Adjust the validation code for secondary dex paths

Do not validate the package path when reconciling secondary dex files. If the file does not exist we cannot resolve the system sym links (e.g. /data/user/0 -> /data/data) and the validation will fail leaving oat files behind. Bug: 64460009 Test: adb shell cmd package reconcile-secondary-dex-files com.google.android.googlequicksearchbox (after removing some files) adb shell cmd package compile -m speed --secondary-dex com.google.android.googlequicksearchbox adb shell /data/nativetest64/installd_utils_test/installd_utils_test Change-Id: I9734ad18a579d44088180326661d8cf8288e90be
author: Calin Juravle 2017-09-11 13:50:36 -0500
committer: Calin Juravle 2017-09-13 10:46:43 -0500
commit: 9cd45602a89b2af5d4b8086cbb806b64ff6b78a4 (patch)
tree: 27206a008f64130f35b51089702f0e607fb16182
parent: a2639d47ee2b0706c8714f9af55177a6b8940cb2 (diff)
download: frameworks-native-9cd45602a89b2af5d4b8086cbb806b64ff6b78a4.tar.gz
frameworks-native-9cd45602a89b2af5d4b8086cbb806b64ff6b78a4.tar.xz
frameworks-native-9cd45602a89b2af5d4b8086cbb806b64ff6b78a4.zip
3 files changed, 21 insertions, 12 deletions
diff --git a/cmds/installd/dexopt.cpp b/cmds/installd/dexopt.cpp
index 3c4a933ad..f29da1745 100644
--- a/cmds/installd/dexopt.cpp
+++ b/cmds/installd/dexopt.cpp
@@ -1796,8 +1796,14 @@ bool reconcile_secondary_dex_file(const std::string& dex_path,
    }
    const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str();
+    // Note that we cannot validate the package path here because the file might not exist
+    // and we cannot call realpath to resolve system symlinks. Since /data/user/0 symlinks to
+    // /data/data/ a lot of validations will fail if we attempt to check the package path.
+    // It is still ok to be more relaxed because any file removal is done after forking and
+    // dropping capabilities.
    if (!validate_secondary_dex_path(pkgname.c_str(), dex_path.c_str(), volume_uuid_cstr,
-            uid, storage_flag)) {
+            uid, storage_flag, /*validate_package_path*/ false)) {
        LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
        return false;
    }
diff --git a/cmds/installd/utils.cpp b/cmds/installd/utils.cpp
index d277bd3ad..dd32ac642 100644
--- a/cmds/installd/utils.cpp
+++ b/cmds/installd/utils.cpp
@@ -801,7 +801,7 @@ int validate_system_app_path(const char* path) {
 }
 bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path,
-        const char* volume_uuid, int uid, int storage_flag) {
+        const char* volume_uuid, int uid, int storage_flag, bool validate_package_path) {
    CHECK(storage_flag == FLAG_STORAGE_CE || storage_flag == FLAG_STORAGE_DE);
    // Empty paths are not allowed.
@@ -815,15 +815,18 @@ bool validate_secondary_dex_path(const std::string& pkgname, const std::string&
    // The path should be at most PKG_PATH_MAX long.
    if (dex_path.size() > PKG_PATH_MAX) { return false; }
-    // The dex_path should be under the app data directory.
+    if (validate_package_path) {
-    std::string app_private_dir = storage_flag == FLAG_STORAGE_CE
+        // If we are asked to validate the package path check that
-        ? create_data_user_ce_package_path(
+        // the dex_path is under the app data directory.
-                volume_uuid, multiuser_get_user_id(uid), pkgname.c_str())
+        std::string app_private_dir = storage_flag == FLAG_STORAGE_CE
-        : create_data_user_de_package_path(
+            ? create_data_user_ce_package_path(
-                volume_uuid, multiuser_get_user_id(uid), pkgname.c_str());
+                    volume_uuid, multiuser_get_user_id(uid), pkgname.c_str())
+            : create_data_user_de_package_path(
-    if (strncmp(dex_path.c_str(), app_private_dir.c_str(), app_private_dir.size()) != 0) {
+                    volume_uuid, multiuser_get_user_id(uid), pkgname.c_str());
-        return false;
+        if (strncmp(dex_path.c_str(), app_private_dir.c_str(), app_private_dir.size()) != 0) {
+            return false;
+        }
    }
    // If we got here we have a valid path.
diff --git a/cmds/installd/utils.h b/cmds/installd/utils.h
index da3a2933e..e938042a3 100644
--- a/cmds/installd/utils.h
+++ b/cmds/installd/utils.h
@@ -125,7 +125,7 @@ std::string read_path_inode(const std::string& parent, const char* name, const c
 int validate_system_app_path(const char* path);
 bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path,
-        const char* volume_uuid, int uid, int storage_flag);
+        const char* volume_uuid, int uid, int storage_flag, bool validate_package_path = true);
 int get_path_from_env(dir_rec_t* rec, const char* var);
author	Calin Juravle	2017-09-11 13:50:36 -0500
committer	Calin Juravle	2017-09-13 10:46:43 -0500
commit	9cd45602a89b2af5d4b8086cbb806b64ff6b78a4 (patch)
tree	27206a008f64130f35b51089702f0e607fb16182
parent	a2639d47ee2b0706c8714f9af55177a6b8940cb2 (diff)
download	frameworks-native-9cd45602a89b2af5d4b8086cbb806b64ff6b78a4.tar.gz frameworks-native-9cd45602a89b2af5d4b8086cbb806b64ff6b78a4.tar.xz frameworks-native-9cd45602a89b2af5d4b8086cbb806b64ff6b78a4.zip

diff --git a/cmds/installd/dexopt.cpp b/cmds/installd/dexopt.cpp index 3c4a933ad..f29da1745 100644 --- a/cmds/installd/dexopt.cpp +++ b/cmds/installd/dexopt.cpp
@@ -1796,8 +1796,14 @@ bool reconcile_secondary_dex_file(const std::string& dex_path,
1796	}	1796	}
1797		1797
1798	const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str();	1798	const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str();
		1799
		1800	// Note that we cannot validate the package path here because the file might not exist
		1801	// and we cannot call realpath to resolve system symlinks. Since /data/user/0 symlinks to
		1802	// /data/data/ a lot of validations will fail if we attempt to check the package path.
		1803	// It is still ok to be more relaxed because any file removal is done after forking and
		1804	// dropping capabilities.
1799	if (!validate_secondary_dex_path(pkgname.c_str(), dex_path.c_str(), volume_uuid_cstr,	1805	if (!validate_secondary_dex_path(pkgname.c_str(), dex_path.c_str(), volume_uuid_cstr,
1800	uid, storage_flag)) {	1806	uid, storage_flag, /validate_package_path/ false)) {
1801	LOG(ERROR) << "Could not validate secondary dex path " << dex_path;	1807	LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
1802	return false;	1808	return false;
1803	}	1809	}


diff --git a/cmds/installd/utils.cpp b/cmds/installd/utils.cpp index d277bd3ad..dd32ac642 100644 --- a/cmds/installd/utils.cpp +++ b/cmds/installd/utils.cpp
@@ -801,7 +801,7 @@ int validate_system_app_path(const char* path) {
801	}	801	}
802		802
803	bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path,	803	bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path,
804	const char* volume_uuid, int uid, int storage_flag) {	804	const char* volume_uuid, int uid, int storage_flag, bool validate_package_path) {
805	CHECK(storage_flag == FLAG_STORAGE_CE \|\| storage_flag == FLAG_STORAGE_DE);	805	CHECK(storage_flag == FLAG_STORAGE_CE \|\| storage_flag == FLAG_STORAGE_DE);
806		806
807	// Empty paths are not allowed.	807	// Empty paths are not allowed.
@@ -815,15 +815,18 @@ bool validate_secondary_dex_path(const std::string& pkgname, const std::string&
815	// The path should be at most PKG_PATH_MAX long.	815	// The path should be at most PKG_PATH_MAX long.
816	if (dex_path.size() > PKG_PATH_MAX) { return false; }	816	if (dex_path.size() > PKG_PATH_MAX) { return false; }
817		817
818	// The dex_path should be under the app data directory.	818	if (validate_package_path) {
819	std::string app_private_dir = storage_flag == FLAG_STORAGE_CE	819	// If we are asked to validate the package path check that
820	? create_data_user_ce_package_path(	820	// the dex_path is under the app data directory.
821	volume_uuid, multiuser_get_user_id(uid), pkgname.c_str())	821	std::string app_private_dir = storage_flag == FLAG_STORAGE_CE
822	: create_data_user_de_package_path(	822	? create_data_user_ce_package_path(
823	volume_uuid, multiuser_get_user_id(uid), pkgname.c_str());	823	volume_uuid, multiuser_get_user_id(uid), pkgname.c_str())
824		824	: create_data_user_de_package_path(
825	if (strncmp(dex_path.c_str(), app_private_dir.c_str(), app_private_dir.size()) != 0) {	825	volume_uuid, multiuser_get_user_id(uid), pkgname.c_str());
826	return false;	826
		827	if (strncmp(dex_path.c_str(), app_private_dir.c_str(), app_private_dir.size()) != 0) {
		828	return false;
		829	}
827	}	830	}
828		831
829	// If we got here we have a valid path.	832	// If we got here we have a valid path.


diff --git a/cmds/installd/utils.h b/cmds/installd/utils.h index da3a2933e..e938042a3 100644 --- a/cmds/installd/utils.h +++ b/cmds/installd/utils.h
@@ -125,7 +125,7 @@ std::string read_path_inode(const std::string& parent, const char* name, const c
125		125
126	int validate_system_app_path(const char* path);	126	int validate_system_app_path(const char* path);
127	bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path,	127	bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path,
128	const char* volume_uuid, int uid, int storage_flag);	128	const char* volume_uuid, int uid, int storage_flag, bool validate_package_path = true);
129		129
130	int get_path_from_env(dir_rec_t* rec, const char* var);	130	int get_path_from_env(dir_rec_t* rec, const char* var);
131		131