Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2017 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 17 | #include <fcntl.h> |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 18 | #include <stdlib.h> |
| 19 | #include <string.h> |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 20 | #include <sys/types.h> |
| 21 | #include <sys/stat.h> |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 22 | |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 23 | #include <android-base/file.h> |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 24 | #include <android-base/logging.h> |
| 25 | #include <android-base/stringprintf.h> |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 26 | #include <android-base/unique_fd.h> |
| 27 | |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 28 | #include <cutils/properties.h> |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 29 | |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 30 | #include <gtest/gtest.h> |
| 31 | |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 32 | #include <selinux/android.h> |
| 33 | #include <selinux/avc.h> |
| 34 | |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 35 | #include "dexopt.h" |
| 36 | #include "InstalldNativeService.h" |
| 37 | #include "globals.h" |
| 38 | #include "tests/test_utils.h" |
| 39 | #include "utils.h" |
| 40 | |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 41 | using android::base::ReadFully; |
| 42 | using android::base::unique_fd; |
| 43 | |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 44 | namespace android { |
| 45 | namespace installd { |
| 46 | |
| 47 | // TODO(calin): try to dedup this code. |
| 48 | #if defined(__arm__) |
| 49 | static const std::string kRuntimeIsa = "arm"; |
| 50 | #elif defined(__aarch64__) |
| 51 | static const std::string kRuntimeIsa = "arm64"; |
| 52 | #elif defined(__mips__) && !defined(__LP64__) |
| 53 | static const std::string kRuntimeIsa = "mips"; |
| 54 | #elif defined(__mips__) && defined(__LP64__) |
| 55 | static const std::string kRuntimeIsa = "mips64"; |
| 56 | #elif defined(__i386__) |
| 57 | static const std::string kRuntimeIsa = "x86"; |
| 58 | #elif defined(__x86_64__) |
| 59 | static const std::string kRuntimeIsa = "x86_64"; |
| 60 | #else |
| 61 | static const std::string kRuntimeIsa = "none"; |
| 62 | #endif |
| 63 | |
| 64 | int get_property(const char *key, char *value, const char *default_value) { |
| 65 | return property_get(key, value, default_value); |
| 66 | } |
| 67 | |
| 68 | bool calculate_oat_file_path(char path[PKG_PATH_MAX], const char *oat_dir, const char *apk_path, |
| 69 | const char *instruction_set) { |
| 70 | return calculate_oat_file_path_default(path, oat_dir, apk_path, instruction_set); |
| 71 | } |
| 72 | |
| 73 | bool calculate_odex_file_path(char path[PKG_PATH_MAX], const char *apk_path, |
| 74 | const char *instruction_set) { |
| 75 | return calculate_odex_file_path_default(path, apk_path, instruction_set); |
| 76 | } |
| 77 | |
| 78 | bool create_cache_path(char path[PKG_PATH_MAX], const char *src, const char *instruction_set) { |
| 79 | return create_cache_path_default(path, src, instruction_set); |
| 80 | } |
| 81 | |
| 82 | static void run_cmd(const std::string& cmd) { |
| 83 | system(cmd.c_str()); |
| 84 | } |
| 85 | |
| 86 | static void mkdir(const std::string& path, uid_t owner, gid_t group, mode_t mode) { |
| 87 | ::mkdir(path.c_str(), mode); |
| 88 | ::chown(path.c_str(), owner, group); |
| 89 | ::chmod(path.c_str(), mode); |
| 90 | } |
| 91 | |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 92 | static int log_callback(int type, const char *fmt, ...) { // NOLINT |
| 93 | va_list ap; |
| 94 | int priority; |
| 95 | |
| 96 | switch (type) { |
| 97 | case SELINUX_WARNING: |
| 98 | priority = ANDROID_LOG_WARN; |
| 99 | break; |
| 100 | case SELINUX_INFO: |
| 101 | priority = ANDROID_LOG_INFO; |
| 102 | break; |
| 103 | default: |
| 104 | priority = ANDROID_LOG_ERROR; |
| 105 | break; |
| 106 | } |
| 107 | va_start(ap, fmt); |
| 108 | LOG_PRI_VA(priority, "SELinux", fmt, ap); |
| 109 | va_end(ap); |
| 110 | return 0; |
| 111 | } |
| 112 | |
| 113 | static bool init_selinux() { |
| 114 | int selinux_enabled = (is_selinux_enabled() > 0); |
| 115 | |
| 116 | union selinux_callback cb; |
| 117 | cb.func_log = log_callback; |
| 118 | selinux_set_callback(SELINUX_CB_LOG, cb); |
| 119 | |
| 120 | if (selinux_enabled && selinux_status_open(true) < 0) { |
| 121 | LOG(ERROR) << "Could not open selinux status; exiting"; |
| 122 | return false; |
| 123 | } |
| 124 | |
| 125 | return true; |
| 126 | } |
| 127 | |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 128 | // Base64 encoding of a simple dex files with 2 methods. |
| 129 | static const char kDexFile[] = |
| 130 | "UEsDBBQAAAAIAOiOYUs9y6BLCgEAABQCAAALABwAY2xhc3Nlcy5kZXhVVAkAA/Ns+lkOHv1ZdXgL" |
| 131 | "AAEEI+UCAASIEwAAS0mt4DIwNmX4qpn7j/2wA7v7N+ZvoQpCJRlVx5SWa4YaiDAxMBQwMDBUhJkI" |
| 132 | "MUBBDyMDAzsDRJwFxAdioBDDHAYEYAbiFUAM1M5wAIhFGCGKDIDYAogdgNgDiH2BOAiI0xghekDm" |
| 133 | "sQIxGxQzM6ACRijNhCbOhCZfyohdPYyuh8szgtVkMkLsLhAAqeCDi+ejibPZZOZlltgxsDnqZSWW" |
| 134 | "JTKwOUFoZh9HayDhZM0g5AMS0M9JzEvX90/KSk0usWZgDAMaws5nAyXBzmpoYGlgAjsAyJoBMp0b" |
| 135 | "zQ8gGhbOTEhhzYwU3qxIYc2GFN6MClC/AhUyKUDMAYU9M1Qc5F8GKBscVgIQM0FxCwBQSwECHgMU" |
| 136 | "AAAACADojmFLPcugSwoBAAAUAgAACwAYAAAAAAAAAAAAoIEAAAAAY2xhc3Nlcy5kZXhVVAUAA/Ns" |
| 137 | "+ll1eAsAAQQj5QIABIgTAABQSwUGAAAAAAEAAQBRAAAATwEAAAAA"; |
| 138 | |
| 139 | |
| 140 | class DexoptTest : public testing::Test { |
| 141 | protected: |
| 142 | static constexpr bool kDebug = false; |
| 143 | static constexpr uid_t kSystemUid = 1000; |
| 144 | static constexpr uid_t kSystemGid = 1000; |
| 145 | static constexpr int32_t kOSdkVersion = 25; |
| 146 | static constexpr int32_t kAppDataFlags = FLAG_STORAGE_CE | FLAG_STORAGE_DE; |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 147 | static constexpr int32_t kTestUserId = 0; |
Calin Juravle | d2affb8 | 2017-11-28 17:41:43 -0800 | [diff] [blame] | 148 | static constexpr uid_t kTestAppId = 19999; |
| 149 | |
| 150 | const gid_t kTestAppUid = multiuser_get_uid(kTestUserId, kTestAppId); |
| 151 | const uid_t kTestAppGid = multiuser_get_shared_gid(kTestUserId, kTestAppId); |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 152 | |
| 153 | InstalldNativeService* service_; |
| 154 | std::unique_ptr<std::string> volume_uuid_; |
| 155 | std::string package_name_; |
| 156 | std::string app_apk_dir_; |
| 157 | std::string app_private_dir_ce_; |
| 158 | std::string app_private_dir_de_; |
| 159 | std::string se_info_; |
| 160 | |
| 161 | int64_t ce_data_inode_; |
| 162 | |
| 163 | std::string secondary_dex_ce_; |
| 164 | std::string secondary_dex_ce_link_; |
| 165 | std::string secondary_dex_de_; |
| 166 | |
| 167 | virtual void SetUp() { |
| 168 | setenv("ANDROID_LOG_TAGS", "*:v", 1); |
| 169 | android::base::InitLogging(nullptr); |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 170 | // Initialize the globals holding the file system main paths (/data/, /system/ etc..). |
| 171 | // This is needed in order to compute the application and profile paths. |
| 172 | ASSERT_TRUE(init_globals_from_data_and_root()); |
| 173 | // Initialize selinux log callbacks. |
| 174 | // This ensures that selinux is up and running and re-directs the selinux messages |
| 175 | // to logcat (in order to make it easier to investigate test results). |
| 176 | ASSERT_TRUE(init_selinux()); |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 177 | service_ = new InstalldNativeService(); |
| 178 | |
| 179 | volume_uuid_ = nullptr; |
| 180 | package_name_ = "com.installd.test.dexopt"; |
| 181 | se_info_ = "default"; |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 182 | app_apk_dir_ = android_app_dir + package_name_; |
| 183 | |
| 184 | create_mock_app(); |
| 185 | } |
| 186 | |
| 187 | virtual void TearDown() { |
| 188 | if (!kDebug) { |
| 189 | service_->destroyAppData( |
| 190 | volume_uuid_, package_name_, kTestUserId, kAppDataFlags, ce_data_inode_); |
| 191 | run_cmd("rm -rf " + app_apk_dir_); |
| 192 | run_cmd("rm -rf " + app_private_dir_ce_); |
| 193 | run_cmd("rm -rf " + app_private_dir_de_); |
| 194 | } |
| 195 | delete service_; |
| 196 | } |
| 197 | |
| 198 | void create_mock_app() { |
| 199 | // Create the oat dir. |
| 200 | std::string app_oat_dir = app_apk_dir_ + "/oat"; |
| 201 | mkdir(app_apk_dir_, kSystemUid, kSystemGid, 0755); |
| 202 | service_->createOatDir(app_oat_dir, kRuntimeIsa); |
| 203 | |
| 204 | // Copy the primary apk. |
| 205 | std::string apk_path = app_apk_dir_ + "/base.jar"; |
| 206 | ASSERT_TRUE(WriteBase64ToFile(kDexFile, apk_path, kSystemUid, kSystemGid, 0644)); |
| 207 | |
| 208 | // Create the app user data. |
| 209 | ASSERT_TRUE(service_->createAppData( |
| 210 | volume_uuid_, |
| 211 | package_name_, |
| 212 | kTestUserId, |
| 213 | kAppDataFlags, |
| 214 | kTestAppUid, |
| 215 | se_info_, |
| 216 | kOSdkVersion, |
| 217 | &ce_data_inode_).isOk()); |
| 218 | |
| 219 | // Create a secondary dex file on CE storage |
| 220 | const char* volume_uuid_cstr = volume_uuid_ == nullptr ? nullptr : volume_uuid_->c_str(); |
| 221 | app_private_dir_ce_ = create_data_user_ce_package_path( |
| 222 | volume_uuid_cstr, kTestUserId, package_name_.c_str()); |
| 223 | secondary_dex_ce_ = app_private_dir_ce_ + "/secondary_ce.jar"; |
| 224 | ASSERT_TRUE(WriteBase64ToFile(kDexFile, secondary_dex_ce_, kTestAppUid, kTestAppGid, 0600)); |
| 225 | std::string app_private_dir_ce_link = create_data_user_ce_package_path_as_user_link( |
| 226 | volume_uuid_cstr, kTestUserId, package_name_.c_str()); |
| 227 | secondary_dex_ce_link_ = app_private_dir_ce_link + "/secondary_ce.jar"; |
| 228 | |
| 229 | // Create a secondary dex file on DE storage. |
| 230 | app_private_dir_de_ = create_data_user_de_package_path( |
| 231 | volume_uuid_cstr, kTestUserId, package_name_.c_str()); |
| 232 | secondary_dex_de_ = app_private_dir_de_ + "/secondary_de.jar"; |
| 233 | ASSERT_TRUE(WriteBase64ToFile(kDexFile, secondary_dex_de_, kTestAppUid, kTestAppGid, 0600)); |
| 234 | |
| 235 | // Fix app data uid. |
| 236 | ASSERT_TRUE(service_->fixupAppData(volume_uuid_, kTestUserId).isOk()); |
| 237 | } |
| 238 | |
| 239 | |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 240 | std::string GetSecondaryDexArtifact(const std::string& path, const std::string& type) { |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 241 | std::string::size_type end = path.rfind('.'); |
| 242 | std::string::size_type start = path.rfind('/', end); |
| 243 | return path.substr(0, start) + "/oat/" + kRuntimeIsa + "/" + |
| 244 | path.substr(start + 1, end - start) + type; |
| 245 | } |
| 246 | |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 247 | void CompileSecondaryDex(const std::string& path, int32_t dex_storage_flag, |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 248 | bool should_binder_call_succeed, bool should_dex_be_compiled = true, |
Calin Juravle | d2affb8 | 2017-11-28 17:41:43 -0800 | [diff] [blame] | 249 | int32_t uid = -1) { |
| 250 | if (uid == -1) { |
| 251 | uid = kTestAppUid; |
| 252 | } |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 253 | std::unique_ptr<std::string> package_name_ptr(new std::string(package_name_)); |
| 254 | int32_t dexopt_needed = 0; // does not matter; |
| 255 | std::unique_ptr<std::string> out_path = nullptr; // does not matter |
| 256 | int32_t dex_flags = DEXOPT_SECONDARY_DEX | dex_storage_flag; |
| 257 | std::string compiler_filter = "speed-profile"; |
| 258 | std::unique_ptr<std::string> class_loader_context_ptr(new std::string("&")); |
| 259 | std::unique_ptr<std::string> se_info_ptr(new std::string(se_info_)); |
| 260 | bool downgrade = false; |
David Brazdil | 570d398 | 2018-01-16 20:15:43 +0000 | [diff] [blame^] | 261 | int32_t target_sdk_version = 0; // default |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 262 | |
| 263 | binder::Status result = service_->dexopt(path, |
| 264 | uid, |
| 265 | package_name_ptr, |
| 266 | kRuntimeIsa, |
| 267 | dexopt_needed, |
| 268 | out_path, |
| 269 | dex_flags, |
| 270 | compiler_filter, |
| 271 | volume_uuid_, |
| 272 | class_loader_context_ptr, |
| 273 | se_info_ptr, |
David Brazdil | 570d398 | 2018-01-16 20:15:43 +0000 | [diff] [blame^] | 274 | downgrade, |
| 275 | target_sdk_version); |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 276 | ASSERT_EQ(should_binder_call_succeed, result.isOk()); |
| 277 | int expected_access = should_dex_be_compiled ? 0 : -1; |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 278 | std::string odex = GetSecondaryDexArtifact(path, "odex"); |
| 279 | std::string vdex = GetSecondaryDexArtifact(path, "vdex"); |
| 280 | std::string art = GetSecondaryDexArtifact(path, "art"); |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 281 | ASSERT_EQ(expected_access, access(odex.c_str(), R_OK)); |
| 282 | ASSERT_EQ(expected_access, access(vdex.c_str(), R_OK)); |
| 283 | ASSERT_EQ(-1, access(art.c_str(), R_OK)); // empty profiles do not generate an image. |
| 284 | } |
| 285 | |
| 286 | void reconcile_secondary_dex(const std::string& path, int32_t storage_flag, |
| 287 | bool should_binder_call_succeed, bool should_dex_exist, bool should_dex_be_deleted, |
Calin Juravle | d2affb8 | 2017-11-28 17:41:43 -0800 | [diff] [blame] | 288 | int32_t uid = -1, std::string* package_override = nullptr) { |
| 289 | if (uid == -1) { |
| 290 | uid = kTestAppUid; |
| 291 | } |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 292 | std::vector<std::string> isas; |
| 293 | isas.push_back(kRuntimeIsa); |
| 294 | bool out_secondary_dex_exists = false; |
| 295 | binder::Status result = service_->reconcileSecondaryDexFile( |
| 296 | path, |
| 297 | package_override == nullptr ? package_name_ : *package_override, |
| 298 | uid, |
| 299 | isas, |
| 300 | volume_uuid_, |
| 301 | storage_flag, |
| 302 | &out_secondary_dex_exists); |
| 303 | |
| 304 | ASSERT_EQ(should_binder_call_succeed, result.isOk()); |
| 305 | ASSERT_EQ(should_dex_exist, out_secondary_dex_exists); |
| 306 | |
| 307 | int expected_access = should_dex_be_deleted ? -1 : 0; |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 308 | std::string odex = GetSecondaryDexArtifact(path, "odex"); |
| 309 | std::string vdex = GetSecondaryDexArtifact(path, "vdex"); |
| 310 | std::string art = GetSecondaryDexArtifact(path, "art"); |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 311 | ASSERT_EQ(expected_access, access(odex.c_str(), F_OK)); |
| 312 | ASSERT_EQ(expected_access, access(vdex.c_str(), F_OK)); |
| 313 | ASSERT_EQ(-1, access(art.c_str(), R_OK)); // empty profiles do not generate an image. |
| 314 | } |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 315 | |
| 316 | void CheckFileAccess(const std::string& file, uid_t uid, gid_t gid, mode_t mode) { |
| 317 | struct stat st; |
| 318 | ASSERT_EQ(0, stat(file.c_str(), &st)); |
| 319 | ASSERT_EQ(uid, st.st_uid); |
| 320 | ASSERT_EQ(gid, st.st_gid); |
| 321 | ASSERT_EQ(mode, st.st_mode); |
| 322 | } |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 323 | }; |
| 324 | |
| 325 | |
| 326 | TEST_F(DexoptTest, DexoptSecondaryCe) { |
| 327 | LOG(INFO) << "DexoptSecondaryCe"; |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 328 | CompileSecondaryDex(secondary_dex_ce_, DEXOPT_STORAGE_CE, |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 329 | /*binder_ok*/ true, /*compile_ok*/ true); |
| 330 | } |
| 331 | |
| 332 | TEST_F(DexoptTest, DexoptSecondaryCeLink) { |
| 333 | LOG(INFO) << "DexoptSecondaryCeLink"; |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 334 | CompileSecondaryDex(secondary_dex_ce_link_, DEXOPT_STORAGE_CE, |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 335 | /*binder_ok*/ true, /*compile_ok*/ true); |
| 336 | } |
| 337 | |
| 338 | TEST_F(DexoptTest, DexoptSecondaryDe) { |
| 339 | LOG(INFO) << "DexoptSecondaryDe"; |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 340 | CompileSecondaryDex(secondary_dex_de_, DEXOPT_STORAGE_DE, |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 341 | /*binder_ok*/ true, /*compile_ok*/ true); |
| 342 | } |
| 343 | |
| 344 | TEST_F(DexoptTest, DexoptSecondaryDoesNotExist) { |
| 345 | LOG(INFO) << "DexoptSecondaryDoesNotExist"; |
| 346 | // If the file validates but does not exist we do not treat it as an error. |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 347 | CompileSecondaryDex(secondary_dex_ce_ + "not.there", DEXOPT_STORAGE_CE, |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 348 | /*binder_ok*/ true, /*compile_ok*/ false); |
| 349 | } |
| 350 | |
| 351 | TEST_F(DexoptTest, DexoptSecondaryStorageValidationError) { |
| 352 | LOG(INFO) << "DexoptSecondaryStorageValidationError"; |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 353 | CompileSecondaryDex(secondary_dex_ce_, DEXOPT_STORAGE_DE, |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 354 | /*binder_ok*/ false, /*compile_ok*/ false); |
| 355 | } |
| 356 | |
| 357 | TEST_F(DexoptTest, DexoptSecondaryAppOwnershipValidationError) { |
| 358 | LOG(INFO) << "DexoptSecondaryAppOwnershipValidationError"; |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 359 | CompileSecondaryDex("/data/data/random.app/secondary.jar", DEXOPT_STORAGE_CE, |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 360 | /*binder_ok*/ false, /*compile_ok*/ false); |
| 361 | } |
| 362 | |
| 363 | TEST_F(DexoptTest, DexoptSecondaryAcessViaDifferentUidError) { |
| 364 | LOG(INFO) << "DexoptSecondaryAcessViaDifferentUidError"; |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 365 | CompileSecondaryDex(secondary_dex_ce_, DEXOPT_STORAGE_CE, |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 366 | /*binder_ok*/ false, /*compile_ok*/ false, kSystemUid); |
| 367 | } |
| 368 | |
| 369 | |
| 370 | class ReconcileTest : public DexoptTest { |
| 371 | virtual void SetUp() { |
| 372 | DexoptTest::SetUp(); |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 373 | CompileSecondaryDex(secondary_dex_ce_, DEXOPT_STORAGE_CE, |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 374 | /*binder_ok*/ true, /*compile_ok*/ true); |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 375 | CompileSecondaryDex(secondary_dex_de_, DEXOPT_STORAGE_DE, |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 376 | /*binder_ok*/ true, /*compile_ok*/ true); |
| 377 | } |
| 378 | }; |
| 379 | |
| 380 | TEST_F(ReconcileTest, ReconcileSecondaryCeExists) { |
| 381 | LOG(INFO) << "ReconcileSecondaryCeExists"; |
| 382 | reconcile_secondary_dex(secondary_dex_ce_, FLAG_STORAGE_CE, |
| 383 | /*binder_ok*/ true, /*dex_ok */ true, /*odex_deleted*/ false); |
| 384 | } |
| 385 | |
| 386 | TEST_F(ReconcileTest, ReconcileSecondaryCeLinkExists) { |
| 387 | LOG(INFO) << "ReconcileSecondaryCeLinkExists"; |
| 388 | reconcile_secondary_dex(secondary_dex_ce_link_, FLAG_STORAGE_CE, |
| 389 | /*binder_ok*/ true, /*dex_ok */ true, /*odex_deleted*/ false); |
| 390 | } |
| 391 | |
| 392 | TEST_F(ReconcileTest, ReconcileSecondaryDeExists) { |
| 393 | LOG(INFO) << "ReconcileSecondaryDeExists"; |
| 394 | reconcile_secondary_dex(secondary_dex_de_, FLAG_STORAGE_DE, |
| 395 | /*binder_ok*/ true, /*dex_ok */ true, /*odex_deleted*/ false); |
| 396 | } |
| 397 | |
| 398 | TEST_F(ReconcileTest, ReconcileSecondaryDeDoesNotExist) { |
| 399 | LOG(INFO) << "ReconcileSecondaryDeDoesNotExist"; |
| 400 | run_cmd("rm -rf " + secondary_dex_de_); |
| 401 | reconcile_secondary_dex(secondary_dex_de_, FLAG_STORAGE_DE, |
| 402 | /*binder_ok*/ true, /*dex_ok */ false, /*odex_deleted*/ true); |
| 403 | } |
| 404 | |
| 405 | TEST_F(ReconcileTest, ReconcileSecondaryStorageValidationError) { |
| 406 | // Validation errors will not clean the odex/vdex/art files but will mark |
| 407 | // the file as non existent so that the PM knows it should purge it from its |
| 408 | // records. |
| 409 | LOG(INFO) << "ReconcileSecondaryStorageValidationError"; |
| 410 | reconcile_secondary_dex(secondary_dex_ce_, FLAG_STORAGE_DE, |
| 411 | /*binder_ok*/ true, /*dex_ok */ false, /*odex_deleted*/ false); |
| 412 | } |
| 413 | |
| 414 | TEST_F(ReconcileTest, ReconcileSecondaryAppOwnershipValidationError) { |
| 415 | LOG(INFO) << "ReconcileSecondaryAppOwnershipValidationError"; |
| 416 | // Attempt to reconcile the dex files of the test app from a different app. |
| 417 | std::string another_app = "another.app"; |
| 418 | reconcile_secondary_dex(secondary_dex_ce_, FLAG_STORAGE_CE, |
| 419 | /*binder_ok*/ true, /*dex_ok */ false, /*odex_deleted*/ false, kSystemUid, &another_app); |
| 420 | } |
| 421 | |
| 422 | TEST_F(ReconcileTest, ReconcileSecondaryAcessViaDifferentUidError) { |
| 423 | LOG(INFO) << "ReconcileSecondaryAcessViaDifferentUidError"; |
| 424 | reconcile_secondary_dex(secondary_dex_ce_, FLAG_STORAGE_CE, |
| 425 | /*binder_ok*/ true, /*dex_ok */ false, /*odex_deleted*/ false, kSystemUid); |
| 426 | } |
| 427 | |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 428 | class ProfileTest : public DexoptTest { |
| 429 | protected: |
| 430 | std::string cur_profile_; |
| 431 | std::string ref_profile_; |
| 432 | std::string snap_profile_; |
| 433 | |
| 434 | virtual void SetUp() { |
| 435 | DexoptTest::SetUp(); |
| 436 | cur_profile_ = create_current_profile_path( |
| 437 | kTestUserId, package_name_, /*is_secondary_dex*/ false); |
| 438 | ref_profile_ = create_reference_profile_path(package_name_, /*is_secondary_dex*/ false); |
| 439 | snap_profile_ = create_snapshot_profile_path(package_name_, "base.jar"); |
| 440 | } |
| 441 | |
| 442 | void SetupProfile(const std::string& path, uid_t uid, gid_t gid, mode_t mode, int32_t seed) { |
| 443 | run_cmd("profman --generate-test-profile-seed=" + std::to_string(seed) + |
| 444 | " --generate-test-profile-num-dex=2 --generate-test-profile=" + path); |
| 445 | ::chmod(path.c_str(), mode); |
| 446 | ::chown(path.c_str(), uid, gid); |
| 447 | } |
| 448 | |
| 449 | void SetupProfiles(bool setup_ref) { |
| 450 | SetupProfile(cur_profile_, kTestAppUid, kTestAppGid, 0600, 1); |
| 451 | if (setup_ref) { |
| 452 | SetupProfile(ref_profile_, kTestAppUid, kTestAppGid, 0060, 2); |
| 453 | } |
| 454 | } |
| 455 | |
Calin Juravle | c3596c3 | 2017-12-05 12:29:15 -0800 | [diff] [blame] | 456 | void createProfileSnapshot(int32_t appid, const std::string& package_name, |
| 457 | bool expected_result) { |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 458 | bool result; |
Calin Juravle | c3596c3 | 2017-12-05 12:29:15 -0800 | [diff] [blame] | 459 | binder::Status binder_result = service_->createProfileSnapshot( |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 460 | appid, package_name, "base.jar", &result); |
| 461 | ASSERT_TRUE(binder_result.isOk()); |
| 462 | ASSERT_EQ(expected_result, result); |
| 463 | |
| 464 | if (!expected_result) { |
| 465 | // Do not check the files if we expect to fail. |
| 466 | return; |
| 467 | } |
| 468 | |
| 469 | // Check that the snapshot was created witht he expected acess flags. |
| 470 | CheckFileAccess(snap_profile_, kSystemUid, kSystemGid, 0600 | S_IFREG); |
| 471 | |
| 472 | // The snapshot should be equivalent to the merge of profiles. |
| 473 | std::string expected_profile_content = snap_profile_ + ".expected"; |
| 474 | run_cmd("rm -f " + expected_profile_content); |
| 475 | run_cmd("touch " + expected_profile_content); |
| 476 | run_cmd("profman --profile-file=" + cur_profile_ + |
| 477 | " --profile-file=" + ref_profile_ + |
| 478 | " --reference-profile-file=" + expected_profile_content); |
| 479 | |
| 480 | ASSERT_TRUE(AreFilesEqual(expected_profile_content, snap_profile_)); |
| 481 | |
| 482 | pid_t pid = fork(); |
| 483 | if (pid == 0) { |
| 484 | /* child */ |
| 485 | TransitionToSystemServer(); |
| 486 | |
| 487 | // System server should be able to open the the spanshot. |
| 488 | unique_fd fd(open(snap_profile_.c_str(), O_RDONLY)); |
| 489 | ASSERT_TRUE(fd > -1) << "Failed to open profile as kSystemUid: " << strerror(errno); |
| 490 | _exit(0); |
| 491 | } |
| 492 | /* parent */ |
| 493 | ASSERT_TRUE(WIFEXITED(wait_child(pid))); |
| 494 | } |
| 495 | |
| 496 | private: |
| 497 | void TransitionToSystemServer() { |
| 498 | ASSERT_TRUE(DropCapabilities(kSystemUid, kSystemGid)); |
| 499 | int32_t res = selinux_android_setcontext( |
| 500 | kSystemUid, true, se_info_.c_str(), "system_server"); |
| 501 | ASSERT_EQ(0, res) << "Failed to setcon " << strerror(errno); |
| 502 | } |
| 503 | |
| 504 | bool AreFilesEqual(const std::string& file1, const std::string& file2) { |
| 505 | std::vector<uint8_t> content1; |
| 506 | std::vector<uint8_t> content2; |
| 507 | |
| 508 | if (!ReadAll(file1, &content1)) return false; |
| 509 | if (!ReadAll(file2, &content2)) return false; |
| 510 | return content1 == content2; |
| 511 | } |
| 512 | |
| 513 | bool ReadAll(const std::string& file, std::vector<uint8_t>* content) { |
| 514 | unique_fd fd(open(file.c_str(), O_RDONLY)); |
| 515 | if (fd < 0) { |
| 516 | PLOG(ERROR) << "Failed to open " << file; |
| 517 | return false; |
| 518 | } |
| 519 | struct stat st; |
| 520 | if (fstat(fd, &st) != 0) { |
| 521 | PLOG(ERROR) << "Failed to stat " << file; |
| 522 | return false; |
| 523 | } |
| 524 | content->resize(st.st_size); |
| 525 | bool result = ReadFully(fd, content->data(), content->size()); |
| 526 | if (!result) { |
| 527 | PLOG(ERROR) << "Failed to read " << file; |
| 528 | } |
| 529 | return result; |
| 530 | } |
| 531 | }; |
| 532 | |
| 533 | TEST_F(ProfileTest, ProfileSnapshotOk) { |
| 534 | LOG(INFO) << "ProfileSnapshotOk"; |
| 535 | |
| 536 | SetupProfiles(/*setup_ref*/ true); |
Calin Juravle | c3596c3 | 2017-12-05 12:29:15 -0800 | [diff] [blame] | 537 | createProfileSnapshot(kTestAppId, package_name_, /*expected_result*/ true); |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 538 | } |
| 539 | |
| 540 | // The reference profile is created on the fly. We need to be able to |
| 541 | // snapshot without one. |
| 542 | TEST_F(ProfileTest, ProfileSnapshotOkNoReference) { |
| 543 | LOG(INFO) << "ProfileSnapshotOkNoReference"; |
| 544 | |
| 545 | SetupProfiles(/*setup_ref*/ false); |
Calin Juravle | c3596c3 | 2017-12-05 12:29:15 -0800 | [diff] [blame] | 546 | createProfileSnapshot(kTestAppId, package_name_, /*expected_result*/ true); |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 547 | } |
| 548 | |
| 549 | TEST_F(ProfileTest, ProfileSnapshotFailWrongPackage) { |
| 550 | LOG(INFO) << "ProfileSnapshotFailWrongPackage"; |
| 551 | |
| 552 | SetupProfiles(/*setup_ref*/ true); |
Calin Juravle | c3596c3 | 2017-12-05 12:29:15 -0800 | [diff] [blame] | 553 | createProfileSnapshot(kTestAppId, "not.there", /*expected_result*/ false); |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 554 | } |
| 555 | |
| 556 | TEST_F(ProfileTest, ProfileSnapshotDestroySnapshot) { |
| 557 | LOG(INFO) << "ProfileSnapshotDestroySnapshot"; |
| 558 | |
| 559 | SetupProfiles(/*setup_ref*/ true); |
Calin Juravle | c3596c3 | 2017-12-05 12:29:15 -0800 | [diff] [blame] | 560 | createProfileSnapshot(kTestAppId, package_name_, /*expected_result*/ true); |
Calin Juravle | 2959173 | 2017-11-20 17:46:19 -0800 | [diff] [blame] | 561 | |
| 562 | binder::Status binder_result = service_->destroyProfileSnapshot(package_name_, "base.jar"); |
| 563 | ASSERT_TRUE(binder_result.isOk()); |
| 564 | struct stat st; |
| 565 | ASSERT_EQ(-1, stat(snap_profile_.c_str(), &st)); |
| 566 | ASSERT_EQ(ENOENT, errno); |
| 567 | } |
| 568 | |
Calin Juravle | d2affb8 | 2017-11-28 17:41:43 -0800 | [diff] [blame] | 569 | TEST_F(ProfileTest, ProfileDirOk) { |
| 570 | LOG(INFO) << "ProfileDirOk"; |
| 571 | |
| 572 | std::string cur_profile_dir = create_primary_current_profile_package_dir_path( |
| 573 | kTestUserId, package_name_); |
| 574 | std::string cur_profile_file = create_current_profile_path(kTestUserId, package_name_, |
| 575 | /*is_secondary_dex*/false); |
| 576 | std::string ref_profile_dir = create_primary_reference_profile_package_dir_path(package_name_); |
| 577 | |
| 578 | CheckFileAccess(cur_profile_dir, kTestAppUid, kTestAppUid, 0700 | S_IFDIR); |
| 579 | CheckFileAccess(cur_profile_file, kTestAppUid, kTestAppUid, 0600 | S_IFREG); |
Calin Juravle | 6f06eb6 | 2017-11-28 18:44:53 -0800 | [diff] [blame] | 580 | CheckFileAccess(ref_profile_dir, kSystemUid, kTestAppGid, 0770 | S_IFDIR); |
| 581 | } |
| 582 | |
| 583 | // Verify that the profile directories are fixed up during an upgrade. |
| 584 | // (The reference profile directory is prepared lazily). |
| 585 | TEST_F(ProfileTest, ProfileDirOkAfterFixup) { |
| 586 | LOG(INFO) << "ProfileDirOkAfterFixup"; |
| 587 | |
| 588 | std::string cur_profile_dir = create_primary_current_profile_package_dir_path( |
| 589 | kTestUserId, package_name_); |
| 590 | std::string cur_profile_file = create_current_profile_path(kTestUserId, package_name_, |
| 591 | /*is_secondary_dex*/false); |
| 592 | std::string ref_profile_dir = create_primary_reference_profile_package_dir_path(package_name_); |
| 593 | |
| 594 | // Simulate a pre-P setup by changing the owner to kTestAppGid and permissions to 0700. |
| 595 | ASSERT_EQ(0, chown(ref_profile_dir.c_str(), kTestAppGid, kTestAppGid)); |
| 596 | ASSERT_EQ(0, chmod(ref_profile_dir.c_str(), 0700)); |
| 597 | |
| 598 | // Run createAppData again which will offer to fix-up the profile directories. |
| 599 | ASSERT_TRUE(service_->createAppData( |
| 600 | volume_uuid_, |
| 601 | package_name_, |
| 602 | kTestUserId, |
| 603 | kAppDataFlags, |
| 604 | kTestAppUid, |
| 605 | se_info_, |
| 606 | kOSdkVersion, |
| 607 | &ce_data_inode_).isOk()); |
| 608 | |
| 609 | // Check the file access. |
| 610 | CheckFileAccess(cur_profile_dir, kTestAppUid, kTestAppUid, 0700 | S_IFDIR); |
| 611 | CheckFileAccess(cur_profile_file, kTestAppUid, kTestAppUid, 0600 | S_IFREG); |
| 612 | CheckFileAccess(ref_profile_dir, kSystemUid, kTestAppGid, 0770 | S_IFDIR); |
Calin Juravle | d2affb8 | 2017-11-28 17:41:43 -0800 | [diff] [blame] | 613 | } |
| 614 | |
Calin Juravle | 7d76546 | 2017-09-04 15:57:10 -0700 | [diff] [blame] | 615 | } // namespace installd |
| 616 | } // namespace android |