1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define ATRACE_TAG ATRACE_TAG_RESOURCES
18
19 #include "androidfw/LoadedArsc.h"
20
21 #include <algorithm>
22 #include <cstddef>
23 #include <limits>
24
25 #include "android-base/logging.h"
26 #include "android-base/stringprintf.h"
27 #include "utils/ByteOrder.h"
28 #include "utils/Trace.h"
29
30 #ifdef _WIN32
31 #ifdef ERROR
32 #undef ERROR
33 #endif
34 #endif
35
36 #include "androidfw/ByteBucketArray.h"
37 #include "androidfw/Chunk.h"
38 #include "androidfw/ResourceUtils.h"
39 #include "androidfw/Util.h"
40
41 using ::android::base::StringPrintf;
42
43 namespace android {
44
45 constexpr const static int kAppPackageId = 0x7f;
46
47 namespace {
48
49 // Builder that helps accumulate Type structs and then create a single
50 // contiguous block of memory to store both the TypeSpec struct and
51 // the Type structs.
52 class TypeSpecPtrBuilder {
53 public:
TypeSpecPtrBuilder(const ResTable_typeSpec * header,const IdmapEntry_header * idmap_header)54 explicit TypeSpecPtrBuilder(const ResTable_typeSpec* header,
55 const IdmapEntry_header* idmap_header)
56 : header_(header), idmap_header_(idmap_header) {
57 }
58
AddType(const ResTable_type * type)59 void AddType(const ResTable_type* type) {
60 types_.push_back(type);
61 }
62
Build()63 TypeSpecPtr Build() {
64 // Check for overflow.
65 using ElementType = const ResTable_type*;
66 if ((std::numeric_limits<size_t>::max() - sizeof(TypeSpec)) / sizeof(ElementType) <
67 types_.size()) {
68 return {};
69 }
70 TypeSpec* type_spec =
71 (TypeSpec*)::malloc(sizeof(TypeSpec) + (types_.size() * sizeof(ElementType)));
72 type_spec->type_spec = header_;
73 type_spec->idmap_entries = idmap_header_;
74 type_spec->type_count = types_.size();
75 memcpy(type_spec + 1, types_.data(), types_.size() * sizeof(ElementType));
76 return TypeSpecPtr(type_spec);
77 }
78
79 private:
80 DISALLOW_COPY_AND_ASSIGN(TypeSpecPtrBuilder);
81
82 const ResTable_typeSpec* header_;
83 const IdmapEntry_header* idmap_header_;
84 std::vector<const ResTable_type*> types_;
85 };
86
87 } // namespace
88
89 LoadedPackage::LoadedPackage() = default;
90 LoadedPackage::~LoadedPackage() = default;
91
92 // Precondition: The header passed in has already been verified, so reading any fields and trusting
93 // the ResChunk_header is safe.
VerifyResTableType(const ResTable_type * header)94 static bool VerifyResTableType(const ResTable_type* header) {
95 if (header->id == 0) {
96 LOG(ERROR) << "RES_TABLE_TYPE_TYPE has invalid ID 0.";
97 return false;
98 }
99
100 const size_t entry_count = dtohl(header->entryCount);
101 if (entry_count > std::numeric_limits<uint16_t>::max()) {
102 LOG(ERROR) << "RES_TABLE_TYPE_TYPE has too many entries (" << entry_count << ").";
103 return false;
104 }
105
106 // Make sure that there is enough room for the entry offsets.
107 const size_t offsets_offset = dtohs(header->header.headerSize);
108 const size_t entries_offset = dtohl(header->entriesStart);
109 const size_t offsets_length = sizeof(uint32_t) * entry_count;
110
111 if (offsets_offset > entries_offset || entries_offset - offsets_offset < offsets_length) {
112 LOG(ERROR) << "RES_TABLE_TYPE_TYPE entry offsets overlap actual entry data.";
113 return false;
114 }
115
116 if (entries_offset > dtohl(header->header.size)) {
117 LOG(ERROR) << "RES_TABLE_TYPE_TYPE entry offsets extend beyond chunk.";
118 return false;
119 }
120
121 if (entries_offset & 0x03) {
122 LOG(ERROR) << "RES_TABLE_TYPE_TYPE entries start at unaligned address.";
123 return false;
124 }
125 return true;
126 }
127
VerifyResTableEntry(const ResTable_type * type,uint32_t entry_offset)128 static bool VerifyResTableEntry(const ResTable_type* type, uint32_t entry_offset) {
129 // Check that the offset is aligned.
130 if (entry_offset & 0x03) {
131 LOG(ERROR) << "Entry at offset " << entry_offset << " is not 4-byte aligned.";
132 return false;
133 }
134
135 // Check that the offset doesn't overflow.
136 if (entry_offset > std::numeric_limits<uint32_t>::max() - dtohl(type->entriesStart)) {
137 // Overflow in offset.
138 LOG(ERROR) << "Entry at offset " << entry_offset << " is too large.";
139 return false;
140 }
141
142 const size_t chunk_size = dtohl(type->header.size);
143
144 entry_offset += dtohl(type->entriesStart);
145 if (entry_offset > chunk_size - sizeof(ResTable_entry)) {
146 LOG(ERROR) << "Entry at offset " << entry_offset
147 << " is too large. No room for ResTable_entry.";
148 return false;
149 }
150
151 const ResTable_entry* entry = reinterpret_cast<const ResTable_entry*>(
152 reinterpret_cast<const uint8_t*>(type) + entry_offset);
153
154 const size_t entry_size = dtohs(entry->size);
155 if (entry_size < sizeof(*entry)) {
156 LOG(ERROR) << "ResTable_entry size " << entry_size << " at offset " << entry_offset
157 << " is too small.";
158 return false;
159 }
160
161 if (entry_size > chunk_size || entry_offset > chunk_size - entry_size) {
162 LOG(ERROR) << "ResTable_entry size " << entry_size << " at offset " << entry_offset
163 << " is too large.";
164 return false;
165 }
166
167 if (entry_size < sizeof(ResTable_map_entry)) {
168 // There needs to be room for one Res_value struct.
169 if (entry_offset + entry_size > chunk_size - sizeof(Res_value)) {
170 LOG(ERROR) << "No room for Res_value after ResTable_entry at offset " << entry_offset
171 << " for type " << (int)type->id << ".";
172 return false;
173 }
174
175 const Res_value* value =
176 reinterpret_cast<const Res_value*>(reinterpret_cast<const uint8_t*>(entry) + entry_size);
177 const size_t value_size = dtohs(value->size);
178 if (value_size < sizeof(Res_value)) {
179 LOG(ERROR) << "Res_value at offset " << entry_offset << " is too small.";
180 return false;
181 }
182
183 if (value_size > chunk_size || entry_offset + entry_size > chunk_size - value_size) {
184 LOG(ERROR) << "Res_value size " << value_size << " at offset " << entry_offset
185 << " is too large.";
186 return false;
187 }
188 } else {
189 const ResTable_map_entry* map = reinterpret_cast<const ResTable_map_entry*>(entry);
190 const size_t map_entry_count = dtohl(map->count);
191 size_t map_entries_start = entry_offset + entry_size;
192 if (map_entries_start & 0x03) {
193 LOG(ERROR) << "Map entries at offset " << entry_offset << " start at unaligned offset.";
194 return false;
195 }
196
197 // Each entry is sizeof(ResTable_map) big.
198 if (map_entry_count > ((chunk_size - map_entries_start) / sizeof(ResTable_map))) {
199 LOG(ERROR) << "Too many map entries in ResTable_map_entry at offset " << entry_offset << ".";
200 return false;
201 }
202 }
203 return true;
204 }
205
iterator(const LoadedPackage * lp,size_t ti,size_t ei)206 LoadedPackage::iterator::iterator(const LoadedPackage* lp, size_t ti, size_t ei)
207 : loadedPackage_(lp),
208 typeIndex_(ti),
209 entryIndex_(ei),
210 typeIndexEnd_(lp->resource_ids_.size() + 1) {
211 while (typeIndex_ < typeIndexEnd_ && loadedPackage_->resource_ids_[typeIndex_] == 0) {
212 typeIndex_++;
213 }
214 }
215
operator ++()216 LoadedPackage::iterator& LoadedPackage::iterator::operator++() {
217 while (typeIndex_ < typeIndexEnd_) {
218 if (entryIndex_ + 1 < loadedPackage_->resource_ids_[typeIndex_]) {
219 entryIndex_++;
220 break;
221 }
222 entryIndex_ = 0;
223 typeIndex_++;
224 if (typeIndex_ < typeIndexEnd_ && loadedPackage_->resource_ids_[typeIndex_] != 0) {
225 break;
226 }
227 }
228 return *this;
229 }
230
operator *() const231 uint32_t LoadedPackage::iterator::operator*() const {
232 if (typeIndex_ >= typeIndexEnd_) {
233 return 0;
234 }
235 return make_resid(loadedPackage_->package_id_, typeIndex_ + loadedPackage_->type_id_offset_,
236 entryIndex_);
237 }
238
GetEntry(const ResTable_type * type_chunk,uint16_t entry_index)239 const ResTable_entry* LoadedPackage::GetEntry(const ResTable_type* type_chunk,
240 uint16_t entry_index) {
241 uint32_t entry_offset = GetEntryOffset(type_chunk, entry_index);
242 if (entry_offset == ResTable_type::NO_ENTRY) {
243 return nullptr;
244 }
245 return GetEntryFromOffset(type_chunk, entry_offset);
246 }
247
GetEntryOffset(const ResTable_type * type_chunk,uint16_t entry_index)248 uint32_t LoadedPackage::GetEntryOffset(const ResTable_type* type_chunk, uint16_t entry_index) {
249 // The configuration matches and is better than the previous selection.
250 // Find the entry value if it exists for this configuration.
251 const size_t entry_count = dtohl(type_chunk->entryCount);
252 const size_t offsets_offset = dtohs(type_chunk->header.headerSize);
253
254 // Check if there is the desired entry in this type.
255
256 if (type_chunk->flags & ResTable_type::FLAG_SPARSE) {
257 // This is encoded as a sparse map, so perform a binary search.
258 const ResTable_sparseTypeEntry* sparse_indices =
259 reinterpret_cast<const ResTable_sparseTypeEntry*>(
260 reinterpret_cast<const uint8_t*>(type_chunk) + offsets_offset);
261 const ResTable_sparseTypeEntry* sparse_indices_end = sparse_indices + entry_count;
262 const ResTable_sparseTypeEntry* result =
263 std::lower_bound(sparse_indices, sparse_indices_end, entry_index,
264 [](const ResTable_sparseTypeEntry& entry, uint16_t entry_idx) {
265 return dtohs(entry.idx) < entry_idx;
266 });
267
268 if (result == sparse_indices_end || dtohs(result->idx) != entry_index) {
269 // No entry found.
270 return ResTable_type::NO_ENTRY;
271 }
272
273 // Extract the offset from the entry. Each offset must be a multiple of 4 so we store it as
274 // the real offset divided by 4.
275 return uint32_t{dtohs(result->offset)} * 4u;
276 }
277
278 // This type is encoded as a dense array.
279 if (entry_index >= entry_count) {
280 // This entry cannot be here.
281 return ResTable_type::NO_ENTRY;
282 }
283
284 const uint32_t* entry_offsets = reinterpret_cast<const uint32_t*>(
285 reinterpret_cast<const uint8_t*>(type_chunk) + offsets_offset);
286 return dtohl(entry_offsets[entry_index]);
287 }
288
GetEntryFromOffset(const ResTable_type * type_chunk,uint32_t offset)289 const ResTable_entry* LoadedPackage::GetEntryFromOffset(const ResTable_type* type_chunk,
290 uint32_t offset) {
291 if (UNLIKELY(!VerifyResTableEntry(type_chunk, offset))) {
292 return nullptr;
293 }
294 return reinterpret_cast<const ResTable_entry*>(reinterpret_cast<const uint8_t*>(type_chunk) +
295 offset + dtohl(type_chunk->entriesStart));
296 }
297
CollectConfigurations(bool exclude_mipmap,std::set<ResTable_config> * out_configs) const298 void LoadedPackage::CollectConfigurations(bool exclude_mipmap,
299 std::set<ResTable_config>* out_configs) const {
300 const static std::u16string kMipMap = u"mipmap";
301 const size_t type_count = type_specs_.size();
302 for (size_t i = 0; i < type_count; i++) {
303 const TypeSpecPtr& type_spec = type_specs_[i];
304 if (type_spec != nullptr) {
305 if (exclude_mipmap) {
306 const int type_idx = type_spec->type_spec->id - 1;
307 size_t type_name_len;
308 const char16_t* type_name16 = type_string_pool_.stringAt(type_idx, &type_name_len);
309 if (type_name16 != nullptr) {
310 if (kMipMap.compare(0, std::u16string::npos, type_name16, type_name_len) == 0) {
311 // This is a mipmap type, skip collection.
312 continue;
313 }
314 }
315 const char* type_name = type_string_pool_.string8At(type_idx, &type_name_len);
316 if (type_name != nullptr) {
317 if (strncmp(type_name, "mipmap", type_name_len) == 0) {
318 // This is a mipmap type, skip collection.
319 continue;
320 }
321 }
322 }
323
324 const auto iter_end = type_spec->types + type_spec->type_count;
325 for (auto iter = type_spec->types; iter != iter_end; ++iter) {
326 ResTable_config config;
327 config.copyFromDtoH((*iter)->config);
328 out_configs->insert(config);
329 }
330 }
331 }
332 }
333
CollectLocales(bool canonicalize,std::set<std::string> * out_locales) const334 void LoadedPackage::CollectLocales(bool canonicalize, std::set<std::string>* out_locales) const {
335 char temp_locale[RESTABLE_MAX_LOCALE_LEN];
336 const size_t type_count = type_specs_.size();
337 for (size_t i = 0; i < type_count; i++) {
338 const TypeSpecPtr& type_spec = type_specs_[i];
339 if (type_spec != nullptr) {
340 const auto iter_end = type_spec->types + type_spec->type_count;
341 for (auto iter = type_spec->types; iter != iter_end; ++iter) {
342 ResTable_config configuration;
343 configuration.copyFromDtoH((*iter)->config);
344 if (configuration.locale != 0) {
345 configuration.getBcp47Locale(temp_locale, canonicalize);
346 std::string locale(temp_locale);
347 out_locales->insert(std::move(locale));
348 }
349 }
350 }
351 }
352 }
353
FindEntryByName(const std::u16string & type_name,const std::u16string & entry_name) const354 uint32_t LoadedPackage::FindEntryByName(const std::u16string& type_name,
355 const std::u16string& entry_name) const {
356 ssize_t type_idx = type_string_pool_.indexOfString(type_name.data(), type_name.size());
357 if (type_idx < 0) {
358 return 0u;
359 }
360
361 ssize_t key_idx = key_string_pool_.indexOfString(entry_name.data(), entry_name.size());
362 if (key_idx < 0) {
363 return 0u;
364 }
365
366 const TypeSpec* type_spec = type_specs_[type_idx].get();
367 if (type_spec == nullptr) {
368 return 0u;
369 }
370
371 const auto iter_end = type_spec->types + type_spec->type_count;
372 for (auto iter = type_spec->types; iter != iter_end; ++iter) {
373 const ResTable_type* type = *iter;
374 size_t entry_count = dtohl(type->entryCount);
375 for (size_t entry_idx = 0; entry_idx < entry_count; entry_idx++) {
376 const uint32_t* entry_offsets = reinterpret_cast<const uint32_t*>(
377 reinterpret_cast<const uint8_t*>(type) + dtohs(type->header.headerSize));
378 const uint32_t offset = dtohl(entry_offsets[entry_idx]);
379 if (offset != ResTable_type::NO_ENTRY) {
380 const ResTable_entry* entry = reinterpret_cast<const ResTable_entry*>(
381 reinterpret_cast<const uint8_t*>(type) + dtohl(type->entriesStart) + offset);
382 if (dtohl(entry->key.index) == static_cast<uint32_t>(key_idx)) {
383 // The package ID will be overridden by the caller (due to runtime assignment of package
384 // IDs for shared libraries).
385 return make_resid(0x00, type_idx + type_id_offset_ + 1, entry_idx);
386 }
387 }
388 }
389 }
390 return 0u;
391 }
392
GetPackageById(uint8_t package_id) const393 const LoadedPackage* LoadedArsc::GetPackageById(uint8_t package_id) const {
394 for (const auto& loaded_package : packages_) {
395 if (loaded_package->GetPackageId() == package_id) {
396 return loaded_package.get();
397 }
398 }
399 return nullptr;
400 }
401
Load(const Chunk & chunk,const LoadedIdmap * loaded_idmap,bool system,bool load_as_shared_library)402 std::unique_ptr<const LoadedPackage> LoadedPackage::Load(const Chunk& chunk,
403 const LoadedIdmap* loaded_idmap,
404 bool system, bool load_as_shared_library) {
405 ATRACE_NAME("LoadedPackage::Load");
406 std::unique_ptr<LoadedPackage> loaded_package(new LoadedPackage());
407
408 // typeIdOffset was added at some point, but we still must recognize apps built before this
409 // was added.
410 constexpr size_t kMinPackageSize =
411 sizeof(ResTable_package) - sizeof(ResTable_package::typeIdOffset);
412 const ResTable_package* header = chunk.header<ResTable_package, kMinPackageSize>();
413 if (header == nullptr) {
414 LOG(ERROR) << "RES_TABLE_PACKAGE_TYPE too small.";
415 return {};
416 }
417
418 loaded_package->system_ = system;
419
420 loaded_package->package_id_ = dtohl(header->id);
421 if (loaded_package->package_id_ == 0 ||
422 (loaded_package->package_id_ == kAppPackageId && load_as_shared_library)) {
423 // Package ID of 0 means this is a shared library.
424 loaded_package->dynamic_ = true;
425 }
426
427 if (loaded_idmap != nullptr) {
428 // This is an overlay and so it needs to pretend to be the target package.
429 loaded_package->package_id_ = loaded_idmap->TargetPackageId();
430 loaded_package->overlay_ = true;
431 }
432
433 if (header->header.headerSize >= sizeof(ResTable_package)) {
434 uint32_t type_id_offset = dtohl(header->typeIdOffset);
435 if (type_id_offset > std::numeric_limits<uint8_t>::max()) {
436 LOG(ERROR) << "RES_TABLE_PACKAGE_TYPE type ID offset too large.";
437 return {};
438 }
439 loaded_package->type_id_offset_ = static_cast<int>(type_id_offset);
440 }
441
442 util::ReadUtf16StringFromDevice(header->name, arraysize(header->name),
443 &loaded_package->package_name_);
444
445 // A map of TypeSpec builders, each associated with an type index.
446 // We use these to accumulate the set of Types available for a TypeSpec, and later build a single,
447 // contiguous block of memory that holds all the Types together with the TypeSpec.
448 std::unordered_map<int, std::unique_ptr<TypeSpecPtrBuilder>> type_builder_map;
449
450 ChunkIterator iter(chunk.data_ptr(), chunk.data_size());
451 while (iter.HasNext()) {
452 const Chunk child_chunk = iter.Next();
453 switch (child_chunk.type()) {
454 case RES_STRING_POOL_TYPE: {
455 const uintptr_t pool_address =
456 reinterpret_cast<uintptr_t>(child_chunk.header<ResChunk_header>());
457 const uintptr_t header_address = reinterpret_cast<uintptr_t>(header);
458 if (pool_address == header_address + dtohl(header->typeStrings)) {
459 // This string pool is the type string pool.
460 status_t err = loaded_package->type_string_pool_.setTo(
461 child_chunk.header<ResStringPool_header>(), child_chunk.size());
462 if (err != NO_ERROR) {
463 LOG(ERROR) << "RES_STRING_POOL_TYPE for types corrupt.";
464 return {};
465 }
466 } else if (pool_address == header_address + dtohl(header->keyStrings)) {
467 // This string pool is the key string pool.
468 status_t err = loaded_package->key_string_pool_.setTo(
469 child_chunk.header<ResStringPool_header>(), child_chunk.size());
470 if (err != NO_ERROR) {
471 LOG(ERROR) << "RES_STRING_POOL_TYPE for keys corrupt.";
472 return {};
473 }
474 } else {
475 LOG(WARNING) << "Too many RES_STRING_POOL_TYPEs found in RES_TABLE_PACKAGE_TYPE.";
476 }
477 } break;
478
479 case RES_TABLE_TYPE_SPEC_TYPE: {
480 const ResTable_typeSpec* type_spec = child_chunk.header<ResTable_typeSpec>();
481 if (type_spec == nullptr) {
482 LOG(ERROR) << "RES_TABLE_TYPE_SPEC_TYPE too small.";
483 return {};
484 }
485
486 if (type_spec->id == 0) {
487 LOG(ERROR) << "RES_TABLE_TYPE_SPEC_TYPE has invalid ID 0.";
488 return {};
489 }
490
491 if (loaded_package->type_id_offset_ + static_cast<int>(type_spec->id) >
492 std::numeric_limits<uint8_t>::max()) {
493 LOG(ERROR) << "RES_TABLE_TYPE_SPEC_TYPE has out of range ID.";
494 return {};
495 }
496
497 // The data portion of this chunk contains entry_count 32bit entries,
498 // each one representing a set of flags.
499 // Here we only validate that the chunk is well formed.
500 const size_t entry_count = dtohl(type_spec->entryCount);
501
502 // There can only be 2^16 entries in a type, because that is the ID
503 // space for entries (EEEE) in the resource ID 0xPPTTEEEE.
504 if (entry_count > std::numeric_limits<uint16_t>::max()) {
505 LOG(ERROR) << "RES_TABLE_TYPE_SPEC_TYPE has too many entries (" << entry_count << ").";
506 return {};
507 }
508
509 if (entry_count * sizeof(uint32_t) > chunk.data_size()) {
510 LOG(ERROR) << "RES_TABLE_TYPE_SPEC_TYPE too small to hold entries.";
511 return {};
512 }
513
514 // If this is an overlay, associate the mapping of this type to the target type
515 // from the IDMAP.
516 const IdmapEntry_header* idmap_entry_header = nullptr;
517 if (loaded_idmap != nullptr) {
518 idmap_entry_header = loaded_idmap->GetEntryMapForType(type_spec->id);
519 }
520
521 std::unique_ptr<TypeSpecPtrBuilder>& builder_ptr = type_builder_map[type_spec->id - 1];
522 if (builder_ptr == nullptr) {
523 builder_ptr = util::make_unique<TypeSpecPtrBuilder>(type_spec, idmap_entry_header);
524 loaded_package->resource_ids_.set(type_spec->id, entry_count);
525 } else {
526 LOG(WARNING) << StringPrintf("RES_TABLE_TYPE_SPEC_TYPE already defined for ID %02x",
527 type_spec->id);
528 }
529 } break;
530
531 case RES_TABLE_TYPE_TYPE: {
532 const ResTable_type* type = child_chunk.header<ResTable_type, kResTableTypeMinSize>();
533 if (type == nullptr) {
534 LOG(ERROR) << "RES_TABLE_TYPE_TYPE too small.";
535 return {};
536 }
537
538 if (!VerifyResTableType(type)) {
539 return {};
540 }
541
542 // Type chunks must be preceded by their TypeSpec chunks.
543 std::unique_ptr<TypeSpecPtrBuilder>& builder_ptr = type_builder_map[type->id - 1];
544 if (builder_ptr != nullptr) {
545 builder_ptr->AddType(type);
546 } else {
547 LOG(ERROR) << StringPrintf(
548 "RES_TABLE_TYPE_TYPE with ID %02x found without preceding RES_TABLE_TYPE_SPEC_TYPE.",
549 type->id);
550 return {};
551 }
552 } break;
553
554 case RES_TABLE_LIBRARY_TYPE: {
555 const ResTable_lib_header* lib = child_chunk.header<ResTable_lib_header>();
556 if (lib == nullptr) {
557 LOG(ERROR) << "RES_TABLE_LIBRARY_TYPE too small.";
558 return {};
559 }
560
561 if (child_chunk.data_size() / sizeof(ResTable_lib_entry) < dtohl(lib->count)) {
562 LOG(ERROR) << "RES_TABLE_LIBRARY_TYPE too small to hold entries.";
563 return {};
564 }
565
566 loaded_package->dynamic_package_map_.reserve(dtohl(lib->count));
567
568 const ResTable_lib_entry* const entry_begin =
569 reinterpret_cast<const ResTable_lib_entry*>(child_chunk.data_ptr());
570 const ResTable_lib_entry* const entry_end = entry_begin + dtohl(lib->count);
571 for (auto entry_iter = entry_begin; entry_iter != entry_end; ++entry_iter) {
572 std::string package_name;
573 util::ReadUtf16StringFromDevice(entry_iter->packageName,
574 arraysize(entry_iter->packageName), &package_name);
575
576 if (dtohl(entry_iter->packageId) >= std::numeric_limits<uint8_t>::max()) {
577 LOG(ERROR) << StringPrintf(
578 "Package ID %02x in RES_TABLE_LIBRARY_TYPE too large for package '%s'.",
579 dtohl(entry_iter->packageId), package_name.c_str());
580 return {};
581 }
582
583 loaded_package->dynamic_package_map_.emplace_back(std::move(package_name),
584 dtohl(entry_iter->packageId));
585 }
586 } break;
587
588 case RES_TABLE_OVERLAYABLE_TYPE: {
589 const ResTable_overlayable_header* header =
590 child_chunk.header<ResTable_overlayable_header>();
591 if (header == nullptr) {
592 LOG(ERROR) << "RES_TABLE_OVERLAYABLE_TYPE too small.";
593 return {};
594 }
595
596 std::string name;
597 util::ReadUtf16StringFromDevice(header->name, arraysize(header->name), &name);
598 std::string actor;
599 util::ReadUtf16StringFromDevice(header->actor, arraysize(header->actor), &actor);
600
601 if (loaded_package->overlayable_map_.find(name) !=
602 loaded_package->overlayable_map_.end()) {
603 LOG(ERROR) << "Multiple <overlayable> blocks with the same name '" << name << "'.";
604 return {};
605 }
606 loaded_package->overlayable_map_.emplace(name, actor);
607
608 // Iterate over the overlayable policy chunks contained within the overlayable chunk data
609 ChunkIterator overlayable_iter(child_chunk.data_ptr(), child_chunk.data_size());
610 while (overlayable_iter.HasNext()) {
611 const Chunk overlayable_child_chunk = overlayable_iter.Next();
612
613 switch (overlayable_child_chunk.type()) {
614 case RES_TABLE_OVERLAYABLE_POLICY_TYPE: {
615 const ResTable_overlayable_policy_header* policy_header =
616 overlayable_child_chunk.header<ResTable_overlayable_policy_header>();
617 if (policy_header == nullptr) {
618 LOG(ERROR) << "RES_TABLE_OVERLAYABLE_POLICY_TYPE too small.";
619 return {};
620 }
621
622 if ((overlayable_child_chunk.data_size() / sizeof(ResTable_ref))
623 < dtohl(policy_header->entry_count)) {
624 LOG(ERROR) << "RES_TABLE_OVERLAYABLE_POLICY_TYPE too small to hold entries.";
625 return {};
626 }
627
628 // Retrieve all the resource ids belonging to this policy chunk
629 std::unordered_set<uint32_t> ids;
630 const auto ids_begin =
631 reinterpret_cast<const ResTable_ref*>(overlayable_child_chunk.data_ptr());
632 const auto ids_end = ids_begin + dtohl(policy_header->entry_count);
633 for (auto id_iter = ids_begin; id_iter != ids_end; ++id_iter) {
634 ids.insert(dtohl(id_iter->ident));
635 }
636
637 // Add the pairing of overlayable properties and resource ids to the package
638 OverlayableInfo overlayable_info{};
639 overlayable_info.name = name;
640 overlayable_info.actor = actor;
641 overlayable_info.policy_flags = policy_header->policy_flags;
642 loaded_package->overlayable_infos_.push_back(std::make_pair(overlayable_info, ids));
643 loaded_package->defines_overlayable_ = true;
644 break;
645 }
646
647 default:
648 LOG(WARNING) << StringPrintf("Unknown chunk type '%02x'.", chunk.type());
649 break;
650 }
651 }
652
653 if (overlayable_iter.HadError()) {
654 LOG(ERROR) << StringPrintf("Error parsing RES_TABLE_OVERLAYABLE_TYPE: %s",
655 overlayable_iter.GetLastError().c_str());
656 if (overlayable_iter.HadFatalError()) {
657 return {};
658 }
659 }
660 } break;
661
662 default:
663 LOG(WARNING) << StringPrintf("Unknown chunk type '%02x'.", chunk.type());
664 break;
665 }
666 }
667
668 if (iter.HadError()) {
669 LOG(ERROR) << iter.GetLastError();
670 if (iter.HadFatalError()) {
671 return {};
672 }
673 }
674
675 // Flatten and construct the TypeSpecs.
676 for (auto& entry : type_builder_map) {
677 uint8_t type_idx = static_cast<uint8_t>(entry.first);
678 TypeSpecPtr type_spec_ptr = entry.second->Build();
679 if (type_spec_ptr == nullptr) {
680 LOG(ERROR) << "Too many type configurations, overflow detected.";
681 return {};
682 }
683
684 // We only add the type to the package if there is no IDMAP, or if the type is
685 // overlaying something.
686 if (loaded_idmap == nullptr || type_spec_ptr->idmap_entries != nullptr) {
687 // If this is an overlay, insert it at the target type ID.
688 if (type_spec_ptr->idmap_entries != nullptr) {
689 type_idx = dtohs(type_spec_ptr->idmap_entries->target_type_id) - 1;
690 }
691 loaded_package->type_specs_.editItemAt(type_idx) = std::move(type_spec_ptr);
692 }
693 }
694
695 return std::move(loaded_package);
696 }
697
LoadTable(const Chunk & chunk,const LoadedIdmap * loaded_idmap,bool load_as_shared_library)698 bool LoadedArsc::LoadTable(const Chunk& chunk, const LoadedIdmap* loaded_idmap,
699 bool load_as_shared_library) {
700 const ResTable_header* header = chunk.header<ResTable_header>();
701 if (header == nullptr) {
702 LOG(ERROR) << "RES_TABLE_TYPE too small.";
703 return false;
704 }
705
706 const size_t package_count = dtohl(header->packageCount);
707 size_t packages_seen = 0;
708
709 packages_.reserve(package_count);
710
711 ChunkIterator iter(chunk.data_ptr(), chunk.data_size());
712 while (iter.HasNext()) {
713 const Chunk child_chunk = iter.Next();
714 switch (child_chunk.type()) {
715 case RES_STRING_POOL_TYPE:
716 // Only use the first string pool. Ignore others.
717 if (global_string_pool_.getError() == NO_INIT) {
718 status_t err = global_string_pool_.setTo(child_chunk.header<ResStringPool_header>(),
719 child_chunk.size());
720 if (err != NO_ERROR) {
721 LOG(ERROR) << "RES_STRING_POOL_TYPE corrupt.";
722 return false;
723 }
724 } else {
725 LOG(WARNING) << "Multiple RES_STRING_POOL_TYPEs found in RES_TABLE_TYPE.";
726 }
727 break;
728
729 case RES_TABLE_PACKAGE_TYPE: {
730 if (packages_seen + 1 > package_count) {
731 LOG(ERROR) << "More package chunks were found than the " << package_count
732 << " declared in the header.";
733 return false;
734 }
735 packages_seen++;
736
737 std::unique_ptr<const LoadedPackage> loaded_package =
738 LoadedPackage::Load(child_chunk, loaded_idmap, system_, load_as_shared_library);
739 if (!loaded_package) {
740 return false;
741 }
742 packages_.push_back(std::move(loaded_package));
743 } break;
744
745 default:
746 LOG(WARNING) << StringPrintf("Unknown chunk type '%02x'.", chunk.type());
747 break;
748 }
749 }
750
751 if (iter.HadError()) {
752 LOG(ERROR) << iter.GetLastError();
753 if (iter.HadFatalError()) {
754 return false;
755 }
756 }
757 return true;
758 }
759
Load(const StringPiece & data,const LoadedIdmap * loaded_idmap,bool system,bool load_as_shared_library)760 std::unique_ptr<const LoadedArsc> LoadedArsc::Load(const StringPiece& data,
761 const LoadedIdmap* loaded_idmap, bool system,
762 bool load_as_shared_library) {
763 ATRACE_NAME("LoadedArsc::LoadTable");
764
765 // Not using make_unique because the constructor is private.
766 std::unique_ptr<LoadedArsc> loaded_arsc(new LoadedArsc());
767 loaded_arsc->system_ = system;
768
769 ChunkIterator iter(data.data(), data.size());
770 while (iter.HasNext()) {
771 const Chunk chunk = iter.Next();
772 switch (chunk.type()) {
773 case RES_TABLE_TYPE:
774 if (!loaded_arsc->LoadTable(chunk, loaded_idmap, load_as_shared_library)) {
775 return {};
776 }
777 break;
778
779 default:
780 LOG(WARNING) << StringPrintf("Unknown chunk type '%02x'.", chunk.type());
781 break;
782 }
783 }
784
785 if (iter.HadError()) {
786 LOG(ERROR) << iter.GetLastError();
787 if (iter.HadFatalError()) {
788 return {};
789 }
790 }
791
792 // Need to force a move for mingw32.
793 return std::move(loaded_arsc);
794 }
795
CreateEmpty()796 std::unique_ptr<const LoadedArsc> LoadedArsc::CreateEmpty() {
797 return std::unique_ptr<LoadedArsc>(new LoadedArsc());
798 }
799
800 } // namespace android
801