Add snapshotProfile APIs to installd
Add APIs that will snapshot the profile information of packages
in a well known location.
The snapshot ownership is given to AID_SYSTEM. The location is
next to the application reference profile:
/data/misc/profiles/ref/pkg_name/primary.prof.snapshot.
The intended flow for snapshotting profiles is:
mInstaller.snapshotProfile(appId, packageName, codePath);
// open profile snapshot
mInstaller.destroyProfileSnapshot(packageName, codePath);
The reference profile directory is made searchable by others
(in order for the system to be able to open the snapshot profile).
Test: installd_dexopt_test installd_utils_test
Bug: 30934496
Change-Id: Ic4973d5c67243d7724ecd24a238ed0ae8baadcc6
diff --git a/cmds/installd/tests/test_utils.h b/cmds/installd/tests/test_utils.h
index 7d1162e..b8785c6 100644
--- a/cmds/installd/tests/test_utils.h
+++ b/cmds/installd/tests/test_utils.h
@@ -1,6 +1,9 @@
-#include <android-base/logging.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/capability.h>
+
+#include <android-base/logging.h>
+#include <selinux/android.h>
uint8_t kBase64Map[256] = {
255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
@@ -105,3 +108,27 @@
}
return true;
}
+
+// TODO(calin): fix dexopt drop_capabilities and move to general utils (b/69678790).
+bool DropCapabilities(uid_t uid, gid_t gid) {
+ if (setgid(gid) != 0) {
+ PLOG(ERROR) << "setgid failed: " << gid;
+ return false;
+ }
+ if (setuid(uid) != 0) {
+ PLOG(ERROR) << "setuid failed: " << uid;
+ return false;
+ }
+ // drop capabilities
+ struct __user_cap_header_struct capheader;
+ struct __user_cap_data_struct capdata[2];
+ memset(&capheader, 0, sizeof(capheader));
+ memset(&capdata, 0, sizeof(capdata));
+ capheader.version = _LINUX_CAPABILITY_VERSION_3;
+ if (capset(&capheader, &capdata[0]) < 0) {
+ PLOG(ERROR) << "capset failed";
+ return false;
+ }
+
+ return true;
+}