OverlayManager Fabricated RROs
Adds registering and unregistering of FabricatedOverlay to the OMS.
The process that creates the fabricated overlays owns it and is the
only process allowed to unregister it.
When a fabricated overlay is registered, overlay settings for it are
initialized in all users. When a fabricated overlay is unregistered,
it is disabled and removed from all users. When a new user is created,
it will be able to use the fabricated overlay as well.
On boot, fabricated overlays that are not referenced in overlay
settings will be deleted.
When the package that created the fabricated overlay is uninstalled,
its fabricated overlays are also unregistered.
Bug: 172471315
Test: atest OverlayDeviceTests
Change-Id: I0539656f4c919246b13129579b0286c08a398dc2
diff --git a/cmds/idmap2/idmap2d/Idmap2Service.cpp b/cmds/idmap2/idmap2d/Idmap2Service.cpp
index f62630e..312f4ac 100644
--- a/cmds/idmap2/idmap2d/Idmap2Service.cpp
+++ b/cmds/idmap2/idmap2d/Idmap2Service.cpp
@@ -18,10 +18,10 @@
#include <sys/stat.h> // umask
#include <sys/types.h> // umask
-#include <unistd.h>
#include <cerrno>
#include <cstring>
+#include <filesystem>
#include <fstream>
#include <memory>
#include <ostream>
@@ -35,18 +35,20 @@
#include "idmap2/Idmap.h"
#include "idmap2/Result.h"
#include "idmap2/SysTrace.h"
-#include "utils/String8.h"
using android::IPCThreadState;
using android::base::StringPrintf;
using android::binder::Status;
using android::idmap2::BinaryStreamVisitor;
+using android::idmap2::FabricatedOverlay;
+using android::idmap2::FabricatedOverlayContainer;
using android::idmap2::Idmap;
using android::idmap2::IdmapHeader;
using android::idmap2::OverlayResourceContainer;
using android::idmap2::TargetResourceContainer;
using android::idmap2::utils::kIdmapCacheDir;
using android::idmap2::utils::kIdmapFilePermissionMask;
+using android::idmap2::utils::RandomStringForPath;
using android::idmap2::utils::UidHasWriteAccessToPath;
using PolicyBitmask = android::ResTable_overlayable_policy_header::PolicyBitmask;
@@ -67,6 +69,7 @@
PolicyBitmask ConvertAidlArgToPolicyBitmask(int32_t arg) {
return static_cast<PolicyBitmask>(arg);
}
+
} // namespace
namespace android::os {
@@ -99,8 +102,9 @@
}
Status Idmap2Service::verifyIdmap(const std::string& target_path, const std::string& overlay_path,
- int32_t fulfilled_policies, bool enforce_overlayable,
- int32_t user_id ATTRIBUTE_UNUSED, bool* _aidl_return) {
+ const std::string& overlay_name, int32_t fulfilled_policies,
+ bool enforce_overlayable, int32_t user_id ATTRIBUTE_UNUSED,
+ bool* _aidl_return) {
SYSTRACE << "Idmap2Service::verifyIdmap " << overlay_path;
assert(_aidl_return);
@@ -128,9 +132,8 @@
return ok();
}
- // TODO(162841629): Support passing overlay name to idmap2d verify
auto up_to_date =
- header->IsUpToDate(*GetPointer(*target), **overlay, "",
+ header->IsUpToDate(*GetPointer(*target), **overlay, overlay_name,
ConvertAidlArgToPolicyBitmask(fulfilled_policies), enforce_overlayable);
*_aidl_return = static_cast<bool>(up_to_date);
@@ -142,8 +145,8 @@
}
Status Idmap2Service::createIdmap(const std::string& target_path, const std::string& overlay_path,
- int32_t fulfilled_policies, bool enforce_overlayable,
- int32_t user_id ATTRIBUTE_UNUSED,
+ const std::string& overlay_name, int32_t fulfilled_policies,
+ bool enforce_overlayable, int32_t user_id ATTRIBUTE_UNUSED,
std::optional<std::string>* _aidl_return) {
assert(_aidl_return);
SYSTRACE << "Idmap2Service::createIdmap " << target_path << " " << overlay_path;
@@ -168,9 +171,8 @@
return error("failed to load apk overlay '%s'" + overlay_path);
}
- // TODO(162841629): Support passing overlay name to idmap2d create
- const auto idmap = Idmap::FromContainers(*GetPointer(*target), **overlay, "", policy_bitmask,
- enforce_overlayable);
+ const auto idmap = Idmap::FromContainers(*GetPointer(*target), **overlay, overlay_name,
+ policy_bitmask, enforce_overlayable);
if (!idmap) {
return error(idmap.GetErrorMessage());
}
@@ -218,4 +220,134 @@
return {std::move(*target)};
}
+Status Idmap2Service::createFabricatedOverlay(
+ const os::FabricatedOverlayInternal& overlay,
+ std::optional<os::FabricatedOverlayInfo>* _aidl_return) {
+ idmap2::FabricatedOverlay::Builder builder(overlay.packageName, overlay.overlayName,
+ overlay.targetPackageName);
+ if (!overlay.targetOverlayable.empty()) {
+ builder.SetOverlayable(overlay.targetOverlayable);
+ }
+
+ for (const auto& res : overlay.entries) {
+ builder.SetResourceValue(res.resourceName, res.dataType, res.data);
+ }
+
+ // Generate the file path of the fabricated overlay and ensure it does not collide with an
+ // existing path. Re-registering a fabricated overlay will always result in an updated path.
+ std::string path;
+ std::string file_name;
+ do {
+ constexpr size_t kSuffixLength = 4;
+ const std::string random_suffix = RandomStringForPath(kSuffixLength);
+ file_name = StringPrintf("%s-%s-%s.frro", overlay.packageName.c_str(),
+ overlay.overlayName.c_str(), random_suffix.c_str());
+ path = StringPrintf("%s/%s", kIdmapCacheDir, file_name.c_str());
+
+ // Invoking std::filesystem::exists with a file name greater than 255 characters will cause this
+ // process to abort since the name exceeds the maximum file name size.
+ const size_t kMaxFileNameLength = 255;
+ if (file_name.size() > kMaxFileNameLength) {
+ return error(
+ base::StringPrintf("fabricated overlay file name '%s' longer than %zu characters",
+ file_name.c_str(), kMaxFileNameLength));
+ }
+ } while (std::filesystem::exists(path));
+
+ const uid_t uid = IPCThreadState::self()->getCallingUid();
+ if (!UidHasWriteAccessToPath(uid, path)) {
+ return error(base::StringPrintf("will not write to %s: calling uid %d lacks write access",
+ path.c_str(), uid));
+ }
+
+ // Persist the fabricated overlay.
+ umask(kIdmapFilePermissionMask);
+ std::ofstream fout(path);
+ if (fout.fail()) {
+ return error("failed to open frro path " + path);
+ }
+ const auto frro = builder.Build();
+ if (!frro) {
+ return error(StringPrintf("failed to serialize '%s:%s': %s", overlay.packageName.c_str(),
+ overlay.overlayName.c_str(), frro.GetErrorMessage().c_str()));
+ }
+ auto result = frro->ToBinaryStream(fout);
+ if (!result) {
+ unlink(path.c_str());
+ return error("failed to write to frro path " + path + ": " + result.GetErrorMessage());
+ }
+ if (fout.fail()) {
+ unlink(path.c_str());
+ return error("failed to write to frro path " + path);
+ }
+
+ os::FabricatedOverlayInfo out_info;
+ out_info.packageName = overlay.packageName;
+ out_info.overlayName = overlay.overlayName;
+ out_info.targetPackageName = overlay.targetPackageName;
+ out_info.targetOverlayable = overlay.targetOverlayable;
+ out_info.path = path;
+ *_aidl_return = out_info;
+ return ok();
+}
+
+Status Idmap2Service::getFabricatedOverlayInfos(
+ std::vector<os::FabricatedOverlayInfo>* _aidl_return) {
+ for (const auto& entry : std::filesystem::directory_iterator(kIdmapCacheDir)) {
+ if (!android::IsFabricatedOverlay(entry.path())) {
+ continue;
+ }
+
+ const auto overlay = FabricatedOverlayContainer::FromPath(entry.path());
+ if (!overlay) {
+ // This is a sign something went wrong.
+ LOG(ERROR) << "Failed to open '" << entry.path() << "': " << overlay.GetErrorMessage();
+ continue;
+ }
+
+ const auto info = (*overlay)->GetManifestInfo();
+ os::FabricatedOverlayInfo out_info;
+ out_info.packageName = info.package_name;
+ out_info.overlayName = info.name;
+ out_info.targetPackageName = info.target_package;
+ out_info.targetOverlayable = info.target_name;
+ out_info.path = entry.path();
+ _aidl_return->emplace_back(std::move(out_info));
+ }
+
+ return ok();
+}
+
+binder::Status Idmap2Service::deleteFabricatedOverlay(const std::string& overlay_path,
+ bool* _aidl_return) {
+ SYSTRACE << "Idmap2Service::deleteFabricatedOverlay " << overlay_path;
+ const uid_t uid = IPCThreadState::self()->getCallingUid();
+
+ if (!UidHasWriteAccessToPath(uid, overlay_path)) {
+ *_aidl_return = false;
+ return error(base::StringPrintf("failed to unlink %s: calling uid %d lacks write access",
+ overlay_path.c_str(), uid));
+ }
+
+ const std::string idmap_path = Idmap::CanonicalIdmapPathFor(kIdmapCacheDir, overlay_path);
+ if (!UidHasWriteAccessToPath(uid, idmap_path)) {
+ *_aidl_return = false;
+ return error(base::StringPrintf("failed to unlink %s: calling uid %d lacks write access",
+ idmap_path.c_str(), uid));
+ }
+
+ if (unlink(overlay_path.c_str()) != 0) {
+ *_aidl_return = false;
+ return error("failed to unlink " + overlay_path + ": " + strerror(errno));
+ }
+
+ if (unlink(idmap_path.c_str()) != 0) {
+ *_aidl_return = false;
+ return error("failed to unlink " + idmap_path + ": " + strerror(errno));
+ }
+
+ *_aidl_return = true;
+ return ok();
+}
+
} // namespace android::os
diff --git a/cmds/idmap2/idmap2d/Idmap2Service.h b/cmds/idmap2/idmap2d/Idmap2Service.h
index 869a4d9..4d16ff3 100644
--- a/cmds/idmap2/idmap2d/Idmap2Service.h
+++ b/cmds/idmap2/idmap2d/Idmap2Service.h
@@ -19,6 +19,7 @@
#include <android-base/unique_fd.h>
#include <android/os/BnIdmap2.h>
+#include <android/os/FabricatedOverlayInfo.h>
#include <binder/BinderService.h>
#include <idmap2/ResourceContainer.h>
#include <idmap2/Result.h>
@@ -40,18 +41,32 @@
bool* _aidl_return) override;
binder::Status verifyIdmap(const std::string& target_path, const std::string& overlay_path,
- int32_t fulfilled_policies, bool enforce_overlayable, int32_t user_id,
+ const std::string& overlay_name, int32_t fulfilled_policies,
+ bool enforce_overlayable, int32_t user_id,
bool* _aidl_return) override;
binder::Status createIdmap(const std::string& target_path, const std::string& overlay_path,
- int32_t fulfilled_policies, bool enforce_overlayable, int32_t user_id,
+ const std::string& overlay_name, int32_t fulfilled_policies,
+ bool enforce_overlayable, int32_t user_id,
std::optional<std::string>* _aidl_return) override;
+ binder::Status createFabricatedOverlay(
+ const os::FabricatedOverlayInternal& overlay,
+ std::optional<os::FabricatedOverlayInfo>* _aidl_return) override;
+
+ binder::Status deleteFabricatedOverlay(const std::string& overlay_path,
+ bool* _aidl_return) override;
+
+ binder::Status getFabricatedOverlayInfos(
+ std::vector<os::FabricatedOverlayInfo>* _aidl_return) override;
+
private:
// idmap2d is killed after a period of inactivity, so any information stored on this class should
// be able to be recalculated if idmap2 dies and restarts.
std::unique_ptr<idmap2::TargetResourceContainer> framework_apk_cache_;
+ std::vector<os::FabricatedOverlayInfo> fabricated_overlays_;
+
template <typename T>
using MaybeUniquePtr = std::variant<std::unique_ptr<T>, T*>;
diff --git a/cmds/idmap2/idmap2d/aidl/core/android/os/FabricatedOverlayInfo.aidl b/cmds/idmap2/idmap2d/aidl/core/android/os/FabricatedOverlayInfo.aidl
new file mode 100644
index 0000000..6375d24
--- /dev/null
+++ b/cmds/idmap2/idmap2d/aidl/core/android/os/FabricatedOverlayInfo.aidl
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.os;
+
+/**
+ * @hide
+ */
+parcelable FabricatedOverlayInfo {
+ @utf8InCpp String path;
+ @utf8InCpp String packageName;
+ @utf8InCpp String overlayName;
+ @utf8InCpp String targetPackageName;
+ @utf8InCpp String targetOverlayable;
+}
\ No newline at end of file
diff --git a/cmds/idmap2/idmap2d/aidl/core/android/os/FabricatedOverlayInternal.aidl b/cmds/idmap2/idmap2d/aidl/core/android/os/FabricatedOverlayInternal.aidl
new file mode 100644
index 0000000..f67d8be
--- /dev/null
+++ b/cmds/idmap2/idmap2d/aidl/core/android/os/FabricatedOverlayInternal.aidl
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.os;
+
+import android.os.FabricatedOverlayInternalEntry;
+
+/**
+ * @hide
+ */
+parcelable FabricatedOverlayInternal {
+ @utf8InCpp String packageName;
+ @utf8InCpp String overlayName;
+ @utf8InCpp String targetPackageName;
+ @utf8InCpp String targetOverlayable;
+ List<FabricatedOverlayInternalEntry> entries;
+}
\ No newline at end of file
diff --git a/cmds/idmap2/idmap2d/aidl/core/android/os/FabricatedOverlayInternalEntry.aidl b/cmds/idmap2/idmap2d/aidl/core/android/os/FabricatedOverlayInternalEntry.aidl
new file mode 100644
index 0000000..6c2af27
--- /dev/null
+++ b/cmds/idmap2/idmap2d/aidl/core/android/os/FabricatedOverlayInternalEntry.aidl
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.os;
+
+/**
+ * @hide
+ */
+parcelable FabricatedOverlayInternalEntry {
+ @utf8InCpp String resourceName;
+ int dataType;
+ int data;
+}
\ No newline at end of file
diff --git a/cmds/idmap2/idmap2d/aidl/android/os/IIdmap2.aidl b/cmds/idmap2/idmap2d/aidl/services/android/os/IIdmap2.aidl
similarity index 73%
rename from cmds/idmap2/idmap2d/aidl/android/os/IIdmap2.aidl
rename to cmds/idmap2/idmap2d/aidl/services/android/os/IIdmap2.aidl
index 156f1d7..35bca98 100644
--- a/cmds/idmap2/idmap2d/aidl/android/os/IIdmap2.aidl
+++ b/cmds/idmap2/idmap2d/aidl/services/android/os/IIdmap2.aidl
@@ -16,6 +16,9 @@
package android.os;
+import android.os.FabricatedOverlayInternal;
+import android.os.FabricatedOverlayInfo;
+
/**
* @hide
*/
@@ -23,13 +26,18 @@
@utf8InCpp String getIdmapPath(@utf8InCpp String overlayApkPath, int userId);
boolean removeIdmap(@utf8InCpp String overlayApkPath, int userId);
boolean verifyIdmap(@utf8InCpp String targetApkPath,
- @utf8InCpp String overlayApkPath,
+ @utf8InCpp String overlayApkPath,
+ @utf8InCpp String overlayName,
int fulfilledPolicies,
boolean enforceOverlayable,
int userId);
@nullable @utf8InCpp String createIdmap(@utf8InCpp String targetApkPath,
@utf8InCpp String overlayApkPath,
+ @utf8InCpp String overlayName,
int fulfilledPolicies,
boolean enforceOverlayable,
int userId);
+ @nullable FabricatedOverlayInfo createFabricatedOverlay(in FabricatedOverlayInternal overlay);
+ List<FabricatedOverlayInfo> getFabricatedOverlayInfos();
+ boolean deleteFabricatedOverlay(@utf8InCpp String path);
}
diff --git a/cmds/idmap2/idmap2d/aidl/android/os/OverlayablePolicy.aidl b/cmds/idmap2/idmap2d/aidl/services/android/os/OverlayablePolicy.aidl
similarity index 100%
rename from cmds/idmap2/idmap2d/aidl/android/os/OverlayablePolicy.aidl
rename to cmds/idmap2/idmap2d/aidl/services/android/os/OverlayablePolicy.aidl