1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
|
#include "idmap.h"
#include <private/android_filesystem_config.h> // for AID_SYSTEM
#include <stdlib.h>
#include <string.h>
namespace {
const char *usage = "NAME\n\
idmap - create or display idmap files\n\
\n\
SYNOPSIS \n\
idmap --help \n\
idmap --fd target overlay fd \n\
idmap --path target overlay idmap \n\
idmap --scan dir-to-scan target-to-look-for target dir-to-hold-idmaps \n\
idmap --inspect idmap \n\
\n\
DESCRIPTION \n\
Idmap files play an integral part in the runtime resource overlay framework. An idmap \n\
file contains a mapping of resource identifiers between overlay package and its target \n\
package; this mapping is used during resource lookup. Idmap files also act as control \n\
files by their existence: if not present, the corresponding overlay package is ignored \n\
when the resource context is created. \n\
\n\
Idmap files are stored in /data/resource-cache. For each pair (target package, overlay \n\
package), there exists exactly one idmap file, or none if the overlay should not be used. \n\
\n\
NOMENCLATURE \n\
target: the original, non-overlay, package. Each target package may be associated with \n\
any number of overlay packages. \n\
\n\
overlay: an overlay package. Each overlay package is associated with exactly one target \n\
package, specified in the overlay's manifest using the <overlay target=\"...\"/> \n\
tag. \n\
\n\
OPTIONS \n\
--help: display this help \n\
\n\
--fd: create idmap for target package 'target' (path to apk) and overlay package 'overlay' \n\
(path to apk); write results to file descriptor 'fd' (integer). This invocation \n\
version is intended to be used by a parent process with higher privileges to call \n\
idmap in a controlled way: the parent will open a suitable file descriptor, fork, \n\
drop its privileges and exec. This tool will continue execution without the extra \n\
privileges, but still have write access to a file it could not have opened on its \n\
own. \n\
\n\
--path: create idmap for target package 'target' (path to apk) and overlay package \n\
'overlay' (path to apk); write results to 'idmap' (path). \n\
\n\
--scan: non-recursively search directory 'dir-to-scan' (path) for overlay packages with \n\
target package 'target-to-look-for' (package name) present at 'target' (path to \n\
apk). For each overlay package found, create an idmap file in 'dir-to-hold-idmaps' \n\
(path). \n\
\n\
--inspect: decode the binary format of 'idmap' (path) and display the contents in a \n\
debug-friendly format. \n\
\n\
EXAMPLES \n\
Create an idmap file: \n\
\n\
$ adb shell idmap --path /system/app/target.apk \\ \n\
/vendor/overlay/overlay.apk \\ \n\
/data/resource-cache/vendor@overlay@overlay.apk@idmap \n\
\n\
Display an idmap file: \n\
\n\
$ adb shell idmap --inspect /data/resource-cache/vendor@overlay@overlay.apk@idmap \n\
SECTION ENTRY VALUE COMMENT \n\
IDMAP HEADER magic 0x706d6469 \n\
base crc 0xb65a383f \n\
overlay crc 0x7b9675e8 \n\
base mtime 0x1eb47d51 \n\
overlay mtime 0x185f87a2 \n\
base path .......... /path/to/target.apk \n\
overlay path .......... /path/to/overlay.apk \n\
DATA HEADER target pkg 0x0000007f \n\
types count 0x00000003 \n\
DATA BLOCK target type 0x00000002 \n\
overlay type 0x00000002 \n\
entry count 0x00000001 \n\
entry offset 0x00000000 \n\
entry 0x00000000 drawable/drawable \n\
DATA BLOCK target type 0x00000003 \n\
overlay type 0x00000003 \n\
entry count 0x00000001 \n\
entry offset 0x00000000 \n\
entry 0x00000000 xml/integer \n\
DATA BLOCK target type 0x00000004 \n\
overlay type 0x00000004 \n\
entry count 0x00000001 \n\
entry offset 0x00000000 \n\
entry 0x00000000 raw/lorem_ipsum \n\
\n\
In this example, the overlay package provides three alternative resource values:\n\
drawable/drawable, xml/integer, and raw/lorem_ipsum \n\
\n\
NOTES \n\
This tool and its expected invocation from installd is modelled on dexopt.";
bool verify_directory_readable(const char *path)
{
return access(path, R_OK | X_OK) == 0;
}
bool verify_directory_writable(const char *path)
{
return access(path, W_OK) == 0;
}
bool verify_file_readable(const char *path)
{
return access(path, R_OK) == 0;
}
bool verify_root_or_system()
{
uid_t uid = getuid();
gid_t gid = getgid();
return (uid == 0 && gid == 0) || (uid == AID_SYSTEM && gid == AID_SYSTEM);
}
int maybe_create_fd(const char *target_apk_path, const char *overlay_apk_path,
const char *cache_path, const char *idmap_str, const char *target_hash_str,
const char *overlay_hash_str)
{
// anyone (not just root or system) may do --fd -- the file has
// already been opened by someone else on our behalf
char *endptr;
int idmap_fd = strtol(idmap_str, &endptr, 10);
if (*endptr != '\0') {
fprintf(stderr, "error: failed to parse file descriptor argument %s\n", idmap_str);
return -1;
}
if (!verify_file_readable(target_apk_path)) {
ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
return -1;
}
if (!verify_file_readable(overlay_apk_path)) {
ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno));
return -1;
}
int target_hash = strtol(target_hash_str, 0, 10);
int overlay_hash = strtol(overlay_hash_str, 0, 10);
return idmap_create_fd(target_apk_path, overlay_apk_path, cache_path, target_hash,
overlay_hash, idmap_fd);
}
int maybe_create_path(const char *target_apk_path, const char *overlay_apk_path,
const char *cache_path, const char *idmap_path, const char *target_hash_str,
const char *overlay_hash_str)
{
if (!verify_root_or_system()) {
fprintf(stderr, "error: permission denied: not user root or user system\n");
return -1;
}
if (!verify_file_readable(target_apk_path)) {
ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
return -1;
}
if (!verify_file_readable(overlay_apk_path)) {
ALOGD("error: failed to read apk %s: %s\n", overlay_apk_path, strerror(errno));
return -1;
}
int target_hash = strtol(target_hash_str, 0, 10);
int overlay_hash = strtol(overlay_hash_str, 0, 10);
return idmap_create_path(target_apk_path, overlay_apk_path, cache_path, target_hash,
overlay_hash, idmap_path);
}
int maybe_scan(const char *overlay_dir, const char *target_package_name,
const char *target_apk_path, const char *idmap_dir)
{
if (!verify_root_or_system()) {
fprintf(stderr, "error: permission denied: not user root or user system\n");
return -1;
}
if (!verify_directory_readable(overlay_dir)) {
ALOGD("error: no read access to %s: %s\n", overlay_dir, strerror(errno));
return -1;
}
if (!verify_file_readable(target_apk_path)) {
ALOGD("error: failed to read apk %s: %s\n", target_apk_path, strerror(errno));
return -1;
}
if (!verify_directory_writable(idmap_dir)) {
ALOGD("error: no write access to %s: %s\n", idmap_dir, strerror(errno));
return -1;
}
return idmap_scan(overlay_dir, target_package_name, target_apk_path, idmap_dir);
}
int maybe_inspect(const char *idmap_path)
{
// anyone (not just root or system) may do --inspect
if (!verify_file_readable(idmap_path)) {
ALOGD("error: failed to read idmap %s: %s\n", idmap_path, strerror(errno));
return -1;
}
return idmap_inspect(idmap_path);
}
}
int main(int argc, char **argv)
{
#if 0
{
char buf[1024];
buf[0] = '\0';
for (int i = 0; i < argc; ++i) {
strncat(buf, argv[i], sizeof(buf) - 1);
strncat(buf, " ", sizeof(buf) - 1);
}
ALOGD("%s:%d: uid=%d gid=%d argv=%s\n", __FILE__, __LINE__, getuid(), getgid(), buf);
}
#endif
if (argc == 2 && !strcmp(argv[1], "--help")) {
printf("%s\n", usage);
return 0;
}
if (argc == 8 && !strcmp(argv[1], "--fd")) {
return maybe_create_fd(argv[2], argv[3], argv[4], argv[5], argv[6], argv[7]);
}
if (argc == 8 && !strcmp(argv[1], "--path")) {
return maybe_create_path(argv[2], argv[3], argv[4], argv[5], argv[6], argv[7]);
}
if (argc == 6 && !strcmp(argv[1], "--scan")) {
return maybe_scan(argv[2], argv[3], argv[4], argv[5]);
}
if (argc == 3 && !strcmp(argv[1], "--inspect")) {
return maybe_inspect(argv[2]);
}
fprintf(stderr, "Usage: don't use this (cf dexopt usage).\n");
return EXIT_FAILURE;
}
|
