1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #define LOG_TAG "installed" 17 18 #include <fcntl.h> 19 #include <stdlib.h> 20 #include <string.h> 21 #include <sys/capability.h> 22 #include <sys/file.h> 23 #include <sys/stat.h> 24 #include <sys/time.h> 25 #include <sys/types.h> 26 #include <sys/resource.h> 27 #include <sys/wait.h> 28 #include <unistd.h> 29 30 #include <android-base/logging.h> 31 #include <android-base/stringprintf.h> 32 #include <android-base/strings.h> 33 #include <android-base/unique_fd.h> 34 #include <cutils/fs.h> 35 #include <cutils/properties.h> 36 #include <cutils/sched_policy.h> 37 #include <log/log.h> // TODO: Move everything to base/logging. 38 #include <private/android_filesystem_config.h> 39 #include <selinux/android.h> 40 #include <system/thread_defs.h> 41 42 #include "dexopt.h" 43 #include "installd_deps.h" 44 #include "otapreopt_utils.h" 45 #include "utils.h" 46 47 using android::base::StringPrintf; 48 using android::base::EndsWith; 49 using android::base::unique_fd; 50 51 namespace android { 52 namespace installd { 53 54 // Deleter using free() for use with std::unique_ptr<>. See also UniqueCPtr<> below. 55 struct FreeDelete { 56 // NOTE: Deleting a const object is valid but free() takes a non-const pointer. 57 void operator()(const void* ptr) const { 58 free(const_cast<void*>(ptr)); 59 } 60 }; 61 62 // Alias for std::unique_ptr<> that uses the C function free() to delete objects. 63 template <typename T> 64 using UniqueCPtr = std::unique_ptr<T, FreeDelete>; 65 66 static unique_fd invalid_unique_fd() { 67 return unique_fd(-1); 68 } 69 70 static bool clear_profile(const std::string& profile) { 71 unique_fd ufd(open(profile.c_str(), O_WRONLY | O_NOFOLLOW | O_CLOEXEC)); 72 if (ufd.get() < 0) { 73 if (errno != ENOENT) { 74 PLOG(WARNING) << "Could not open profile " << profile; 75 return false; 76 } else { 77 // Nothing to clear. That's ok. 78 return true; 79 } 80 } 81 82 if (flock(ufd.get(), LOCK_EX | LOCK_NB) != 0) { 83 if (errno != EWOULDBLOCK) { 84 PLOG(WARNING) << "Error locking profile " << profile; 85 } 86 // This implies that the app owning this profile is running 87 // (and has acquired the lock). 88 // 89 // If we can't acquire the lock bail out since clearing is useless anyway 90 // (the app will write again to the profile). 91 // 92 // Note: 93 // This does not impact the this is not an issue for the profiling correctness. 94 // In case this is needed because of an app upgrade, profiles will still be 95 // eventually cleared by the app itself due to checksum mismatch. 96 // If this is needed because profman advised, then keeping the data around 97 // until the next run is again not an issue. 98 // 99 // If the app attempts to acquire a lock while we've held one here, 100 // it will simply skip the current write cycle. 101 return false; 102 } 103 104 bool truncated = ftruncate(ufd.get(), 0) == 0; 105 if (!truncated) { 106 PLOG(WARNING) << "Could not truncate " << profile; 107 } 108 if (flock(ufd.get(), LOCK_UN) != 0) { 109 PLOG(WARNING) << "Error unlocking profile " << profile; 110 } 111 return truncated; 112 } 113 114 // Clear the reference profile for the given location. 115 // The location is the package name for primary apks or the dex path for secondary dex files. 116 static bool clear_reference_profile(const std::string& location, bool is_secondary_dex) { 117 return clear_profile(create_reference_profile_path(location, is_secondary_dex)); 118 } 119 120 // Clear the reference profile for the given location. 121 // The location is the package name for primary apks or the dex path for secondary dex files. 122 static bool clear_current_profile(const std::string& pkgname, userid_t user, 123 bool is_secondary_dex) { 124 return clear_profile(create_current_profile_path(user, pkgname, is_secondary_dex)); 125 } 126 127 // Clear the reference profile for the primary apk of the given package. 128 bool clear_primary_reference_profile(const std::string& pkgname) { 129 return clear_reference_profile(pkgname, /*is_secondary_dex*/false); 130 } 131 132 // Clear all current profile for the primary apk of the given package. 133 bool clear_primary_current_profiles(const std::string& pkgname) { 134 bool success = true; 135 // For secondary dex files, we don't really need the user but we use it for sanity checks. 136 std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr); 137 for (auto user : users) { 138 success &= clear_current_profile(pkgname, user, /*is_secondary_dex*/false); 139 } 140 return success; 141 } 142 143 // Clear the current profile for the primary apk of the given package and user. 144 bool clear_primary_current_profile(const std::string& pkgname, userid_t user) { 145 return clear_current_profile(pkgname, user, /*is_secondary_dex*/false); 146 } 147 148 static int split_count(const char *str) 149 { 150 char *ctx; 151 int count = 0; 152 char buf[kPropertyValueMax]; 153 154 strncpy(buf, str, sizeof(buf)); 155 char *pBuf = buf; 156 157 while(strtok_r(pBuf, " ", &ctx) != NULL) { 158 count++; 159 pBuf = NULL; 160 } 161 162 return count; 163 } 164 165 static int split(char *buf, const char **argv) 166 { 167 char *ctx; 168 int count = 0; 169 char *tok; 170 char *pBuf = buf; 171 172 while((tok = strtok_r(pBuf, " ", &ctx)) != NULL) { 173 argv[count++] = tok; 174 pBuf = NULL; 175 } 176 177 return count; 178 } 179 180 static const char* get_location_from_path(const char* path) { 181 static constexpr char kLocationSeparator = '/'; 182 const char *location = strrchr(path, kLocationSeparator); 183 if (location == NULL) { 184 return path; 185 } else { 186 // Skip the separator character. 187 return location + 1; 188 } 189 } 190 191 static void run_dex2oat(int zip_fd, int oat_fd, int input_vdex_fd, int output_vdex_fd, int image_fd, 192 const char* input_file_name, const char* output_file_name, int swap_fd, 193 const char* instruction_set, const char* compiler_filter, 194 bool debuggable, bool post_bootcomplete, int profile_fd, const char* class_loader_context) { 195 static const unsigned int MAX_INSTRUCTION_SET_LEN = 7; 196 197 if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) { 198 ALOGE("Instruction set %s longer than max length of %d", 199 instruction_set, MAX_INSTRUCTION_SET_LEN); 200 return; 201 } 202 203 // Get the relative path to the input file. 204 const char* relative_input_file_name = get_location_from_path(input_file_name); 205 206 char dex2oat_Xms_flag[kPropertyValueMax]; 207 bool have_dex2oat_Xms_flag = get_property("dalvik.vm.dex2oat-Xms", dex2oat_Xms_flag, NULL) > 0; 208 209 char dex2oat_Xmx_flag[kPropertyValueMax]; 210 bool have_dex2oat_Xmx_flag = get_property("dalvik.vm.dex2oat-Xmx", dex2oat_Xmx_flag, NULL) > 0; 211 212 char dex2oat_threads_buf[kPropertyValueMax]; 213 bool have_dex2oat_threads_flag = get_property(post_bootcomplete 214 ? "dalvik.vm.dex2oat-threads" 215 : "dalvik.vm.boot-dex2oat-threads", 216 dex2oat_threads_buf, 217 NULL) > 0; 218 char dex2oat_threads_arg[kPropertyValueMax + 2]; 219 if (have_dex2oat_threads_flag) { 220 sprintf(dex2oat_threads_arg, "-j%s", dex2oat_threads_buf); 221 } 222 223 char dex2oat_isa_features_key[kPropertyKeyMax]; 224 sprintf(dex2oat_isa_features_key, "dalvik.vm.isa.%s.features", instruction_set); 225 char dex2oat_isa_features[kPropertyValueMax]; 226 bool have_dex2oat_isa_features = get_property(dex2oat_isa_features_key, 227 dex2oat_isa_features, NULL) > 0; 228 229 char dex2oat_isa_variant_key[kPropertyKeyMax]; 230 sprintf(dex2oat_isa_variant_key, "dalvik.vm.isa.%s.variant", instruction_set); 231 char dex2oat_isa_variant[kPropertyValueMax]; 232 bool have_dex2oat_isa_variant = get_property(dex2oat_isa_variant_key, 233 dex2oat_isa_variant, NULL) > 0; 234 235 const char *dex2oat_norelocation = "-Xnorelocate"; 236 bool have_dex2oat_relocation_skip_flag = false; 237 238 char dex2oat_flags[kPropertyValueMax]; 239 int dex2oat_flags_count = get_property("dalvik.vm.dex2oat-flags", 240 dex2oat_flags, NULL) <= 0 ? 0 : split_count(dex2oat_flags); 241 ALOGV("dalvik.vm.dex2oat-flags=%s\n", dex2oat_flags); 242 243 // If we are booting without the real /data, don't spend time compiling. 244 char vold_decrypt[kPropertyValueMax]; 245 bool have_vold_decrypt = get_property("vold.decrypt", vold_decrypt, "") > 0; 246 bool skip_compilation = (have_vold_decrypt && 247 (strcmp(vold_decrypt, "trigger_restart_min_framework") == 0 || 248 (strcmp(vold_decrypt, "1") == 0))); 249 250 bool generate_debug_info = property_get_bool("debug.generate-debug-info", false); 251 252 char app_image_format[kPropertyValueMax]; 253 char image_format_arg[strlen("--image-format=") + kPropertyValueMax]; 254 bool have_app_image_format = 255 image_fd >= 0 && get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0; 256 if (have_app_image_format) { 257 sprintf(image_format_arg, "--image-format=%s", app_image_format); 258 } 259 260 char dex2oat_large_app_threshold[kPropertyValueMax]; 261 bool have_dex2oat_large_app_threshold = 262 get_property("dalvik.vm.dex2oat-very-large", dex2oat_large_app_threshold, NULL) > 0; 263 char dex2oat_large_app_threshold_arg[strlen("--very-large-app-threshold=") + kPropertyValueMax]; 264 if (have_dex2oat_large_app_threshold) { 265 sprintf(dex2oat_large_app_threshold_arg, 266 "--very-large-app-threshold=%s", 267 dex2oat_large_app_threshold); 268 } 269 270 static const char* DEX2OAT_BIN = "/system/bin/dex2oat"; 271 272 static const char* RUNTIME_ARG = "--runtime-arg"; 273 274 static const int MAX_INT_LEN = 12; // '-'+10dig+'\0' -OR- 0x+8dig 275 276 // clang FORTIFY doesn't let us use strlen in constant array bounds, so we 277 // use arraysize instead. 278 char zip_fd_arg[arraysize("--zip-fd=") + MAX_INT_LEN]; 279 char zip_location_arg[arraysize("--zip-location=") + PKG_PATH_MAX]; 280 char input_vdex_fd_arg[arraysize("--input-vdex-fd=") + MAX_INT_LEN]; 281 char output_vdex_fd_arg[arraysize("--output-vdex-fd=") + MAX_INT_LEN]; 282 char oat_fd_arg[arraysize("--oat-fd=") + MAX_INT_LEN]; 283 char oat_location_arg[arraysize("--oat-location=") + PKG_PATH_MAX]; 284 char instruction_set_arg[arraysize("--instruction-set=") + MAX_INSTRUCTION_SET_LEN]; 285 char instruction_set_variant_arg[arraysize("--instruction-set-variant=") + kPropertyValueMax]; 286 char instruction_set_features_arg[arraysize("--instruction-set-features=") + kPropertyValueMax]; 287 char dex2oat_Xms_arg[arraysize("-Xms") + kPropertyValueMax]; 288 char dex2oat_Xmx_arg[arraysize("-Xmx") + kPropertyValueMax]; 289 char dex2oat_compiler_filter_arg[arraysize("--compiler-filter=") + kPropertyValueMax]; 290 bool have_dex2oat_swap_fd = false; 291 char dex2oat_swap_fd[arraysize("--swap-fd=") + MAX_INT_LEN]; 292 bool have_dex2oat_image_fd = false; 293 char dex2oat_image_fd[arraysize("--app-image-fd=") + MAX_INT_LEN]; 294 size_t class_loader_context_size = arraysize("--class-loader-context=") + PKG_PATH_MAX; 295 char class_loader_context_arg[class_loader_context_size]; 296 if (class_loader_context != nullptr) { 297 snprintf(class_loader_context_arg, class_loader_context_size, "--class-loader-context=%s", 298 class_loader_context); 299 } 300 301 sprintf(zip_fd_arg, "--zip-fd=%d", zip_fd); 302 sprintf(zip_location_arg, "--zip-location=%s", relative_input_file_name); 303 sprintf(input_vdex_fd_arg, "--input-vdex-fd=%d", input_vdex_fd); 304 sprintf(output_vdex_fd_arg, "--output-vdex-fd=%d", output_vdex_fd); 305 sprintf(oat_fd_arg, "--oat-fd=%d", oat_fd); 306 sprintf(oat_location_arg, "--oat-location=%s", output_file_name); 307 sprintf(instruction_set_arg, "--instruction-set=%s", instruction_set); 308 sprintf(instruction_set_variant_arg, "--instruction-set-variant=%s", dex2oat_isa_variant); 309 sprintf(instruction_set_features_arg, "--instruction-set-features=%s", dex2oat_isa_features); 310 if (swap_fd >= 0) { 311 have_dex2oat_swap_fd = true; 312 sprintf(dex2oat_swap_fd, "--swap-fd=%d", swap_fd); 313 } 314 if (image_fd >= 0) { 315 have_dex2oat_image_fd = true; 316 sprintf(dex2oat_image_fd, "--app-image-fd=%d", image_fd); 317 } 318 319 if (have_dex2oat_Xms_flag) { 320 sprintf(dex2oat_Xms_arg, "-Xms%s", dex2oat_Xms_flag); 321 } 322 if (have_dex2oat_Xmx_flag) { 323 sprintf(dex2oat_Xmx_arg, "-Xmx%s", dex2oat_Xmx_flag); 324 } 325 326 // Compute compiler filter. 327 328 bool have_dex2oat_compiler_filter_flag = false; 329 if (skip_compilation) { 330 strcpy(dex2oat_compiler_filter_arg, "--compiler-filter=extract"); 331 have_dex2oat_compiler_filter_flag = true; 332 have_dex2oat_relocation_skip_flag = true; 333 } else if (compiler_filter != nullptr) { 334 if (strlen(compiler_filter) + strlen("--compiler-filter=") < 335 arraysize(dex2oat_compiler_filter_arg)) { 336 sprintf(dex2oat_compiler_filter_arg, "--compiler-filter=%s", compiler_filter); 337 have_dex2oat_compiler_filter_flag = true; 338 } else { 339 ALOGW("Compiler filter name '%s' is too large (max characters is %zu)", 340 compiler_filter, 341 kPropertyValueMax); 342 } 343 } 344 345 if (!have_dex2oat_compiler_filter_flag) { 346 char dex2oat_compiler_filter_flag[kPropertyValueMax]; 347 have_dex2oat_compiler_filter_flag = get_property("dalvik.vm.dex2oat-filter", 348 dex2oat_compiler_filter_flag, NULL) > 0; 349 if (have_dex2oat_compiler_filter_flag) { 350 sprintf(dex2oat_compiler_filter_arg, 351 "--compiler-filter=%s", 352 dex2oat_compiler_filter_flag); 353 } 354 } 355 356 // Check whether all apps should be compiled debuggable. 357 if (!debuggable) { 358 char prop_buf[kPropertyValueMax]; 359 debuggable = 360 (get_property("dalvik.vm.always_debuggable", prop_buf, "0") > 0) && 361 (prop_buf[0] == '1'); 362 } 363 char profile_arg[strlen("--profile-file-fd=") + MAX_INT_LEN]; 364 if (profile_fd != -1) { 365 sprintf(profile_arg, "--profile-file-fd=%d", profile_fd); 366 } 367 368 // Get the directory of the apk to pass as a base classpath directory. 369 char base_dir[arraysize("--classpath-dir=") + PKG_PATH_MAX]; 370 std::string apk_dir(input_file_name); 371 unsigned long dir_index = apk_dir.rfind('/'); 372 bool has_base_dir = dir_index != std::string::npos; 373 if (has_base_dir) { 374 apk_dir = apk_dir.substr(0, dir_index); 375 sprintf(base_dir, "--classpath-dir=%s", apk_dir.c_str()); 376 } 377 378 379 ALOGV("Running %s in=%s out=%s\n", DEX2OAT_BIN, relative_input_file_name, output_file_name); 380 381 const char* argv[9 // program name, mandatory arguments and the final NULL 382 + (have_dex2oat_isa_variant ? 1 : 0) 383 + (have_dex2oat_isa_features ? 1 : 0) 384 + (have_dex2oat_Xms_flag ? 2 : 0) 385 + (have_dex2oat_Xmx_flag ? 2 : 0) 386 + (have_dex2oat_compiler_filter_flag ? 1 : 0) 387 + (have_dex2oat_threads_flag ? 1 : 0) 388 + (have_dex2oat_swap_fd ? 1 : 0) 389 + (have_dex2oat_image_fd ? 1 : 0) 390 + (have_dex2oat_relocation_skip_flag ? 2 : 0) 391 + (generate_debug_info ? 1 : 0) 392 + (debuggable ? 1 : 0) 393 + (have_app_image_format ? 1 : 0) 394 + dex2oat_flags_count 395 + (profile_fd == -1 ? 0 : 1) 396 + (class_loader_context != nullptr ? 1 : 0) 397 + (has_base_dir ? 1 : 0) 398 + (have_dex2oat_large_app_threshold ? 1 : 0)]; 399 int i = 0; 400 argv[i++] = DEX2OAT_BIN; 401 argv[i++] = zip_fd_arg; 402 argv[i++] = zip_location_arg; 403 argv[i++] = input_vdex_fd_arg; 404 argv[i++] = output_vdex_fd_arg; 405 argv[i++] = oat_fd_arg; 406 argv[i++] = oat_location_arg; 407 argv[i++] = instruction_set_arg; 408 if (have_dex2oat_isa_variant) { 409 argv[i++] = instruction_set_variant_arg; 410 } 411 if (have_dex2oat_isa_features) { 412 argv[i++] = instruction_set_features_arg; 413 } 414 if (have_dex2oat_Xms_flag) { 415 argv[i++] = RUNTIME_ARG; 416 argv[i++] = dex2oat_Xms_arg; 417 } 418 if (have_dex2oat_Xmx_flag) { 419 argv[i++] = RUNTIME_ARG; 420 argv[i++] = dex2oat_Xmx_arg; 421 } 422 if (have_dex2oat_compiler_filter_flag) { 423 argv[i++] = dex2oat_compiler_filter_arg; 424 } 425 if (have_dex2oat_threads_flag) { 426 argv[i++] = dex2oat_threads_arg; 427 } 428 if (have_dex2oat_swap_fd) { 429 argv[i++] = dex2oat_swap_fd; 430 } 431 if (have_dex2oat_image_fd) { 432 argv[i++] = dex2oat_image_fd; 433 } 434 if (generate_debug_info) { 435 argv[i++] = "--generate-debug-info"; 436 } 437 if (debuggable) { 438 argv[i++] = "--debuggable"; 439 } 440 if (have_app_image_format) { 441 argv[i++] = image_format_arg; 442 } 443 if (have_dex2oat_large_app_threshold) { 444 argv[i++] = dex2oat_large_app_threshold_arg; 445 } 446 if (dex2oat_flags_count) { 447 i += split(dex2oat_flags, argv + i); 448 } 449 if (have_dex2oat_relocation_skip_flag) { 450 argv[i++] = RUNTIME_ARG; 451 argv[i++] = dex2oat_norelocation; 452 } 453 if (profile_fd != -1) { 454 argv[i++] = profile_arg; 455 } 456 if (has_base_dir) { 457 argv[i++] = base_dir; 458 } 459 if (class_loader_context != nullptr) { 460 argv[i++] = class_loader_context_arg; 461 } 462 463 // Do not add after dex2oat_flags, they should override others for debugging. 464 argv[i] = NULL; 465 466 execv(DEX2OAT_BIN, (char * const *)argv); 467 ALOGE("execv(%s) failed: %s\n", DEX2OAT_BIN, strerror(errno)); 468 } 469 470 /* 471 * Whether dexopt should use a swap file when compiling an APK. 472 * 473 * If kAlwaysProvideSwapFile, do this on all devices (dex2oat will make a more informed decision 474 * itself, anyways). 475 * 476 * Otherwise, read "dalvik.vm.dex2oat-swap". If the property exists, return whether it is "true". 477 * 478 * Otherwise, return true if this is a low-mem device. 479 * 480 * Otherwise, return default value. 481 */ 482 static bool kAlwaysProvideSwapFile = false; 483 static bool kDefaultProvideSwapFile = true; 484 485 static bool ShouldUseSwapFileForDexopt() { 486 if (kAlwaysProvideSwapFile) { 487 return true; 488 } 489 490 // Check the "override" property. If it exists, return value == "true". 491 char dex2oat_prop_buf[kPropertyValueMax]; 492 if (get_property("dalvik.vm.dex2oat-swap", dex2oat_prop_buf, "") > 0) { 493 if (strcmp(dex2oat_prop_buf, "true") == 0) { 494 return true; 495 } else { 496 return false; 497 } 498 } 499 500 // Shortcut for default value. This is an implementation optimization for the process sketched 501 // above. If the default value is true, we can avoid to check whether this is a low-mem device, 502 // as low-mem is never returning false. The compiler will optimize this away if it can. 503 if (kDefaultProvideSwapFile) { 504 return true; 505 } 506 507 bool is_low_mem = property_get_bool("ro.config.low_ram", false); 508 if (is_low_mem) { 509 return true; 510 } 511 512 // Default value must be false here. 513 return kDefaultProvideSwapFile; 514 } 515 516 static void SetDex2OatScheduling(bool set_to_bg) { 517 if (set_to_bg) { 518 if (set_sched_policy(0, SP_BACKGROUND) < 0) { 519 ALOGE("set_sched_policy failed: %s\n", strerror(errno)); 520 exit(70); 521 } 522 if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) { 523 ALOGE("setpriority failed: %s\n", strerror(errno)); 524 exit(71); 525 } 526 } 527 } 528 529 static bool create_profile(int uid, const std::string& profile) { 530 unique_fd fd(TEMP_FAILURE_RETRY(open(profile.c_str(), O_CREAT | O_NOFOLLOW, 0600))); 531 if (fd.get() < 0) { 532 if (errno == EEXIST) { 533 return true; 534 } else { 535 PLOG(ERROR) << "Failed to create profile " << profile; 536 return false; 537 } 538 } 539 // Profiles should belong to the app; make sure of that by giving ownership to 540 // the app uid. If we cannot do that, there's no point in returning the fd 541 // since dex2oat/profman will fail with SElinux denials. 542 if (fchown(fd.get(), uid, uid) < 0) { 543 PLOG(ERROR) << "Could not chwon profile " << profile; 544 return false; 545 } 546 return true; 547 } 548 549 static unique_fd open_profile(int uid, const std::string& profile, bool read_write) { 550 // Check if we need to open the profile for a read-write operation. If so, we 551 // might need to create the profile since the file might not be there. Reference 552 // profiles are created on the fly so they might not exist beforehand. 553 if (read_write) { 554 if (!create_profile(uid, profile)) { 555 return invalid_unique_fd(); 556 } 557 } 558 int flags = read_write ? O_RDWR : O_RDONLY; 559 // Do not follow symlinks when opening a profile: 560 // - primary profiles should not contain symlinks in their paths 561 // - secondary dex paths should have been already resolved and validated 562 flags |= O_NOFOLLOW; 563 564 unique_fd fd(TEMP_FAILURE_RETRY(open(profile.c_str(), flags))); 565 if (fd.get() < 0) { 566 if (errno != ENOENT) { 567 // Profiles might be missing for various reasons. For example, in a 568 // multi-user environment, the profile directory for one user can be created 569 // after we start a merge. In this case the current profile for that user 570 // will not be found. 571 // Also, the secondary dex profiles might be deleted by the app at any time, 572 // so we can't we need to prepare if they are missing. 573 PLOG(ERROR) << "Failed to open profile " << profile; 574 } 575 return invalid_unique_fd(); 576 } 577 578 return fd; 579 } 580 581 static unique_fd open_current_profile(uid_t uid, userid_t user, const std::string& location, 582 bool is_secondary_dex) { 583 std::string profile = create_current_profile_path(user, location, is_secondary_dex); 584 return open_profile(uid, profile, /*read_write*/false); 585 } 586 587 static unique_fd open_reference_profile(uid_t uid, const std::string& location, bool read_write, 588 bool is_secondary_dex) { 589 std::string profile = create_reference_profile_path(location, is_secondary_dex); 590 return open_profile(uid, profile, read_write); 591 } 592 593 static void open_profile_files(uid_t uid, const std::string& location, bool is_secondary_dex, 594 /*out*/ std::vector<unique_fd>* profiles_fd, /*out*/ unique_fd* reference_profile_fd) { 595 // Open the reference profile in read-write mode as profman might need to save the merge. 596 *reference_profile_fd = open_reference_profile(uid, location, /*read_write*/ true, 597 is_secondary_dex); 598 599 // For secondary dex files, we don't really need the user but we use it for sanity checks. 600 // Note: the user owning the dex file should be the current user. 601 std::vector<userid_t> users; 602 if (is_secondary_dex){ 603 users.push_back(multiuser_get_user_id(uid)); 604 } else { 605 users = get_known_users(/*volume_uuid*/ nullptr); 606 } 607 for (auto user : users) { 608 unique_fd profile_fd = open_current_profile(uid, user, location, is_secondary_dex); 609 // Add to the lists only if both fds are valid. 610 if (profile_fd.get() >= 0) { 611 profiles_fd->push_back(std::move(profile_fd)); 612 } 613 } 614 } 615 616 static void drop_capabilities(uid_t uid) { 617 if (setgid(uid) != 0) { 618 ALOGE("setgid(%d) failed in installd during dexopt\n", uid); 619 exit(64); 620 } 621 if (setuid(uid) != 0) { 622 ALOGE("setuid(%d) failed in installd during dexopt\n", uid); 623 exit(65); 624 } 625 // drop capabilities 626 struct __user_cap_header_struct capheader; 627 struct __user_cap_data_struct capdata[2]; 628 memset(&capheader, 0, sizeof(capheader)); 629 memset(&capdata, 0, sizeof(capdata)); 630 capheader.version = _LINUX_CAPABILITY_VERSION_3; 631 if (capset(&capheader, &capdata[0]) < 0) { 632 ALOGE("capset failed: %s\n", strerror(errno)); 633 exit(66); 634 } 635 } 636 637 static constexpr int PROFMAN_BIN_RETURN_CODE_COMPILE = 0; 638 static constexpr int PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION = 1; 639 static constexpr int PROFMAN_BIN_RETURN_CODE_BAD_PROFILES = 2; 640 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_IO = 3; 641 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING = 4; 642 643 static void run_profman_merge(const std::vector<unique_fd>& profiles_fd, 644 const unique_fd& reference_profile_fd) { 645 static const size_t MAX_INT_LEN = 32; 646 static const char* PROFMAN_BIN = "/system/bin/profman"; 647 648 std::vector<std::string> profile_args(profiles_fd.size()); 649 char profile_buf[strlen("--profile-file-fd=") + MAX_INT_LEN]; 650 for (size_t k = 0; k < profiles_fd.size(); k++) { 651 sprintf(profile_buf, "--profile-file-fd=%d", profiles_fd[k].get()); 652 profile_args[k].assign(profile_buf); 653 } 654 char reference_profile_arg[strlen("--reference-profile-file-fd=") + MAX_INT_LEN]; 655 sprintf(reference_profile_arg, "--reference-profile-file-fd=%d", reference_profile_fd.get()); 656 657 // program name, reference profile fd, the final NULL and the profile fds 658 const char* argv[3 + profiles_fd.size()]; 659 int i = 0; 660 argv[i++] = PROFMAN_BIN; 661 argv[i++] = reference_profile_arg; 662 for (size_t k = 0; k < profile_args.size(); k++) { 663 argv[i++] = profile_args[k].c_str(); 664 } 665 // Do not add after dex2oat_flags, they should override others for debugging. 666 argv[i] = NULL; 667 668 execv(PROFMAN_BIN, (char * const *)argv); 669 ALOGE("execv(%s) failed: %s\n", PROFMAN_BIN, strerror(errno)); 670 exit(68); /* only get here on exec failure */ 671 } 672 673 // Decides if profile guided compilation is needed or not based on existing profiles. 674 // The location is the package name for primary apks or the dex path for secondary dex files. 675 // Returns true if there is enough information in the current profiles that makes it 676 // worth to recompile the given location. 677 // If the return value is true all the current profiles would have been merged into 678 // the reference profiles accessible with open_reference_profile(). 679 static bool analyze_profiles(uid_t uid, const std::string& location, bool is_secondary_dex) { 680 std::vector<unique_fd> profiles_fd; 681 unique_fd reference_profile_fd; 682 open_profile_files(uid, location, is_secondary_dex, &profiles_fd, &reference_profile_fd); 683 if (profiles_fd.empty() || (reference_profile_fd.get() < 0)) { 684 // Skip profile guided compilation because no profiles were found. 685 // Or if the reference profile info couldn't be opened. 686 return false; 687 } 688 689 pid_t pid = fork(); 690 if (pid == 0) { 691 /* child -- drop privileges before continuing */ 692 drop_capabilities(uid); 693 run_profman_merge(profiles_fd, reference_profile_fd); 694 exit(68); /* only get here on exec failure */ 695 } 696 /* parent */ 697 int return_code = wait_child(pid); 698 bool need_to_compile = false; 699 bool should_clear_current_profiles = false; 700 bool should_clear_reference_profile = false; 701 if (!WIFEXITED(return_code)) { 702 LOG(WARNING) << "profman failed for location " << location << ": " << return_code; 703 } else { 704 return_code = WEXITSTATUS(return_code); 705 switch (return_code) { 706 case PROFMAN_BIN_RETURN_CODE_COMPILE: 707 need_to_compile = true; 708 should_clear_current_profiles = true; 709 should_clear_reference_profile = false; 710 break; 711 case PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION: 712 need_to_compile = false; 713 should_clear_current_profiles = false; 714 should_clear_reference_profile = false; 715 break; 716 case PROFMAN_BIN_RETURN_CODE_BAD_PROFILES: 717 LOG(WARNING) << "Bad profiles for location " << location; 718 need_to_compile = false; 719 should_clear_current_profiles = true; 720 should_clear_reference_profile = true; 721 break; 722 case PROFMAN_BIN_RETURN_CODE_ERROR_IO: // fall-through 723 case PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING: 724 // Temporary IO problem (e.g. locking). Ignore but log a warning. 725 LOG(WARNING) << "IO error while reading profiles for location " << location; 726 need_to_compile = false; 727 should_clear_current_profiles = false; 728 should_clear_reference_profile = false; 729 break; 730 default: 731 // Unknown return code or error. Unlink profiles. 732 LOG(WARNING) << "Unknown error code while processing profiles for location " 733 << location << ": " << return_code; 734 need_to_compile = false; 735 should_clear_current_profiles = true; 736 should_clear_reference_profile = true; 737 break; 738 } 739 } 740 741 if (should_clear_current_profiles) { 742 if (is_secondary_dex) { 743 // For secondary dex files, the owning user is the current user. 744 clear_current_profile(location, multiuser_get_user_id(uid), is_secondary_dex); 745 } else { 746 clear_primary_current_profiles(location); 747 } 748 } 749 if (should_clear_reference_profile) { 750 clear_reference_profile(location, is_secondary_dex); 751 } 752 return need_to_compile; 753 } 754 755 // Decides if profile guided compilation is needed or not based on existing profiles. 756 // The analysis is done for the primary apks of the given package. 757 // Returns true if there is enough information in the current profiles that makes it 758 // worth to recompile the package. 759 // If the return value is true all the current profiles would have been merged into 760 // the reference profiles accessible with open_reference_profile(). 761 bool analyze_primary_profiles(uid_t uid, const std::string& pkgname) { 762 return analyze_profiles(uid, pkgname, /*is_secondary_dex*/false); 763 } 764 765 static void run_profman_dump(const std::vector<unique_fd>& profile_fds, 766 const unique_fd& reference_profile_fd, 767 const std::vector<std::string>& dex_locations, 768 const std::vector<unique_fd>& apk_fds, 769 const unique_fd& output_fd) { 770 std::vector<std::string> profman_args; 771 static const char* PROFMAN_BIN = "/system/bin/profman"; 772 profman_args.push_back(PROFMAN_BIN); 773 profman_args.push_back("--dump-only"); 774 profman_args.push_back(StringPrintf("--dump-output-to-fd=%d", output_fd.get())); 775 if (reference_profile_fd != -1) { 776 profman_args.push_back(StringPrintf("--reference-profile-file-fd=%d", 777 reference_profile_fd.get())); 778 } 779 for (size_t i = 0; i < profile_fds.size(); i++) { 780 profman_args.push_back(StringPrintf("--profile-file-fd=%d", profile_fds[i].get())); 781 } 782 for (const std::string& dex_location : dex_locations) { 783 profman_args.push_back(StringPrintf("--dex-location=%s", dex_location.c_str())); 784 } 785 for (size_t i = 0; i < apk_fds.size(); i++) { 786 profman_args.push_back(StringPrintf("--apk-fd=%d", apk_fds[i].get())); 787 } 788 const char **argv = new const char*[profman_args.size() + 1]; 789 size_t i = 0; 790 for (const std::string& profman_arg : profman_args) { 791 argv[i++] = profman_arg.c_str(); 792 } 793 argv[i] = NULL; 794 795 execv(PROFMAN_BIN, (char * const *)argv); 796 ALOGE("execv(%s) failed: %s\n", PROFMAN_BIN, strerror(errno)); 797 exit(68); /* only get here on exec failure */ 798 } 799 800 bool dump_profiles(int32_t uid, const std::string& pkgname, const char* code_paths) { 801 std::vector<unique_fd> profile_fds; 802 unique_fd reference_profile_fd; 803 std::string out_file_name = StringPrintf("/data/misc/profman/%s.txt", pkgname.c_str()); 804 805 open_profile_files(uid, pkgname, /*is_secondary_dex*/false, 806 &profile_fds, &reference_profile_fd); 807 808 const bool has_reference_profile = (reference_profile_fd.get() != -1); 809 const bool has_profiles = !profile_fds.empty(); 810 811 if (!has_reference_profile && !has_profiles) { 812 LOG(ERROR) << "profman dump: no profiles to dump for " << pkgname; 813 return false; 814 } 815 816 unique_fd output_fd(open(out_file_name.c_str(), 817 O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, 0644)); 818 if (fchmod(output_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) { 819 ALOGE("installd cannot chmod '%s' dump_profile\n", out_file_name.c_str()); 820 return false; 821 } 822 std::vector<std::string> code_full_paths = base::Split(code_paths, ";"); 823 std::vector<std::string> dex_locations; 824 std::vector<unique_fd> apk_fds; 825 for (const std::string& code_full_path : code_full_paths) { 826 const char* full_path = code_full_path.c_str(); 827 unique_fd apk_fd(open(full_path, O_RDONLY | O_NOFOLLOW)); 828 if (apk_fd == -1) { 829 ALOGE("installd cannot open '%s'\n", full_path); 830 return false; 831 } 832 dex_locations.push_back(get_location_from_path(full_path)); 833 apk_fds.push_back(std::move(apk_fd)); 834 } 835 836 pid_t pid = fork(); 837 if (pid == 0) { 838 /* child -- drop privileges before continuing */ 839 drop_capabilities(uid); 840 run_profman_dump(profile_fds, reference_profile_fd, dex_locations, 841 apk_fds, output_fd); 842 exit(68); /* only get here on exec failure */ 843 } 844 /* parent */ 845 int return_code = wait_child(pid); 846 if (!WIFEXITED(return_code)) { 847 LOG(WARNING) << "profman failed for package " << pkgname << ": " 848 << return_code; 849 return false; 850 } 851 return true; 852 } 853 854 bool copy_system_profile(const std::string& system_profile, 855 uid_t packageUid, const std::string& data_profile_location) { 856 unique_fd in_fd(open(system_profile.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC)); 857 unique_fd out_fd(open_reference_profile(packageUid, 858 data_profile_location, 859 /*read_write*/ true, 860 /*secondary*/ false)); 861 if (in_fd.get() < 0) { 862 PLOG(WARNING) << "Could not open profile " << system_profile; 863 return false; 864 } 865 if (out_fd.get() < 0) { 866 PLOG(WARNING) << "Could not open profile " << data_profile_location; 867 return false; 868 } 869 870 // As a security measure we want to write the profile information with the reduced capabilities 871 // of the package user id. So we fork and drop capabilities in the child. 872 pid_t pid = fork(); 873 if (pid == 0) { 874 /* child -- drop privileges before continuing */ 875 drop_capabilities(packageUid); 876 877 if (flock(out_fd.get(), LOCK_EX | LOCK_NB) != 0) { 878 if (errno != EWOULDBLOCK) { 879 PLOG(WARNING) << "Error locking profile " << data_profile_location; 880 } 881 // This implies that the app owning this profile is running 882 // (and has acquired the lock). 883 // 884 // The app never acquires the lock for the reference profiles of primary apks. 885 // Only dex2oat from installd will do that. Since installd is single threaded 886 // we should not see this case. Nevertheless be prepared for it. 887 PLOG(WARNING) << "Failed to flock " << data_profile_location; 888 return false; 889 } 890 891 bool truncated = ftruncate(out_fd.get(), 0) == 0; 892 if (!truncated) { 893 PLOG(WARNING) << "Could not truncate " << data_profile_location; 894 } 895 896 // Copy over data. 897 static constexpr size_t kBufferSize = 4 * 1024; 898 char buffer[kBufferSize]; 899 while (true) { 900 ssize_t bytes = read(in_fd.get(), buffer, kBufferSize); 901 if (bytes == 0) { 902 break; 903 } 904 write(out_fd.get(), buffer, bytes); 905 } 906 if (flock(out_fd.get(), LOCK_UN) != 0) { 907 PLOG(WARNING) << "Error unlocking profile " << data_profile_location; 908 } 909 // Use _exit since we don't want to run the global destructors in the child. 910 // b/62597429 911 _exit(0); 912 } 913 /* parent */ 914 int return_code = wait_child(pid); 915 return return_code == 0; 916 } 917 918 static std::string replace_file_extension(const std::string& oat_path, const std::string& new_ext) { 919 // A standard dalvik-cache entry. Replace ".dex" with `new_ext`. 920 if (EndsWith(oat_path, ".dex")) { 921 std::string new_path = oat_path; 922 new_path.replace(new_path.length() - strlen(".dex"), strlen(".dex"), new_ext); 923 CHECK(EndsWith(new_path, new_ext.c_str())); 924 return new_path; 925 } 926 927 // An odex entry. Not that this may not be an extension, e.g., in the OTA 928 // case (where the base name will have an extension for the B artifact). 929 size_t odex_pos = oat_path.rfind(".odex"); 930 if (odex_pos != std::string::npos) { 931 std::string new_path = oat_path; 932 new_path.replace(odex_pos, strlen(".odex"), new_ext); 933 CHECK_NE(new_path.find(new_ext), std::string::npos); 934 return new_path; 935 } 936 937 // Don't know how to handle this. 938 return ""; 939 } 940 941 // Translate the given oat path to an art (app image) path. An empty string 942 // denotes an error. 943 static std::string create_image_filename(const std::string& oat_path) { 944 return replace_file_extension(oat_path, ".art"); 945 } 946 947 // Translate the given oat path to a vdex path. An empty string denotes an error. 948 static std::string create_vdex_filename(const std::string& oat_path) { 949 return replace_file_extension(oat_path, ".vdex"); 950 } 951 952 static bool add_extension_to_file_name(char* file_name, const char* extension) { 953 if (strlen(file_name) + strlen(extension) + 1 > PKG_PATH_MAX) { 954 return false; 955 } 956 strcat(file_name, extension); 957 return true; 958 } 959 960 static int open_output_file(const char* file_name, bool recreate, int permissions) { 961 int flags = O_RDWR | O_CREAT; 962 if (recreate) { 963 if (unlink(file_name) < 0) { 964 if (errno != ENOENT) { 965 PLOG(ERROR) << "open_output_file: Couldn't unlink " << file_name; 966 } 967 } 968 flags |= O_EXCL; 969 } 970 return open(file_name, flags, permissions); 971 } 972 973 static bool set_permissions_and_ownership( 974 int fd, bool is_public, int uid, const char* path, bool is_secondary_dex) { 975 // Primary apks are owned by the system. Secondary dex files are owned by the app. 976 int owning_uid = is_secondary_dex ? uid : AID_SYSTEM; 977 if (fchmod(fd, 978 S_IRUSR|S_IWUSR|S_IRGRP | 979 (is_public ? S_IROTH : 0)) < 0) { 980 ALOGE("installd cannot chmod '%s' during dexopt\n", path); 981 return false; 982 } else if (fchown(fd, owning_uid, uid) < 0) { 983 ALOGE("installd cannot chown '%s' during dexopt\n", path); 984 return false; 985 } 986 return true; 987 } 988 989 static bool IsOutputDalvikCache(const char* oat_dir) { 990 // InstallerConnection.java (which invokes installd) transforms Java null arguments 991 // into '!'. Play it safe by handling it both. 992 // TODO: ensure we never get null. 993 // TODO: pass a flag instead of inferring if the output is dalvik cache. 994 return oat_dir == nullptr || oat_dir[0] == '!'; 995 } 996 997 // Best-effort check whether we can fit the the path into our buffers. 998 // Note: the cache path will require an additional 5 bytes for ".swap", but we'll try to run 999 // without a swap file, if necessary. Reference profiles file also add an extra ".prof" 1000 // extension to the cache path (5 bytes). 1001 // TODO(calin): move away from char* buffers and PKG_PATH_MAX. 1002 static bool validate_dex_path_size(const std::string& dex_path) { 1003 if (dex_path.size() >= (PKG_PATH_MAX - 8)) { 1004 LOG(ERROR) << "dex_path too long: " << dex_path; 1005 return false; 1006 } 1007 return true; 1008 } 1009 1010 static bool create_oat_out_path(const char* apk_path, const char* instruction_set, 1011 const char* oat_dir, bool is_secondary_dex, /*out*/ char* out_oat_path) { 1012 if (!validate_dex_path_size(apk_path)) { 1013 return false; 1014 } 1015 1016 if (!IsOutputDalvikCache(oat_dir)) { 1017 // Oat dirs for secondary dex files are already validated. 1018 if (!is_secondary_dex && validate_apk_path(oat_dir)) { 1019 ALOGE("cannot validate apk path with oat_dir '%s'\n", oat_dir); 1020 return false; 1021 } 1022 if (!calculate_oat_file_path(out_oat_path, oat_dir, apk_path, instruction_set)) { 1023 return false; 1024 } 1025 } else { 1026 if (!create_cache_path(out_oat_path, apk_path, instruction_set)) { 1027 return false; 1028 } 1029 } 1030 return true; 1031 } 1032 1033 // Helper for fd management. This is similar to a unique_fd in that it closes the file descriptor 1034 // on destruction. It will also run the given cleanup (unless told not to) after closing. 1035 // 1036 // Usage example: 1037 // 1038 // Dex2oatFileWrapper file(open(...), 1039 // [name]() { 1040 // unlink(name.c_str()); 1041 // }); 1042 // // Note: care needs to be taken about name, as it needs to have a lifetime longer than the 1043 // wrapper if captured as a reference. 1044 // 1045 // if (file.get() == -1) { 1046 // // Error opening... 1047 // } 1048 // 1049 // ... 1050 // if (error) { 1051 // // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will run 1052 // // and delete the file (after the fd is closed). 1053 // return -1; 1054 // } 1055 // 1056 // (Success case) 1057 // file.SetCleanup(false); 1058 // // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will not run 1059 // // (leaving the file around; after the fd is closed). 1060 // 1061 class Dex2oatFileWrapper { 1062 public: 1063 Dex2oatFileWrapper() : value_(-1), cleanup_(), do_cleanup_(true), auto_close_(true) { 1064 } 1065 1066 Dex2oatFileWrapper(int value, std::function<void ()> cleanup) 1067 : value_(value), cleanup_(cleanup), do_cleanup_(true), auto_close_(true) {} 1068 1069 Dex2oatFileWrapper(Dex2oatFileWrapper&& other) { 1070 value_ = other.value_; 1071 cleanup_ = other.cleanup_; 1072 do_cleanup_ = other.do_cleanup_; 1073 auto_close_ = other.auto_close_; 1074 other.release(); 1075 } 1076 1077 Dex2oatFileWrapper& operator=(Dex2oatFileWrapper&& other) { 1078 value_ = other.value_; 1079 cleanup_ = other.cleanup_; 1080 do_cleanup_ = other.do_cleanup_; 1081 auto_close_ = other.auto_close_; 1082 other.release(); 1083 return *this; 1084 } 1085 1086 ~Dex2oatFileWrapper() { 1087 reset(-1); 1088 } 1089 1090 int get() { 1091 return value_; 1092 } 1093 1094 void SetCleanup(bool cleanup) { 1095 do_cleanup_ = cleanup; 1096 } 1097 1098 void reset(int new_value) { 1099 if (auto_close_ && value_ >= 0) { 1100 close(value_); 1101 } 1102 if (do_cleanup_ && cleanup_ != nullptr) { 1103 cleanup_(); 1104 } 1105 1106 value_ = new_value; 1107 } 1108 1109 void reset(int new_value, std::function<void ()> new_cleanup) { 1110 if (auto_close_ && value_ >= 0) { 1111 close(value_); 1112 } 1113 if (do_cleanup_ && cleanup_ != nullptr) { 1114 cleanup_(); 1115 } 1116 1117 value_ = new_value; 1118 cleanup_ = new_cleanup; 1119 } 1120 1121 void DisableAutoClose() { 1122 auto_close_ = false; 1123 } 1124 1125 private: 1126 void release() { 1127 value_ = -1; 1128 do_cleanup_ = false; 1129 cleanup_ = nullptr; 1130 } 1131 int value_; 1132 std::function<void ()> cleanup_; 1133 bool do_cleanup_; 1134 bool auto_close_; 1135 }; 1136 1137 // (re)Creates the app image if needed. 1138 Dex2oatFileWrapper maybe_open_app_image(const char* out_oat_path, bool profile_guided, 1139 bool is_public, int uid, bool is_secondary_dex) { 1140 1141 // We don't create an image for secondary dex files. 1142 if (is_secondary_dex) { 1143 return Dex2oatFileWrapper(); 1144 } 1145 1146 const std::string image_path = create_image_filename(out_oat_path); 1147 if (image_path.empty()) { 1148 // Happens when the out_oat_path has an unknown extension. 1149 return Dex2oatFileWrapper(); 1150 } 1151 1152 // Use app images only if it is enabled (by a set image format) and we are compiling 1153 // profile-guided (so the app image doesn't conservatively contain all classes). 1154 if (!profile_guided) { 1155 // In case there is a stale image, remove it now. Ignore any error. 1156 unlink(image_path.c_str()); 1157 return Dex2oatFileWrapper(); 1158 } 1159 char app_image_format[kPropertyValueMax]; 1160 bool have_app_image_format = 1161 get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0; 1162 if (!have_app_image_format) { 1163 return Dex2oatFileWrapper(); 1164 } 1165 // Recreate is true since we do not want to modify a mapped image. If the app is 1166 // already running and we modify the image file, it can cause crashes (b/27493510). 1167 Dex2oatFileWrapper wrapper_fd( 1168 open_output_file(image_path.c_str(), true /*recreate*/, 0600 /*permissions*/), 1169 [image_path]() { unlink(image_path.c_str()); }); 1170 if (wrapper_fd.get() < 0) { 1171 // Could not create application image file. Go on since we can compile without it. 1172 LOG(ERROR) << "installd could not create '" << image_path 1173 << "' for image file during dexopt"; 1174 // If we have a valid image file path but no image fd, explicitly erase the image file. 1175 if (unlink(image_path.c_str()) < 0) { 1176 if (errno != ENOENT) { 1177 PLOG(ERROR) << "Couldn't unlink image file " << image_path; 1178 } 1179 } 1180 } else if (!set_permissions_and_ownership( 1181 wrapper_fd.get(), is_public, uid, image_path.c_str(), is_secondary_dex)) { 1182 ALOGE("installd cannot set owner '%s' for image during dexopt\n", image_path.c_str()); 1183 wrapper_fd.reset(-1); 1184 } 1185 1186 return wrapper_fd; 1187 } 1188 1189 // Creates the dexopt swap file if necessary and return its fd. 1190 // Returns -1 if there's no need for a swap or in case of errors. 1191 unique_fd maybe_open_dexopt_swap_file(const char* out_oat_path) { 1192 if (!ShouldUseSwapFileForDexopt()) { 1193 return invalid_unique_fd(); 1194 } 1195 // Make sure there really is enough space. 1196 char swap_file_name[PKG_PATH_MAX]; 1197 strcpy(swap_file_name, out_oat_path); 1198 if (!add_extension_to_file_name(swap_file_name, ".swap")) { 1199 return invalid_unique_fd(); 1200 } 1201 unique_fd swap_fd(open_output_file( 1202 swap_file_name, /*recreate*/true, /*permissions*/0600)); 1203 if (swap_fd.get() < 0) { 1204 // Could not create swap file. Optimistically go on and hope that we can compile 1205 // without it. 1206 ALOGE("installd could not create '%s' for swap during dexopt\n", swap_file_name); 1207 } else { 1208 // Immediately unlink. We don't really want to hit flash. 1209 if (unlink(swap_file_name) < 0) { 1210 PLOG(ERROR) << "Couldn't unlink swap file " << swap_file_name; 1211 } 1212 } 1213 return swap_fd; 1214 } 1215 1216 // Opens the reference profiles if needed. 1217 // Note that the reference profile might not exist so it's OK if the fd will be -1. 1218 Dex2oatFileWrapper maybe_open_reference_profile(const std::string& pkgname, 1219 const std::string& dex_path, bool profile_guided, bool is_public, int uid, 1220 bool is_secondary_dex) { 1221 // Public apps should not be compiled with profile information ever. Same goes for the special 1222 // package '*' used for the system server. 1223 if (!profile_guided || is_public || (pkgname[0] == '*')) { 1224 return Dex2oatFileWrapper(); 1225 } 1226 1227 // Open reference profile in read only mode as dex2oat does not get write permissions. 1228 const std::string location = is_secondary_dex ? dex_path : pkgname; 1229 unique_fd ufd = open_reference_profile(uid, location, /*read_write*/false, is_secondary_dex); 1230 const auto& cleanup = [location, is_secondary_dex]() { 1231 clear_reference_profile(location.c_str(), is_secondary_dex); 1232 }; 1233 return Dex2oatFileWrapper(ufd.release(), cleanup); 1234 } 1235 1236 // Opens the vdex files and assigns the input fd to in_vdex_wrapper_fd and the output fd to 1237 // out_vdex_wrapper_fd. Returns true for success or false in case of errors. 1238 bool open_vdex_files(const char* apk_path, const char* out_oat_path, int dexopt_needed, 1239 const char* instruction_set, bool is_public, int uid, bool is_secondary_dex, 1240 bool profile_guided, Dex2oatFileWrapper* in_vdex_wrapper_fd, 1241 Dex2oatFileWrapper* out_vdex_wrapper_fd) { 1242 CHECK(in_vdex_wrapper_fd != nullptr); 1243 CHECK(out_vdex_wrapper_fd != nullptr); 1244 // Open the existing VDEX. We do this before creating the new output VDEX, which will 1245 // unlink the old one. 1246 char in_odex_path[PKG_PATH_MAX]; 1247 int dexopt_action = abs(dexopt_needed); 1248 bool is_odex_location = dexopt_needed < 0; 1249 std::string in_vdex_path_str; 1250 1251 // Infer the name of the output VDEX. 1252 const std::string out_vdex_path_str = create_vdex_filename(out_oat_path); 1253 if (out_vdex_path_str.empty()) { 1254 return false; 1255 } 1256 1257 bool update_vdex_in_place = false; 1258 if (dexopt_action != DEX2OAT_FROM_SCRATCH) { 1259 // Open the possibly existing vdex. If none exist, we pass -1 to dex2oat for input-vdex-fd. 1260 const char* path = nullptr; 1261 if (is_odex_location) { 1262 if (calculate_odex_file_path(in_odex_path, apk_path, instruction_set)) { 1263 path = in_odex_path; 1264 } else { 1265 ALOGE("installd cannot compute input vdex location for '%s'\n", apk_path); 1266 return false; 1267 } 1268 } else { 1269 path = out_oat_path; 1270 } 1271 in_vdex_path_str = create_vdex_filename(path); 1272 if (in_vdex_path_str.empty()) { 1273 ALOGE("installd cannot compute input vdex location for '%s'\n", path); 1274 return false; 1275 } 1276 // We can update in place when all these conditions are met: 1277 // 1) The vdex location to write to is the same as the vdex location to read (vdex files 1278 // on /system typically cannot be updated in place). 1279 // 2) We dex2oat due to boot image change, because we then know the existing vdex file 1280 // cannot be currently used by a running process. 1281 // 3) We are not doing a profile guided compilation, because dexlayout requires two 1282 // different vdex files to operate. 1283 update_vdex_in_place = 1284 (in_vdex_path_str == out_vdex_path_str) && 1285 (dexopt_action == DEX2OAT_FOR_BOOT_IMAGE) && 1286 !profile_guided; 1287 if (update_vdex_in_place) { 1288 // Open the file read-write to be able to update it. 1289 in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDWR, 0)); 1290 if (in_vdex_wrapper_fd->get() == -1) { 1291 // If we failed to open the file, we cannot update it in place. 1292 update_vdex_in_place = false; 1293 } 1294 } else { 1295 in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDONLY, 0)); 1296 } 1297 } 1298 1299 // If we are updating the vdex in place, we do not need to recreate a vdex, 1300 // and can use the same existing one. 1301 if (update_vdex_in_place) { 1302 // We unlink the file in case the invocation of dex2oat fails, to ensure we don't 1303 // have bogus stale vdex files. 1304 out_vdex_wrapper_fd->reset( 1305 in_vdex_wrapper_fd->get(), 1306 [out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); }); 1307 // Disable auto close for the in wrapper fd (it will be done when destructing the out 1308 // wrapper). 1309 in_vdex_wrapper_fd->DisableAutoClose(); 1310 } else { 1311 out_vdex_wrapper_fd->reset( 1312 open_output_file(out_vdex_path_str.c_str(), /*recreate*/true, /*permissions*/0644), 1313 [out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); }); 1314 if (out_vdex_wrapper_fd->get() < 0) { 1315 ALOGE("installd cannot open vdex'%s' during dexopt\n", out_vdex_path_str.c_str()); 1316 return false; 1317 } 1318 } 1319 if (!set_permissions_and_ownership(out_vdex_wrapper_fd->get(), is_public, uid, 1320 out_vdex_path_str.c_str(), is_secondary_dex)) { 1321 ALOGE("installd cannot set owner '%s' for vdex during dexopt\n", out_vdex_path_str.c_str()); 1322 return false; 1323 } 1324 1325 // If we got here we successfully opened the vdex files. 1326 return true; 1327 } 1328 1329 // Opens the output oat file for the given apk. 1330 // If successful it stores the output path into out_oat_path and returns true. 1331 Dex2oatFileWrapper open_oat_out_file(const char* apk_path, const char* oat_dir, 1332 bool is_public, int uid, const char* instruction_set, bool is_secondary_dex, 1333 char* out_oat_path) { 1334 if (!create_oat_out_path(apk_path, instruction_set, oat_dir, is_secondary_dex, out_oat_path)) { 1335 return Dex2oatFileWrapper(); 1336 } 1337 const std::string out_oat_path_str(out_oat_path); 1338 Dex2oatFileWrapper wrapper_fd( 1339 open_output_file(out_oat_path, /*recreate*/true, /*permissions*/0644), 1340 [out_oat_path_str]() { unlink(out_oat_path_str.c_str()); }); 1341 if (wrapper_fd.get() < 0) { 1342 PLOG(ERROR) << "installd cannot open output during dexopt" << out_oat_path; 1343 } else if (!set_permissions_and_ownership( 1344 wrapper_fd.get(), is_public, uid, out_oat_path, is_secondary_dex)) { 1345 ALOGE("installd cannot set owner '%s' for output during dexopt\n", out_oat_path); 1346 wrapper_fd.reset(-1); 1347 } 1348 return wrapper_fd; 1349 } 1350 1351 // Updates the access times of out_oat_path based on those from apk_path. 1352 void update_out_oat_access_times(const char* apk_path, const char* out_oat_path) { 1353 struct stat input_stat; 1354 memset(&input_stat, 0, sizeof(input_stat)); 1355 if (stat(apk_path, &input_stat) != 0) { 1356 PLOG(ERROR) << "Could not stat " << apk_path << " during dexopt"; 1357 return; 1358 } 1359 1360 struct utimbuf ut; 1361 ut.actime = input_stat.st_atime; 1362 ut.modtime = input_stat.st_mtime; 1363 if (utime(out_oat_path, &ut) != 0) { 1364 PLOG(WARNING) << "Could not update access times for " << apk_path << " during dexopt"; 1365 } 1366 } 1367 1368 // Runs (execv) dexoptanalyzer on the given arguments. 1369 // The analyzer will check if the dex_file needs to be (re)compiled to match the compiler_filter. 1370 // If this is for a profile guided compilation, profile_was_updated will tell whether or not 1371 // the profile has changed. 1372 static void exec_dexoptanalyzer(const std::string& dex_file, const std::string& instruction_set, 1373 const std::string& compiler_filter, bool profile_was_updated, bool downgrade) { 1374 static const char* DEXOPTANALYZER_BIN = "/system/bin/dexoptanalyzer"; 1375 static const unsigned int MAX_INSTRUCTION_SET_LEN = 7; 1376 1377 if (instruction_set.size() >= MAX_INSTRUCTION_SET_LEN) { 1378 LOG(ERROR) << "Instruction set " << instruction_set 1379 << " longer than max length of " << MAX_INSTRUCTION_SET_LEN; 1380 return; 1381 } 1382 1383 std::string dex_file_arg = "--dex-file=" + dex_file; 1384 std::string isa_arg = "--isa=" + instruction_set; 1385 std::string compiler_filter_arg = "--compiler-filter=" + compiler_filter; 1386 const char* assume_profile_changed = "--assume-profile-changed"; 1387 const char* downgrade_flag = "--downgrade"; 1388 1389 // program name, dex file, isa, filter, the final NULL 1390 const int argc = 5 + 1391 (profile_was_updated ? 1 : 0) + 1392 (downgrade ? 1 : 0); 1393 const char* argv[argc]; 1394 int i = 0; 1395 argv[i++] = DEXOPTANALYZER_BIN; 1396 argv[i++] = dex_file_arg.c_str(); 1397 argv[i++] = isa_arg.c_str(); 1398 argv[i++] = compiler_filter_arg.c_str(); 1399 if (profile_was_updated) { 1400 argv[i++] = assume_profile_changed; 1401 } 1402 if (downgrade) { 1403 argv[i++] = downgrade_flag; 1404 } 1405 argv[i] = NULL; 1406 1407 execv(DEXOPTANALYZER_BIN, (char * const *)argv); 1408 ALOGE("execv(%s) failed: %s\n", DEXOPTANALYZER_BIN, strerror(errno)); 1409 } 1410 1411 // Prepares the oat dir for the secondary dex files. 1412 static bool prepare_secondary_dex_oat_dir(const std::string& dex_path, int uid, 1413 const char* instruction_set, std::string* oat_dir_out) { 1414 unsigned long dirIndex = dex_path.rfind('/'); 1415 if (dirIndex == std::string::npos) { 1416 LOG(ERROR ) << "Unexpected dir structure for secondary dex " << dex_path; 1417 return false; 1418 } 1419 std::string dex_dir = dex_path.substr(0, dirIndex); 1420 1421 // Create oat file output directory. 1422 mode_t oat_dir_mode = S_IRWXU | S_IRWXG | S_IXOTH; 1423 if (prepare_app_cache_dir(dex_dir, "oat", oat_dir_mode, uid, uid) != 0) { 1424 LOG(ERROR) << "Could not prepare oat dir for secondary dex: " << dex_path; 1425 return false; 1426 } 1427 1428 char oat_dir[PKG_PATH_MAX]; 1429 snprintf(oat_dir, PKG_PATH_MAX, "%s/oat", dex_dir.c_str()); 1430 oat_dir_out->assign(oat_dir); 1431 1432 // Create oat/isa output directory. 1433 if (prepare_app_cache_dir(*oat_dir_out, instruction_set, oat_dir_mode, uid, uid) != 0) { 1434 LOG(ERROR) << "Could not prepare oat/isa dir for secondary dex: " << dex_path; 1435 return false; 1436 } 1437 1438 return true; 1439 } 1440 1441 static int constexpr DEXOPTANALYZER_BIN_EXEC_ERROR = 200; 1442 1443 // Verifies the result of dexoptanalyzer executed for the apk_path. 1444 // If the result is valid returns true and sets dexopt_needed_out to a valid value. 1445 // Returns false for errors or unexpected result values. 1446 static bool process_dexoptanalyzer_result(const std::string& dex_path, int result, 1447 int* dexopt_needed_out) { 1448 // The result values are defined in dexoptanalyzer. 1449 switch (result) { 1450 case 0: // no_dexopt_needed 1451 *dexopt_needed_out = NO_DEXOPT_NEEDED; return true; 1452 case 1: // dex2oat_from_scratch 1453 *dexopt_needed_out = DEX2OAT_FROM_SCRATCH; return true; 1454 case 5: // dex2oat_for_bootimage_odex 1455 *dexopt_needed_out = -DEX2OAT_FOR_BOOT_IMAGE; return true; 1456 case 6: // dex2oat_for_filter_odex 1457 *dexopt_needed_out = -DEX2OAT_FOR_FILTER; return true; 1458 case 7: // dex2oat_for_relocation_odex 1459 *dexopt_needed_out = -DEX2OAT_FOR_RELOCATION; return true; 1460 case 2: // dex2oat_for_bootimage_oat 1461 case 3: // dex2oat_for_filter_oat 1462 case 4: // dex2oat_for_relocation_oat 1463 LOG(ERROR) << "Dexoptnalyzer return the status of an oat file." 1464 << " Expected odex file status for secondary dex " << dex_path 1465 << " : dexoptanalyzer result=" << result; 1466 return false; 1467 default: 1468 LOG(ERROR) << "Unexpected result for dexoptanalyzer " << dex_path 1469 << " exec_dexoptanalyzer result=" << result; 1470 return false; 1471 } 1472 } 1473 1474 // Processes the dex_path as a secondary dex files and return true if the path dex file should 1475 // be compiled. Returns false for errors (logged) or true if the secondary dex path was process 1476 // successfully. 1477 // When returning true, the output parameters will be: 1478 // - is_public_out: whether or not the oat file should not be made public 1479 // - dexopt_needed_out: valid OatFileAsssitant::DexOptNeeded 1480 // - oat_dir_out: the oat dir path where the oat file should be stored 1481 // - dex_path_out: the real path of the dex file 1482 static bool process_secondary_dex_dexopt(const char* original_dex_path, const char* pkgname, 1483 int dexopt_flags, const char* volume_uuid, int uid, const char* instruction_set, 1484 const char* compiler_filter, bool* is_public_out, int* dexopt_needed_out, 1485 std::string* oat_dir_out, std::string* dex_path_out, bool downgrade) { 1486 int storage_flag; 1487 1488 if ((dexopt_flags & DEXOPT_STORAGE_CE) != 0) { 1489 storage_flag = FLAG_STORAGE_CE; 1490 if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) { 1491 LOG(ERROR) << "Ambiguous secondary dex storage flag. Both, CE and DE, flags are set"; 1492 return false; 1493 } 1494 } else if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) { 1495 storage_flag = FLAG_STORAGE_DE; 1496 } else { 1497 LOG(ERROR) << "Secondary dex storage flag must be set"; 1498 return false; 1499 } 1500 1501 { 1502 // As opposed to the primary apk, secondary dex files might contain symlinks. 1503 // Resolve the path before passing it to the validate method to 1504 // make sure the verification is done on the real location. 1505 UniqueCPtr<char> dex_real_path_cstr(realpath(original_dex_path, nullptr)); 1506 if (dex_real_path_cstr == nullptr) { 1507 PLOG(ERROR) << "Could not get the real path of the secondary dex file " 1508 << original_dex_path; 1509 return false; 1510 } else { 1511 dex_path_out->assign(dex_real_path_cstr.get()); 1512 } 1513 } 1514 const std::string& dex_path = *dex_path_out; 1515 if (!validate_dex_path_size(dex_path)) { 1516 return false; 1517 } 1518 if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid, uid, storage_flag)) { 1519 LOG(ERROR) << "Could not validate secondary dex path " << dex_path; 1520 return false; 1521 } 1522 1523 // Check if the path exist. If not, there's nothing to do. 1524 struct stat dex_path_stat; 1525 if (stat(dex_path.c_str(), &dex_path_stat) != 0) { 1526 if (errno == ENOENT) { 1527 // Secondary dex files might be deleted any time by the app. 1528 // Nothing to do if that's the case 1529 ALOGV("Secondary dex does not exist %s", dex_path.c_str()); 1530 return NO_DEXOPT_NEEDED; 1531 } else { 1532 PLOG(ERROR) << "Could not access secondary dex " << dex_path; 1533 } 1534 } 1535 1536 // Check if we should make the oat file public. 1537 // Note that if the dex file is not public the compiled code cannot be made public. 1538 *is_public_out = ((dexopt_flags & DEXOPT_PUBLIC) != 0) && 1539 ((dex_path_stat.st_mode & S_IROTH) != 0); 1540 1541 // Prepare the oat directories. 1542 if (!prepare_secondary_dex_oat_dir(dex_path, uid, instruction_set, oat_dir_out)) { 1543 return false; 1544 } 1545 1546 // Analyze profiles. 1547 bool profile_was_updated = analyze_profiles(uid, dex_path, /*is_secondary_dex*/true); 1548 1549 pid_t pid = fork(); 1550 if (pid == 0) { 1551 // child -- drop privileges before continuing. 1552 drop_capabilities(uid); 1553 // Run dexoptanalyzer to get dexopt_needed code. 1554 exec_dexoptanalyzer(dex_path, instruction_set, compiler_filter, profile_was_updated, 1555 downgrade); 1556 exit(DEXOPTANALYZER_BIN_EXEC_ERROR); 1557 } 1558 1559 /* parent */ 1560 1561 int result = wait_child(pid); 1562 if (!WIFEXITED(result)) { 1563 LOG(ERROR) << "dexoptanalyzer failed for path " << dex_path << ": " << result; 1564 return false; 1565 } 1566 result = WEXITSTATUS(result); 1567 bool success = process_dexoptanalyzer_result(dex_path, result, dexopt_needed_out); 1568 // Run dexopt only if needed or forced. 1569 // Note that dexoptanalyzer is executed even if force compilation is enabled. 1570 // We ignore its valid dexopNeeded result, but still check (in process_dexoptanalyzer_result) 1571 // that we only get results for odex files (apk_dir/oat/isa/code.odex) and not 1572 // for oat files from dalvik-cache. 1573 if (success && ((dexopt_flags & DEXOPT_FORCE) != 0)) { 1574 *dexopt_needed_out = DEX2OAT_FROM_SCRATCH; 1575 } 1576 1577 return success; 1578 } 1579 1580 int dexopt(const char* dex_path, uid_t uid, const char* pkgname, const char* instruction_set, 1581 int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter, 1582 const char* volume_uuid, const char* class_loader_context, const char* se_info, 1583 bool downgrade) { 1584 CHECK(pkgname != nullptr); 1585 CHECK(pkgname[0] != 0); 1586 if ((dexopt_flags & ~DEXOPT_MASK) != 0) { 1587 LOG_FATAL("dexopt flags contains unknown fields\n"); 1588 } 1589 1590 if (!validate_dex_path_size(dex_path)) { 1591 return -1; 1592 } 1593 1594 if (class_loader_context != nullptr && strlen(class_loader_context) > PKG_PATH_MAX) { 1595 LOG(ERROR) << "Class loader context exceeds the allowed size: " << class_loader_context; 1596 return -1; 1597 } 1598 1599 bool is_public = (dexopt_flags & DEXOPT_PUBLIC) != 0; 1600 bool debuggable = (dexopt_flags & DEXOPT_DEBUGGABLE) != 0; 1601 bool boot_complete = (dexopt_flags & DEXOPT_BOOTCOMPLETE) != 0; 1602 bool profile_guided = (dexopt_flags & DEXOPT_PROFILE_GUIDED) != 0; 1603 bool is_secondary_dex = (dexopt_flags & DEXOPT_SECONDARY_DEX) != 0; 1604 1605 // Check if we're dealing with a secondary dex file and if we need to compile it. 1606 std::string oat_dir_str; 1607 std::string dex_real_path; 1608 if (is_secondary_dex) { 1609 if (process_secondary_dex_dexopt(dex_path, pkgname, dexopt_flags, volume_uuid, uid, 1610 instruction_set, compiler_filter, &is_public, &dexopt_needed, &oat_dir_str, 1611 &dex_real_path, 1612 downgrade)) { 1613 oat_dir = oat_dir_str.c_str(); 1614 dex_path = dex_real_path.c_str(); 1615 if (dexopt_needed == NO_DEXOPT_NEEDED) { 1616 return 0; // Nothing to do, report success. 1617 } 1618 } else { 1619 return -1; // We had an error, logged in the process method. 1620 } 1621 } else { 1622 // Currently these flags are only use for secondary dex files. 1623 // Verify that they are not set for primary apks. 1624 CHECK((dexopt_flags & DEXOPT_STORAGE_CE) == 0); 1625 CHECK((dexopt_flags & DEXOPT_STORAGE_DE) == 0); 1626 } 1627 1628 // Open the input file. 1629 unique_fd input_fd(open(dex_path, O_RDONLY, 0)); 1630 if (input_fd.get() < 0) { 1631 ALOGE("installd cannot open '%s' for input during dexopt\n", dex_path); 1632 return -1; 1633 } 1634 1635 // Create the output OAT file. 1636 char out_oat_path[PKG_PATH_MAX]; 1637 Dex2oatFileWrapper out_oat_fd = open_oat_out_file(dex_path, oat_dir, is_public, uid, 1638 instruction_set, is_secondary_dex, out_oat_path); 1639 if (out_oat_fd.get() < 0) { 1640 return -1; 1641 } 1642 1643 // Open vdex files. 1644 Dex2oatFileWrapper in_vdex_fd; 1645 Dex2oatFileWrapper out_vdex_fd; 1646 if (!open_vdex_files(dex_path, out_oat_path, dexopt_needed, instruction_set, is_public, uid, 1647 is_secondary_dex, profile_guided, &in_vdex_fd, &out_vdex_fd)) { 1648 return -1; 1649 } 1650 1651 // Ensure that the oat dir and the compiler artifacts of secondary dex files have the correct 1652 // selinux context (we generate them on the fly during the dexopt invocation and they don't 1653 // fully inherit their parent context). 1654 // Note that for primary apk the oat files are created before, in a separate installd 1655 // call which also does the restorecon. TODO(calin): unify the paths. 1656 if (is_secondary_dex) { 1657 if (selinux_android_restorecon_pkgdir(oat_dir, se_info, uid, 1658 SELINUX_ANDROID_RESTORECON_RECURSE)) { 1659 LOG(ERROR) << "Failed to restorecon " << oat_dir; 1660 return -1; 1661 } 1662 } 1663 1664 // Create a swap file if necessary. 1665 unique_fd swap_fd = maybe_open_dexopt_swap_file(out_oat_path); 1666 1667 // Create the app image file if needed. 1668 Dex2oatFileWrapper image_fd = 1669 maybe_open_app_image(out_oat_path, profile_guided, is_public, uid, is_secondary_dex); 1670 1671 // Open the reference profile if needed. 1672 Dex2oatFileWrapper reference_profile_fd = maybe_open_reference_profile( 1673 pkgname, dex_path, profile_guided, is_public, uid, is_secondary_dex); 1674 1675 ALOGV("DexInv: --- BEGIN '%s' ---\n", dex_path); 1676 1677 pid_t pid = fork(); 1678 if (pid == 0) { 1679 /* child -- drop privileges before continuing */ 1680 drop_capabilities(uid); 1681 1682 SetDex2OatScheduling(boot_complete); 1683 if (flock(out_oat_fd.get(), LOCK_EX | LOCK_NB) != 0) { 1684 ALOGE("flock(%s) failed: %s\n", out_oat_path, strerror(errno)); 1685 _exit(67); 1686 } 1687 1688 run_dex2oat(input_fd.get(), 1689 out_oat_fd.get(), 1690 in_vdex_fd.get(), 1691 out_vdex_fd.get(), 1692 image_fd.get(), 1693 dex_path, 1694 out_oat_path, 1695 swap_fd.get(), 1696 instruction_set, 1697 compiler_filter, 1698 debuggable, 1699 boot_complete, 1700 reference_profile_fd.get(), 1701 class_loader_context); 1702 _exit(68); /* only get here on exec failure */ 1703 } else { 1704 int res = wait_child(pid); 1705 if (res == 0) { 1706 ALOGV("DexInv: --- END '%s' (success) ---\n", dex_path); 1707 } else { 1708 ALOGE("DexInv: --- END '%s' --- status=0x%04x, process failed\n", dex_path, res); 1709 return res; 1710 } 1711 } 1712 1713 update_out_oat_access_times(dex_path, out_oat_path); 1714 1715 // We've been successful, don't delete output. 1716 out_oat_fd.SetCleanup(false); 1717 out_vdex_fd.SetCleanup(false); 1718 image_fd.SetCleanup(false); 1719 reference_profile_fd.SetCleanup(false); 1720 1721 return 0; 1722 } 1723 1724 // Try to remove the given directory. Log an error if the directory exists 1725 // and is empty but could not be removed. 1726 static bool rmdir_if_empty(const char* dir) { 1727 if (rmdir(dir) == 0) { 1728 return true; 1729 } 1730 if (errno == ENOENT || errno == ENOTEMPTY) { 1731 return true; 1732 } 1733 PLOG(ERROR) << "Failed to remove dir: " << dir; 1734 return false; 1735 } 1736 1737 // Try to unlink the given file. Log an error if the file exists and could not 1738 // be unlinked. 1739 static bool unlink_if_exists(const std::string& file) { 1740 if (unlink(file.c_str()) == 0) { 1741 return true; 1742 } 1743 if (errno == ENOENT) { 1744 return true; 1745 1746 } 1747 PLOG(ERROR) << "Could not unlink: " << file; 1748 return false; 1749 } 1750 1751 // Create the oat file structure for the secondary dex 'dex_path' and assign 1752 // the individual path component to the 'out_' parameters. 1753 static bool create_secondary_dex_oat_layout(const std::string& dex_path, const std::string& isa, 1754 /*out*/char* out_oat_dir, /*out*/char* out_oat_isa_dir, /*out*/char* out_oat_path) { 1755 size_t dirIndex = dex_path.rfind('/'); 1756 if (dirIndex == std::string::npos) { 1757 LOG(ERROR) << "Unexpected dir structure for dex file " << dex_path; 1758 return false; 1759 } 1760 // TODO(calin): we have similar computations in at lest 3 other places 1761 // (InstalldNativeService, otapropt and dexopt). Unify them and get rid of snprintf by 1762 // use string append. 1763 std::string apk_dir = dex_path.substr(0, dirIndex); 1764 snprintf(out_oat_dir, PKG_PATH_MAX, "%s/oat", apk_dir.c_str()); 1765 snprintf(out_oat_isa_dir, PKG_PATH_MAX, "%s/%s", out_oat_dir, isa.c_str()); 1766 1767 if (!create_oat_out_path(dex_path.c_str(), isa.c_str(), out_oat_dir, 1768 /*is_secondary_dex*/true, out_oat_path)) { 1769 LOG(ERROR) << "Could not create oat path for secondary dex " << dex_path; 1770 return false; 1771 } 1772 return true; 1773 } 1774 1775 // Reconcile the secondary dex 'dex_path' and its generated oat files. 1776 // Return true if all the parameters are valid and the secondary dex file was 1777 // processed successfully (i.e. the dex_path either exists, or if not, its corresponding 1778 // oat/vdex/art files where deleted successfully). In this case, out_secondary_dex_exists 1779 // will be true if the secondary dex file still exists. If the secondary dex file does not exist, 1780 // the method cleans up any previously generated compiler artifacts (oat, vdex, art). 1781 // Return false if there were errors during processing. In this case 1782 // out_secondary_dex_exists will be set to false. 1783 bool reconcile_secondary_dex_file(const std::string& dex_path, 1784 const std::string& pkgname, int uid, const std::vector<std::string>& isas, 1785 const std::unique_ptr<std::string>& volume_uuid, int storage_flag, 1786 /*out*/bool* out_secondary_dex_exists) { 1787 // Set out to false to start with, just in case we have validation errors. 1788 *out_secondary_dex_exists = false; 1789 if (!validate_dex_path_size(dex_path)) { 1790 return false; 1791 } 1792 1793 if (isas.size() == 0) { 1794 LOG(ERROR) << "reconcile_secondary_dex_file called with empty isas vector"; 1795 return false; 1796 } 1797 1798 const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str(); 1799 1800 // Note that we cannot validate the package path here because the file might not exist 1801 // and we cannot call realpath to resolve system symlinks. Since /data/user/0 symlinks to 1802 // /data/data/ a lot of validations will fail if we attempt to check the package path. 1803 // It is still ok to be more relaxed because any file removal is done after forking and 1804 // dropping capabilities. 1805 if (!validate_secondary_dex_path(pkgname.c_str(), dex_path.c_str(), volume_uuid_cstr, 1806 uid, storage_flag, /*validate_package_path*/ false)) { 1807 LOG(ERROR) << "Could not validate secondary dex path " << dex_path; 1808 return false; 1809 } 1810 1811 if (access(dex_path.c_str(), F_OK) == 0) { 1812 // The path exists, nothing to do. The odex files (if any) will be left untouched. 1813 *out_secondary_dex_exists = true; 1814 return true; 1815 } else if (errno != ENOENT) { 1816 PLOG(ERROR) << "Failed to check access to secondary dex " << dex_path; 1817 return false; 1818 } 1819 1820 // As a security measure we want to unlink art artifacts with the reduced capabilities 1821 // of the package user id. So we fork and drop capabilities in the child. 1822 pid_t pid = fork(); 1823 if (pid == 0) { 1824 // The secondary dex does not exist anymore. Clear any generated files. 1825 char oat_path[PKG_PATH_MAX]; 1826 char oat_dir[PKG_PATH_MAX]; 1827 char oat_isa_dir[PKG_PATH_MAX]; 1828 bool result = true; 1829 /* child -- drop privileges before continuing */ 1830 drop_capabilities(uid); 1831 for (size_t i = 0; i < isas.size(); i++) { 1832 if (!create_secondary_dex_oat_layout(dex_path, 1833 isas[i], 1834 oat_dir, 1835 oat_isa_dir, 1836 oat_path)) { 1837 LOG(ERROR) << "Could not create secondary odex layout: " 1838 << dex_path; 1839 result = false; 1840 continue; 1841 } 1842 1843 // Delete oat/vdex/art files. 1844 result = unlink_if_exists(oat_path) && result; 1845 result = unlink_if_exists(create_vdex_filename(oat_path)) && result; 1846 result = unlink_if_exists(create_image_filename(oat_path)) && result; 1847 1848 // Delete profiles. 1849 std::string current_profile = create_current_profile_path( 1850 multiuser_get_user_id(uid), dex_path, /*is_secondary*/true); 1851 std::string reference_profile = create_reference_profile_path( 1852 dex_path, /*is_secondary*/true); 1853 result = unlink_if_exists(current_profile) && result; 1854 result = unlink_if_exists(reference_profile) && result; 1855 1856 // We upgraded once the location of current profile for secondary dex files. 1857 // Check for any previous left-overs and remove them as well. 1858 std::string old_current_profile = dex_path + ".prof"; 1859 result = unlink_if_exists(old_current_profile); 1860 1861 // Try removing the directories as well, they might be empty. 1862 result = rmdir_if_empty(oat_isa_dir) && result; 1863 result = rmdir_if_empty(oat_dir) && result; 1864 } 1865 result ? _exit(0) : _exit(1); 1866 } 1867 1868 int return_code = wait_child(pid); 1869 return return_code == 0; 1870 } 1871 1872 // Helper for move_ab, so that we can have common failure-case cleanup. 1873 static bool unlink_and_rename(const char* from, const char* to) { 1874 // Check whether "from" exists, and if so whether it's regular. If it is, unlink. Otherwise, 1875 // return a failure. 1876 struct stat s; 1877 if (stat(to, &s) == 0) { 1878 if (!S_ISREG(s.st_mode)) { 1879 LOG(ERROR) << from << " is not a regular file to replace for A/B."; 1880 return false; 1881 } 1882 if (unlink(to) != 0) { 1883 LOG(ERROR) << "Could not unlink " << to << " to move A/B."; 1884 return false; 1885 } 1886 } else { 1887 // This may be a permission problem. We could investigate the error code, but we'll just 1888 // let the rename failure do the work for us. 1889 } 1890 1891 // Try to rename "to" to "from." 1892 if (rename(from, to) != 0) { 1893 PLOG(ERROR) << "Could not rename " << from << " to " << to; 1894 return false; 1895 } 1896 return true; 1897 } 1898 1899 // Move/rename a B artifact (from) to an A artifact (to). 1900 static bool move_ab_path(const std::string& b_path, const std::string& a_path) { 1901 // Check whether B exists. 1902 { 1903 struct stat s; 1904 if (stat(b_path.c_str(), &s) != 0) { 1905 // Silently ignore for now. The service calling this isn't smart enough to understand 1906 // lack of artifacts at the moment. 1907 return false; 1908 } 1909 if (!S_ISREG(s.st_mode)) { 1910 LOG(ERROR) << "A/B artifact " << b_path << " is not a regular file."; 1911 // Try to unlink, but swallow errors. 1912 unlink(b_path.c_str()); 1913 return false; 1914 } 1915 } 1916 1917 // Rename B to A. 1918 if (!unlink_and_rename(b_path.c_str(), a_path.c_str())) { 1919 // Delete the b_path so we don't try again (or fail earlier). 1920 if (unlink(b_path.c_str()) != 0) { 1921 PLOG(ERROR) << "Could not unlink " << b_path; 1922 } 1923 1924 return false; 1925 } 1926 1927 return true; 1928 } 1929 1930 bool move_ab(const char* apk_path, const char* instruction_set, const char* oat_dir) { 1931 // Get the current slot suffix. No suffix, no A/B. 1932 std::string slot_suffix; 1933 { 1934 char buf[kPropertyValueMax]; 1935 if (get_property("ro.boot.slot_suffix", buf, nullptr) <= 0) { 1936 return false; 1937 } 1938 slot_suffix = buf; 1939 1940 if (!ValidateTargetSlotSuffix(slot_suffix)) { 1941 LOG(ERROR) << "Target slot suffix not legal: " << slot_suffix; 1942 return false; 1943 } 1944 } 1945 1946 // Validate other inputs. 1947 if (validate_apk_path(apk_path) != 0) { 1948 LOG(ERROR) << "Invalid apk_path: " << apk_path; 1949 return false; 1950 } 1951 if (validate_apk_path(oat_dir) != 0) { 1952 LOG(ERROR) << "Invalid oat_dir: " << oat_dir; 1953 return false; 1954 } 1955 1956 char a_path[PKG_PATH_MAX]; 1957 if (!calculate_oat_file_path(a_path, oat_dir, apk_path, instruction_set)) { 1958 return false; 1959 } 1960 const std::string a_vdex_path = create_vdex_filename(a_path); 1961 const std::string a_image_path = create_image_filename(a_path); 1962 1963 // B path = A path + slot suffix. 1964 const std::string b_path = StringPrintf("%s.%s", a_path, slot_suffix.c_str()); 1965 const std::string b_vdex_path = StringPrintf("%s.%s", a_vdex_path.c_str(), slot_suffix.c_str()); 1966 const std::string b_image_path = StringPrintf("%s.%s", 1967 a_image_path.c_str(), 1968 slot_suffix.c_str()); 1969 1970 bool success = true; 1971 if (move_ab_path(b_path, a_path)) { 1972 if (move_ab_path(b_vdex_path, a_vdex_path)) { 1973 // Note: we can live without an app image. As such, ignore failure to move the image file. 1974 // If we decide to require the app image, or the app image being moved correctly, 1975 // then change accordingly. 1976 constexpr bool kIgnoreAppImageFailure = true; 1977 1978 if (!a_image_path.empty()) { 1979 if (!move_ab_path(b_image_path, a_image_path)) { 1980 unlink(a_image_path.c_str()); 1981 if (!kIgnoreAppImageFailure) { 1982 success = false; 1983 } 1984 } 1985 } 1986 } else { 1987 // Cleanup: delete B image, ignore errors. 1988 unlink(b_image_path.c_str()); 1989 success = false; 1990 } 1991 } else { 1992 // Cleanup: delete B image, ignore errors. 1993 unlink(b_vdex_path.c_str()); 1994 unlink(b_image_path.c_str()); 1995 success = false; 1996 } 1997 return success; 1998 } 1999 2000 bool delete_odex(const char* apk_path, const char* instruction_set, const char* oat_dir) { 2001 // Delete the oat/odex file. 2002 char out_path[PKG_PATH_MAX]; 2003 if (!create_oat_out_path(apk_path, instruction_set, oat_dir, 2004 /*is_secondary_dex*/false, out_path)) { 2005 return false; 2006 } 2007 2008 // In case of a permission failure report the issue. Otherwise just print a warning. 2009 auto unlink_and_check = [](const char* path) -> bool { 2010 int result = unlink(path); 2011 if (result != 0) { 2012 if (errno == EACCES || errno == EPERM) { 2013 PLOG(ERROR) << "Could not unlink " << path; 2014 return false; 2015 } 2016 PLOG(WARNING) << "Could not unlink " << path; 2017 } 2018 return true; 2019 }; 2020 2021 // Delete the oat/odex file. 2022 bool return_value_oat = unlink_and_check(out_path); 2023 2024 // Derive and delete the app image. 2025 bool return_value_art = unlink_and_check(create_image_filename(out_path).c_str()); 2026 2027 // Derive and delete the vdex file. 2028 bool return_value_vdex = unlink_and_check(create_vdex_filename(out_path).c_str()); 2029 2030 // Report success. 2031 return return_value_oat && return_value_art && return_value_vdex; 2032 } 2033 2034 } // namespace installd 2035 } // namespace android 2036