/*
|
* Copyright (C) 2019 The Android Open Source Project
|
*
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
* you may not use this file except in compliance with the License.
|
* You may obtain a copy of the License at
|
*
|
* http://www.apache.org/licenses/LICENSE-2.0
|
*
|
* Unless required by applicable law or agreed to in writing, software
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
* See the License for the specific language governing permissions and
|
* limitations under the License.
|
*/
|
|
#include "gsi_service.h"
|
|
#include <errno.h>
|
#include <linux/fs.h>
|
#include <sys/ioctl.h>
|
#include <sys/stat.h>
|
#include <sys/statvfs.h>
|
#include <sys/types.h>
|
#include <sys/vfs.h>
|
#include <unistd.h>
|
|
#include <chrono>
|
#include <string>
|
#include <vector>
|
|
#include <android-base/file.h>
|
#include <android-base/logging.h>
|
#include <android-base/stringprintf.h>
|
#include <android-base/strings.h>
|
#include <android/gsi/IGsiService.h>
|
#include <ext4_utils/ext4_utils.h>
|
#include <fs_mgr.h>
|
#include <fs_mgr_dm_linear.h>
|
#include <fstab/fstab.h>
|
#include <libdm/dm.h>
|
#include <libfiemap_writer/fiemap_writer.h>
|
#include <logwrap/logwrap.h>
|
#include <private/android_filesystem_config.h>
|
|
#include "file_paths.h"
|
#include "libgsi_private.h"
|
|
namespace android {
|
namespace gsi {
|
|
using namespace std::literals;
|
using namespace android::dm;
|
using namespace android::fs_mgr;
|
using namespace android::fiemap_writer;
|
using android::base::StringPrintf;
|
using android::base::unique_fd;
|
|
static constexpr char kUserdataDevice[] = "/dev/block/by-name/UDISK";
|
|
// The default size of userdata.img for GSI.
|
// We are looking for /data to have atleast 40% free space
|
static constexpr uint32_t kMinimumFreeSpaceThreshold = 40;
|
// We determine the fragmentation by making sure the files
|
// we create don't have more than 16 extents.
|
static constexpr uint32_t kMaximumExtents = 512;
|
// Default userdata image size.
|
static constexpr int64_t kDefaultUserdataSize = int64_t(8) * 1024 * 1024 * 1024;
|
static constexpr std::chrono::milliseconds kDmTimeout = 5000ms;
|
|
void GsiService::Register() {
|
auto ret = android::BinderService<GsiService>::publish();
|
if (ret != android::OK) {
|
LOG(FATAL) << "Could not register gsi service: " << ret;
|
}
|
}
|
|
GsiService::GsiService() {
|
progress_ = {};
|
}
|
|
GsiService::~GsiService() {
|
PostInstallCleanup();
|
}
|
|
#define ENFORCE_SYSTEM \
|
do { \
|
binder::Status status = CheckUid(); \
|
if (!status.isOk()) return status; \
|
} while (0)
|
|
#define ENFORCE_SYSTEM_OR_SHELL \
|
do { \
|
binder::Status status = CheckUid(AccessLevel::SystemOrShell); \
|
if (!status.isOk()) return status; \
|
} while (0)
|
|
binder::Status GsiService::startGsiInstall(int64_t gsiSize, int64_t userdataSize, bool wipeUserdata,
|
int* _aidl_return) {
|
GsiInstallParams params;
|
params.gsiSize = gsiSize;
|
params.userdataSize = userdataSize;
|
params.wipeUserdata = wipeUserdata;
|
return beginGsiInstall(params, _aidl_return);
|
}
|
|
binder::Status GsiService::beginGsiInstall(const GsiInstallParams& given_params, int* _aidl_return) {
|
ENFORCE_SYSTEM;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
// Make sure any interrupted installations are cleaned up.
|
PostInstallCleanup();
|
|
// Do some precursor validation on the arguments before diving into the
|
// install process.
|
GsiInstallParams params = given_params;
|
if (int status = ValidateInstallParams(¶ms)) {
|
*_aidl_return = status;
|
return binder::Status::ok();
|
}
|
|
int status = StartInstall(params);
|
if (status != INSTALL_OK) {
|
// Perform local cleanup and delete any lingering files.
|
PostInstallCleanup();
|
RemoveGsiFiles(params.installDir, wipe_userdata_on_failure_);
|
}
|
*_aidl_return = status;
|
|
// Clear the progress indicator.
|
UpdateProgress(STATUS_NO_OPERATION, 0);
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::commitGsiChunkFromStream(const android::os::ParcelFileDescriptor& stream,
|
int64_t bytes, bool* _aidl_return) {
|
ENFORCE_SYSTEM;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
*_aidl_return = CommitGsiChunk(stream.get(), bytes);
|
|
// Clear the progress indicator.
|
UpdateProgress(STATUS_NO_OPERATION, 0);
|
return binder::Status::ok();
|
}
|
|
void GsiService::StartAsyncOperation(const std::string& step, int64_t total_bytes) {
|
std::lock_guard<std::mutex> guard(progress_lock_);
|
|
progress_.step = step;
|
progress_.status = STATUS_WORKING;
|
progress_.bytes_processed = 0;
|
progress_.total_bytes = total_bytes;
|
}
|
|
void GsiService::UpdateProgress(int status, int64_t bytes_processed) {
|
std::lock_guard<std::mutex> guard(progress_lock_);
|
|
progress_.status = status;
|
if (status == STATUS_COMPLETE) {
|
progress_.bytes_processed = progress_.total_bytes;
|
} else {
|
progress_.bytes_processed = bytes_processed;
|
}
|
}
|
|
binder::Status GsiService::getInstallProgress(::android::gsi::GsiProgress* _aidl_return) {
|
ENFORCE_SYSTEM;
|
std::lock_guard<std::mutex> guard(progress_lock_);
|
|
*_aidl_return = progress_;
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::commitGsiChunkFromMemory(const std::vector<uint8_t>& bytes,
|
bool* _aidl_return) {
|
ENFORCE_SYSTEM;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
*_aidl_return = CommitGsiChunk(bytes.data(), bytes.size());
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::setGsiBootable(bool one_shot, int* _aidl_return) {
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
if (installing_) {
|
ENFORCE_SYSTEM;
|
int error = SetGsiBootable(one_shot);
|
PostInstallCleanup();
|
if (error) {
|
RemoveGsiFiles(install_dir_, wipe_userdata_on_failure_);
|
*_aidl_return = error;
|
} else {
|
*_aidl_return = INSTALL_OK;
|
}
|
} else {
|
ENFORCE_SYSTEM_OR_SHELL;
|
*_aidl_return = ReenableGsi(one_shot);
|
PostInstallCleanup();
|
}
|
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::isGsiEnabled(bool* _aidl_return) {
|
ENFORCE_SYSTEM_OR_SHELL;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
std::string boot_key;
|
if (!GetInstallStatus(&boot_key)) {
|
*_aidl_return = false;
|
} else {
|
*_aidl_return = (boot_key == kInstallStatusOk);
|
}
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::removeGsiInstall(bool* _aidl_return) {
|
ENFORCE_SYSTEM_OR_SHELL;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
// Just in case an install was left hanging.
|
std::string install_dir;
|
if (installing_) {
|
install_dir = install_dir_;
|
PostInstallCleanup();
|
} else {
|
install_dir = GetInstalledImageDir();
|
}
|
|
if (IsGsiRunning()) {
|
// Can't remove gsi files while running.
|
*_aidl_return = UninstallGsi();
|
} else {
|
*_aidl_return = RemoveGsiFiles(install_dir, true /* wipeUserdata */);
|
}
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::disableGsiInstall(bool* _aidl_return) {
|
ENFORCE_SYSTEM_OR_SHELL;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
*_aidl_return = DisableGsiInstall();
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::isGsiRunning(bool* _aidl_return) {
|
ENFORCE_SYSTEM_OR_SHELL;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
*_aidl_return = IsGsiRunning();
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::isGsiInstalled(bool* _aidl_return) {
|
ENFORCE_SYSTEM_OR_SHELL;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
*_aidl_return = IsGsiInstalled();
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::isGsiInstallInProgress(bool* _aidl_return) {
|
ENFORCE_SYSTEM_OR_SHELL;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
*_aidl_return = installing_;
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::cancelGsiInstall(bool* _aidl_return) {
|
ENFORCE_SYSTEM;
|
should_abort_ = true;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
should_abort_ = false;
|
if (installing_) {
|
PostInstallCleanup();
|
RemoveGsiFiles(install_dir_, wipe_userdata_on_failure_);
|
}
|
|
*_aidl_return = true;
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::getGsiBootStatus(int* _aidl_return) {
|
ENFORCE_SYSTEM_OR_SHELL;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
if (!IsGsiInstalled()) {
|
*_aidl_return = BOOT_STATUS_NOT_INSTALLED;
|
return binder::Status::ok();
|
}
|
|
std::string boot_key;
|
if (!GetInstallStatus(&boot_key)) {
|
PLOG(ERROR) << "read " << kGsiInstallStatusFile;
|
*_aidl_return = BOOT_STATUS_NOT_INSTALLED;
|
return binder::Status::ok();
|
}
|
|
bool single_boot = !access(kGsiOneShotBootFile, F_OK);
|
|
if (boot_key == kInstallStatusWipe) {
|
// This overrides all other statuses.
|
*_aidl_return = BOOT_STATUS_WILL_WIPE;
|
} else if (boot_key == kInstallStatusDisabled) {
|
// A single-boot GSI will have a "disabled" status, because it's
|
// disabled immediately upon reading the one_shot_boot file. However,
|
// we still want to return SINGLE_BOOT, because it makes the
|
// transition clearer to the user.
|
if (single_boot) {
|
*_aidl_return = BOOT_STATUS_SINGLE_BOOT;
|
} else {
|
*_aidl_return = BOOT_STATUS_DISABLED;
|
}
|
} else if (single_boot) {
|
*_aidl_return = BOOT_STATUS_SINGLE_BOOT;
|
} else {
|
*_aidl_return = BOOT_STATUS_ENABLED;
|
}
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::getUserdataImageSize(int64_t* _aidl_return) {
|
ENFORCE_SYSTEM;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
*_aidl_return = -1;
|
|
if (installing_) {
|
// Size has already been computed.
|
*_aidl_return = userdata_size_;
|
} else if (IsGsiRunning()) {
|
// :TODO: libdm
|
unique_fd fd(open(kUserdataDevice, O_RDONLY | O_NOFOLLOW | O_CLOEXEC));
|
if (fd < 0) {
|
PLOG(ERROR) << "open " << kUserdataDevice;
|
return binder::Status::ok();
|
}
|
|
int64_t size;
|
if (ioctl(fd, BLKGETSIZE64, &size)) {
|
PLOG(ERROR) << "BLKGETSIZE64 " << kUserdataDevice;
|
return binder::Status::ok();
|
}
|
*_aidl_return = size;
|
} else {
|
// Stat the size of the userdata file.
|
auto userdata_gsi = GetInstalledImagePath("userdata_gsi");
|
struct stat s;
|
if (stat(userdata_gsi.c_str(), &s)) {
|
if (errno != ENOENT) {
|
PLOG(ERROR) << "open " << userdata_gsi;
|
return binder::Status::ok();
|
}
|
*_aidl_return = 0;
|
} else {
|
*_aidl_return = s.st_size;
|
}
|
}
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::getInstalledGsiImageDir(std::string* _aidl_return) {
|
ENFORCE_SYSTEM;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
if (IsGsiInstalled()) {
|
*_aidl_return = GetInstalledImageDir();
|
}
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::wipeGsiUserdata(int* _aidl_return) {
|
ENFORCE_SYSTEM_OR_SHELL;
|
std::lock_guard<std::mutex> guard(main_lock_);
|
|
if (IsGsiRunning() || !IsGsiInstalled()) {
|
*_aidl_return = IGsiService::INSTALL_ERROR_GENERIC;
|
return binder::Status::ok();
|
}
|
|
*_aidl_return = WipeUserdata();
|
|
return binder::Status::ok();
|
}
|
|
binder::Status GsiService::CheckUid(AccessLevel level) {
|
std::vector<uid_t> allowed_uids{AID_ROOT, AID_SYSTEM};
|
if (level == AccessLevel::SystemOrShell) {
|
allowed_uids.push_back(AID_SHELL);
|
}
|
|
uid_t uid = IPCThreadState::self()->getCallingUid();
|
for (const auto& allowed_uid : allowed_uids) {
|
if (allowed_uid == uid) {
|
return binder::Status::ok();
|
}
|
}
|
|
auto message = StringPrintf("UID %d is not allowed", uid);
|
return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY,
|
String8(message.c_str()));
|
}
|
|
void GsiService::PostInstallCleanup() {
|
// This must be closed before unmapping partitions.
|
system_writer_ = nullptr;
|
|
const auto& dm = DeviceMapper::Instance();
|
if (dm.GetState("userdata_gsi") != DmDeviceState::INVALID) {
|
DestroyLogicalPartition("userdata_gsi", kDmTimeout);
|
}
|
if (dm.GetState("system_gsi") != DmDeviceState::INVALID) {
|
DestroyLogicalPartition("system_gsi", kDmTimeout);
|
}
|
|
installing_ = false;
|
partitions_ .clear();
|
}
|
|
static bool IsExternalStoragePath(const std::string& path) {
|
if (!android::base::StartsWith(path, "/mnt/media_rw/")) {
|
return false;
|
}
|
unique_fd fd(open(path.c_str(), O_RDONLY | O_CLOEXEC | O_NOFOLLOW));
|
if (fd < 0) {
|
PLOG(ERROR) << "open failed: " << path;
|
return false;
|
}
|
struct statfs info;
|
if (fstatfs(fd, &info)) {
|
PLOG(ERROR) << "statfs failed: " << path;
|
return false;
|
}
|
LOG(ERROR) << "fs type: " << info.f_type;
|
return info.f_type == MSDOS_SUPER_MAGIC;
|
}
|
|
int GsiService::ValidateInstallParams(GsiInstallParams* params) {
|
// If no install path was specified, use the default path. We also allow
|
// specifying the top-level folder, and then we choose the correct location
|
// underneath.
|
if (params->installDir.empty() || params->installDir == "/data/gsi") {
|
params->installDir = kDefaultGsiImageFolder;
|
}
|
|
// Normalize the path and add a trailing slash.
|
std::string origInstallDir = params->installDir;
|
if (!android::base::Realpath(origInstallDir, ¶ms->installDir)) {
|
PLOG(ERROR) << "realpath failed: " << origInstallDir;
|
return INSTALL_ERROR_GENERIC;
|
}
|
// Ensure the path ends in / for consistency. Even though GetImagePath()
|
// does this already, we want it to appear this way in install_dir.
|
if (!android::base::EndsWith(params->installDir, "/")) {
|
params->installDir += "/";
|
}
|
|
// Currently, we can only install to /data/gsi/ or external storage.
|
if (IsExternalStoragePath(params->installDir)) {
|
Fstab fstab;
|
if (!ReadDefaultFstab(&fstab)) {
|
LOG(ERROR) << "cannot read default fstab";
|
return INSTALL_ERROR_GENERIC;
|
}
|
FstabEntry* system = GetEntryForMountPoint(&fstab, "/system");
|
if (!system) {
|
LOG(ERROR) << "cannot find /system fstab entry";
|
return INSTALL_ERROR_GENERIC;
|
}
|
if (fs_mgr_verity_is_check_at_most_once(*system)) {
|
LOG(ERROR) << "cannot install GSIs to external media if verity uses check_at_most_once";
|
return INSTALL_ERROR_GENERIC;
|
}
|
} else if (params->installDir != kDefaultGsiImageFolder) {
|
LOG(ERROR) << "cannot install GSI to " << params->installDir;
|
return INSTALL_ERROR_GENERIC;
|
}
|
|
if (params->gsiSize % LP_SECTOR_SIZE) {
|
LOG(ERROR) << "GSI size " << params->gsiSize << " is not a multiple of " << LP_SECTOR_SIZE;
|
return INSTALL_ERROR_GENERIC;
|
}
|
if (params->userdataSize % LP_SECTOR_SIZE) {
|
LOG(ERROR) << "userdata size " << params->userdataSize << " is not a multiple of "
|
<< LP_SECTOR_SIZE;
|
return INSTALL_ERROR_GENERIC;
|
}
|
return INSTALL_OK;
|
}
|
|
int GsiService::StartInstall(const GsiInstallParams& params) {
|
installing_ = true;
|
userdata_block_size_ = 0;
|
system_block_size_ = 0;
|
gsi_size_ = params.gsiSize;
|
userdata_size_ = (params.userdataSize) ? params.userdataSize : kDefaultUserdataSize;
|
wipe_userdata_ = params.wipeUserdata;
|
can_use_devicemapper_ = false;
|
gsi_bytes_written_ = 0;
|
install_dir_ = params.installDir;
|
|
userdata_gsi_path_ = GetImagePath(install_dir_, "userdata_gsi");
|
system_gsi_path_ = GetImagePath(install_dir_, "system_gsi");
|
|
// Only rm userdata_gsi if one didn't already exist.
|
wipe_userdata_on_failure_ = wipe_userdata_ || access(userdata_gsi_path_.c_str(), F_OK);
|
|
if (int status = PerformSanityChecks()) {
|
return status;
|
}
|
if (int status = PreallocateFiles()) {
|
return status;
|
}
|
if (int status = DetermineReadWriteMethod()) {
|
return status;
|
}
|
if (!FormatUserdata()) {
|
return INSTALL_ERROR_GENERIC;
|
}
|
|
// Map system_gsi so we can write to it.
|
system_writer_ = OpenPartition("system_gsi");
|
if (!system_writer_) {
|
return INSTALL_ERROR_GENERIC;
|
}
|
return INSTALL_OK;
|
}
|
|
int GsiService::DetermineReadWriteMethod() {
|
// If there is a device-mapper node wrapping the block device, then we're
|
// able to create another node around it; the dm layer does not carry the
|
// exclusion lock down the stack when a mount occurs.
|
//
|
// If there is no intermediate device-mapper node, then partitions cannot be
|
// opened writable due to sepolicy and exclusivity of having a mounted
|
// filesystem. This should only happen on devices with no encryption, or
|
// devices with FBE and no metadata encryption. For these cases it suffices
|
// to perform normal file writes to /data/gsi (which is unencrypted).
|
std::string block_device;
|
if (!FiemapWriter::GetBlockDeviceForFile(system_gsi_path_.c_str(), &block_device,
|
&can_use_devicemapper_)) {
|
return INSTALL_ERROR_GENERIC;
|
}
|
if (install_dir_ != kDefaultGsiImageFolder && can_use_devicemapper_) {
|
// Never use device-mapper on external media. We don't support adopted
|
// storage yet, and accidentally using device-mapper could be dangerous
|
// as we hardcode the userdata device as backing storage.
|
LOG(ERROR) << "unexpected device-mapper node used to mount external media";
|
return INSTALL_ERROR_GENERIC;
|
}
|
return INSTALL_OK;
|
}
|
|
std::string GsiService::GetImagePath(const std::string& image_dir, const std::string& name) {
|
std::string dir = image_dir;
|
if (!android::base::EndsWith(dir, "/")) {
|
dir += "/";
|
}
|
return dir + name + ".img";
|
}
|
|
std::string GsiService::GetInstalledImageDir() {
|
// If there's no install left, just return /data/gsi since that's where
|
// installs go by default.
|
std::string dir;
|
if (android::base::ReadFileToString(kGsiInstallDirFile, &dir)) {
|
return dir;
|
}
|
return kDefaultGsiImageFolder;
|
}
|
|
std::string GsiService::GetInstalledImagePath(const std::string& name) {
|
return GetImagePath(GetInstalledImageDir(), name);
|
}
|
|
int GsiService::PerformSanityChecks() {
|
if (gsi_size_ < 0) {
|
LOG(ERROR) << "image size " << gsi_size_ << " is negative";
|
return INSTALL_ERROR_GENERIC;
|
}
|
if (android::gsi::IsGsiRunning()) {
|
LOG(ERROR) << "cannot install gsi inside a live gsi";
|
return INSTALL_ERROR_GENERIC;
|
}
|
|
struct statvfs sb;
|
if (statvfs(install_dir_.c_str(), &sb)) {
|
PLOG(ERROR) << "failed to read file system stats";
|
return INSTALL_ERROR_GENERIC;
|
}
|
|
// This is the same as android::vold::GetFreebytes() but we also
|
// need the total file system size so we open code it here.
|
uint64_t free_space = 1ULL * sb.f_bavail * sb.f_frsize;
|
uint64_t fs_size = sb.f_blocks * sb.f_frsize;
|
if (free_space <= (gsi_size_ + userdata_size_)) {
|
LOG(ERROR) << "not enough free space (only " << free_space << " bytes available)";
|
return INSTALL_ERROR_NO_SPACE;
|
}
|
// We are asking for 40% of the /data to be empty.
|
// TODO: may be not hard code it like this
|
double free_space_percent = ((1.0 * free_space) / fs_size) * 100;
|
if (free_space_percent < kMinimumFreeSpaceThreshold) {
|
LOG(ERROR) << "free space " << static_cast<uint64_t>(free_space_percent)
|
<< "% is below the minimum threshold of " << kMinimumFreeSpaceThreshold << "%";
|
return INSTALL_ERROR_FILE_SYSTEM_CLUTTERED;
|
}
|
return INSTALL_OK;
|
}
|
|
int GsiService::PreallocateFiles() {
|
if (wipe_userdata_) {
|
SplitFiemap::RemoveSplitFiles(userdata_gsi_path_);
|
}
|
SplitFiemap::RemoveSplitFiles(system_gsi_path_);
|
|
// TODO: trigger GC from fiemap writer.
|
|
// Create fallocated files.
|
if (int status = PreallocateUserdata()) {
|
return status;
|
}
|
if (int status = PreallocateSystem()) {
|
return status;
|
}
|
|
// Save the extent information in liblp.
|
metadata_ = CreateMetadata();
|
if (!metadata_) {
|
return INSTALL_ERROR_GENERIC;
|
}
|
|
UpdateProgress(STATUS_COMPLETE, 0);
|
return INSTALL_OK;
|
}
|
|
int GsiService::PreallocateUserdata() {
|
int error;
|
std::unique_ptr<SplitFiemap> userdata_image;
|
if (wipe_userdata_ || access(userdata_gsi_path_.c_str(), F_OK)) {
|
StartAsyncOperation("create userdata", userdata_size_);
|
userdata_image = CreateFiemapWriter(userdata_gsi_path_, userdata_size_, &error);
|
if (!userdata_image) {
|
LOG(ERROR) << "Could not create userdata image: " << userdata_gsi_path_;
|
return error;
|
}
|
// Signal that we need to reformat userdata.
|
wipe_userdata_ = true;
|
} else {
|
userdata_image = CreateFiemapWriter(userdata_gsi_path_, 0, &error);
|
if (!userdata_image) {
|
LOG(ERROR) << "Could not open userdata image: " << userdata_gsi_path_;
|
return error;
|
}
|
if (userdata_size_ && userdata_image->size() < userdata_size_) {
|
// :TODO: need to fallocate more blocks and resizefs.
|
}
|
userdata_size_ = userdata_image->size();
|
}
|
|
userdata_block_size_ = userdata_image->block_size();
|
|
Image image = {
|
.writer = std::move(userdata_image),
|
.actual_size = userdata_size_,
|
};
|
partitions_.emplace(std::make_pair("userdata_gsi", std::move(image)));
|
return INSTALL_OK;
|
}
|
|
int GsiService::PreallocateSystem() {
|
StartAsyncOperation("create system", gsi_size_);
|
|
int error;
|
auto system_image = CreateFiemapWriter(system_gsi_path_, gsi_size_, &error);
|
if (!system_image) {
|
return error;
|
}
|
|
system_block_size_ = system_image->block_size();
|
|
Image image = {
|
.writer = std::move(system_image),
|
.actual_size = gsi_size_,
|
};
|
partitions_.emplace(std::make_pair("system_gsi", std::move(image)));
|
return INSTALL_OK;
|
}
|
|
std::unique_ptr<SplitFiemap> GsiService::CreateFiemapWriter(const std::string& path,
|
uint64_t size, int* error) {
|
bool create = (size != 0);
|
|
std::function<bool(uint64_t, uint64_t)> progress;
|
if (create) {
|
// TODO: allow cancelling inside cancelGsiInstall.
|
progress = [this](uint64_t bytes, uint64_t /* total */) -> bool {
|
UpdateProgress(STATUS_WORKING, bytes);
|
if (should_abort_) return false;
|
return true;
|
};
|
}
|
|
std::unique_ptr<SplitFiemap> file;
|
if (!size) {
|
file = SplitFiemap::Open(path);
|
} else {
|
file = SplitFiemap::Create(path, size, 0, std::move(progress));
|
}
|
if (!file) {
|
LOG(ERROR) << "failed to create or open " << path;
|
*error = INSTALL_ERROR_GENERIC;
|
return nullptr;
|
}
|
|
uint64_t extents = file->extents().size();
|
if (extents > kMaximumExtents) {
|
LOG(ERROR) << "file " << path << " has too many extents: " << extents;
|
*error = INSTALL_ERROR_FILE_SYSTEM_CLUTTERED;
|
return nullptr;
|
}
|
return file;
|
}
|
|
// Write data through an fd.
|
class FdWriter final : public GsiService::WriteHelper {
|
public:
|
FdWriter(const std::string& path, unique_fd&& fd) : path_(path), fd_(std::move(fd)) {}
|
|
bool Write(const void* data, uint64_t bytes) override {
|
return android::base::WriteFully(fd_, data, bytes);
|
}
|
bool Flush() override {
|
if (fsync(fd_)) {
|
PLOG(ERROR) << "fsync failed: " << path_;
|
return false;
|
}
|
return true;
|
}
|
uint64_t Size() override { return get_block_device_size(fd_); }
|
|
private:
|
std::string path_;
|
unique_fd fd_;
|
};
|
|
// Write data through a SplitFiemap.
|
class SplitFiemapWriter final : public GsiService::WriteHelper {
|
public:
|
explicit SplitFiemapWriter(SplitFiemap* writer) : writer_(writer) {}
|
|
bool Write(const void* data, uint64_t bytes) override {
|
return writer_->Write(data, bytes);
|
}
|
bool Flush() override {
|
return writer_->Flush();
|
}
|
uint64_t Size() override { return writer_->size(); }
|
|
private:
|
SplitFiemap* writer_;
|
};
|
|
std::unique_ptr<GsiService::WriteHelper> GsiService::OpenPartition(const std::string& name) {
|
if (can_use_devicemapper_) {
|
std::string path;
|
if (!CreateLogicalPartition(kUserdataDevice, *metadata_.get(), name, true, kDmTimeout,
|
&path)) {
|
LOG(ERROR) << "Error creating device-mapper node for " << name;
|
return {};
|
}
|
|
static const int kOpenFlags = O_RDWR | O_NOFOLLOW | O_CLOEXEC;
|
unique_fd fd(open(path.c_str(), kOpenFlags));
|
if (fd < 0) {
|
PLOG(ERROR) << "could not open " << path;
|
}
|
return std::make_unique<FdWriter>(GetImagePath(install_dir_, name), std::move(fd));
|
}
|
|
auto iter = partitions_.find(name);
|
if (iter == partitions_.end()) {
|
LOG(ERROR) << "could not find partition " << name;
|
return {};
|
}
|
return std::make_unique<SplitFiemapWriter>(iter->second.writer.get());
|
}
|
|
bool GsiService::CommitGsiChunk(int stream_fd, int64_t bytes) {
|
StartAsyncOperation("write gsi", gsi_size_);
|
|
if (bytes < 0) {
|
LOG(ERROR) << "chunk size " << bytes << " is negative";
|
return false;
|
}
|
|
auto buffer = std::make_unique<char[]>(system_block_size_);
|
|
int progress = -1;
|
uint64_t remaining = bytes;
|
while (remaining) {
|
// :TODO: check file pin status!
|
size_t max_to_read = std::min(system_block_size_, remaining);
|
ssize_t rv = TEMP_FAILURE_RETRY(read(stream_fd, buffer.get(), max_to_read));
|
if (rv < 0) {
|
PLOG(ERROR) << "read gsi chunk";
|
return false;
|
}
|
if (rv == 0) {
|
LOG(ERROR) << "no bytes left in stream";
|
return false;
|
}
|
if (!CommitGsiChunk(buffer.get(), rv)) {
|
return false;
|
}
|
CHECK(static_cast<uint64_t>(rv) <= remaining);
|
remaining -= rv;
|
|
// Only update the progress when the % (or permille, in this case)
|
// significantly changes.
|
int new_progress = ((gsi_size_ - remaining) * 1000) / gsi_size_;
|
if (new_progress != progress) {
|
UpdateProgress(STATUS_WORKING, gsi_size_ - remaining);
|
}
|
}
|
|
UpdateProgress(STATUS_COMPLETE, gsi_size_);
|
return true;
|
}
|
|
bool GsiService::CommitGsiChunk(const void* data, size_t bytes) {
|
if (!installing_) {
|
LOG(ERROR) << "no gsi installation in progress";
|
return false;
|
}
|
if (static_cast<uint64_t>(bytes) > gsi_size_ - gsi_bytes_written_) {
|
// We cannot write past the end of the image file.
|
LOG(ERROR) << "chunk size " << bytes << " exceeds remaining image size (" << gsi_size_
|
<< " expected, " << gsi_bytes_written_ << " written)";
|
return false;
|
}
|
|
if (!system_writer_->Write(data, bytes)) {
|
PLOG(ERROR) << "write failed";
|
return false;
|
}
|
gsi_bytes_written_ += bytes;
|
return true;
|
}
|
|
int GsiService::SetGsiBootable(bool one_shot) {
|
if (gsi_bytes_written_ != gsi_size_) {
|
// We cannot boot if the image is incomplete.
|
LOG(ERROR) << "image incomplete; expected " << gsi_size_ << " bytes, waiting for "
|
<< (gsi_size_ - gsi_bytes_written_) << " bytes";
|
return INSTALL_ERROR_GENERIC;
|
}
|
|
if (!system_writer_->Flush()) {
|
return INSTALL_ERROR_GENERIC;
|
}
|
|
// If files moved (are no longer pinned), the metadata file will be invalid.
|
for (const auto& [name, image] : partitions_) {
|
if (!image.writer->HasPinnedExtents()) {
|
LOG(ERROR) << name << " no longer has pinned extents";
|
return INSTALL_ERROR_GENERIC;
|
}
|
}
|
|
// Remember the installation directory.
|
if (!android::base::WriteStringToFile(install_dir_, kGsiInstallDirFile)) {
|
PLOG(ERROR) << "write failed: " << kGsiInstallDirFile;
|
return INSTALL_ERROR_GENERIC;
|
}
|
|
// Note: create the install status file last, since this is the actual boot
|
// indicator.
|
if (!CreateMetadataFile() || !SetBootMode(one_shot) || !CreateInstallStatusFile()) {
|
return INSTALL_ERROR_GENERIC;
|
}
|
return INSTALL_OK;
|
}
|
|
int GsiService::ReenableGsi(bool one_shot) {
|
if (!android::gsi::IsGsiInstalled()) {
|
LOG(ERROR) << "no gsi installed - cannot re-enable";
|
return INSTALL_ERROR_GENERIC;
|
}
|
|
std::string boot_key;
|
if (!GetInstallStatus(&boot_key)) {
|
PLOG(ERROR) << "read " << kGsiInstallStatusFile;
|
return INSTALL_ERROR_GENERIC;
|
}
|
if (boot_key != kInstallStatusDisabled) {
|
LOG(ERROR) << "GSI is not currently disabled";
|
return INSTALL_ERROR_GENERIC;
|
}
|
|
if (IsGsiRunning()) {
|
if (!SetBootMode(one_shot) || !CreateInstallStatusFile()) {
|
return INSTALL_ERROR_GENERIC;
|
}
|
return INSTALL_OK;
|
}
|
// Note: this metadata is only used to recover the original partition sizes.
|
// We do not trust the extent information, which will get rebuilt later.
|
auto old_metadata = ReadFromImageFile(kGsiLpMetadataFile);
|
if (!old_metadata) {
|
LOG(ERROR) << "GSI install is incomplete";
|
return INSTALL_ERROR_GENERIC;
|
}
|
|
// Set up enough installer state so that we can use various helper
|
// methods.
|
//
|
// TODO(dvander) Extract all of the installer state into a separate
|
// class so this is more manageable.
|
install_dir_ = GetInstalledImageDir();
|
system_gsi_path_ = GetImagePath(install_dir_, "system_gsi");
|
if (int error = DetermineReadWriteMethod()) {
|
return error;
|
}
|
|
// Recover parition information.
|
Image userdata_image;
|
if (int error = GetExistingImage(*old_metadata.get(), "userdata_gsi", &userdata_image)) {
|
return error;
|
}
|
partitions_.emplace(std::make_pair("userdata_gsi", std::move(userdata_image)));
|
|
Image system_image;
|
if (int error = GetExistingImage(*old_metadata.get(), "system_gsi", &system_image)) {
|
return error;
|
}
|
partitions_.emplace(std::make_pair("system_gsi", std::move(system_image)));
|
|
metadata_ = CreateMetadata();
|
if (!metadata_) {
|
return INSTALL_ERROR_GENERIC;
|
}
|
if (!CreateMetadataFile() || !SetBootMode(one_shot) || !CreateInstallStatusFile()) {
|
return INSTALL_ERROR_GENERIC;
|
}
|
return INSTALL_OK;
|
}
|
|
int GsiService::WipeUserdata() {
|
// Note: this metadata is only used to recover the original partition sizes.
|
// We do not trust the extent information, which will get rebuilt later.
|
auto old_metadata = ReadFromImageFile(kGsiLpMetadataFile);
|
if (!old_metadata) {
|
LOG(ERROR) << "GSI install is incomplete";
|
return INSTALL_ERROR_GENERIC;
|
}
|
|
install_dir_ = GetInstalledImageDir();
|
system_gsi_path_ = GetImagePath(install_dir_, "system_gsi");
|
if (int error = DetermineReadWriteMethod()) {
|
return error;
|
}
|
|
// Recover parition information.
|
Image userdata_image;
|
if (int error = GetExistingImage(*old_metadata.get(), "userdata_gsi", &userdata_image)) {
|
return error;
|
}
|
partitions_.emplace(std::make_pair("userdata_gsi", std::move(userdata_image)));
|
|
metadata_ = CreateMetadata();
|
if (!metadata_) {
|
return INSTALL_ERROR_GENERIC;
|
}
|
|
auto writer = OpenPartition("userdata_gsi");
|
if (!writer) {
|
return IGsiService::INSTALL_ERROR_GENERIC;
|
}
|
|
// Wipe the first 1MiB of the device, ensuring both the first block and
|
// the superblock are destroyed.
|
static constexpr uint64_t kEraseSize = 1024 * 1024;
|
|
std::string zeroes(4096, 0);
|
uint64_t erase_size = std::min(kEraseSize, writer->Size());
|
for (uint64_t i = 0; i < erase_size; i += zeroes.size()) {
|
if (!writer->Write(zeroes.data(), zeroes.size())) {
|
PLOG(ERROR) << "write userdata_gsi";
|
return IGsiService::INSTALL_ERROR_GENERIC;
|
}
|
}
|
return INSTALL_OK;
|
}
|
|
static uint64_t GetPartitionSize(const LpMetadata& metadata, const LpMetadataPartition& partition) {
|
uint64_t total = 0;
|
for (size_t i = 0; i < partition.num_extents; i++) {
|
const auto& extent = metadata.extents[partition.first_extent_index + i];
|
if (extent.target_type != LP_TARGET_TYPE_LINEAR) {
|
LOG(ERROR) << "non-linear extent detected";
|
return 0;
|
}
|
total += extent.num_sectors * LP_SECTOR_SIZE;
|
}
|
return total;
|
}
|
|
static uint64_t GetPartitionSize(const LpMetadata& metadata, const std::string& name) {
|
for (const auto& partition : metadata.partitions) {
|
if (GetPartitionName(partition) == name) {
|
return GetPartitionSize(metadata, partition);
|
}
|
}
|
return 0;
|
}
|
|
int GsiService::GetExistingImage(const LpMetadata& metadata, const std::string& name,
|
Image* image) {
|
int error;
|
std::string path = GetInstalledImagePath(name);
|
auto writer = CreateFiemapWriter(path.c_str(), 0, &error);
|
if (!writer) {
|
return error;
|
}
|
|
// Even after recovering the FIEMAP, we also need to know the exact intended
|
// size of the image, since FiemapWriter may have extended the final block.
|
uint64_t actual_size = GetPartitionSize(metadata, name);
|
if (!actual_size) {
|
LOG(ERROR) << "Could not determine the pre-existing size of " << name;
|
return INSTALL_ERROR_GENERIC;
|
}
|
image->writer = std::move(writer);
|
image->actual_size = actual_size;
|
return INSTALL_OK;
|
}
|
|
bool GsiService::RemoveGsiFiles(const std::string& install_dir, bool wipeUserdata) {
|
bool ok = true;
|
std::string message;
|
if (!SplitFiemap::RemoveSplitFiles(GetImagePath(install_dir, "system_gsi"), &message)) {
|
LOG(ERROR) << message;
|
ok = false;
|
}
|
if (wipeUserdata &&
|
!SplitFiemap::RemoveSplitFiles(GetImagePath(install_dir, "userdata_gsi"), &message)) {
|
LOG(ERROR) << message;
|
ok = false;
|
}
|
|
std::vector<std::string> files{
|
kGsiInstallStatusFile,
|
kGsiLpMetadataFile,
|
kGsiOneShotBootFile,
|
kGsiInstallDirFile,
|
};
|
for (const auto& file : files) {
|
if (!android::base::RemoveFileIfExists(file, &message)) {
|
LOG(ERROR) << message;
|
ok = false;
|
}
|
}
|
return ok;
|
}
|
|
bool GsiService::DisableGsiInstall() {
|
if (!android::gsi::IsGsiInstalled()) {
|
LOG(ERROR) << "cannot disable gsi install - no install detected";
|
return false;
|
}
|
if (installing_) {
|
LOG(ERROR) << "cannot disable gsi during GSI installation";
|
return false;
|
}
|
if (!DisableGsi()) {
|
PLOG(ERROR) << "could not write gsi status";
|
return false;
|
}
|
return true;
|
}
|
|
std::unique_ptr<LpMetadata> GsiService::CreateMetadata() {
|
std::string data_device_path;
|
if (install_dir_ == kDefaultGsiImageFolder && !access(kUserdataDevice, F_OK)) {
|
data_device_path = kUserdataDevice;
|
} else {
|
auto writer = partitions_["system_gsi"].writer.get();
|
data_device_path = writer->bdev_path();
|
}
|
auto data_device_name = android::base::Basename(data_device_path);
|
PartitionOpener opener;
|
BlockDeviceInfo data_device_info;
|
if (!opener.GetInfo(data_device_path, &data_device_info)) {
|
LOG(ERROR) << "Error reading userdata partition";
|
return nullptr;
|
}
|
|
std::vector<BlockDeviceInfo> block_devices = {data_device_info};
|
auto builder = MetadataBuilder::New(block_devices, data_device_name, 128 * 1024, 1);
|
if (!builder) {
|
LOG(ERROR) << "Error creating metadata builder";
|
return nullptr;
|
}
|
builder->IgnoreSlotSuffixing();
|
|
for (const auto& [name, image] : partitions_) {
|
uint32_t flags = LP_PARTITION_ATTR_NONE;
|
if (name == "system_gsi") {
|
flags |= LP_PARTITION_ATTR_READONLY;
|
}
|
Partition* partition = builder->AddPartition(name, flags);
|
if (!partition) {
|
LOG(ERROR) << "Error adding " << name << " to partition table";
|
return nullptr;
|
}
|
if (!AddPartitionFiemap(builder.get(), partition, image, data_device_name)) {
|
return nullptr;
|
}
|
}
|
|
auto metadata = builder->Export();
|
if (!metadata) {
|
LOG(ERROR) << "Error exporting partition table";
|
return nullptr;
|
}
|
return metadata;
|
}
|
|
bool GsiService::CreateMetadataFile() {
|
if (!WriteToImageFile(kGsiLpMetadataFile, *metadata_.get())) {
|
LOG(ERROR) << "Error writing GSI partition table image";
|
return false;
|
}
|
return true;
|
}
|
|
bool GsiService::FormatUserdata() {
|
auto writer = OpenPartition("userdata_gsi");
|
if (!writer) {
|
return false;
|
}
|
|
// libcutils checks the first 4K, no matter the block size.
|
std::string zeroes(4096, 0);
|
if (!writer->Write(zeroes.data(), zeroes.size())) {
|
PLOG(ERROR) << "write userdata_gsi";
|
return false;
|
}
|
return true;
|
}
|
|
bool GsiService::AddPartitionFiemap(MetadataBuilder* builder, Partition* partition,
|
const Image& image, const std::string& block_device) {
|
uint64_t sectors_needed = image.actual_size / LP_SECTOR_SIZE;
|
for (const auto& extent : image.writer->extents()) {
|
// :TODO: block size check for length, not sector size
|
if (extent.fe_length % LP_SECTOR_SIZE != 0) {
|
LOG(ERROR) << "Extent is not sector-aligned: " << extent.fe_length;
|
return false;
|
}
|
if (extent.fe_physical % LP_SECTOR_SIZE != 0) {
|
LOG(ERROR) << "Extent physical sector is not sector-aligned: " << extent.fe_physical;
|
return false;
|
}
|
|
uint64_t num_sectors =
|
std::min(static_cast<uint64_t>(extent.fe_length / LP_SECTOR_SIZE), sectors_needed);
|
if (!num_sectors || !sectors_needed) {
|
// This should never happen, but we include it just in case. It would
|
// indicate that the last filesystem block had multiple extents.
|
LOG(WARNING) << "FiemapWriter allocated extra blocks";
|
break;
|
}
|
|
uint64_t physical_sector = extent.fe_physical / LP_SECTOR_SIZE;
|
if (!builder->AddLinearExtent(partition, block_device, num_sectors, physical_sector)) {
|
LOG(ERROR) << "Could not add extent to lp metadata";
|
return false;
|
}
|
|
sectors_needed -= num_sectors;
|
}
|
return true;
|
}
|
|
bool GsiService::SetBootMode(bool one_shot) {
|
if (one_shot) {
|
if (!android::base::WriteStringToFile("1", kGsiOneShotBootFile)) {
|
PLOG(ERROR) << "write " << kGsiOneShotBootFile;
|
return false;
|
}
|
} else if (!access(kGsiOneShotBootFile, F_OK)) {
|
std::string error;
|
if (!android::base::RemoveFileIfExists(kGsiOneShotBootFile, &error)) {
|
LOG(ERROR) << error;
|
return false;
|
}
|
}
|
return true;
|
}
|
|
bool GsiService::CreateInstallStatusFile() {
|
if (!android::base::WriteStringToFile("0", kGsiInstallStatusFile)) {
|
PLOG(ERROR) << "write " << kGsiInstallStatusFile;
|
return false;
|
}
|
return true;
|
}
|
|
void GsiService::RunStartupTasks() {
|
if (!IsGsiInstalled()) {
|
return;
|
}
|
|
std::string boot_key;
|
if (!GetInstallStatus(&boot_key)) {
|
PLOG(ERROR) << "read " << kGsiInstallStatusFile;
|
return;
|
}
|
|
if (!IsGsiRunning()) {
|
// Check if a wipe was requested from fastboot or adb-in-gsi.
|
if (boot_key == kInstallStatusWipe) {
|
RemoveGsiFiles(GetInstalledImageDir(), true /* wipeUserdata */);
|
}
|
} else {
|
// NB: When single-boot is enabled, init will write "disabled" into the
|
// install_status file, which will cause GetBootAttempts to return
|
// false. Thus, we won't write "ok" here.
|
int ignore;
|
if (GetBootAttempts(boot_key, &ignore)) {
|
// Mark the GSI as having successfully booted.
|
if (!android::base::WriteStringToFile(kInstallStatusOk, kGsiInstallStatusFile)) {
|
PLOG(ERROR) << "write " << kGsiInstallStatusFile;
|
}
|
}
|
}
|
}
|
|
} // namespace gsi
|
} // namespace android
|
