/*
|
* Copyright (C) 2019 The Android Open Source Project
|
*
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
* you may not use this file except in compliance with the License.
|
* You may obtain a copy of the License at
|
*
|
* http://www.apache.org/licenses/LICENSE-2.0
|
*
|
* Unless required by applicable law or agreed to in writing, software
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
* See the License for the specific language governing permissions and
|
* limitations under the License.
|
*/
|
|
#include "apex_shim.h"
|
|
#include <android-base/file.h>
|
#include <android-base/logging.h>
|
#include <android-base/stringprintf.h>
|
#include <android-base/strings.h>
|
#include <openssl/sha.h>
|
#include <filesystem>
|
#include <fstream>
|
#include <sstream>
|
#include <unordered_set>
|
|
#include "apex_file.h"
|
#include "status.h"
|
#include "status_or.h"
|
#include "string_log.h"
|
|
namespace android {
|
namespace apex {
|
namespace shim {
|
|
namespace fs = std::filesystem;
|
|
namespace {
|
|
static constexpr const char* kApexCtsShimPackage = "com.android.apex.cts.shim";
|
static constexpr const char* kHashFileName = "hash.txt";
|
static constexpr const int kBufSize = 1024;
|
static constexpr const char* kApexManifestFileName = "apex_manifest.json";
|
static constexpr const char* kEtcFolderName = "etc";
|
static constexpr const char* kLostFoundFolderName = "lost+found";
|
static constexpr const fs::perms kFordbiddenFilePermissions =
|
fs::perms::owner_exec | fs::perms::group_exec | fs::perms::others_exec;
|
|
StatusOr<std::string> CalculateSha512(const std::string& path) {
|
using StatusT = StatusOr<std::string>;
|
LOG(DEBUG) << "Calculating SHA512 of " << path;
|
SHA512_CTX ctx;
|
SHA512_Init(&ctx);
|
std::ifstream apex(path, std::ios::binary);
|
if (apex.bad()) {
|
return StatusT::MakeError(StringLog() << "Failed to open " << path);
|
}
|
char buf[kBufSize];
|
while (!apex.eof()) {
|
apex.read(buf, kBufSize);
|
if (apex.bad()) {
|
return StatusT::MakeError(StringLog() << "Failed to read " << path);
|
}
|
int bytes_read = apex.gcount();
|
SHA512_Update(&ctx, buf, bytes_read);
|
}
|
uint8_t hash[SHA512_DIGEST_LENGTH];
|
SHA512_Final(hash, &ctx);
|
std::stringstream ss;
|
ss << std::hex;
|
for (int i = 0; i < SHA512_DIGEST_LENGTH; i++) {
|
ss << std::setw(2) << std::setfill('0') << static_cast<int>(hash[i]);
|
}
|
return StatusT(ss.str());
|
}
|
|
StatusOr<std::vector<std::string>> ReadSha512(const std::string& path) {
|
using android::base::ReadFileToString;
|
using android::base::StringPrintf;
|
using StatusT = StatusOr<std::vector<std::string>>;
|
const std::string& file_path =
|
StringPrintf("%s/%s/%s", path.c_str(), kEtcFolderName, kHashFileName);
|
LOG(DEBUG) << "Reading SHA512 from " << file_path;
|
std::string hash;
|
if (!ReadFileToString(file_path, &hash, false /* follows symlinks */)) {
|
return StatusT::MakeError(PStringLog() << "Failed to read " << file_path);
|
}
|
return StatusT(android::base::Split(hash, "\n"));
|
}
|
|
Status IsRegularFile(const fs::directory_entry& entry) {
|
const fs::path& path = entry.path();
|
std::error_code ec;
|
fs::file_status status = entry.status(ec);
|
if (ec) {
|
return Status::Fail(StringLog()
|
<< "Failed to stat " << path << " : " << ec);
|
}
|
if (!fs::is_regular_file(status)) {
|
return Status::Fail(StringLog() << path << " is not a file");
|
}
|
if ((status.permissions() & kFordbiddenFilePermissions) != fs::perms::none) {
|
return Status::Fail(StringLog() << path << " has illegal permissions");
|
}
|
// TODO: consider checking that file only contains ascii characters.
|
return Status::Success();
|
}
|
|
Status IsHashTxt(const fs::directory_entry& entry) {
|
LOG(DEBUG) << "Checking if " << entry.path() << " is an allowed file";
|
const Status& status = IsRegularFile(entry);
|
if (!status.Ok()) {
|
return status;
|
}
|
if (entry.path().filename() != kHashFileName) {
|
return Status::Fail(StringLog() << "Illegal file " << entry.path());
|
}
|
return Status::Success();
|
}
|
|
Status IsWhitelistedTopLevelEntry(const fs::directory_entry& entry) {
|
LOG(DEBUG) << "Checking if " << entry.path() << " is an allowed directory";
|
std::error_code ec;
|
const fs::path& path = entry.path();
|
if (path.filename() == kLostFoundFolderName) {
|
bool is_empty = fs::is_empty(path, ec);
|
if (ec) {
|
return Status::Fail(StringLog()
|
<< "Failed to scan " << path << " : " << ec);
|
}
|
if (is_empty) {
|
return Status::Success();
|
} else {
|
return Status::Fail(StringLog() << path << " is not empty");
|
}
|
} else if (path.filename() == kEtcFolderName) {
|
auto iter = fs::directory_iterator(path, ec);
|
if (ec) {
|
return Status::Fail(StringLog()
|
<< "Failed to scan " << path << " : " << ec);
|
}
|
bool is_empty = fs::is_empty(path, ec);
|
if (ec) {
|
return Status::Fail(StringLog()
|
<< "Failed to scan " << path << " : " << ec);
|
}
|
if (is_empty) {
|
return Status::Fail(StringLog()
|
<< path << " should contain " << kHashFileName);
|
}
|
// TODO: change to non-throwing iterator.
|
while (iter != fs::end(iter)) {
|
const Status& status = IsHashTxt(*iter);
|
if (!status.Ok()) {
|
return status;
|
}
|
iter = iter.increment(ec);
|
if (ec) {
|
return Status::Fail(StringLog()
|
<< "Failed to scan " << path << " : " << ec);
|
}
|
}
|
return Status::Success();
|
} else if (path.filename() == kApexManifestFileName) {
|
return IsRegularFile(entry);
|
} else {
|
return Status::Fail(StringLog() << "Illegal entry " << path);
|
}
|
}
|
|
} // namespace
|
|
bool IsShimApex(const ApexFile& apex_file) {
|
return apex_file.GetManifest().name() == kApexCtsShimPackage;
|
}
|
|
Status ValidateShimApex(const std::string& mount_point,
|
const ApexFile& apex_file) {
|
LOG(DEBUG) << "Validating shim apex " << mount_point;
|
const ApexManifest& manifest = apex_file.GetManifest();
|
if (!manifest.preinstallhook().empty() ||
|
!manifest.postinstallhook().empty()) {
|
return Status::Fail(
|
"Shim apex is not allowed to have pre or post install hooks");
|
}
|
std::error_code ec;
|
auto iter = fs::directory_iterator(mount_point, ec);
|
if (ec) {
|
return Status::Fail(StringLog()
|
<< "Failed to scan " << mount_point << " : " << ec);
|
}
|
// Unfortunately fs::directory_iterator::operator++ can throw an exception,
|
// which means that it's impossible to use range-based for loop here.
|
// TODO: wrap into a non-throwing iterator to support range-based for loop.
|
while (iter != fs::end(iter)) {
|
const Status& status = IsWhitelistedTopLevelEntry(*iter);
|
if (!status.Ok()) {
|
return status;
|
}
|
iter = iter.increment(ec);
|
if (ec) {
|
return Status::Fail(StringLog()
|
<< "Failed to scan " << mount_point << " : " << ec);
|
}
|
}
|
return Status::Success();
|
}
|
|
Status ValidateUpdate(const std::string& system_apex_path,
|
const std::string& new_apex_path) {
|
LOG(DEBUG) << "Validating update of shim apex to " << new_apex_path
|
<< " using system shim apex " << system_apex_path;
|
auto allowed = ReadSha512(system_apex_path);
|
if (!allowed.Ok()) {
|
return allowed.ErrorStatus();
|
}
|
auto actual = CalculateSha512(new_apex_path);
|
if (!actual.Ok()) {
|
return actual.ErrorStatus();
|
}
|
auto it = std::find(allowed->begin(), allowed->end(), *actual);
|
if (it == allowed->end()) {
|
return Status::Fail(StringLog()
|
<< new_apex_path << " has unexpected SHA512 hash "
|
<< *actual);
|
}
|
return Status::Success();
|
}
|
|
} // namespace shim
|
} // namespace apex
|
} // namespace android
|
