Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / fd5015be41080970c9a992a8ef17a1deefb57478 / . / cmds / installd / utils.c
blob: 52ec9e86a44a081ddfe717d24095ab2ba1f94950 [file] [log] [blame]
/*
** Copyright 2008, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#include "installd.h"
int create_pkg_path_in_dir(char path[PKG_PATH_MAX],
const dir_rec_t* dir,
const char* pkgname,
const char* postfix)
{
const size_t postfix_len = strlen(postfix);
const size_t pkgname_len = strlen(pkgname);
if (pkgname_len > PKG_NAME_MAX) {
return -1;
}
if (is_valid_package_name(pkgname) < 0) {
return -1;
}
if ((pkgname_len + dir->len + postfix_len) >= PKG_PATH_MAX) {
return -1;
}
char *dst = path;
size_t dst_size = PKG_PATH_MAX;
if (append_and_increment(&dst, dir->path, &dst_size) < 0
|| append_and_increment(&dst, pkgname, &dst_size) < 0
|| append_and_increment(&dst, postfix, &dst_size) < 0) {
ALOGE("Error building APK path");
return -1;
}
return 0;
}
/**
* Create the package path name for a given package name with a postfix for
* a certain persona. Returns 0 on success, and -1 on failure.
*/
int create_pkg_path(char path[PKG_PATH_MAX],
const char *pkgname,
const char *postfix,
uid_t persona)
{
size_t uid_len;
char* persona_prefix;
if (persona == 0) {
persona_prefix = PRIMARY_USER_PREFIX;
uid_len = 0;
} else {
persona_prefix = SECONDARY_USER_PREFIX;
uid_len = snprintf(NULL, 0, "%d", persona);
}
const size_t prefix_len = android_data_dir.len + strlen(persona_prefix) + uid_len + 1 /*slash*/;
char prefix[prefix_len + 1];
char *dst = prefix;
size_t dst_size = sizeof(prefix);
if (append_and_increment(&dst, android_data_dir.path, &dst_size) < 0
|| append_and_increment(&dst, persona_prefix, &dst_size) < 0) {
ALOGE("Error building prefix for APK path");
return -1;
}
if (persona != 0) {
int ret = snprintf(dst, dst_size, "%d/", persona);
if (ret < 0 || (size_t) ret != uid_len + 1) {
ALOGW("Error appending UID to APK path");
return -1;
}
}
dir_rec_t dir;
dir.path = prefix;
dir.len = prefix_len;
return create_pkg_path_in_dir(path, &dir, pkgname, postfix);
}
/**
* Create the path name for user data for a certain persona.
* Returns 0 on success, and -1 on failure.
*/
int create_persona_path(char path[PKG_PATH_MAX],
uid_t persona)
{
size_t uid_len;
char* persona_prefix;
if (persona == 0) {
persona_prefix = PRIMARY_USER_PREFIX;
uid_len = 0;
} else {
persona_prefix = SECONDARY_USER_PREFIX;
uid_len = snprintf(NULL, 0, "%d/", persona);
}
char *dst = path;
size_t dst_size = PKG_PATH_MAX;
if (append_and_increment(&dst, android_data_dir.path, &dst_size) < 0
|| append_and_increment(&dst, persona_prefix, &dst_size) < 0) {
ALOGE("Error building prefix for user path");
return -1;
}
if (persona != 0) {
if (dst_size < uid_len + 1) {
ALOGE("Error building user path");
return -1;
}
int ret = snprintf(dst, dst_size, "%d/", persona);
if (ret < 0 || (size_t) ret != uid_len) {
ALOGE("Error appending persona id to path");
return -1;
}
}
return 0;
}
int create_move_path(char path[PKG_PATH_MAX],
const char* pkgname,
const char* leaf,
uid_t persona)
{
if ((android_data_dir.len + strlen(PRIMARY_USER_PREFIX) + strlen(pkgname) + strlen(leaf) + 1)
>= PKG_PATH_MAX) {
return -1;
}
sprintf(path, "%s%s%s/%s", android_data_dir.path, PRIMARY_USER_PREFIX, pkgname, leaf);
return 0;
}
/**
* Checks whether the package name is valid. Returns -1 on error and
* 0 on success.
*/
int is_valid_package_name(const char* pkgname) {
const char *x = pkgname;
int alpha = -1;
while (*x) {
if (isalnum(*x) || (*x == '_')) {
/* alphanumeric or underscore are fine */
} else if (*x == '.') {
if ((x == pkgname) || (x[1] == '.') || (x[1] == 0)) {
/* periods must not be first, last, or doubled */
ALOGE("invalid package name '%s'\n", pkgname);
return -1;
}
} else if (*x == '-') {
/* Suffix -X is fine to let versioning of packages.
But whatever follows should be alphanumeric.*/
alpha = 1;
} else {
/* anything not A-Z, a-z, 0-9, _, or . is invalid */
ALOGE("invalid package name '%s'\n", pkgname);
return -1;
}
x++;
}
if (alpha == 1) {
// Skip current character
x++;
while (*x) {
if (!isalnum(*x)) {
ALOGE("invalid package name '%s' should include only numbers after -\n", pkgname);
return -1;
}
x++;
}
}
return 0;
}
static int _delete_dir_contents(DIR *d, const char *ignore)
{
int result = 0;
struct dirent *de;
int dfd;
dfd = dirfd(d);
if (dfd < 0) return -1;
while ((de = readdir(d))) {
const char *name = de->d_name;
/* skip the ignore name if provided */
if (ignore && !strcmp(name, ignore)) continue;
if (de->d_type == DT_DIR) {
int r, subfd;
DIR *subdir;
/* always skip "." and ".." */
if (name[0] == '.') {
if (name[1] == 0) continue;
if ((name[1] == '.') && (name[2] == 0)) continue;
}
subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
if (subfd < 0) {
ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
result = -1;
continue;
}
subdir = fdopendir(subfd);
if (subdir == NULL) {
ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
close(subfd);
result = -1;
continue;
}
if (_delete_dir_contents(subdir, 0)) {
result = -1;
}
closedir(subdir);
if (unlinkat(dfd, name, AT_REMOVEDIR) < 0) {
ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
result = -1;
}
} else {
if (unlinkat(dfd, name, 0) < 0) {
ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
result = -1;
}
}
}
return result;
}
int delete_dir_contents(const char *pathname,
int also_delete_dir,
const char *ignore)
{
int res = 0;
DIR *d;
d = opendir(pathname);
if (d == NULL) {
ALOGE("Couldn't opendir %s: %s\n", pathname, strerror(errno));
return -errno;
}
res = _delete_dir_contents(d, ignore);
closedir(d);
if (also_delete_dir) {
if (rmdir(pathname)) {
ALOGE("Couldn't rmdir %s: %s\n", pathname, strerror(errno));
res = -1;
}
}
return res;
}
int delete_dir_contents_fd(int dfd, const char *name)
{
int fd, res;
DIR *d;
fd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
if (fd < 0) {
ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
return -1;
}
d = fdopendir(fd);
if (d == NULL) {
ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
close(fd);
return -1;
}
res = _delete_dir_contents(d, 0);
closedir(d);
return res;
}
/**
* Checks whether a path points to a system app (.apk file). Returns 0
* if it is a system app or -1 if it is not.
*/
int validate_system_app_path(const char* path) {
size_t i;
for (i = 0; i < android_system_dirs.count; i++) {
const size_t dir_len = android_system_dirs.dirs[i].len;
if (!strncmp(path, android_system_dirs.dirs[i].path, dir_len)) {
if (path[dir_len] == '.' || strchr(path + dir_len, '/') != NULL) {
ALOGE("invalid system apk path '%s' (trickery)\n", path);
return -1;
}
return 0;
}
}
return -1;
}
/**
* Get the contents of a environment variable that contains a path. Caller
* owns the string that is inserted into the directory record. Returns
* 0 on success and -1 on error.
*/
int get_path_from_env(dir_rec_t* rec, const char* var) {
const char* path = getenv(var);
int ret = get_path_from_string(rec, path);
if (ret < 0) {
ALOGW("Problem finding value for environment variable %s\n", var);
}
return ret;
}
/**
* Puts the string into the record as a directory. Appends '/' to the end
* of all paths. Caller owns the string that is inserted into the directory
* record. A null value will result in an error.
*
* Returns 0 on success and -1 on error.
*/
int get_path_from_string(dir_rec_t* rec, const char* path) {
if (path == NULL) {
return -1;
} else {
const size_t path_len = strlen(path);
if (path_len <= 0) {
return -1;
}
// Make sure path is absolute.
if (path[0] != '/') {
return -1;
}
if (path[path_len - 1] == '/') {
// Path ends with a forward slash. Make our own copy.
rec->path = strdup(path);
if (rec->path == NULL) {
return -1;
}
rec->len = path_len;
} else {
// Path does not end with a slash. Generate a new string.
char *dst;
// Add space for slash and terminating null.
size_t dst_size = path_len + 2;
rec->path = malloc(dst_size);
if (rec->path == NULL) {
return -1;
}
dst = rec->path;
if (append_and_increment(&dst, path, &dst_size) < 0
|| append_and_increment(&dst, "/", &dst_size)) {
ALOGE("Error canonicalizing path");
return -1;
}
rec->len = dst - rec->path;
}
}
return 0;
}
int copy_and_append(dir_rec_t* dst, const dir_rec_t* src, const char* suffix) {
dst->len = src->len + strlen(suffix);
const size_t dstSize = dst->len + 1;
dst->path = (char*) malloc(dstSize);
if (dst->path == NULL
|| snprintf(dst->path, dstSize, "%s%s", src->path, suffix)
!= (ssize_t) dst->len) {
ALOGE("Could not allocate memory to hold appended path; aborting\n");
return -1;
}
return 0;
}
/**
* Check whether path points to a valid path for an APK file. An ASEC
* directory is allowed to have one level of subdirectory names. Returns -1
* when an invalid path is encountered and 0 when a valid path is encountered.
*/
int validate_apk_path(const char *path)
{
int allowsubdir = 0;
char *subdir = NULL;
size_t dir_len;
size_t path_len;
if (!strncmp(path, android_app_dir.path, android_app_dir.len)) {
dir_len = android_app_dir.len;
} else if (!strncmp(path, android_app_private_dir.path, android_app_private_dir.len)) {
dir_len = android_app_private_dir.len;
} else if (!strncmp(path, android_asec_dir.path, android_asec_dir.len)) {
dir_len = android_asec_dir.len;
allowsubdir = 1;
} else {
ALOGE("invalid apk path '%s' (bad prefix)\n", path);
return -1;
}
path_len = strlen(path);
/*
* Only allow the path to have a subdirectory if it's been marked as being allowed.
*/
if ((subdir = strchr(path + dir_len, '/')) != NULL) {
++subdir;
if (!allowsubdir
|| (path_len > (size_t) (subdir - path) && (strchr(subdir, '/') != NULL))) {
ALOGE("invalid apk path '%s' (subdir?)\n", path);
return -1;
}
}
/*
* Directories can't have a period directly after the directory markers
* to prevent ".."
*/
if (path[dir_len] == '.'
|| (subdir != NULL && ((*subdir == '.') || (strchr(subdir, '/') != NULL)))) {
ALOGE("invalid apk path '%s' (trickery)\n", path);
return -1;
}
return 0;
}
int append_and_increment(char** dst, const char* src, size_t* dst_size) {
ssize_t ret = strlcpy(*dst, src, *dst_size);
if (ret < 0 || (size_t) ret >= *dst_size) {
return -1;
}
*dst += ret;
*dst_size -= ret;
return 0;
}
char *build_string2(char *s1, char *s2) {
if (s1 == NULL || s2 == NULL) return NULL;
int len_s1 = strlen(s1);
int len_s2 = strlen(s2);
int len = len_s1 + len_s2 + 1;
char *result = malloc(len);
if (result == NULL) return NULL;
strcpy(result, s1);
strcpy(result + len_s1, s2);
return result;
}
char *build_string3(char *s1, char *s2, char *s3) {
if (s1 == NULL || s2 == NULL || s3 == NULL) return NULL;
int len_s1 = strlen(s1);
int len_s2 = strlen(s2);
int len_s3 = strlen(s3);
int len = len_s1 + len_s2 + len_s3 + 1;
char *result = malloc(len);
if (result == NULL) return NULL;
strcpy(result, s1);
strcpy(result + len_s1, s2);
strcpy(result + len_s1 + len_s2, s3);
return result;
}