1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
|
/*
** Copyright 2008, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#include "installd.h"
int create_pkg_path_in_dir(char path[PKG_PATH_MAX],
const dir_rec_t* dir,
const char* pkgname,
const char* postfix)
{
const size_t postfix_len = strlen(postfix);
const size_t pkgname_len = strlen(pkgname);
if (pkgname_len > PKG_NAME_MAX) {
return -1;
}
if (is_valid_package_name(pkgname) < 0) {
return -1;
}
if ((pkgname_len + dir->len + postfix_len) >= PKG_PATH_MAX) {
return -1;
}
char *dst = path;
size_t dst_size = PKG_PATH_MAX;
if (append_and_increment(&dst, dir->path, &dst_size) < 0
|| append_and_increment(&dst, pkgname, &dst_size) < 0
|| append_and_increment(&dst, postfix, &dst_size) < 0) {
ALOGE("Error building APK path");
return -1;
}
return 0;
}
/**
* Create the package path name for a given package name with a postfix for
* a certain persona. Returns 0 on success, and -1 on failure.
*/
int create_pkg_path(char path[PKG_PATH_MAX],
const char *pkgname,
const char *postfix,
uid_t persona)
{
size_t uid_len;
char* persona_prefix;
if (persona == 0) {
persona_prefix = PRIMARY_USER_PREFIX;
uid_len = 0;
} else {
persona_prefix = SECONDARY_USER_PREFIX;
uid_len = snprintf(NULL, 0, "%d", persona);
}
const size_t prefix_len = android_data_dir.len + strlen(persona_prefix) + uid_len + 1 /*slash*/;
char prefix[prefix_len + 1];
char *dst = prefix;
size_t dst_size = sizeof(prefix);
if (append_and_increment(&dst, android_data_dir.path, &dst_size) < 0
|| append_and_increment(&dst, persona_prefix, &dst_size) < 0) {
ALOGE("Error building prefix for APK path");
return -1;
}
if (persona != 0) {
int ret = snprintf(dst, dst_size, "%d/", persona);
if (ret < 0 || (size_t) ret != uid_len + 1) {
ALOGW("Error appending UID to APK path");
return -1;
}
}
dir_rec_t dir;
dir.path = prefix;
dir.len = prefix_len;
return create_pkg_path_in_dir(path, &dir, pkgname, postfix);
}
/**
* Create the path name for user data for a certain persona.
* Returns 0 on success, and -1 on failure.
*/
int create_persona_path(char path[PKG_PATH_MAX],
uid_t persona)
{
size_t uid_len;
char* persona_prefix;
if (persona == 0) {
persona_prefix = PRIMARY_USER_PREFIX;
uid_len = 0;
} else {
persona_prefix = SECONDARY_USER_PREFIX;
uid_len = snprintf(NULL, 0, "%d/", persona);
}
char *dst = path;
size_t dst_size = PKG_PATH_MAX;
if (append_and_increment(&dst, android_data_dir.path, &dst_size) < 0
|| append_and_increment(&dst, persona_prefix, &dst_size) < 0) {
ALOGE("Error building prefix for user path");
return -1;
}
if (persona != 0) {
if (dst_size < uid_len + 1) {
ALOGE("Error building user path");
return -1;
}
int ret = snprintf(dst, dst_size, "%d/", persona);
if (ret < 0 || (size_t) ret != uid_len) {
ALOGE("Error appending persona id to path");
return -1;
}
}
return 0;
}
int create_move_path(char path[PKG_PATH_MAX],
const char* pkgname,
const char* leaf,
uid_t persona)
{
if ((android_data_dir.len + strlen(PRIMARY_USER_PREFIX) + strlen(pkgname) + strlen(leaf) + 1)
>= PKG_PATH_MAX) {
return -1;
}
sprintf(path, "%s%s%s/%s", android_data_dir.path, PRIMARY_USER_PREFIX, pkgname, leaf);
return 0;
}
/**
* Checks whether the package name is valid. Returns -1 on error and
* 0 on success.
*/
int is_valid_package_name(const char* pkgname) {
const char *x = pkgname;
int alpha = -1;
while (*x) {
if (isalnum(*x) || (*x == '_')) {
/* alphanumeric or underscore are fine */
} else if (*x == '.') {
if ((x == pkgname) || (x[1] == '.') || (x[1] == 0)) {
/* periods must not be first, last, or doubled */
ALOGE("invalid package name '%s'\n", pkgname);
return -1;
}
} else if (*x == '-') {
/* Suffix -X is fine to let versioning of packages.
But whatever follows should be alphanumeric.*/
alpha = 1;
} else {
/* anything not A-Z, a-z, 0-9, _, or . is invalid */
ALOGE("invalid package name '%s'\n", pkgname);
return -1;
}
x++;
}
if (alpha == 1) {
// Skip current character
x++;
while (*x) {
if (!isalnum(*x)) {
ALOGE("invalid package name '%s' should include only numbers after -\n", pkgname);
return -1;
}
x++;
}
}
return 0;
}
static int _delete_dir_contents(DIR *d, const char *ignore)
{
int result = 0;
struct dirent *de;
int dfd;
dfd = dirfd(d);
if (dfd < 0) return -1;
while ((de = readdir(d))) {
const char *name = de->d_name;
/* skip the ignore name if provided */
if (ignore && !strcmp(name, ignore)) continue;
if (de->d_type == DT_DIR) {
int r, subfd;
DIR *subdir;
/* always skip "." and ".." */
if (name[0] == '.') {
if (name[1] == 0) continue;
if ((name[1] == '.') && (name[2] == 0)) continue;
}
subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
if (subfd < 0) {
ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
result = -1;
continue;
}
subdir = fdopendir(subfd);
if (subdir == NULL) {
ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
close(subfd);
result = -1;
continue;
}
if (_delete_dir_contents(subdir, 0)) {
result = -1;
}
closedir(subdir);
if (unlinkat(dfd, name, AT_REMOVEDIR) < 0) {
ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
result = -1;
}
} else {
if (unlinkat(dfd, name, 0) < 0) {
ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
result = -1;
}
}
}
return result;
}
int delete_dir_contents(const char *pathname,
int also_delete_dir,
const char *ignore)
{
int res = 0;
DIR *d;
d = opendir(pathname);
if (d == NULL) {
ALOGE("Couldn't opendir %s: %s\n", pathname, strerror(errno));
return -errno;
}
res = _delete_dir_contents(d, ignore);
closedir(d);
if (also_delete_dir) {
if (rmdir(pathname)) {
ALOGE("Couldn't rmdir %s: %s\n", pathname, strerror(errno));
res = -1;
}
}
return res;
}
int delete_dir_contents_fd(int dfd, const char *name)
{
int fd, res;
DIR *d;
fd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
if (fd < 0) {
ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
return -1;
}
d = fdopendir(fd);
if (d == NULL) {
ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
close(fd);
return -1;
}
res = _delete_dir_contents(d, 0);
closedir(d);
return res;
}
/**
* Checks whether a path points to a system app (.apk file). Returns 0
* if it is a system app or -1 if it is not.
*/
int validate_system_app_path(const char* path) {
size_t i;
for (i = 0; i < android_system_dirs.count; i++) {
const size_t dir_len = android_system_dirs.dirs[i].len;
if (!strncmp(path, android_system_dirs.dirs[i].path, dir_len)) {
if (path[dir_len] == '.' || strchr(path + dir_len, '/') != NULL) {
ALOGE("invalid system apk path '%s' (trickery)\n", path);
return -1;
}
return 0;
}
}
return -1;
}
/**
* Get the contents of a environment variable that contains a path. Caller
* owns the string that is inserted into the directory record. Returns
* 0 on success and -1 on error.
*/
int get_path_from_env(dir_rec_t* rec, const char* var) {
const char* path = getenv(var);
int ret = get_path_from_string(rec, path);
if (ret < 0) {
ALOGW("Problem finding value for environment variable %s\n", var);
}
return ret;
}
/**
* Puts the string into the record as a directory. Appends '/' to the end
* of all paths. Caller owns the string that is inserted into the directory
* record. A null value will result in an error.
*
* Returns 0 on success and -1 on error.
*/
int get_path_from_string(dir_rec_t* rec, const char* path) {
if (path == NULL) {
return -1;
} else {
const size_t path_len = strlen(path);
if (path_len <= 0) {
return -1;
}
// Make sure path is absolute.
if (path[0] != '/') {
return -1;
}
if (path[path_len - 1] == '/') {
// Path ends with a forward slash. Make our own copy.
rec->path = strdup(path);
if (rec->path == NULL) {
return -1;
}
rec->len = path_len;
} else {
// Path does not end with a slash. Generate a new string.
char *dst;
// Add space for slash and terminating null.
size_t dst_size = path_len + 2;
rec->path = malloc(dst_size);
if (rec->path == NULL) {
return -1;
}
dst = rec->path;
if (append_and_increment(&dst, path, &dst_size) < 0
|| append_and_increment(&dst, "/", &dst_size)) {
ALOGE("Error canonicalizing path");
return -1;
}
rec->len = dst - rec->path;
}
}
return 0;
}
int copy_and_append(dir_rec_t* dst, const dir_rec_t* src, const char* suffix) {
dst->len = src->len + strlen(suffix);
const size_t dstSize = dst->len + 1;
dst->path = (char*) malloc(dstSize);
if (dst->path == NULL
|| snprintf(dst->path, dstSize, "%s%s", src->path, suffix)
!= (ssize_t) dst->len) {
ALOGE("Could not allocate memory to hold appended path; aborting\n");
return -1;
}
return 0;
}
/**
* Check whether path points to a valid path for an APK file. An ASEC
* directory is allowed to have one level of subdirectory names. Returns -1
* when an invalid path is encountered and 0 when a valid path is encountered.
*/
int validate_apk_path(const char *path)
{
int allowsubdir = 0;
char *subdir = NULL;
size_t dir_len;
size_t path_len;
if (!strncmp(path, android_app_dir.path, android_app_dir.len)) {
dir_len = android_app_dir.len;
} else if (!strncmp(path, android_app_private_dir.path, android_app_private_dir.len)) {
dir_len = android_app_private_dir.len;
} else if (!strncmp(path, android_asec_dir.path, android_asec_dir.len)) {
dir_len = android_asec_dir.len;
allowsubdir = 1;
} else {
ALOGE("invalid apk path '%s' (bad prefix)\n", path);
return -1;
}
path_len = strlen(path);
/*
* Only allow the path to have a subdirectory if it's been marked as being allowed.
*/
if ((subdir = strchr(path + dir_len, '/')) != NULL) {
++subdir;
if (!allowsubdir
|| (path_len > (size_t) (subdir - path) && (strchr(subdir, '/') != NULL))) {
ALOGE("invalid apk path '%s' (subdir?)\n", path);
return -1;
}
}
/*
* Directories can't have a period directly after the directory markers
* to prevent ".."
*/
if (path[dir_len] == '.'
|| (subdir != NULL && ((*subdir == '.') || (strchr(subdir, '/') != NULL)))) {
ALOGE("invalid apk path '%s' (trickery)\n", path);
return -1;
}
return 0;
}
int append_and_increment(char** dst, const char* src, size_t* dst_size) {
ssize_t ret = strlcpy(*dst, src, *dst_size);
if (ret < 0 || (size_t) ret >= *dst_size) {
return -1;
}
*dst += ret;
*dst_size -= ret;
return 0;
}
char *build_string2(char *s1, char *s2) {
if (s1 == NULL || s2 == NULL) return NULL;
int len_s1 = strlen(s1);
int len_s2 = strlen(s2);
int len = len_s1 + len_s2 + 1;
char *result = malloc(len);
if (result == NULL) return NULL;
strcpy(result, s1);
strcpy(result + len_s1, s2);
return result;
}
char *build_string3(char *s1, char *s2, char *s3) {
if (s1 == NULL || s2 == NULL || s3 == NULL) return NULL;
int len_s1 = strlen(s1);
int len_s2 = strlen(s2);
int len_s3 = strlen(s3);
int len = len_s1 + len_s2 + len_s3 + 1;
char *result = malloc(len);
if (result == NULL) return NULL;
strcpy(result, s1);
strcpy(result + len_s1, s2);
strcpy(result + len_s1 + len_s2, s3);
return result;
}
|
