| Colin Cross | 13221c9 | 2014-02-11 18:04:44 -0800 | [diff] [blame] | 1 | #include "idmap.h" |
| 2 | |
| 3 | #include <private/android_filesystem_config.h> // for AID_SYSTEM |
| 4 | |
| 5 | #include <stdlib.h> |
| 6 | #include <string.h> |
| 7 | |
| 8 | namespace { |
| 9 | const char *usage = "NAME\n\ |
| 10 | idmap - create or display idmap files\n\ |
| 11 | \n\ |
| 12 | SYNOPSIS \n\ |
| 13 | idmap --help \n\ |
| 14 | idmap --fd target overlay fd \n\ |
| 15 | idmap --path target overlay idmap \n\ |
| 16 | idmap --scan dir-to-scan target-to-look-for target dir-to-hold-idmaps \n\ |
| 17 | idmap --inspect idmap \n\ |
| 18 | \n\ |
| 19 | DESCRIPTION \n\ |
| 20 | Idmap files play an integral part in the runtime resource overlay framework. An idmap \n\ |
| 21 | file contains a mapping of resource identifiers between overlay package and its target \n\ |
| 22 | package; this mapping is used during resource lookup. Idmap files also act as control \n\ |
| 23 | files by their existence: if not present, the corresponding overlay package is ignored \n\ |
| 24 | when the resource context is created. \n\ |
| 25 | \n\ |
| 26 | Idmap files are stored in /data/resource-cache. For each pair (target package, overlay \n\ |
| 27 | package), there exists exactly one idmap file, or none if the overlay should not be used. \n\ |
| 28 | \n\ |
| 29 | NOMENCLATURE \n\ |
| 30 | target: the original, non-overlay, package. Each target package may be associated with \n\ |
| 31 | any number of overlay packages. \n\ |
| 32 | \n\ |
| 33 | overlay: an overlay package. Each overlay package is associated with exactly one target \n\ |
| 34 | package, specified in the overlay's manifest using the <overlay target=\"...\"/> \n\ |
| 35 | tag. \n\ |
| 36 | \n\ |
| 37 | OPTIONS \n\ |
| 38 | --help: display this help \n\ |
| 39 | \n\ |
| 40 | --fd: create idmap for target package 'target' (path to apk) and overlay package 'overlay' \n\ |
| 41 | (path to apk); write results to file descriptor 'fd' (integer). This invocation \n\ |
| 42 | version is intended to be used by a parent process with higher privileges to call \n\ |
| 43 | idmap in a controlled way: the parent will open a suitable file descriptor, fork, \n\ |
| 44 | drop its privileges and exec. This tool will continue execution without the extra \n\ |
| 45 | privileges, but still have write access to a file it could not have opened on its \n\ |
| 46 | own. \n\ |
| 47 | \n\ |
| 48 | --path: create idmap for target package 'target' (path to apk) and overlay package \n\ |
| 49 | 'overlay' (path to apk); write results to 'idmap' (path). \n\ |
| 50 | \n\ |
| 51 | --scan: non-recursively search directory 'dir-to-scan' (path) for overlay packages with \n\ |
| 52 | target package 'target-to-look-for' (package name) present at 'target' (path to \n\ |
| 53 | apk). For each overlay package found, create an idmap file in 'dir-to-hold-idmaps' \n\ |
| 54 | (path). \n\ |
| 55 | \n\ |
| 56 | --inspect: decode the binary format of 'idmap' (path) and display the contents in a \n\ |
| 57 | debug-friendly format. \n\ |
| 58 | \n\ |
| 59 | EXAMPLES \n\ |
| 60 | Create an idmap file: \n\ |
| 61 | \n\ |
| 62 | $ adb shell idmap --path /system/app/target.apk \\ \n\ |
| 63 | /vendor/overlay/overlay.apk \\ \n\ |
| 64 | /data/resource-cache/vendor@overlay@overlay.apk@idmap \n\ |
| 65 | \n\ |
| 66 | Display an idmap file: \n\ |
| 67 | \n\ |
| 68 | $ adb shell idmap --inspect /data/resource-cache/vendor@overlay@overlay.apk@idmap \n\ |
| Adam Lesinski | f90f2f8d | 2014-06-06 14:27:00 -0700 | [diff] [blame] | 69 | SECTION ENTRY VALUE COMMENT \n\ |
| 70 | IDMAP HEADER magic 0x706d6469 \n\ |
| 71 | base crc 0xb65a383f \n\ |
| 72 | overlay crc 0x7b9675e8 \n\ |
| 73 | base path .......... /path/to/target.apk \n\ |
| 74 | overlay path .......... /path/to/overlay.apk \n\ |
| 75 | DATA HEADER target pkg 0x0000007f \n\ |
| 76 | types count 0x00000003 \n\ |
| 77 | DATA BLOCK target type 0x00000002 \n\ |
| 78 | overlay type 0x00000002 \n\ |
| 79 | entry count 0x00000001 \n\ |
| 80 | entry offset 0x00000000 \n\ |
| 81 | entry 0x00000000 drawable/drawable \n\ |
| 82 | DATA BLOCK target type 0x00000003 \n\ |
| 83 | overlay type 0x00000003 \n\ |
| 84 | entry count 0x00000001 \n\ |
| 85 | entry offset 0x00000000 \n\ |
| 86 | entry 0x00000000 xml/integer \n\ |
| 87 | DATA BLOCK target type 0x00000004 \n\ |
| 88 | overlay type 0x00000004 \n\ |
| 89 | entry count 0x00000001 \n\ |
| 90 | entry offset 0x00000000 \n\ |
| 91 | entry 0x00000000 raw/lorem_ipsum \n\ |
| Colin Cross | 13221c9 | 2014-02-11 18:04:44 -0800 | [diff] [blame] | 92 | \n\ |
| 93 | In this example, the overlay package provides three alternative resource values:\n\ |
| Adam Lesinski | f90f2f8d | 2014-06-06 14:27:00 -0700 | [diff] [blame] | 94 | drawable/drawable, xml/integer, and raw/lorem_ipsum \n\ |
| Colin Cross | 13221c9 | 2014-02-11 18:04:44 -0800 | [diff] [blame] | 95 | \n\ |
| 96 | NOTES \n\ |
| 97 | This tool and its expected invocation from installd is modelled on dexopt."; |
| 98 | |
| 99 | bool verify_directory_readable(const char *path) |
| 100 | { |
| 101 | return access(path, R_OK | X_OK) == 0; |
| 102 | } |
| 103 | |
| 104 | bool verify_directory_writable(const char *path) |
| 105 | { |
| 106 | return access(path, W_OK) == 0; |
| 107 | } |
| 108 | |
| 109 | bool verify_file_readable(const char *path) |
| 110 | { |
| 111 | return access(path, R_OK) == 0; |
| 112 | } |
| 113 | |
| 114 | bool verify_root_or_system() |
| 115 | { |
| 116 | uid_t uid = getuid(); |
| 117 | gid_t gid = getgid(); |
| 118 | |
| 119 | return (uid == 0 && gid == 0) || (uid == AID_SYSTEM && gid == AID_SYSTEM); |
| 120 | } |
| 121 | |
| 122 | int maybe_create_fd(const char *target_apk_path, const char *overlay_apk_path, |
| 123 | const char *idmap_str) |
| 124 | { |
| 125 | // anyone (not just root or system) may do --fd -- the file has |
| 126 | // already been opened by someone else on our behalf |
| 127 | |
| 128 | char *endptr; |
| 129 | int idmap_fd = strtol(idmap_str, &endptr, 10); |
| 130 | if (*endptr != '\0') { |
| 131 | fprintf(stderr, "error: failed to parse file descriptor argument %s\n", idmap_str); |
| 132 | return -1; |
| 133 | } |
| 134 | |
| 135 | if (!verify_file_readable(target_apk_path)) { |
| 136 | ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno)); |
| 137 | return -1; |
| 138 | } |
| 139 | |
| 140 | if (!verify_file_readable(overlay_apk_path)) { |
| 141 | ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno)); |
| 142 | return -1; |
| 143 | } |
| 144 | |
| 145 | return idmap_create_fd(target_apk_path, overlay_apk_path, idmap_fd); |
| 146 | } |
| 147 | |
| 148 | int maybe_create_path(const char *target_apk_path, const char *overlay_apk_path, |
| 149 | const char *idmap_path) |
| 150 | { |
| 151 | if (!verify_root_or_system()) { |
| 152 | fprintf(stderr, "error: permission denied: not user root or user system\n"); |
| 153 | return -1; |
| 154 | } |
| 155 | |
| 156 | if (!verify_file_readable(target_apk_path)) { |
| 157 | ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno)); |
| 158 | return -1; |
| 159 | } |
| 160 | |
| 161 | if (!verify_file_readable(overlay_apk_path)) { |
| 162 | ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno)); |
| 163 | return -1; |
| 164 | } |
| 165 | |
| 166 | return idmap_create_path(target_apk_path, overlay_apk_path, idmap_path); |
| 167 | } |
| 168 | |
| 169 | int maybe_scan(const char *overlay_dir, const char *target_package_name, |
| 170 | const char *target_apk_path, const char *idmap_dir) |
| 171 | { |
| 172 | if (!verify_root_or_system()) { |
| 173 | fprintf(stderr, "error: permission denied: not user root or user system\n"); |
| 174 | return -1; |
| 175 | } |
| 176 | |
| 177 | if (!verify_directory_readable(overlay_dir)) { |
| 178 | ALOGD("error: no read access to %s: %s\n", overlay_dir, strerror(errno)); |
| 179 | return -1; |
| 180 | } |
| 181 | |
| 182 | if (!verify_file_readable(target_apk_path)) { |
| 183 | ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno)); |
| 184 | return -1; |
| 185 | } |
| 186 | |
| 187 | if (!verify_directory_writable(idmap_dir)) { |
| 188 | ALOGD("error: no write access to %s: %s\n", idmap_dir, strerror(errno)); |
| 189 | return -1; |
| 190 | } |
| 191 | |
| 192 | return idmap_scan(overlay_dir, target_package_name, target_apk_path, idmap_dir); |
| 193 | } |
| 194 | |
| 195 | int maybe_inspect(const char *idmap_path) |
| 196 | { |
| 197 | // anyone (not just root or system) may do --inspect |
| 198 | if (!verify_file_readable(idmap_path)) { |
| 199 | ALOGD("error: failed to read idmap %s: %s\n", idmap_path, strerror(errno)); |
| 200 | return -1; |
| 201 | } |
| 202 | return idmap_inspect(idmap_path); |
| 203 | } |
| 204 | } |
| 205 | |
| 206 | int main(int argc, char **argv) |
| 207 | { |
| 208 | #if 0 |
| 209 | { |
| 210 | char buf[1024]; |
| 211 | buf[0] = '\0'; |
| 212 | for (int i = 0; i < argc; ++i) { |
| 213 | strncat(buf, argv[i], sizeof(buf) - 1); |
| 214 | strncat(buf, " ", sizeof(buf) - 1); |
| 215 | } |
| 216 | ALOGD("%s:%d: uid=%d gid=%d argv=%s\n", __FILE__, __LINE__, getuid(), getgid(), buf); |
| 217 | } |
| 218 | #endif |
| 219 | |
| 220 | if (argc == 2 && !strcmp(argv[1], "--help")) { |
| 221 | printf("%s\n", usage); |
| 222 | return 0; |
| 223 | } |
| 224 | |
| 225 | if (argc == 5 && !strcmp(argv[1], "--fd")) { |
| 226 | return maybe_create_fd(argv[2], argv[3], argv[4]); |
| 227 | } |
| 228 | |
| 229 | if (argc == 5 && !strcmp(argv[1], "--path")) { |
| 230 | return maybe_create_path(argv[2], argv[3], argv[4]); |
| 231 | } |
| 232 | |
| 233 | if (argc == 6 && !strcmp(argv[1], "--scan")) { |
| 234 | return maybe_scan(argv[2], argv[3], argv[4], argv[5]); |
| 235 | } |
| 236 | |
| 237 | if (argc == 3 && !strcmp(argv[1], "--inspect")) { |
| 238 | return maybe_inspect(argv[2]); |
| 239 | } |
| 240 | |
| 241 | fprintf(stderr, "Usage: don't use this (cf dexopt usage).\n"); |
| 242 | return EXIT_FAILURE; |
| 243 | } |