/* * Copyright (C) 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #pragma once #include #include #include #include #include #include #include #include "apex_constants.h" #include "apex_file.h" namespace android { namespace apex { using ApexFileRef = std::reference_wrapper; // This class serves as a ApexFile repository for all apexes on device. It also // provides information about the ApexFiles it hosts, such as which are // pre-installed and which are data. Such information can be used, for example, // to verify validity of an apex before trying to mount it. // // It's expected to have a single instance of this class in a process that // mounts apexes (e.g. apexd, otapreopt_chroot). class ApexFileRepository final { public: // c-tors and d-tor are exposed for testing. explicit ApexFileRepository( const std::string& decompression_dir = kApexDecompressedDir) : decompression_dir_(decompression_dir){}; explicit ApexFileRepository( bool enforce_multi_install_partition, const std::vector& multi_install_select_prop_prefixes) : multi_install_select_prop_prefixes_(multi_install_select_prop_prefixes), enforce_multi_install_partition_(enforce_multi_install_partition){}; ~ApexFileRepository() { pre_installed_store_.clear(); data_store_.clear(); }; // Returns a singletone instance of this class. static ApexFileRepository& GetInstance(); // Populate instance by collecting pre-installed apex files from the given // |prebuilt_dirs|. // Note: this call is **not thread safe** and is expected to be performed in a // single thread during initialization of apexd. After initialization is // finished, all queries to the instance are thread safe. android::base::Result AddPreInstalledApex( const std::vector& prebuilt_dirs); // Populate instance by collecting host-provided apex files via // |metadata_partition|. Host can provide its apexes to a VM instance via the // virtual disk image which has partitions: (see // /packages/modules/Virtualization/microdroid for the details) // - metadata partition(/dev/block/vd*1) should be accessed by // setting the system property apexd.payload_metadata.prop. On microdroid, // this is /dev/block/by-name/payload-metadata. // - each subsequence partition(/dev/block/vd*{2,3,..}) represents an APEX // archive. // It will fail if there is more than one apex with the same name in // pre-installed and block apexes. Note: this call is **not thread safe** and // is expected to be performed in a single thread during initialization of // apexd. After initialization is finished, all queries to the instance are // thread safe. // This will return the number of block apexes that were added. android::base::Result AddBlockApex( const std::string& metadata_partition); // Populate instance by collecting data apex files from the given |data_dir|. // Note: this call is **not thread safe** and is expected to be performed in a // single thread during initialization of apexd. After initialization is // finished, all queries to the instance are thread safe. android::base::Result AddDataApex(const std::string& data_dir); // Returns trusted public key for an apex with the given |name|. android::base::Result GetPublicKey( const std::string& name) const; // Returns path to the pre-installed version of an apex with the given |name|. android::base::Result GetPreinstalledPath( const std::string& name) const; // Returns path to the data version of an apex with the given |name|. android::base::Result GetDataPath( const std::string& name) const; // Returns root digest of an apex with the given |path| for block apexes. std::optional GetBlockApexRootDigest( const std::string& path) const; // Returns timestamp to be used for the block apex of the given |path|. std::optional GetBlockApexLastUpdateSeconds( const std::string& path) const; // Checks whether there is a pre-installed version of an apex with the given // |name|. bool HasPreInstalledVersion(const std::string& name) const; // Checks whether there is a data version of an apex with the given |name|. bool HasDataVersion(const std::string& name) const; // Checks if given |apex| is pre-installed. bool IsPreInstalledApex(const ApexFile& apex) const; // Checks if given |apex| is decompressed from a pre-installed APEX bool IsDecompressedApex(const ApexFile& apex) const; // Checks if given |apex| is loaded from block device. bool IsBlockApex(const ApexFile& apex) const; // Returns reference to all pre-installed APEX on device std::vector GetPreInstalledApexFiles() const; // Returns reference to all data APEX on device std::vector GetDataApexFiles() const; // Group all ApexFiles on device by their package name std::unordered_map> AllApexFilesByName() const; // Returns a pre-installed version of apex with the given name. Caller is // expected to check if there is a pre-installed apex with the given name // using |HasPreinstalledVersion| function. ApexFileRef GetPreInstalledApex(const std::string& name) const; // Returns a data version of apex with the given name. Caller is // expected to check if there is a data apex with the given name // using |HasDataVersion| function. ApexFileRef GetDataApex(const std::string& name) const; // Clears ApexFileRepostiry. // Only use in tests. void Reset(const std::string& decompression_dir = kApexDecompressedDir) { pre_installed_store_.clear(); data_store_.clear(); block_apex_overrides_.clear(); decompression_dir_ = decompression_dir; block_disk_path_.reset(); } private: // Non-copyable && non-moveable. ApexFileRepository(const ApexFileRepository&) = delete; ApexFileRepository& operator=(const ApexFileRepository&) = delete; ApexFileRepository& operator=(ApexFileRepository&&) = delete; ApexFileRepository(ApexFileRepository&&) = delete; // Scans apexes in the given directory and adds collected data into // |pre_installed_store_|. android::base::Result ScanBuiltInDir(const std::string& dir); std::unordered_map pre_installed_store_, data_store_; // Multi-installed APEX name -> all encountered public keys for this APEX. std::unordered_map> multi_install_public_keys_; // Prefixes used when looking for multi-installed APEX sysprops. // Order matters: the first non-empty prop value is returned. std::vector multi_install_select_prop_prefixes_ = { // Check persist props first, to allow users to override bootconfig. kMultiApexSelectPersistPrefix, kMultiApexSelectBootconfigPrefix, }; // Allows multi-install APEXes outside of expected partitions. // Only set false in tests. bool enforce_multi_install_partition_ = true; // Decompression directory which will be used to determine if apex is // decompressed or not std::string decompression_dir_; // Disk path where block apexes are read from. AddBlockApex() sets this. std::optional block_disk_path_; // Information from the metadata for block apexes, overriding the file data. struct BlockApexOverride { // Root digest for the APEX. When specified in block apex config, it // should be used/checked when activating the apex to avoid // TOCTOU(time-of-check to time-of-use). std::optional block_apex_root_digest; // The last update time of the APEX. std::optional last_update_seconds; }; // Use "path" as key instead of APEX name because there can be multiple // versions of sharedlibs APEXes. std::unordered_map block_apex_overrides_; }; } // namespace apex } // namespace android