 should_clear_current_profiles = true; 716 should_clear_reference_profile = true; 717 break; 718 case PROFMAN_BIN_RETURN_CODE_ERROR_IO: // fall-through 719 case PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING: 720 // Temporary IO problem (e.g. locking). Ignore but log a warning. 721 LOG(WARNING) << "IO error while reading profiles for location " << location; 722 need_to_compile = false; 723 should_clear_current_profiles = false; 724 should_clear_reference_profile = false; 725 break; 726 default: 727 // Unknown return code or error. Unlink profiles. 728 LOG(WARNING) << "Unknown error code while processing profiles for location " 729 << location << ": " << return_code; 730 need_to_compile = false; 731 should_clear_current_profiles = true; 732 should_clear_reference_profile = true; 733 break; 734 } 735 } 736 737 if (should_clear_current_profiles) { 738 if (is_secondary_dex) { 739 // For secondary dex files, the owning user is the current user. 740 clear_current_profile(location, multiuser_get_user_id(uid), is_secondary_dex); 741 } else { 742 clear_primary_current_profiles(location); 743 } 744 } 745 if (should_clear_reference_profile) { 746 clear_reference_profile(location, is_secondary_dex); 747 } 748 return need_to_compile; 749 } 750 751 // Decides if profile guided compilation is needed or not based on existing profiles. 752 // The analysis is done for the primary apks of the given package. 753 // Returns true if there is enough information in the current profiles that makes it 754 // worth to recompile the package. 755 // If the return value is true all the current profiles would have been merged into 756 // the reference profiles accessible with open_reference_profile(). 757 bool analyze_primary_profiles(uid_t uid, const std::string& pkgname) { 758 return analyze_profiles(uid, pkgname, /*is_secondary_dex*/false); 759 } 760 761 static void run_profman_dump(const std::vector<unique_fd>& profile_fds, 762 const unique_fd& reference_profile_fd, 763 const std::vector<std::string>& dex_locations, 764 const std::vector<unique_fd>& apk_fds, 765 const unique_fd& output_fd) { 766 std::vector<std::string> profman_args; 767 static const char* PROFMAN_BIN = "/system/bin/profman"; 768 profman_args.push_back(PROFMAN_BIN); 769 profman_args.push_back("--dump-only"); 770 profman_args.push_back(StringPrintf("--dump-output-to-fd=%d", output_fd.get())); 771 if (reference_profile_fd != -1) { 772 profman_args.push_back(StringPrintf("--reference-profile-file-fd=%d", 773 reference_profile_fd.get())); 774 } 775 for (size_t i = 0; i < profile_fds.size(); i++) { 776 profman_args.push_back(StringPrintf("--profile-file-fd=%d", profile_fds[i].get())); 777 } 778 for (const std::string& dex_location : dex_locations) { 779 profman_args.push_back(StringPrintf("--dex-location=%s", dex_location.c_str())); 780 } 781 for (size_t i = 0; i < apk_fds.size(); i++) { 782 profman_args.push_back(StringPrintf("--apk-fd=%d", apk_fds[i].get())); 783 } 784 const char **argv = new const char*[profman_args.size() + 1]; 785 size_t i = 0; 786 for (const std::string& profman_arg : profman_args) { 787 argv[i++] = profman_arg.c_str(); 788 } 789 argv[i] = NULL; 790 791 execv(PROFMAN_BIN, (char * const *)argv); 792 ALOGE("execv(%s) failed: %s\n", PROFMAN_BIN, strerror(errno)); 793 exit(68); /* only get here on exec failure */ 794 } 795 796 bool dump_profiles(int32_t uid, const std::string& pkgname, const char* code_paths) { 797 std::vector<unique_fd> profile_fds; 798 unique_fd reference_profile_fd; 799 std::string out_file_name = StringPrintf("/data/misc/profman/%s.txt", pkgname.c_str()); 800 801 open_profile_files(uid, pkgname, /*is_secondary_dex*/false, 802 &profile_fds, &reference_profile_fd); 803 804 const bool has_reference_profile = (reference_profile_fd.get() != -1); 805 const bool has_profiles = !profile_fds.empty(); 806 807 if (!has_reference_profile && !has_profiles) { 808 LOG(ERROR) << "profman dump: no profiles to dump for " << pkgname; 809 return false; 810 } 811 812 unique_fd output_fd(open(out_file_name.c_str(), 813 O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, 0644)); 814 if (fchmod(output_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) { 815 ALOGE("installd cannot chmod '%s' dump_profile\n", out_file_name.c_str()); 816 return false; 817 } 818 std::vector<std::string> code_full_paths = base::Split(code_paths, ";"); 819 std::vector<std::string> dex_locations; 820 std::vector<unique_fd> apk_fds; 821 for (const std::string& code_full_path : code_full_paths) { 822 const char* full_path = code_full_path.c_str(); 823 unique_fd apk_fd(open(full_path, O_RDONLY | O_NOFOLLOW)); 824 if (apk_fd == -1) { 825 ALOGE("installd cannot open '%s'\n", full_path); 826 return false; 827 } 828 dex_locations.push_back(get_location_from_path(full_path)); 829 apk_fds.push_back(std::move(apk_fd)); 830 } 831 832 pid_t pid = fork(); 833 if (pid == 0) { 834 /* child -- drop privileges before continuing */ 835 drop_capabilities(uid); 836 run_profman_dump(profile_fds, reference_profile_fd, dex_locations, 837 apk_fds, output_fd); 838 exit(68); /* only get here on exec failure */ 839 } 840 /* parent */ 841 int return_code = wait_child(pid); 842 if (!WIFEXITED(return_code)) { 843 LOG(WARNING) << "profman failed for package " << pkgname << ": " 844 << return_code; 845 return false; 846 } 847 return true; 848 } 849 850 static std::string replace_file_extension(const std::string& oat_path, const std::string& new_ext) { 851 // A standard dalvik-cache entry. Replace ".dex" with `new_ext`. 852 if (EndsWith(oat_path, ".dex")) { 853 std::string new_path = oat_path; 854 new_path.replace(new_path.length() - strlen(".dex"), strlen(".dex"), new_ext); 855 CHECK(EndsWith(new_path, new_ext.c_str())); 856 return new_path; 857 } 858 859 // An odex entry. Not that this may not be an extension, e.g., in the OTA 860 // case (where the base name will have an extension for the B artifact). 861 size_t odex_pos = oat_path.rfind(".odex"); 862 if (odex_pos != std::string::npos) { 863 std::string new_path = oat_path; 864 new_path.replace(odex_pos, strlen(".odex"), new_ext); 865 CHECK_NE(new_path.find(new_ext), std::string::npos); 866 return new_path; 867 } 868 869 // Don't know how to handle this. 870 return ""; 871 } 872 873 // Translate the given oat path to an art (app image) path. An empty string 874 // denotes an error. 875 static std::string create_image_filename(const std::string& oat_path) { 876 return replace_file_extension(oat_path, ".art"); 877 } 878 879 // Translate the given oat path to a vdex path. An empty string denotes an error. 880 static std::string create_vdex_filename(const std::string& oat_path) { 881 return replace_file_extension(oat_path, ".vdex"); 882 } 883 884 static bool add_extension_to_file_name(char* file_name, const char* extension) { 885 if (strlen(file_name) + strlen(extension) + 1 > PKG_PATH_MAX) { 886 return false; 887 } 888 strcat(file_name, extension); 889 return true; 890 } 891 892 static int open_output_file(const char* file_name, bool recreate, int permissions) { 893 int flags = O_RDWR | O_CREAT; 894 if (recreate) { 895 if (unlink(file_name) < 0) { 896 if (errno != ENOENT) { 897 PLOG(ERROR) << "open_output_file: Couldn't unlink " << file_name; 898 } 899 } 900 flags |= O_EXCL; 901 } 902 return open(file_name, flags, permissions); 903 } 904 905 static bool set_permissions_and_ownership( 906 int fd, bool is_public, int uid, const char* path, bool is_secondary_dex) { 907 // Primary apks are owned by the system. Secondary dex files are owned by the app. 908 int owning_uid = is_secondary_dex ? uid : AID_SYSTEM; 909 if (fchmod(fd, 910 S_IRUSR|S_IWUSR|S_IRGRP | 911 (is_public ? S_IROTH : 0)) < 0) { 912 ALOGE("installd cannot chmod '%s' during dexopt\n", path); 913 return false; 914 } else if (fchown(fd, owning_uid, uid) < 0) { 915 ALOGE("installd cannot chown '%s' during dexopt\n", path); 916 return false; 917 } 918 return true; 919 } 920 921 static bool IsOutputDalvikCache(const char* oat_dir) { 922 // InstallerConnection.java (which invokes installd) transforms Java null arguments 923 // into '!'. Play it safe by handling it both. 924 // TODO: ensure we never get null. 925 // TODO: pass a flag instead of inferring if the output is dalvik cache. 926 return oat_dir == nullptr || oat_dir[0] == '!'; 927 } 928 929 static bool create_oat_out_path(const char* apk_path, const char* instruction_set, 930 const char* oat_dir, bool is_secondary_dex, /*out*/ char* out_oat_path) { 931 // Early best-effort check whether we can fit the the path into our buffers. 932 // Note: the cache path will require an additional 5 bytes for ".swap", but we'll try to run 933 // without a swap file, if necessary. Reference profiles file also add an extra ".prof" 934 // extension to the cache path (5 bytes). 935 if (strlen(apk_path) >= (PKG_PATH_MAX - 8)) { 936 ALOGE("apk_path too long '%s'\n", apk_path); 937 return false; 938 } 939 940 if (!IsOutputDalvikCache(oat_dir)) { 941 // Oat dirs for secondary dex files are already validated. 942 if (!is_secondary_dex && validate_apk_path(oat_dir)) { 943 ALOGE("cannot validate apk path with oat_dir '%s'\n", oat_dir); 944 return false; 945 } 946 if (!calculate_oat_file_path(out_oat_path, oat_dir, apk_path, instruction_set)) { 947 return false; 948 } 949 } else { 950 if (!create_cache_path(out_oat_path, apk_path, instruction_set)) { 951 return false; 952 } 953 } 954 return true; 955 } 956 957 // Helper for fd management. This is similar to a unique_fd in that it closes the file descriptor 958 // on destruction. It will also run the given cleanup (unless told not to) after closing. 959 // 960 // Usage example: 961 // 962 // Dex2oatFileWrapper file(open(...), 963 // [name]() { 964 // unlink(name.c_str()); 965 // }); 966 // // Note: care needs to be taken about name, as it needs to have a lifetime longer than the 967 // wrapper if captured as a reference. 968 // 969 // if (file.get() == -1) { 970 // // Error opening... 971 // } 972 // 973 // ... 974 // if (error) { 975 // // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will run 976 // // and delete the file (after the fd is closed). 977 // return -1; 978 // } 979 // 980 // (Success case) 981 // file.SetCleanup(false); 982 // // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will not run 983 // // (leaving the file around; after the fd is closed). 984 // 985 class Dex2oatFileWrapper { 986 public: 987 Dex2oatFileWrapper() : value_(-1), cleanup_(), do_cleanup_(true), auto_close_(true) { 988 } 989 990 Dex2oatFileWrapper(int value, std::function<void ()> cleanup) 991 : value_(value), cleanup_(cleanup), do_cleanup_(true), auto_close_(true) {} 992 993 Dex2oatFileWrapper(Dex2oatFileWrapper&& other) { 994 value_ = other.value_; 995 cleanup_ = other.cleanup_; 996 do_cleanup_ = other.do_cleanup_; 997 auto_close_ = other.auto_close_; 998 other.release(); 999 } 1000 1001 Dex2oatFileWrapper& operator=(Dex2oatFileWrapper&& other) { 1002 value_ = other.value_; 1003 cleanup_ = other.cleanup_; 1004 do_cleanup_ = other.do_cleanup_; 1005 auto_close_ = other.auto_close_; 1006 other.release(); 1007 return *this; 1008 } 1009 1010 ~Dex2oatFileWrapper() { 1011 reset(-1); 1012 } 1013 1014 int get() { 1015 return value_; 1016 } 1017 1018 void SetCleanup(bool cleanup) { 1019 do_cleanup_ = cleanup; 1020 } 1021 1022 void reset(int new_value) { 1023 if (auto_close_ && value_ >= 0) { 1024 close(value_); 1025 } 1026 if (do_cleanup_ && cleanup_ != nullptr) { 1027 cleanup_(); 1028 } 1029 1030 value_ = new_value; 1031 } 1032 1033 void reset(int new_value, std::function<void ()> new_cleanup) { 1034 if (auto_close_ && value_ >= 0) { 1035 close(value_); 1036 } 1037 if (do_cleanup_ && cleanup_ != nullptr) { 1038 cleanup_(); 1039 } 1040 1041 value_ = new_value; 1042 cleanup_ = new_cleanup; 1043 } 1044 1045 void DisableAutoClose() { 1046 auto_close_ = false; 1047 } 1048 1049 private: 1050 void release() { 1051 value_ = -1; 1052 do_cleanup_ = false; 1053 cleanup_ = nullptr; 1054 } 1055 int value_; 1056 std::function<void ()> cleanup_; 1057 bool do_cleanup_; 1058 bool auto_close_; 1059 }; 1060 1061 // (re)Creates the app image if needed. 1062 Dex2oatFileWrapper maybe_open_app_image(const char* out_oat_path, bool profile_guided, 1063 bool is_public, int uid, bool is_secondary_dex) { 1064 // Use app images only if it is enabled (by a set image format) and we are compiling 1065 // profile-guided (so the app image doesn't conservatively contain all classes). 1066 // Note that we don't create an image for secondary dex files. 1067 if (is_secondary_dex || !profile_guided) { 1068 return Dex2oatFileWrapper(); 1069 } 1070 1071 const std::string image_path = create_image_filename(out_oat_path); 1072 if (image_path.empty()) { 1073 // Happens when the out_oat_path has an unknown extension. 1074 return Dex2oatFileWrapper(); 1075 } 1076 char app_image_format[kPropertyValueMax]; 1077 bool have_app_image_format = 1078 get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0; 1079 if (!have_app_image_format) { 1080 return Dex2oatFileWrapper(); 1081 } 1082 // Recreate is true since we do not want to modify a mapped image. If the app is 1083 // already running and we modify the image file, it can cause crashes (b/27493510). 1084 Dex2oatFileWrapper wrapper_fd( 1085 open_output_file(image_path.c_str(), true /*recreate*/, 0600 /*permissions*/), 1086 [image_path]() { unlink(image_path.c_str()); }); 1087 if (wrapper_fd.get() < 0) { 1088 // Could not create application image file. Go on since we can compile without it. 1089 LOG(ERROR) << "installd could not create '" << image_path 1090 << "' for image file during dexopt"; 1091 // If we have a valid image file path but no image fd, explicitly erase the image file. 1092 if (unlink(image_path.c_str()) < 0) { 1093 if (errno != ENOENT) { 1094 PLOG(ERROR) << "Couldn't unlink image file " << image_path; 1095 } 1096 } 1097 } else if (!set_permissions_and_ownership( 1098 wrapper_fd.get(), is_public, uid, image_path.c_str(), is_secondary_dex)) { 1099 ALOGE("installd cannot set owner '%s' for image during dexopt\n", image_path.c_str()); 1100 wrapper_fd.reset(-1); 1101 } 1102 1103 return wrapper_fd; 1104 } 1105 1106 // Creates the dexopt swap file if necessary and return its fd. 1107 // Returns -1 if there's no need for a swap or in case of errors. 1108 unique_fd maybe_open_dexopt_swap_file(const char* out_oat_path) { 1109 if (!ShouldUseSwapFileForDexopt()) { 1110 return invalid_unique_fd(); 1111 } 1112 // Make sure there really is enough space. 1113 char swap_file_name[PKG_PATH_MAX]; 1114 strcpy(swap_file_name, out_oat_path); 1115 if (!add_extension_to_file_name(swap_file_name, ".swap")) { 1116 return invalid_unique_fd(); 1117 } 1118 unique_fd swap_fd(open_output_file( 1119 swap_file_name, /*recreate*/true, /*permissions*/0600)); 1120 if (swap_fd.get() < 0) { 1121 // Could not create swap file. Optimistically go on and hope that we can compile 1122 // without it. 1123 ALOGE("installd could not create '%s' for swap during dexopt\n", swap_file_name); 1124 } else { 1125 // Immediately unlink. We don't really want to hit flash. 1126 if (unlink(swap_file_name) < 0) { 1127 PLOG(ERROR) << "Couldn't unlink swap file " << swap_file_name; 1128 } 1129 } 1130 return swap_fd; 1131 } 1132 1133 // Opens the reference profiles if needed. 1134 // Note that the reference profile might not exist so it's OK if the fd will be -1. 1135 Dex2oatFileWrapper maybe_open_reference_profile(const std::string& pkgname, 1136 const std::string& dex_path, bool profile_guided, bool is_public, int uid, 1137 bool is_secondary_dex) { 1138 // Public apps should not be compiled with profile information ever. Same goes for the special 1139 // package '*' used for the system server. 1140 if (!profile_guided || is_public || (pkgname[0] == '*')) { 1141 return Dex2oatFileWrapper(); 1142 } 1143 1144 // Open reference profile in read only mode as dex2oat does not get write permissions. 1145 const std::string location = is_secondary_dex ? dex_path : pkgname; 1146 unique_fd ufd = open_reference_profile(uid, location, /*read_write*/false, is_secondary_dex); 1147 const auto& cleanup = [location, is_secondary_dex]() { 1148 clear_reference_profile(location.c_str(), is_secondary_dex); 1149 }; 1150 return Dex2oatFileWrapper(ufd.release(), cleanup); 1151 } 1152 1153 // Opens the vdex files and assigns the input fd to in_vdex_wrapper_fd and the output fd to 1154 // out_vdex_wrapper_fd. Returns true for success or false in case of errors. 1155 bool open_vdex_files(const char* apk_path, const char* out_oat_path, int dexopt_needed, 1156 const char* instruction_set, bool is_public, int uid, bool is_secondary_dex, 1157 bool profile_guided, Dex2oatFileWrapper* in_vdex_wrapper_fd, 1158 Dex2oatFileWrapper* out_vdex_wrapper_fd) { 1159 CHECK(in_vdex_wrapper_fd != nullptr); 1160 CHECK(out_vdex_wrapper_fd != nullptr); 1161 // Open the existing VDEX. We do this before creating the new output VDEX, which will 1162 // unlink the old one. 1163 char in_odex_path[PKG_PATH_MAX]; 1164 int dexopt_action = abs(dexopt_needed); 1165 bool is_odex_location = dexopt_needed < 0; 1166 std::string in_vdex_path_str; 1167 1168 // Infer the name of the output VDEX. 1169 const std::string out_vdex_path_str = create_vdex_filename(out_oat_path); 1170 if (out_vdex_path_str.empty()) { 1171 return false; 1172 } 1173 1174 bool update_vdex_in_place = false; 1175 if (dexopt_action != DEX2OAT_FROM_SCRATCH) { 1176 // Open the possibly existing vdex. If none exist, we pass -1 to dex2oat for input-vdex-fd. 1177 const char* path = nullptr; 1178 if (is_odex_location) { 1179 if (calculate_odex_file_path(in_odex_path, apk_path, instruction_set)) { 1180 path = in_odex_path; 1181 } else { 1182 ALOGE("installd cannot compute input vdex location for '%s'\n", apk_path); 1183 return false; 1184 } 1185 } else { 1186 path = out_oat_path; 1187 } 1188 in_vdex_path_str = create_vdex_filename(path); 1189 if (in_vdex_path_str.empty()) { 1190 ALOGE("installd cannot compute input vdex location for '%s'\n", path); 1191 return false; 1192 } 1193 // We can update in place when all these conditions are met: 1194 // 1) The vdex location to write to is the same as the vdex location to read (vdex files 1195 // on /system typically cannot be updated in place). 1196 // 2) We dex2oat due to boot image change, because we then know the existing vdex file 1197 // cannot be currently used by a running process. 1198 // 3) We are not doing a profile guided compilation, because dexlayout requires two 1199 // different vdex files to operate. 1200 update_vdex_in_place = 1201 (in_vdex_path_str == out_vdex_path_str) && 1202 (dexopt_action == DEX2OAT_FOR_BOOT_IMAGE) && 1203 !profile_guided; 1204 if (update_vdex_in_place) { 1205 // Open the file read-write to be able to update it. 1206 in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDWR, 0)); 1207 if (in_vdex_wrapper_fd->get() == -1) { 1208 // If we failed to open the file, we cannot update it in place. 1209 update_vdex_in_place = false; 1210 } 1211 } else { 1212 in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDONLY, 0)); 1213 } 1214 } 1215 1216 // If we are updating the vdex in place, we do not need to recreate a vdex, 1217 // and can use the same existing one. 1218 if (update_vdex_in_place) { 1219 // We unlink the file in case the invocation of dex2oat fails, to ensure we don't 1220 // have bogus stale vdex files. 1221 out_vdex_wrapper_fd->reset( 1222 in_vdex_wrapper_fd->get(), 1223 [out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); }); 1224 // Disable auto close for the in wrapper fd (it will be done when destructing the out 1225 // wrapper). 1226 in_vdex_wrapper_fd->DisableAutoClose(); 1227 } else { 1228 out_vdex_wrapper_fd->reset( 1229 open_output_file(out_vdex_path_str.c_str(), /*recreate*/true, /*permissions*/0644), 1230 [out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); }); 1231 if (out_vdex_wrapper_fd->get() < 0) { 1232 ALOGE("installd cannot open vdex'%s' during dexopt\n", out_vdex_path_str.c_str()); 1233 return false; 1234 } 1235 } 1236 if (!set_permissions_and_ownership(out_vdex_wrapper_fd->get(), is_public, uid, 1237 out_vdex_path_str.c_str(), is_secondary_dex)) { 1238 ALOGE("installd cannot set owner '%s' for vdex during dexopt\n", out_vdex_path_str.c_str()); 1239 return false; 1240 } 1241 1242 // If we got here we successfully opened the vdex files. 1243 return true; 1244 } 1245 1246 // Opens the output oat file for the given apk. 1247 // If successful it stores the output path into out_oat_path and returns true. 1248 Dex2oatFileWrapper open_oat_out_file(const char* apk_path, const char* oat_dir, 1249 bool is_public, int uid, const char* instruction_set, bool is_secondary_dex, 1250 char* out_oat_path) { 1251 if (!create_oat_out_path(apk_path, instruction_set, oat_dir, is_secondary_dex, out_oat_path)) { 1252 return Dex2oatFileWrapper(); 1253 } 1254 const std::string out_oat_path_str(out_oat_path); 1255 Dex2oatFileWrapper wrapper_fd( 1256 open_output_file(out_oat_path, /*recreate*/true, /*permissions*/0644), 1257 [out_oat_path_str]() { unlink(out_oat_path_str.c_str()); }); 1258 if (wrapper_fd.get() < 0) { 1259 PLOG(ERROR) << "installd cannot open output during dexopt" << out_oat_path; 1260 } else if (!set_permissions_and_ownership( 1261 wrapper_fd.get(), is_public, uid, out_oat_path, is_secondary_dex)) { 1262 ALOGE("installd cannot set owner '%s' for output during dexopt\n", out_oat_path); 1263 wrapper_fd.reset(-1); 1264 } 1265 return wrapper_fd; 1266 } 1267 1268 // Updates the access times of out_oat_path based on those from apk_path. 1269 void update_out_oat_access_times(const char* apk_path, const char* out_oat_path) { 1270 struct stat input_stat; 1271 memset(&input_stat, 0, sizeof(input_stat)); 1272 if (stat(apk_path, &input_stat) != 0) { 1273 PLOG(ERROR) << "Could not stat " << apk_path << " during dexopt"; 1274 return; 1275 } 1276 1277 struct utimbuf ut; 1278 ut.actime = input_stat.st_atime; 1279 ut.modtime = input_stat.st_mtime; 1280 if (utime(out_oat_path, &ut) != 0) { 1281 PLOG(WARNING) << "Could not update access times for " << apk_path << " during dexopt"; 1282 } 1283 } 1284 1285 // Runs (execv) dexoptanalyzer on the given arguments. 1286 // The analyzer will check if the dex_file needs to be (re)compiled to match the compiler_filter. 1287 // If this is for a profile guided compilation, profile_was_updated will tell whether or not 1288 // the profile has changed. 1289 static void exec_dexoptanalyzer(const std::string& dex_file, const char* instruction_set, 1290 const char* compiler_filter, bool profile_was_updated) { 1291 static const char* DEXOPTANALYZER_BIN = "/system/bin/dexoptanalyzer"; 1292 static const unsigned int MAX_INSTRUCTION_SET_LEN = 7; 1293 1294 if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) { 1295 ALOGE("Instruction set %s longer than max length of %d", 1296 instruction_set, MAX_INSTRUCTION_SET_LEN); 1297 return; 1298 } 1299 1300 char dex_file_arg[strlen("--dex-file=") + PKG_PATH_MAX]; 1301 char isa_arg[strlen("--isa=") + MAX_INSTRUCTION_SET_LEN]; 1302 char compiler_filter_arg[strlen("--compiler-filter=") + kPropertyValueMax]; 1303 const char* assume_profile_changed = "--assume-profile-changed"; 1304 1305 sprintf(dex_file_arg, "--dex-file=%s", dex_file.c_str()); 1306 sprintf(isa_arg, "--isa=%s", instruction_set); 1307 sprintf(compiler_filter_arg, "--compiler-filter=%s", compiler_filter); 1308 1309 // program name, dex file, isa, filter, the final NULL 1310 const char* argv[5 + (profile_was_updated ? 1 : 0)]; 1311 int i = 0; 1312 argv[i++] = DEXOPTANALYZER_BIN; 1313 argv[i++] = dex_file_arg; 1314 argv[i++] = isa_arg; 1315 argv[i++] = compiler_filter_arg; 1316 if (profile_was_updated) { 1317 argv[i++] = assume_profile_changed; 1318 } 1319 argv[i] = NULL; 1320 1321 execv(DEXOPTANALYZER_BIN, (char * const *)argv); 1322 ALOGE("execv(%s) failed: %s\n", DEXOPTANALYZER_BIN, strerror(errno)); 1323 } 1324 1325 // Prepares the oat dir for the secondary dex files. 1326 static bool prepare_secondary_dex_oat_dir(const std::string& dex_path, int uid, 1327 const char* instruction_set, std::string* oat_dir_out) { 1328 unsigned long dirIndex = dex_path.rfind('/'); 1329 if (dirIndex == std::string::npos) { 1330 LOG(ERROR ) << "Unexpected dir structure for secondary dex " << dex_path; 1331 return false; 1332 } 1333 std::string dex_dir = dex_path.substr(0, dirIndex); 1334 1335 // Create oat file output directory. 1336 mode_t oat_dir_mode = S_IRWXU | S_IRWXG | S_IXOTH; 1337 if (prepare_app_cache_dir(dex_dir, "oat", oat_dir_mode, uid, uid) != 0) { 1338 LOG(ERROR) << "Could not prepare oat dir for secondary dex: " << dex_path; 1339 return false; 1340 } 1341 1342 char oat_dir[PKG_PATH_MAX]; 1343 snprintf(oat_dir, PKG_PATH_MAX, "%s/oat", dex_dir.c_str()); 1344 oat_dir_out->assign(oat_dir); 1345 1346 // Create oat/isa output directory. 1347 if (prepare_app_cache_dir(*oat_dir_out, instruction_set, oat_dir_mode, uid, uid) != 0) { 1348 LOG(ERROR) << "Could not prepare oat/isa dir for secondary dex: " << dex_path; 1349 return false; 1350 } 1351 1352 return true; 1353 } 1354 1355 static int constexpr DEXOPTANALYZER_BIN_EXEC_ERROR = 200; 1356 1357 // Verifies the result of dexoptanalyzer executed for the apk_path. 1358 // If the result is valid returns true and sets dexopt_needed_out to a valid value. 1359 // Returns false for errors or unexpected result values. 1360 static bool process_dexoptanalyzer_result(const std::string& dex_path, int result, 1361 int* dexopt_needed_out) { 1362 // The result values are defined in dexoptanalyzer. 1363 switch (result) { 1364 case 0: // no_dexopt_needed 1365 *dexopt_needed_out = NO_DEXOPT_NEEDED; return true; 1366 case 1: // dex2oat_from_scratch 1367 *dexopt_needed_out = DEX2OAT_FROM_SCRATCH; return true; 1368 case 5: // dex2oat_for_bootimage_odex 1369 *dexopt_needed_out = -DEX2OAT_FOR_BOOT_IMAGE; return true; 1370 case 6: // dex2oat_for_filter_odex 1371 *dexopt_needed_out = -DEX2OAT_FOR_FILTER; return true; 1372 case 7: // dex2oat_for_relocation_odex 1373 *dexopt_needed_out = -DEX2OAT_FOR_RELOCATION; return true; 1374 case 2: // dex2oat_for_bootimage_oat 1375 case 3: // dex2oat_for_filter_oat 1376 case 4: // dex2oat_for_relocation_oat 1377 LOG(ERROR) << "Dexoptnalyzer return the status of an oat file." 1378 << " Expected odex file status for secondary dex " << dex_path 1379 << " : dexoptanalyzer result=" << result; 1380 return false; 1381 default: 1382 LOG(ERROR) << "Unexpected result for dexoptanalyzer " << dex_path 1383 << " exec_dexoptanalyzer result=" << result; 1384 return false; 1385 } 1386 } 1387 1388 // Processes the dex_path as a secondary dex files and return true if the path dex file should 1389 // be compiled. Returns false for errors (logged) or true if the secondary dex path was process 1390 // successfully. 1391 // When returning true, the output parameters will be: 1392 // - is_public_out: whether or not the oat file should not be made public 1393 // - dexopt_needed_out: valid OatFileAsssitant::DexOptNeeded 1394 // - oat_dir_out: the oat dir path where the oat file should be stored 1395 // - dex_path_out: the real path of the dex file 1396 static bool process_secondary_dex_dexopt(const char* original_dex_path, const char* pkgname, 1397 int dexopt_flags, const char* volume_uuid, int uid, const char* instruction_set, 1398 const char* compiler_filter, bool* is_public_out, int* dexopt_needed_out, 1399 std::string* oat_dir_out, std::string* dex_path_out) { 1400 int storage_flag; 1401 1402 if ((dexopt_flags & DEXOPT_STORAGE_CE) != 0) { 1403 storage_flag = FLAG_STORAGE_CE; 1404 if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) { 1405 LOG(ERROR) << "Ambiguous secondary dex storage flag. Both, CE and DE, flags are set"; 1406 return false; 1407 } 1408 } else if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) { 1409 storage_flag = FLAG_STORAGE_DE; 1410 } else { 1411 LOG(ERROR) << "Secondary dex storage flag must be set"; 1412 return false; 1413 } 1414 1415 { 1416 // As opposed to the primary apk, secondary dex files might contain symlinks. 1417 // Resolve the path before passing it to the validate method to 1418 // make sure the verification is done on the real location. 1419 UniqueCPtr<char> dex_real_path_cstr(realpath(original_dex_path, nullptr)); 1420 if (dex_real_path_cstr == nullptr) { 1421 PLOG(ERROR) << "Could not get the real path of the secondary dex file " 1422 << original_dex_path; 1423 return false; 1424 } else { 1425 dex_path_out->assign(dex_real_path_cstr.get()); 1426 } 1427 } 1428 const std::string& dex_path = *dex_path_out; 1429 if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid, uid, storage_flag)) { 1430 LOG(ERROR) << "Could not validate secondary dex path " << dex_path; 1431 return false; 1432 } 1433 1434 // Check if the path exist. If not, there's nothing to do. 1435 struct stat dex_path_stat; 1436 if (stat(dex_path.c_str(), &dex_path_stat) != 0) { 1437 if (errno == ENOENT) { 1438 // Secondary dex files might be deleted any time by the app. 1439 // Nothing to do if that's the case 1440 ALOGV("Secondary dex does not exist %s", dex_path.c_str()); 1441 return NO_DEXOPT_NEEDED; 1442 } else { 1443 PLOG(ERROR) << "Could not access secondary dex " << dex_path; 1444 } 1445 } 1446 1447 // Check if we should make the oat file public. 1448 // Note that if the dex file is not public the compiled code cannot be made public. 1449 *is_public_out = ((dexopt_flags & DEXOPT_PUBLIC) != 0) && 1450 ((dex_path_stat.st_mode & S_IROTH) != 0); 1451 1452 // Prepare the oat directories. 1453 if (!prepare_secondary_dex_oat_dir(dex_path, uid, instruction_set, oat_dir_out)) { 1454 return false; 1455 } 1456 1457 // Analyze profiles. 1458 bool profile_was_updated = analyze_profiles(uid, dex_path, /*is_secondary_dex*/true); 1459 1460 pid_t pid = fork(); 1461 if (pid == 0) { 1462 // child -- drop privileges before continuing. 1463 drop_capabilities(uid); 1464 // Run dexoptanalyzer to get dexopt_needed code. 1465 exec_dexoptanalyzer(dex_path, instruction_set, compiler_filter, profile_was_updated); 1466 exit(DEXOPTANALYZER_BIN_EXEC_ERROR); 1467 } 1468 1469 /* parent */ 1470 1471 int result = wait_child(pid); 1472 if (!WIFEXITED(result)) { 1473 LOG(ERROR) << "dexoptanalyzer failed for path " << dex_path << ": " << result; 1474 return false; 1475 } 1476 result = WEXITSTATUS(result); 1477 bool success = process_dexoptanalyzer_result(dex_path, result, dexopt_needed_out); 1478 // Run dexopt only if needed or forced. 1479 // Note that dexoptanalyzer is executed even if force compilation is enabled. 1480 // We ignore its valid dexopNeeded result, but still check (in process_dexoptanalyzer_result) 1481 // that we only get results for odex files (apk_dir/oat/isa/code.odex) and not 1482 // for oat files from dalvik-cache. 1483 if (success && ((dexopt_flags & DEXOPT_FORCE) != 0)) { 1484 *dexopt_needed_out = DEX2OAT_FROM_SCRATCH; 1485 } 1486 1487 return success; 1488 } 1489 1490 int dexopt(const char* dex_path, uid_t uid, const char* pkgname, const char* instruction_set, 1491 int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter, 1492 const char* volume_uuid, const char* shared_libraries, const char* se_info) { 1493 CHECK(pkgname != nullptr); 1494 CHECK(pkgname[0] != 0); 1495 if ((dexopt_flags & ~DEXOPT_MASK) != 0) { 1496 LOG_FATAL("dexopt flags contains unknown fields\n"); 1497 } 1498 1499 bool is_public = (dexopt_flags & DEXOPT_PUBLIC) != 0; 1500 bool debuggable = (dexopt_flags & DEXOPT_DEBUGGABLE) != 0; 1501 bool boot_complete = (dexopt_flags & DEXOPT_BOOTCOMPLETE) != 0; 1502 bool profile_guided = (dexopt_flags & DEXOPT_PROFILE_GUIDED) != 0; 1503 bool is_secondary_dex = (dexopt_flags & DEXOPT_SECONDARY_DEX) != 0; 1504 1505 // Check if we're dealing with a secondary dex file and if we need to compile it. 1506 std::string oat_dir_str; 1507 std::string dex_real_path; 1508 if (is_secondary_dex) { 1509 if (process_secondary_dex_dexopt(dex_path, pkgname, dexopt_flags, volume_uuid, uid, 1510 instruction_set, compiler_filter, &is_public, &dexopt_needed, &oat_dir_str, 1511 &dex_real_path)) { 1512 oat_dir = oat_dir_str.c_str(); 1513 dex_path = dex_real_path.c_str(); 1514 if (dexopt_needed == NO_DEXOPT_NEEDED) { 1515 return 0; // Nothing to do, report success. 1516 } 1517 } else { 1518 return -1; // We had an error, logged in the process method. 1519 } 1520 } else { 1521 // Currently these flags are only use for secondary dex files. 1522 // Verify that they are not set for primary apks. 1523 CHECK((dexopt_flags & DEXOPT_STORAGE_CE) == 0); 1524 CHECK((dexopt_flags & DEXOPT_STORAGE_DE) == 0); 1525 } 1526 1527 // Open the input file. 1528 unique_fd input_fd(open(dex_path, O_RDONLY, 0)); 1529 if (input_fd.get() < 0) { 1530 ALOGE("installd cannot open '%s' for input during dexopt\n", dex_path); 1531 return -1; 1532 } 1533 1534 // Create the output OAT file. 1535 char out_oat_path[PKG_PATH_MAX]; 1536 Dex2oatFileWrapper out_oat_fd = open_oat_out_file(dex_path, oat_dir, is_public, uid, 1537 instruction_set, is_secondary_dex, out_oat_path); 1538 if (out_oat_fd.get() < 0) { 1539 return -1; 1540 } 1541 1542 // Open vdex files. 1543 Dex2oatFileWrapper in_vdex_fd; 1544 Dex2oatFileWrapper out_vdex_fd; 1545 if (!open_vdex_files(dex_path, out_oat_path, dexopt_needed, instruction_set, is_public, uid, 1546 is_secondary_dex, profile_guided, &in_vdex_fd, &out_vdex_fd)) { 1547 return -1; 1548 } 1549 1550 // Ensure that the oat dir and the compiler artifacts of secondary dex files have the correct 1551 // selinux context (we generate them on the fly during the dexopt invocation and they don't 1552 // fully inherit their parent context). 1553 // Note that for primary apk the oat files are created before, in a separate installd 1554 // call which also does the restorecon. TODO(calin): unify the paths. 1555 if (is_secondary_dex) { 1556 if (selinux_android_restorecon_pkgdir(oat_dir, se_info, uid, 1557 SELINUX_ANDROID_RESTORECON_RECURSE)) { 1558 LOG(ERROR) << "Failed to restorecon " << oat_dir; 1559 return -1; 1560 } 1561 } 1562 1563 // Create a swap file if necessary. 1564 unique_fd swap_fd = maybe_open_dexopt_swap_file(out_oat_path); 1565 1566 // Create the app image file if needed. 1567 Dex2oatFileWrapper image_fd = 1568 maybe_open_app_image(out_oat_path, profile_guided, is_public, uid, is_secondary_dex); 1569 1570 // Open the reference profile if needed. 1571 Dex2oatFileWrapper reference_profile_fd = maybe_open_reference_profile( 1572 pkgname, dex_path, profile_guided, is_public, uid, is_secondary_dex); 1573 1574 ALOGV("DexInv: --- BEGIN '%s' ---\n", dex_path); 1575 1576 pid_t pid = fork(); 1577 if (pid == 0) { 1578 /* child -- drop privileges before continuing */ 1579 drop_capabilities(uid); 1580 1581 SetDex2OatScheduling(boot_complete); 1582 if (flock(out_oat_fd.get(), LOCK_EX | LOCK_NB) != 0) { 1583 ALOGE("flock(%s) failed: %s\n", out_oat_path, strerror(errno)); 1584 _exit(67); 1585 } 1586 1587 run_dex2oat(input_fd.get(), 1588 out_oat_fd.get(), 1589 in_vdex_fd.get(), 1590 out_vdex_fd.get(), 1591 image_fd.get(), 1592 dex_path, 1593 out_oat_path, 1594 swap_fd.get(), 1595 instruction_set, 1596 compiler_filter, 1597 debuggable, 1598 boot_complete, 1599 reference_profile_fd.get(), 1600 shared_libraries); 1601 _exit(68); /* only get here on exec failure */ 1602 } else { 1603 int res = wait_child(pid); 1604 if (res == 0) { 1605 ALOGV("DexInv: --- END '%s' (success) ---\n", dex_path); 1606 } else { 1607 ALOGE("DexInv: --- END '%s' --- status=0x%04x, process failed\n", dex_path, res); 1608 return res; 1609 } 1610 } 1611 1612 update_out_oat_access_times(dex_path, out_oat_path); 1613 1614 // We've been successful, don't delete output. 1615 out_oat_fd.SetCleanup(false); 1616 out_vdex_fd.SetCleanup(false); 1617 image_fd.SetCleanup(false); 1618 reference_profile_fd.SetCleanup(false); 1619 1620 return 0; 1621 } 1622 1623 // Try to remove the given directory. Log an error if the directory exists 1624 // and is empty but could not be removed. 1625 static bool rmdir_if_empty(const char* dir) { 1626 if (rmdir(dir) == 0) { 1627 return true; 1628 } 1629 if (errno == ENOENT || errno == ENOTEMPTY) { 1630 return true; 1631 } 1632 PLOG(ERROR) << "Failed to remove dir: " << dir; 1633 return false; 1634 } 1635 1636 // Try to unlink the given file. Log an error if the file exists and could not 1637 // be unlinked. 1638 static bool unlink_if_exists(const std::string& file) { 1639 if (unlink(file.c_str()) == 0) { 1640 return true; 1641 } 1642 if (errno == ENOENT) { 1643 return true; 1644 1645 } 1646 PLOG(ERROR) << "Could not unlink: " << file; 1647 return false; 1648 } 1649 1650 // Create the oat file structure for the secondary dex 'dex_path' and assign 1651 // the individual path component to the 'out_' parameters. 1652 static bool create_secondary_dex_oat_layout(const std::string& dex_path, const std::string& isa, 1653 /*out*/char* out_oat_dir, /*out*/char* out_oat_isa_dir, /*out*/char* out_oat_path) { 1654 size_t dirIndex = dex_path.rfind('/'); 1655 if (dirIndex == std::string::npos) { 1656 LOG(ERROR) << "Unexpected dir structure for dex file " << dex_path; 1657 return false; 1658 } 1659 // TODO(calin): we have similar computations in at lest 3 other places 1660 // (InstalldNativeService, otapropt and dexopt). Unify them and get rid of snprintf by 1661 // use string append. 1662 std::string apk_dir = dex_path.substr(0, dirIndex); 1663 snprintf(out_oat_dir, PKG_PATH_MAX, "%s/oat", apk_dir.c_str()); 1664 snprintf(out_oat_isa_dir, PKG_PATH_MAX, "%s/%s", out_oat_dir, isa.c_str()); 1665 1666 if (!create_oat_out_path(dex_path.c_str(), isa.c_str(), out_oat_dir, 1667 /*is_secondary_dex*/true, out_oat_path)) { 1668 LOG(ERROR) << "Could not create oat path for secondary dex " << dex_path; 1669 return false; 1670 } 1671 return true; 1672 } 1673 1674 // Reconcile the secondary dex 'dex_path' and its generated oat files. 1675 // Return true if all the parameters are valid and the secondary dex file was 1676 // processed successfully (i.e. the dex_path either exists, or if not, its corresponding 1677 // oat/vdex/art files where deleted successfully). In this case, out_secondary_dex_exists 1678 // will be true if the secondary dex file still exists. If the secondary dex file does not exist, 1679 // the method cleans up any previously generated compiler artifacts (oat, vdex, art). 1680 // Return false if there were errors during processing. In this case 1681 // out_secondary_dex_exists will be set to false. 1682 bool reconcile_secondary_dex_file(const std::string& dex_path, 1683 const std::string& pkgname, int uid, const std::vector<std::string>& isas, 1684 const std::unique_ptr<std::string>& volume_uuid, int storage_flag, 1685 /*out*/bool* out_secondary_dex_exists) { 1686 // Set out to false to start with, just in case we have validation errors. 1687 *out_secondary_dex_exists = false; 1688 if (isas.size() == 0) { 1689 LOG(ERROR) << "reconcile_secondary_dex_file called with empty isas vector"; 1690 return false; 1691 } 1692 1693 const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str(); 1694 if (!validate_secondary_dex_path(pkgname.c_str(), dex_path.c_str(), volume_uuid_cstr, 1695 uid, storage_flag)) { 1696 LOG(ERROR) << "Could not validate secondary dex path " << dex_path; 1697 return false; 1698 } 1699 1700 if (access(dex_path.c_str(), F_OK) == 0) { 1701 // The path exists, nothing to do. The odex files (if any) will be left untouched. 1702 *out_secondary_dex_exists = true; 1703 return true; 1704 } else if (errno != ENOENT) { 1705 PLOG(ERROR) << "Failed to check access to secondary dex " << dex_path; 1706 return false; 1707 } 1708 1709 // The secondary dex does not exist anymore. Clear any generated files. 1710 char oat_path[PKG_PATH_MAX]; 1711 char oat_dir[PKG_PATH_MAX]; 1712 char oat_isa_dir[PKG_PATH_MAX]; 1713 bool result = true; 1714 for (size_t i = 0; i < isas.size(); i++) { 1715 if (!create_secondary_dex_oat_layout(dex_path, isas[i], oat_dir, oat_isa_dir, oat_path)) { 1716 LOG(ERROR) << "Could not create secondary odex layout: " << dex_path; 1717 result = false; 1718 continue; 1719 } 1720 1721 // Delete oat/vdex/art files. 1722 result = unlink_if_exists(oat_path) && result; 1723 result = unlink_if_exists(create_vdex_filename(oat_path)) && result; 1724 result = unlink_if_exists(create_image_filename(oat_path)) && result; 1725 1726 // Delete profiles. 1727 std::string current_profile = create_current_profile_path( 1728 multiuser_get_user_id(uid), dex_path, /*is_secondary*/true); 1729 std::string reference_profile = create_reference_profile_path( 1730 dex_path, /*is_secondary*/true); 1731 result = unlink_if_exists(current_profile) && result; 1732 result = unlink_if_exists(reference_profile) && result; 1733 1734 // Try removing the directories as well, they might be empty. 1735 result = rmdir_if_empty(oat_isa_dir) && result; 1736 result = rmdir_if_empty(oat_dir) && result; 1737 } 1738 1739 return result; 1740 } 1741 1742 // Helper for move_ab, so that we can have common failure-case cleanup. 1743 static bool unlink_and_rename(const char* from, const char* to) { 1744 // Check whether "from" exists, and if so whether it's regular. If it is, unlink. Otherwise, 1745 // return a failure. 1746 struct stat s; 1747 if (stat(to, &s) == 0) { 1748 if (!S_ISREG(s.st_mode)) { 1749 LOG(ERROR) << from << " is not a regular file to replace for A/B."; 1750 return false; 1751 } 1752 if (unlink(to) != 0) { 1753 LOG(ERROR) << "Could not unlink " << to << " to move A/B."; 1754 return false; 1755 } 1756 } else { 1757 // This may be a permission problem. We could investigate the error code, but we'll just 1758 // let the rename failure do the work for us. 1759 } 1760 1761 // Try to rename "to" to "from." 1762 if (rename(from, to) != 0) { 1763 PLOG(ERROR) << "Could not rename " << from << " to " << to; 1764 return false; 1765 } 1766 return true; 1767 } 1768 1769 // Move/rename a B artifact (from) to an A artifact (to). 1770 static bool move_ab_path(const std::string& b_path, const std::string& a_path) { 1771 // Check whether B exists. 1772 { 1773 struct stat s; 1774 if (stat(b_path.c_str(), &s) != 0) { 1775 // Silently ignore for now. The service calling this isn't smart enough to understand 1776 // lack of artifacts at the moment. 1777 return false; 1778 } 1779 if (!S_ISREG(s.st_mode)) { 1780 LOG(ERROR) << "A/B artifact " << b_path << " is not a regular file."; 1781 // Try to unlink, but swallow errors. 1782 unlink(b_path.c_str()); 1783 return false; 1784 } 1785 } 1786 1787 // Rename B to A. 1788 if (!unlink_and_rename(b_path.c_str(), a_path.c_str())) { 1789 // Delete the b_path so we don't try again (or fail earlier). 1790 if (unlink(b_path.c_str()) != 0) { 1791 PLOG(ERROR) << "Could not unlink " << b_path; 1792 } 1793 1794 return false; 1795 } 1796 1797 return true; 1798 } 1799 1800 bool move_ab(const char* apk_path, const char* instruction_set, const char* oat_dir) { 1801 // Get the current slot suffix. No suffix, no A/B. 1802 std::string slot_suffix; 1803 { 1804 char buf[kPropertyValueMax]; 1805 if (get_property("ro.boot.slot_suffix", buf, nullptr) <= 0) { 1806 return false; 1807 } 1808 slot_suffix = buf; 1809 1810 if (!ValidateTargetSlotSuffix(slot_suffix)) { 1811 LOG(ERROR) << "Target slot suffix not legal: " << slot_suffix; 1812 return false; 1813 } 1814 } 1815 1816 // Validate other inputs. 1817 if (validate_apk_path(apk_path) != 0) { 1818 LOG(ERROR) << "Invalid apk_path: " << apk_path; 1819 return false; 1820 } 1821 if (validate_apk_path(oat_dir) != 0) { 1822 LOG(ERROR) << "Invalid oat_dir: " << oat_dir; 1823 return false; 1824 } 1825 1826 char a_path[PKG_PATH_MAX]; 1827 if (!calculate_oat_file_path(a_path, oat_dir, apk_path, instruction_set)) { 1828 return false; 1829 } 1830 const std::string a_vdex_path = create_vdex_filename(a_path); 1831 const std::string a_image_path = create_image_filename(a_path); 1832 1833 // B path = A path + slot suffix. 1834 const std::string b_path = StringPrintf("%s.%s", a_path, slot_suffix.c_str()); 1835 const std::string b_vdex_path = StringPrintf("%s.%s", a_vdex_path.c_str(), slot_suffix.c_str()); 1836 const std::string b_image_path = StringPrintf("%s.%s", 1837 a_image_path.c_str(), 1838 slot_suffix.c_str()); 1839 1840 bool success = true; 1841 if (move_ab_path(b_path, a_path)) { 1842 if (move_ab_path(b_vdex_path, a_vdex_path)) { 1843 // Note: we can live without an app image. As such, ignore failure to move the image file. 1844 // If we decide to require the app image, or the app image being moved correctly, 1845 // then change accordingly. 1846 constexpr bool kIgnoreAppImageFailure = true; 1847 1848 if (!a_image_path.empty()) { 1849 if (!move_ab_path(b_image_path, a_image_path)) { 1850 unlink(a_image_path.c_str()); 1851 if (!kIgnoreAppImageFailure) { 1852 success = false; 1853 } 1854 } 1855 } 1856 } else { 1857 // Cleanup: delete B image, ignore errors. 1858 unlink(b_image_path.c_str()); 1859 success = false; 1860 } 1861 } else { 1862 // Cleanup: delete B image, ignore errors. 1863 unlink(b_vdex_path.c_str()); 1864 unlink(b_image_path.c_str()); 1865 success = false; 1866 } 1867 return success; 1868 } 1869 1870 bool delete_odex(const char* apk_path, const char* instruction_set, const char* oat_dir) { 1871 // Delete the oat/odex file. 1872 char out_path[PKG_PATH_MAX]; 1873 if (!create_oat_out_path(apk_path, instruction_set, oat_dir, 1874 /*is_secondary_dex*/false, out_path)) { 1875 return false; 1876 } 1877 1878 // In case of a permission failure report the issue. Otherwise just print a warning. 1879 auto unlink_and_check = [](const char* path) -> bool { 1880 int result = unlink(path); 1881 if (result != 0) { 1882 if (errno == EACCES || errno == EPERM) { 1883 PLOG(ERROR) << "Could not unlink " << path; 1884 return false; 1885 } 1886 PLOG(WARNING) << "Could not unlink " << path; 1887 } 1888 return true; 1889 }; 1890 1891 // Delete the oat/odex file. 1892 bool return_value_oat = unlink_and_check(out_path); 1893 1894 // Derive and delete the app image. 1895 bool return_value_art = unlink_and_check(create_image_filename(out_path).c_str()); 1896 1897 // Derive and delete the vdex file. 1898 bool return_value_vdex = unlink_and_check(create_vdex_filename(out_path).c_str()); 1899 1900 // Report success. 1901 return return_value_oat && return_value_art && return_value_vdex; 1902 } 1903 1904 } // namespace installd 1905 } // namespace android 1906
