1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "apex_shim.h"
18 
19 #include <android-base/file.h>
20 #include <android-base/logging.h>
21 #include <android-base/stringprintf.h>
22 #include <android-base/strings.h>
23 #include <openssl/sha.h>
24 #include <filesystem>
25 #include <fstream>
26 #include <sstream>
27 #include <unordered_set>
28 
29 #include "apex_constants.h"
30 #include "apex_file.h"
31 #include "string_log.h"
32 
33 using android::base::ErrnoError;
34 using android::base::Error;
35 using android::base::Result;
36 
37 namespace android {
38 namespace apex {
39 namespace shim {
40 
41 namespace fs = std::filesystem;
42 
43 namespace {
44 
45 static constexpr const char* kApexCtsShimPackage = "com.android.apex.cts.shim";
46 static constexpr const char* kHashFilePath = "etc/hash.txt";
47 static constexpr const int kBufSize = 1024;
48 static constexpr const fs::perms kForbiddenFilePermissions =
49     fs::perms::owner_exec | fs::perms::group_exec | fs::perms::others_exec;
50 static constexpr const char* kExpectedCtsShimFiles[] = {
51     "apex_manifest.json",
52     "apex_manifest.pb",
53     "etc/hash.txt",
54     "app/CtsShimPrebuilt/CtsShimPrebuilt.apk",
55     "priv-app/CtsShimPrivPrebuilt/CtsShimPrivPrebuilt.apk",
56 };
57 
CalculateSha512(const std::string & path)58 Result<std::string> CalculateSha512(const std::string& path) {
59   LOG(DEBUG) << "Calculating SHA512 of " << path;
60   SHA512_CTX ctx;
61   SHA512_Init(&ctx);
62   std::ifstream apex(path, std::ios::binary);
63   if (apex.bad()) {
64     return Error() << "Failed to open " << path;
65   }
66   char buf[kBufSize];
67   while (!apex.eof()) {
68     apex.read(buf, kBufSize);
69     if (apex.bad()) {
70       return Error() << "Failed to read " << path;
71     }
72     int bytes_read = apex.gcount();
73     SHA512_Update(&ctx, buf, bytes_read);
74   }
75   uint8_t hash[SHA512_DIGEST_LENGTH];
76   SHA512_Final(hash, &ctx);
77   std::stringstream ss;
78   ss << std::hex;
79   for (int i = 0; i < SHA512_DIGEST_LENGTH; i++) {
80     ss << std::setw(2) << std::setfill('0') << static_cast<int>(hash[i]);
81   }
82   return ss.str();
83 }
84 
GetAllowedHashes(const std::string & path)85 Result<std::vector<std::string>> GetAllowedHashes(const std::string& path) {
86   using android::base::ReadFileToString;
87   using android::base::StringPrintf;
88   const std::string& file_path =
89       StringPrintf("%s/%s", path.c_str(), kHashFilePath);
90   LOG(DEBUG) << "Reading SHA512 from " << file_path;
91   std::string hash;
92   if (!ReadFileToString(file_path, &hash, false /* follows symlinks */)) {
93     return ErrnoError() << "Failed to read " << file_path;
94   }
95   std::vector<std::string> allowed_hashes = android::base::Split(hash, "\n");
96   auto system_shim_hash = CalculateSha512(
97       StringPrintf("%s/%s", kApexPackageSystemDir, shim::kSystemShimApexName));
98   if (!system_shim_hash.ok()) {
99     return system_shim_hash.error();
100   }
101   allowed_hashes.push_back(std::move(*system_shim_hash));
102   return allowed_hashes;
103 }
104 }  // namespace
105 
IsShimApex(const ApexFile & apex_file)106 bool IsShimApex(const ApexFile& apex_file) {
107   return apex_file.GetManifest().name() == kApexCtsShimPackage;
108 }
109 
ValidateShimApex(const std::string & mount_point,const ApexFile & apex_file)110 Result<void> ValidateShimApex(const std::string& mount_point,
111                               const ApexFile& apex_file) {
112   LOG(DEBUG) << "Validating shim apex " << mount_point;
113   const ApexManifest& manifest = apex_file.GetManifest();
114   if (!manifest.preinstallhook().empty() ||
115       !manifest.postinstallhook().empty()) {
116     return Errorf("Shim apex is not allowed to have pre or post install hooks");
117   }
118   std::error_code ec;
119   std::unordered_set<std::string> expected_files;
120   for (auto file : kExpectedCtsShimFiles) {
121     expected_files.insert(file);
122   }
123 
124   auto iter = fs::recursive_directory_iterator(mount_point, ec);
125   // Unfortunately fs::recursive_directory_iterator::operator++ can throw an
126   // exception, which means that it's impossible to use range-based for loop
127   // here.
128   while (iter != fs::end(iter)) {
129     auto path = iter->path();
130     // Resolve the mount point to ensure any trailing slash is removed.
131     auto resolved_mount_point = fs::path(mount_point).string();
132     auto local_path = path.string().substr(resolved_mount_point.length() + 1);
133     fs::file_status status = iter->status(ec);
134 
135     if (fs::is_symlink(status)) {
136       return Error()
137              << "Shim apex is not allowed to contain symbolic links, found "
138              << path;
139     } else if (fs::is_regular_file(status)) {
140       if ((status.permissions() & kForbiddenFilePermissions) !=
141           fs::perms::none) {
142         return Error() << path << " has illegal permissions";
143       }
144       auto ex = expected_files.find(local_path);
145       if (ex != expected_files.end()) {
146         expected_files.erase(local_path);
147       } else {
148         return Error() << path << " is an unexpected file inside the shim apex";
149       }
150     } else if (!fs::is_directory(status)) {
151       // If this is not a symlink, a file or a directory, fail.
152       return Error() << "Unexpected file entry in shim apex: " << iter->path();
153     }
154     iter = iter.increment(ec);
155     if (ec) {
156       return Error() << "Failed to scan " << mount_point << " : "
157                      << ec.message();
158     }
159   }
160 
161   return {};
162 }
163 
ValidateUpdate(const std::string & system_apex_path,const std::string & new_apex_path)164 Result<void> ValidateUpdate(const std::string& system_apex_path,
165                             const std::string& new_apex_path) {
166   LOG(DEBUG) << "Validating update of shim apex to " << new_apex_path
167              << " using system shim apex " << system_apex_path;
168   auto allowed = GetAllowedHashes(system_apex_path);
169   if (!allowed.ok()) {
170     return allowed.error();
171   }
172   auto actual = CalculateSha512(new_apex_path);
173   if (!actual.ok()) {
174     return actual.error();
175   }
176   auto it = std::find(allowed->begin(), allowed->end(), *actual);
177   if (it == allowed->end()) {
178     return Error() << new_apex_path << " has unexpected SHA512 hash "
179                    << *actual;
180   }
181   return {};
182 }
183 
184 }  // namespace shim
185 }  // namespace apex
186 }  // namespace android
187