Move non-Java commands over from frameworks/base

Change-Id: I0571813c1cfcf66abd36eb9f178fc49b618e88a6
Signed-off-by: Mike Lockwood <lockwood@google.com>
diff --git a/cmds/installd/Android.mk b/cmds/installd/Android.mk
new file mode 100644
index 0000000..1dd4ee5
--- /dev/null
+++ b/cmds/installd/Android.mk
@@ -0,0 +1,42 @@
+LOCAL_PATH := $(call my-dir)
+
+common_src_files := \
+    commands.c utils.c
+
+#
+# Static library used in testing and executable
+#
+
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES := \
+    $(common_src_files)
+
+LOCAL_MODULE := libinstalld
+
+LOCAL_MODULE_TAGS := eng tests
+
+include $(BUILD_STATIC_LIBRARY)
+
+#
+# Executable
+#
+
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES := \
+    installd.c \
+    $(common_src_files)
+
+LOCAL_SHARED_LIBRARIES := \
+    libcutils \
+    libselinux
+
+LOCAL_STATIC_LIBRARIES := \
+    libdiskusage
+
+LOCAL_MODULE := installd
+
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_EXECUTABLE)
diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c
new file mode 100644
index 0000000..59bcda1
--- /dev/null
+++ b/cmds/installd/commands.c
@@ -0,0 +1,1136 @@
+/*
+** Copyright 2008, The Android Open Source Project
+**
+** Licensed under the Apache License, Version 2.0 (the "License"); 
+** you may not use this file except in compliance with the License. 
+** You may obtain a copy of the License at 
+**
+**     http://www.apache.org/licenses/LICENSE-2.0 
+**
+** Unless required by applicable law or agreed to in writing, software 
+** distributed under the License is distributed on an "AS IS" BASIS, 
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+** See the License for the specific language governing permissions and 
+** limitations under the License.
+*/
+
+#include <linux/capability.h>
+#include "installd.h"
+#include <diskusage/dirsize.h>
+#include <selinux/android.h>
+
+/* Directory records that are used in execution of commands. */
+dir_rec_t android_data_dir;
+dir_rec_t android_asec_dir;
+dir_rec_t android_app_dir;
+dir_rec_t android_app_private_dir;
+dir_rec_t android_app_lib_dir;
+dir_rec_t android_media_dir;
+dir_rec_array_t android_system_dirs;
+
+int install(const char *pkgname, uid_t uid, gid_t gid)
+{
+    char pkgdir[PKG_PATH_MAX];
+    char libsymlink[PKG_PATH_MAX];
+    char applibdir[PKG_PATH_MAX];
+    struct stat libStat;
+
+    if ((uid < AID_SYSTEM) || (gid < AID_SYSTEM)) {
+        ALOGE("invalid uid/gid: %d %d\n", uid, gid);
+        return -1;
+    }
+
+    if (create_pkg_path(pkgdir, pkgname, PKG_DIR_POSTFIX, 0)) {
+        ALOGE("cannot create package path\n");
+        return -1;
+    }
+
+    if (create_pkg_path(libsymlink, pkgname, PKG_LIB_POSTFIX, 0)) {
+        ALOGE("cannot create package lib symlink origin path\n");
+        return -1;
+    }
+
+    if (create_pkg_path_in_dir(applibdir, &android_app_lib_dir, pkgname, PKG_DIR_POSTFIX)) {
+        ALOGE("cannot create package lib symlink dest path\n");
+        return -1;
+    }
+
+    if (mkdir(pkgdir, 0751) < 0) {
+        ALOGE("cannot create dir '%s': %s\n", pkgdir, strerror(errno));
+        return -1;
+    }
+    if (chmod(pkgdir, 0751) < 0) {
+        ALOGE("cannot chmod dir '%s': %s\n", pkgdir, strerror(errno));
+        unlink(pkgdir);
+        return -1;
+    }
+
+    if (lstat(libsymlink, &libStat) < 0) {
+        if (errno != ENOENT) {
+            ALOGE("couldn't stat lib dir: %s\n", strerror(errno));
+            return -1;
+        }
+    } else {
+        if (S_ISDIR(libStat.st_mode)) {
+            if (delete_dir_contents(libsymlink, 1, 0) < 0) {
+                ALOGE("couldn't delete lib directory during install for: %s", libsymlink);
+                return -1;
+            }
+        } else if (S_ISLNK(libStat.st_mode)) {
+            if (unlink(libsymlink) < 0) {
+                ALOGE("couldn't unlink lib directory during install for: %s", libsymlink);
+                return -1;
+            }
+        }
+    }
+
+    if (symlink(applibdir, libsymlink) < 0) {
+        ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir,
+                strerror(errno));
+        unlink(pkgdir);
+        return -1;
+    }
+
+    if (selinux_android_setfilecon(libsymlink, pkgname, AID_SYSTEM) < 0) {
+        ALOGE("cannot setfilecon dir '%s': %s\n", libsymlink, strerror(errno));
+        unlink(libsymlink);
+        unlink(pkgdir);
+        return -1;
+    }
+
+    if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) {
+        ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
+        unlink(libsymlink);
+        unlink(pkgdir);
+        return -errno;
+    }
+
+    if (chown(pkgdir, uid, gid) < 0) {
+        ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
+        unlink(libsymlink);
+        unlink(pkgdir);
+        return -1;
+    }
+
+    return 0;
+}
+
+int uninstall(const char *pkgname, uid_t persona)
+{
+    char pkgdir[PKG_PATH_MAX];
+
+    if (create_pkg_path(pkgdir, pkgname, PKG_DIR_POSTFIX, persona))
+        return -1;
+
+    /* delete contents AND directory, no exceptions */
+    return delete_dir_contents(pkgdir, 1, NULL);
+}
+
+int renamepkg(const char *oldpkgname, const char *newpkgname)
+{
+    char oldpkgdir[PKG_PATH_MAX];
+    char newpkgdir[PKG_PATH_MAX];
+
+    if (create_pkg_path(oldpkgdir, oldpkgname, PKG_DIR_POSTFIX, 0))
+        return -1;
+    if (create_pkg_path(newpkgdir, newpkgname, PKG_DIR_POSTFIX, 0))
+        return -1;
+
+    if (rename(oldpkgdir, newpkgdir) < 0) {
+        ALOGE("cannot rename dir '%s' to '%s': %s\n", oldpkgdir, newpkgdir, strerror(errno));
+        return -errno;
+    }
+    return 0;
+}
+
+int fix_uid(const char *pkgname, uid_t uid, gid_t gid)
+{
+    char pkgdir[PKG_PATH_MAX];
+    struct stat s;
+    int rc = 0;
+
+    if ((uid < AID_SYSTEM) || (gid < AID_SYSTEM)) {
+        ALOGE("invalid uid/gid: %d %d\n", uid, gid);
+        return -1;
+    }
+
+    if (create_pkg_path(pkgdir, pkgname, PKG_DIR_POSTFIX, 0)) {
+        ALOGE("cannot create package path\n");
+        return -1;
+    }
+
+    if (stat(pkgdir, &s) < 0) return -1;
+
+    if (s.st_uid != 0 || s.st_gid != 0) {
+        ALOGE("fixing uid of non-root pkg: %s %lu %lu\n", pkgdir, s.st_uid, s.st_gid);
+        return -1;
+    }
+
+    if (chmod(pkgdir, 0751) < 0) {
+        ALOGE("cannot chmod dir '%s': %s\n", pkgdir, strerror(errno));
+        unlink(pkgdir);
+        return -errno;
+    }
+    if (chown(pkgdir, uid, gid) < 0) {
+        ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
+        unlink(pkgdir);
+        return -errno;
+    }
+
+    return 0;
+}
+
+int delete_user_data(const char *pkgname, uid_t persona)
+{
+    char pkgdir[PKG_PATH_MAX];
+
+    if (create_pkg_path(pkgdir, pkgname, PKG_DIR_POSTFIX, persona))
+        return -1;
+
+    /* delete contents, excluding "lib", but not the directory itself */
+    return delete_dir_contents(pkgdir, 0, "lib");
+}
+
+int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
+{
+    char pkgdir[PKG_PATH_MAX];
+    char applibdir[PKG_PATH_MAX];
+    char libsymlink[PKG_PATH_MAX];
+    struct stat libStat;
+
+    // Create the data dir for the package
+    if (create_pkg_path(pkgdir, pkgname, PKG_DIR_POSTFIX, persona)) {
+        return -1;
+    }
+    if (create_pkg_path(libsymlink, pkgname, PKG_LIB_POSTFIX, persona)) {
+        ALOGE("cannot create package lib symlink origin path\n");
+        return -1;
+    }
+    if (create_pkg_path_in_dir(applibdir, &android_app_lib_dir, pkgname, PKG_DIR_POSTFIX)) {
+        ALOGE("cannot create package lib symlink dest path\n");
+        return -1;
+    }
+
+    if (mkdir(pkgdir, 0751) < 0) {
+        ALOGE("cannot create dir '%s': %s\n", pkgdir, strerror(errno));
+        return -errno;
+    }
+    if (chmod(pkgdir, 0751) < 0) {
+        ALOGE("cannot chmod dir '%s': %s\n", pkgdir, strerror(errno));
+        unlink(pkgdir);
+        return -errno;
+    }
+
+    if (lstat(libsymlink, &libStat) < 0) {
+        if (errno != ENOENT) {
+            ALOGE("couldn't stat lib dir for non-primary: %s\n", strerror(errno));
+            unlink(pkgdir);
+            return -1;
+        }
+    } else {
+        if (S_ISDIR(libStat.st_mode)) {
+            if (delete_dir_contents(libsymlink, 1, 0) < 0) {
+                ALOGE("couldn't delete lib directory during install for non-primary: %s",
+                        libsymlink);
+                unlink(pkgdir);
+                return -1;
+            }
+        } else if (S_ISLNK(libStat.st_mode)) {
+            if (unlink(libsymlink) < 0) {
+                ALOGE("couldn't unlink lib directory during install for non-primary: %s",
+                        libsymlink);
+                unlink(pkgdir);
+                return -1;
+            }
+        }
+    }
+
+    if (symlink(applibdir, libsymlink) < 0) {
+        ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink,
+                applibdir, strerror(errno));
+        unlink(pkgdir);
+        return -1;
+    }
+
+    if (selinux_android_setfilecon(libsymlink, pkgname, AID_SYSTEM) < 0) {
+        ALOGE("cannot setfilecon dir '%s': %s\n", libsymlink, strerror(errno));
+        unlink(libsymlink);
+        unlink(pkgdir);
+        return -errno;
+    }
+
+    if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) {
+        ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
+        unlink(libsymlink);
+        unlink(pkgdir);
+        return -errno;
+    }
+
+    if (chown(pkgdir, uid, uid) < 0) {
+        ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
+        unlink(libsymlink);
+        unlink(pkgdir);
+        return -errno;
+    }
+
+    return 0;
+}
+
+int delete_persona(uid_t persona)
+{
+    char data_path[PKG_PATH_MAX];
+    if (create_persona_path(data_path, persona)) {
+        return -1;
+    }
+    if (delete_dir_contents(data_path, 1, NULL)) {
+        return -1;
+    }
+
+    char media_path[PATH_MAX];
+    if (create_persona_media_path(media_path, (userid_t) persona) == -1) {
+        return -1;
+    }
+    if (delete_dir_contents(media_path, 1, NULL) == -1) {
+        return -1;
+    }
+
+    return 0;
+}
+
+int clone_persona_data(uid_t src_persona, uid_t target_persona, int copy)
+{
+    char src_data_dir[PKG_PATH_MAX];
+    char pkg_path[PKG_PATH_MAX];
+    DIR *d;
+    struct dirent *de;
+    struct stat s;
+    uid_t uid;
+
+    if (create_persona_path(src_data_dir, src_persona)) {
+        return -1;
+    }
+
+    d = opendir(src_data_dir);
+    if (d != NULL) {
+        while ((de = readdir(d))) {
+            const char *name = de->d_name;
+
+            if (de->d_type == DT_DIR) {
+                int subfd;
+                    /* always skip "." and ".." */
+                if (name[0] == '.') {
+                    if (name[1] == 0) continue;
+                    if ((name[1] == '.') && (name[2] == 0)) continue;
+                }
+                /* Create the full path to the package's data dir */
+                create_pkg_path(pkg_path, name, PKG_DIR_POSTFIX, src_persona);
+                /* Get the file stat */
+                if (stat(pkg_path, &s) < 0) continue;
+                /* Get the uid of the package */
+                ALOGI("Adding datadir for uid = %lu\n", s.st_uid);
+                uid = (uid_t) s.st_uid % PER_USER_RANGE;
+                /* Create the directory for the target */
+                make_user_data(name, uid + target_persona * PER_USER_RANGE,
+                               target_persona);
+            }
+        }
+        closedir(d);
+    }
+
+    if (ensure_media_user_dirs((userid_t) target_persona) == -1) {
+        return -1;
+    }
+
+    return 0;
+}
+
+int delete_cache(const char *pkgname, uid_t persona)
+{
+    char cachedir[PKG_PATH_MAX];
+
+    if (create_pkg_path(cachedir, pkgname, CACHE_DIR_POSTFIX, persona))
+        return -1;
+
+        /* delete contents, not the directory, no exceptions */
+    return delete_dir_contents(cachedir, 0, 0);
+}
+
+/* Try to ensure free_size bytes of storage are available.
+ * Returns 0 on success.
+ * This is rather simple-minded because doing a full LRU would
+ * be potentially memory-intensive, and without atime it would
+ * also require that apps constantly modify file metadata even
+ * when just reading from the cache, which is pretty awful.
+ */
+int free_cache(int64_t free_size)
+{
+    cache_t* cache;
+    int64_t avail;
+    DIR *d;
+    struct dirent *de;
+    char tmpdir[PATH_MAX];
+    char *dirpos;
+
+    avail = data_disk_free();
+    if (avail < 0) return -1;
+
+    ALOGI("free_cache(%" PRId64 ") avail %" PRId64 "\n", free_size, avail);
+    if (avail >= free_size) return 0;
+
+    cache = start_cache_collection();
+
+    // Collect cache files for primary user.
+    if (create_persona_path(tmpdir, 0) == 0) {
+        //ALOGI("adding cache files from %s\n", tmpdir);
+        add_cache_files(cache, tmpdir, "cache");
+    }
+
+    // Search for other users and add any cache files from them.
+    snprintf(tmpdir, sizeof(tmpdir), "%s%s", android_data_dir.path,
+            SECONDARY_USER_PREFIX);
+    dirpos = tmpdir + strlen(tmpdir);
+    d = opendir(tmpdir);
+    if (d != NULL) {
+        while ((de = readdir(d))) {
+            if (de->d_type == DT_DIR) {
+                const char *name = de->d_name;
+                    /* always skip "." and ".." */
+                if (name[0] == '.') {
+                    if (name[1] == 0) continue;
+                    if ((name[1] == '.') && (name[2] == 0)) continue;
+                }
+                if ((strlen(name)+(dirpos-tmpdir)) < (sizeof(tmpdir)-1)) {
+                    strcpy(dirpos, name);
+                    //ALOGI("adding cache files from %s\n", tmpdir);
+                    add_cache_files(cache, tmpdir, "cache");
+                } else {
+                    ALOGW("Path exceeds limit: %s%s", tmpdir, name);
+                }
+            }
+        }
+        closedir(d);
+    }
+
+    // Collect cache files on external storage for all users (if it is mounted as part
+    // of the internal storage).
+    strcpy(tmpdir, android_media_dir.path);
+    dirpos = tmpdir + strlen(tmpdir);
+    d = opendir(tmpdir);
+    if (d != NULL) {
+        while ((de = readdir(d))) {
+            if (de->d_type == DT_DIR) {
+                const char *name = de->d_name;
+                    /* skip any dir that doesn't start with a number, so not a user */
+                if (name[0] < '0' || name[0] > '9') {
+                    continue;
+                }
+                if ((strlen(name)+(dirpos-tmpdir)) < (sizeof(tmpdir)-1)) {
+                    strcpy(dirpos, name);
+                    if (lookup_media_dir(tmpdir, "Android") == 0
+                            && lookup_media_dir(tmpdir, "data") == 0) {
+                        //ALOGI("adding cache files from %s\n", tmpdir);
+                        add_cache_files(cache, tmpdir, "cache");
+                    }
+                } else {
+                    ALOGW("Path exceeds limit: %s%s", tmpdir, name);
+                }
+            }
+        }
+        closedir(d);
+    }
+
+    clear_cache_files(cache, free_size);
+    finish_cache_collection(cache);
+
+    return data_disk_free() >= free_size ? 0 : -1;
+}
+
+int move_dex(const char *src, const char *dst)
+{
+    char src_dex[PKG_PATH_MAX];
+    char dst_dex[PKG_PATH_MAX];
+
+    if (validate_apk_path(src)) return -1;
+    if (validate_apk_path(dst)) return -1;
+
+    if (create_cache_path(src_dex, src)) return -1;
+    if (create_cache_path(dst_dex, dst)) return -1;
+
+    ALOGV("move %s -> %s\n", src_dex, dst_dex);
+    if (rename(src_dex, dst_dex) < 0) {
+        ALOGE("Couldn't move %s: %s\n", src_dex, strerror(errno));
+        return -1;
+    } else {
+        return 0;
+    }
+}
+
+int rm_dex(const char *path)
+{
+    char dex_path[PKG_PATH_MAX];
+
+    if (validate_apk_path(path)) return -1;
+    if (create_cache_path(dex_path, path)) return -1;
+
+    ALOGV("unlink %s\n", dex_path);
+    if (unlink(dex_path) < 0) {
+        ALOGE("Couldn't unlink %s: %s\n", dex_path, strerror(errno));
+        return -1;
+    } else {
+        return 0;
+    }
+}
+
+int get_size(const char *pkgname, int persona, const char *apkpath,
+             const char *fwdlock_apkpath, const char *asecpath,
+             int64_t *_codesize, int64_t *_datasize, int64_t *_cachesize,
+             int64_t* _asecsize)
+{
+    DIR *d;
+    int dfd;
+    struct dirent *de;
+    struct stat s;
+    char path[PKG_PATH_MAX];
+
+    int64_t codesize = 0;
+    int64_t datasize = 0;
+    int64_t cachesize = 0;
+    int64_t asecsize = 0;
+
+        /* count the source apk as code -- but only if it's not
+         * on the /system partition and its not on the sdcard.
+         */
+    if (validate_system_app_path(apkpath) &&
+            strncmp(apkpath, android_asec_dir.path, android_asec_dir.len) != 0) {
+        if (stat(apkpath, &s) == 0) {
+            codesize += stat_size(&s);
+        }
+    }
+        /* count the forward locked apk as code if it is given
+         */
+    if (fwdlock_apkpath != NULL && fwdlock_apkpath[0] != '!') {
+        if (stat(fwdlock_apkpath, &s) == 0) {
+            codesize += stat_size(&s);
+        }
+    }
+        /* count the cached dexfile as code */
+    if (!create_cache_path(path, apkpath)) {
+        if (stat(path, &s) == 0) {
+            codesize += stat_size(&s);
+        }
+    }
+
+        /* add in size of any libraries */
+    if (!create_pkg_path_in_dir(path, &android_app_lib_dir, pkgname, PKG_DIR_POSTFIX)) {
+        d = opendir(path);
+        if (d != NULL) {
+            dfd = dirfd(d);
+            codesize += calculate_dir_size(dfd);
+            closedir(d);
+        }
+    }
+
+        /* compute asec size if it is given
+         */
+    if (asecpath != NULL && asecpath[0] != '!') {
+        if (stat(asecpath, &s) == 0) {
+            asecsize += stat_size(&s);
+        }
+    }
+
+    if (create_pkg_path(path, pkgname, PKG_DIR_POSTFIX, persona)) {
+        goto done;
+    }
+
+    d = opendir(path);
+    if (d == NULL) {
+        goto done;
+    }
+    dfd = dirfd(d);
+
+    /* most stuff in the pkgdir is data, except for the "cache"
+     * directory and below, which is cache, and the "lib" directory
+     * and below, which is code...
+     */
+    while ((de = readdir(d))) {
+        const char *name = de->d_name;
+
+        if (de->d_type == DT_DIR) {
+            int subfd;
+            int64_t statsize = 0;
+            int64_t dirsize = 0;
+                /* always skip "." and ".." */
+            if (name[0] == '.') {
+                if (name[1] == 0) continue;
+                if ((name[1] == '.') && (name[2] == 0)) continue;
+            }
+            if (fstatat(dfd, name, &s, AT_SYMLINK_NOFOLLOW) == 0) {
+                statsize = stat_size(&s);
+            }
+            subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
+            if (subfd >= 0) {
+                dirsize = calculate_dir_size(subfd);
+            }
+            if(!strcmp(name,"lib")) {
+                codesize += dirsize + statsize;
+            } else if(!strcmp(name,"cache")) {
+                cachesize += dirsize + statsize;
+            } else {
+                datasize += dirsize + statsize;
+            }
+        } else if (de->d_type == DT_LNK && !strcmp(name,"lib")) {
+            // This is the symbolic link to the application's library
+            // code.  We'll count this as code instead of data, since
+            // it is not something that the app creates.
+            if (fstatat(dfd, name, &s, AT_SYMLINK_NOFOLLOW) == 0) {
+                codesize += stat_size(&s);
+            }
+        } else {
+            if (fstatat(dfd, name, &s, AT_SYMLINK_NOFOLLOW) == 0) {
+                datasize += stat_size(&s);
+            }
+        }
+    }
+    closedir(d);
+done:
+    *_codesize = codesize;
+    *_datasize = datasize;
+    *_cachesize = cachesize;
+    *_asecsize = asecsize;
+    return 0;
+}
+
+
+/* a simpler version of dexOptGenerateCacheFileName() */
+int create_cache_path(char path[PKG_PATH_MAX], const char *src)
+{
+    char *tmp;
+    int srclen;
+    int dstlen;
+
+    srclen = strlen(src);
+
+        /* demand that we are an absolute path */
+    if ((src == 0) || (src[0] != '/') || strstr(src,"..")) {
+        return -1;
+    }
+
+    if (srclen > PKG_PATH_MAX) {        // XXX: PKG_NAME_MAX?
+        return -1;
+    }
+
+    dstlen = srclen + strlen(DALVIK_CACHE_PREFIX) + 
+        strlen(DALVIK_CACHE_POSTFIX) + 1;
+    
+    if (dstlen > PKG_PATH_MAX) {
+        return -1;
+    }
+
+    sprintf(path,"%s%s%s",
+            DALVIK_CACHE_PREFIX,
+            src + 1, /* skip the leading / */
+            DALVIK_CACHE_POSTFIX);
+    
+    for(tmp = path + strlen(DALVIK_CACHE_PREFIX); *tmp; tmp++) {
+        if (*tmp == '/') {
+            *tmp = '@';
+        }
+    }
+
+    return 0;
+}
+
+static void run_dexopt(int zip_fd, int odex_fd, const char* input_file_name,
+    const char* dexopt_flags)
+{
+    static const char* DEX_OPT_BIN = "/system/bin/dexopt";
+    static const int MAX_INT_LEN = 12;      // '-'+10dig+'\0' -OR- 0x+8dig
+    char zip_num[MAX_INT_LEN];
+    char odex_num[MAX_INT_LEN];
+
+    sprintf(zip_num, "%d", zip_fd);
+    sprintf(odex_num, "%d", odex_fd);
+
+    execl(DEX_OPT_BIN, DEX_OPT_BIN, "--zip", zip_num, odex_num, input_file_name,
+        dexopt_flags, (char*) NULL);
+    ALOGE("execl(%s) failed: %s\n", DEX_OPT_BIN, strerror(errno));
+}
+
+static int wait_dexopt(pid_t pid, const char* apk_path)
+{
+    int status;
+    pid_t got_pid;
+
+    /*
+     * Wait for the optimization process to finish.
+     */
+    while (1) {
+        got_pid = waitpid(pid, &status, 0);
+        if (got_pid == -1 && errno == EINTR) {
+            printf("waitpid interrupted, retrying\n");
+        } else {
+            break;
+        }
+    }
+    if (got_pid != pid) {
+        ALOGW("waitpid failed: wanted %d, got %d: %s\n",
+            (int) pid, (int) got_pid, strerror(errno));
+        return 1;
+    }
+
+    if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
+        ALOGV("DexInv: --- END '%s' (success) ---\n", apk_path);
+        return 0;
+    } else {
+        ALOGW("DexInv: --- END '%s' --- status=0x%04x, process failed\n",
+            apk_path, status);
+        return status;      /* always nonzero */
+    }
+}
+
+int dexopt(const char *apk_path, uid_t uid, int is_public)
+{
+    struct utimbuf ut;
+    struct stat apk_stat, dex_stat;
+    char dex_path[PKG_PATH_MAX];
+    char dexopt_flags[PROPERTY_VALUE_MAX];
+    char *end;
+    int res, zip_fd=-1, odex_fd=-1;
+
+        /* Before anything else: is there a .odex file?  If so, we have
+         * pre-optimized the apk and there is nothing to do here.
+         */
+    if (strlen(apk_path) >= (PKG_PATH_MAX - 8)) {
+        return -1;
+    }
+
+    /* platform-specific flags affecting optimization and verification */
+    property_get("dalvik.vm.dexopt-flags", dexopt_flags, "");
+
+    strcpy(dex_path, apk_path);
+    end = strrchr(dex_path, '.');
+    if (end != NULL) {
+        strcpy(end, ".odex");
+        if (stat(dex_path, &dex_stat) == 0) {
+            return 0;
+        }
+    }
+
+    if (create_cache_path(dex_path, apk_path)) {
+        return -1;
+    }
+
+    memset(&apk_stat, 0, sizeof(apk_stat));
+    stat(apk_path, &apk_stat);
+
+    zip_fd = open(apk_path, O_RDONLY, 0);
+    if (zip_fd < 0) {
+        ALOGE("dexopt cannot open '%s' for input\n", apk_path);
+        return -1;
+    }
+
+    unlink(dex_path);
+    odex_fd = open(dex_path, O_RDWR | O_CREAT | O_EXCL, 0644);
+    if (odex_fd < 0) {
+        ALOGE("dexopt cannot open '%s' for output\n", dex_path);
+        goto fail;
+    }
+    if (fchmod(odex_fd,
+               S_IRUSR|S_IWUSR|S_IRGRP |
+               (is_public ? S_IROTH : 0)) < 0) {
+        ALOGE("dexopt cannot chmod '%s'\n", dex_path);
+        goto fail;
+    }
+    if (fchown(odex_fd, AID_SYSTEM, uid) < 0) {
+        ALOGE("dexopt cannot chown '%s'\n", dex_path);
+        goto fail;
+    }
+
+    ALOGV("DexInv: --- BEGIN '%s' ---\n", apk_path);
+
+    pid_t pid;
+    pid = fork();
+    if (pid == 0) {
+        /* child -- drop privileges before continuing */
+        if (setgid(uid) != 0) {
+            ALOGE("setgid(%d) failed during dexopt\n", uid);
+            exit(64);
+        }
+        if (setuid(uid) != 0) {
+            ALOGE("setuid(%d) during dexopt\n", uid);
+            exit(65);
+        }
+        // drop capabilities
+        struct __user_cap_header_struct capheader;
+        struct __user_cap_data_struct capdata[2];
+        memset(&capheader, 0, sizeof(capheader));
+        memset(&capdata, 0, sizeof(capdata));
+        capheader.version = _LINUX_CAPABILITY_VERSION_3;
+        if (capset(&capheader, &capdata[0]) < 0) {
+            ALOGE("capset failed: %s\n", strerror(errno));
+            exit(66);
+        }
+        if (flock(odex_fd, LOCK_EX | LOCK_NB) != 0) {
+            ALOGE("flock(%s) failed: %s\n", dex_path, strerror(errno));
+            exit(67);
+        }
+
+        run_dexopt(zip_fd, odex_fd, apk_path, dexopt_flags);
+        exit(68);   /* only get here on exec failure */
+    } else {
+        res = wait_dexopt(pid, apk_path);
+        if (res != 0) {
+            ALOGE("dexopt failed on '%s' res = %d\n", dex_path, res);
+            goto fail;
+        }
+    }
+
+    ut.actime = apk_stat.st_atime;
+    ut.modtime = apk_stat.st_mtime;
+    utime(dex_path, &ut);
+    
+    close(odex_fd);
+    close(zip_fd);
+    return 0;
+
+fail:
+    if (odex_fd >= 0) {
+        close(odex_fd);
+        unlink(dex_path);
+    }
+    if (zip_fd >= 0) {
+        close(zip_fd);
+    }
+    return -1;
+}
+
+void mkinnerdirs(char* path, int basepos, mode_t mode, int uid, int gid,
+        struct stat* statbuf)
+{
+    while (path[basepos] != 0) {
+        if (path[basepos] == '/') {
+            path[basepos] = 0;
+            if (lstat(path, statbuf) < 0) {
+                ALOGV("Making directory: %s\n", path);
+                if (mkdir(path, mode) == 0) {
+                    chown(path, uid, gid);
+                } else {
+                    ALOGW("Unable to make directory %s: %s\n", path, strerror(errno));
+                }
+            }
+            path[basepos] = '/';
+            basepos++;
+        }
+        basepos++;
+    }
+}
+
+int movefileordir(char* srcpath, char* dstpath, int dstbasepos,
+        int dstuid, int dstgid, struct stat* statbuf)
+{
+    DIR *d;
+    struct dirent *de;
+    int res;
+
+    int srcend = strlen(srcpath);
+    int dstend = strlen(dstpath);
+    
+    if (lstat(srcpath, statbuf) < 0) {
+        ALOGW("Unable to stat %s: %s\n", srcpath, strerror(errno));
+        return 1;
+    }
+    
+    if ((statbuf->st_mode&S_IFDIR) == 0) {
+        mkinnerdirs(dstpath, dstbasepos, S_IRWXU|S_IRWXG|S_IXOTH,
+                dstuid, dstgid, statbuf);
+        ALOGV("Renaming %s to %s (uid %d)\n", srcpath, dstpath, dstuid);
+        if (rename(srcpath, dstpath) >= 0) {
+            if (chown(dstpath, dstuid, dstgid) < 0) {
+                ALOGE("cannot chown %s: %s\n", dstpath, strerror(errno));
+                unlink(dstpath);
+                return 1;
+            }
+        } else {
+            ALOGW("Unable to rename %s to %s: %s\n",
+                srcpath, dstpath, strerror(errno));
+            return 1;
+        }
+        return 0;
+    }
+
+    d = opendir(srcpath);
+    if (d == NULL) {
+        ALOGW("Unable to opendir %s: %s\n", srcpath, strerror(errno));
+        return 1;
+    }
+
+    res = 0;
+    
+    while ((de = readdir(d))) {
+        const char *name = de->d_name;
+            /* always skip "." and ".." */
+        if (name[0] == '.') {
+            if (name[1] == 0) continue;
+            if ((name[1] == '.') && (name[2] == 0)) continue;
+        }
+        
+        if ((srcend+strlen(name)) >= (PKG_PATH_MAX-2)) {
+            ALOGW("Source path too long; skipping: %s/%s\n", srcpath, name);
+            continue;
+        }
+        
+        if ((dstend+strlen(name)) >= (PKG_PATH_MAX-2)) {
+            ALOGW("Destination path too long; skipping: %s/%s\n", dstpath, name);
+            continue;
+        }
+        
+        srcpath[srcend] = dstpath[dstend] = '/';
+        strcpy(srcpath+srcend+1, name);
+        strcpy(dstpath+dstend+1, name);
+        
+        if (movefileordir(srcpath, dstpath, dstbasepos, dstuid, dstgid, statbuf) != 0) {
+            res = 1;
+        }
+        
+        // Note: we will be leaving empty directories behind in srcpath,
+        // but that is okay, the package manager will be erasing all of the
+        // data associated with .apks that disappear.
+        
+        srcpath[srcend] = dstpath[dstend] = 0;
+    }
+    
+    closedir(d);
+    return res;
+}
+
+int movefiles()
+{
+    DIR *d;
+    int dfd, subfd;
+    struct dirent *de;
+    struct stat s;
+    char buf[PKG_PATH_MAX+1];
+    int bufp, bufe, bufi, readlen;
+
+    char srcpkg[PKG_NAME_MAX];
+    char dstpkg[PKG_NAME_MAX];
+    char srcpath[PKG_PATH_MAX];
+    char dstpath[PKG_PATH_MAX];
+    int dstuid=-1, dstgid=-1;
+    int hasspace;
+
+    d = opendir(UPDATE_COMMANDS_DIR_PREFIX);
+    if (d == NULL) {
+        goto done;
+    }
+    dfd = dirfd(d);
+
+        /* Iterate through all files in the directory, executing the
+         * file movements requested there-in.
+         */
+    while ((de = readdir(d))) {
+        const char *name = de->d_name;
+
+        if (de->d_type == DT_DIR) {
+            continue;
+        } else {
+            subfd = openat(dfd, name, O_RDONLY);
+            if (subfd < 0) {
+                ALOGW("Unable to open update commands at %s%s\n",
+                        UPDATE_COMMANDS_DIR_PREFIX, name);
+                continue;
+            }
+            
+            bufp = 0;
+            bufe = 0;
+            buf[PKG_PATH_MAX] = 0;
+            srcpkg[0] = dstpkg[0] = 0;
+            while (1) {
+                bufi = bufp;
+                while (bufi < bufe && buf[bufi] != '\n') {
+                    bufi++;
+                }
+                if (bufi < bufe) {
+                    buf[bufi] = 0;
+                    ALOGV("Processing line: %s\n", buf+bufp);
+                    hasspace = 0;
+                    while (bufp < bufi && isspace(buf[bufp])) {
+                        hasspace = 1;
+                        bufp++;
+                    }
+                    if (buf[bufp] == '#' || bufp == bufi) {
+                        // skip comments and empty lines.
+                    } else if (hasspace) {
+                        if (dstpkg[0] == 0) {
+                            ALOGW("Path before package line in %s%s: %s\n",
+                                    UPDATE_COMMANDS_DIR_PREFIX, name, buf+bufp);
+                        } else if (srcpkg[0] == 0) {
+                            // Skip -- source package no longer exists.
+                        } else {
+                            ALOGV("Move file: %s (from %s to %s)\n", buf+bufp, srcpkg, dstpkg);
+                            if (!create_move_path(srcpath, srcpkg, buf+bufp, 0) &&
+                                    !create_move_path(dstpath, dstpkg, buf+bufp, 0)) {
+                                movefileordir(srcpath, dstpath,
+                                        strlen(dstpath)-strlen(buf+bufp),
+                                        dstuid, dstgid, &s);
+                            }
+                        }
+                    } else {
+                        char* div = strchr(buf+bufp, ':');
+                        if (div == NULL) {
+                            ALOGW("Bad package spec in %s%s; no ':' sep: %s\n",
+                                    UPDATE_COMMANDS_DIR_PREFIX, name, buf+bufp);
+                        } else {
+                            *div = 0;
+                            div++;
+                            if (strlen(buf+bufp) < PKG_NAME_MAX) {
+                                strcpy(dstpkg, buf+bufp);
+                            } else {
+                                srcpkg[0] = dstpkg[0] = 0;
+                                ALOGW("Package name too long in %s%s: %s\n",
+                                        UPDATE_COMMANDS_DIR_PREFIX, name, buf+bufp);
+                            }
+                            if (strlen(div) < PKG_NAME_MAX) {
+                                strcpy(srcpkg, div);
+                            } else {
+                                srcpkg[0] = dstpkg[0] = 0;
+                                ALOGW("Package name too long in %s%s: %s\n",
+                                        UPDATE_COMMANDS_DIR_PREFIX, name, div);
+                            }
+                            if (srcpkg[0] != 0) {
+                                if (!create_pkg_path(srcpath, srcpkg, PKG_DIR_POSTFIX, 0)) {
+                                    if (lstat(srcpath, &s) < 0) {
+                                        // Package no longer exists -- skip.
+                                        srcpkg[0] = 0;
+                                    }
+                                } else {
+                                    srcpkg[0] = 0;
+                                    ALOGW("Can't create path %s in %s%s\n",
+                                            div, UPDATE_COMMANDS_DIR_PREFIX, name);
+                                }
+                                if (srcpkg[0] != 0) {
+                                    if (!create_pkg_path(dstpath, dstpkg, PKG_DIR_POSTFIX, 0)) {
+                                        if (lstat(dstpath, &s) == 0) {
+                                            dstuid = s.st_uid;
+                                            dstgid = s.st_gid;
+                                        } else {
+                                            // Destination package doesn't
+                                            // exist...  due to original-package,
+                                            // this is normal, so don't be
+                                            // noisy about it.
+                                            srcpkg[0] = 0;
+                                        }
+                                    } else {
+                                        srcpkg[0] = 0;
+                                        ALOGW("Can't create path %s in %s%s\n",
+                                                div, UPDATE_COMMANDS_DIR_PREFIX, name);
+                                    }
+                                }
+                                ALOGV("Transfering from %s to %s: uid=%d\n",
+                                    srcpkg, dstpkg, dstuid);
+                            }
+                        }
+                    }
+                    bufp = bufi+1;
+                } else {
+                    if (bufp == 0) {
+                        if (bufp < bufe) {
+                            ALOGW("Line too long in %s%s, skipping: %s\n",
+                                    UPDATE_COMMANDS_DIR_PREFIX, name, buf);
+                        }
+                    } else if (bufp < bufe) {
+                        memcpy(buf, buf+bufp, bufe-bufp);
+                        bufe -= bufp;
+                        bufp = 0;
+                    }
+                    readlen = read(subfd, buf+bufe, PKG_PATH_MAX-bufe);
+                    if (readlen < 0) {
+                        ALOGW("Failure reading update commands in %s%s: %s\n",
+                                UPDATE_COMMANDS_DIR_PREFIX, name, strerror(errno));
+                        break;
+                    } else if (readlen == 0) {
+                        break;
+                    }
+                    bufe += readlen;
+                    buf[bufe] = 0;
+                    ALOGV("Read buf: %s\n", buf);
+                }
+            }
+            close(subfd);
+        }
+    }
+    closedir(d);
+done:
+    return 0;
+}
+
+int linklib(const char* pkgname, const char* asecLibDir, int userId)
+{
+    char pkgdir[PKG_PATH_MAX];
+    char libsymlink[PKG_PATH_MAX];
+    struct stat s, libStat;
+    int rc = 0;
+
+    if (create_pkg_path(pkgdir, pkgname, PKG_DIR_POSTFIX, userId)) {
+        ALOGE("cannot create package path\n");
+        return -1;
+    }
+    if (create_pkg_path(libsymlink, pkgname, PKG_LIB_POSTFIX, userId)) {
+        ALOGE("cannot create package lib symlink origin path\n");
+        return -1;
+    }
+
+    if (stat(pkgdir, &s) < 0) return -1;
+
+    if (chown(pkgdir, AID_INSTALL, AID_INSTALL) < 0) {
+        ALOGE("failed to chown '%s': %s\n", pkgdir, strerror(errno));
+        return -1;
+    }
+
+    if (chmod(pkgdir, 0700) < 0) {
+        ALOGE("linklib() 1: failed to chmod '%s': %s\n", pkgdir, strerror(errno));
+        rc = -1;
+        goto out;
+    }
+
+    if (lstat(libsymlink, &libStat) < 0) {
+        if (errno != ENOENT) {
+            ALOGE("couldn't stat lib dir: %s\n", strerror(errno));
+            rc = -1;
+            goto out;
+        }
+    } else {
+        if (S_ISDIR(libStat.st_mode)) {
+            if (delete_dir_contents(libsymlink, 1, 0) < 0) {
+                rc = -1;
+                goto out;
+            }
+        } else if (S_ISLNK(libStat.st_mode)) {
+            if (unlink(libsymlink) < 0) {
+                ALOGE("couldn't unlink lib dir: %s\n", strerror(errno));
+                rc = -1;
+                goto out;
+            }
+        }
+    }
+
+    if (symlink(asecLibDir, libsymlink) < 0) {
+        ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, asecLibDir,
+                strerror(errno));
+        rc = -errno;
+        goto out;
+    }
+
+out:
+    if (chmod(pkgdir, s.st_mode) < 0) {
+        ALOGE("linklib() 2: failed to chmod '%s': %s\n", pkgdir, strerror(errno));
+        rc = -errno;
+    }
+
+    if (chown(pkgdir, s.st_uid, s.st_gid) < 0) {
+        ALOGE("failed to chown '%s' : %s\n", pkgdir, strerror(errno));
+        return -errno;
+    }
+
+    return rc;
+}
diff --git a/cmds/installd/installd.c b/cmds/installd/installd.c
new file mode 100644
index 0000000..21d674a
--- /dev/null
+++ b/cmds/installd/installd.c
@@ -0,0 +1,592 @@
+/*
+** Copyright 2008, The Android Open Source Project
+**
+** Licensed under the Apache License, Version 2.0 (the "License"); 
+** you may not use this file except in compliance with the License. 
+** You may obtain a copy of the License at 
+**
+**     http://www.apache.org/licenses/LICENSE-2.0 
+**
+** Unless required by applicable law or agreed to in writing, software 
+** distributed under the License is distributed on an "AS IS" BASIS, 
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+** See the License for the specific language governing permissions and 
+** limitations under the License.
+*/
+
+#include <linux/capability.h>
+#include <linux/prctl.h>
+
+#include "installd.h"
+
+
+#define BUFFER_MAX    1024  /* input buffer for commands */
+#define TOKEN_MAX     8     /* max number of arguments in buffer */
+#define REPLY_MAX     256   /* largest reply allowed */
+
+static int do_ping(char **arg, char reply[REPLY_MAX])
+{
+    return 0;
+}
+
+static int do_install(char **arg, char reply[REPLY_MAX])
+{
+    return install(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, gid */
+}
+
+static int do_dexopt(char **arg, char reply[REPLY_MAX])
+{
+        /* apk_path, uid, is_public */
+    return dexopt(arg[0], atoi(arg[1]), atoi(arg[2]));
+}
+
+static int do_move_dex(char **arg, char reply[REPLY_MAX])
+{
+    return move_dex(arg[0], arg[1]); /* src, dst */
+}
+
+static int do_rm_dex(char **arg, char reply[REPLY_MAX])
+{
+    return rm_dex(arg[0]); /* pkgname */
+}
+
+static int do_remove(char **arg, char reply[REPLY_MAX])
+{
+    return uninstall(arg[0], atoi(arg[1])); /* pkgname, userid */
+}
+
+static int do_rename(char **arg, char reply[REPLY_MAX])
+{
+    return renamepkg(arg[0], arg[1]); /* oldpkgname, newpkgname */
+}
+
+static int do_fixuid(char **arg, char reply[REPLY_MAX])
+{
+    return fix_uid(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, gid */
+}
+
+static int do_free_cache(char **arg, char reply[REPLY_MAX]) /* TODO int:free_size */
+{
+    return free_cache((int64_t)atoll(arg[0])); /* free_size */
+}
+
+static int do_rm_cache(char **arg, char reply[REPLY_MAX])
+{
+    return delete_cache(arg[0], atoi(arg[1])); /* pkgname, userid */
+}
+
+static int do_get_size(char **arg, char reply[REPLY_MAX])
+{
+    int64_t codesize = 0;
+    int64_t datasize = 0;
+    int64_t cachesize = 0;
+    int64_t asecsize = 0;
+    int res = 0;
+
+        /* pkgdir, persona, apkpath */
+    res = get_size(arg[0], atoi(arg[1]), arg[2], arg[3], arg[4],
+            &codesize, &datasize, &cachesize, &asecsize);
+
+    /*
+     * Each int64_t can take up 22 characters printed out. Make sure it
+     * doesn't go over REPLY_MAX in the future.
+     */
+    snprintf(reply, REPLY_MAX, "%" PRId64 " %" PRId64 " %" PRId64 " %" PRId64,
+            codesize, datasize, cachesize, asecsize);
+    return res;
+}
+
+static int do_rm_user_data(char **arg, char reply[REPLY_MAX])
+{
+    return delete_user_data(arg[0], atoi(arg[1])); /* pkgname, userid */
+}
+
+static int do_mk_user_data(char **arg, char reply[REPLY_MAX])
+{
+    return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, userid */
+}
+
+static int do_rm_user(char **arg, char reply[REPLY_MAX])
+{
+    return delete_persona(atoi(arg[0])); /* userid */
+}
+
+static int do_clone_user_data(char **arg, char reply[REPLY_MAX])
+{
+    return clone_persona_data(atoi(arg[0]), atoi(arg[1]), atoi(arg[2]));
+}
+
+static int do_movefiles(char **arg, char reply[REPLY_MAX])
+{
+    return movefiles();
+}
+
+static int do_linklib(char **arg, char reply[REPLY_MAX])
+{
+    return linklib(arg[0], arg[1], atoi(arg[2]));
+}
+
+struct cmdinfo {
+    const char *name;
+    unsigned numargs;
+    int (*func)(char **arg, char reply[REPLY_MAX]);
+};
+
+struct cmdinfo cmds[] = {
+    { "ping",                 0, do_ping },
+    { "install",              3, do_install },
+    { "dexopt",               3, do_dexopt },
+    { "movedex",              2, do_move_dex },
+    { "rmdex",                1, do_rm_dex },
+    { "remove",               2, do_remove },
+    { "rename",               2, do_rename },
+    { "fixuid",               3, do_fixuid },
+    { "freecache",            1, do_free_cache },
+    { "rmcache",              2, do_rm_cache },
+    { "getsize",              5, do_get_size },
+    { "rmuserdata",           2, do_rm_user_data },
+    { "movefiles",            0, do_movefiles },
+    { "linklib",              3, do_linklib },
+    { "mkuserdata",           3, do_mk_user_data },
+    { "rmuser",               1, do_rm_user },
+    { "cloneuserdata",        3, do_clone_user_data },
+};
+
+static int readx(int s, void *_buf, int count)
+{
+    char *buf = _buf;
+    int n = 0, r;
+    if (count < 0) return -1;
+    while (n < count) {
+        r = read(s, buf + n, count - n);
+        if (r < 0) {
+            if (errno == EINTR) continue;
+            ALOGE("read error: %s\n", strerror(errno));
+            return -1;
+        }
+        if (r == 0) {
+            ALOGE("eof\n");
+            return -1; /* EOF */
+        }
+        n += r;
+    }
+    return 0;
+}
+
+static int writex(int s, const void *_buf, int count)
+{
+    const char *buf = _buf;
+    int n = 0, r;
+    if (count < 0) return -1;
+    while (n < count) {
+        r = write(s, buf + n, count - n);
+        if (r < 0) {
+            if (errno == EINTR) continue;
+            ALOGE("write error: %s\n", strerror(errno));
+            return -1;
+        }
+        n += r;
+    }
+    return 0;
+}
+
+
+/* Tokenize the command buffer, locate a matching command,
+ * ensure that the required number of arguments are provided,
+ * call the function(), return the result.
+ */
+static int execute(int s, char cmd[BUFFER_MAX])
+{
+    char reply[REPLY_MAX];
+    char *arg[TOKEN_MAX+1];
+    unsigned i;
+    unsigned n = 0;
+    unsigned short count;
+    int ret = -1;
+
+//    ALOGI("execute('%s')\n", cmd);
+
+        /* default reply is "" */
+    reply[0] = 0;
+
+        /* n is number of args (not counting arg[0]) */
+    arg[0] = cmd;
+    while (*cmd) {
+        if (isspace(*cmd)) {
+            *cmd++ = 0;
+            n++;
+            arg[n] = cmd;
+            if (n == TOKEN_MAX) {
+                ALOGE("too many arguments\n");
+                goto done;
+            }
+        }
+        cmd++;
+    }
+
+    for (i = 0; i < sizeof(cmds) / sizeof(cmds[0]); i++) {
+        if (!strcmp(cmds[i].name,arg[0])) {
+            if (n != cmds[i].numargs) {
+                ALOGE("%s requires %d arguments (%d given)\n",
+                     cmds[i].name, cmds[i].numargs, n);
+            } else {
+                ret = cmds[i].func(arg + 1, reply);
+            }
+            goto done;
+        }
+    }
+    ALOGE("unsupported command '%s'\n", arg[0]);
+
+done:
+    if (reply[0]) {
+        n = snprintf(cmd, BUFFER_MAX, "%d %s", ret, reply);
+    } else {
+        n = snprintf(cmd, BUFFER_MAX, "%d", ret);
+    }
+    if (n > BUFFER_MAX) n = BUFFER_MAX;
+    count = n;
+
+//    ALOGI("reply: '%s'\n", cmd);
+    if (writex(s, &count, sizeof(count))) return -1;
+    if (writex(s, cmd, count)) return -1;
+    return 0;
+}
+
+/**
+ * Initialize all the global variables that are used elsewhere. Returns 0 upon
+ * success and -1 on error.
+ */
+void free_globals() {
+    size_t i;
+
+    for (i = 0; i < android_system_dirs.count; i++) {
+        if (android_system_dirs.dirs[i].path != NULL) {
+            free(android_system_dirs.dirs[i].path);
+        }
+    }
+
+    free(android_system_dirs.dirs);
+}
+
+int initialize_globals() {
+    // Get the android data directory.
+    if (get_path_from_env(&android_data_dir, "ANDROID_DATA") < 0) {
+        return -1;
+    }
+
+    // Get the android app directory.
+    if (copy_and_append(&android_app_dir, &android_data_dir, APP_SUBDIR) < 0) {
+        return -1;
+    }
+
+    // Get the android protected app directory.
+    if (copy_and_append(&android_app_private_dir, &android_data_dir, PRIVATE_APP_SUBDIR) < 0) {
+        return -1;
+    }
+
+    // Get the android app native library directory.
+    if (copy_and_append(&android_app_lib_dir, &android_data_dir, APP_LIB_SUBDIR) < 0) {
+        return -1;
+    }
+
+    // Get the sd-card ASEC mount point.
+    if (get_path_from_env(&android_asec_dir, "ASEC_MOUNTPOINT") < 0) {
+        return -1;
+    }
+
+    // Get the android media directory.
+    if (copy_and_append(&android_media_dir, &android_data_dir, MEDIA_SUBDIR) < 0) {
+        return -1;
+    }
+
+    // Take note of the system and vendor directories.
+    android_system_dirs.count = 2;
+
+    android_system_dirs.dirs = calloc(android_system_dirs.count, sizeof(dir_rec_t));
+    if (android_system_dirs.dirs == NULL) {
+        ALOGE("Couldn't allocate array for dirs; aborting\n");
+        return -1;
+    }
+
+    // system
+    if (get_path_from_env(&android_system_dirs.dirs[0], "ANDROID_ROOT") < 0) {
+        free_globals();
+        return -1;
+    }
+
+    // append "app/" to dirs[0]
+    char *system_app_path = build_string2(android_system_dirs.dirs[0].path, APP_SUBDIR);
+    android_system_dirs.dirs[0].path = system_app_path;
+    android_system_dirs.dirs[0].len = strlen(system_app_path);
+
+    // vendor
+    // TODO replace this with an environment variable (doesn't exist yet)
+    android_system_dirs.dirs[1].path = "/vendor/app/";
+    android_system_dirs.dirs[1].len = strlen(android_system_dirs.dirs[1].path);
+
+    return 0;
+}
+
+int initialize_directories() {
+    int res = -1;
+
+    // Read current filesystem layout version to handle upgrade paths
+    char version_path[PATH_MAX];
+    snprintf(version_path, PATH_MAX, "%s.layout_version", android_data_dir.path);
+
+    int oldVersion;
+    if (fs_read_atomic_int(version_path, &oldVersion) == -1) {
+        oldVersion = 0;
+    }
+    int version = oldVersion;
+
+    // /data/user
+    char *user_data_dir = build_string2(android_data_dir.path, SECONDARY_USER_PREFIX);
+    // /data/data
+    char *legacy_data_dir = build_string2(android_data_dir.path, PRIMARY_USER_PREFIX);
+    // /data/user/0
+    char *primary_data_dir = build_string3(android_data_dir.path, SECONDARY_USER_PREFIX, "0");
+    if (!user_data_dir || !legacy_data_dir || !primary_data_dir) {
+        goto fail;
+    }
+
+    // Make the /data/user directory if necessary
+    if (access(user_data_dir, R_OK) < 0) {
+        if (mkdir(user_data_dir, 0711) < 0) {
+            goto fail;
+        }
+        if (chown(user_data_dir, AID_SYSTEM, AID_SYSTEM) < 0) {
+            goto fail;
+        }
+        if (chmod(user_data_dir, 0711) < 0) {
+            goto fail;
+        }
+    }
+    // Make the /data/user/0 symlink to /data/data if necessary
+    if (access(primary_data_dir, R_OK) < 0) {
+        if (symlink(legacy_data_dir, primary_data_dir)) {
+            goto fail;
+        }
+    }
+
+    if (version == 0) {
+        // Introducing multi-user, so migrate /data/media contents into /data/media/0
+        ALOGD("Upgrading /data/media for multi-user");
+
+        // Ensure /data/media
+        if (fs_prepare_dir(android_media_dir.path, 0770, AID_MEDIA_RW, AID_MEDIA_RW) == -1) {
+            goto fail;
+        }
+
+        // /data/media.tmp
+        char media_tmp_dir[PATH_MAX];
+        snprintf(media_tmp_dir, PATH_MAX, "%smedia.tmp", android_data_dir.path);
+
+        // Only copy when upgrade not already in progress
+        if (access(media_tmp_dir, F_OK) == -1) {
+            if (rename(android_media_dir.path, media_tmp_dir) == -1) {
+                ALOGE("Failed to move legacy media path: %s", strerror(errno));
+                goto fail;
+            }
+        }
+
+        // Create /data/media again
+        if (fs_prepare_dir(android_media_dir.path, 0770, AID_MEDIA_RW, AID_MEDIA_RW) == -1) {
+            goto fail;
+        }
+
+        // /data/media/0
+        char owner_media_dir[PATH_MAX];
+        snprintf(owner_media_dir, PATH_MAX, "%s0", android_media_dir.path);
+
+        // Move any owner data into place
+        if (access(media_tmp_dir, F_OK) == 0) {
+            if (rename(media_tmp_dir, owner_media_dir) == -1) {
+                ALOGE("Failed to move owner media path: %s", strerror(errno));
+                goto fail;
+            }
+        }
+
+        // Ensure media directories for any existing users
+        DIR *dir;
+        struct dirent *dirent;
+        char user_media_dir[PATH_MAX];
+
+        dir = opendir(user_data_dir);
+        if (dir != NULL) {
+            while ((dirent = readdir(dir))) {
+                if (dirent->d_type == DT_DIR) {
+                    const char *name = dirent->d_name;
+
+                    // skip "." and ".."
+                    if (name[0] == '.') {
+                        if (name[1] == 0) continue;
+                        if ((name[1] == '.') && (name[2] == 0)) continue;
+                    }
+
+                    // /data/media/<user_id>
+                    snprintf(user_media_dir, PATH_MAX, "%s%s", android_media_dir.path, name);
+                    if (fs_prepare_dir(user_media_dir, 0770, AID_MEDIA_RW, AID_MEDIA_RW) == -1) {
+                        goto fail;
+                    }
+                }
+            }
+            closedir(dir);
+        }
+
+        version = 1;
+    }
+
+    // /data/media/obb
+    char media_obb_dir[PATH_MAX];
+    snprintf(media_obb_dir, PATH_MAX, "%sobb", android_media_dir.path);
+
+    if (version == 1) {
+        // Introducing /data/media/obb for sharing OBB across users; migrate
+        // any existing OBB files from owner.
+        ALOGD("Upgrading to shared /data/media/obb");
+
+        // /data/media/0/Android/obb
+        char owner_obb_path[PATH_MAX];
+        snprintf(owner_obb_path, PATH_MAX, "%s0/Android/obb", android_media_dir.path);
+
+        // Only move if target doesn't already exist
+        if (access(media_obb_dir, F_OK) != 0 && access(owner_obb_path, F_OK) == 0) {
+            if (rename(owner_obb_path, media_obb_dir) == -1) {
+                ALOGE("Failed to move OBB from owner: %s", strerror(errno));
+                goto fail;
+            }
+        }
+
+        version = 2;
+    }
+
+    if (ensure_media_user_dirs(0) == -1) {
+        ALOGE("Failed to setup media for user 0");
+        goto fail;
+    }
+    if (fs_prepare_dir(media_obb_dir, 0770, AID_MEDIA_RW, AID_MEDIA_RW) == -1) {
+        goto fail;
+    }
+
+    // Persist layout version if changed
+    if (version != oldVersion) {
+        if (fs_write_atomic_int(version_path, version) == -1) {
+            ALOGE("Failed to save version to %s: %s", version_path, strerror(errno));
+            goto fail;
+        }
+    }
+
+    // Success!
+    res = 0;
+
+fail:
+    free(user_data_dir);
+    free(legacy_data_dir);
+    free(primary_data_dir);
+    return res;
+}
+
+static void drop_privileges() {
+    if (prctl(PR_SET_KEEPCAPS, 1) < 0) {
+        ALOGE("prctl(PR_SET_KEEPCAPS) failed: %s\n", strerror(errno));
+        exit(1);
+    }
+
+    if (setgid(AID_INSTALL) < 0) {
+        ALOGE("setgid() can't drop privileges; exiting.\n");
+        exit(1);
+    }
+
+    if (setuid(AID_INSTALL) < 0) {
+        ALOGE("setuid() can't drop privileges; exiting.\n");
+        exit(1);
+    }
+
+    struct __user_cap_header_struct capheader;
+    struct __user_cap_data_struct capdata[2];
+    memset(&capheader, 0, sizeof(capheader));
+    memset(&capdata, 0, sizeof(capdata));
+    capheader.version = _LINUX_CAPABILITY_VERSION_3;
+    capheader.pid = 0;
+
+    capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].permitted |= CAP_TO_MASK(CAP_DAC_OVERRIDE);
+    capdata[CAP_TO_INDEX(CAP_CHOWN)].permitted        |= CAP_TO_MASK(CAP_CHOWN);
+    capdata[CAP_TO_INDEX(CAP_SETUID)].permitted       |= CAP_TO_MASK(CAP_SETUID);
+    capdata[CAP_TO_INDEX(CAP_SETGID)].permitted       |= CAP_TO_MASK(CAP_SETGID);
+
+    capdata[0].effective = capdata[0].permitted;
+    capdata[1].effective = capdata[1].permitted;
+    capdata[0].inheritable = 0;
+    capdata[1].inheritable = 0;
+
+    if (capset(&capheader, &capdata[0]) < 0) {
+        ALOGE("capset failed: %s\n", strerror(errno));
+        exit(1);
+    }
+}
+
+int main(const int argc, const char *argv[]) {
+    char buf[BUFFER_MAX];
+    struct sockaddr addr;
+    socklen_t alen;
+    int lsocket, s, count;
+
+    ALOGI("installd firing up\n");
+
+    if (initialize_globals() < 0) {
+        ALOGE("Could not initialize globals; exiting.\n");
+        exit(1);
+    }
+
+    if (initialize_directories() < 0) {
+        ALOGE("Could not create directories; exiting.\n");
+        exit(1);
+    }
+
+    drop_privileges();
+
+    lsocket = android_get_control_socket(SOCKET_PATH);
+    if (lsocket < 0) {
+        ALOGE("Failed to get socket from environment: %s\n", strerror(errno));
+        exit(1);
+    }
+    if (listen(lsocket, 5)) {
+        ALOGE("Listen on socket failed: %s\n", strerror(errno));
+        exit(1);
+    }
+    fcntl(lsocket, F_SETFD, FD_CLOEXEC);
+
+    for (;;) {
+        alen = sizeof(addr);
+        s = accept(lsocket, &addr, &alen);
+        if (s < 0) {
+            ALOGE("Accept failed: %s\n", strerror(errno));
+            continue;
+        }
+        fcntl(s, F_SETFD, FD_CLOEXEC);
+
+        ALOGI("new connection\n");
+        for (;;) {
+            unsigned short count;
+            if (readx(s, &count, sizeof(count))) {
+                ALOGE("failed to read size\n");
+                break;
+            }
+            if ((count < 1) || (count >= BUFFER_MAX)) {
+                ALOGE("invalid size %d\n", count);
+                break;
+            }
+            if (readx(s, buf, count)) {
+                ALOGE("failed to read command\n");
+                break;
+            }
+            buf[count] = 0;
+            if (execute(s, buf)) break;
+        }
+        ALOGI("closing connection\n");
+        close(s);
+    }
+
+    return 0;
+}
diff --git a/cmds/installd/installd.h b/cmds/installd/installd.h
new file mode 100644
index 0000000..0500c23
--- /dev/null
+++ b/cmds/installd/installd.h
@@ -0,0 +1,213 @@
+/*
+**
+** Copyright 2008, The Android Open Source Project
+**
+** Licensed under the Apache License, Version 2.0 (the "License"); 
+** you may not use this file except in compliance with the License. 
+** You may obtain a copy of the License at 
+**
+**     http://www.apache.org/licenses/LICENSE-2.0 
+**
+** Unless required by applicable law or agreed to in writing, software 
+** distributed under the License is distributed on an "AS IS" BASIS, 
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+** See the License for the specific language governing permissions and 
+** limitations under the License.
+*/
+
+#define LOG_TAG "installd"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <inttypes.h>
+#include <sys/stat.h>
+#include <dirent.h>
+#include <unistd.h>
+#include <ctype.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <utime.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include <cutils/fs.h>
+#include <cutils/sockets.h>
+#include <cutils/log.h>
+#include <cutils/properties.h>
+#include <cutils/multiuser.h>
+
+#include <private/android_filesystem_config.h>
+
+#if INCLUDE_SYS_MOUNT_FOR_STATFS
+#include <sys/mount.h>
+#else
+#include <sys/statfs.h>
+#endif
+
+#define SOCKET_PATH "installd"
+
+
+/* elements combined with a valid package name to form paths */
+
+#define PRIMARY_USER_PREFIX    "data/"
+#define SECONDARY_USER_PREFIX  "user/"
+
+#define PKG_DIR_POSTFIX        ""
+
+#define PKG_LIB_POSTFIX        "/lib"
+
+#define CACHE_DIR_POSTFIX      "/cache"
+
+#define APP_SUBDIR             "app/" // sub-directory under ANDROID_DATA
+
+#define APP_LIB_SUBDIR         "app-lib/" // sub-directory under ANDROID_DATA
+
+#define MEDIA_SUBDIR           "media/" // sub-directory under ANDROID_DATA
+
+/* other handy constants */
+
+#define PRIVATE_APP_SUBDIR     "app-private/" // sub-directory under ANDROID_DATA
+
+#define DALVIK_CACHE_PREFIX    "/data/dalvik-cache/"
+#define DALVIK_CACHE_POSTFIX   "/classes.dex"
+
+#define UPDATE_COMMANDS_DIR_PREFIX  "/system/etc/updatecmds/"
+
+#define PKG_NAME_MAX  128   /* largest allowed package name */
+#define PKG_PATH_MAX  256   /* max size of any path we use */
+
+#define PER_USER_RANGE ((uid_t)100000)   /* range of uids per user
+                                            uid = persona * PER_USER_RANGE + appid */
+
+/* data structures */
+
+typedef struct {
+    char* path;
+    size_t len;
+} dir_rec_t;
+
+typedef struct {
+    size_t count;
+    dir_rec_t* dirs;
+} dir_rec_array_t;
+
+extern dir_rec_t android_app_dir;
+extern dir_rec_t android_app_private_dir;
+extern dir_rec_t android_app_lib_dir;
+extern dir_rec_t android_data_dir;
+extern dir_rec_t android_asec_dir;
+extern dir_rec_t android_media_dir;
+extern dir_rec_array_t android_system_dirs;
+
+typedef struct cache_dir_struct {
+    struct cache_dir_struct* parent;
+    int32_t childCount;
+    int32_t hiddenCount;
+    int32_t deleted;
+    char name[];
+} cache_dir_t;
+
+typedef struct {
+    cache_dir_t* dir;
+    time_t modTime;
+    char name[];
+} cache_file_t;
+
+typedef struct {
+    size_t numDirs;
+    size_t availDirs;
+    cache_dir_t** dirs;
+    size_t numFiles;
+    size_t availFiles;
+    cache_file_t** files;
+    size_t numCollected;
+    void* memBlocks;
+    int8_t* curMemBlockAvail;
+    int8_t* curMemBlockEnd;
+} cache_t;
+
+/* util.c */
+
+int create_pkg_path_in_dir(char path[PKG_PATH_MAX],
+                                const dir_rec_t* dir,
+                                const char* pkgname,
+                                const char* postfix);
+
+int create_pkg_path(char path[PKG_PATH_MAX],
+                    const char *pkgname,
+                    const char *postfix,
+                    uid_t persona);
+
+int create_persona_path(char path[PKG_PATH_MAX],
+                    uid_t persona);
+
+int create_persona_media_path(char path[PKG_PATH_MAX], userid_t userid);
+
+int create_move_path(char path[PKG_PATH_MAX],
+                     const char* pkgname,
+                     const char* leaf,
+                     uid_t persona);
+
+int is_valid_package_name(const char* pkgname);
+
+int create_cache_path(char path[PKG_PATH_MAX], const char *src);
+
+int delete_dir_contents(const char *pathname,
+                        int also_delete_dir,
+                        const char *ignore);
+
+int delete_dir_contents_fd(int dfd, const char *name);
+
+int lookup_media_dir(char basepath[PATH_MAX], const char *dir);
+
+int64_t data_disk_free();
+
+cache_t* start_cache_collection();
+
+void add_cache_files(cache_t* cache, const char *basepath, const char *cachedir);
+
+void clear_cache_files(cache_t* cache, int64_t free_size);
+
+void finish_cache_collection(cache_t* cache);
+
+int validate_system_app_path(const char* path);
+
+int get_path_from_env(dir_rec_t* rec, const char* var);
+
+int get_path_from_string(dir_rec_t* rec, const char* path);
+
+int copy_and_append(dir_rec_t* dst, const dir_rec_t* src, const char* suffix);
+
+int validate_apk_path(const char *path);
+
+int append_and_increment(char** dst, const char* src, size_t* dst_size);
+
+char *build_string2(char *s1, char *s2);
+char *build_string3(char *s1, char *s2, char *s3);
+
+int ensure_dir(const char* path, mode_t mode, uid_t uid, gid_t gid);
+int ensure_media_user_dirs(userid_t userid);
+
+/* commands.c */
+
+int install(const char *pkgname, uid_t uid, gid_t gid);
+int uninstall(const char *pkgname, uid_t persona);
+int renamepkg(const char *oldpkgname, const char *newpkgname);
+int fix_uid(const char *pkgname, uid_t uid, gid_t gid);
+int delete_user_data(const char *pkgname, uid_t persona);
+int make_user_data(const char *pkgname, uid_t uid, uid_t persona);
+int delete_persona(uid_t persona);
+int clone_persona_data(uid_t src_persona, uid_t target_persona, int copy);
+int delete_cache(const char *pkgname, uid_t persona);
+int move_dex(const char *src, const char *dst);
+int rm_dex(const char *path);
+int protect(char *pkgname, gid_t gid);
+int get_size(const char *pkgname, int persona, const char *apkpath, const char *fwdlock_apkpath,
+             const char *asecpath, int64_t *codesize, int64_t *datasize, int64_t *cachesize,
+             int64_t *asecsize);
+int free_cache(int64_t free_size);
+int dexopt(const char *apk_path, uid_t uid, int is_public);
+int movefiles();
+int linklib(const char* target, const char* source, int userId);
diff --git a/cmds/installd/tests/Android.mk b/cmds/installd/tests/Android.mk
new file mode 100644
index 0000000..c0192f4
--- /dev/null
+++ b/cmds/installd/tests/Android.mk
@@ -0,0 +1,31 @@
+# Build the unit tests for installd
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# Build the unit tests.
+test_src_files := \
+    installd_utils_test.cpp
+
+shared_libraries := \
+    libutils \
+    libcutils \
+    libstlport
+
+static_libraries := \
+    libinstalld \
+    libdiskusage \
+    libgtest \
+    libgtest_main
+
+c_includes := \
+    frameworks/base/cmds/installd
+
+$(foreach file,$(test_src_files), \
+    $(eval include $(CLEAR_VARS)) \
+    $(eval LOCAL_SHARED_LIBRARIES := $(shared_libraries)) \
+    $(eval LOCAL_STATIC_LIBRARIES := $(static_libraries)) \
+    $(eval LOCAL_SRC_FILES := $(file)) \
+    $(eval LOCAL_C_INCLUDES := $(c_includes)) \
+    $(eval LOCAL_MODULE := $(notdir $(file:%.cpp=%))) \
+    $(eval include $(BUILD_NATIVE_TEST)) \
+)
diff --git a/cmds/installd/tests/installd_utils_test.cpp b/cmds/installd/tests/installd_utils_test.cpp
new file mode 100644
index 0000000..7cb9b37
--- /dev/null
+++ b/cmds/installd/tests/installd_utils_test.cpp
@@ -0,0 +1,437 @@
+/*
+ * Copyright (C) 2011 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#define LOG_TAG "utils_test"
+#include <utils/Log.h>
+
+#include <gtest/gtest.h>
+
+extern "C" {
+#include "installd.h"
+}
+
+#define TEST_DATA_DIR "/data/"
+#define TEST_APP_DIR "/data/app/"
+#define TEST_APP_PRIVATE_DIR "/data/app-private/"
+#define TEST_ASEC_DIR "/mnt/asec/"
+
+#define TEST_SYSTEM_DIR1 "/system/app/"
+#define TEST_SYSTEM_DIR2 "/vendor/app/"
+
+#define REALLY_LONG_APP_NAME "com.example." \
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." \
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." \
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+#define REALLY_LONG_LEAF_NAME "shared_prefs_shared_prefs_shared_prefs_shared_prefs_shared_prefs_" \
+        "shared_prefs_shared_prefs_shared_prefs_shared_prefs_shared_prefs_shared_prefs_" \
+        "shared_prefs_shared_prefs_shared_prefs_shared_prefs_shared_prefs_shared_prefs_" \
+        "shared_prefs_shared_prefs_shared_prefs_shared_prefs_shared_prefs_shared_prefs_"
+
+namespace android {
+
+class UtilsTest : public testing::Test {
+protected:
+    virtual void SetUp() {
+        android_app_dir.path = TEST_APP_DIR;
+        android_app_dir.len = strlen(TEST_APP_DIR);
+
+        android_app_private_dir.path = TEST_APP_PRIVATE_DIR;
+        android_app_private_dir.len = strlen(TEST_APP_PRIVATE_DIR);
+
+        android_data_dir.path = TEST_DATA_DIR;
+        android_data_dir.len = strlen(TEST_DATA_DIR);
+
+        android_asec_dir.path = TEST_ASEC_DIR;
+        android_asec_dir.len = strlen(TEST_ASEC_DIR);
+
+        android_system_dirs.count = 2;
+
+        android_system_dirs.dirs = (dir_rec_t*) calloc(android_system_dirs.count, sizeof(dir_rec_t));
+        android_system_dirs.dirs[0].path = TEST_SYSTEM_DIR1;
+        android_system_dirs.dirs[0].len = strlen(TEST_SYSTEM_DIR1);
+
+        android_system_dirs.dirs[1].path = TEST_SYSTEM_DIR2;
+        android_system_dirs.dirs[1].len = strlen(TEST_SYSTEM_DIR2);
+    }
+
+    virtual void TearDown() {
+        free(android_system_dirs.dirs);
+    }
+};
+
+TEST_F(UtilsTest, IsValidApkPath_BadPrefix) {
+    // Bad prefixes directories
+    const char *badprefix1 = "/etc/passwd";
+    EXPECT_EQ(-1, validate_apk_path(badprefix1))
+            << badprefix1 << " should be allowed as a valid path";
+
+    const char *badprefix2 = "../.." TEST_APP_DIR "../../../blah";
+    EXPECT_EQ(-1, validate_apk_path(badprefix2))
+            << badprefix2 << " should be allowed as a valid path";
+
+    const char *badprefix3 = "init.rc";
+    EXPECT_EQ(-1, validate_apk_path(badprefix3))
+            << badprefix3 << " should be allowed as a valid path";
+
+    const char *badprefix4 = "/init.rc";
+    EXPECT_EQ(-1, validate_apk_path(badprefix4))
+            << badprefix4 << " should be allowed as a valid path";
+}
+
+TEST_F(UtilsTest, IsValidApkPath_Internal) {
+    // Internal directories
+    const char *internal1 = TEST_APP_DIR "example.apk";
+    EXPECT_EQ(0, validate_apk_path(internal1))
+            << internal1 << " should be allowed as a valid path";
+
+    const char *badint1 = TEST_APP_DIR "../example.apk";
+    EXPECT_EQ(-1, validate_apk_path(badint1))
+            << badint1 << " should be rejected as a invalid path";
+
+    const char *badint2 = TEST_APP_DIR "/../example.apk";
+    EXPECT_EQ(-1, validate_apk_path(badint2))
+            << badint2 << " should be rejected as a invalid path";
+
+    const char *badint3 = TEST_APP_DIR "example.com/pkg.apk";
+    EXPECT_EQ(-1, validate_apk_path(badint3))
+            << badint3 << " should be rejected as a invalid path";
+}
+
+TEST_F(UtilsTest, IsValidApkPath_Private) {
+    // Internal directories
+    const char *private1 = TEST_APP_PRIVATE_DIR "example.apk";
+    EXPECT_EQ(0, validate_apk_path(private1))
+            << private1 << " should be allowed as a valid path";
+
+    const char *badpriv1 = TEST_APP_PRIVATE_DIR "../example.apk";
+    EXPECT_EQ(-1, validate_apk_path(badpriv1))
+            << badpriv1 << " should be rejected as a invalid path";
+
+    const char *badpriv2 = TEST_APP_PRIVATE_DIR "/../example.apk";
+    EXPECT_EQ(-1, validate_apk_path(badpriv2))
+            << badpriv2 << " should be rejected as a invalid path";
+
+    const char *badpriv3 = TEST_APP_PRIVATE_DIR "example.com/pkg.apk";
+    EXPECT_EQ(-1, validate_apk_path(badpriv3))
+            << badpriv3 << " should be rejected as a invalid path";
+}
+
+
+TEST_F(UtilsTest, IsValidApkPath_AsecGood1) {
+    const char *asec1 = TEST_ASEC_DIR "example.apk";
+    EXPECT_EQ(0, validate_apk_path(asec1))
+            << asec1 << " should be allowed as a valid path";
+}
+
+TEST_F(UtilsTest, IsValidApkPath_AsecGood2) {
+    const char *asec2 = TEST_ASEC_DIR "com.example.asec/pkg.apk";
+    EXPECT_EQ(0, validate_apk_path(asec2))
+            << asec2 << " should be allowed as a valid path";
+}
+
+TEST_F(UtilsTest, IsValidApkPath_EscapeFail) {
+    const char *badasec1 = TEST_ASEC_DIR "../example.apk";
+    EXPECT_EQ(-1, validate_apk_path(badasec1))
+            << badasec1 << " should be rejected as a invalid path";
+}
+
+TEST_F(UtilsTest, IsValidApkPath_DoubleSlashFail) {
+    const char *badasec2 = TEST_ASEC_DIR "com.example.asec//pkg.apk";
+    EXPECT_EQ(-1, validate_apk_path(badasec2))
+            << badasec2 << " should be rejected as a invalid path";
+}
+
+TEST_F(UtilsTest, IsValidApkPath_SubdirEscapeFail) {
+    const char *badasec3 = TEST_ASEC_DIR "com.example.asec/../../../pkg.apk";
+    EXPECT_EQ(-1, validate_apk_path(badasec3))
+            << badasec3  << " should be rejected as a invalid path";
+}
+
+TEST_F(UtilsTest, IsValidApkPath_SlashEscapeFail) {
+    const char *badasec4 = TEST_ASEC_DIR "/../example.apk";
+    EXPECT_EQ(-1, validate_apk_path(badasec4))
+            << badasec4 << " should be rejected as a invalid path";
+}
+
+TEST_F(UtilsTest, IsValidApkPath_CrazyDirFail) {
+    const char *badasec5 = TEST_ASEC_DIR ".//../..";
+    EXPECT_EQ(-1, validate_apk_path(badasec5))
+            << badasec5 << " should be rejected as a invalid path";
+}
+
+TEST_F(UtilsTest, IsValidApkPath_SubdirEscapeSingleFail) {
+    const char *badasec6 = TEST_ASEC_DIR "com.example.asec/../pkg.apk";
+    EXPECT_EQ(-1, validate_apk_path(badasec6))
+            << badasec6 << " should be rejected as a invalid path";
+}
+
+TEST_F(UtilsTest, IsValidApkPath_TwoSubdirFail) {
+    const char *badasec7 = TEST_ASEC_DIR "com.example.asec/subdir1/pkg.apk";
+    EXPECT_EQ(-1, validate_apk_path(badasec7))
+            << badasec7 << " should be rejected as a invalid path";
+}
+
+TEST_F(UtilsTest, CheckSystemApp_Dir1) {
+    const char *sysapp1 = TEST_SYSTEM_DIR1 "Voice.apk";
+    EXPECT_EQ(0, validate_system_app_path(sysapp1))
+            << sysapp1 << " should be allowed as a system path";
+}
+
+TEST_F(UtilsTest, CheckSystemApp_Dir2) {
+    const char *sysapp2 = TEST_SYSTEM_DIR2 "com.example.myapp.apk";
+    EXPECT_EQ(0, validate_system_app_path(sysapp2))
+            << sysapp2 << " should be allowed as a system path";
+}
+
+TEST_F(UtilsTest, CheckSystemApp_EscapeFail) {
+    const char *badapp1 = TEST_SYSTEM_DIR1 "../com.example.apk";
+    EXPECT_EQ(-1, validate_system_app_path(badapp1))
+            << badapp1 << " should be rejected not a system path";
+}
+
+TEST_F(UtilsTest, CheckSystemApp_DoubleEscapeFail) {
+    const char *badapp2 = TEST_SYSTEM_DIR2 "/../../com.example.apk";
+    EXPECT_EQ(-1, validate_system_app_path(badapp2))
+            << badapp2 << " should be rejected not a system path";
+}
+
+TEST_F(UtilsTest, CheckSystemApp_BadPathEscapeFail) {
+    const char *badapp3 = TEST_APP_DIR "/../../com.example.apk";
+    EXPECT_EQ(-1, validate_system_app_path(badapp3))
+            << badapp3 << " should be rejected not a system path";
+}
+
+TEST_F(UtilsTest, GetPathFromString_NullPathFail) {
+    dir_rec_t test1;
+    EXPECT_EQ(-1, get_path_from_string(&test1, (const char *) NULL))
+            << "Should not allow NULL as a path.";
+}
+
+TEST_F(UtilsTest, GetPathFromString_EmptyPathFail) {
+    dir_rec_t test1;
+    EXPECT_EQ(-1, get_path_from_string(&test1, ""))
+            << "Should not allow empty paths.";
+}
+
+TEST_F(UtilsTest, GetPathFromString_RelativePathFail) {
+    dir_rec_t test1;
+    EXPECT_EQ(-1, get_path_from_string(&test1, "mnt/asec"))
+            << "Should not allow relative paths.";
+}
+
+TEST_F(UtilsTest, GetPathFromString_NonCanonical) {
+    dir_rec_t test1;
+
+    EXPECT_EQ(0, get_path_from_string(&test1, "/mnt/asec"))
+            << "Should be able to canonicalize directory /mnt/asec";
+    EXPECT_STREQ("/mnt/asec/", test1.path)
+            << "/mnt/asec should be canonicalized to /mnt/asec/";
+    EXPECT_EQ(10, (ssize_t) test1.len)
+            << "path len should be equal to the length of /mnt/asec/ (10)";
+    free(test1.path);
+}
+
+TEST_F(UtilsTest, GetPathFromString_CanonicalPath) {
+    dir_rec_t test3;
+    EXPECT_EQ(0, get_path_from_string(&test3, "/data/app/"))
+            << "Should be able to canonicalize directory /data/app/";
+    EXPECT_STREQ("/data/app/", test3.path)
+            << "/data/app/ should be canonicalized to /data/app/";
+    EXPECT_EQ(10, (ssize_t) test3.len)
+            << "path len should be equal to the length of /data/app/ (10)";
+    free(test3.path);
+}
+
+TEST_F(UtilsTest, CreatePkgPath_LongPkgNameSuccess) {
+    char path[PKG_PATH_MAX];
+
+    // Create long packagename of "aaaaa..."
+    size_t pkgnameSize = PKG_NAME_MAX;
+    char pkgname[pkgnameSize + 1];
+    memset(pkgname, 'a', pkgnameSize);
+    pkgname[pkgnameSize] = '\0';
+
+    EXPECT_EQ(0, create_pkg_path(path, pkgname, "", 0))
+            << "Should successfully be able to create package name.";
+
+    const char *prefix = TEST_DATA_DIR PRIMARY_USER_PREFIX;
+    size_t offset = strlen(prefix);
+    EXPECT_STREQ(pkgname, path + offset)
+             << "Package path should be a really long string of a's";
+}
+
+TEST_F(UtilsTest, CreatePkgPath_LongPkgNameFail) {
+    char path[PKG_PATH_MAX];
+
+    // Create long packagename of "aaaaa..."
+    size_t pkgnameSize = PKG_NAME_MAX + 1;
+    char pkgname[pkgnameSize + 1];
+    memset(pkgname, 'a', pkgnameSize);
+    pkgname[pkgnameSize] = '\0';
+
+    EXPECT_EQ(-1, create_pkg_path(path, pkgname, "", 0))
+            << "Should return error because package name is too long.";
+}
+
+TEST_F(UtilsTest, CreatePkgPath_LongPostfixFail) {
+    char path[PKG_PATH_MAX];
+
+    // Create long packagename of "aaaaa..."
+    size_t postfixSize = PKG_PATH_MAX;
+    char postfix[postfixSize + 1];
+    memset(postfix, 'a', postfixSize);
+    postfix[postfixSize] = '\0';
+
+    EXPECT_EQ(-1, create_pkg_path(path, "com.example.package", postfix, 0))
+            << "Should return error because postfix is too long.";
+}
+
+TEST_F(UtilsTest, CreatePkgPath_PrimaryUser) {
+    char path[PKG_PATH_MAX];
+
+    EXPECT_EQ(0, create_pkg_path(path, "com.example.package", "", 0))
+            << "Should return error because postfix is too long.";
+
+    EXPECT_STREQ(TEST_DATA_DIR PRIMARY_USER_PREFIX "com.example.package", path)
+            << "Package path should be in /data/data/";
+}
+
+TEST_F(UtilsTest, CreatePkgPath_SecondaryUser) {
+    char path[PKG_PATH_MAX];
+
+    EXPECT_EQ(0, create_pkg_path(path, "com.example.package", "", 1))
+            << "Should successfully create package path.";
+
+    EXPECT_STREQ(TEST_DATA_DIR SECONDARY_USER_PREFIX "1/com.example.package", path)
+            << "Package path should be in /data/user/";
+}
+
+TEST_F(UtilsTest, CreatePkgPathInDir_ProtectedDir) {
+    char path[PKG_PATH_MAX];
+
+    dir_rec_t dir;
+    dir.path = "/data/app-private/";
+    dir.len = strlen(dir.path);
+
+    EXPECT_EQ(0, create_pkg_path_in_dir(path, &dir, "com.example.package", ".apk"))
+            << "Should successfully create package path.";
+
+    EXPECT_STREQ("/data/app-private/com.example.package.apk", path)
+            << "Package path should be in /data/app-private/";
+}
+
+TEST_F(UtilsTest, CreatePersonaPath_Primary) {
+    char path[PKG_PATH_MAX];
+
+    EXPECT_EQ(0, create_persona_path(path, 0))
+            << "Should successfully build primary user path.";
+
+    EXPECT_STREQ("/data/data/", path)
+            << "Primary user should have correct path";
+}
+
+TEST_F(UtilsTest, CreatePersonaPath_Secondary) {
+    char path[PKG_PATH_MAX];
+
+    EXPECT_EQ(0, create_persona_path(path, 1))
+            << "Should successfully build primary user path.";
+
+    EXPECT_STREQ("/data/user/1/", path)
+            << "Primary user should have correct path";
+}
+
+TEST_F(UtilsTest, CreateMovePath_Primary) {
+    char path[PKG_PATH_MAX];
+
+    EXPECT_EQ(0, create_move_path(path, "com.android.test", "shared_prefs", 0))
+            << "Should be able to create move path for primary user";
+
+    EXPECT_STREQ("/data/data/com.android.test/shared_prefs", path)
+            << "Primary user package directory should be created correctly";
+}
+
+TEST_F(UtilsTest, CreateMovePath_Fail_AppTooLong) {
+    char path[PKG_PATH_MAX];
+
+    EXPECT_EQ(-1, create_move_path(path, REALLY_LONG_APP_NAME, "shared_prefs", 0))
+            << "Should fail to create move path for primary user";
+}
+
+TEST_F(UtilsTest, CreateMovePath_Fail_LeafTooLong) {
+    char path[PKG_PATH_MAX];
+
+    EXPECT_EQ(-1, create_move_path(path, "com.android.test", REALLY_LONG_LEAF_NAME, 0))
+            << "Should fail to create move path for primary user";
+}
+
+TEST_F(UtilsTest, CopyAndAppend_Normal) {
+    //int copy_and_append(dir_rec_t* dst, dir_rec_t* src, char* suffix)
+    dir_rec_t dst;
+    dir_rec_t src;
+
+    src.path = "/data/";
+    src.len = strlen(src.path);
+
+    EXPECT_EQ(0, copy_and_append(&dst, &src, "app/"))
+            << "Should return error because postfix is too long.";
+
+    EXPECT_STREQ("/data/app/", dst.path)
+            << "Appended path should be correct";
+
+    EXPECT_EQ(10, (ssize_t) dst.len)
+            << "Appended path should be length of '/data/app/' (10)";
+}
+
+TEST_F(UtilsTest, AppendAndIncrement_Normal) {
+    size_t dst_size = 10;
+    char dst[dst_size];
+    char *dstp = dst;
+    const char* src = "FOO";
+
+    EXPECT_EQ(0, append_and_increment(&dstp, src, &dst_size))
+            << "String should append successfully";
+
+    EXPECT_STREQ("FOO", dst)
+            << "String should append correctly";
+
+    EXPECT_EQ(0, append_and_increment(&dstp, src, &dst_size))
+            << "String should append successfully again";
+
+    EXPECT_STREQ("FOOFOO", dst)
+            << "String should append correctly again";
+}
+
+TEST_F(UtilsTest, AppendAndIncrement_TooBig) {
+    size_t dst_size = 5;
+    char dst[dst_size];
+    char *dstp = dst;
+    const char* src = "FOO";
+
+    EXPECT_EQ(0, append_and_increment(&dstp, src, &dst_size))
+            << "String should append successfully";
+
+    EXPECT_STREQ("FOO", dst)
+            << "String should append correctly";
+
+    EXPECT_EQ(-1, append_and_increment(&dstp, src, &dst_size))
+            << "String should fail because it's too large to fit";
+}
+
+}
diff --git a/cmds/installd/utils.c b/cmds/installd/utils.c
new file mode 100644
index 0000000..625a35e
--- /dev/null
+++ b/cmds/installd/utils.c
@@ -0,0 +1,1006 @@
+/*
+** Copyright 2008, The Android Open Source Project
+**
+** Licensed under the Apache License, Version 2.0 (the "License"); 
+** you may not use this file except in compliance with the License. 
+** You may obtain a copy of the License at 
+**
+**     http://www.apache.org/licenses/LICENSE-2.0 
+**
+** Unless required by applicable law or agreed to in writing, software 
+** distributed under the License is distributed on an "AS IS" BASIS, 
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+** See the License for the specific language governing permissions and 
+** limitations under the License.
+*/
+
+#include "installd.h"
+
+#define CACHE_NOISY(x) //x
+
+int create_pkg_path_in_dir(char path[PKG_PATH_MAX],
+                                const dir_rec_t* dir,
+                                const char* pkgname,
+                                const char* postfix)
+{
+     const size_t postfix_len = strlen(postfix);
+
+     const size_t pkgname_len = strlen(pkgname);
+     if (pkgname_len > PKG_NAME_MAX) {
+         return -1;
+     }
+
+     if (is_valid_package_name(pkgname) < 0) {
+         return -1;
+     }
+
+     if ((pkgname_len + dir->len + postfix_len) >= PKG_PATH_MAX) {
+         return -1;
+     }
+
+     char *dst = path;
+     size_t dst_size = PKG_PATH_MAX;
+
+     if (append_and_increment(&dst, dir->path, &dst_size) < 0
+             || append_and_increment(&dst, pkgname, &dst_size) < 0
+             || append_and_increment(&dst, postfix, &dst_size) < 0) {
+         ALOGE("Error building APK path");
+         return -1;
+     }
+
+     return 0;
+}
+
+/**
+ * Create the package path name for a given package name with a postfix for
+ * a certain persona. Returns 0 on success, and -1 on failure.
+ */
+int create_pkg_path(char path[PKG_PATH_MAX],
+                    const char *pkgname,
+                    const char *postfix,
+                    uid_t persona)
+{
+    size_t uid_len;
+    char* persona_prefix;
+    if (persona == 0) {
+        persona_prefix = PRIMARY_USER_PREFIX;
+        uid_len = 0;
+    } else {
+        persona_prefix = SECONDARY_USER_PREFIX;
+        uid_len = snprintf(NULL, 0, "%d", persona);
+    }
+
+    const size_t prefix_len = android_data_dir.len + strlen(persona_prefix) + uid_len + 1 /*slash*/;
+    char prefix[prefix_len + 1];
+
+    char *dst = prefix;
+    size_t dst_size = sizeof(prefix);
+
+    if (append_and_increment(&dst, android_data_dir.path, &dst_size) < 0
+            || append_and_increment(&dst, persona_prefix, &dst_size) < 0) {
+        ALOGE("Error building prefix for APK path");
+        return -1;
+    }
+
+    if (persona != 0) {
+        int ret = snprintf(dst, dst_size, "%d/", persona);
+        if (ret < 0 || (size_t) ret != uid_len + 1) {
+            ALOGW("Error appending UID to APK path");
+            return -1;
+        }
+    }
+
+    dir_rec_t dir;
+    dir.path = prefix;
+    dir.len = prefix_len;
+
+    return create_pkg_path_in_dir(path, &dir, pkgname, postfix);
+}
+
+/**
+ * Create the path name for user data for a certain persona.
+ * Returns 0 on success, and -1 on failure.
+ */
+int create_persona_path(char path[PKG_PATH_MAX],
+                    uid_t persona)
+{
+    size_t uid_len;
+    char* persona_prefix;
+    if (persona == 0) {
+        persona_prefix = PRIMARY_USER_PREFIX;
+        uid_len = 0;
+    } else {
+        persona_prefix = SECONDARY_USER_PREFIX;
+        uid_len = snprintf(NULL, 0, "%d/", persona);
+    }
+
+    char *dst = path;
+    size_t dst_size = PKG_PATH_MAX;
+
+    if (append_and_increment(&dst, android_data_dir.path, &dst_size) < 0
+            || append_and_increment(&dst, persona_prefix, &dst_size) < 0) {
+        ALOGE("Error building prefix for user path");
+        return -1;
+    }
+
+    if (persona != 0) {
+        if (dst_size < uid_len + 1) {
+            ALOGE("Error building user path");
+            return -1;
+        }
+        int ret = snprintf(dst, dst_size, "%d/", persona);
+        if (ret < 0 || (size_t) ret != uid_len) {
+            ALOGE("Error appending persona id to path");
+            return -1;
+        }
+    }
+    return 0;
+}
+
+/**
+ * Create the path name for media for a certain persona.
+ * Returns 0 on success, and -1 on failure.
+ */
+int create_persona_media_path(char path[PATH_MAX], userid_t userid) {
+    if (snprintf(path, PATH_MAX, "%s%d", android_media_dir.path, userid) > PATH_MAX) {
+        return -1;
+    }
+    return 0;
+}
+
+int create_move_path(char path[PKG_PATH_MAX],
+    const char* pkgname,
+    const char* leaf,
+    uid_t persona)
+{
+    if ((android_data_dir.len + strlen(PRIMARY_USER_PREFIX) + strlen(pkgname) + strlen(leaf) + 1)
+            >= PKG_PATH_MAX) {
+        return -1;
+    }
+
+    sprintf(path, "%s%s%s/%s", android_data_dir.path, PRIMARY_USER_PREFIX, pkgname, leaf);
+    return 0;
+}
+
+/**
+ * Checks whether the package name is valid. Returns -1 on error and
+ * 0 on success.
+ */
+int is_valid_package_name(const char* pkgname) {
+    const char *x = pkgname;
+    int alpha = -1;
+
+    while (*x) {
+        if (isalnum(*x) || (*x == '_')) {
+                /* alphanumeric or underscore are fine */
+        } else if (*x == '.') {
+            if ((x == pkgname) || (x[1] == '.') || (x[1] == 0)) {
+                    /* periods must not be first, last, or doubled */
+                ALOGE("invalid package name '%s'\n", pkgname);
+                return -1;
+            }
+        } else if (*x == '-') {
+            /* Suffix -X is fine to let versioning of packages.
+               But whatever follows should be alphanumeric.*/
+            alpha = 1;
+        } else {
+                /* anything not A-Z, a-z, 0-9, _, or . is invalid */
+            ALOGE("invalid package name '%s'\n", pkgname);
+            return -1;
+        }
+
+        x++;
+    }
+
+    if (alpha == 1) {
+        // Skip current character
+        x++;
+        while (*x) {
+            if (!isalnum(*x)) {
+                ALOGE("invalid package name '%s' should include only numbers after -\n", pkgname);
+                return -1;
+            }
+            x++;
+        }
+    }
+
+    return 0;
+}
+
+static int _delete_dir_contents(DIR *d, const char *ignore)
+{
+    int result = 0;
+    struct dirent *de;
+    int dfd;
+
+    dfd = dirfd(d);
+
+    if (dfd < 0) return -1;
+
+    while ((de = readdir(d))) {
+        const char *name = de->d_name;
+
+            /* skip the ignore name if provided */
+        if (ignore && !strcmp(name, ignore)) continue;
+
+        if (de->d_type == DT_DIR) {
+            int r, subfd;
+            DIR *subdir;
+
+                /* always skip "." and ".." */
+            if (name[0] == '.') {
+                if (name[1] == 0) continue;
+                if ((name[1] == '.') && (name[2] == 0)) continue;
+            }
+
+            subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
+            if (subfd < 0) {
+                ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
+                result = -1;
+                continue;
+            }
+            subdir = fdopendir(subfd);
+            if (subdir == NULL) {
+                ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
+                close(subfd);
+                result = -1;
+                continue;
+            }
+            if (_delete_dir_contents(subdir, 0)) {
+                result = -1;
+            }
+            closedir(subdir);
+            if (unlinkat(dfd, name, AT_REMOVEDIR) < 0) {
+                ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
+                result = -1;
+            }
+        } else {
+            if (unlinkat(dfd, name, 0) < 0) {
+                ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
+                result = -1;
+            }
+        }
+    }
+
+    return result;
+}
+
+int delete_dir_contents(const char *pathname,
+                        int also_delete_dir,
+                        const char *ignore)
+{
+    int res = 0;
+    DIR *d;
+
+    d = opendir(pathname);
+    if (d == NULL) {
+        ALOGE("Couldn't opendir %s: %s\n", pathname, strerror(errno));
+        return -errno;
+    }
+    res = _delete_dir_contents(d, ignore);
+    closedir(d);
+    if (also_delete_dir) {
+        if (rmdir(pathname)) {
+            ALOGE("Couldn't rmdir %s: %s\n", pathname, strerror(errno));
+            res = -1;
+        }
+    }
+    return res;
+}
+
+int delete_dir_contents_fd(int dfd, const char *name)
+{
+    int fd, res;
+    DIR *d;
+
+    fd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
+    if (fd < 0) {
+        ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
+        return -1;
+    }
+    d = fdopendir(fd);
+    if (d == NULL) {
+        ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
+        close(fd);
+        return -1;
+    }
+    res = _delete_dir_contents(d, 0);
+    closedir(d);
+    return res;
+}
+
+int lookup_media_dir(char basepath[PATH_MAX], const char *dir)
+{
+    DIR *d;
+    struct dirent *de;
+    struct stat s;
+    char* dirpos = basepath + strlen(basepath);
+
+    if ((*(dirpos-1)) != '/') {
+        *dirpos = '/';
+        dirpos++;
+    }
+
+    CACHE_NOISY(ALOGI("Looking up %s in %s\n", dir, basepath));
+    // Verify the path won't extend beyond our buffer, to avoid
+    // repeated checking later.
+    if ((dirpos-basepath+strlen(dir)) >= (PATH_MAX-1)) {
+        ALOGW("Path exceeds limit: %s%s", basepath, dir);
+        return -1;
+    }
+
+    // First, can we find this directory with the case that is given?
+    strcpy(dirpos, dir);
+    if (stat(basepath, &s) >= 0) {
+        CACHE_NOISY(ALOGI("Found direct: %s\n", basepath));
+        return 0;
+    }
+
+    // Not found with that case...  search through all entries to find
+    // one that matches regardless of case.
+    *dirpos = 0;
+
+    d = opendir(basepath);
+    if (d == NULL) {
+        return -1;
+    }
+
+    while ((de = readdir(d))) {
+        if (strcasecmp(de->d_name, dir) == 0) {
+            strcpy(dirpos, de->d_name);
+            closedir(d);
+            CACHE_NOISY(ALOGI("Found search: %s\n", basepath));
+            return 0;
+        }
+    }
+
+    ALOGW("Couldn't find %s in %s", dir, basepath);
+    closedir(d);
+    return -1;
+}
+
+int64_t data_disk_free()
+{
+    struct statfs sfs;
+    if (statfs(android_data_dir.path, &sfs) == 0) {
+        return sfs.f_bavail * sfs.f_bsize;
+    } else {
+        ALOGE("Couldn't statfs %s: %s\n", android_data_dir.path, strerror(errno));
+        return -1;
+    }
+}
+
+cache_t* start_cache_collection()
+{
+    cache_t* cache = (cache_t*)calloc(1, sizeof(cache_t));
+    return cache;
+}
+
+#define CACHE_BLOCK_SIZE (512*1024)
+
+static void* _cache_malloc(cache_t* cache, size_t len)
+{
+    len = (len+3)&~3;
+    if (len > (CACHE_BLOCK_SIZE/2)) {
+        // It doesn't make sense to try to put this allocation into one
+        // of our blocks, because it is so big.  Instead, make a new dedicated
+        // block for it.
+        int8_t* res = (int8_t*)malloc(len+sizeof(void*));
+        if (res == NULL) {
+            return NULL;
+        }
+        CACHE_NOISY(ALOGI("Allocated large cache mem block: %p size %d", res, len));
+        // Link it into our list of blocks, not disrupting the current one.
+        if (cache->memBlocks == NULL) {
+            *(void**)res = NULL;
+            cache->memBlocks = res;
+        } else {
+            *(void**)res = *(void**)cache->memBlocks;
+            *(void**)cache->memBlocks = res;
+        }
+        return res + sizeof(void*);
+    }
+    int8_t* res = cache->curMemBlockAvail;
+    int8_t* nextPos = res + len;
+    if (cache->memBlocks == NULL || nextPos > cache->curMemBlockEnd) {
+        int8_t* newBlock = malloc(CACHE_BLOCK_SIZE);
+        if (newBlock == NULL) {
+            return NULL;
+        }
+        CACHE_NOISY(ALOGI("Allocated new cache mem block: %p", newBlock));
+        *(void**)newBlock = cache->memBlocks;
+        cache->memBlocks = newBlock;
+        res = cache->curMemBlockAvail = newBlock + sizeof(void*);
+        cache->curMemBlockEnd = newBlock + CACHE_BLOCK_SIZE;
+        nextPos = res + len;
+    }
+    CACHE_NOISY(ALOGI("cache_malloc: ret %p size %d, block=%p, nextPos=%p",
+            res, len, cache->memBlocks, nextPos));
+    cache->curMemBlockAvail = nextPos;
+    return res;
+}
+
+static void* _cache_realloc(cache_t* cache, void* cur, size_t origLen, size_t len)
+{
+    // This isn't really a realloc, but it is good enough for our purposes here.
+    void* alloc = _cache_malloc(cache, len);
+    if (alloc != NULL && cur != NULL) {
+        memcpy(alloc, cur, origLen < len ? origLen : len);
+    }
+    return alloc;
+}
+
+static void _inc_num_cache_collected(cache_t* cache)
+{
+    cache->numCollected++;
+    if ((cache->numCollected%20000) == 0) {
+        ALOGI("Collected cache so far: %d directories, %d files",
+            cache->numDirs, cache->numFiles);
+    }
+}
+
+static cache_dir_t* _add_cache_dir_t(cache_t* cache, cache_dir_t* parent, const char *name)
+{
+    size_t nameLen = strlen(name);
+    cache_dir_t* dir = (cache_dir_t*)_cache_malloc(cache, sizeof(cache_dir_t)+nameLen+1);
+    if (dir != NULL) {
+        dir->parent = parent;
+        dir->childCount = 0;
+        dir->hiddenCount = 0;
+        dir->deleted = 0;
+        strcpy(dir->name, name);
+        if (cache->numDirs >= cache->availDirs) {
+            size_t newAvail = cache->availDirs < 1000 ? 1000 : cache->availDirs*2;
+            cache_dir_t** newDirs = (cache_dir_t**)_cache_realloc(cache, cache->dirs,
+                    cache->availDirs*sizeof(cache_dir_t*), newAvail*sizeof(cache_dir_t*));
+            if (newDirs == NULL) {
+                ALOGE("Failure growing cache dirs array for %s\n", name);
+                return NULL;
+            }
+            cache->availDirs = newAvail;
+            cache->dirs = newDirs;
+        }
+        cache->dirs[cache->numDirs] = dir;
+        cache->numDirs++;
+        if (parent != NULL) {
+            parent->childCount++;
+        }
+        _inc_num_cache_collected(cache);
+    } else {
+        ALOGE("Failure allocating cache_dir_t for %s\n", name);
+    }
+    return dir;
+}
+
+static cache_file_t* _add_cache_file_t(cache_t* cache, cache_dir_t* dir, time_t modTime,
+        const char *name)
+{
+    size_t nameLen = strlen(name);
+    cache_file_t* file = (cache_file_t*)_cache_malloc(cache, sizeof(cache_file_t)+nameLen+1);
+    if (file != NULL) {
+        file->dir = dir;
+        file->modTime = modTime;
+        strcpy(file->name, name);
+        if (cache->numFiles >= cache->availFiles) {
+            size_t newAvail = cache->availFiles < 1000 ? 1000 : cache->availFiles*2;
+            cache_file_t** newFiles = (cache_file_t**)_cache_realloc(cache, cache->files,
+                    cache->availFiles*sizeof(cache_file_t*), newAvail*sizeof(cache_file_t*));
+            if (newFiles == NULL) {
+                ALOGE("Failure growing cache file array for %s\n", name);
+                return NULL;
+            }
+            cache->availFiles = newAvail;
+            cache->files = newFiles;
+        }
+        CACHE_NOISY(ALOGI("Setting file %p at position %d in array %p", file,
+                cache->numFiles, cache->files));
+        cache->files[cache->numFiles] = file;
+        cache->numFiles++;
+        dir->childCount++;
+        _inc_num_cache_collected(cache);
+    } else {
+        ALOGE("Failure allocating cache_file_t for %s\n", name);
+    }
+    return file;
+}
+
+static int _add_cache_files(cache_t *cache, cache_dir_t *parentDir, const char *dirName,
+        DIR* dir, char *pathBase, char *pathPos, size_t pathAvailLen)
+{
+    struct dirent *de;
+    cache_dir_t* cacheDir = NULL;
+    int dfd;
+
+    CACHE_NOISY(ALOGI("_add_cache_files: parent=%p dirName=%s dir=%p pathBase=%s",
+            parentDir, dirName, dir, pathBase));
+
+    dfd = dirfd(dir);
+
+    if (dfd < 0) return 0;
+
+    // Sub-directories always get added to the data structure, so if they
+    // are empty we will know about them to delete them later.
+    cacheDir = _add_cache_dir_t(cache, parentDir, dirName);
+
+    while ((de = readdir(dir))) {
+        const char *name = de->d_name;
+
+        if (de->d_type == DT_DIR) {
+            int subfd;
+            DIR *subdir;
+
+                /* always skip "." and ".." */
+            if (name[0] == '.') {
+                if (name[1] == 0) continue;
+                if ((name[1] == '.') && (name[2] == 0)) continue;
+            }
+
+            subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
+            if (subfd < 0) {
+                ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
+                continue;
+            }
+            subdir = fdopendir(subfd);
+            if (subdir == NULL) {
+                ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
+                close(subfd);
+                continue;
+            }
+            if (cacheDir == NULL) {
+                cacheDir = _add_cache_dir_t(cache, parentDir, dirName);
+            }
+            if (cacheDir != NULL) {
+                // Update pathBase for the new path...  this may change dirName
+                // if that is also pointing to the path, but we are done with it
+                // now.
+                size_t finallen = snprintf(pathPos, pathAvailLen, "/%s", name);
+                CACHE_NOISY(ALOGI("Collecting dir %s\n", pathBase));
+                if (finallen < pathAvailLen) {
+                    _add_cache_files(cache, cacheDir, name, subdir, pathBase,
+                            pathPos+finallen, pathAvailLen-finallen);
+                } else {
+                    // Whoops, the final path is too long!  We'll just delete
+                    // this directory.
+                    ALOGW("Cache dir %s truncated in path %s; deleting dir\n",
+                            name, pathBase);
+                    _delete_dir_contents(subdir, NULL);
+                    if (unlinkat(dfd, name, AT_REMOVEDIR) < 0) {
+                        ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
+                    }
+                }
+            }
+            closedir(subdir);
+        } else if (de->d_type == DT_REG) {
+            // Skip files that start with '.'; they will be deleted if
+            // their entire directory is deleted.  This allows for metadata
+            // like ".nomedia" to remain in the directory until the entire
+            // directory is deleted.
+            if (cacheDir == NULL) {
+                cacheDir = _add_cache_dir_t(cache, parentDir, dirName);
+            }
+            if (name[0] == '.') {
+                cacheDir->hiddenCount++;
+                continue;
+            }
+            if (cacheDir != NULL) {
+                // Build final full path for file...  this may change dirName
+                // if that is also pointing to the path, but we are done with it
+                // now.
+                size_t finallen = snprintf(pathPos, pathAvailLen, "/%s", name);
+                CACHE_NOISY(ALOGI("Collecting file %s\n", pathBase));
+                if (finallen < pathAvailLen) {
+                    struct stat s;
+                    if (stat(pathBase, &s) >= 0) {
+                        _add_cache_file_t(cache, cacheDir, s.st_mtime, name);
+                    } else {
+                        ALOGW("Unable to stat cache file %s; deleting\n", pathBase);
+                        if (unlink(pathBase) < 0) {
+                            ALOGE("Couldn't unlink %s: %s\n", pathBase, strerror(errno));
+                        }
+                    }
+                } else {
+                    // Whoops, the final path is too long!  We'll just delete
+                    // this file.
+                    ALOGW("Cache file %s truncated in path %s; deleting\n",
+                            name, pathBase);
+                    if (unlinkat(dfd, name, 0) < 0) {
+                        *pathPos = 0;
+                        ALOGE("Couldn't unlinkat %s in %s: %s\n", name, pathBase,
+                                strerror(errno));
+                    }
+                }
+            }
+        } else {
+            cacheDir->hiddenCount++;
+        }
+    }
+    return 0;
+}
+
+void add_cache_files(cache_t* cache, const char *basepath, const char *cachedir)
+{
+    DIR *d;
+    struct dirent *de;
+    char dirname[PATH_MAX];
+
+    CACHE_NOISY(ALOGI("add_cache_files: base=%s cachedir=%s\n", basepath, cachedir));
+
+    d = opendir(basepath);
+    if (d == NULL) {
+        return;
+    }
+
+    while ((de = readdir(d))) {
+        if (de->d_type == DT_DIR) {
+            DIR* subdir;
+            const char *name = de->d_name;
+            char* pathpos;
+
+                /* always skip "." and ".." */
+            if (name[0] == '.') {
+                if (name[1] == 0) continue;
+                if ((name[1] == '.') && (name[2] == 0)) continue;
+            }
+
+            strcpy(dirname, basepath);
+            pathpos = dirname + strlen(dirname);
+            if ((*(pathpos-1)) != '/') {
+                *pathpos = '/';
+                pathpos++;
+                *pathpos = 0;
+            }
+            if (cachedir != NULL) {
+                snprintf(pathpos, sizeof(dirname)-(pathpos-dirname), "%s/%s", name, cachedir);
+            } else {
+                snprintf(pathpos, sizeof(dirname)-(pathpos-dirname), "%s", name);
+            }
+            CACHE_NOISY(ALOGI("Adding cache files from dir: %s\n", dirname));
+            subdir = opendir(dirname);
+            if (subdir != NULL) {
+                size_t dirnameLen = strlen(dirname);
+                _add_cache_files(cache, NULL, dirname, subdir, dirname, dirname+dirnameLen,
+                        PATH_MAX - dirnameLen);
+                closedir(subdir);
+            }
+        }
+    }
+
+    closedir(d);
+}
+
+static char *create_dir_path(char path[PATH_MAX], cache_dir_t* dir)
+{
+    char *pos = path;
+    if (dir->parent != NULL) {
+        pos = create_dir_path(path, dir->parent);
+    }
+    // Note that we don't need to worry about going beyond the buffer,
+    // since when we were constructing the cache entries our maximum
+    // buffer size for full paths was PATH_MAX.
+    strcpy(pos, dir->name);
+    pos += strlen(pos);
+    *pos = '/';
+    pos++;
+    *pos = 0;
+    return pos;
+}
+
+static void delete_cache_dir(char path[PATH_MAX], cache_dir_t* dir)
+{
+    if (dir->parent != NULL) {
+        create_dir_path(path, dir);
+        ALOGI("DEL DIR %s\n", path);
+        if (dir->hiddenCount <= 0) {
+            if (rmdir(path)) {
+                ALOGE("Couldn't rmdir %s: %s\n", path, strerror(errno));
+                return;
+            }
+        } else {
+            // The directory contains hidden files so we need to delete
+            // them along with the directory itself.
+            if (delete_dir_contents(path, 1, NULL)) {
+                return;
+            }
+        }
+        dir->parent->childCount--;
+        dir->deleted = 1;
+        if (dir->parent->childCount <= 0) {
+            delete_cache_dir(path, dir->parent);
+        }
+    } else if (dir->hiddenCount > 0) {
+        // This is a root directory, but it has hidden files.  Get rid of
+        // all of those files, but not the directory itself.
+        create_dir_path(path, dir);
+        ALOGI("DEL CONTENTS %s\n", path);
+        delete_dir_contents(path, 0, NULL);
+    }
+}
+
+static int cache_modtime_sort(const void *lhsP, const void *rhsP)
+{
+    const cache_file_t *lhs = *(const cache_file_t**)lhsP;
+    const cache_file_t *rhs = *(const cache_file_t**)rhsP;
+    return lhs->modTime < rhs->modTime ? -1 : (lhs->modTime > rhs->modTime ? 1 : 0);
+}
+
+void clear_cache_files(cache_t* cache, int64_t free_size)
+{
+    size_t i;
+    int skip = 0;
+    char path[PATH_MAX];
+
+    ALOGI("Collected cache files: %d directories, %d files",
+        cache->numDirs, cache->numFiles);
+
+    CACHE_NOISY(ALOGI("Sorting files..."));
+    qsort(cache->files, cache->numFiles, sizeof(cache_file_t*),
+            cache_modtime_sort);
+
+    CACHE_NOISY(ALOGI("Cleaning empty directories..."));
+    for (i=cache->numDirs; i>0; i--) {
+        cache_dir_t* dir = cache->dirs[i-1];
+        if (dir->childCount <= 0 && !dir->deleted) {
+            delete_cache_dir(path, dir);
+        }
+    }
+
+    CACHE_NOISY(ALOGI("Trimming files..."));
+    for (i=0; i<cache->numFiles; i++) {
+        skip++;
+        if (skip > 10) {
+            if (data_disk_free() > free_size) {
+                return;
+            }
+            skip = 0;
+        }
+        cache_file_t* file = cache->files[i];
+        strcpy(create_dir_path(path, file->dir), file->name);
+        ALOGI("DEL (mod %d) %s\n", (int)file->modTime, path);
+        if (unlink(path) < 0) {
+            ALOGE("Couldn't unlink %s: %s\n", path, strerror(errno));
+        }
+        file->dir->childCount--;
+        if (file->dir->childCount <= 0) {
+            delete_cache_dir(path, file->dir);
+        }
+    }
+}
+
+void finish_cache_collection(cache_t* cache)
+{
+    size_t i;
+
+    CACHE_NOISY(ALOGI("clear_cache_files: %d dirs, %d files\n", cache->numDirs, cache->numFiles));
+    CACHE_NOISY(
+        for (i=0; i<cache->numDirs; i++) {
+            cache_dir_t* dir = cache->dirs[i];
+            ALOGI("dir #%d: %p %s parent=%p\n", i, dir, dir->name, dir->parent);
+        })
+    CACHE_NOISY(
+        for (i=0; i<cache->numFiles; i++) {
+            cache_file_t* file = cache->files[i];
+            ALOGI("file #%d: %p %s time=%d dir=%p\n", i, file, file->name,
+                    (int)file->modTime, file->dir);
+        })
+    void* block = cache->memBlocks;
+    while (block != NULL) {
+        void* nextBlock = *(void**)block;
+        CACHE_NOISY(ALOGI("Freeing cache mem block: %p", block));
+        free(block);
+        block = nextBlock;
+    }
+    free(cache);
+}
+
+/**
+ * Checks whether a path points to a system app (.apk file). Returns 0
+ * if it is a system app or -1 if it is not.
+ */
+int validate_system_app_path(const char* path) {
+    size_t i;
+
+    for (i = 0; i < android_system_dirs.count; i++) {
+        const size_t dir_len = android_system_dirs.dirs[i].len;
+        if (!strncmp(path, android_system_dirs.dirs[i].path, dir_len)) {
+            if (path[dir_len] == '.' || strchr(path + dir_len, '/') != NULL) {
+                ALOGE("invalid system apk path '%s' (trickery)\n", path);
+                return -1;
+            }
+            return 0;
+        }
+    }
+
+    return -1;
+}
+
+/**
+ * Get the contents of a environment variable that contains a path. Caller
+ * owns the string that is inserted into the directory record. Returns
+ * 0 on success and -1 on error.
+ */
+int get_path_from_env(dir_rec_t* rec, const char* var) {
+    const char* path = getenv(var);
+    int ret = get_path_from_string(rec, path);
+    if (ret < 0) {
+        ALOGW("Problem finding value for environment variable %s\n", var);
+    }
+    return ret;
+}
+
+/**
+ * Puts the string into the record as a directory. Appends '/' to the end
+ * of all paths. Caller owns the string that is inserted into the directory
+ * record. A null value will result in an error.
+ *
+ * Returns 0 on success and -1 on error.
+ */
+int get_path_from_string(dir_rec_t* rec, const char* path) {
+    if (path == NULL) {
+        return -1;
+    } else {
+        const size_t path_len = strlen(path);
+        if (path_len <= 0) {
+            return -1;
+        }
+
+        // Make sure path is absolute.
+        if (path[0] != '/') {
+            return -1;
+        }
+
+        if (path[path_len - 1] == '/') {
+            // Path ends with a forward slash. Make our own copy.
+
+            rec->path = strdup(path);
+            if (rec->path == NULL) {
+                return -1;
+            }
+
+            rec->len = path_len;
+        } else {
+            // Path does not end with a slash. Generate a new string.
+            char *dst;
+
+            // Add space for slash and terminating null.
+            size_t dst_size = path_len + 2;
+
+            rec->path = malloc(dst_size);
+            if (rec->path == NULL) {
+                return -1;
+            }
+
+            dst = rec->path;
+
+            if (append_and_increment(&dst, path, &dst_size) < 0
+                    || append_and_increment(&dst, "/", &dst_size)) {
+                ALOGE("Error canonicalizing path");
+                return -1;
+            }
+
+            rec->len = dst - rec->path;
+        }
+    }
+    return 0;
+}
+
+int copy_and_append(dir_rec_t* dst, const dir_rec_t* src, const char* suffix) {
+    dst->len = src->len + strlen(suffix);
+    const size_t dstSize = dst->len + 1;
+    dst->path = (char*) malloc(dstSize);
+
+    if (dst->path == NULL
+            || snprintf(dst->path, dstSize, "%s%s", src->path, suffix)
+                    != (ssize_t) dst->len) {
+        ALOGE("Could not allocate memory to hold appended path; aborting\n");
+        return -1;
+    }
+
+    return 0;
+}
+
+/**
+ * Check whether path points to a valid path for an APK file. An ASEC
+ * directory is allowed to have one level of subdirectory names. Returns -1
+ * when an invalid path is encountered and 0 when a valid path is encountered.
+ */
+int validate_apk_path(const char *path)
+{
+    int allowsubdir = 0;
+    char *subdir = NULL;
+    size_t dir_len;
+    size_t path_len;
+
+    if (!strncmp(path, android_app_dir.path, android_app_dir.len)) {
+        dir_len = android_app_dir.len;
+    } else if (!strncmp(path, android_app_private_dir.path, android_app_private_dir.len)) {
+        dir_len = android_app_private_dir.len;
+    } else if (!strncmp(path, android_asec_dir.path, android_asec_dir.len)) {
+        dir_len = android_asec_dir.len;
+        allowsubdir = 1;
+    } else {
+        ALOGE("invalid apk path '%s' (bad prefix)\n", path);
+        return -1;
+    }
+
+    path_len = strlen(path);
+
+    /*
+     * Only allow the path to have a subdirectory if it's been marked as being allowed.
+     */
+    if ((subdir = strchr(path + dir_len, '/')) != NULL) {
+        ++subdir;
+        if (!allowsubdir
+                || (path_len > (size_t) (subdir - path) && (strchr(subdir, '/') != NULL))) {
+            ALOGE("invalid apk path '%s' (subdir?)\n", path);
+            return -1;
+        }
+    }
+
+    /*
+     *  Directories can't have a period directly after the directory markers
+     *  to prevent ".."
+     */
+    if (path[dir_len] == '.'
+            || (subdir != NULL && ((*subdir == '.') || (strchr(subdir, '/') != NULL)))) {
+        ALOGE("invalid apk path '%s' (trickery)\n", path);
+        return -1;
+    }
+
+    return 0;
+}
+
+int append_and_increment(char** dst, const char* src, size_t* dst_size) {
+    ssize_t ret = strlcpy(*dst, src, *dst_size);
+    if (ret < 0 || (size_t) ret >= *dst_size) {
+        return -1;
+    }
+    *dst += ret;
+    *dst_size -= ret;
+    return 0;
+}
+
+char *build_string2(char *s1, char *s2) {
+    if (s1 == NULL || s2 == NULL) return NULL;
+
+    int len_s1 = strlen(s1);
+    int len_s2 = strlen(s2);
+    int len = len_s1 + len_s2 + 1;
+    char *result = malloc(len);
+    if (result == NULL) return NULL;
+
+    strcpy(result, s1);
+    strcpy(result + len_s1, s2);
+
+    return result;
+}
+
+char *build_string3(char *s1, char *s2, char *s3) {
+    if (s1 == NULL || s2 == NULL || s3 == NULL) return NULL;
+
+    int len_s1 = strlen(s1);
+    int len_s2 = strlen(s2);
+    int len_s3 = strlen(s3);
+    int len = len_s1 + len_s2 + len_s3 + 1;
+    char *result = malloc(len);
+    if (result == NULL) return NULL;
+
+    strcpy(result, s1);
+    strcpy(result + len_s1, s2);
+    strcpy(result + len_s1 + len_s2, s3);
+
+    return result;
+}
+
+/* Ensure that /data/media directories are prepared for given user. */
+int ensure_media_user_dirs(userid_t userid) {
+    char media_user_path[PATH_MAX];
+    char path[PATH_MAX];
+
+    // Ensure /data/media/<userid> exists
+    create_persona_media_path(media_user_path, userid);
+    if (fs_prepare_dir(media_user_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW) == -1) {
+        return -1;
+    }
+
+    return 0;
+}