OverlayManager Fabricated RROs (6a2ca782) · Commits · e / os / android_frameworks_base

Android.bp

+1 −0

Original line number	Diff line number	Diff line
		@@ -369,6 +369,7 @@ filegroup {
		":framework_native_aidl",
		":gatekeeper_aidl",
		":gsiservice_aidl",
		":idmap2_core_aidl",
		":incidentcompanion_aidl",
		":inputconstants_aidl",
		":installd_aidl",

cmds/idmap2/Android.bp

+23 −9

Original line number	Diff line number	Diff line
		@@ -274,6 +274,7 @@ cc_binary {
		"libziparchive",
		],
		static_libs: [
		"libc++fs",
		"libidmap2_protos",
		"libidmap2daidl",
		],
		@@ -282,28 +283,41 @@ cc_binary {

		cc_library_static {
		name: "libidmap2daidl",
		defaults: [
		"idmap2_defaults",
		],
		tidy: false,
		host_supported: false,
		srcs: [
		":idmap2_aidl",
		":idmap2_core_aidl",
		],
		header_libs: [
		"libbinder_headers",
		],
		shared_libs: [
		"libbase",
		],
		aidl: {
		export_aidl_headers: true,
		local_include_dirs: [
		"idmap2d/aidl/core",
		"idmap2d/aidl/services/",
		],
		},
		}

		filegroup {
		name: "idmap2_core_aidl",
		srcs: [
		"idmap2d/aidl/core/android/os/FabricatedOverlayInternal.aidl",
		"idmap2d/aidl/core/android/os/FabricatedOverlayInternalEntry.aidl",
		"idmap2d/aidl/core/android/os/FabricatedOverlayInfo.aidl",
		],
		path: "idmap2d/aidl/core/",
		}

		filegroup {
		name: "idmap2_aidl",
		srcs: [
		"idmap2d/aidl/android/os/IIdmap2.aidl",
		"idmap2d/aidl/services/android/os/IIdmap2.aidl",
		],
		path: "idmap2d/aidl",
		path: "idmap2d/aidl/services/",
		}

		aidl_interface {
		@@ -315,7 +329,7 @@ aidl_interface {
		filegroup {
		name: "overlayable_policy_aidl_files",
		srcs: [
		"idmap2d/aidl/android/os/OverlayablePolicy.aidl",
		"idmap2d/aidl/services/android/os/OverlayablePolicy.aidl",
		],
		path: "idmap2d/aidl",
		path: "idmap2d/aidl/services/",
		}

cmds/idmap2/idmap2d/Idmap2Service.cpp

+143 −11

Original line number	Diff line number	Diff line
		@@ -18,10 +18,10 @@

		#include <sys/stat.h> // umask
		#include <sys/types.h> // umask
		#include <unistd.h>

		#include <cerrno>
		#include <cstring>
		#include <filesystem>
		#include <fstream>
		#include <memory>
		#include <ostream>
		@@ -35,18 +35,20 @@
		#include "idmap2/Idmap.h"
		#include "idmap2/Result.h"
		#include "idmap2/SysTrace.h"
		#include "utils/String8.h"

		using android::IPCThreadState;
		using android::base::StringPrintf;
		using android::binder::Status;
		using android::idmap2::BinaryStreamVisitor;
		using android::idmap2::FabricatedOverlay;
		using android::idmap2::FabricatedOverlayContainer;
		using android::idmap2::Idmap;
		using android::idmap2::IdmapHeader;
		using android::idmap2::OverlayResourceContainer;
		using android::idmap2::TargetResourceContainer;
		using android::idmap2::utils::kIdmapCacheDir;
		using android::idmap2::utils::kIdmapFilePermissionMask;
		using android::idmap2::utils::RandomStringForPath;
		using android::idmap2::utils::UidHasWriteAccessToPath;

		using PolicyBitmask = android::ResTable_overlayable_policy_header::PolicyBitmask;
		@@ -67,6 +69,7 @@ Status error(const std::string& msg) {
		PolicyBitmask ConvertAidlArgToPolicyBitmask(int32_t arg) {
		return static_cast<PolicyBitmask>(arg);
		}

		} // namespace

		namespace android::os {
		@@ -99,8 +102,9 @@ Status Idmap2Service::removeIdmap(const std::string& overlay_path, int32_t user_
		}

		Status Idmap2Service::verifyIdmap(const std::string& target_path, const std::string& overlay_path,
		int32_t fulfilled_policies, bool enforce_overlayable,
		int32_t user_id ATTRIBUTE_UNUSED, bool* _aidl_return) {
		const std::string& overlay_name, int32_t fulfilled_policies,
		bool enforce_overlayable, int32_t user_id ATTRIBUTE_UNUSED,
		bool* _aidl_return) {
		SYSTRACE << "Idmap2Service::verifyIdmap " << overlay_path;
		assert(_aidl_return);

		@@ -128,9 +132,8 @@ Status Idmap2Service::verifyIdmap(const std::string& target_path, const std::str
		return ok();
		}

		// TODO(162841629): Support passing overlay name to idmap2d verify
		auto up_to_date =
		header->IsUpToDate(GetPointer(target), **overlay, "",
		header->IsUpToDate(GetPointer(target), **overlay, overlay_name,
		ConvertAidlArgToPolicyBitmask(fulfilled_policies), enforce_overlayable);

		*_aidl_return = static_cast<bool>(up_to_date);
		@@ -142,8 +145,8 @@ Status Idmap2Service::verifyIdmap(const std::string& target_path, const std::str
		}

		Status Idmap2Service::createIdmap(const std::string& target_path, const std::string& overlay_path,
		int32_t fulfilled_policies, bool enforce_overlayable,
		int32_t user_id ATTRIBUTE_UNUSED,
		const std::string& overlay_name, int32_t fulfilled_policies,
		bool enforce_overlayable, int32_t user_id ATTRIBUTE_UNUSED,
		std::optional<std::string>* _aidl_return) {
		assert(_aidl_return);
		SYSTRACE << "Idmap2Service::createIdmap " << target_path << " " << overlay_path;
		@@ -168,9 +171,8 @@ Status Idmap2Service::createIdmap(const std::string& target_path, const std::str
		return error("failed to load apk overlay '%s'" + overlay_path);
		}

		// TODO(162841629): Support passing overlay name to idmap2d create
		const auto idmap = Idmap::FromContainers(GetPointer(target), **overlay, "", policy_bitmask,
		enforce_overlayable);
		const auto idmap = Idmap::FromContainers(GetPointer(target), **overlay, overlay_name,
		policy_bitmask, enforce_overlayable);
		if (!idmap) {
		return error(idmap.GetErrorMessage());
		}
		@@ -218,4 +220,134 @@ idmap2::Result<Idmap2Service::TargetResourceContainerPtr> Idmap2Service::GetTarg
		return {std::move(*target)};
		}

		Status Idmap2Service::createFabricatedOverlay(
		const os::FabricatedOverlayInternal& overlay,
		std::optional<os::FabricatedOverlayInfo>* _aidl_return) {
		idmap2::FabricatedOverlay::Builder builder(overlay.packageName, overlay.overlayName,
		overlay.targetPackageName);
		if (!overlay.targetOverlayable.empty()) {
		builder.SetOverlayable(overlay.targetOverlayable);
		}

		for (const auto& res : overlay.entries) {
		builder.SetResourceValue(res.resourceName, res.dataType, res.data);
		}

		// Generate the file path of the fabricated overlay and ensure it does not collide with an
		// existing path. Re-registering a fabricated overlay will always result in an updated path.
		std::string path;
		std::string file_name;
		do {
		constexpr size_t kSuffixLength = 4;
		const std::string random_suffix = RandomStringForPath(kSuffixLength);
		file_name = StringPrintf("%s-%s-%s.frro", overlay.packageName.c_str(),
		overlay.overlayName.c_str(), random_suffix.c_str());
		path = StringPrintf("%s/%s", kIdmapCacheDir, file_name.c_str());

		// Invoking std::filesystem::exists with a file name greater than 255 characters will cause this
		// process to abort since the name exceeds the maximum file name size.
		const size_t kMaxFileNameLength = 255;
		if (file_name.size() > kMaxFileNameLength) {
		return error(
		base::StringPrintf("fabricated overlay file name '%s' longer than %zu characters",
		file_name.c_str(), kMaxFileNameLength));
		}
		} while (std::filesystem::exists(path));

		const uid_t uid = IPCThreadState::self()->getCallingUid();
		if (!UidHasWriteAccessToPath(uid, path)) {
		return error(base::StringPrintf("will not write to %s: calling uid %d lacks write access",
		path.c_str(), uid));
		}

		// Persist the fabricated overlay.
		umask(kIdmapFilePermissionMask);
		std::ofstream fout(path);
		if (fout.fail()) {
		return error("failed to open frro path " + path);
		}
		const auto frro = builder.Build();
		if (!frro) {
		return error(StringPrintf("failed to serialize '%s:%s': %s", overlay.packageName.c_str(),
		overlay.overlayName.c_str(), frro.GetErrorMessage().c_str()));
		}
		auto result = frro->ToBinaryStream(fout);
		if (!result) {
		unlink(path.c_str());
		return error("failed to write to frro path " + path + ": " + result.GetErrorMessage());
		}
		if (fout.fail()) {
		unlink(path.c_str());
		return error("failed to write to frro path " + path);
		}

		os::FabricatedOverlayInfo out_info;
		out_info.packageName = overlay.packageName;
		out_info.overlayName = overlay.overlayName;
		out_info.targetPackageName = overlay.targetPackageName;
		out_info.targetOverlayable = overlay.targetOverlayable;
		out_info.path = path;
		*_aidl_return = out_info;
		return ok();
		}

		Status Idmap2Service::getFabricatedOverlayInfos(
		std::vector<os::FabricatedOverlayInfo>* _aidl_return) {
		for (const auto& entry : std::filesystem::directory_iterator(kIdmapCacheDir)) {
		if (!android::IsFabricatedOverlay(entry.path())) {
		continue;
		}

		const auto overlay = FabricatedOverlayContainer::FromPath(entry.path());
		if (!overlay) {
		// This is a sign something went wrong.
		LOG(ERROR) << "Failed to open '" << entry.path() << "': " << overlay.GetErrorMessage();
		continue;
		}

		const auto info = (*overlay)->GetManifestInfo();
		os::FabricatedOverlayInfo out_info;
		out_info.packageName = info.package_name;
		out_info.overlayName = info.name;
		out_info.targetPackageName = info.target_package;
		out_info.targetOverlayable = info.target_name;
		out_info.path = entry.path();
		_aidl_return->emplace_back(std::move(out_info));
		}

		return ok();
		}

		binder::Status Idmap2Service::deleteFabricatedOverlay(const std::string& overlay_path,
		bool* _aidl_return) {
		SYSTRACE << "Idmap2Service::deleteFabricatedOverlay " << overlay_path;
		const uid_t uid = IPCThreadState::self()->getCallingUid();

		if (!UidHasWriteAccessToPath(uid, overlay_path)) {
		*_aidl_return = false;
		return error(base::StringPrintf("failed to unlink %s: calling uid %d lacks write access",
		overlay_path.c_str(), uid));
		}

		const std::string idmap_path = Idmap::CanonicalIdmapPathFor(kIdmapCacheDir, overlay_path);
		if (!UidHasWriteAccessToPath(uid, idmap_path)) {
		*_aidl_return = false;
		return error(base::StringPrintf("failed to unlink %s: calling uid %d lacks write access",
		idmap_path.c_str(), uid));
		}

		if (unlink(overlay_path.c_str()) != 0) {
		*_aidl_return = false;
		return error("failed to unlink " + overlay_path + ": " + strerror(errno));
		}

		if (unlink(idmap_path.c_str()) != 0) {
		*_aidl_return = false;
		return error("failed to unlink " + idmap_path + ": " + strerror(errno));
		}

		*_aidl_return = true;
		return ok();
		}

		} // namespace android::os

cmds/idmap2/idmap2d/Idmap2Service.h

+17 −2

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@

		#include <android-base/unique_fd.h>
		#include <android/os/BnIdmap2.h>
		#include <android/os/FabricatedOverlayInfo.h>
		#include <binder/BinderService.h>
		#include <idmap2/ResourceContainer.h>
		#include <idmap2/Result.h>
		@@ -40,18 +41,32 @@ class Idmap2Service : public BinderService<Idmap2Service>, public BnIdmap2 {
		bool* _aidl_return) override;

		binder::Status verifyIdmap(const std::string& target_path, const std::string& overlay_path,
		int32_t fulfilled_policies, bool enforce_overlayable, int32_t user_id,
		const std::string& overlay_name, int32_t fulfilled_policies,
		bool enforce_overlayable, int32_t user_id,
		bool* _aidl_return) override;

		binder::Status createIdmap(const std::string& target_path, const std::string& overlay_path,
		int32_t fulfilled_policies, bool enforce_overlayable, int32_t user_id,
		const std::string& overlay_name, int32_t fulfilled_policies,
		bool enforce_overlayable, int32_t user_id,
		std::optional<std::string>* _aidl_return) override;

		binder::Status createFabricatedOverlay(
		const os::FabricatedOverlayInternal& overlay,
		std::optional<os::FabricatedOverlayInfo>* _aidl_return) override;

		binder::Status deleteFabricatedOverlay(const std::string& overlay_path,
		bool* _aidl_return) override;

		binder::Status getFabricatedOverlayInfos(
		std::vector<os::FabricatedOverlayInfo>* _aidl_return) override;

		private:
		// idmap2d is killed after a period of inactivity, so any information stored on this class should
		// be able to be recalculated if idmap2 dies and restarts.
		std::unique_ptr<idmap2::TargetResourceContainer> framework_apk_cache_;

		std::vector<os::FabricatedOverlayInfo> fabricated_overlays_;

		template <typename T>
		using MaybeUniquePtr = std::variant<std::unique_ptr<T>, T*>;

cmds/idmap2/idmap2d/aidl/core/android/os/FabricatedOverlayInfo.aidl

0 → 100644

+28 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2021 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package android.os;

		/**
		* @hide
		*/
		parcelable FabricatedOverlayInfo {
		@utf8InCpp String path;
		@utf8InCpp String packageName;
		@utf8InCpp String overlayName;
		@utf8InCpp String targetPackageName;
		@utf8InCpp String targetOverlayable;
		}
		No newline at end of file