213 lines
8.5 KiB
C++
213 lines
8.5 KiB
C++
/*
|
|
* Copyright (C) 2019 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include <android-base/result.h>
|
|
|
|
#include <functional>
|
|
#include <optional>
|
|
#include <string>
|
|
#include <unordered_map>
|
|
#include <unordered_set>
|
|
#include <vector>
|
|
|
|
#include "apex_constants.h"
|
|
#include "apex_file.h"
|
|
|
|
namespace android {
|
|
namespace apex {
|
|
|
|
using ApexFileRef = std::reference_wrapper<const android::apex::ApexFile>;
|
|
|
|
// This class serves as a ApexFile repository for all apexes on device. It also
|
|
// provides information about the ApexFiles it hosts, such as which are
|
|
// pre-installed and which are data. Such information can be used, for example,
|
|
// to verify validity of an apex before trying to mount it.
|
|
//
|
|
// It's expected to have a single instance of this class in a process that
|
|
// mounts apexes (e.g. apexd, otapreopt_chroot).
|
|
class ApexFileRepository final {
|
|
public:
|
|
// c-tors and d-tor are exposed for testing.
|
|
explicit ApexFileRepository(
|
|
const std::string& decompression_dir = kApexDecompressedDir)
|
|
: decompression_dir_(decompression_dir){};
|
|
explicit ApexFileRepository(
|
|
bool enforce_multi_install_partition,
|
|
const std::vector<std::string>& multi_install_select_prop_prefixes)
|
|
: multi_install_select_prop_prefixes_(multi_install_select_prop_prefixes),
|
|
enforce_multi_install_partition_(enforce_multi_install_partition){};
|
|
|
|
~ApexFileRepository() {
|
|
pre_installed_store_.clear();
|
|
data_store_.clear();
|
|
};
|
|
|
|
// Returns a singletone instance of this class.
|
|
static ApexFileRepository& GetInstance();
|
|
|
|
// Populate instance by collecting pre-installed apex files from the given
|
|
// |prebuilt_dirs|.
|
|
// Note: this call is **not thread safe** and is expected to be performed in a
|
|
// single thread during initialization of apexd. After initialization is
|
|
// finished, all queries to the instance are thread safe.
|
|
android::base::Result<void> AddPreInstalledApex(
|
|
const std::vector<std::string>& prebuilt_dirs);
|
|
|
|
// Populate instance by collecting host-provided apex files via
|
|
// |metadata_partition|. Host can provide its apexes to a VM instance via the
|
|
// virtual disk image which has partitions: (see
|
|
// /packages/modules/Virtualization/microdroid for the details)
|
|
// - metadata partition(/dev/block/vd*1) should be accessed by
|
|
// setting the system property apexd.payload_metadata.prop. On microdroid,
|
|
// this is /dev/block/by-name/payload-metadata.
|
|
// - each subsequence partition(/dev/block/vd*{2,3,..}) represents an APEX
|
|
// archive.
|
|
// It will fail if there is more than one apex with the same name in
|
|
// pre-installed and block apexes. Note: this call is **not thread safe** and
|
|
// is expected to be performed in a single thread during initialization of
|
|
// apexd. After initialization is finished, all queries to the instance are
|
|
// thread safe.
|
|
// This will return the number of block apexes that were added.
|
|
android::base::Result<int> AddBlockApex(
|
|
const std::string& metadata_partition);
|
|
|
|
// Populate instance by collecting data apex files from the given |data_dir|.
|
|
// Note: this call is **not thread safe** and is expected to be performed in a
|
|
// single thread during initialization of apexd. After initialization is
|
|
// finished, all queries to the instance are thread safe.
|
|
android::base::Result<void> AddDataApex(const std::string& data_dir);
|
|
|
|
// Returns trusted public key for an apex with the given |name|.
|
|
android::base::Result<const std::string> GetPublicKey(
|
|
const std::string& name) const;
|
|
|
|
// Returns path to the pre-installed version of an apex with the given |name|.
|
|
android::base::Result<const std::string> GetPreinstalledPath(
|
|
const std::string& name) const;
|
|
|
|
// Returns path to the data version of an apex with the given |name|.
|
|
android::base::Result<const std::string> GetDataPath(
|
|
const std::string& name) const;
|
|
|
|
// Returns root digest of an apex with the given |path| for block apexes.
|
|
std::optional<std::string> GetBlockApexRootDigest(
|
|
const std::string& path) const;
|
|
|
|
// Returns timestamp to be used for the block apex of the given |path|.
|
|
std::optional<int64_t> GetBlockApexLastUpdateSeconds(
|
|
const std::string& path) const;
|
|
|
|
// Checks whether there is a pre-installed version of an apex with the given
|
|
// |name|.
|
|
bool HasPreInstalledVersion(const std::string& name) const;
|
|
|
|
// Checks whether there is a data version of an apex with the given |name|.
|
|
bool HasDataVersion(const std::string& name) const;
|
|
|
|
// Checks if given |apex| is pre-installed.
|
|
bool IsPreInstalledApex(const ApexFile& apex) const;
|
|
|
|
// Checks if given |apex| is decompressed from a pre-installed APEX
|
|
bool IsDecompressedApex(const ApexFile& apex) const;
|
|
|
|
// Checks if given |apex| is loaded from block device.
|
|
bool IsBlockApex(const ApexFile& apex) const;
|
|
|
|
// Returns reference to all pre-installed APEX on device
|
|
std::vector<ApexFileRef> GetPreInstalledApexFiles() const;
|
|
|
|
// Returns reference to all data APEX on device
|
|
std::vector<ApexFileRef> GetDataApexFiles() const;
|
|
|
|
// Group all ApexFiles on device by their package name
|
|
std::unordered_map<std::string, std::vector<ApexFileRef>> AllApexFilesByName()
|
|
const;
|
|
|
|
// Returns a pre-installed version of apex with the given name. Caller is
|
|
// expected to check if there is a pre-installed apex with the given name
|
|
// using |HasPreinstalledVersion| function.
|
|
ApexFileRef GetPreInstalledApex(const std::string& name) const;
|
|
// Returns a data version of apex with the given name. Caller is
|
|
// expected to check if there is a data apex with the given name
|
|
// using |HasDataVersion| function.
|
|
ApexFileRef GetDataApex(const std::string& name) const;
|
|
|
|
// Clears ApexFileRepostiry.
|
|
// Only use in tests.
|
|
void Reset(const std::string& decompression_dir = kApexDecompressedDir) {
|
|
pre_installed_store_.clear();
|
|
data_store_.clear();
|
|
block_apex_overrides_.clear();
|
|
decompression_dir_ = decompression_dir;
|
|
block_disk_path_.reset();
|
|
}
|
|
|
|
private:
|
|
// Non-copyable && non-moveable.
|
|
ApexFileRepository(const ApexFileRepository&) = delete;
|
|
ApexFileRepository& operator=(const ApexFileRepository&) = delete;
|
|
ApexFileRepository& operator=(ApexFileRepository&&) = delete;
|
|
ApexFileRepository(ApexFileRepository&&) = delete;
|
|
|
|
// Scans apexes in the given directory and adds collected data into
|
|
// |pre_installed_store_|.
|
|
android::base::Result<void> ScanBuiltInDir(const std::string& dir);
|
|
|
|
std::unordered_map<std::string, ApexFile> pre_installed_store_, data_store_;
|
|
|
|
// Multi-installed APEX name -> all encountered public keys for this APEX.
|
|
std::unordered_map<std::string, std::unordered_set<std::string>>
|
|
multi_install_public_keys_;
|
|
|
|
// Prefixes used when looking for multi-installed APEX sysprops.
|
|
// Order matters: the first non-empty prop value is returned.
|
|
std::vector<std::string> multi_install_select_prop_prefixes_ = {
|
|
// Check persist props first, to allow users to override bootconfig.
|
|
kMultiApexSelectPersistPrefix,
|
|
kMultiApexSelectBootconfigPrefix,
|
|
};
|
|
|
|
// Allows multi-install APEXes outside of expected partitions.
|
|
// Only set false in tests.
|
|
bool enforce_multi_install_partition_ = true;
|
|
|
|
// Decompression directory which will be used to determine if apex is
|
|
// decompressed or not
|
|
std::string decompression_dir_;
|
|
|
|
// Disk path where block apexes are read from. AddBlockApex() sets this.
|
|
std::optional<std::string> block_disk_path_;
|
|
|
|
// Information from the metadata for block apexes, overriding the file data.
|
|
struct BlockApexOverride {
|
|
// Root digest for the APEX. When specified in block apex config, it
|
|
// should be used/checked when activating the apex to avoid
|
|
// TOCTOU(time-of-check to time-of-use).
|
|
std::optional<std::string> block_apex_root_digest;
|
|
// The last update time of the APEX.
|
|
std::optional<int64_t> last_update_seconds;
|
|
};
|
|
|
|
// Use "path" as key instead of APEX name because there can be multiple
|
|
// versions of sharedlibs APEXes.
|
|
std::unordered_map<std::string, BlockApexOverride> block_apex_overrides_;
|
|
};
|
|
|
|
} // namespace apex
|
|
} // namespace android
|