blob: 9dfbfd3bd089b434fbbb4453f41e908edc9e1c3e [file] [log] [blame]
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#define LOG_TAG "installd"
#include <array>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <sys/capability.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/resource.h>
#include <sys/wait.h>
#include <unistd.h>
#include <iomanip>
#include <android-base/file.h>
#include <android-base/logging.h>
#include <android-base/properties.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <android-base/unique_fd.h>
#include <cutils/fs.h>
#include <cutils/properties.h>
#include <cutils/sched_policy.h>
#include <dex2oat_return_codes.h>
#include <log/log.h> // TODO: Move everything to base/logging.
#include <openssl/sha.h>
#include <private/android_filesystem_config.h>
#include <selinux/android.h>
#include <system/thread_defs.h>
#include "dexopt.h"
#include "dexopt_return_codes.h"
#include "globals.h"
#include "installd_deps.h"
#include "otapreopt_utils.h"
#include "utils.h"
using android::base::EndsWith;
using android::base::ReadFully;
using android::base::StringPrintf;
using android::base::WriteFully;
using android::base::unique_fd;
namespace android {
namespace installd {
// Should minidebug info be included in compiled artifacts? Even if this value is
// "true," usage might still be conditional to other constraints, e.g., system
// property overrides.
static constexpr bool kEnableMinidebugInfo = true;
static constexpr const char* kMinidebugInfoSystemProperty = "dalvik.vm.dex2oat-minidebuginfo";
static constexpr bool kMinidebugInfoSystemPropertyDefault = false;
static constexpr const char* kMinidebugDex2oatFlag = "--generate-mini-debug-info";
static constexpr const char* kDisableCompactDexFlag = "--compact-dex-level=none";
// Deleter using free() for use with std::unique_ptr<>. See also UniqueCPtr<> below.
struct FreeDelete {
// NOTE: Deleting a const object is valid but free() takes a non-const pointer.
void operator()(const void* ptr) const {
free(const_cast<void*>(ptr));
}
};
// Alias for std::unique_ptr<> that uses the C function free() to delete objects.
template <typename T>
using UniqueCPtr = std::unique_ptr<T, FreeDelete>;
static unique_fd invalid_unique_fd() {
return unique_fd(-1);
}
static bool is_debug_runtime() {
return android::base::GetProperty("persist.sys.dalvik.vm.lib.2", "") == "libartd.so";
}
static bool is_debuggable_build() {
return android::base::GetBoolProperty("ro.debuggable", false);
}
static bool clear_profile(const std::string& profile) {
unique_fd ufd(open(profile.c_str(), O_WRONLY | O_NOFOLLOW | O_CLOEXEC));
if (ufd.get() < 0) {
if (errno != ENOENT) {
PLOG(WARNING) << "Could not open profile " << profile;
return false;
} else {
// Nothing to clear. That's ok.
return true;
}
}
if (flock(ufd.get(), LOCK_EX | LOCK_NB) != 0) {
if (errno != EWOULDBLOCK) {
PLOG(WARNING) << "Error locking profile " << profile;
}
// This implies that the app owning this profile is running
// (and has acquired the lock).
//
// If we can't acquire the lock bail out since clearing is useless anyway
// (the app will write again to the profile).
//
// Note:
// This does not impact the this is not an issue for the profiling correctness.
// In case this is needed because of an app upgrade, profiles will still be
// eventually cleared by the app itself due to checksum mismatch.
// If this is needed because profman advised, then keeping the data around
// until the next run is again not an issue.
//
// If the app attempts to acquire a lock while we've held one here,
// it will simply skip the current write cycle.
return false;
}
bool truncated = ftruncate(ufd.get(), 0) == 0;
if (!truncated) {
PLOG(WARNING) << "Could not truncate " << profile;
}
if (flock(ufd.get(), LOCK_UN) != 0) {
PLOG(WARNING) << "Error unlocking profile " << profile;
}
return truncated;
}
// Clear the reference profile for the given location.
// The location is the profile name for primary apks or the dex path for secondary dex files.
static bool clear_reference_profile(const std::string& package_name, const std::string& location,
bool is_secondary_dex) {
return clear_profile(create_reference_profile_path(package_name, location, is_secondary_dex));
}
// Clear the reference profile for the given location.
// The location is the profile name for primary apks or the dex path for secondary dex files.
static bool clear_current_profile(const std::string& package_name, const std::string& location,
userid_t user, bool is_secondary_dex) {
return clear_profile(create_current_profile_path(user, package_name, location,
is_secondary_dex));
}
// Clear the reference profile for the primary apk of the given package.
// The location is the profile name for primary apks or the dex path for secondary dex files.
bool clear_primary_reference_profile(const std::string& package_name,
const std::string& location) {
return clear_reference_profile(package_name, location, /*is_secondary_dex*/false);
}
// Clear all current profile for the primary apk of the given package.
// The location is the profile name for primary apks or the dex path for secondary dex files.
bool clear_primary_current_profiles(const std::string& package_name, const std::string& location) {
bool success = true;
// For secondary dex files, we don't really need the user but we use it for sanity checks.
std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr);
for (auto user : users) {
success &= clear_current_profile(package_name, location, user, /*is_secondary_dex*/false);
}
return success;
}
// Clear the current profile for the primary apk of the given package and user.
bool clear_primary_current_profile(const std::string& package_name, const std::string& location,
userid_t user) {
return clear_current_profile(package_name, location, user, /*is_secondary_dex*/false);
}
static int split_count(const char *str)
{
char *ctx;
int count = 0;
char buf[kPropertyValueMax];
strlcpy(buf, str, sizeof(buf));
char *pBuf = buf;
while(strtok_r(pBuf, " ", &ctx) != NULL) {
count++;
pBuf = NULL;
}
return count;
}
static int split(char *buf, const char **argv)
{
char *ctx;
int count = 0;
char *tok;
char *pBuf = buf;
while((tok = strtok_r(pBuf, " ", &ctx)) != NULL) {
argv[count++] = tok;
pBuf = NULL;
}
return count;
}
static const char* get_location_from_path(const char* path) {
static constexpr char kLocationSeparator = '/';
const char *location = strrchr(path, kLocationSeparator);
if (location == NULL) {
return path;
} else {
// Skip the separator character.
return location + 1;
}
}
[[ noreturn ]]
static void run_dex2oat(int zip_fd, int oat_fd, int input_vdex_fd, int output_vdex_fd, int image_fd,
const char* input_file_name, const char* output_file_name, int swap_fd,
const char* instruction_set, const char* compiler_filter,
bool debuggable, bool post_bootcomplete, bool background_job_compile, int profile_fd,
const char* class_loader_context, int target_sdk_version, bool enable_hidden_api_checks,
bool generate_compact_dex, int dex_metadata_fd, const char* compilation_reason) {
static const unsigned int MAX_INSTRUCTION_SET_LEN = 7;
if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) {
LOG(ERROR) << "Instruction set '" << instruction_set << "' longer than max length of "
<< MAX_INSTRUCTION_SET_LEN;
exit(DexoptReturnCodes::kInstructionSetLength);
}
// Get the relative path to the input file.
const char* relative_input_file_name = get_location_from_path(input_file_name);
char dex2oat_Xms_flag[kPropertyValueMax];
bool have_dex2oat_Xms_flag = get_property("dalvik.vm.dex2oat-Xms", dex2oat_Xms_flag, NULL) > 0;
char dex2oat_Xmx_flag[kPropertyValueMax];
bool have_dex2oat_Xmx_flag = get_property("dalvik.vm.dex2oat-Xmx", dex2oat_Xmx_flag, NULL) > 0;
char dex2oat_threads_buf[kPropertyValueMax];
bool have_dex2oat_threads_flag = get_property(post_bootcomplete
? "dalvik.vm.dex2oat-threads"
: "dalvik.vm.boot-dex2oat-threads",
dex2oat_threads_buf,
NULL) > 0;
char dex2oat_threads_arg[kPropertyValueMax + 2];
if (have_dex2oat_threads_flag) {
sprintf(dex2oat_threads_arg, "-j%s", dex2oat_threads_buf);
}
char dex2oat_isa_features_key[kPropertyKeyMax];
sprintf(dex2oat_isa_features_key, "dalvik.vm.isa.%s.features", instruction_set);
char dex2oat_isa_features[kPropertyValueMax];
bool have_dex2oat_isa_features = get_property(dex2oat_isa_features_key,
dex2oat_isa_features, NULL) > 0;
char dex2oat_isa_variant_key[kPropertyKeyMax];
sprintf(dex2oat_isa_variant_key, "dalvik.vm.isa.%s.variant", instruction_set);
char dex2oat_isa_variant[kPropertyValueMax];
bool have_dex2oat_isa_variant = get_property(dex2oat_isa_variant_key,
dex2oat_isa_variant, NULL) > 0;
const char *dex2oat_norelocation = "-Xnorelocate";
bool have_dex2oat_relocation_skip_flag = false;
char dex2oat_flags[kPropertyValueMax];
int dex2oat_flags_count = get_property("dalvik.vm.dex2oat-flags",
dex2oat_flags, NULL) <= 0 ? 0 : split_count(dex2oat_flags);
ALOGV("dalvik.vm.dex2oat-flags=%s\n", dex2oat_flags);
// If we are booting without the real /data, don't spend time compiling.
char vold_decrypt[kPropertyValueMax];
bool have_vold_decrypt = get_property("vold.decrypt", vold_decrypt, "") > 0;
bool skip_compilation = (have_vold_decrypt &&
(strcmp(vold_decrypt, "trigger_restart_min_framework") == 0 ||
(strcmp(vold_decrypt, "1") == 0)));
bool generate_debug_info = property_get_bool("debug.generate-debug-info", false);
char app_image_format[kPropertyValueMax];
char image_format_arg[strlen("--image-format=") + kPropertyValueMax];
bool have_app_image_format =
image_fd >= 0 && get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0;
if (have_app_image_format) {
sprintf(image_format_arg, "--image-format=%s", app_image_format);
}
char dex2oat_large_app_threshold[kPropertyValueMax];
bool have_dex2oat_large_app_threshold =
get_property("dalvik.vm.dex2oat-very-large", dex2oat_large_app_threshold, NULL) > 0;
char dex2oat_large_app_threshold_arg[strlen("--very-large-app-threshold=") + kPropertyValueMax];
if (have_dex2oat_large_app_threshold) {
sprintf(dex2oat_large_app_threshold_arg,
"--very-large-app-threshold=%s",
dex2oat_large_app_threshold);
}
// If the runtime was requested to use libartd.so, we'll run dex2oatd, otherwise dex2oat.
const char* dex2oat_bin = "/system/bin/dex2oat";
constexpr const char* kDex2oatDebugPath = "/system/bin/dex2oatd";
if (is_debug_runtime() || (background_job_compile && is_debuggable_build())) {
if (access(kDex2oatDebugPath, X_OK) == 0) {
dex2oat_bin = kDex2oatDebugPath;
}
}
bool generate_minidebug_info = kEnableMinidebugInfo &&
android::base::GetBoolProperty(kMinidebugInfoSystemProperty,
kMinidebugInfoSystemPropertyDefault);
static const char* RUNTIME_ARG = "--runtime-arg";
static const int MAX_INT_LEN = 12; // '-'+10dig+'\0' -OR- 0x+8dig
// clang FORTIFY doesn't let us use strlen in constant array bounds, so we
// use arraysize instead.
char zip_fd_arg[arraysize("--zip-fd=") + MAX_INT_LEN];
char zip_location_arg[arraysize("--zip-location=") + PKG_PATH_MAX];
char input_vdex_fd_arg[arraysize("--input-vdex-fd=") + MAX_INT_LEN];
char output_vdex_fd_arg[arraysize("--output-vdex-fd=") + MAX_INT_LEN];
char oat_fd_arg[arraysize("--oat-fd=") + MAX_INT_LEN];
char oat_location_arg[arraysize("--oat-location=") + PKG_PATH_MAX];
char instruction_set_arg[arraysize("--instruction-set=") + MAX_INSTRUCTION_SET_LEN];
char instruction_set_variant_arg[arraysize("--instruction-set-variant=") + kPropertyValueMax];
char instruction_set_features_arg[arraysize("--instruction-set-features=") + kPropertyValueMax];
char dex2oat_Xms_arg[arraysize("-Xms") + kPropertyValueMax];
char dex2oat_Xmx_arg[arraysize("-Xmx") + kPropertyValueMax];
char dex2oat_compiler_filter_arg[arraysize("--compiler-filter=") + kPropertyValueMax];
bool have_dex2oat_swap_fd = false;
char dex2oat_swap_fd[arraysize("--swap-fd=") + MAX_INT_LEN];
bool have_dex2oat_image_fd = false;
char dex2oat_image_fd[arraysize("--app-image-fd=") + MAX_INT_LEN];
size_t class_loader_context_size = arraysize("--class-loader-context=") + PKG_PATH_MAX;
char target_sdk_version_arg[arraysize("-Xtarget-sdk-version:") + MAX_INT_LEN];
char class_loader_context_arg[class_loader_context_size];
if (class_loader_context != nullptr) {
snprintf(class_loader_context_arg, class_loader_context_size, "--class-loader-context=%s",
class_loader_context);
}
sprintf(zip_fd_arg, "--zip-fd=%d", zip_fd);
sprintf(zip_location_arg, "--zip-location=%s", relative_input_file_name);
sprintf(input_vdex_fd_arg, "--input-vdex-fd=%d", input_vdex_fd);
sprintf(output_vdex_fd_arg, "--output-vdex-fd=%d", output_vdex_fd);
sprintf(oat_fd_arg, "--oat-fd=%d", oat_fd);
sprintf(oat_location_arg, "--oat-location=%s", output_file_name);
sprintf(instruction_set_arg, "--instruction-set=%s", instruction_set);
sprintf(instruction_set_variant_arg, "--instruction-set-variant=%s", dex2oat_isa_variant);
sprintf(instruction_set_features_arg, "--instruction-set-features=%s", dex2oat_isa_features);
if (swap_fd >= 0) {
have_dex2oat_swap_fd = true;
sprintf(dex2oat_swap_fd, "--swap-fd=%d", swap_fd);
}
if (image_fd >= 0) {
have_dex2oat_image_fd = true;
sprintf(dex2oat_image_fd, "--app-image-fd=%d", image_fd);
}
if (have_dex2oat_Xms_flag) {
sprintf(dex2oat_Xms_arg, "-Xms%s", dex2oat_Xms_flag);
}
if (have_dex2oat_Xmx_flag) {
sprintf(dex2oat_Xmx_arg, "-Xmx%s", dex2oat_Xmx_flag);
}
sprintf(target_sdk_version_arg, "-Xtarget-sdk-version:%d", target_sdk_version);
// Compute compiler filter.
bool have_dex2oat_compiler_filter_flag = false;
if (skip_compilation) {
strlcpy(dex2oat_compiler_filter_arg, "--compiler-filter=extract",
sizeof(dex2oat_compiler_filter_arg));
have_dex2oat_compiler_filter_flag = true;
have_dex2oat_relocation_skip_flag = true;
} else if (compiler_filter != nullptr) {
if (strlen(compiler_filter) + strlen("--compiler-filter=") <
arraysize(dex2oat_compiler_filter_arg)) {
sprintf(dex2oat_compiler_filter_arg, "--compiler-filter=%s", compiler_filter);
have_dex2oat_compiler_filter_flag = true;
} else {
ALOGW("Compiler filter name '%s' is too large (max characters is %zu)",
compiler_filter,
kPropertyValueMax);
}
}
if (!have_dex2oat_compiler_filter_flag) {
char dex2oat_compiler_filter_flag[kPropertyValueMax];
have_dex2oat_compiler_filter_flag = get_property("dalvik.vm.dex2oat-filter",
dex2oat_compiler_filter_flag, NULL) > 0;
if (have_dex2oat_compiler_filter_flag) {
sprintf(dex2oat_compiler_filter_arg,
"--compiler-filter=%s",
dex2oat_compiler_filter_flag);
}
}
// Check whether all apps should be compiled debuggable.
if (!debuggable) {
char prop_buf[kPropertyValueMax];
debuggable =
(get_property("dalvik.vm.always_debuggable", prop_buf, "0") > 0) &&
(prop_buf[0] == '1');
}
char profile_arg[strlen("--profile-file-fd=") + MAX_INT_LEN];
if (profile_fd != -1) {
sprintf(profile_arg, "--profile-file-fd=%d", profile_fd);
}
// Get the directory of the apk to pass as a base classpath directory.
char base_dir[arraysize("--classpath-dir=") + PKG_PATH_MAX];
std::string apk_dir(input_file_name);
unsigned long dir_index = apk_dir.rfind('/');
bool has_base_dir = dir_index != std::string::npos;
if (has_base_dir) {
apk_dir = apk_dir.substr(0, dir_index);
sprintf(base_dir, "--classpath-dir=%s", apk_dir.c_str());
}
std::string dex_metadata_fd_arg = "--dm-fd=" + std::to_string(dex_metadata_fd);
std::string compilation_reason_arg = compilation_reason == nullptr
? ""
: std::string("--compilation-reason=") + compilation_reason;
ALOGV("Running %s in=%s out=%s\n", dex2oat_bin, relative_input_file_name, output_file_name);
// Disable cdex if update input vdex is true since this combination of options is not
// supported.
const bool disable_cdex = !generate_compact_dex || (input_vdex_fd == output_vdex_fd);
const char* argv[9 // program name, mandatory arguments and the final NULL
+ (have_dex2oat_isa_variant ? 1 : 0)
+ (have_dex2oat_isa_features ? 1 : 0)
+ (have_dex2oat_Xms_flag ? 2 : 0)
+ (have_dex2oat_Xmx_flag ? 2 : 0)
+ (have_dex2oat_compiler_filter_flag ? 1 : 0)
+ (have_dex2oat_threads_flag ? 1 : 0)
+ (have_dex2oat_swap_fd ? 1 : 0)
+ (have_dex2oat_image_fd ? 1 : 0)
+ (have_dex2oat_relocation_skip_flag ? 2 : 0)
+ (generate_debug_info ? 1 : 0)
+ (debuggable ? 1 : 0)
+ (have_app_image_format ? 1 : 0)
+ dex2oat_flags_count
+ (profile_fd == -1 ? 0 : 1)
+ (class_loader_context != nullptr ? 1 : 0)
+ (has_base_dir ? 1 : 0)
+ (have_dex2oat_large_app_threshold ? 1 : 0)
+ (disable_cdex ? 1 : 0)
+ (generate_minidebug_info ? 1 : 0)
+ (target_sdk_version != 0 ? 2 : 0)
+ (enable_hidden_api_checks ? 2 : 0)
+ (dex_metadata_fd > -1 ? 1 : 0)
+ (compilation_reason != nullptr ? 1 : 0)];
int i = 0;
argv[i++] = dex2oat_bin;
argv[i++] = zip_fd_arg;
argv[i++] = zip_location_arg;
argv[i++] = input_vdex_fd_arg;
argv[i++] = output_vdex_fd_arg;
argv[i++] = oat_fd_arg;
argv[i++] = oat_location_arg;
argv[i++] = instruction_set_arg;
if (have_dex2oat_isa_variant) {
argv[i++] = instruction_set_variant_arg;
}
if (have_dex2oat_isa_features) {
argv[i++] = instruction_set_features_arg;
}
if (have_dex2oat_Xms_flag) {
argv[i++] = RUNTIME_ARG;
argv[i++] = dex2oat_Xms_arg;
}
if (have_dex2oat_Xmx_flag) {
argv[i++] = RUNTIME_ARG;
argv[i++] = dex2oat_Xmx_arg;
}
if (have_dex2oat_compiler_filter_flag) {
argv[i++] = dex2oat_compiler_filter_arg;
}
if (have_dex2oat_threads_flag) {
argv[i++] = dex2oat_threads_arg;
}
if (have_dex2oat_swap_fd) {
argv[i++] = dex2oat_swap_fd;
}
if (have_dex2oat_image_fd) {
argv[i++] = dex2oat_image_fd;
}
if (generate_debug_info) {
argv[i++] = "--generate-debug-info";
}
if (debuggable) {
argv[i++] = "--debuggable";
}
if (have_app_image_format) {
argv[i++] = image_format_arg;
}
if (have_dex2oat_large_app_threshold) {
argv[i++] = dex2oat_large_app_threshold_arg;
}
if (dex2oat_flags_count) {
i += split(dex2oat_flags, argv + i);
}
if (have_dex2oat_relocation_skip_flag) {
argv[i++] = RUNTIME_ARG;
argv[i++] = dex2oat_norelocation;
}
if (profile_fd != -1) {
argv[i++] = profile_arg;
}
if (has_base_dir) {
argv[i++] = base_dir;
}
if (class_loader_context != nullptr) {
argv[i++] = class_loader_context_arg;
}
if (generate_minidebug_info) {
argv[i++] = kMinidebugDex2oatFlag;
}
if (disable_cdex) {
argv[i++] = kDisableCompactDexFlag;
}
if (target_sdk_version != 0) {
argv[i++] = RUNTIME_ARG;
argv[i++] = target_sdk_version_arg;
}
if (enable_hidden_api_checks) {
argv[i++] = RUNTIME_ARG;
argv[i++] = "-Xhidden-api-checks";
}
if (dex_metadata_fd > -1) {
argv[i++] = dex_metadata_fd_arg.c_str();
}
if(compilation_reason != nullptr) {
argv[i++] = compilation_reason_arg.c_str();
}
// Do not add after dex2oat_flags, they should override others for debugging.
argv[i] = NULL;
execv(dex2oat_bin, (char * const *)argv);
PLOG(ERROR) << "execv(" << dex2oat_bin << ") failed";
exit(DexoptReturnCodes::kDex2oatExec);
}
/*
* Whether dexopt should use a swap file when compiling an APK.
*
* If kAlwaysProvideSwapFile, do this on all devices (dex2oat will make a more informed decision
* itself, anyways).
*
* Otherwise, read "dalvik.vm.dex2oat-swap". If the property exists, return whether it is "true".
*
* Otherwise, return true if this is a low-mem device.
*
* Otherwise, return default value.
*/
static bool kAlwaysProvideSwapFile = false;
static bool kDefaultProvideSwapFile = true;
static bool ShouldUseSwapFileForDexopt() {
if (kAlwaysProvideSwapFile) {
return true;
}
// Check the "override" property. If it exists, return value == "true".
char dex2oat_prop_buf[kPropertyValueMax];
if (get_property("dalvik.vm.dex2oat-swap", dex2oat_prop_buf, "") > 0) {
if (strcmp(dex2oat_prop_buf, "true") == 0) {
return true;
} else {
return false;
}
}
// Shortcut for default value. This is an implementation optimization for the process sketched
// above. If the default value is true, we can avoid to check whether this is a low-mem device,
// as low-mem is never returning false. The compiler will optimize this away if it can.
if (kDefaultProvideSwapFile) {
return true;
}
bool is_low_mem = property_get_bool("ro.config.low_ram", false);
if (is_low_mem) {
return true;
}
// Default value must be false here.
return kDefaultProvideSwapFile;
}
static void SetDex2OatScheduling(bool set_to_bg) {
if (set_to_bg) {
if (set_sched_policy(0, SP_BACKGROUND) < 0) {
PLOG(ERROR) << "set_sched_policy failed";
exit(DexoptReturnCodes::kSetSchedPolicy);
}
if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) {
PLOG(ERROR) << "setpriority failed";
exit(DexoptReturnCodes::kSetPriority);
}
}
}
static unique_fd create_profile(uid_t uid, const std::string& profile, int32_t flags) {
unique_fd fd(TEMP_FAILURE_RETRY(open(profile.c_str(), flags, 0600)));
if (fd.get() < 0) {
if (errno != EEXIST) {
PLOG(ERROR) << "Failed to create profile " << profile;
return invalid_unique_fd();
}
}
// Profiles should belong to the app; make sure of that by giving ownership to
// the app uid. If we cannot do that, there's no point in returning the fd
// since dex2oat/profman will fail with SElinux denials.
if (fchown(fd.get(), uid, uid) < 0) {
PLOG(ERROR) << "Could not chwon profile " << profile;
return invalid_unique_fd();
}
return fd;
}
static unique_fd open_profile(uid_t uid, const std::string& profile, int32_t flags) {
// Do not follow symlinks when opening a profile:
// - primary profiles should not contain symlinks in their paths
// - secondary dex paths should have been already resolved and validated
flags |= O_NOFOLLOW;
// Check if we need to create the profile
// Reference profiles and snapshots are created on the fly; so they might not exist beforehand.
unique_fd fd;
if ((flags & O_CREAT) != 0) {
fd = create_profile(uid, profile, flags);
} else {
fd.reset(TEMP_FAILURE_RETRY(open(profile.c_str(), flags)));
}
if (fd.get() < 0) {
if (errno != ENOENT) {
// Profiles might be missing for various reasons. For example, in a
// multi-user environment, the profile directory for one user can be created
// after we start a merge. In this case the current profile for that user
// will not be found.
// Also, the secondary dex profiles might be deleted by the app at any time,
// so we can't we need to prepare if they are missing.
PLOG(ERROR) << "Failed to open profile " << profile;
}
return invalid_unique_fd();
}
return fd;
}
static unique_fd open_current_profile(uid_t uid, userid_t user, const std::string& package_name,
const std::string& location, bool is_secondary_dex) {
std::string profile = create_current_profile_path(user, package_name, location,
is_secondary_dex);
return open_profile(uid, profile, O_RDONLY);
}
static unique_fd open_reference_profile(uid_t uid, const std::string& package_name,
const std::string& location, bool read_write, bool is_secondary_dex) {
std::string profile = create_reference_profile_path(package_name, location, is_secondary_dex);
return open_profile(uid, profile, read_write ? (O_CREAT | O_RDWR) : O_RDONLY);
}
static unique_fd open_spnashot_profile(uid_t uid, const std::string& package_name,
const std::string& location) {
std::string profile = create_snapshot_profile_path(package_name, location);
return open_profile(uid, profile, O_CREAT | O_RDWR | O_TRUNC);
}
static void open_profile_files(uid_t uid, const std::string& package_name,
const std::string& location, bool is_secondary_dex,
/*out*/ std::vector<unique_fd>* profiles_fd, /*out*/ unique_fd* reference_profile_fd) {
// Open the reference profile in read-write mode as profman might need to save the merge.
*reference_profile_fd = open_reference_profile(uid, package_name, location,
/*read_write*/ true, is_secondary_dex);
// For secondary dex files, we don't really need the user but we use it for sanity checks.
// Note: the user owning the dex file should be the current user.
std::vector<userid_t> users;
if (is_secondary_dex){
users.push_back(multiuser_get_user_id(uid));
} else {
users = get_known_users(/*volume_uuid*/ nullptr);
}
for (auto user : users) {
unique_fd profile_fd = open_current_profile(uid, user, package_name, location,
is_secondary_dex);
// Add to the lists only if both fds are valid.
if (profile_fd.get() >= 0) {
profiles_fd->push_back(std::move(profile_fd));
}
}
}
static void drop_capabilities(uid_t uid) {
if (setgid(uid) != 0) {
PLOG(ERROR) << "setgid(" << uid << ") failed in installd during dexopt";
exit(DexoptReturnCodes::kSetGid);
}
if (setuid(uid) != 0) {
PLOG(ERROR) << "setuid(" << uid << ") failed in installd during dexopt";
exit(DexoptReturnCodes::kSetUid);
}
// drop capabilities
struct __user_cap_header_struct capheader;
struct __user_cap_data_struct capdata[2];
memset(&capheader, 0, sizeof(capheader));
memset(&capdata, 0, sizeof(capdata));
capheader.version = _LINUX_CAPABILITY_VERSION_3;
if (capset(&capheader, &capdata[0]) < 0) {
PLOG(ERROR) << "capset failed";
exit(DexoptReturnCodes::kCapSet);
}
}
static constexpr int PROFMAN_BIN_RETURN_CODE_COMPILE = 0;
static constexpr int PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION = 1;
static constexpr int PROFMAN_BIN_RETURN_CODE_BAD_PROFILES = 2;
static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_IO = 3;
static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING = 4;
[[ noreturn ]]
static void run_profman(const std::vector<unique_fd>& profile_fds,
const unique_fd& reference_profile_fd,
const std::vector<unique_fd>* apk_fds,
const std::vector<std::string>* dex_locations,
bool copy_and_update) {
const char* profman_bin = is_debug_runtime() ? "/system/bin/profmand" : "/system/bin/profman";
if (copy_and_update) {
CHECK_EQ(1u, profile_fds.size());
CHECK(apk_fds != nullptr);
CHECK_EQ(1u, apk_fds->size());
}
std::vector<std::string> profile_args(profile_fds.size());
for (size_t k = 0; k < profile_fds.size(); k++) {
profile_args[k] = "--profile-file-fd=" + std::to_string(profile_fds[k].get());
}
std::string reference_profile_arg = "--reference-profile-file-fd="
+ std::to_string(reference_profile_fd.get());
std::vector<std::string> apk_args;
if (apk_fds != nullptr) {
for (size_t k = 0; k < apk_fds->size(); k++) {
apk_args.push_back("--apk-fd=" + std::to_string((*apk_fds)[k].get()));
}
}
std::vector<std::string> dex_location_args;
if (dex_locations != nullptr) {
for (size_t k = 0; k < dex_locations->size(); k++) {
dex_location_args.push_back("--dex-location=" + (*dex_locations)[k]);
}
}
// program name, reference profile fd, the final NULL and the profile fds
const char* argv[3 + profile_args.size() + apk_args.size()
+ dex_location_args.size() + (copy_and_update ? 1 : 0)];
int i = 0;
argv[i++] = profman_bin;
argv[i++] = reference_profile_arg.c_str();
for (size_t k = 0; k < profile_args.size(); k++) {
argv[i++] = profile_args[k].c_str();
}
for (size_t k = 0; k < apk_args.size(); k++) {
argv[i++] = apk_args[k].c_str();
}
for (size_t k = 0; k < dex_location_args.size(); k++) {
argv[i++] = dex_location_args[k].c_str();
}
if (copy_and_update) {
argv[i++] = "--copy-and-update-profile-key";
}
// Do not add after dex2oat_flags, they should override others for debugging.
argv[i] = NULL;
execv(profman_bin, (char * const *)argv);
PLOG(ERROR) << "execv(" << profman_bin << ") failed";
exit(DexoptReturnCodes::kProfmanExec); /* only get here on exec failure */
}
[[ noreturn ]]
static void run_profman_merge(const std::vector<unique_fd>& profiles_fd,
const unique_fd& reference_profile_fd,
const std::vector<unique_fd>* apk_fds = nullptr,
const std::vector<std::string>* dex_locations = nullptr) {
run_profman(profiles_fd, reference_profile_fd, apk_fds, dex_locations,
/*copy_and_update*/false);
}
[[ noreturn ]]
static void run_profman_copy_and_update(unique_fd&& profile_fd,
unique_fd&& reference_profile_fd,
unique_fd&& apk_fd,
const std::string& dex_location) {
std::vector<unique_fd> profiles_fd;
profiles_fd.push_back(std::move(profile_fd));
std::vector<unique_fd> apk_fds;
apk_fds.push_back(std::move(apk_fd));
std::vector<std::string> dex_locations;
dex_locations.push_back(dex_location);
run_profman(profiles_fd, reference_profile_fd, &apk_fds, &dex_locations,
/*copy_and_update*/true);
}
// Decides if profile guided compilation is needed or not based on existing profiles.
// The location is the package name for primary apks or the dex path for secondary dex files.
// Returns true if there is enough information in the current profiles that makes it
// worth to recompile the given location.
// If the return value is true all the current profiles would have been merged into
// the reference profiles accessible with open_reference_profile().
static bool analyze_profiles(uid_t uid, const std::string& package_name,
const std::string& location, bool is_secondary_dex) {
std::vector<unique_fd> profiles_fd;
unique_fd reference_profile_fd;
open_profile_files(uid, package_name, location, is_secondary_dex,
&profiles_fd, &reference_profile_fd);
if (profiles_fd.empty() || (reference_profile_fd.get() < 0)) {
// Skip profile guided compilation because no profiles were found.
// Or if the reference profile info couldn't be opened.
return false;
}
pid_t pid = fork();
if (pid == 0) {
/* child -- drop privileges before continuing */
drop_capabilities(uid);
run_profman_merge(profiles_fd, reference_profile_fd);
}
/* parent */
int return_code = wait_child(pid);
bool need_to_compile = false;
bool should_clear_current_profiles = false;
bool should_clear_reference_profile = false;
if (!WIFEXITED(return_code)) {
LOG(WARNING) << "profman failed for location " << location << ": " << return_code;
} else {
return_code = WEXITSTATUS(return_code);
switch (return_code) {
case PROFMAN_BIN_RETURN_CODE_COMPILE:
need_to_compile = true;
should_clear_current_profiles = true;
should_clear_reference_profile = false;
break;
case PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION:
need_to_compile = false;
should_clear_current_profiles = false;
should_clear_reference_profile = false;
break;
case PROFMAN_BIN_RETURN_CODE_BAD_PROFILES:
LOG(WARNING) << "Bad profiles for location " << location;
need_to_compile = false;
should_clear_current_profiles = true;
should_clear_reference_profile = true;
break;
case PROFMAN_BIN_RETURN_CODE_ERROR_IO: // fall-through
case PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING:
// Temporary IO problem (e.g. locking). Ignore but log a warning.
LOG(WARNING) << "IO error while reading profiles for location " << location;
need_to_compile = false;
should_clear_current_profiles = false;
should_clear_reference_profile = false;
break;
default:
// Unknown return code or error. Unlink profiles.
LOG(WARNING) << "Unknown error code while processing profiles for location "
<< location << ": " << return_code;
need_to_compile = false;
should_clear_current_profiles = true;
should_clear_reference_profile = true;
break;
}
}
if (should_clear_current_profiles) {
if (is_secondary_dex) {
// For secondary dex files, the owning user is the current user.
clear_current_profile(package_name, location, multiuser_get_user_id(uid),
is_secondary_dex);
} else {
clear_primary_current_profiles(package_name, location);
}
}
if (should_clear_reference_profile) {
clear_reference_profile(package_name, location, is_secondary_dex);
}
return need_to_compile;
}
// Decides if profile guided compilation is needed or not based on existing profiles.
// The analysis is done for the primary apks of the given package.
// Returns true if there is enough information in the current profiles that makes it
// worth to recompile the package.
// If the return value is true all the current profiles would have been merged into
// the reference profiles accessible with open_reference_profile().
bool analyze_primary_profiles(uid_t uid, const std::string& package_name,
const std::string& profile_name) {
return analyze_profiles(uid, package_name, profile_name, /*is_secondary_dex*/false);
}
[[ noreturn ]]
static void run_profman_dump(const std::vector<unique_fd>& profile_fds,
const unique_fd& reference_profile_fd,
const std::vector<std::string>& dex_locations,
const std::vector<unique_fd>& apk_fds,
const unique_fd& output_fd) {
std::vector<std::string> profman_args;
static const char* PROFMAN_BIN = "/system/bin/profman";
profman_args.push_back(PROFMAN_BIN);
profman_args.push_back("--dump-only");
profman_args.push_back(StringPrintf("--dump-output-to-fd=%d", output_fd.get()));
if (reference_profile_fd != -1) {
profman_args.push_back(StringPrintf("--reference-profile-file-fd=%d",
reference_profile_fd.get()));
}
for (size_t i = 0; i < profile_fds.size(); i++) {
profman_args.push_back(StringPrintf("--profile-file-fd=%d", profile_fds[i].get()));
}
for (const std::string& dex_location : dex_locations) {
profman_args.push_back(StringPrintf("--dex-location=%s", dex_location.c_str()));
}
for (size_t i = 0; i < apk_fds.size(); i++) {
profman_args.push_back(StringPrintf("--apk-fd=%d", apk_fds[i].get()));
}
const char **argv = new const char*[profman_args.size() + 1];
size_t i = 0;
for (const std::string& profman_arg : profman_args) {
argv[i++] = profman_arg.c_str();
}
argv[i] = NULL;
execv(PROFMAN_BIN, (char * const *)argv);
PLOG(ERROR) << "execv(" << PROFMAN_BIN << ") failed";
exit(DexoptReturnCodes::kProfmanExec); /* only get here on exec failure */
}
bool dump_profiles(int32_t uid, const std::string& pkgname, const std::string& profile_name,
const std::string& code_path) {
std::vector<unique_fd> profile_fds;
unique_fd reference_profile_fd;
std::string out_file_name = StringPrintf("/data/misc/profman/%s-%s.txt",
pkgname.c_str(), profile_name.c_str());
open_profile_files(uid, pkgname, profile_name, /*is_secondary_dex*/false,
&profile_fds, &reference_profile_fd);
const bool has_reference_profile = (reference_profile_fd.get() != -1);
const bool has_profiles = !profile_fds.empty();
if (!has_reference_profile && !has_profiles) {
LOG(ERROR) << "profman dump: no profiles to dump for " << pkgname;
return false;
}
unique_fd output_fd(open(out_file_name.c_str(),
O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, 0644));
if (fchmod(output_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
LOG(ERROR) << "installd cannot chmod file for dump_profile" << out_file_name;
return false;
}
std::vector<std::string> dex_locations;
std::vector<unique_fd> apk_fds;
unique_fd apk_fd(open(code_path.c_str(), O_RDONLY | O_NOFOLLOW));
if (apk_fd == -1) {
PLOG(ERROR) << "installd cannot open " << code_path.c_str();
return false;
}
dex_locations.push_back(get_location_from_path(code_path.c_str()));
apk_fds.push_back(std::move(apk_fd));
pid_t pid = fork();
if (pid == 0) {
/* child -- drop privileges before continuing */
drop_capabilities(uid);
run_profman_dump(profile_fds, reference_profile_fd, dex_locations,
apk_fds, output_fd);
}
/* parent */
int return_code = wait_child(pid);
if (!WIFEXITED(return_code)) {
LOG(WARNING) << "profman failed for package " << pkgname << ": "
<< return_code;
return false;
}
return true;
}
bool copy_system_profile(const std::string& system_profile,
uid_t packageUid, const std::string& package_name, const std::string& profile_name) {
unique_fd in_fd(open(system_profile.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC));
unique_fd out_fd(open_reference_profile(packageUid,
package_name,
profile_name,
/*read_write*/ true,
/*secondary*/ false));
if (in_fd.get() < 0) {
PLOG(WARNING) << "Could not open profile " << system_profile;
return false;
}
if (out_fd.get() < 0) {
PLOG(WARNING) << "Could not open profile " << package_name;
return false;
}
// As a security measure we want to write the profile information with the reduced capabilities
// of the package user id. So we fork and drop capabilities in the child.
pid_t pid = fork();
if (pid == 0) {
/* child -- drop privileges before continuing */
drop_capabilities(packageUid);
if (flock(out_fd.get(), LOCK_EX | LOCK_NB) != 0) {
if (errno != EWOULDBLOCK) {
PLOG(WARNING) << "Error locking profile " << package_name;
}
// This implies that the app owning this profile is running
// (and has acquired the lock).
//
// The app never acquires the lock for the reference profiles of primary apks.
// Only dex2oat from installd will do that. Since installd is single threaded
// we should not see this case. Nevertheless be prepared for it.
PLOG(WARNING) << "Failed to flock " << package_name;
return false;
}
bool truncated = ftruncate(out_fd.get(), 0) == 0;
if (!truncated) {
PLOG(WARNING) << "Could not truncate " << package_name;
}
// Copy over data.
static constexpr size_t kBufferSize = 4 * 1024;
char buffer[kBufferSize];
while (true) {
ssize_t bytes = read(in_fd.get(), buffer, kBufferSize);
if (bytes == 0) {
break;
}
write(out_fd.get(), buffer, bytes);
}
if (flock(out_fd.get(), LOCK_UN) != 0) {
PLOG(WARNING) << "Error unlocking profile " << package_name;
}
// Use _exit since we don't want to run the global destructors in the child.
// b/62597429
_exit(0);
}
/* parent */
int return_code = wait_child(pid);
return return_code == 0;
}
static std::string replace_file_extension(const std::string& oat_path, const std::string& new_ext) {
// A standard dalvik-cache entry. Replace ".dex" with `new_ext`.
if (EndsWith(oat_path, ".dex")) {
std::string new_path = oat_path;
new_path.replace(new_path.length() - strlen(".dex"), strlen(".dex"), new_ext);
CHECK(EndsWith(new_path, new_ext));
return new_path;
}
// An odex entry. Not that this may not be an extension, e.g., in the OTA
// case (where the base name will have an extension for the B artifact).
size_t odex_pos = oat_path.rfind(".odex");
if (odex_pos != std::string::npos) {
std::string new_path = oat_path;
new_path.replace(odex_pos, strlen(".odex"), new_ext);
CHECK_NE(new_path.find(new_ext), std::string::npos);
return new_path;
}
// Don't know how to handle this.
return "";
}
// Translate the given oat path to an art (app image) path. An empty string
// denotes an error.
static std::string create_image_filename(const std::string& oat_path) {
return replace_file_extension(oat_path, ".art");
}
// Translate the given oat path to a vdex path. An empty string denotes an error.
static std::string create_vdex_filename(const std::string& oat_path) {
return replace_file_extension(oat_path, ".vdex");
}
static int open_output_file(const char* file_name, bool recreate, int permissions) {
int flags = O_RDWR | O_CREAT;
if (recreate) {
if (unlink(file_name) < 0) {
if (errno != ENOENT) {
PLOG(ERROR) << "open_output_file: Couldn't unlink " << file_name;
}
}
flags |= O_EXCL;
}
return open(file_name, flags, permissions);
}
static bool set_permissions_and_ownership(
int fd, bool is_public, int uid, const char* path, bool is_secondary_dex) {
// Primary apks are owned by the system. Secondary dex files are owned by the app.
int owning_uid = is_secondary_dex ? uid : AID_SYSTEM;
if (fchmod(fd,
S_IRUSR|S_IWUSR|S_IRGRP |
(is_public ? S_IROTH : 0)) < 0) {
ALOGE("installd cannot chmod '%s' during dexopt\n", path);
return false;
} else if (fchown(fd, owning_uid, uid) < 0) {
ALOGE("installd cannot chown '%s' during dexopt\n", path);
return false;
}
return true;
}
static bool IsOutputDalvikCache(const char* oat_dir) {
// InstallerConnection.java (which invokes installd) transforms Java null arguments
// into '!'. Play it safe by handling it both.
// TODO: ensure we never get null.
// TODO: pass a flag instead of inferring if the output is dalvik cache.
return oat_dir == nullptr || oat_dir[0] == '!';
}
// Best-effort check whether we can fit the the path into our buffers.
// Note: the cache path will require an additional 5 bytes for ".swap", but we'll try to run
// without a swap file, if necessary. Reference profiles file also add an extra ".prof"
// extension to the cache path (5 bytes).
// TODO(calin): move away from char* buffers and PKG_PATH_MAX.
static bool validate_dex_path_size(const std::string& dex_path) {
if (dex_path.size() >= (PKG_PATH_MAX - 8)) {
LOG(ERROR) << "dex_path too long: " << dex_path;
return false;
}
return true;
}
static bool create_oat_out_path(const char* apk_path, const char* instruction_set,
const char* oat_dir, bool is_secondary_dex, /*out*/ char* out_oat_path) {
if (!validate_dex_path_size(apk_path)) {
return false;
}
if (!IsOutputDalvikCache(oat_dir)) {
// Oat dirs for secondary dex files are already validated.
if (!is_secondary_dex && validate_apk_path(oat_dir)) {
ALOGE("cannot validate apk path with oat_dir '%s'\n", oat_dir);
return false;
}
if (!calculate_oat_file_path(out_oat_path, oat_dir, apk_path, instruction_set)) {
return false;
}
} else {
if (!create_cache_path(out_oat_path, apk_path, instruction_set)) {
return false;
}
}
return true;
}
// Helper for fd management. This is similar to a unique_fd in that it closes the file descriptor
// on destruction. It will also run the given cleanup (unless told not to) after closing.
//
// Usage example:
//
// Dex2oatFileWrapper file(open(...),
// [name]() {
// unlink(name.c_str());
// });
// // Note: care needs to be taken about name, as it needs to have a lifetime longer than the
// wrapper if captured as a reference.
//
// if (file.get() == -1) {
// // Error opening...
// }
//
// ...
// if (error) {
// // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will run
// // and delete the file (after the fd is closed).
// return -1;
// }
//
// (Success case)
// file.SetCleanup(false);
// // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will not run
// // (leaving the file around; after the fd is closed).
//
class Dex2oatFileWrapper {
public:
Dex2oatFileWrapper() : value_(-1), cleanup_(), do_cleanup_(true), auto_close_(true) {
}
Dex2oatFileWrapper(int value, std::function<void ()> cleanup)
: value_(value), cleanup_(cleanup), do_cleanup_(true), auto_close_(true) {}
Dex2oatFileWrapper(Dex2oatFileWrapper&& other) {
value_ = other.value_;
cleanup_ = other.cleanup_;
do_cleanup_ = other.do_cleanup_;
auto_close_ = other.auto_close_;
other.release();
}
Dex2oatFileWrapper& operator=(Dex2oatFileWrapper&& other) {
value_ = other.value_;
cleanup_ = other.cleanup_;
do_cleanup_ = other.do_cleanup_;
auto_close_ = other.auto_close_;
other.release();
return *this;
}
~Dex2oatFileWrapper() {
reset(-1);
}
int get() {
return value_;
}
void SetCleanup(bool cleanup) {
do_cleanup_ = cleanup;
}
void reset(int new_value) {
if (auto_close_ && value_ >= 0) {
close(value_);
}
if (do_cleanup_ && cleanup_ != nullptr) {
cleanup_();
}
value_ = new_value;
}
void reset(int new_value, std::function<void ()> new_cleanup) {
if (auto_close_ && value_ >= 0) {
close(value_);
}
if (do_cleanup_ && cleanup_ != nullptr) {
cleanup_();
}
value_ = new_value;
cleanup_ = new_cleanup;
}
void DisableAutoClose() {
auto_close_ = false;
}
private:
void release() {
value_ = -1;
do_cleanup_ = false;
cleanup_ = nullptr;
}
int value_;
std::function<void ()> cleanup_;
bool do_cleanup_;
bool auto_close_;
};
// (re)Creates the app image if needed.
Dex2oatFileWrapper maybe_open_app_image(const char* out_oat_path,
bool generate_app_image, bool is_public, int uid, bool is_secondary_dex) {
// We don't create an image for secondary dex files.
if (is_secondary_dex) {
return Dex2oatFileWrapper();
}
const std::string image_path = create_image_filename(out_oat_path);
if (image_path.empty()) {
// Happens when the out_oat_path has an unknown extension.
return Dex2oatFileWrapper();
}
// In case there is a stale image, remove it now. Ignore any error.
unlink(image_path.c_str());
// Not enabled, exit.
if (!generate_app_image) {
return Dex2oatFileWrapper();
}
char app_image_format[kPropertyValueMax];
bool have_app_image_format =
get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0;
if (!have_app_image_format) {
return Dex2oatFileWrapper();
}
// Recreate is true since we do not want to modify a mapped image. If the app is
// already running and we modify the image file, it can cause crashes (b/27493510).
Dex2oatFileWrapper wrapper_fd(
open_output_file(image_path.c_str(), true /*recreate*/, 0600 /*permissions*/),
[image_path]() { unlink(image_path.c_str()); });
if (wrapper_fd.get() < 0) {
// Could not create application image file. Go on since we can compile without it.
LOG(ERROR) << "installd could not create '" << image_path
<< "' for image file during dexopt";
// If we have a valid image file path but no image fd, explicitly erase the image file.
if (unlink(image_path.c_str()) < 0) {
if (errno != ENOENT) {
PLOG(ERROR) << "Couldn't unlink image file " << image_path;
}
}
} else if (!set_permissions_and_ownership(
wrapper_fd.get(), is_public, uid, image_path.c_str(), is_secondary_dex)) {
ALOGE("installd cannot set owner '%s' for image during dexopt\n", image_path.c_str());
wrapper_fd.reset(-1);
}
return wrapper_fd;
}
// Creates the dexopt swap file if necessary and return its fd.
// Returns -1 if there's no need for a swap or in case of errors.
unique_fd maybe_open_dexopt_swap_file(const char* out_oat_path) {
if (!ShouldUseSwapFileForDexopt()) {
return invalid_unique_fd();
}
auto swap_file_name = std::string(out_oat_path) + ".swap";
unique_fd swap_fd(open_output_file(
swap_file_name.c_str(), /*recreate*/true, /*permissions*/0600));
if (swap_fd.get() < 0) {
// Could not create swap file. Optimistically go on and hope that we can compile
// without it.
ALOGE("installd could not create '%s' for swap during dexopt\n", swap_file_name.c_str());
} else {
// Immediately unlink. We don't really want to hit flash.
if (unlink(swap_file_name.c_str()) < 0) {
PLOG(ERROR) << "Couldn't unlink swap file " << swap_file_name;
}
}
return swap_fd;
}
// Opens the reference profiles if needed.
// Note that the reference profile might not exist so it's OK if the fd will be -1.
Dex2oatFileWrapper maybe_open_reference_profile(const std::string& pkgname,
const std::string& dex_path, const char* profile_name, bool profile_guided,
bool is_public, int uid, bool is_secondary_dex) {
// If we are not profile guided compilation, or we are compiling system server
// do not bother to open the profiles; we won't be using them.
if (!profile_guided || (pkgname[0] == '*')) {
return Dex2oatFileWrapper();
}
// If this is a secondary dex path which is public do not open the profile.
// We cannot compile public secondary dex paths with profiles. That's because
// it will expose how the dex files are used by their owner.
//
// Note that the PackageManager is responsible to set the is_public flag for
// primary apks and we do not check it here. In some cases, e.g. when
// compiling with a public profile from the .dm file the PackageManager will
// set is_public toghether with the profile guided compilation.
if (is_secondary_dex && is_public) {
return Dex2oatFileWrapper();
}
// Open reference profile in read only mode as dex2oat does not get write permissions.
std::string location;
if (is_secondary_dex) {
location = dex_path;
} else {
if (profile_name == nullptr) {
// This path is taken for system server re-compilation lunched from ZygoteInit.
return Dex2oatFileWrapper();
} else {
location = profile_name;
}
}
unique_fd ufd = open_reference_profile(uid, pkgname, location, /*read_write*/false,
is_secondary_dex);
const auto& cleanup = [pkgname, location, is_secondary_dex]() {
clear_reference_profile(pkgname, location, is_secondary_dex);
};
return Dex2oatFileWrapper(ufd.release(), cleanup);
}
// Opens the vdex files and assigns the input fd to in_vdex_wrapper_fd and the output fd to
// out_vdex_wrapper_fd. Returns true for success or false in case of errors.
bool open_vdex_files_for_dex2oat(const char* apk_path, const char* out_oat_path, int dexopt_needed,
const char* instruction_set, bool is_public, int uid, bool is_secondary_dex,
bool profile_guided, Dex2oatFileWrapper* in_vdex_wrapper_fd,
Dex2oatFileWrapper* out_vdex_wrapper_fd) {
CHECK(in_vdex_wrapper_fd != nullptr);
CHECK(out_vdex_wrapper_fd != nullptr);
// Open the existing VDEX. We do this before creating the new output VDEX, which will
// unlink the old one.
char in_odex_path[PKG_PATH_MAX];
int dexopt_action = abs(dexopt_needed);
bool is_odex_location = dexopt_needed < 0;
std::string in_vdex_path_str;
// Infer the name of the output VDEX.
const std::string out_vdex_path_str = create_vdex_filename(out_oat_path);
if (out_vdex_path_str.empty()) {
return false;
}
bool update_vdex_in_place = false;
if (dexopt_action != DEX2OAT_FROM_SCRATCH) {
// Open the possibly existing vdex. If none exist, we pass -1 to dex2oat for input-vdex-fd.
const char* path = nullptr;
if (is_odex_location) {
if (calculate_odex_file_path(in_odex_path, apk_path, instruction_set)) {
path = in_odex_path;
} else {
ALOGE("installd cannot compute input vdex location for '%s'\n", apk_path);
return false;
}
} else {
path = out_oat_path;
}
in_vdex_path_str = create_vdex_filename(path);
if (in_vdex_path_str.empty()) {
ALOGE("installd cannot compute input vdex location for '%s'\n", path);
return false;
}
// We can update in place when all these conditions are met:
// 1) The vdex location to write to is the same as the vdex location to read (vdex files
// on /system typically cannot be updated in place).
// 2) We dex2oat due to boot image change, because we then know the existing vdex file
// cannot be currently used by a running process.
// 3) We are not doing a profile guided compilation, because dexlayout requires two
// different vdex files to operate.
update_vdex_in_place =
(in_vdex_path_str == out_vdex_path_str) &&
(dexopt_action == DEX2OAT_FOR_BOOT_IMAGE) &&
!profile_guided;
if (update_vdex_in_place) {
// Open the file read-write to be able to update it.
in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDWR, 0));
if (in_vdex_wrapper_fd->get() == -1) {
// If we failed to open the file, we cannot update it in place.
update_vdex_in_place = false;
}
} else {
in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDONLY, 0));
}
}
// If we are updating the vdex in place, we do not need to recreate a vdex,
// and can use the same existing one.
if (update_vdex_in_place) {
// We unlink the file in case the invocation of dex2oat fails, to ensure we don't
// have bogus stale vdex files.
out_vdex_wrapper_fd->reset(
in_vdex_wrapper_fd->get(),
[out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); });
// Disable auto close for the in wrapper fd (it will be done when destructing the out
// wrapper).
in_vdex_wrapper_fd->DisableAutoClose();
} else {
out_vdex_wrapper_fd->reset(
open_output_file(out_vdex_path_str.c_str(), /*recreate*/true, /*permissions*/0644),
[out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); });
if (out_vdex_wrapper_fd->get() < 0) {
ALOGE("installd cannot open vdex'%s' during dexopt\n", out_vdex_path_str.c_str());
return false;
}
}
if (!set_permissions_and_ownership(out_vdex_wrapper_fd->get(), is_public, uid,
out_vdex_path_str.c_str(), is_secondary_dex)) {
ALOGE("installd cannot set owner '%s' for vdex during dexopt\n", out_vdex_path_str.c_str());
return false;
}
// If we got here we successfully opened the vdex files.
return true;
}
// Opens the output oat file for the given apk.
// If successful it stores the output path into out_oat_path and returns true.
Dex2oatFileWrapper open_oat_out_file(const char* apk_path, const char* oat_dir,
bool is_public, int uid, const char* instruction_set, bool is_secondary_dex,
char* out_oat_path) {
if (!create_oat_out_path(apk_path, instruction_set, oat_dir, is_secondary_dex, out_oat_path)) {
return Dex2oatFileWrapper();
}
const std::string out_oat_path_str(out_oat_path);
Dex2oatFileWrapper wrapper_fd(
open_output_file(out_oat_path, /*recreate*/true, /*permissions*/0644),
[out_oat_path_str]() { unlink(out_oat_path_str.c_str()); });
if (wrapper_fd.get() < 0) {
PLOG(ERROR) << "installd cannot open output during dexopt" << out_oat_path;
} else if (!set_permissions_and_ownership(
wrapper_fd.get(), is_public, uid, out_oat_path, is_secondary_dex)) {
ALOGE("installd cannot set owner '%s' for output during dexopt\n", out_oat_path);
wrapper_fd.reset(-1);
}
return wrapper_fd;
}
// Creates RDONLY fds for oat and vdex files, if exist.
// Returns false if it fails to create oat out path for the given apk path.
// Note that the method returns true even if the files could not be opened.
bool maybe_open_oat_and_vdex_file(const std::string& apk_path,
const std::string& oat_dir,
const std::string& instruction_set,
bool is_secondary_dex,
unique_fd* oat_file_fd,
unique_fd* vdex_file_fd) {
char oat_path[PKG_PATH_MAX];
if (!create_oat_out_path(apk_path.c_str(),
instruction_set.c_str(),
oat_dir.c_str(),
is_secondary_dex,
oat_path)) {
LOG(ERROR) << "Could not create oat out path for "
<< apk_path << " with oat dir " << oat_dir;
return false;
}
oat_file_fd->reset(open(oat_path, O_RDONLY));
if (oat_file_fd->get() < 0) {
PLOG(INFO) << "installd cannot open oat file during dexopt" << oat_path;
}
std::string vdex_filename = create_vdex_filename(oat_path);
vdex_file_fd->reset(open(vdex_filename.c_str(), O_RDONLY));
if (vdex_file_fd->get() < 0) {
PLOG(INFO) << "installd cannot open vdex file during dexopt" << vdex_filename;
}
return true;
}
// Updates the access times of out_oat_path based on those from apk_path.
void update_out_oat_access_times(const char* apk_path, const char* out_oat_path) {
struct stat input_stat;
memset(&input_stat, 0, sizeof(input_stat));
if (stat(apk_path, &input_stat) != 0) {
PLOG(ERROR) << "Could not stat " << apk_path << " during dexopt";
return;
}
struct utimbuf ut;
ut.actime = input_stat.st_atime;
ut.modtime = input_stat.st_mtime;
if (utime(out_oat_path, &ut) != 0) {
PLOG(WARNING) << "Could not update access times for " << apk_path << " during dexopt";
}
}
// Runs (execv) dexoptanalyzer on the given arguments.
// The analyzer will check if the dex_file needs to be (re)compiled to match the compiler_filter.
// If this is for a profile guided compilation, profile_was_updated will tell whether or not
// the profile has changed.
static void exec_dexoptanalyzer(const std::string& dex_file, int vdex_fd, int oat_fd,
int zip_fd, const std::string& instruction_set, const std::string& compiler_filter,
bool profile_was_updated, bool downgrade,
const char* class_loader_context) {
CHECK_GE(zip_fd, 0);
const char* dexoptanalyzer_bin =
is_debug_runtime()
? "/system/bin/dexoptanalyzerd"
: "/system/bin/dexoptanalyzer";
static const unsigned int MAX_INSTRUCTION_SET_LEN = 7;
if (instruction_set.size() >= MAX_INSTRUCTION_SET_LEN) {
LOG(ERROR) << "Instruction set " << instruction_set
<< " longer than max length of " << MAX_INSTRUCTION_SET_LEN;
return;
}
std::string dex_file_arg = "--dex-file=" + dex_file;
std::string oat_fd_arg = "--oat-fd=" + std::to_string(oat_fd);
std::string vdex_fd_arg = "--vdex-fd=" + std::to_string(vdex_fd);
std::string zip_fd_arg = "--zip-fd=" + std::to_string(zip_fd);
std::string isa_arg = "--isa=" + instruction_set;
std::string compiler_filter_arg = "--compiler-filter=" + compiler_filter;
const char* assume_profile_changed = "--assume-profile-changed";
const char* downgrade_flag = "--downgrade";
std::string class_loader_context_arg = "--class-loader-context=";
if (class_loader_context != nullptr) {
class_loader_context_arg += class_loader_context;
}
// program name, dex file, isa, filter, the final NULL
const int argc = 6 +
(profile_was_updated ? 1 : 0) +
(vdex_fd >= 0 ? 1 : 0) +
(oat_fd >= 0 ? 1 : 0) +
(downgrade ? 1 : 0) +
(class_loader_context != nullptr ? 1 : 0);
const char* argv[argc];
int i = 0;
argv[i++] = dexoptanalyzer_bin;
argv[i++] = dex_file_arg.c_str();
argv[i++] = isa_arg.c_str();
argv[i++] = compiler_filter_arg.c_str();
if (oat_fd >= 0) {
argv[i++] = oat_fd_arg.c_str();
}
if (vdex_fd >= 0) {
argv[i++] = vdex_fd_arg.c_str();
}
argv[i++] = zip_fd_arg.c_str();
if (profile_was_updated) {
argv[i++] = assume_profile_changed;
}
if (downgrade) {
argv[i++] = downgrade_flag;
}
if (class_loader_context != nullptr) {
argv[i++] = class_loader_context_arg.c_str();
}
argv[i] = NULL;
execv(dexoptanalyzer_bin, (char * const *)argv);
ALOGE("execv(%s) failed: %s\n", dexoptanalyzer_bin, strerror(errno));
}
// Prepares the oat dir for the secondary dex files.
static bool prepare_secondary_dex_oat_dir(const std::string& dex_path, int uid,
const char* instruction_set) {
unsigned long dirIndex = dex_path.rfind('/');
if (dirIndex == std::string::npos) {
LOG(ERROR ) << "Unexpected dir structure for secondary dex " << dex_path;
return false;
}
std::string dex_dir = dex_path.substr(0, dirIndex);
// Create oat file output directory.
mode_t oat_dir_mode = S_IRWXU | S_IRWXG | S_IXOTH;
if (prepare_app_cache_dir(dex_dir, "oat", oat_dir_mode, uid, uid) != 0) {
LOG(ERROR) << "Could not prepare oat dir for secondary dex: " << dex_path;
return false;
}
char oat_dir[PKG_PATH_MAX];
snprintf(oat_dir, PKG_PATH_MAX, "%s/oat", dex_dir.c_str());
if (prepare_app_cache_dir(oat_dir, instruction_set, oat_dir_mode, uid, uid) != 0) {
LOG(ERROR) << "Could not prepare oat/isa dir for secondary dex: " << dex_path;
return false;
}
return true;
}
// Return codes for identifying the reason why dexoptanalyzer was not invoked when processing
// secondary dex files. This return codes are returned by the child process created for
// analyzing secondary dex files in process_secondary_dex_dexopt.
enum DexoptAnalyzerSkipCodes {
// The dexoptanalyzer was not invoked because of validation or IO errors.
// Specific errors are encoded in the name.
kSecondaryDexDexoptAnalyzerSkippedValidatePath = 200,
kSecondaryDexDexoptAnalyzerSkippedOpenZip = 201,
kSecondaryDexDexoptAnalyzerSkippedPrepareDir = 202,
kSecondaryDexDexoptAnalyzerSkippedOpenOutput = 203,
kSecondaryDexDexoptAnalyzerSkippedFailExec = 204,
// The dexoptanalyzer was not invoked because the dex file does not exist anymore.
kSecondaryDexDexoptAnalyzerSkippedNoFile = 205,
};
// Verifies the result of analyzing secondary dex files from process_secondary_dex_dexopt.
// If the result is valid returns true and sets dexopt_needed_out to a valid value.
// Returns false for errors or unexpected result values.
// The result is expected to be either one of SECONDARY_DEX_* codes or a valid exit code
// of dexoptanalyzer.
static bool process_secondary_dexoptanalyzer_result(const std::string& dex_path, int result,
int* dexopt_needed_out, std::string* error_msg) {
// The result values are defined in dexoptanalyzer.
switch (result) {
case 0: // dexoptanalyzer: no_dexopt_needed
*dexopt_needed_out = NO_DEXOPT_NEEDED; return true;
case 1: // dexoptanalyzer: dex2oat_from_scratch
*dexopt_needed_out = DEX2OAT_FROM_SCRATCH; return true;
case 5: // dexoptanalyzer: dex2oat_for_bootimage_odex
*dexopt_needed_out = -DEX2OAT_FOR_BOOT_IMAGE; return true;
case 6: // dexoptanalyzer: dex2oat_for_filter_odex
*dexopt_needed_out = -DEX2OAT_FOR_FILTER; return true;
case 7: // dexoptanalyzer: dex2oat_for_relocation_odex
*dexopt_needed_out = -DEX2OAT_FOR_RELOCATION; return true;
case 2: // dexoptanalyzer: dex2oat_for_bootimage_oat
case 3: // dexoptanalyzer: dex2oat_for_filter_oat
case 4: // dexoptanalyzer: dex2oat_for_relocation_oat
*error_msg = StringPrintf("Dexoptanalyzer return the status of an oat file."
" Expected odex file status for secondary dex %s"
" : dexoptanalyzer result=%d",
dex_path.c_str(),
result);
return false;
}
// Use a second switch for enum switch-case analysis.
switch (static_cast<DexoptAnalyzerSkipCodes>(result)) {
case kSecondaryDexDexoptAnalyzerSkippedNoFile:
// If the file does not exist there's no need for dexopt.
*dexopt_needed_out = NO_DEXOPT_NEEDED;
return true;
case kSecondaryDexDexoptAnalyzerSkippedValidatePath:
*error_msg = "Dexoptanalyzer path validation failed";
return false;
case kSecondaryDexDexoptAnalyzerSkippedOpenZip:
*error_msg = "Dexoptanalyzer open zip failed";
return false;
case kSecondaryDexDexoptAnalyzerSkippedPrepareDir:
*error_msg = "Dexoptanalyzer dir preparation failed";
return false;
case kSecondaryDexDexoptAnalyzerSkippedOpenOutput:
*error_msg = "Dexoptanalyzer open output failed";
return false;
case kSecondaryDexDexoptAnalyzerSkippedFailExec:
*error_msg = "Dexoptanalyzer failed to execute";
return false;
}
*error_msg = StringPrintf("Unexpected result from analyzing secondary dex %s result=%d",
dex_path.c_str(),
result);
return false;
}
enum SecondaryDexAccess {
kSecondaryDexAccessReadOk = 0,
kSecondaryDexAccessDoesNotExist = 1,
kSecondaryDexAccessPermissionError = 2,
kSecondaryDexAccessIOError = 3
};
static SecondaryDexAccess check_secondary_dex_access(const std::string& dex_path) {
// Check if the path exists and can be read. If not, there's nothing to do.
if (access(dex_path.c_str(), R_OK) == 0) {
return kSecondaryDexAccessReadOk;
} else {
if (errno == ENOENT) {
LOG(INFO) << "Secondary dex does not exist: " << dex_path;
return kSecondaryDexAccessDoesNotExist;
} else {
PLOG(ERROR) << "Could not access secondary dex " << dex_path;
return errno == EACCES
? kSecondaryDexAccessPermissionError
: kSecondaryDexAccessIOError;
}
}
}
static bool is_file_public(const std::string& filename) {
struct stat file_stat;
if (stat(filename.c_str(), &file_stat) == 0) {
return (file_stat.st_mode & S_IROTH) != 0;
}
return false;
}
// Create the oat file structure for the secondary dex 'dex_path' and assign
// the individual path component to the 'out_' parameters.
static bool create_secondary_dex_oat_layout(const std::string& dex_path, const std::string& isa,
char* out_oat_dir, char* out_oat_isa_dir, char* out_oat_path, std::string* error_msg) {
size_t dirIndex = dex_path.rfind('/');
if (dirIndex == std::string::npos) {
*error_msg = std::string("Unexpected dir structure for dex file ").append(dex_path);
return false;
}
// TODO(calin): we have similar computations in at lest 3 other places
// (InstalldNativeService, otapropt and dexopt). Unify them and get rid of snprintf by
// using string append.
std::string apk_dir = dex_path.substr(0, dirIndex);
snprintf(out_oat_dir, PKG_PATH_MAX, "%s/oat", apk_dir.c_str());
snprintf(out_oat_isa_dir, PKG_PATH_MAX, "%s/%s", out_oat_dir, isa.c_str());
if (!create_oat_out_path(dex_path.c_str(), isa.c_str(), out_oat_dir,
/*is_secondary_dex*/true, out_oat_path)) {
*error_msg = std::string("Could not create oat path for secondary dex ").append(dex_path);
return false;
}
return true;
}
// Validate that the dexopt_flags contain a valid storage flag and convert that to an installd
// recognized storage flags (FLAG_STORAGE_CE or FLAG_STORAGE_DE).
static bool validate_dexopt_storage_flags(int dexopt_flags,
int* out_storage_flag,
std::string* error_msg) {
if ((dexopt_flags & DEXOPT_STORAGE_CE) != 0) {
*out_storage_flag = FLAG_STORAGE_CE;
if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) {
*error_msg = "Ambiguous secondary dex storage flag. Both, CE and DE, flags are set";
return false;
}
} else if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) {
*out_storage_flag = FLAG_STORAGE_DE;
} else {
*error_msg = "Secondary dex storage flag must be set";
return false;
}
return true;
}
// Processes the dex_path as a secondary dex files and return true if the path dex file should
// be compiled. Returns false for errors (logged) or true if the secondary dex path was process
// successfully.
// When returning true, the output parameters will be:
// - is_public_out: whether or not the oat file should not be made public
// - dexopt_needed_out: valid OatFileAsssitant::DexOptNeeded
// - oat_dir_out: the oat dir path where the oat file should be stored
static bool process_secondary_dex_dexopt(const std::string& dex_path, const char* pkgname,
int dexopt_flags, const char* volume_uuid, int uid, const char* instruction_set,
const char* compiler_filter, bool* is_public_out, int* dexopt_needed_out,
std::string* oat_dir_out, bool downgrade, const char* class_loader_context,
/* out */ std::string* error_msg) {
LOG(DEBUG) << "Processing secondary dex path " << dex_path;
int storage_flag;
if (!validate_dexopt_storage_flags(dexopt_flags, &storage_flag, error_msg)) {
LOG(ERROR) << *error_msg;
return false;
}
// Compute the oat dir as it's not easy to extract it from the child computation.
char oat_path[PKG_PATH_MAX];
char oat_dir[PKG_PATH_MAX];
char oat_isa_dir[PKG_PATH_MAX];
if (!create_secondary_dex_oat_layout(
dex_path, instruction_set, oat_dir, oat_isa_dir, oat_path, error_msg)) {
LOG(ERROR) << "Could not create secondary odex layout: " << *error_msg;
return false;
}
oat_dir_out->assign(oat_dir);
pid_t pid = fork();
if (pid == 0) {
// child -- drop privileges before continuing.
drop_capabilities(uid);
// Validate the path structure.
if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid, uid, storage_flag)) {
LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
_exit(kSecondaryDexDexoptAnalyzerSkippedValidatePath);
}
// Open the dex file.
unique_fd zip_fd;
zip_fd.reset(open(dex_path.c_str(), O_RDONLY));
if (zip_fd.get() < 0) {
if (errno == ENOENT) {
_exit(kSecondaryDexDexoptAnalyzerSkippedNoFile);
} else {
_exit(kSecondaryDexDexoptAnalyzerSkippedOpenZip);
}
}
// Prepare the oat directories.
if (!prepare_secondary_dex_oat_dir(dex_path, uid, instruction_set)) {
_exit(kSecondaryDexDexoptAnalyzerSkippedPrepareDir);
}
// Open the vdex/oat files if any.
unique_fd oat_file_fd;
unique_fd vdex_file_fd;
if (!maybe_open_oat_and_vdex_file(dex_path,
*oat_dir_out,
instruction_set,
true /* is_secondary_dex */,
&oat_file_fd,
&vdex_file_fd)) {
_exit(kSecondaryDexDexoptAnalyzerSkippedOpenOutput);
}
// Analyze profiles.
bool profile_was_updated = analyze_profiles(uid, pkgname, dex_path,
/*is_secondary_dex*/true);
// Run dexoptanalyzer to get dexopt_needed code. This is not expected to return.
exec_dexoptanalyzer(dex_path,
vdex_file_fd.get(),
oat_file_fd.get(),
zip_fd.get(),
instruction_set,
compiler_filter, profile_was_updated,
downgrade,
class_loader_context);
PLOG(ERROR) << "Failed to exec dexoptanalyzer";
_exit(kSecondaryDexDexoptAnalyzerSkippedFailExec);
}
/* parent */
int result = wait_child(pid);
if (!WIFEXITED(result)) {
*error_msg = StringPrintf("dexoptanalyzer failed for path %s: 0x%04x",
dex_path.c_str(),
result);
LOG(ERROR) << *error_msg;
return false;
}
result = WEXITSTATUS(result);
// Check that we successfully executed dexoptanalyzer.
bool success = process_secondary_dexoptanalyzer_result(dex_path,
result,
dexopt_needed_out,
error_msg);
if (!success) {
LOG(ERROR) << *error_msg;
}
LOG(DEBUG) << "Processed secondary dex file " << dex_path << " result=" << result;
// Run dexopt only if needed or forced.
// Note that dexoptanalyzer is executed even if force compilation is enabled (because it
// makes the code simpler; force compilation is only needed during tests).
if (success &&
(result != kSecondaryDexDexoptAnalyzerSkippedNoFile) &&
((dexopt_flags & DEXOPT_FORCE) != 0)) {
*dexopt_needed_out = DEX2OAT_FROM_SCRATCH;
}
// Check if we should make the oat file public.
// Note that if the dex file is not public the compiled code cannot be made public.
// It is ok to check this flag outside in the parent process.
*is_public_out = ((dexopt_flags & DEXOPT_PUBLIC) != 0) && is_file_public(dex_path);
return success;
}
static std::string format_dexopt_error(int status, const char* dex_path) {
if (WIFEXITED(status)) {
int int_code = WEXITSTATUS(status);
const char* code_name = get_return_code_name(static_cast<DexoptReturnCodes>(int_code));
if (code_name != nullptr) {
return StringPrintf("Dex2oat invocation for %s failed: %s", dex_path, code_name);
}
}
return StringPrintf("Dex2oat invocation for %s failed with 0x%04x", dex_path, status);
}
int dexopt(const char* dex_path, uid_t uid, const char* pkgname, const char* instruction_set,
int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter,
const char* volume_uuid, const char* class_loader_context, const char* se_info,
bool downgrade, int target_sdk_version, const char* profile_name,
const char* dex_metadata_path, const char* compilation_reason, std::string* error_msg) {
CHECK(pkgname != nullptr);
CHECK(pkgname[0] != 0);
CHECK(error_msg != nullptr);
CHECK_EQ(dexopt_flags & ~DEXOPT_MASK, 0)
<< "dexopt flags contains unknown fields: " << dexopt_flags;
if (!validate_dex_path_size(dex_path)) {
*error_msg = StringPrintf("Failed to validate %s", dex_path);
return -1;
}
if (class_loader_context != nullptr && strlen(class_loader_context) > PKG_PATH_MAX) {
*error_msg = StringPrintf("Class loader context exceeds the allowed size: %s",
class_loader_context);
LOG(ERROR) << *error_msg;
return -1;
}
bool is_public = (dexopt_flags & DEXOPT_PUBLIC) != 0;
bool debuggable = (dexopt_flags & DEXOPT_DEBUGGABLE) != 0;
bool boot_complete = (dexopt_flags & DEXOPT_BOOTCOMPLETE) != 0;
bool profile_guided = (dexopt_flags & DEXOPT_PROFILE_GUIDED) != 0;
bool is_secondary_dex = (dexopt_flags & DEXOPT_SECONDARY_DEX) != 0;
bool background_job_compile = (dexopt_flags & DEXOPT_IDLE_BACKGROUND_JOB) != 0;
bool enable_hidden_api_checks = (dexopt_flags & DEXOPT_ENABLE_HIDDEN_API_CHECKS) != 0;
bool generate_compact_dex = (dexopt_flags & DEXOPT_GENERATE_COMPACT_DEX) != 0;
bool generate_app_image = (dexopt_flags & DEXOPT_GENERATE_APP_IMAGE) != 0;
// Check if we're dealing with a secondary dex file and if we need to compile it.
std::string oat_dir_str;
if (is_secondary_dex) {
if (process_secondary_dex_dexopt(dex_path, pkgname, dexopt_flags, volume_uuid, uid,
instruction_set, compiler_filter, &is_public, &dexopt_needed, &oat_dir_str,
downgrade, class_loader_context, error_msg)) {
oat_dir = oat_dir_str.c_str();
if (dexopt_needed == NO_DEXOPT_NEEDED) {
return 0; // Nothing to do, report success.
}
} else {
if (error_msg->empty()) { // TODO: Make this a CHECK.
*error_msg = "Failed processing secondary.";
}
return -1; // We had an error, logged in the process method.
}
} else {
// Currently these flags are only use for secondary dex files.
// Verify that they are not set for primary apks.
CHECK((dexopt_flags & DEXOPT_STORAGE_CE) == 0);
CHECK((dexopt_flags & DEXOPT_STORAGE_DE) == 0);
}
// Open the input file.
unique_fd input_fd(open(dex_path, O_RDONLY, 0));
if (input_fd.get() < 0) {
*error_msg = StringPrintf("installd cannot open '%s' for input during dexopt", dex_path);
LOG(ERROR) << *error_msg;
return -1;
}
// Create the output OAT file.
char out_oat_path[PKG_PATH_MAX];
Dex2oatFileWrapper out_oat_fd = open_oat_out_file(dex_path, oat_dir, is_public, uid,
instruction_set, is_secondary_dex, out_oat_path);
if (out_oat_fd.get() < 0) {
*error_msg = "Could not open out oat file.";
return -1;
}
// Open vdex files.
Dex2oatFileWrapper in_vdex_fd;
Dex2oatFileWrapper out_vdex_fd;
if (!open_vdex_files_for_dex2oat(dex_path, out_oat_path, dexopt_needed, instruction_set,
is_public, uid, is_secondary_dex, profile_guided, &in_vdex_fd, &out_vdex_fd)) {
*error_msg = "Could not open vdex files.";
return -1;
}
// Ensure that the oat dir and the compiler artifacts of secondary dex files have the correct
// selinux context (we generate them on the fly during the dexopt invocation and they don't
// fully inherit their parent context).
// Note that for primary apk the oat files are created before, in a separate installd
// call which also does the restorecon. TODO(calin): unify the paths.
if (is_secondary_dex) {
if (selinux_android_restorecon_pkgdir(oat_dir, se_info, uid,
SELINUX_ANDROID_RESTORECON_RECURSE)) {
*error_msg = std::string("Failed to restorecon ").append(oat_dir);
LOG(ERROR) << *error_msg;
return -1;
}
}
// Create a swap file if necessary.
unique_fd swap_fd = maybe_open_dexopt_swap_file(out_oat_path);
// Create the app image file if needed.
Dex2oatFileWrapper image_fd = maybe_open_app_image(
out_oat_path, generate_app_image, is_public, uid, is_secondary_dex);
// Open the reference profile if needed.
Dex2oatFileWrapper reference_profile_fd = maybe_open_reference_profile(
pkgname, dex_path, profile_name, profile_guided, is_public, uid, is_secondary_dex);
unique_fd dex_metadata_fd;
if (dex_metadata_path != nullptr) {
dex_metadata_fd.reset(TEMP_FAILURE_RETRY(open(dex_metadata_path, O_RDONLY | O_NOFOLLOW)));
if (dex_metadata_fd.get() < 0) {
PLOG(ERROR) << "Failed to open dex metadata file " << dex_metadata_path;
}
}
LOG(VERBOSE) << "DexInv: --- BEGIN '" << dex_path << "' ---";
pid_t pid = fork();
if (pid == 0) {
/* child -- drop privileges before continuing */
drop_capabilities(uid);
SetDex2OatScheduling(boot_complete);
if (flock(out_oat_fd.get(), LOCK_EX | LOCK_NB) != 0) {
PLOG(ERROR) << "flock(" << out_oat_path << ") failed";
_exit(DexoptReturnCodes::kFlock);
}
run_dex2oat(input_fd.get(),
out_oat_fd.get(),
in_vdex_fd.get(),
out_vdex_fd.get(),
image_fd.get(),
dex_path,
out_oat_path,
swap_fd.get(),
instruction_set,
compiler_filter,
debuggable,
boot_complete,
background_job_compile,
reference_profile_fd.get(),
class_loader_context,
target_sdk_version,
enable_hidden_api_checks,
generate_compact_dex,
dex_metadata_fd.get(),
compilation_reason);
} else {
int res = wait_child(pid);
if (res == 0) {
LOG(VERBOSE) << "DexInv: --- END '" << dex_path << "' (success) ---";
} else {
LOG(VERBOSE) << "DexInv: --- END '" << dex_path << "' --- status=0x"
<< std::hex << std::setw(4) << res << ", process failed";
*error_msg = format_dexopt_error(res, dex_path);
return res;
}
}
update_out_oat_access_times(dex_path, out_oat_path);
// We've been successful, don't delete output.
out_oat_fd.SetCleanup(false);
out_vdex_fd.SetCleanup(false);
image_fd.SetCleanup(false);
reference_profile_fd.SetCleanup(false);
return 0;
}
// Try to remove the given directory. Log an error if the directory exists
// and is empty but could not be removed.
static bool rmdir_if_empty(const char* dir) {
if (rmdir(dir) == 0) {
return true;
}
if (errno == ENOENT || errno == ENOTEMPTY) {
return true;
}
PLOG(ERROR) << "Failed to remove dir: " << dir;
return false;
}
// Try to unlink the given file. Log an error if the file exists and could not
// be unlinked.
static bool unlink_if_exists(const std::string& file) {
if (unlink(file.c_str()) == 0) {
return true;
}
if (errno == ENOENT) {
return true;
}
PLOG(ERROR) << "Could not unlink: " << file;
return false;
}
enum ReconcileSecondaryDexResult {
kReconcileSecondaryDexExists = 0,
kReconcileSecondaryDexCleanedUp = 1,
kReconcileSecondaryDexValidationError = 2,
kReconcileSecondaryDexCleanUpError = 3,
kReconcileSecondaryDexAccessIOError = 4,
};
// Reconcile the secondary dex 'dex_path' and its generated oat files.
// Return true if all the parameters are valid and the secondary dex file was
// processed successfully (i.e. the dex_path either exists, or if not, its corresponding
// oat/vdex/art files where deleted successfully). In this case, out_secondary_dex_exists
// will be true if the secondary dex file still exists. If the secondary dex file does not exist,
// the method cleans up any previously generated compiler artifacts (oat, vdex, art).
// Return false if there were errors during processing. In this case
// out_secondary_dex_exists will be set to false.
bool reconcile_secondary_dex_file(const std::string& dex_path,
const std::string& pkgname, int uid, const std::vector<std::string>& isas,
const std::unique_ptr<std::string>& volume_uuid, int storage_flag,
/*out*/bool* out_secondary_dex_exists) {
*out_secondary_dex_exists = false; // start by assuming the file does not exist.
if (isas.size() == 0) {
LOG(ERROR) << "reconcile_secondary_dex_file called with empty isas vector";
return false;
}
if (storage_flag != FLAG_STORAGE_CE && storage_flag != FLAG_STORAGE_DE) {
LOG(ERROR) << "reconcile_secondary_dex_file called with invalid storage_flag: "
<< storage_flag;
return false;
}
// As a security measure we want to unlink art artifacts with the reduced capabilities
// of the package user id. So we fork and drop capabilities in the child.
pid_t pid = fork();
if (pid == 0) {
/* child -- drop privileges before continuing */
drop_capabilities(uid);
const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str();
if (!validate_secondary_dex_path(pkgname.c_str(), dex_path.c_str(), volume_uuid_cstr,
uid, storage_flag)) {
LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
_exit(kReconcileSecondaryDexValidationError);
}
SecondaryDexAccess access_check = check_secondary_dex_access(dex_path);
switch (access_check) {
case kSecondaryDexAccessDoesNotExist:
// File does not exist. Proceed with cleaning.
break;
case kSecondaryDexAccessReadOk: _exit(kReconcileSecondaryDexExists);
case kSecondaryDexAccessIOError: _exit(kReconcileSecondaryDexAccessIOError);
case kSecondaryDexAccessPermissionError: _exit(kReconcileSecondaryDexValidationError);
default:
LOG(ERROR) << "Unexpected result from check_secondary_dex_access: " << access_check;
_exit(kReconcileSecondaryDexValidationError);
}
// The secondary dex does not exist anymore or it's. Clear any generated files.
char oat_path[PKG_PATH_MAX];
char oat_dir[PKG_PATH_MAX];
char oat_isa_dir[PKG_PATH_MAX];
bool result = true;
for (size_t i = 0; i < isas.size(); i++) {
std::string error_msg;
if (!create_secondary_dex_oat_layout(
dex_path,isas[i], oat_dir, oat_isa_dir, oat_path, &error_msg)) {
LOG(ERROR) << error_msg;
_exit(kReconcileSecondaryDexValidationError);
}
// Delete oat/vdex/art files.
result = unlink_if_exists(oat_path) && result;
result = unlink_if_exists(create_vdex_filename(oat_path)) && result;
result = unlink_if_exists(create_image_filename(oat_path)) && result;
// Delete profiles.
std::string current_profile = create_current_profile_path(
multiuser_get_user_id(uid), pkgname, dex_path, /*is_secondary*/true);
std::string reference_profile = create_reference_profile_path(
pkgname, dex_path, /*is_secondary*/true);
result = unlink_if_exists(current_profile) && result;
result = unlink_if_exists(reference_profile) && result;
// We upgraded once the location of current profile for secondary dex files.
// Check for any previous left-overs and remove them as well.
std::string old_current_profile = dex_path + ".prof";
result = unlink_if_exists(old_current_profile);
// Try removing the directories as well, they might be empty.
result = rmdir_if_empty(oat_isa_dir) && result;
result = rmdir_if_empty(oat_dir) && result;
}
if (!result) {
PLOG(ERROR) << "Failed to clean secondary dex artifacts for location " << dex_path;
}
_exit(result ? kReconcileSecondaryDexCleanedUp : kReconcileSecondaryDexAccessIOError);
}
int return_code = wait_child(pid);
if (!WIFEXITED(return_code)) {
LOG(WARNING) << "reconcile dex failed for location " << dex_path << ": " << return_code;
} else {
return_code = WEXITSTATUS(return_code);
}
LOG(DEBUG) << "Reconcile secondary dex path " << dex_path << " result=" << return_code;
switch (return_code) {
case kReconcileSecondaryDexCleanedUp:
case kReconcileSecondaryDexValidationError:
// If we couldn't validate assume the dex file does not exist.
// This will purge the entry from the PM records.
*out_secondary_dex_exists = false;
return true;
case kReconcileSecondaryDexExists:
*out_secondary_dex_exists = true;
return true;
case kReconcileSecondaryDexAccessIOError:
// We had an access IO error.
// Return false so that we can try again.
// The value of out_secondary_dex_exists does not matter in this case and by convention
// is set to false.
*out_secondary_dex_exists = false;
return false;
default:
LOG(ERROR) << "Unexpected code from reconcile_secondary_dex_file: " << return_code;
*out_secondary_dex_exists = false;
return false;
}
}
// Compute and return the hash (SHA-256) of the secondary dex file at dex_path.
// Returns true if all parameters are valid and the hash successfully computed and stored in
// out_secondary_dex_hash.
// Also returns true with an empty hash if the file does not currently exist or is not accessible to
// the app.
// For any other errors (e.g. if any of the parameters are invalid) returns false.
bool hash_secondary_dex_file(const std::string& dex_path, const std::string& pkgname, int uid,
const std::unique_ptr<std::string>& volume_uuid, int storage_flag,
std::vector<uint8_t>* out_secondary_dex_hash) {
out_secondary_dex_hash->clear();
const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str();
if (storage_flag != FLAG_STORAGE_CE && storage_flag != FLAG_STORAGE_DE) {
LOG(ERROR) << "hash_secondary_dex_file called with invalid storage_flag: "
<< storage_flag;
return false;
}
// Pipe to get the hash result back from our child process.
unique_fd pipe_read, pipe_write;
if (!Pipe(&pipe_read, &pipe_write)) {
PLOG(ERROR) << "Failed to create pipe";
return false;
}
// Fork so that actual access to the files is done in the app's own UID, to ensure we only
// access data the app itself can access.
pid_t pid = fork();
if (pid == 0) {
// child -- drop privileges before continuing
drop_capabilities(uid);
pipe_read.reset();
if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid_cstr, uid, storage_flag)) {
LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
_exit(DexoptReturnCodes::kHashValidatePath);
}
unique_fd fd(TEMP_FAILURE_RETRY(open(dex_path.c_str(), O_RDONLY | O_CLOEXEC | O_NOFOLLOW)));
if (fd == -1) {
if (errno == EACCES || errno == ENOENT) {
// Not treated as an error.
_exit(0);
}
PLOG(ERROR) << "Failed to open secondary dex " << dex_path;
_exit(DexoptReturnCodes::kHashOpenPath);
}
SHA256_CTX ctx;
SHA256_Init(&ctx);
std::vector<uint8_t> buffer(65536);
while (true) {
ssize_t bytes_read = TEMP_FAILURE_RETRY(read(fd, buffer.data(), buffer.size()));
if (bytes_read == 0) {
break;
} else if (bytes_read == -1) {
PLOG(ERROR) << "Failed to read secondary dex " << dex_path;
_exit(DexoptReturnCodes::kHashReadDex);
}
SHA256_Update(&ctx, buffer.data(), bytes_read);
}
std::array<uint8_t, SHA256_DIGEST_LENGTH> hash;
SHA256_Final(hash.data(), &ctx);
if (!WriteFully(pipe_write, hash.data(), hash.size())) {
_exit(DexoptReturnCodes::kHashWrite);
}
_exit(0);
}
// parent
pipe_write.reset();
out_secondary_dex_hash->resize(SHA256_DIGEST_LENGTH);
if (!ReadFully(pipe_read, out_secondary_dex_hash->data(), out_secondary_dex_hash->size())) {
out_secondary_dex_hash->clear();
}
return wait_child(pid) == 0;
}
// Helper for move_ab, so that we can have common failure-case cleanup.
static bool unlink_and_rename(const char* from, const char* to) {
// Check whether "from" exists, and if so whether it's regular. If it is, unlink. Otherwise,
// return a failure.
struct stat s;
if (stat(to, &s) == 0) {
if (!S_ISREG(s.st_mode)) {
LOG(ERROR) << from << " is not a regular file to replace for A/B.";
return false;
}
if (unlink(to) != 0) {
LOG(ERROR) << "Could not unlink " << to << " to move A/B.";
return false;
}
} else {
// This may be a permission problem. We could investigate the error code, but we'll just
// let the rename failure do the work for us.
}
// Try to rename "to" to "from."
if (rename(from, to) != 0) {
PLOG(ERROR) << "Could not rename " << from << " to " << to;
return false;
}
return true;
}
// Move/rename a B artifact (from) to an A artifact (to).
static bool move_ab_path(const std::string& b_path, const std::string& a_path) {
// Check whether B exists.
{
struct stat s;
if (stat(b_path.c_str(), &s) != 0) {
// Silently ignore for now. The service calling this isn't smart enough to understand
// lack of artifacts at the moment.
return false;
}
if (!S_ISREG(s.st_mode)) {
LOG(ERROR) << "A/B artifact " << b_path << " is not a regular file.";
// Try to unlink, but swallow errors.
unlink(b_path.c_str());
return false;
}
}
// Rename B to A.
if (!unlink_and_rename(b_path.c_str(), a_path.c_str())) {
// Delete the b_path so we don't try again (or fail earlier).
if (unlink(b_path.c_str()) != 0) {
PLOG(ERROR) << "Could not unlink " << b_path;
}
return false;
}
return true;
}
bool move_ab(const char* apk_path, const char* instruction_set, const char* oat_dir) {
// Get the current slot suffix. No suffix, no A/B.
std::string slot_suffix;
{
char buf[kPropertyValueMax];
if (get_property("ro.boot.slot_suffix", buf, nullptr) <= 0) {
return false;
}
slot_suffix = buf;
if (!ValidateTargetSlotSuffix(slot_suffix)) {
LOG(ERROR) << "Target slot suffix not legal: " << slot_suffix;
return false;
}
}
// Validate other inputs.
if (validate_apk_path(apk_path) != 0) {
LOG(ERROR) << "Invalid apk_path: " << apk_path;
return false;
}
if (validate_apk_path(oat_dir) != 0) {
LOG(ERROR) << "Invalid oat_dir: " << oat_dir;
return false;
}
char a_path[PKG_PATH_MAX];
if (!calculate_oat_file_path(a_path, oat_dir, apk_path, instruction_set)) {
return false;
}
const std::string a_vdex_path = create_vdex_filename(a_path);
const std::string a_image_path = create_image_filename(a_path);
// B path = A path + slot suffix.
const std::string b_path = StringPrintf("%s.%s", a_path, slot_suffix.c_str());
const std::string b_vdex_path = StringPrintf("%s.%s", a_vdex_path.c_str(), slot_suffix.c_str());
const std::string b_image_path = StringPrintf("%s.%s",
a_image_path.c_str(),
slot_suffix.c_str());
bool success = true;
if (move_ab_path(b_path, a_path)) {
if (move_ab_path(b_vdex_path, a_vdex_path)) {
// Note: we can live without an app image. As such, ignore failure to move the image file.
// If we decide to require the app image, or the app image being moved correctly,
// then change accordingly.
constexpr bool kIgnoreAppImageFailure = true;
if (!a_image_path.empty()) {
if (!move_ab_path(b_image_path, a_image_path)) {
unlink(a_image_path.c_str());
if (!kIgnoreAppImageFailure) {
success = false;
}