Loading cmds/installd/InstalldNativeService.cpp +108 −0 Original line number Diff line number Diff line Loading @@ -88,6 +88,7 @@ static constexpr int FLAG_USE_QUOTA = 1 << 12; static constexpr int FLAG_FREE_CACHE_V2 = 1 << 13; static constexpr int FLAG_FREE_CACHE_V2_DEFY_QUOTA = 1 << 14; static constexpr int FLAG_FREE_CACHE_NOOP = 1 << 15; static constexpr int FLAG_FORCE = 1 << 16; namespace { Loading Loading @@ -600,6 +601,113 @@ binder::Status InstalldNativeService::destroyAppData(const std::unique_ptr<std:: return res; } static gid_t get_cache_gid(uid_t uid) { int32_t gid = multiuser_get_cache_gid(multiuser_get_user_id(uid), multiuser_get_app_id(uid)); return (gid != -1) ? gid : uid; } binder::Status InstalldNativeService::fixupAppData(const std::unique_ptr<std::string>& uuid, int32_t flags) { ENFORCE_UID(AID_SYSTEM); CHECK_ARGUMENT_UUID(uuid); std::lock_guard<std::recursive_mutex> lock(mLock); const char* uuid_ = uuid ? uuid->c_str() : nullptr; for (auto user : get_known_users(uuid_)) { ATRACE_BEGIN("fixup user"); FTS* fts; FTSENT* p; char *argv[] = { (char*) create_data_user_ce_path(uuid_, user).c_str(), (char*) create_data_user_de_path(uuid_, user).c_str(), nullptr }; if (!(fts = fts_open(argv, FTS_PHYSICAL | FTS_NOCHDIR | FTS_XDEV, NULL))) { return error("Failed to fts_open"); } while ((p = fts_read(fts)) != nullptr) { if (p->fts_info == FTS_D && p->fts_level == 1) { // Track down inodes of cache directories uint64_t raw = 0; ino_t inode_cache = 0; ino_t inode_code_cache = 0; if (getxattr(p->fts_path, kXattrInodeCache, &raw, sizeof(raw)) == sizeof(raw)) { inode_cache = raw; } if (getxattr(p->fts_path, kXattrInodeCodeCache, &raw, sizeof(raw)) == sizeof(raw)) { inode_code_cache = raw; } // Figure out expected GID of each child FTSENT* child = fts_children(fts, 0); while (child != nullptr) { if ((child->fts_statp->st_ino == inode_cache) || (child->fts_statp->st_ino == inode_code_cache) || !strcmp(child->fts_name, "cache") || !strcmp(child->fts_name, "code_cache")) { child->fts_number = get_cache_gid(p->fts_statp->st_uid); } else { child->fts_number = p->fts_statp->st_uid; } child = child->fts_link; } } else if (p->fts_level >= 2) { if (p->fts_level > 2) { // Inherit GID from parent once we're deeper into tree p->fts_number = p->fts_parent->fts_number; } uid_t uid = p->fts_parent->fts_statp->st_uid; gid_t cache_gid = get_cache_gid(uid); gid_t expected = p->fts_number; gid_t actual = p->fts_statp->st_gid; if (actual == expected) { #if FIXUP_DEBUG LOG(DEBUG) << "Ignoring " << p->fts_path << " with expected GID " << expected; #endif if (!(flags & FLAG_FORCE)) { fts_set(fts, p, FTS_SKIP); } } else if ((actual == uid) || (actual == cache_gid)) { // Only consider fixing up when current GID belongs to app if (p->fts_info != FTS_D) { LOG(INFO) << "Fixing " << p->fts_path << " with unexpected GID " << actual << " instead of " << expected; } switch (p->fts_info) { case FTS_DP: // If we're moving towards cache GID, we need to set S_ISGID if (expected == cache_gid) { if (chmod(p->fts_path, 02771) != 0) { PLOG(WARNING) << "Failed to chmod " << p->fts_path; } } // Intentional fall through to also set GID case FTS_F: if (chown(p->fts_path, -1, expected) != 0) { PLOG(WARNING) << "Failed to chown " << p->fts_path; } break; case FTS_SL: case FTS_SLNONE: if (lchown(p->fts_path, -1, expected) != 0) { PLOG(WARNING) << "Failed to chown " << p->fts_path; } break; } } else { // Ignore all other GID transitions, since they're kinda shady LOG(WARNING) << "Ignoring " << p->fts_path << " with unexpected GID " << actual << " instead of " << expected; } } } fts_close(fts); ATRACE_END(); } return ok(); } binder::Status InstalldNativeService::moveCompleteApp(const std::unique_ptr<std::string>& fromUuid, const std::unique_ptr<std::string>& toUuid, const std::string& packageName, const std::string& dataAppName, int32_t appId, const std::string& seInfo, Loading cmds/installd/InstalldNativeService.h +2 −0 Original line number Diff line number Diff line Loading @@ -58,6 +58,8 @@ public: binder::Status destroyAppData(const std::unique_ptr<std::string>& uuid, const std::string& packageName, int32_t userId, int32_t flags, int64_t ceDataInode); binder::Status fixupAppData(const std::unique_ptr<std::string>& uuid, int32_t flags); binder::Status getAppSize(const std::unique_ptr<std::string>& uuid, const std::vector<std::string>& packageNames, int32_t userId, int32_t flags, int32_t appId, const std::vector<int64_t>& ceDataInodes, Loading cmds/installd/binder/android/os/IInstalld.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -32,6 +32,8 @@ interface IInstalld { void destroyAppData(@nullable @utf8InCpp String uuid, @utf8InCpp String packageName, int userId, int flags, long ceDataInode); void fixupAppData(@nullable @utf8InCpp String uuid, int flags); long[] getAppSize(@nullable @utf8InCpp String uuid, in @utf8InCpp String[] packageNames, int userId, int flags, int appId, in long[] ceDataInodes, in @utf8InCpp String[] codePaths); Loading cmds/installd/tests/Android.bp +19 −0 Original line number Diff line number Diff line Loading @@ -33,3 +33,22 @@ cc_test { "libdiskusage", ], } cc_test { name: "installd_service_test", clang: true, srcs: ["installd_service_test.cpp"], shared_libs: [ "libbase", "libbinder", "libcutils", "liblog", "liblogwrap", "libselinux", "libutils", ], static_libs: [ "libinstalld", "libdiskusage", ], } cmds/installd/tests/installd_service_test.cpp 0 → 100644 +155 −0 Original line number Diff line number Diff line /* * Copyright (C) 2017 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <stdlib.h> #include <string.h> #include <sys/statvfs.h> #include <sys/xattr.h> #include <android-base/logging.h> #include <android-base/stringprintf.h> #include <cutils/properties.h> #include <gtest/gtest.h> #include "InstalldNativeService.h" #include "globals.h" #include "utils.h" using android::base::StringPrintf; namespace android { namespace installd { constexpr const char* kTestUuid = "TEST"; static constexpr int FLAG_FORCE = 1 << 16; int get_property(const char *key, char *value, const char *default_value) { return property_get(key, value, default_value); } bool calculate_oat_file_path(char path[PKG_PATH_MAX] ATTRIBUTE_UNUSED, const char *oat_dir ATTRIBUTE_UNUSED, const char *apk_path ATTRIBUTE_UNUSED, const char *instruction_set ATTRIBUTE_UNUSED) { return false; } bool calculate_odex_file_path(char path[PKG_PATH_MAX] ATTRIBUTE_UNUSED, const char *apk_path ATTRIBUTE_UNUSED, const char *instruction_set ATTRIBUTE_UNUSED) { return false; } bool create_cache_path(char path[PKG_PATH_MAX] ATTRIBUTE_UNUSED, const char *src ATTRIBUTE_UNUSED, const char *instruction_set ATTRIBUTE_UNUSED) { return false; } static void mkdir(const char* path, uid_t owner, gid_t group, mode_t mode) { const char* fullPath = StringPrintf("/data/local/tmp/user/0/%s", path).c_str(); ::mkdir(fullPath, mode); ::chown(fullPath, owner, group); ::chmod(fullPath, mode); } static void touch(const char* path, uid_t owner, gid_t group, mode_t mode) { int fd = ::open(StringPrintf("/data/local/tmp/user/0/%s", path).c_str(), O_RDWR | O_CREAT, mode); ::fchown(fd, owner, group); ::fchmod(fd, mode); ::close(fd); } static int stat_gid(const char* path) { struct stat buf; ::stat(StringPrintf("/data/local/tmp/user/0/%s", path).c_str(), &buf); return buf.st_gid; } static int stat_mode(const char* path) { struct stat buf; ::stat(StringPrintf("/data/local/tmp/user/0/%s", path).c_str(), &buf); return buf.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO | S_ISGID); } class ServiceTest : public testing::Test { protected: InstalldNativeService* service; std::unique_ptr<std::string> testUuid; virtual void SetUp() { setenv("ANDROID_LOG_TAGS", "*:v", 1); android::base::InitLogging(nullptr); service = new InstalldNativeService(); testUuid = std::make_unique<std::string>(); *testUuid = std::string(kTestUuid); system("mkdir -p /data/local/tmp/user/0"); } virtual void TearDown() { delete service; system("rm -rf /data/local/tmp/user"); } }; TEST_F(ServiceTest, FixupAppData_Upgrade) { LOG(INFO) << "FixupAppData_Upgrade"; mkdir("com.example", 10000, 10000, 0700); mkdir("com.example/normal", 10000, 10000, 0700); mkdir("com.example/cache", 10000, 10000, 0700); touch("com.example/cache/file", 10000, 10000, 0700); service->fixupAppData(testUuid, 0); EXPECT_EQ(10000, stat_gid("com.example/normal")); EXPECT_EQ(20000, stat_gid("com.example/cache")); EXPECT_EQ(20000, stat_gid("com.example/cache/file")); EXPECT_EQ(0700, stat_mode("com.example/normal")); EXPECT_EQ(02771, stat_mode("com.example/cache")); EXPECT_EQ(0700, stat_mode("com.example/cache/file")); } TEST_F(ServiceTest, FixupAppData_Moved) { LOG(INFO) << "FixupAppData_Moved"; mkdir("com.example", 10000, 10000, 0700); mkdir("com.example/foo", 10000, 10000, 0700); touch("com.example/foo/file", 10000, 20000, 0700); mkdir("com.example/bar", 10000, 20000, 0700); touch("com.example/bar/file", 10000, 20000, 0700); service->fixupAppData(testUuid, 0); EXPECT_EQ(10000, stat_gid("com.example/foo")); EXPECT_EQ(20000, stat_gid("com.example/foo/file")); EXPECT_EQ(10000, stat_gid("com.example/bar")); EXPECT_EQ(10000, stat_gid("com.example/bar/file")); service->fixupAppData(testUuid, FLAG_FORCE); EXPECT_EQ(10000, stat_gid("com.example/foo")); EXPECT_EQ(10000, stat_gid("com.example/foo/file")); EXPECT_EQ(10000, stat_gid("com.example/bar")); EXPECT_EQ(10000, stat_gid("com.example/bar/file")); } } // namespace installd } // namespace android Loading
cmds/installd/InstalldNativeService.cpp +108 −0 Original line number Diff line number Diff line Loading @@ -88,6 +88,7 @@ static constexpr int FLAG_USE_QUOTA = 1 << 12; static constexpr int FLAG_FREE_CACHE_V2 = 1 << 13; static constexpr int FLAG_FREE_CACHE_V2_DEFY_QUOTA = 1 << 14; static constexpr int FLAG_FREE_CACHE_NOOP = 1 << 15; static constexpr int FLAG_FORCE = 1 << 16; namespace { Loading Loading @@ -600,6 +601,113 @@ binder::Status InstalldNativeService::destroyAppData(const std::unique_ptr<std:: return res; } static gid_t get_cache_gid(uid_t uid) { int32_t gid = multiuser_get_cache_gid(multiuser_get_user_id(uid), multiuser_get_app_id(uid)); return (gid != -1) ? gid : uid; } binder::Status InstalldNativeService::fixupAppData(const std::unique_ptr<std::string>& uuid, int32_t flags) { ENFORCE_UID(AID_SYSTEM); CHECK_ARGUMENT_UUID(uuid); std::lock_guard<std::recursive_mutex> lock(mLock); const char* uuid_ = uuid ? uuid->c_str() : nullptr; for (auto user : get_known_users(uuid_)) { ATRACE_BEGIN("fixup user"); FTS* fts; FTSENT* p; char *argv[] = { (char*) create_data_user_ce_path(uuid_, user).c_str(), (char*) create_data_user_de_path(uuid_, user).c_str(), nullptr }; if (!(fts = fts_open(argv, FTS_PHYSICAL | FTS_NOCHDIR | FTS_XDEV, NULL))) { return error("Failed to fts_open"); } while ((p = fts_read(fts)) != nullptr) { if (p->fts_info == FTS_D && p->fts_level == 1) { // Track down inodes of cache directories uint64_t raw = 0; ino_t inode_cache = 0; ino_t inode_code_cache = 0; if (getxattr(p->fts_path, kXattrInodeCache, &raw, sizeof(raw)) == sizeof(raw)) { inode_cache = raw; } if (getxattr(p->fts_path, kXattrInodeCodeCache, &raw, sizeof(raw)) == sizeof(raw)) { inode_code_cache = raw; } // Figure out expected GID of each child FTSENT* child = fts_children(fts, 0); while (child != nullptr) { if ((child->fts_statp->st_ino == inode_cache) || (child->fts_statp->st_ino == inode_code_cache) || !strcmp(child->fts_name, "cache") || !strcmp(child->fts_name, "code_cache")) { child->fts_number = get_cache_gid(p->fts_statp->st_uid); } else { child->fts_number = p->fts_statp->st_uid; } child = child->fts_link; } } else if (p->fts_level >= 2) { if (p->fts_level > 2) { // Inherit GID from parent once we're deeper into tree p->fts_number = p->fts_parent->fts_number; } uid_t uid = p->fts_parent->fts_statp->st_uid; gid_t cache_gid = get_cache_gid(uid); gid_t expected = p->fts_number; gid_t actual = p->fts_statp->st_gid; if (actual == expected) { #if FIXUP_DEBUG LOG(DEBUG) << "Ignoring " << p->fts_path << " with expected GID " << expected; #endif if (!(flags & FLAG_FORCE)) { fts_set(fts, p, FTS_SKIP); } } else if ((actual == uid) || (actual == cache_gid)) { // Only consider fixing up when current GID belongs to app if (p->fts_info != FTS_D) { LOG(INFO) << "Fixing " << p->fts_path << " with unexpected GID " << actual << " instead of " << expected; } switch (p->fts_info) { case FTS_DP: // If we're moving towards cache GID, we need to set S_ISGID if (expected == cache_gid) { if (chmod(p->fts_path, 02771) != 0) { PLOG(WARNING) << "Failed to chmod " << p->fts_path; } } // Intentional fall through to also set GID case FTS_F: if (chown(p->fts_path, -1, expected) != 0) { PLOG(WARNING) << "Failed to chown " << p->fts_path; } break; case FTS_SL: case FTS_SLNONE: if (lchown(p->fts_path, -1, expected) != 0) { PLOG(WARNING) << "Failed to chown " << p->fts_path; } break; } } else { // Ignore all other GID transitions, since they're kinda shady LOG(WARNING) << "Ignoring " << p->fts_path << " with unexpected GID " << actual << " instead of " << expected; } } } fts_close(fts); ATRACE_END(); } return ok(); } binder::Status InstalldNativeService::moveCompleteApp(const std::unique_ptr<std::string>& fromUuid, const std::unique_ptr<std::string>& toUuid, const std::string& packageName, const std::string& dataAppName, int32_t appId, const std::string& seInfo, Loading
cmds/installd/InstalldNativeService.h +2 −0 Original line number Diff line number Diff line Loading @@ -58,6 +58,8 @@ public: binder::Status destroyAppData(const std::unique_ptr<std::string>& uuid, const std::string& packageName, int32_t userId, int32_t flags, int64_t ceDataInode); binder::Status fixupAppData(const std::unique_ptr<std::string>& uuid, int32_t flags); binder::Status getAppSize(const std::unique_ptr<std::string>& uuid, const std::vector<std::string>& packageNames, int32_t userId, int32_t flags, int32_t appId, const std::vector<int64_t>& ceDataInodes, Loading
cmds/installd/binder/android/os/IInstalld.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -32,6 +32,8 @@ interface IInstalld { void destroyAppData(@nullable @utf8InCpp String uuid, @utf8InCpp String packageName, int userId, int flags, long ceDataInode); void fixupAppData(@nullable @utf8InCpp String uuid, int flags); long[] getAppSize(@nullable @utf8InCpp String uuid, in @utf8InCpp String[] packageNames, int userId, int flags, int appId, in long[] ceDataInodes, in @utf8InCpp String[] codePaths); Loading
cmds/installd/tests/Android.bp +19 −0 Original line number Diff line number Diff line Loading @@ -33,3 +33,22 @@ cc_test { "libdiskusage", ], } cc_test { name: "installd_service_test", clang: true, srcs: ["installd_service_test.cpp"], shared_libs: [ "libbase", "libbinder", "libcutils", "liblog", "liblogwrap", "libselinux", "libutils", ], static_libs: [ "libinstalld", "libdiskusage", ], }
cmds/installd/tests/installd_service_test.cpp 0 → 100644 +155 −0 Original line number Diff line number Diff line /* * Copyright (C) 2017 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <stdlib.h> #include <string.h> #include <sys/statvfs.h> #include <sys/xattr.h> #include <android-base/logging.h> #include <android-base/stringprintf.h> #include <cutils/properties.h> #include <gtest/gtest.h> #include "InstalldNativeService.h" #include "globals.h" #include "utils.h" using android::base::StringPrintf; namespace android { namespace installd { constexpr const char* kTestUuid = "TEST"; static constexpr int FLAG_FORCE = 1 << 16; int get_property(const char *key, char *value, const char *default_value) { return property_get(key, value, default_value); } bool calculate_oat_file_path(char path[PKG_PATH_MAX] ATTRIBUTE_UNUSED, const char *oat_dir ATTRIBUTE_UNUSED, const char *apk_path ATTRIBUTE_UNUSED, const char *instruction_set ATTRIBUTE_UNUSED) { return false; } bool calculate_odex_file_path(char path[PKG_PATH_MAX] ATTRIBUTE_UNUSED, const char *apk_path ATTRIBUTE_UNUSED, const char *instruction_set ATTRIBUTE_UNUSED) { return false; } bool create_cache_path(char path[PKG_PATH_MAX] ATTRIBUTE_UNUSED, const char *src ATTRIBUTE_UNUSED, const char *instruction_set ATTRIBUTE_UNUSED) { return false; } static void mkdir(const char* path, uid_t owner, gid_t group, mode_t mode) { const char* fullPath = StringPrintf("/data/local/tmp/user/0/%s", path).c_str(); ::mkdir(fullPath, mode); ::chown(fullPath, owner, group); ::chmod(fullPath, mode); } static void touch(const char* path, uid_t owner, gid_t group, mode_t mode) { int fd = ::open(StringPrintf("/data/local/tmp/user/0/%s", path).c_str(), O_RDWR | O_CREAT, mode); ::fchown(fd, owner, group); ::fchmod(fd, mode); ::close(fd); } static int stat_gid(const char* path) { struct stat buf; ::stat(StringPrintf("/data/local/tmp/user/0/%s", path).c_str(), &buf); return buf.st_gid; } static int stat_mode(const char* path) { struct stat buf; ::stat(StringPrintf("/data/local/tmp/user/0/%s", path).c_str(), &buf); return buf.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO | S_ISGID); } class ServiceTest : public testing::Test { protected: InstalldNativeService* service; std::unique_ptr<std::string> testUuid; virtual void SetUp() { setenv("ANDROID_LOG_TAGS", "*:v", 1); android::base::InitLogging(nullptr); service = new InstalldNativeService(); testUuid = std::make_unique<std::string>(); *testUuid = std::string(kTestUuid); system("mkdir -p /data/local/tmp/user/0"); } virtual void TearDown() { delete service; system("rm -rf /data/local/tmp/user"); } }; TEST_F(ServiceTest, FixupAppData_Upgrade) { LOG(INFO) << "FixupAppData_Upgrade"; mkdir("com.example", 10000, 10000, 0700); mkdir("com.example/normal", 10000, 10000, 0700); mkdir("com.example/cache", 10000, 10000, 0700); touch("com.example/cache/file", 10000, 10000, 0700); service->fixupAppData(testUuid, 0); EXPECT_EQ(10000, stat_gid("com.example/normal")); EXPECT_EQ(20000, stat_gid("com.example/cache")); EXPECT_EQ(20000, stat_gid("com.example/cache/file")); EXPECT_EQ(0700, stat_mode("com.example/normal")); EXPECT_EQ(02771, stat_mode("com.example/cache")); EXPECT_EQ(0700, stat_mode("com.example/cache/file")); } TEST_F(ServiceTest, FixupAppData_Moved) { LOG(INFO) << "FixupAppData_Moved"; mkdir("com.example", 10000, 10000, 0700); mkdir("com.example/foo", 10000, 10000, 0700); touch("com.example/foo/file", 10000, 20000, 0700); mkdir("com.example/bar", 10000, 20000, 0700); touch("com.example/bar/file", 10000, 20000, 0700); service->fixupAppData(testUuid, 0); EXPECT_EQ(10000, stat_gid("com.example/foo")); EXPECT_EQ(20000, stat_gid("com.example/foo/file")); EXPECT_EQ(10000, stat_gid("com.example/bar")); EXPECT_EQ(10000, stat_gid("com.example/bar/file")); service->fixupAppData(testUuid, FLAG_FORCE); EXPECT_EQ(10000, stat_gid("com.example/foo")); EXPECT_EQ(10000, stat_gid("com.example/foo/file")); EXPECT_EQ(10000, stat_gid("com.example/bar")); EXPECT_EQ(10000, stat_gid("com.example/bar/file")); } } // namespace installd } // namespace android
