1 /*
2 * Copyright (C) 2018 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "idmap2/Idmap.h"
18
19 #include <algorithm>
20 #include <iostream>
21 #include <iterator>
22 #include <limits>
23 #include <map>
24 #include <memory>
25 #include <set>
26 #include <string>
27 #include <utility>
28 #include <vector>
29
30 #include "android-base/macros.h"
31 #include "android-base/stringprintf.h"
32 #include "androidfw/AssetManager2.h"
33 #include "idmap2/ResourceUtils.h"
34 #include "idmap2/Result.h"
35 #include "idmap2/SysTrace.h"
36 #include "idmap2/ZipFile.h"
37 #include "utils/String16.h"
38 #include "utils/String8.h"
39
40 namespace android::idmap2 {
41
42 namespace {
43
44 #define EXTRACT_TYPE(resid) ((0x00ff0000 & (resid)) >> 16)
45
46 #define EXTRACT_ENTRY(resid) (0x0000ffff & (resid))
47
48 class MatchingResources {
49 public:
Add(ResourceId target_resid,ResourceId overlay_resid)50 void Add(ResourceId target_resid, ResourceId overlay_resid) {
51 TypeId target_typeid = EXTRACT_TYPE(target_resid);
52 if (map_.find(target_typeid) == map_.end()) {
53 map_.emplace(target_typeid, std::set<std::pair<ResourceId, ResourceId>>());
54 }
55 map_[target_typeid].insert(std::make_pair(target_resid, overlay_resid));
56 }
57
58 inline const std::map<TypeId, std::set<std::pair<ResourceId, ResourceId>>>& WARN_UNUSED
Map() const59 Map() const {
60 return map_;
61 }
62
63 private:
64 // target type id -> set { pair { overlay entry id, overlay entry id } }
65 std::map<TypeId, std::set<std::pair<ResourceId, ResourceId>>> map_;
66 };
67
Read16(std::istream & stream,uint16_t * out)68 bool WARN_UNUSED Read16(std::istream& stream, uint16_t* out) {
69 uint16_t value;
70 if (stream.read(reinterpret_cast<char*>(&value), sizeof(uint16_t))) {
71 *out = dtohl(value);
72 return true;
73 }
74 return false;
75 }
76
Read32(std::istream & stream,uint32_t * out)77 bool WARN_UNUSED Read32(std::istream& stream, uint32_t* out) {
78 uint32_t value;
79 if (stream.read(reinterpret_cast<char*>(&value), sizeof(uint32_t))) {
80 *out = dtohl(value);
81 return true;
82 }
83 return false;
84 }
85
86 // a string is encoded as a kIdmapStringLength char array; the array is always null-terminated
ReadString(std::istream & stream,char out[kIdmapStringLength])87 bool WARN_UNUSED ReadString(std::istream& stream, char out[kIdmapStringLength]) {
88 char buf[kIdmapStringLength];
89 memset(buf, 0, sizeof(buf));
90 if (!stream.read(buf, sizeof(buf))) {
91 return false;
92 }
93 if (buf[sizeof(buf) - 1] != '\0') {
94 return false;
95 }
96 memcpy(out, buf, sizeof(buf));
97 return true;
98 }
99
NameToResid(const AssetManager2 & am,const std::string & name)100 ResourceId NameToResid(const AssetManager2& am, const std::string& name) {
101 return am.GetResourceId(name);
102 }
103
104 // TODO(martenkongstad): scan for package name instead of assuming package at index 0
105 //
106 // idmap version 0x01 naively assumes that the package to use is always the first ResTable_package
107 // in the resources.arsc blob. In most cases, there is only a single ResTable_package anyway, so
108 // this assumption tends to work out. That said, the correct thing to do is to scan
109 // resources.arsc for a package with a given name as read from the package manifest instead of
110 // relying on a hard-coded index. This however requires storing the package name in the idmap
111 // header, which in turn requires incrementing the idmap version. Because the initial version of
112 // idmap2 is compatible with idmap, this will have to wait for now.
GetPackageAtIndex0(const LoadedArsc & loaded_arsc)113 const LoadedPackage* GetPackageAtIndex0(const LoadedArsc& loaded_arsc) {
114 const std::vector<std::unique_ptr<const LoadedPackage>>& packages = loaded_arsc.GetPackages();
115 if (packages.empty()) {
116 return nullptr;
117 }
118 int id = packages[0]->GetPackageId();
119 return loaded_arsc.GetPackageById(id);
120 }
121
GetCrc(const ZipFile & zip)122 Result<uint32_t> GetCrc(const ZipFile& zip) {
123 const Result<uint32_t> a = zip.Crc("resources.arsc");
124 const Result<uint32_t> b = zip.Crc("AndroidManifest.xml");
125 return a && b
126 ? Result<uint32_t>(*a ^ *b)
127 : Error("failed to get CRC for \"%s\"", a ? "AndroidManifest.xml" : "resources.arsc");
128 }
129
130 } // namespace
131
FromBinaryStream(std::istream & stream)132 std::unique_ptr<const IdmapHeader> IdmapHeader::FromBinaryStream(std::istream& stream) {
133 std::unique_ptr<IdmapHeader> idmap_header(new IdmapHeader());
134
135 if (!Read32(stream, &idmap_header->magic_) || !Read32(stream, &idmap_header->version_) ||
136 !Read32(stream, &idmap_header->target_crc_) || !Read32(stream, &idmap_header->overlay_crc_) ||
137 !ReadString(stream, idmap_header->target_path_) ||
138 !ReadString(stream, idmap_header->overlay_path_)) {
139 return nullptr;
140 }
141
142 return std::move(idmap_header);
143 }
144
IsUpToDate() const145 Result<Unit> IdmapHeader::IsUpToDate() const {
146 if (magic_ != kIdmapMagic) {
147 return Error("bad magic: actual 0x%08x, expected 0x%08x", magic_, kIdmapMagic);
148 }
149
150 if (version_ != kIdmapCurrentVersion) {
151 return Error("bad version: actual 0x%08x, expected 0x%08x", version_, kIdmapCurrentVersion);
152 }
153
154 const std::unique_ptr<const ZipFile> target_zip = ZipFile::Open(target_path_);
155 if (!target_zip) {
156 return Error("failed to open target %s", GetTargetPath().to_string().c_str());
157 }
158
159 Result<uint32_t> target_crc = GetCrc(*target_zip);
160 if (!target_crc) {
161 return Error("failed to get target crc");
162 }
163
164 if (target_crc_ != *target_crc) {
165 return Error("bad target crc: idmap version 0x%08x, file system version 0x%08x", target_crc_,
166 *target_crc);
167 }
168
169 const std::unique_ptr<const ZipFile> overlay_zip = ZipFile::Open(overlay_path_);
170 if (!overlay_zip) {
171 return Error("failed to open overlay %s", GetOverlayPath().to_string().c_str());
172 }
173
174 Result<uint32_t> overlay_crc = GetCrc(*overlay_zip);
175 if (!overlay_crc) {
176 return Error("failed to get overlay crc");
177 }
178
179 if (overlay_crc_ != *overlay_crc) {
180 return Error("bad overlay crc: idmap version 0x%08x, file system version 0x%08x", overlay_crc_,
181 *overlay_crc);
182 }
183
184 return Unit{};
185 }
186
FromBinaryStream(std::istream & stream)187 std::unique_ptr<const IdmapData::Header> IdmapData::Header::FromBinaryStream(std::istream& stream) {
188 std::unique_ptr<IdmapData::Header> idmap_data_header(new IdmapData::Header());
189
190 uint16_t target_package_id16;
191 if (!Read16(stream, &target_package_id16) || !Read16(stream, &idmap_data_header->type_count_)) {
192 return nullptr;
193 }
194 idmap_data_header->target_package_id_ = target_package_id16;
195
196 return std::move(idmap_data_header);
197 }
198
FromBinaryStream(std::istream & stream)199 std::unique_ptr<const IdmapData::TypeEntry> IdmapData::TypeEntry::FromBinaryStream(
200 std::istream& stream) {
201 std::unique_ptr<IdmapData::TypeEntry> data(new IdmapData::TypeEntry());
202 uint16_t target_type16;
203 uint16_t overlay_type16;
204 uint16_t entry_count;
205 if (!Read16(stream, &target_type16) || !Read16(stream, &overlay_type16) ||
206 !Read16(stream, &entry_count) || !Read16(stream, &data->entry_offset_)) {
207 return nullptr;
208 }
209 data->target_type_id_ = target_type16;
210 data->overlay_type_id_ = overlay_type16;
211 for (uint16_t i = 0; i < entry_count; i++) {
212 ResourceId resid;
213 if (!Read32(stream, &resid)) {
214 return nullptr;
215 }
216 data->entries_.push_back(resid);
217 }
218
219 return std::move(data);
220 }
221
FromBinaryStream(std::istream & stream)222 std::unique_ptr<const IdmapData> IdmapData::FromBinaryStream(std::istream& stream) {
223 std::unique_ptr<IdmapData> data(new IdmapData());
224 data->header_ = IdmapData::Header::FromBinaryStream(stream);
225 if (!data->header_) {
226 return nullptr;
227 }
228 for (size_t type_count = 0; type_count < data->header_->GetTypeCount(); type_count++) {
229 std::unique_ptr<const TypeEntry> type = IdmapData::TypeEntry::FromBinaryStream(stream);
230 if (!type) {
231 return nullptr;
232 }
233 data->type_entries_.push_back(std::move(type));
234 }
235 return std::move(data);
236 }
237
CanonicalIdmapPathFor(const std::string & absolute_dir,const std::string & absolute_apk_path)238 std::string Idmap::CanonicalIdmapPathFor(const std::string& absolute_dir,
239 const std::string& absolute_apk_path) {
240 assert(absolute_dir.size() > 0 && absolute_dir[0] == "/");
241 assert(absolute_apk_path.size() > 0 && absolute_apk_path[0] == "/");
242 std::string copy(++absolute_apk_path.cbegin(), absolute_apk_path.cend());
243 replace(copy.begin(), copy.end(), '/', '@');
244 return absolute_dir + "/" + copy + "@idmap";
245 }
246
FromBinaryStream(std::istream & stream)247 Result<std::unique_ptr<const Idmap>> Idmap::FromBinaryStream(std::istream& stream) {
248 SYSTRACE << "Idmap::FromBinaryStream";
249 std::unique_ptr<Idmap> idmap(new Idmap());
250
251 idmap->header_ = IdmapHeader::FromBinaryStream(stream);
252 if (!idmap->header_) {
253 return Error("failed to parse idmap header");
254 }
255
256 // idmap version 0x01 does not specify the number of data blocks that follow
257 // the idmap header; assume exactly one data block
258 for (int i = 0; i < 1; i++) {
259 std::unique_ptr<const IdmapData> data = IdmapData::FromBinaryStream(stream);
260 if (!data) {
261 return Error("failed to parse data block %d", i);
262 }
263 idmap->data_.push_back(std::move(data));
264 }
265
266 return {std::move(idmap)};
267 }
268
ConcatPolicies(const std::vector<std::string> & policies)269 std::string ConcatPolicies(const std::vector<std::string>& policies) {
270 std::string message;
271 for (const std::string& policy : policies) {
272 if (!message.empty()) {
273 message.append("|");
274 }
275 message.append(policy);
276 }
277
278 return message;
279 }
280
CheckOverlayable(const LoadedPackage & target_package,const utils::OverlayManifestInfo & overlay_info,const PolicyBitmask & fulfilled_policies,const ResourceId & resid)281 Result<Unit> CheckOverlayable(const LoadedPackage& target_package,
282 const utils::OverlayManifestInfo& overlay_info,
283 const PolicyBitmask& fulfilled_policies, const ResourceId& resid) {
284 static constexpr const PolicyBitmask sDefaultPolicies =
285 PolicyFlags::POLICY_ODM_PARTITION | PolicyFlags::POLICY_OEM_PARTITION |
286 PolicyFlags::POLICY_SYSTEM_PARTITION | PolicyFlags::POLICY_VENDOR_PARTITION |
287 PolicyFlags::POLICY_PRODUCT_PARTITION | PolicyFlags::POLICY_SIGNATURE;
288
289 // If the resource does not have an overlayable definition, allow the resource to be overlaid if
290 // the overlay is preinstalled or signed with the same signature as the target.
291 if (!target_package.DefinesOverlayable()) {
292 return (sDefaultPolicies & fulfilled_policies) != 0
293 ? Result<Unit>({})
294 : Error(
295 "overlay must be preinstalled or signed with the same signature as the "
296 "target");
297 }
298
299 const OverlayableInfo* overlayable_info = target_package.GetOverlayableInfo(resid);
300 if (overlayable_info == nullptr) {
301 // Do not allow non-overlayable resources to be overlaid.
302 return Error("resource has no overlayable declaration");
303 }
304
305 if (overlay_info.target_name != overlayable_info->name) {
306 // If the overlay supplies a target overlayable name, the resource must belong to the
307 // overlayable defined with the specified name to be overlaid.
308 return Error("<overlay> android:targetName '%s' does not match overlayable name '%s'",
309 overlay_info.target_name.c_str(), overlayable_info->name.c_str());
310 }
311
312 // Enforce policy restrictions if the resource is declared as overlayable.
313 if ((overlayable_info->policy_flags & fulfilled_policies) == 0) {
314 return Error("overlay with policies '%s' does not fulfill any overlayable policies '%s'",
315 ConcatPolicies(BitmaskToPolicies(fulfilled_policies)).c_str(),
316 ConcatPolicies(BitmaskToPolicies(overlayable_info->policy_flags)).c_str());
317 }
318
319 return Result<Unit>({});
320 }
321
FromApkAssets(const std::string & target_apk_path,const ApkAssets & target_apk_assets,const std::string & overlay_apk_path,const ApkAssets & overlay_apk_assets,const PolicyBitmask & fulfilled_policies,bool enforce_overlayable)322 Result<std::unique_ptr<const Idmap>> Idmap::FromApkAssets(const std::string& target_apk_path,
323 const ApkAssets& target_apk_assets,
324 const std::string& overlay_apk_path,
325 const ApkAssets& overlay_apk_assets,
326 const PolicyBitmask& fulfilled_policies,
327 bool enforce_overlayable) {
328 SYSTRACE << "Idmap::FromApkAssets";
329 AssetManager2 target_asset_manager;
330 if (!target_asset_manager.SetApkAssets({&target_apk_assets}, true, false)) {
331 return Error("failed to create target asset manager");
332 }
333
334 AssetManager2 overlay_asset_manager;
335 if (!overlay_asset_manager.SetApkAssets({&overlay_apk_assets}, true, false)) {
336 return Error("failed to create overlay asset manager");
337 }
338
339 const LoadedArsc* target_arsc = target_apk_assets.GetLoadedArsc();
340 if (target_arsc == nullptr) {
341 return Error("failed to load target resources.arsc");
342 }
343
344 const LoadedArsc* overlay_arsc = overlay_apk_assets.GetLoadedArsc();
345 if (overlay_arsc == nullptr) {
346 return Error("failed to load overlay resources.arsc");
347 }
348
349 const LoadedPackage* target_pkg = GetPackageAtIndex0(*target_arsc);
350 if (target_pkg == nullptr) {
351 return Error("failed to load target package from resources.arsc");
352 }
353
354 const LoadedPackage* overlay_pkg = GetPackageAtIndex0(*overlay_arsc);
355 if (overlay_pkg == nullptr) {
356 return Error("failed to load overlay package from resources.arsc");
357 }
358
359 const std::unique_ptr<const ZipFile> target_zip = ZipFile::Open(target_apk_path);
360 if (!target_zip) {
361 return Error("failed to open target as zip");
362 }
363
364 const std::unique_ptr<const ZipFile> overlay_zip = ZipFile::Open(overlay_apk_path);
365 if (!overlay_zip) {
366 return Error("failed to open overlay as zip");
367 }
368
369 auto overlay_info = utils::ExtractOverlayManifestInfo(overlay_apk_path);
370 if (!overlay_info) {
371 return overlay_info.GetError();
372 }
373
374 std::unique_ptr<IdmapHeader> header(new IdmapHeader());
375 header->magic_ = kIdmapMagic;
376 header->version_ = kIdmapCurrentVersion;
377
378 Result<uint32_t> crc = GetCrc(*target_zip);
379 if (!crc) {
380 return Error(crc.GetError(), "failed to get zip CRC for target");
381 }
382 header->target_crc_ = *crc;
383
384 crc = GetCrc(*overlay_zip);
385 if (!crc) {
386 return Error(crc.GetError(), "failed to get zip CRC for overlay");
387 }
388 header->overlay_crc_ = *crc;
389
390 if (target_apk_path.size() > sizeof(header->target_path_)) {
391 return Error("target apk path \"%s\" longer than maximum size %zu", target_apk_path.c_str(),
392 sizeof(header->target_path_));
393 }
394 memset(header->target_path_, 0, sizeof(header->target_path_));
395 memcpy(header->target_path_, target_apk_path.data(), target_apk_path.size());
396
397 if (overlay_apk_path.size() > sizeof(header->overlay_path_)) {
398 return Error("overlay apk path \"%s\" longer than maximum size %zu", target_apk_path.c_str(),
399 sizeof(header->target_path_));
400 }
401 memset(header->overlay_path_, 0, sizeof(header->overlay_path_));
402 memcpy(header->overlay_path_, overlay_apk_path.data(), overlay_apk_path.size());
403
404 std::unique_ptr<Idmap> idmap(new Idmap());
405 idmap->header_ = std::move(header);
406
407 // find the resources that exist in both packages
408 MatchingResources matching_resources;
409 const auto end = overlay_pkg->end();
410 for (auto iter = overlay_pkg->begin(); iter != end; ++iter) {
411 const ResourceId overlay_resid = *iter;
412 Result<std::string> name = utils::ResToTypeEntryName(overlay_asset_manager, overlay_resid);
413 if (!name) {
414 continue;
415 }
416 // prepend "<package>:" to turn name into "<package>:<type>/<name>"
417 const std::string full_name =
418 base::StringPrintf("%s:%s", target_pkg->GetPackageName().c_str(), name->c_str());
419 const ResourceId target_resid = NameToResid(target_asset_manager, full_name);
420 if (target_resid == 0) {
421 continue;
422 }
423
424 if (enforce_overlayable) {
425 Result<Unit> success =
426 CheckOverlayable(*target_pkg, *overlay_info, fulfilled_policies, target_resid);
427 if (!success) {
428 LOG(WARNING) << "overlay \"" << overlay_apk_path
429 << "\" is not allowed to overlay resource \"" << full_name
430 << "\": " << success.GetErrorMessage();
431 continue;
432 }
433 }
434
435 matching_resources.Add(target_resid, overlay_resid);
436 }
437
438 if (matching_resources.Map().empty()) {
439 return Error("overlay \"%s\" does not successfully overlay any resource",
440 overlay_apk_path.c_str());
441 }
442
443 // encode idmap data
444 std::unique_ptr<IdmapData> data(new IdmapData());
445 const auto types_end = matching_resources.Map().cend();
446 for (auto ti = matching_resources.Map().cbegin(); ti != types_end; ++ti) {
447 auto ei = ti->second.cbegin();
448 std::unique_ptr<IdmapData::TypeEntry> type(new IdmapData::TypeEntry());
449 type->target_type_id_ = EXTRACT_TYPE(ei->first);
450 type->overlay_type_id_ = EXTRACT_TYPE(ei->second);
451 type->entry_offset_ = EXTRACT_ENTRY(ei->first);
452 EntryId last_target_entry = kNoEntry;
453 for (; ei != ti->second.cend(); ++ei) {
454 if (last_target_entry != kNoEntry) {
455 int count = EXTRACT_ENTRY(ei->first) - last_target_entry - 1;
456 type->entries_.insert(type->entries_.end(), count, kNoEntry);
457 }
458 type->entries_.push_back(EXTRACT_ENTRY(ei->second));
459 last_target_entry = EXTRACT_ENTRY(ei->first);
460 }
461 data->type_entries_.push_back(std::move(type));
462 }
463
464 std::unique_ptr<IdmapData::Header> data_header(new IdmapData::Header());
465 data_header->target_package_id_ = target_pkg->GetPackageId();
466 data_header->type_count_ = data->type_entries_.size();
467 data->header_ = std::move(data_header);
468
469 idmap->data_.push_back(std::move(data));
470
471 return {std::move(idmap)};
472 }
473
accept(Visitor * v) const474 void IdmapHeader::accept(Visitor* v) const {
475 assert(v != nullptr);
476 v->visit(*this);
477 }
478
accept(Visitor * v) const479 void IdmapData::Header::accept(Visitor* v) const {
480 assert(v != nullptr);
481 v->visit(*this);
482 }
483
accept(Visitor * v) const484 void IdmapData::TypeEntry::accept(Visitor* v) const {
485 assert(v != nullptr);
486 v->visit(*this);
487 }
488
accept(Visitor * v) const489 void IdmapData::accept(Visitor* v) const {
490 assert(v != nullptr);
491 v->visit(*this);
492 header_->accept(v);
493 auto end = type_entries_.cend();
494 for (auto iter = type_entries_.cbegin(); iter != end; ++iter) {
495 (*iter)->accept(v);
496 }
497 }
498
accept(Visitor * v) const499 void Idmap::accept(Visitor* v) const {
500 assert(v != nullptr);
501 v->visit(*this);
502 header_->accept(v);
503 auto end = data_.cend();
504 for (auto iter = data_.cbegin(); iter != end; ++iter) {
505 (*iter)->accept(v);
506 }
507 }
508
509 } // namespace android::idmap2
510