diff options
Diffstat (limited to 'cmds/installd')
| -rw-r--r-- | cmds/installd/Android.mk | 33 | ||||
| -rw-r--r-- | cmds/installd/commands.c | 680 | ||||
| -rw-r--r-- | cmds/installd/installd.c | 172 | ||||
| -rw-r--r-- | cmds/installd/installd.h | 32 | ||||
| -rw-r--r-- | cmds/installd/tests/Android.mk | 2 | ||||
| -rw-r--r-- | cmds/installd/tests/installd_utils_test.cpp | 58 | ||||
| -rw-r--r-- | cmds/installd/utils.c | 278 |
7 files changed, 1024 insertions, 231 deletions
diff --git a/cmds/installd/Android.mk b/cmds/installd/Android.mk index e11b4f8..8224e94 100644 --- a/cmds/installd/Android.mk +++ b/cmds/installd/Android.mk @@ -1,21 +1,18 @@ LOCAL_PATH := $(call my-dir) -common_src_files := \ - commands.c utils.c +common_src_files := commands.c utils.c +common_cflags := -Wall -Werror # # Static library used in testing and executable # include $(CLEAR_VARS) - -LOCAL_SRC_FILES := \ - $(common_src_files) - LOCAL_MODULE := libinstalld - LOCAL_MODULE_TAGS := eng tests - +LOCAL_SRC_FILES := $(common_src_files) +LOCAL_CFLAGS := $(common_cflags) +LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Android.mk include $(BUILD_STATIC_LIBRARY) # @@ -23,21 +20,11 @@ include $(BUILD_STATIC_LIBRARY) # include $(CLEAR_VARS) - -LOCAL_SRC_FILES := \ - installd.c \ - $(common_src_files) - -LOCAL_SHARED_LIBRARIES := \ - libcutils \ - liblog \ - libselinux - -LOCAL_STATIC_LIBRARIES := \ - libdiskusage - LOCAL_MODULE := installd - LOCAL_MODULE_TAGS := optional - +LOCAL_CFLAGS := $(common_cflags) +LOCAL_SRC_FILES := installd.c $(common_src_files) +LOCAL_SHARED_LIBRARIES := libcutils liblog libselinux +LOCAL_STATIC_LIBRARIES := libdiskusage +LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Android.mk include $(BUILD_EXECUTABLE) diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c index e9d6b15..fc3972e 100644 --- a/cmds/installd/commands.c +++ b/cmds/installd/commands.c @@ -1,21 +1,23 @@ /* ** Copyright 2008, The Android Open Source Project ** -** Licensed under the Apache License, Version 2.0 (the "License"); -** you may not use this file except in compliance with the License. -** You may obtain a copy of the License at +** Licensed under the Apache License, Version 2.0 (the "License"); +** you may not use this file except in compliance with the License. +** You may obtain a copy of the License at ** -** http://www.apache.org/licenses/LICENSE-2.0 +** http://www.apache.org/licenses/LICENSE-2.0 ** -** Unless required by applicable law or agreed to in writing, software -** distributed under the License is distributed on an "AS IS" BASIS, -** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -** See the License for the specific language governing permissions and +** Unless required by applicable law or agreed to in writing, software +** distributed under the License is distributed on an "AS IS" BASIS, +** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +** See the License for the specific language governing permissions and ** limitations under the License. */ +#include <inttypes.h> #include <sys/capability.h> #include "installd.h" +#include <cutils/sched_policy.h> #include <diskusage/dirsize.h> #include <selinux/android.h> @@ -72,7 +74,7 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo) } } else { if (S_ISDIR(libStat.st_mode)) { - if (delete_dir_contents(libsymlink, 1, 0) < 0) { + if (delete_dir_contents(libsymlink, 1, NULL) < 0) { ALOGE("couldn't delete lib directory during install for: %s", libsymlink); return -1; } @@ -84,6 +86,13 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo) } } + if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) { + ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); + unlink(libsymlink); + unlink(pkgdir); + return -errno; + } + if (symlink(applibdir, libsymlink) < 0) { ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir, strerror(errno)); @@ -91,13 +100,6 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo) return -1; } - if (selinux_android_setfilecon2(pkgdir, pkgname, seinfo, uid) < 0) { - ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); - unlink(libsymlink); - unlink(pkgdir); - return -errno; - } - if (chown(pkgdir, uid, gid) < 0) { ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink); @@ -115,6 +117,8 @@ int uninstall(const char *pkgname, userid_t userid) if (create_pkg_path(pkgdir, pkgname, PKG_DIR_POSTFIX, userid)) return -1; + remove_profile_file(pkgname); + /* delete contents AND directory, no exceptions */ return delete_dir_contents(pkgdir, 1, NULL); } @@ -155,7 +159,7 @@ int fix_uid(const char *pkgname, uid_t uid, gid_t gid) if (stat(pkgdir, &s) < 0) return -1; if (s.st_uid != 0 || s.st_gid != 0) { - ALOGE("fixing uid of non-root pkg: %s %lu %lu\n", pkgdir, s.st_uid, s.st_gid); + ALOGE("fixing uid of non-root pkg: %s %" PRIu32 " %" PRIu32 "\n", pkgdir, s.st_uid, s.st_gid); return -1; } @@ -180,8 +184,7 @@ int delete_user_data(const char *pkgname, userid_t userid) if (create_pkg_path(pkgdir, pkgname, PKG_DIR_POSTFIX, userid)) return -1; - /* delete contents, excluding "lib", but not the directory itself */ - return delete_dir_contents(pkgdir, 0, "lib"); + return delete_dir_contents(pkgdir, 0, NULL); } int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char* seinfo) @@ -222,7 +225,7 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char* } } else { if (S_ISDIR(libStat.st_mode)) { - if (delete_dir_contents(libsymlink, 1, 0) < 0) { + if (delete_dir_contents(libsymlink, 1, NULL) < 0) { ALOGE("couldn't delete lib directory during install for non-primary: %s", libsymlink); unlink(pkgdir); @@ -238,6 +241,13 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char* } } + if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) { + ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); + unlink(libsymlink); + unlink(pkgdir); + return -errno; + } + if (symlink(applibdir, libsymlink) < 0) { ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink, applibdir, strerror(errno)); @@ -245,13 +255,6 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char* return -1; } - if (selinux_android_setfilecon2(pkgdir, pkgname, seinfo, uid) < 0) { - ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); - unlink(libsymlink); - unlink(pkgdir); - return -errno; - } - if (chown(pkgdir, uid, uid) < 0) { ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink); @@ -262,25 +265,38 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char* return 0; } -int delete_user(userid_t userid) +int make_user_config(userid_t userid) { - char data_path[PKG_PATH_MAX]; - if (create_user_path(data_path, userid)) { + if (ensure_config_user_dirs(userid) == -1) { return -1; } - if (delete_dir_contents(data_path, 1, NULL)) { - return -1; + + return 0; +} + +int delete_user(userid_t userid) +{ + int status = 0; + + char data_path[PKG_PATH_MAX]; + if ((create_user_path(data_path, userid) != 0) + || (delete_dir_contents(data_path, 1, NULL) != 0)) { + status = -1; } char media_path[PATH_MAX]; - if (create_user_media_path(media_path, userid) == -1) { - return -1; + if ((create_user_media_path(media_path, userid) != 0) + || (delete_dir_contents(media_path, 1, NULL) != 0)) { + status = -1; } - if (delete_dir_contents(media_path, 1, NULL) == -1) { - return -1; + + char config_path[PATH_MAX]; + if ((create_user_config_path(config_path, userid) != 0) + || (delete_dir_contents(config_path, 1, NULL) != 0)) { + status = -1; } - return 0; + return status; } int delete_cache(const char *pkgname, userid_t userid) @@ -290,8 +306,25 @@ int delete_cache(const char *pkgname, userid_t userid) if (create_pkg_path(cachedir, pkgname, CACHE_DIR_POSTFIX, userid)) return -1; - /* delete contents, not the directory, no exceptions */ - return delete_dir_contents(cachedir, 0, 0); + /* delete contents, not the directory, no exceptions */ + return delete_dir_contents(cachedir, 0, NULL); +} + +int delete_code_cache(const char *pkgname, userid_t userid) +{ + char codecachedir[PKG_PATH_MAX]; + struct stat s; + + if (create_pkg_path(codecachedir, pkgname, CODE_CACHE_DIR_POSTFIX, userid)) + return -1; + + /* it's okay if code cache is missing */ + if (lstat(codecachedir, &s) == -1 && errno == ENOENT) { + return 0; + } + + /* delete contents, not the directory, no exceptions */ + return delete_dir_contents(codecachedir, 0, NULL); } /* Try to ensure free_size bytes of storage are available. @@ -384,16 +417,22 @@ int free_cache(int64_t free_size) return data_disk_free() >= free_size ? 0 : -1; } -int move_dex(const char *src, const char *dst) +int move_dex(const char *src, const char *dst, const char *instruction_set) { char src_dex[PKG_PATH_MAX]; char dst_dex[PKG_PATH_MAX]; - if (validate_apk_path(src)) return -1; - if (validate_apk_path(dst)) return -1; + if (validate_apk_path(src)) { + ALOGE("invalid apk path '%s' (bad prefix)\n", src); + return -1; + } + if (validate_apk_path(dst)) { + ALOGE("invalid apk path '%s' (bad prefix)\n", dst); + return -1; + } - if (create_cache_path(src_dex, src)) return -1; - if (create_cache_path(dst_dex, dst)) return -1; + if (create_cache_path(src_dex, src, instruction_set)) return -1; + if (create_cache_path(dst_dex, dst, instruction_set)) return -1; ALOGV("move %s -> %s\n", src_dex, dst_dex); if (rename(src_dex, dst_dex) < 0) { @@ -404,16 +443,22 @@ int move_dex(const char *src, const char *dst) } } -int rm_dex(const char *path) +int rm_dex(const char *path, const char *instruction_set) { char dex_path[PKG_PATH_MAX]; - if (validate_apk_path(path)) return -1; - if (create_cache_path(dex_path, path)) return -1; + if (validate_apk_path(path) && validate_system_app_path(path)) { + ALOGE("invalid apk path '%s' (bad prefix)\n", path); + return -1; + } + + if (create_cache_path(dex_path, path, instruction_set)) return -1; ALOGV("unlink %s\n", dex_path); if (unlink(dex_path) < 0) { - ALOGE("Couldn't unlink %s: %s\n", dex_path, strerror(errno)); + if (errno != ENOENT) { + ALOGE("Couldn't unlink %s: %s\n", dex_path, strerror(errno)); + } return -1; } else { return 0; @@ -422,8 +467,8 @@ int rm_dex(const char *path) int get_size(const char *pkgname, userid_t userid, const char *apkpath, const char *libdirpath, const char *fwdlock_apkpath, const char *asecpath, - int64_t *_codesize, int64_t *_datasize, int64_t *_cachesize, - int64_t* _asecsize) + const char *instruction_set, int64_t *_codesize, int64_t *_datasize, + int64_t *_cachesize, int64_t* _asecsize) { DIR *d; int dfd; @@ -453,7 +498,7 @@ int get_size(const char *pkgname, userid_t userid, const char *apkpath, } } /* count the cached dexfile as code */ - if (!create_cache_path(path, apkpath)) { + if (!create_cache_path(path, apkpath, instruction_set)) { if (stat(path, &s) == 0) { codesize += stat_size(&s); } @@ -539,8 +584,7 @@ done: return 0; } - -int create_cache_path(char path[PKG_PATH_MAX], const char *src) +int create_cache_path(char path[PKG_PATH_MAX], const char *src, const char *instruction_set) { char *tmp; int srclen; @@ -557,19 +601,21 @@ int create_cache_path(char path[PKG_PATH_MAX], const char *src) return -1; } - dstlen = srclen + strlen(DALVIK_CACHE_PREFIX) + - strlen(DALVIK_CACHE_POSTFIX) + 1; - + dstlen = srclen + strlen(DALVIK_CACHE_PREFIX) + + strlen(instruction_set) + + strlen(DALVIK_CACHE_POSTFIX) + 2; + if (dstlen > PKG_PATH_MAX) { return -1; } - sprintf(path,"%s%s%s", + sprintf(path,"%s%s/%s%s", DALVIK_CACHE_PREFIX, + instruction_set, src + 1, /* skip the leading / */ DALVIK_CACHE_POSTFIX); - - for(tmp = path + strlen(DALVIK_CACHE_PREFIX); *tmp; tmp++) { + + for(tmp = path + strlen(DALVIK_CACHE_PREFIX) + strlen(instruction_set) + 1; *tmp; tmp++) { if (*tmp == '/') { *tmp = '@'; } @@ -579,8 +625,13 @@ int create_cache_path(char path[PKG_PATH_MAX], const char *src) } static void run_dexopt(int zip_fd, int odex_fd, const char* input_file_name, - const char* output_file_name, const char* dexopt_flags) + const char* output_file_name) { + /* platform-specific flags affecting optimization and verification */ + char dexopt_flags[PROPERTY_VALUE_MAX]; + property_get("dalvik.vm.dexopt-flags", dexopt_flags, ""); + ALOGV("dalvik.vm.dexopt-flags=%s\n", dexopt_flags); + static const char* DEX_OPT_BIN = "/system/bin/dexopt"; static const int MAX_INT_LEN = 12; // '-'+10dig+'\0' -OR- 0x+8dig char zip_num[MAX_INT_LEN]; @@ -595,37 +646,199 @@ static void run_dexopt(int zip_fd, int odex_fd, const char* input_file_name, ALOGE("execl(%s) failed: %s\n", DEX_OPT_BIN, strerror(errno)); } +static void run_patchoat(int input_fd, int oat_fd, const char* input_file_name, + const char* output_file_name, const char *pkgname, const char *instruction_set) +{ + static const int MAX_INT_LEN = 12; // '-'+10dig+'\0' -OR- 0x+8dig + static const unsigned int MAX_INSTRUCTION_SET_LEN = 7; + + static const char* PATCHOAT_BIN = "/system/bin/patchoat"; + if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) { + ALOGE("Instruction set %s longer than max length of %d", + instruction_set, MAX_INSTRUCTION_SET_LEN); + return; + } + + /* input_file_name/input_fd should be the .odex/.oat file that is precompiled. I think*/ + char instruction_set_arg[strlen("--instruction-set=") + MAX_INSTRUCTION_SET_LEN]; + char output_oat_fd_arg[strlen("--output-oat-fd=") + MAX_INT_LEN]; + char input_oat_fd_arg[strlen("--input-oat-fd=") + MAX_INT_LEN]; + const char* patched_image_location_arg = "--patched-image-location=/system/framework/boot.art"; + // The caller has already gotten all the locks we need. + const char* no_lock_arg = "--no-lock-output"; + sprintf(instruction_set_arg, "--instruction-set=%s", instruction_set); + sprintf(output_oat_fd_arg, "--output-oat-fd=%d", oat_fd); + sprintf(input_oat_fd_arg, "--input-oat-fd=%d", input_fd); + ALOGE("Running %s isa=%s in-fd=%d (%s) out-fd=%d (%s)\n", + PATCHOAT_BIN, instruction_set, input_fd, input_file_name, oat_fd, output_file_name); + + /* patchoat, patched-image-location, no-lock, isa, input-fd, output-fd */ + char* argv[7]; + argv[0] = (char*) PATCHOAT_BIN; + argv[1] = (char*) patched_image_location_arg; + argv[2] = (char*) no_lock_arg; + argv[3] = instruction_set_arg; + argv[4] = output_oat_fd_arg; + argv[5] = input_oat_fd_arg; + argv[6] = NULL; + + execv(PATCHOAT_BIN, (char* const *)argv); + ALOGE("execv(%s) failed: %s\n", PATCHOAT_BIN, strerror(errno)); +} + static void run_dex2oat(int zip_fd, int oat_fd, const char* input_file_name, - const char* output_file_name, const char* dexopt_flags) + const char* output_file_name, const char *pkgname, const char *instruction_set, + bool vm_safe_mode) { + static const unsigned int MAX_INSTRUCTION_SET_LEN = 7; + + if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) { + ALOGE("Instruction set %s longer than max length of %d", + instruction_set, MAX_INSTRUCTION_SET_LEN); + return; + } + + char prop_buf[PROPERTY_VALUE_MAX]; + bool profiler = (property_get("dalvik.vm.profiler", prop_buf, "0") > 0) && (prop_buf[0] == '1'); + + char dex2oat_Xms_flag[PROPERTY_VALUE_MAX]; + bool have_dex2oat_Xms_flag = property_get("dalvik.vm.dex2oat-Xms", dex2oat_Xms_flag, NULL) > 0; + + char dex2oat_Xmx_flag[PROPERTY_VALUE_MAX]; + bool have_dex2oat_Xmx_flag = property_get("dalvik.vm.dex2oat-Xmx", dex2oat_Xmx_flag, NULL) > 0; + + char dex2oat_compiler_filter_flag[PROPERTY_VALUE_MAX]; + bool have_dex2oat_compiler_filter_flag = property_get("dalvik.vm.dex2oat-filter", + dex2oat_compiler_filter_flag, NULL) > 0; + + char dex2oat_isa_features_key[PROPERTY_KEY_MAX]; + sprintf(dex2oat_isa_features_key, "dalvik.vm.isa.%s.features", instruction_set); + char dex2oat_isa_features[PROPERTY_VALUE_MAX]; + bool have_dex2oat_isa_features = property_get(dex2oat_isa_features_key, + dex2oat_isa_features, NULL) > 0; + + char dex2oat_flags[PROPERTY_VALUE_MAX]; + bool have_dex2oat_flags = property_get("dalvik.vm.dex2oat-flags", dex2oat_flags, NULL) > 0; + ALOGV("dalvik.vm.dex2oat-flags=%s\n", dex2oat_flags); + + // If we booting without the real /data, don't spend time compiling. + char vold_decrypt[PROPERTY_VALUE_MAX]; + bool have_vold_decrypt = property_get("vold.decrypt", vold_decrypt, "") > 0; + bool skip_compilation = (have_vold_decrypt && + (strcmp(vold_decrypt, "trigger_restart_min_framework") == 0 || + (strcmp(vold_decrypt, "1") == 0))); + static const char* DEX2OAT_BIN = "/system/bin/dex2oat"; + + static const char* RUNTIME_ARG = "--runtime-arg"; + static const int MAX_INT_LEN = 12; // '-'+10dig+'\0' -OR- 0x+8dig + char zip_fd_arg[strlen("--zip-fd=") + MAX_INT_LEN]; char zip_location_arg[strlen("--zip-location=") + PKG_PATH_MAX]; char oat_fd_arg[strlen("--oat-fd=") + MAX_INT_LEN]; - char oat_location_arg[strlen("--oat-name=") + PKG_PATH_MAX]; + char oat_location_arg[strlen("--oat-location=") + PKG_PATH_MAX]; + char instruction_set_arg[strlen("--instruction-set=") + MAX_INSTRUCTION_SET_LEN]; + char instruction_set_features_arg[strlen("--instruction-set-features=") + PROPERTY_VALUE_MAX]; + char profile_file_arg[strlen("--profile-file=") + PKG_PATH_MAX]; + char top_k_profile_threshold_arg[strlen("--top-k-profile-threshold=") + PROPERTY_VALUE_MAX]; + char dex2oat_Xms_arg[strlen("-Xms") + PROPERTY_VALUE_MAX]; + char dex2oat_Xmx_arg[strlen("-Xmx") + PROPERTY_VALUE_MAX]; + char dex2oat_compiler_filter_arg[strlen("--compiler-filter=") + PROPERTY_VALUE_MAX]; sprintf(zip_fd_arg, "--zip-fd=%d", zip_fd); sprintf(zip_location_arg, "--zip-location=%s", input_file_name); sprintf(oat_fd_arg, "--oat-fd=%d", oat_fd); sprintf(oat_location_arg, "--oat-location=%s", output_file_name); + sprintf(instruction_set_arg, "--instruction-set=%s", instruction_set); + sprintf(instruction_set_features_arg, "--instruction-set-features=%s", dex2oat_isa_features); + + bool have_profile_file = false; + bool have_top_k_profile_threshold = false; + if (profiler && (strcmp(pkgname, "*") != 0)) { + char profile_file[PKG_PATH_MAX]; + snprintf(profile_file, sizeof(profile_file), "%s/%s", + DALVIK_CACHE_PREFIX "profiles", pkgname); + struct stat st; + if ((stat(profile_file, &st) == 0) && (st.st_size > 0)) { + sprintf(profile_file_arg, "--profile-file=%s", profile_file); + have_profile_file = true; + if (property_get("dalvik.vm.profile.top-k-thr", prop_buf, NULL) > 0) { + snprintf(top_k_profile_threshold_arg, sizeof(top_k_profile_threshold_arg), + "--top-k-profile-threshold=%s", prop_buf); + have_top_k_profile_threshold = true; + } + } + } + + if (have_dex2oat_Xms_flag) { + sprintf(dex2oat_Xms_arg, "-Xms%s", dex2oat_Xms_flag); + } + if (have_dex2oat_Xmx_flag) { + sprintf(dex2oat_Xmx_arg, "-Xmx%s", dex2oat_Xmx_flag); + } + if (skip_compilation) { + strcpy(dex2oat_compiler_filter_arg, "--compiler-filter=verify-none"); + have_dex2oat_compiler_filter_flag = true; + } else if (vm_safe_mode) { + strcpy(dex2oat_compiler_filter_arg, "--compiler-filter=interpret-only"); + have_dex2oat_compiler_filter_flag = true; + } else if (have_dex2oat_compiler_filter_flag) { + sprintf(dex2oat_compiler_filter_arg, "--compiler-filter=%s", dex2oat_compiler_filter_flag); + } ALOGV("Running %s in=%s out=%s\n", DEX2OAT_BIN, input_file_name, output_file_name); - execl(DEX2OAT_BIN, DEX2OAT_BIN, - zip_fd_arg, zip_location_arg, - oat_fd_arg, oat_location_arg, - (char*) NULL); + + char* argv[7 // program name, mandatory arguments and the final NULL + + (have_dex2oat_isa_features ? 1 : 0) + + (have_profile_file ? 1 : 0) + + (have_top_k_profile_threshold ? 1 : 0) + + (have_dex2oat_Xms_flag ? 2 : 0) + + (have_dex2oat_Xmx_flag ? 2 : 0) + + (have_dex2oat_compiler_filter_flag ? 1 : 0) + + (have_dex2oat_flags ? 1 : 0)]; + int i = 0; + argv[i++] = (char*)DEX2OAT_BIN; + argv[i++] = zip_fd_arg; + argv[i++] = zip_location_arg; + argv[i++] = oat_fd_arg; + argv[i++] = oat_location_arg; + argv[i++] = instruction_set_arg; + if (have_dex2oat_isa_features) { + argv[i++] = instruction_set_features_arg; + } + if (have_profile_file) { + argv[i++] = profile_file_arg; + } + if (have_top_k_profile_threshold) { + argv[i++] = top_k_profile_threshold_arg; + } + if (have_dex2oat_Xms_flag) { + argv[i++] = (char*)RUNTIME_ARG; + argv[i++] = dex2oat_Xms_arg; + } + if (have_dex2oat_Xmx_flag) { + argv[i++] = (char*)RUNTIME_ARG; + argv[i++] = dex2oat_Xmx_arg; + } + if (have_dex2oat_compiler_filter_flag) { + argv[i++] = dex2oat_compiler_filter_arg; + } + if (have_dex2oat_flags) { + argv[i++] = dex2oat_flags; + } + // Do not add after dex2oat_flags, they should override others for debugging. + argv[i] = NULL; + + execv(DEX2OAT_BIN, (char* const *)argv); ALOGE("execl(%s) failed: %s\n", DEX2OAT_BIN, strerror(errno)); } -static int wait_dexopt(pid_t pid, const char* apk_path) +static int wait_child(pid_t pid) { int status; pid_t got_pid; - /* - * Wait for the optimization process to finish. - */ while (1) { got_pid = waitpid(pid, &status, 0); if (got_pid == -1 && errno == EINTR) { @@ -641,54 +854,83 @@ static int wait_dexopt(pid_t pid, const char* apk_path) } if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { - ALOGV("DexInv: --- END '%s' (success) ---\n", apk_path); return 0; } else { - ALOGW("DexInv: --- END '%s' --- status=0x%04x, process failed\n", - apk_path, status); return status; /* always nonzero */ } } -int dexopt(const char *apk_path, uid_t uid, int is_public) +int dexopt(const char *apk_path, uid_t uid, bool is_public, + const char *pkgname, const char *instruction_set, + bool vm_safe_mode, bool is_patchoat) { struct utimbuf ut; - struct stat apk_stat, dex_stat; + struct stat input_stat, dex_stat; char out_path[PKG_PATH_MAX]; - char dexopt_flags[PROPERTY_VALUE_MAX]; char persist_sys_dalvik_vm_lib[PROPERTY_VALUE_MAX]; char *end; - int res, zip_fd=-1, out_fd=-1; + const char *input_file; + char in_odex_path[PKG_PATH_MAX]; + int res, input_fd=-1, out_fd=-1; if (strlen(apk_path) >= (PKG_PATH_MAX - 8)) { return -1; } - /* platform-specific flags affecting optimization and verification */ - property_get("dalvik.vm.dexopt-flags", dexopt_flags, ""); - ALOGV("dalvik.vm.dexopt_flags=%s\n", dexopt_flags); + /* The command to run depend on the value of persist.sys.dalvik.vm.lib */ + property_get("persist.sys.dalvik.vm.lib.2", persist_sys_dalvik_vm_lib, "libart.so"); - /* The command to run depend ones the value of persist.sys.dalvik.vm.lib */ - property_get("persist.sys.dalvik.vm.lib", persist_sys_dalvik_vm_lib, "libdvm.so"); + if (is_patchoat && strncmp(persist_sys_dalvik_vm_lib, "libart", 6) != 0) { + /* We may only patch if we are libart */ + ALOGE("Patching is only supported in libart\n"); + return -1; + } /* Before anything else: is there a .odex file? If so, we have * precompiled the apk and there is nothing to do here. + * + * We skip this if we are doing a patchoat. */ - sprintf(out_path, "%s%s", apk_path, ".odex"); - if (stat(out_path, &dex_stat) == 0) { - return 0; + strcpy(out_path, apk_path); + end = strrchr(out_path, '.'); + if (end != NULL && !is_patchoat) { + strcpy(end, ".odex"); + if (stat(out_path, &dex_stat) == 0) { + return 0; + } } - if (create_cache_path(out_path, apk_path)) { + if (create_cache_path(out_path, apk_path, instruction_set)) { return -1; } - memset(&apk_stat, 0, sizeof(apk_stat)); - stat(apk_path, &apk_stat); + if (is_patchoat) { + /* /system/framework/whatever.jar -> /system/framework/<isa>/whatever.odex */ + strcpy(in_odex_path, apk_path); + end = strrchr(in_odex_path, '/'); + if (end == NULL) { + ALOGE("apk_path '%s' has no '/'s in it?!\n", apk_path); + return -1; + } + const char *apk_end = apk_path + (end - in_odex_path); // strrchr(apk_path, '/'); + strcpy(end + 1, instruction_set); // in_odex_path now is /system/framework/<isa>\0 + strcat(in_odex_path, apk_end); + end = strrchr(in_odex_path, '.'); + if (end == NULL) { + return -1; + } + strcpy(end + 1, "odex"); + input_file = in_odex_path; + } else { + input_file = apk_path; + } + + memset(&input_stat, 0, sizeof(input_stat)); + stat(input_file, &input_stat); - zip_fd = open(apk_path, O_RDONLY, 0); - if (zip_fd < 0) { - ALOGE("installd cannot open '%s' for input during dexopt\n", apk_path); + input_fd = open(input_file, O_RDONLY, 0); + if (input_fd < 0) { + ALOGE("installd cannot open '%s' for input during dexopt\n", input_file); return -1; } @@ -709,7 +951,13 @@ int dexopt(const char *apk_path, uid_t uid, int is_public) goto fail; } - ALOGV("DexInv: --- BEGIN '%s' ---\n", apk_path); + // Create profile file if there is a package name present. + if (strcmp(pkgname, "*") != 0) { + create_profile_file(pkgname, uid); + } + + + ALOGV("DexInv: --- BEGIN '%s' ---\n", input_file); pid_t pid; pid = fork(); @@ -733,33 +981,44 @@ int dexopt(const char *apk_path, uid_t uid, int is_public) ALOGE("capset failed: %s\n", strerror(errno)); exit(66); } + if (set_sched_policy(0, SP_BACKGROUND) < 0) { + ALOGE("set_sched_policy failed: %s\n", strerror(errno)); + exit(70); + } if (flock(out_fd, LOCK_EX | LOCK_NB) != 0) { ALOGE("flock(%s) failed: %s\n", out_path, strerror(errno)); exit(67); } if (strncmp(persist_sys_dalvik_vm_lib, "libdvm", 6) == 0) { - run_dexopt(zip_fd, out_fd, apk_path, out_path, dexopt_flags); + run_dexopt(input_fd, out_fd, input_file, out_path); } else if (strncmp(persist_sys_dalvik_vm_lib, "libart", 6) == 0) { - run_dex2oat(zip_fd, out_fd, apk_path, out_path, dexopt_flags); + if (is_patchoat) { + run_patchoat(input_fd, out_fd, input_file, out_path, pkgname, instruction_set); + } else { + run_dex2oat(input_fd, out_fd, input_file, out_path, pkgname, instruction_set, + vm_safe_mode); + } } else { exit(69); /* Unexpected persist.sys.dalvik.vm.lib value */ } exit(68); /* only get here on exec failure */ } else { - res = wait_dexopt(pid, apk_path); - if (res != 0) { - ALOGE("dexopt in='%s' out='%s' res=%d\n", apk_path, out_path, res); + res = wait_child(pid); + if (res == 0) { + ALOGV("DexInv: --- END '%s' (success) ---\n", input_file); + } else { + ALOGE("DexInv: --- END '%s' --- status=0x%04x, process failed\n", input_file, res); goto fail; } } - ut.actime = apk_stat.st_atime; - ut.modtime = apk_stat.st_mtime; + ut.actime = input_stat.st_atime; + ut.modtime = input_stat.st_mtime; utime(out_path, &ut); close(out_fd); - close(zip_fd); + close(input_fd); return 0; fail: @@ -767,8 +1026,8 @@ fail: close(out_fd); unlink(out_path); } - if (zip_fd >= 0) { - close(zip_fd); + if (input_fd >= 0) { + close(input_fd); } return -1; } @@ -803,12 +1062,12 @@ int movefileordir(char* srcpath, char* dstpath, int dstbasepos, int srcend = strlen(srcpath); int dstend = strlen(dstpath); - + if (lstat(srcpath, statbuf) < 0) { ALOGW("Unable to stat %s: %s\n", srcpath, strerror(errno)); return 1; } - + if ((statbuf->st_mode&S_IFDIR) == 0) { mkinnerdirs(dstpath, dstbasepos, S_IRWXU|S_IRWXG|S_IXOTH, dstuid, dstgid, statbuf); @@ -834,7 +1093,7 @@ int movefileordir(char* srcpath, char* dstpath, int dstbasepos, } res = 0; - + while ((de = readdir(d))) { const char *name = de->d_name; /* always skip "." and ".." */ @@ -842,32 +1101,32 @@ int movefileordir(char* srcpath, char* dstpath, int dstbasepos, if (name[1] == 0) continue; if ((name[1] == '.') && (name[2] == 0)) continue; } - + if ((srcend+strlen(name)) >= (PKG_PATH_MAX-2)) { ALOGW("Source path too long; skipping: %s/%s\n", srcpath, name); continue; } - + if ((dstend+strlen(name)) >= (PKG_PATH_MAX-2)) { ALOGW("Destination path too long; skipping: %s/%s\n", dstpath, name); continue; } - + srcpath[srcend] = dstpath[dstend] = '/'; strcpy(srcpath+srcend+1, name); strcpy(dstpath+dstend+1, name); - + if (movefileordir(srcpath, dstpath, dstbasepos, dstuid, dstgid, statbuf) != 0) { res = 1; } - + // Note: we will be leaving empty directories behind in srcpath, // but that is okay, the package manager will be erasing all of the // data associated with .apks that disappear. - + srcpath[srcend] = dstpath[dstend] = 0; } - + closedir(d); return res; } @@ -909,7 +1168,7 @@ int movefiles() UPDATE_COMMANDS_DIR_PREFIX, name); continue; } - + bufp = 0; bufe = 0; buf[PKG_PATH_MAX] = 0; @@ -1070,7 +1329,7 @@ int linklib(const char* pkgname, const char* asecLibDir, int userId) } } else { if (S_ISDIR(libStat.st_mode)) { - if (delete_dir_contents(libsymlink, 1, 0) < 0) { + if (delete_dir_contents(libsymlink, 1, NULL) < 0) { rc = -1; goto out; } @@ -1103,3 +1362,196 @@ out: return rc; } + +static void run_idmap(const char *target_apk, const char *overlay_apk, int idmap_fd) +{ + static const char *IDMAP_BIN = "/system/bin/idmap"; + static const size_t MAX_INT_LEN = 32; + char idmap_str[MAX_INT_LEN]; + + snprintf(idmap_str, sizeof(idmap_str), "%d", idmap_fd); + + execl(IDMAP_BIN, IDMAP_BIN, "--fd", target_apk, overlay_apk, idmap_str, (char*)NULL); + ALOGE("execl(%s) failed: %s\n", IDMAP_BIN, strerror(errno)); +} + +// Transform string /a/b/c.apk to (prefix)/a@b@c.apk@(suffix) +// eg /a/b/c.apk to /data/resource-cache/a@b@c.apk@idmap +static int flatten_path(const char *prefix, const char *suffix, + const char *overlay_path, char *idmap_path, size_t N) +{ + if (overlay_path == NULL || idmap_path == NULL) { + return -1; + } + const size_t len_overlay_path = strlen(overlay_path); + // will access overlay_path + 1 further below; requires absolute path + if (len_overlay_path < 2 || *overlay_path != '/') { + return -1; + } + const size_t len_idmap_root = strlen(prefix); + const size_t len_suffix = strlen(suffix); + if (SIZE_MAX - len_idmap_root < len_overlay_path || + SIZE_MAX - (len_idmap_root + len_overlay_path) < len_suffix) { + // additions below would cause overflow + return -1; + } + if (N < len_idmap_root + len_overlay_path + len_suffix) { + return -1; + } + memset(idmap_path, 0, N); + snprintf(idmap_path, N, "%s%s%s", prefix, overlay_path + 1, suffix); + char *ch = idmap_path + len_idmap_root; + while (*ch != '\0') { + if (*ch == '/') { + *ch = '@'; + } + ++ch; + } + return 0; +} + +int idmap(const char *target_apk, const char *overlay_apk, uid_t uid) +{ + ALOGV("idmap target_apk=%s overlay_apk=%s uid=%d\n", target_apk, overlay_apk, uid); + + int idmap_fd = -1; + char idmap_path[PATH_MAX]; + + if (flatten_path(IDMAP_PREFIX, IDMAP_SUFFIX, overlay_apk, + idmap_path, sizeof(idmap_path)) == -1) { + ALOGE("idmap cannot generate idmap path for overlay %s\n", overlay_apk); + goto fail; + } + + unlink(idmap_path); + idmap_fd = open(idmap_path, O_RDWR | O_CREAT | O_EXCL, 0644); + if (idmap_fd < 0) { + ALOGE("idmap cannot open '%s' for output: %s\n", idmap_path, strerror(errno)); + goto fail; + } + if (fchown(idmap_fd, AID_SYSTEM, uid) < 0) { + ALOGE("idmap cannot chown '%s'\n", idmap_path); + goto fail; + } + if (fchmod(idmap_fd, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) < 0) { + ALOGE("idmap cannot chmod '%s'\n", idmap_path); + goto fail; + } + + pid_t pid; + pid = fork(); + if (pid == 0) { + /* child -- drop privileges before continuing */ + if (setgid(uid) != 0) { + ALOGE("setgid(%d) failed during idmap\n", uid); + exit(1); + } + if (setuid(uid) != 0) { + ALOGE("setuid(%d) failed during idmap\n", uid); + exit(1); + } + if (flock(idmap_fd, LOCK_EX | LOCK_NB) != 0) { + ALOGE("flock(%s) failed during idmap: %s\n", idmap_path, strerror(errno)); + exit(1); + } + + run_idmap(target_apk, overlay_apk, idmap_fd); + exit(1); /* only if exec call to idmap failed */ + } else { + int status = wait_child(pid); + if (status != 0) { + ALOGE("idmap failed, status=0x%04x\n", status); + goto fail; + } + } + + close(idmap_fd); + return 0; +fail: + if (idmap_fd >= 0) { + close(idmap_fd); + unlink(idmap_path); + } + return -1; +} + +int restorecon_data(const char* pkgName, const char* seinfo, uid_t uid) +{ + struct dirent *entry; + DIR *d; + struct stat s; + char *userdir; + char *primarydir; + char *pkgdir; + int ret = 0; + + // SELINUX_ANDROID_RESTORECON_DATADATA flag is set by libselinux. Not needed here. + unsigned int flags = SELINUX_ANDROID_RESTORECON_RECURSE; + + if (!pkgName || !seinfo) { + ALOGE("Package name or seinfo tag is null when trying to restorecon."); + return -1; + } + + if (asprintf(&primarydir, "%s%s%s", android_data_dir.path, PRIMARY_USER_PREFIX, pkgName) < 0) { + return -1; + } + + // Relabel for primary user. + if (selinux_android_restorecon_pkgdir(primarydir, seinfo, uid, flags) < 0) { + ALOGE("restorecon failed for %s: %s\n", primarydir, strerror(errno)); + ret |= -1; + } + + if (asprintf(&userdir, "%s%s", android_data_dir.path, SECONDARY_USER_PREFIX) < 0) { + free(primarydir); + return -1; + } + + // Relabel package directory for all secondary users. + d = opendir(userdir); + if (d == NULL) { + free(primarydir); + free(userdir); + return -1; + } + + while ((entry = readdir(d))) { + if (entry->d_type != DT_DIR) { + continue; + } + + const char *user = entry->d_name; + // Ignore "." and ".." + if (!strcmp(user, ".") || !strcmp(user, "..")) { + continue; + } + + // user directories start with a number + if (user[0] < '0' || user[0] > '9') { + ALOGE("Expecting numbered directory during restorecon. Instead got '%s'.", user); + continue; + } + + if (asprintf(&pkgdir, "%s%s/%s", userdir, user, pkgName) < 0) { + continue; + } + + if (stat(pkgdir, &s) < 0) { + free(pkgdir); + continue; + } + + if (selinux_android_restorecon_pkgdir(pkgdir, seinfo, uid, flags) < 0) { + ALOGE("restorecon failed for %s: %s\n", pkgdir, strerror(errno)); + ret |= -1; + } + free(pkgdir); + } + + closedir(d); + free(primarydir); + free(userdir); + return ret; +} + diff --git a/cmds/installd/installd.c b/cmds/installd/installd.c index 0c80dac..933338f 100644 --- a/cmds/installd/installd.c +++ b/cmds/installd/installd.c @@ -15,7 +15,7 @@ */ #include <sys/capability.h> -#include <linux/prctl.h> +#include <sys/prctl.h> #include <selinux/android.h> #include <selinux/avc.h> @@ -38,18 +38,18 @@ static int do_install(char **arg, char reply[REPLY_MAX]) static int do_dexopt(char **arg, char reply[REPLY_MAX]) { - /* apk_path, uid, is_public */ - return dexopt(arg[0], atoi(arg[1]), atoi(arg[2])); + /* apk_path, uid, is_public, pkgname, instruction_set, vm_safe_mode, should_relocate */ + return dexopt(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3], arg[4], atoi(arg[5]), 0); } static int do_move_dex(char **arg, char reply[REPLY_MAX]) { - return move_dex(arg[0], arg[1]); /* src, dst */ + return move_dex(arg[0], arg[1], arg[2]); /* src, dst, instruction_set */ } static int do_rm_dex(char **arg, char reply[REPLY_MAX]) { - return rm_dex(arg[0]); /* pkgname */ + return rm_dex(arg[0], arg[1]); /* pkgname, instruction_set */ } static int do_remove(char **arg, char reply[REPLY_MAX]) @@ -77,6 +77,11 @@ static int do_rm_cache(char **arg, char reply[REPLY_MAX]) return delete_cache(arg[0], atoi(arg[1])); /* pkgname, userid */ } +static int do_rm_code_cache(char **arg, char reply[REPLY_MAX]) +{ + return delete_code_cache(arg[0], atoi(arg[1])); /* pkgname, userid */ +} + static int do_get_size(char **arg, char reply[REPLY_MAX]) { int64_t codesize = 0; @@ -87,7 +92,7 @@ static int do_get_size(char **arg, char reply[REPLY_MAX]) /* pkgdir, userid, apkpath */ res = get_size(arg[0], atoi(arg[1]), arg[2], arg[3], arg[4], arg[5], - &codesize, &datasize, &cachesize, &asecsize); + arg[6], &codesize, &datasize, &cachesize, &asecsize); /* * Each int64_t can take up 22 characters printed out. Make sure it @@ -109,6 +114,11 @@ static int do_mk_user_data(char **arg, char reply[REPLY_MAX]) /* pkgname, uid, userid, seinfo */ } +static int do_mk_user_config(char **arg, char reply[REPLY_MAX]) +{ + return make_user_config(atoi(arg[0])); /* userid */ +} + static int do_rm_user(char **arg, char reply[REPLY_MAX]) { return delete_user(atoi(arg[0])); /* userid */ @@ -124,6 +134,22 @@ static int do_linklib(char **arg, char reply[REPLY_MAX]) return linklib(arg[0], arg[1], atoi(arg[2])); } +static int do_idmap(char **arg, char reply[REPLY_MAX]) +{ + return idmap(arg[0], arg[1], atoi(arg[2])); +} + +static int do_restorecon_data(char **arg, char reply[REPLY_MAX] __attribute__((unused))) +{ + return restorecon_data(arg[0], arg[1], atoi(arg[2])); + /* pkgName, seinfo, uid*/ +} + +static int do_patchoat(char **arg, char reply[REPLY_MAX]) { + /* apk_path, uid, is_public, pkgname, instruction_set, vm_safe_mode, should_relocate */ + return dexopt(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3], arg[4], 0, 1); +} + struct cmdinfo { const char *name; unsigned numargs; @@ -133,20 +159,25 @@ struct cmdinfo { struct cmdinfo cmds[] = { { "ping", 0, do_ping }, { "install", 4, do_install }, - { "dexopt", 3, do_dexopt }, - { "movedex", 2, do_move_dex }, - { "rmdex", 1, do_rm_dex }, + { "dexopt", 6, do_dexopt }, + { "movedex", 3, do_move_dex }, + { "rmdex", 2, do_rm_dex }, { "remove", 2, do_remove }, { "rename", 2, do_rename }, { "fixuid", 3, do_fixuid }, { "freecache", 1, do_free_cache }, { "rmcache", 2, do_rm_cache }, - { "getsize", 6, do_get_size }, + { "rmcodecache", 2, do_rm_code_cache }, + { "getsize", 7, do_get_size }, { "rmuserdata", 2, do_rm_user_data }, { "movefiles", 0, do_movefiles }, { "linklib", 3, do_linklib }, { "mkuserdata", 4, do_mk_user_data }, + { "mkuserconfig", 1, do_mk_user_config }, { "rmuser", 1, do_rm_user }, + { "idmap", 3, do_idmap }, + { "restorecondata", 3, do_restorecon_data }, + { "patchoat", 5, do_patchoat }, }; static int readx(int s, void *_buf, int count) @@ -297,7 +328,7 @@ int initialize_globals() { } // Take note of the system and vendor directories. - android_system_dirs.count = 2; + android_system_dirs.count = 4; android_system_dirs.dirs = calloc(android_system_dirs.count, sizeof(dir_rec_t)); if (android_system_dirs.dirs == NULL) { @@ -305,22 +336,24 @@ int initialize_globals() { return -1; } - // system - if (get_path_from_env(&android_system_dirs.dirs[0], "ANDROID_ROOT") < 0) { - free_globals(); + dir_rec_t android_root_dir; + if (get_path_from_env(&android_root_dir, "ANDROID_ROOT") < 0) { + ALOGE("Missing ANDROID_ROOT; aborting\n"); return -1; } - // append "app/" to dirs[0] - char *system_app_path = build_string2(android_system_dirs.dirs[0].path, APP_SUBDIR); - android_system_dirs.dirs[0].path = system_app_path; - android_system_dirs.dirs[0].len = strlen(system_app_path); + android_system_dirs.dirs[0].path = build_string2(android_root_dir.path, APP_SUBDIR); + android_system_dirs.dirs[0].len = strlen(android_system_dirs.dirs[0].path); - // vendor - // TODO replace this with an environment variable (doesn't exist yet) - android_system_dirs.dirs[1].path = "/vendor/app/"; + android_system_dirs.dirs[1].path = build_string2(android_root_dir.path, PRIV_APP_SUBDIR); android_system_dirs.dirs[1].len = strlen(android_system_dirs.dirs[1].path); + android_system_dirs.dirs[2].path = "/vendor/app/"; + android_system_dirs.dirs[2].len = strlen(android_system_dirs.dirs[2].path); + + android_system_dirs.dirs[3].path = "/oem/app/"; + android_system_dirs.dirs[3].len = strlen(android_system_dirs.dirs[3].path); + return 0; } @@ -392,7 +425,7 @@ int initialize_directories() { goto fail; } - if (selinux_android_restorecon(android_media_dir.path)) { + if (selinux_android_restorecon(android_media_dir.path, 0)) { goto fail; } @@ -470,6 +503,75 @@ int initialize_directories() { goto fail; } + if (ensure_config_user_dirs(0) == -1) { + ALOGE("Failed to setup misc for user 0"); + goto fail; + } + + if (version == 2) { + ALOGD("Upgrading to /data/misc/user directories"); + + char misc_dir[PATH_MAX]; + snprintf(misc_dir, PATH_MAX, "%smisc", android_data_dir.path); + + char keychain_added_dir[PATH_MAX]; + snprintf(keychain_added_dir, PATH_MAX, "%s/keychain/cacerts-added", misc_dir); + + char keychain_removed_dir[PATH_MAX]; + snprintf(keychain_removed_dir, PATH_MAX, "%s/keychain/cacerts-removed", misc_dir); + + DIR *dir; + struct dirent *dirent; + dir = opendir(user_data_dir); + if (dir != NULL) { + while ((dirent = readdir(dir))) { + const char *name = dirent->d_name; + + // skip "." and ".." + if (name[0] == '.') { + if (name[1] == 0) continue; + if ((name[1] == '.') && (name[2] == 0)) continue; + } + + uint32_t user_id = atoi(name); + + // /data/misc/user/<user_id> + if (ensure_config_user_dirs(user_id) == -1) { + goto fail; + } + + char misc_added_dir[PATH_MAX]; + snprintf(misc_added_dir, PATH_MAX, "%s/user/%s/cacerts-added", misc_dir, name); + + char misc_removed_dir[PATH_MAX]; + snprintf(misc_removed_dir, PATH_MAX, "%s/user/%s/cacerts-removed", misc_dir, name); + + uid_t uid = multiuser_get_uid(user_id, AID_SYSTEM); + gid_t gid = uid; + if (access(keychain_added_dir, F_OK) == 0) { + if (copy_dir_files(keychain_added_dir, misc_added_dir, uid, gid) != 0) { + ALOGE("Some files failed to copy"); + } + } + if (access(keychain_removed_dir, F_OK) == 0) { + if (copy_dir_files(keychain_removed_dir, misc_removed_dir, uid, gid) != 0) { + ALOGE("Some files failed to copy"); + } + } + } + closedir(dir); + + if (access(keychain_added_dir, F_OK) == 0) { + delete_dir_contents(keychain_added_dir, 1, 0); + } + if (access(keychain_removed_dir, F_OK) == 0) { + delete_dir_contents(keychain_removed_dir, 1, 0); + } + } + + version = 3; + } + // Persist layout version if changed if (version != oldVersion) { if (fs_write_atomic_int(version_path, version) == -1) { @@ -515,6 +617,7 @@ static void drop_privileges() { capdata[CAP_TO_INDEX(CAP_CHOWN)].permitted |= CAP_TO_MASK(CAP_CHOWN); capdata[CAP_TO_INDEX(CAP_SETUID)].permitted |= CAP_TO_MASK(CAP_SETUID); capdata[CAP_TO_INDEX(CAP_SETGID)].permitted |= CAP_TO_MASK(CAP_SETGID); + capdata[CAP_TO_INDEX(CAP_FOWNER)].permitted |= CAP_TO_MASK(CAP_FOWNER); capdata[0].effective = capdata[0].permitted; capdata[1].effective = capdata[1].permitted; @@ -527,6 +630,27 @@ static void drop_privileges() { } } +static int log_callback(int type, const char *fmt, ...) { + va_list ap; + int priority; + + switch (type) { + case SELINUX_WARNING: + priority = ANDROID_LOG_WARN; + break; + case SELINUX_INFO: + priority = ANDROID_LOG_INFO; + break; + default: + priority = ANDROID_LOG_ERROR; + break; + } + va_start(ap, fmt); + LOG_PRI_VA(priority, "SELinux", fmt, ap); + va_end(ap); + return 0; +} + int main(const int argc, const char *argv[]) { char buf[BUFFER_MAX]; struct sockaddr addr; @@ -536,6 +660,10 @@ int main(const int argc, const char *argv[]) { ALOGI("installd firing up\n"); + union selinux_callback cb; + cb.func_log = log_callback; + selinux_set_callback(SELINUX_CB_LOG, cb); + if (initialize_globals() < 0) { ALOGE("Could not initialize globals; exiting.\n"); exit(1); diff --git a/cmds/installd/installd.h b/cmds/installd/installd.h index 9ca2f86..36c3e8c 100644 --- a/cmds/installd/installd.h +++ b/cmds/installd/installd.h @@ -59,8 +59,10 @@ #define PKG_LIB_POSTFIX "/lib" #define CACHE_DIR_POSTFIX "/cache" +#define CODE_CACHE_DIR_POSTFIX "/code_cache" #define APP_SUBDIR "app/" // sub-directory under ANDROID_DATA +#define PRIV_APP_SUBDIR "priv-app/" // sub-directory under ANDROID_DATA #define APP_LIB_SUBDIR "app-lib/" // sub-directory under ANDROID_DATA @@ -75,6 +77,9 @@ #define UPDATE_COMMANDS_DIR_PREFIX "/system/etc/updatecmds/" +#define IDMAP_PREFIX "/data/resource-cache/" +#define IDMAP_SUFFIX "@idmap" + #define PKG_NAME_MAX 128 /* largest allowed package name */ #define PKG_PATH_MAX 256 /* max size of any path we use */ @@ -142,6 +147,8 @@ int create_user_path(char path[PKG_PATH_MAX], int create_user_media_path(char path[PKG_PATH_MAX], userid_t userid); +int create_user_config_path(char path[PKG_PATH_MAX], userid_t userid); + int create_move_path(char path[PKG_PATH_MAX], const char* pkgname, const char* leaf, @@ -149,14 +156,17 @@ int create_move_path(char path[PKG_PATH_MAX], int is_valid_package_name(const char* pkgname); -int create_cache_path(char path[PKG_PATH_MAX], const char *src); +int create_cache_path(char path[PKG_PATH_MAX], const char *src, + const char *instruction_set); int delete_dir_contents(const char *pathname, int also_delete_dir, - const char *ignore); + int (*exclusion_predicate)(const char *name, const int is_dir)); int delete_dir_contents_fd(int dfd, const char *name); +int copy_dir_files(const char *srcname, const char *dstname, uid_t owner, gid_t group); + int lookup_media_dir(char basepath[PATH_MAX], const char *dir); int64_t data_disk_free(); @@ -186,6 +196,9 @@ char *build_string3(char *s1, char *s2, char *s3); int ensure_dir(const char* path, mode_t mode, uid_t uid, gid_t gid); int ensure_media_user_dirs(userid_t userid); +int ensure_config_user_dirs(userid_t userid); +int create_profile_file(const char *pkgname, gid_t gid); +void remove_profile_file(const char *pkgname); /* commands.c */ @@ -195,15 +208,20 @@ int renamepkg(const char *oldpkgname, const char *newpkgname); int fix_uid(const char *pkgname, uid_t uid, gid_t gid); int delete_user_data(const char *pkgname, userid_t userid); int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char* seinfo); +int make_user_config(userid_t userid); int delete_user(userid_t userid); int delete_cache(const char *pkgname, userid_t userid); -int move_dex(const char *src, const char *dst); -int rm_dex(const char *path); +int delete_code_cache(const char *pkgname, userid_t userid); +int move_dex(const char *src, const char *dst, const char *instruction_set); +int rm_dex(const char *path, const char *instruction_set); int protect(char *pkgname, gid_t gid); int get_size(const char *pkgname, userid_t userid, const char *apkpath, const char *libdirpath, - const char *fwdlock_apkpath, const char *asecpath, int64_t *codesize, - int64_t *datasize, int64_t *cachesize, int64_t *asecsize); + const char *fwdlock_apkpath, const char *asecpath, const char *instruction_set, + int64_t *codesize, int64_t *datasize, int64_t *cachesize, int64_t *asecsize); int free_cache(int64_t free_size); -int dexopt(const char *apk_path, uid_t uid, int is_public); +int dexopt(const char *apk_path, uid_t uid, bool is_public, const char *pkgName, + const char *instruction_set, bool vm_safe_mode, bool should_relocate); int movefiles(); int linklib(const char* target, const char* source, int userId); +int idmap(const char *target_path, const char *overlay_path, uid_t uid); +int restorecon_data(); diff --git a/cmds/installd/tests/Android.mk b/cmds/installd/tests/Android.mk index c0192f4..4faf3c0 100644 --- a/cmds/installd/tests/Android.mk +++ b/cmds/installd/tests/Android.mk @@ -18,7 +18,7 @@ static_libraries := \ libgtest_main c_includes := \ - frameworks/base/cmds/installd + frameworks/native/cmds/installd $(foreach file,$(test_src_files), \ $(eval include $(CLEAR_VARS)) \ diff --git a/cmds/installd/tests/installd_utils_test.cpp b/cmds/installd/tests/installd_utils_test.cpp index 0b182af..94e4792 100644 --- a/cmds/installd/tests/installd_utils_test.cpp +++ b/cmds/installd/tests/installd_utils_test.cpp @@ -101,6 +101,11 @@ TEST_F(UtilsTest, IsValidApkPath_Internal) { EXPECT_EQ(0, validate_apk_path(internal1)) << internal1 << " should be allowed as a valid path"; + // b/16888084 + const char *path2 = TEST_APP_DIR "example.com/example.apk"; + EXPECT_EQ(0, validate_apk_path(path2)) + << path2 << " should be allowed as a valid path"; + const char *badint1 = TEST_APP_DIR "../example.apk"; EXPECT_EQ(-1, validate_apk_path(badint1)) << badint1 << " should be rejected as a invalid path"; @@ -109,9 +114,18 @@ TEST_F(UtilsTest, IsValidApkPath_Internal) { EXPECT_EQ(-1, validate_apk_path(badint2)) << badint2 << " should be rejected as a invalid path"; - const char *badint3 = TEST_APP_DIR "example.com/pkg.apk"; - EXPECT_EQ(-1, validate_apk_path(badint3)) - << badint3 << " should be rejected as a invalid path"; + // Only one subdir should be allowed. + const char *bad_path3 = TEST_APP_DIR "example.com/subdir/pkg.apk"; + EXPECT_EQ(-1, validate_apk_path(bad_path3)) + << bad_path3 << " should be rejected as a invalid path"; + + const char *bad_path4 = TEST_APP_DIR "example.com/subdir/../pkg.apk"; + EXPECT_EQ(-1, validate_apk_path(bad_path4)) + << bad_path4 << " should be rejected as a invalid path"; + + const char *bad_path5 = TEST_APP_DIR "example.com1/../example.com2/pkg.apk"; + EXPECT_EQ(-1, validate_apk_path(bad_path5)) + << bad_path5 << " should be rejected as a invalid path"; } TEST_F(UtilsTest, IsValidApkPath_Private) { @@ -120,6 +134,11 @@ TEST_F(UtilsTest, IsValidApkPath_Private) { EXPECT_EQ(0, validate_apk_path(private1)) << private1 << " should be allowed as a valid path"; + // b/16888084 + const char *path2 = TEST_APP_DIR "example.com/example.apk"; + EXPECT_EQ(0, validate_apk_path(path2)) + << path2 << " should be allowed as a valid path"; + const char *badpriv1 = TEST_APP_PRIVATE_DIR "../example.apk"; EXPECT_EQ(-1, validate_apk_path(badpriv1)) << badpriv1 << " should be rejected as a invalid path"; @@ -128,9 +147,18 @@ TEST_F(UtilsTest, IsValidApkPath_Private) { EXPECT_EQ(-1, validate_apk_path(badpriv2)) << badpriv2 << " should be rejected as a invalid path"; - const char *badpriv3 = TEST_APP_PRIVATE_DIR "example.com/pkg.apk"; - EXPECT_EQ(-1, validate_apk_path(badpriv3)) - << badpriv3 << " should be rejected as a invalid path"; + // Only one subdir should be allowed. + const char *bad_path3 = TEST_APP_PRIVATE_DIR "example.com/subdir/pkg.apk"; + EXPECT_EQ(-1, validate_apk_path(bad_path3)) + << bad_path3 << " should be rejected as a invalid path"; + + const char *bad_path4 = TEST_APP_PRIVATE_DIR "example.com/subdir/../pkg.apk"; + EXPECT_EQ(-1, validate_apk_path(bad_path4)) + << bad_path4 << " should be rejected as a invalid path"; + + const char *bad_path5 = TEST_APP_PRIVATE_DIR "example.com1/../example.com2/pkg.apk"; + EXPECT_EQ(-1, validate_apk_path(bad_path5)) + << bad_path5 << " should be rejected as a invalid path"; } @@ -218,6 +246,24 @@ TEST_F(UtilsTest, CheckSystemApp_BadPathEscapeFail) { << badapp3 << " should be rejected not a system path"; } +TEST_F(UtilsTest, CheckSystemApp_Subdir) { + const char *sysapp = TEST_SYSTEM_DIR1 "com.example/com.example.apk"; + EXPECT_EQ(0, validate_system_app_path(sysapp)) + << sysapp << " should be allowed as a system path"; + + const char *badapp = TEST_SYSTEM_DIR1 "com.example/subdir/com.example.apk"; + EXPECT_EQ(-1, validate_system_app_path(badapp)) + << badapp << " should be rejected not a system path"; + + const char *badapp1 = TEST_SYSTEM_DIR1 "com.example/subdir/../com.example.apk"; + EXPECT_EQ(-1, validate_system_app_path(badapp1)) + << badapp1 << " should be rejected not a system path"; + + const char *badapp2 = TEST_SYSTEM_DIR1 "com.example1/../com.example2/com.example.apk"; + EXPECT_EQ(-1, validate_system_app_path(badapp2)) + << badapp2 << " should be rejected not a system path"; +} + TEST_F(UtilsTest, GetPathFromString_NullPathFail) { dir_rec_t test1; EXPECT_EQ(-1, get_path_from_string(&test1, (const char *) NULL)) diff --git a/cmds/installd/utils.c b/cmds/installd/utils.c index ef634c6..e381aef 100644 --- a/cmds/installd/utils.c +++ b/cmds/installd/utils.c @@ -1,16 +1,16 @@ /* ** Copyright 2008, The Android Open Source Project ** -** Licensed under the Apache License, Version 2.0 (the "License"); -** you may not use this file except in compliance with the License. -** You may obtain a copy of the License at +** Licensed under the Apache License, Version 2.0 (the "License"); +** you may not use this file except in compliance with the License. +** You may obtain a copy of the License at ** -** http://www.apache.org/licenses/LICENSE-2.0 +** http://www.apache.org/licenses/LICENSE-2.0 ** -** Unless required by applicable law or agreed to in writing, software -** distributed under the License is distributed on an "AS IS" BASIS, -** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -** See the License for the specific language governing permissions and +** Unless required by applicable law or agreed to in writing, software +** distributed under the License is distributed on an "AS IS" BASIS, +** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +** See the License for the specific language governing permissions and ** limitations under the License. */ @@ -149,6 +149,17 @@ int create_user_media_path(char path[PATH_MAX], userid_t userid) { return 0; } +/** + * Create the path name for config for a certain userid. + * Returns 0 on success, and -1 on failure. + */ +int create_user_config_path(char path[PATH_MAX], userid_t userid) { + if (snprintf(path, PATH_MAX, "%s%d", "/data/misc/user/", userid) > PATH_MAX) { + return -1; + } + return 0; +} + int create_move_path(char path[PKG_PATH_MAX], const char* pkgname, const char* leaf, @@ -208,7 +219,8 @@ int is_valid_package_name(const char* pkgname) { return 0; } -static int _delete_dir_contents(DIR *d, const char *ignore) +static int _delete_dir_contents(DIR *d, + int (*exclusion_predicate)(const char *name, const int is_dir)) { int result = 0; struct dirent *de; @@ -221,8 +233,10 @@ static int _delete_dir_contents(DIR *d, const char *ignore) while ((de = readdir(d))) { const char *name = de->d_name; - /* skip the ignore name if provided */ - if (ignore && !strcmp(name, ignore)) continue; + /* check using the exclusion predicate, if provided */ + if (exclusion_predicate && exclusion_predicate(name, (de->d_type == DT_DIR))) { + continue; + } if (de->d_type == DT_DIR) { int r, subfd; @@ -247,7 +261,7 @@ static int _delete_dir_contents(DIR *d, const char *ignore) result = -1; continue; } - if (_delete_dir_contents(subdir, 0)) { + if (_delete_dir_contents(subdir, exclusion_predicate)) { result = -1; } closedir(subdir); @@ -268,7 +282,7 @@ static int _delete_dir_contents(DIR *d, const char *ignore) int delete_dir_contents(const char *pathname, int also_delete_dir, - const char *ignore) + int (*exclusion_predicate)(const char*, const int)) { int res = 0; DIR *d; @@ -278,7 +292,7 @@ int delete_dir_contents(const char *pathname, ALOGE("Couldn't opendir %s: %s\n", pathname, strerror(errno)); return -errno; } - res = _delete_dir_contents(d, ignore); + res = _delete_dir_contents(d, exclusion_predicate); closedir(d); if (also_delete_dir) { if (rmdir(pathname)) { @@ -310,6 +324,104 @@ int delete_dir_contents_fd(int dfd, const char *name) return res; } +static int _copy_owner_permissions(int srcfd, int dstfd) +{ + struct stat st; + if (fstat(srcfd, &st) != 0) { + return -1; + } + if (fchmod(dstfd, st.st_mode) != 0) { + return -1; + } + return 0; +} + +static int _copy_dir_files(int sdfd, int ddfd, uid_t owner, gid_t group) +{ + int result = 0; + if (_copy_owner_permissions(sdfd, ddfd) != 0) { + ALOGE("_copy_dir_files failed to copy dir permissions\n"); + } + if (fchown(ddfd, owner, group) != 0) { + ALOGE("_copy_dir_files failed to change dir owner\n"); + } + + DIR *ds = fdopendir(sdfd); + if (ds == NULL) { + ALOGE("Couldn't fdopendir: %s\n", strerror(errno)); + return -1; + } + struct dirent *de; + while ((de = readdir(ds))) { + if (de->d_type != DT_REG) { + continue; + } + + const char *name = de->d_name; + int fsfd = openat(sdfd, name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC); + int fdfd = openat(ddfd, name, O_WRONLY | O_NOFOLLOW | O_CLOEXEC | O_CREAT, 0600); + if (fsfd == -1 || fdfd == -1) { + ALOGW("Couldn't copy %s: %s\n", name, strerror(errno)); + } else { + if (_copy_owner_permissions(fsfd, fdfd) != 0) { + ALOGE("Failed to change file permissions\n"); + } + if (fchown(fdfd, owner, group) != 0) { + ALOGE("Failed to change file owner\n"); + } + + char buf[8192]; + ssize_t size; + while ((size = read(fsfd, buf, sizeof(buf))) > 0) { + write(fdfd, buf, size); + } + if (size < 0) { + ALOGW("Couldn't copy %s: %s\n", name, strerror(errno)); + result = -1; + } + } + close(fdfd); + close(fsfd); + } + + return result; +} + +int copy_dir_files(const char *srcname, + const char *dstname, + uid_t owner, + uid_t group) +{ + int res = 0; + DIR *ds = NULL; + DIR *dd = NULL; + + ds = opendir(srcname); + if (ds == NULL) { + ALOGE("Couldn't opendir %s: %s\n", srcname, strerror(errno)); + return -errno; + } + + mkdir(dstname, 0600); + dd = opendir(dstname); + if (dd == NULL) { + ALOGE("Couldn't opendir %s: %s\n", dstname, strerror(errno)); + closedir(ds); + return -errno; + } + + int sdfd = dirfd(ds); + int ddfd = dirfd(dd); + if (sdfd != -1 && ddfd != -1) { + res = _copy_dir_files(sdfd, ddfd, owner, group); + } else { + res = -errno; + } + closedir(dd); + closedir(ds); + return res; +} + int lookup_media_dir(char basepath[PATH_MAX], const char *dir) { DIR *d; @@ -435,7 +547,7 @@ static void _inc_num_cache_collected(cache_t* cache) { cache->numCollected++; if ((cache->numCollected%20000) == 0) { - ALOGI("Collected cache so far: %d directories, %d files", + ALOGI("Collected cache so far: %zd directories, %zd files", cache->numDirs, cache->numFiles); } } @@ -730,7 +842,7 @@ void clear_cache_files(cache_t* cache, int64_t free_size) int skip = 0; char path[PATH_MAX]; - ALOGI("Collected cache files: %d directories, %d files", + ALOGI("Collected cache files: %zd directories, %zd files", cache->numDirs, cache->numFiles); CACHE_NOISY(ALOGI("Sorting files...")); @@ -794,6 +906,33 @@ void finish_cache_collection(cache_t* cache) } /** + * Validate that the path is valid in the context of the provided directory. + * The path is allowed to have at most one subdirectory and no indirections + * to top level directories (i.e. have ".."). + */ +static int validate_path(const dir_rec_t* dir, const char* path) { + size_t dir_len = dir->len; + const char* subdir = strchr(path + dir_len, '/'); + + // Only allow the path to have at most one subdirectory. + if (subdir != NULL) { + ++subdir; + if (strchr(subdir, '/') != NULL) { + ALOGE("invalid apk path '%s' (subdir?)\n", path); + return -1; + } + } + + // Directories can't have a period directly after the directory markers to prevent "..". + if ((path[dir_len] == '.') || ((subdir != NULL) && (*subdir == '.'))) { + ALOGE("invalid apk path '%s' (trickery)\n", path); + return -1; + } + + return 0; +} + +/** * Checks whether a path points to a system app (.apk file). Returns 0 * if it is a system app or -1 if it is not. */ @@ -803,11 +942,7 @@ int validate_system_app_path(const char* path) { for (i = 0; i < android_system_dirs.count; i++) { const size_t dir_len = android_system_dirs.dirs[i].len; if (!strncmp(path, android_system_dirs.dirs[i].path, dir_len)) { - if (path[dir_len] == '.' || strchr(path + dir_len, '/') != NULL) { - ALOGE("invalid system apk path '%s' (trickery)\n", path); - return -1; - } - return 0; + return validate_path(android_system_dirs.dirs + i, path); } } @@ -900,54 +1035,25 @@ int copy_and_append(dir_rec_t* dst, const dir_rec_t* src, const char* suffix) { } /** - * Check whether path points to a valid path for an APK file. An ASEC - * directory is allowed to have one level of subdirectory names. Returns -1 - * when an invalid path is encountered and 0 when a valid path is encountered. + * Check whether path points to a valid path for an APK file. Only one level of + * subdirectory names is allowed. Returns -1 when an invalid path is encountered + * and 0 when a valid path is encountered. */ int validate_apk_path(const char *path) { - int allowsubdir = 0; - char *subdir = NULL; - size_t dir_len; - size_t path_len; + const dir_rec_t* dir = NULL; if (!strncmp(path, android_app_dir.path, android_app_dir.len)) { - dir_len = android_app_dir.len; + dir = &android_app_dir; } else if (!strncmp(path, android_app_private_dir.path, android_app_private_dir.len)) { - dir_len = android_app_private_dir.len; + dir = &android_app_private_dir; } else if (!strncmp(path, android_asec_dir.path, android_asec_dir.len)) { - dir_len = android_asec_dir.len; - allowsubdir = 1; + dir = &android_asec_dir; } else { - ALOGE("invalid apk path '%s' (bad prefix)\n", path); return -1; } - path_len = strlen(path); - - /* - * Only allow the path to have a subdirectory if it's been marked as being allowed. - */ - if ((subdir = strchr(path + dir_len, '/')) != NULL) { - ++subdir; - if (!allowsubdir - || (path_len > (size_t) (subdir - path) && (strchr(subdir, '/') != NULL))) { - ALOGE("invalid apk path '%s' (subdir?)\n", path); - return -1; - } - } - - /* - * Directories can't have a period directly after the directory markers - * to prevent ".." - */ - if (path[dir_len] == '.' - || (subdir != NULL && ((*subdir == '.') || (strchr(subdir, '/') != NULL)))) { - ALOGE("invalid apk path '%s' (trickery)\n", path); - return -1; - } - - return 0; + return validate_path(dir, path); } int append_and_increment(char** dst, const char* src, size_t* dst_size) { @@ -1005,3 +1111,59 @@ int ensure_media_user_dirs(userid_t userid) { return 0; } + +int ensure_config_user_dirs(userid_t userid) { + char config_user_path[PATH_MAX]; + char path[PATH_MAX]; + + // writable by system, readable by any app within the same user + const int uid = multiuser_get_uid(userid, AID_SYSTEM); + const int gid = multiuser_get_uid(userid, AID_EVERYBODY); + + // Ensure /data/misc/user/<userid> exists + create_user_config_path(config_user_path, userid); + if (fs_prepare_dir(config_user_path, 0750, uid, gid) == -1) { + return -1; + } + + return 0; +} + +int create_profile_file(const char *pkgname, gid_t gid) { + const char *profile_dir = DALVIK_CACHE_PREFIX "profiles"; + char profile_file[PKG_PATH_MAX]; + + snprintf(profile_file, sizeof(profile_file), "%s/%s", profile_dir, pkgname); + + // The 'system' user needs to be able to read the profile to determine if dex2oat + // needs to be run. This is done in dalvik.system.DexFile.isDexOptNeededInternal(). So + // we assign ownership to AID_SYSTEM and ensure it's not world-readable. + + int fd = open(profile_file, O_WRONLY | O_CREAT | O_NOFOLLOW | O_CLOEXEC, 0660); + + // Always set the uid/gid/permissions. The file could have been previously created + // with different permissions. + if (fd >= 0) { + if (fchown(fd, AID_SYSTEM, gid) < 0) { + ALOGE("cannot chown profile file '%s': %s\n", profile_file, strerror(errno)); + close(fd); + unlink(profile_file); + return -1; + } + + if (fchmod(fd, 0660) < 0) { + ALOGE("cannot chmod profile file '%s': %s\n", profile_file, strerror(errno)); + close(fd); + unlink(profile_file); + return -1; + } + close(fd); + } + return 0; +} + +void remove_profile_file(const char *pkgname) { + char profile_file[PKG_PATH_MAX]; + snprintf(profile_file, sizeof(profile_file), "%s/%s", DALVIK_CACHE_PREFIX "profiles", pkgname); + unlink(profile_file); +} |