| /* |
| * Copyright (C) 2024 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include "dexopt_chroot_setup.h" |
| |
| #include <linux/mount.h> |
| #include <sched.h> |
| #include <sys/mount.h> |
| #include <sys/stat.h> |
| #include <sys/types.h> |
| |
| #include <algorithm> |
| #include <cerrno> |
| #include <chrono> |
| #include <cstring> |
| #include <filesystem> |
| #include <iterator> |
| #include <mutex> |
| #include <optional> |
| #include <regex> |
| #include <string> |
| #include <string_view> |
| #include <system_error> |
| #include <tuple> |
| #include <vector> |
| |
| #include "aidl/com/android/server/art/BnDexoptChrootSetup.h" |
| #include "android-base/errors.h" |
| #include "android-base/file.h" |
| #include "android-base/logging.h" |
| #include "android-base/no_destructor.h" |
| #include "android-base/properties.h" |
| #include "android-base/result.h" |
| #include "android-base/scopeguard.h" |
| #include "android-base/strings.h" |
| #include "android-base/unique_fd.h" |
| #include "android/binder_auto_utils.h" |
| #include "android/binder_manager.h" |
| #include "android/binder_process.h" |
| #include "base/file_utils.h" |
| #include "base/macros.h" |
| #include "base/os.h" |
| #include "base/stl_util.h" |
| #include "base/utils.h" |
| #include "exec_utils.h" |
| #include "fstab/fstab.h" |
| #include "tools/binder_utils.h" |
| #include "tools/cmdline_builder.h" |
| #include "tools/tools.h" |
| |
| namespace art { |
| namespace dexopt_chroot_setup { |
| |
| namespace { |
| |
| using ::android::base::ConsumePrefix; |
| using ::android::base::Error; |
| using ::android::base::GetProperty; |
| using ::android::base::Join; |
| using ::android::base::make_scope_guard; |
| using ::android::base::NoDestructor; |
| using ::android::base::ReadFileToString; |
| using ::android::base::Readlink; |
| using ::android::base::Result; |
| using ::android::base::SetProperty; |
| using ::android::base::Split; |
| using ::android::base::Tokenize; |
| using ::android::base::unique_fd; |
| using ::android::base::WaitForProperty; |
| using ::android::base::WriteStringToFile; |
| using ::android::fs_mgr::FstabEntry; |
| using ::art::tools::CmdlineBuilder; |
| using ::art::tools::Fatal; |
| using ::art::tools::GetProcMountsDescendantsOfPath; |
| using ::art::tools::NonFatal; |
| using ::art::tools::PathStartsWith; |
| using ::ndk::ScopedAStatus; |
| |
| constexpr const char* kServiceName = "dexopt_chroot_setup"; |
| const NoDestructor<std::string> kBindMountTmpDir( |
| std::string(DexoptChrootSetup::PRE_REBOOT_DEXOPT_DIR) + "/mount_tmp"); |
| const NoDestructor<std::string> kOtaSlotFile(std::string(DexoptChrootSetup::PRE_REBOOT_DEXOPT_DIR) + |
| "/ota_slot"); |
| const NoDestructor<std::string> kSnapshotMappedFile( |
| std::string(DexoptChrootSetup::PRE_REBOOT_DEXOPT_DIR) + "/snapshot_mapped"); |
| constexpr mode_t kChrootDefaultMode = 0755; |
| constexpr std::chrono::milliseconds kSnapshotCtlTimeout = std::chrono::seconds(60); |
| constexpr std::array<const char*, 4> kExternalLibDirs = { |
| "/system/lib", "/system/lib64", "/system_ext/lib", "/system_ext/lib64"}; |
| |
| bool IsOtaUpdate(const std::optional<std::string>& ota_slot) { return ota_slot.has_value(); } |
| |
| Result<void> Run(std::string_view log_name, const std::vector<std::string>& args) { |
| LOG(INFO) << "Running " << log_name << ": " << Join(args, /*separator=*/" "); |
| |
| std::string error_msg; |
| if (!Exec(args, &error_msg)) { |
| return Errorf("Failed to run {}: {}", log_name, error_msg); |
| } |
| |
| LOG(INFO) << log_name << " returned code 0"; |
| return {}; |
| } |
| |
| Result<CmdlineBuilder> GetArtExecCmdlineBuilder() { |
| std::string error_msg; |
| std::string art_root = GetArtRootSafe(&error_msg); |
| if (!error_msg.empty()) { |
| return Error() << error_msg; |
| } |
| CmdlineBuilder args; |
| args.Add(art_root + "/bin/art_exec") |
| .Add("--chroot=%s", DexoptChrootSetup::CHROOT_DIR) |
| .Add("--process-name-suffix=Pre-reboot Dexopt chroot"); |
| return args; |
| } |
| |
| Result<void> CreateDir(const std::string& path) { |
| std::error_code ec; |
| std::filesystem::create_directory(path, ec); |
| if (ec) { |
| return Errorf("Failed to create dir '{}': {}", path, ec.message()); |
| } |
| return {}; |
| } |
| |
| Result<bool> IsSymlink(const std::string& path) { |
| std::error_code ec; |
| bool res = std::filesystem::is_symlink(path, ec); |
| if (ec) { |
| return Errorf("Failed to create dir '{}': {}", path, ec.message()); |
| } |
| return res; |
| } |
| |
| Result<bool> IsSelfOrParentSymlink(const std::string& path) { |
| // We don't use `Realpath` because it does a `stat(2)` call which requires the SELinux "getattr" |
| // permission. which we don't have on all mount points. |
| unique_fd fd(open(path.c_str(), O_PATH | O_CLOEXEC)); |
| if (fd.get() < 0) { |
| return ErrnoErrorf("Failed to open '{}' to resolve real path", path); |
| } |
| std::string real_path; |
| if (!Readlink(ART_FORMAT("/proc/self/fd/{}", fd.get()), &real_path)) { |
| return ErrnoErrorf("Failed to resolve real path for '{}'", path); |
| } |
| return path != real_path; |
| } |
| |
| Result<void> Unmount(const std::string& target, bool logging = true) { |
| if (umount2(target.c_str(), UMOUNT_NOFOLLOW) == 0) { |
| LOG_IF(INFO, logging) << ART_FORMAT("Unmounted '{}'", target); |
| return {}; |
| } |
| LOG(WARNING) << ART_FORMAT( |
| "Failed to umount2 '{}': {}. Retrying with MNT_DETACH", target, strerror(errno)); |
| if (umount2(target.c_str(), UMOUNT_NOFOLLOW | MNT_DETACH) == 0) { |
| LOG_IF(INFO, logging) << ART_FORMAT("Unmounted '{}' with MNT_DETACH", target); |
| return {}; |
| } |
| return ErrnoErrorf("Failed to umount2 '{}'", target); |
| } |
| |
| // Bind-mounts `source` at `target` with the mount propagation type being "shared". You generally |
| // want to use `BindMount` instead. |
| // |
| // `BindMountDirect` is safe to use only if there is no child mount points under `target`. DO NOT |
| // mount or unmount under `target` because mount events propagate to `source`. |
| Result<void> BindMountDirect(const std::string& source, const std::string& target) { |
| // Don't follow symlinks. |
| CHECK(!OR_RETURN(IsSelfOrParentSymlink(target))) << target; |
| if (mount(source.c_str(), |
| target.c_str(), |
| /*fs_type=*/nullptr, |
| MS_BIND, |
| /*data=*/nullptr) != 0) { |
| return ErrnoErrorf("Failed to bind-mount '{}' at '{}'", source, target); |
| } |
| LOG(INFO) << ART_FORMAT("Bind-mounted '{}' at '{}'", source, target); |
| return {}; |
| } |
| |
| // Bind-mounts `source` at `target` with the mount propagation type being "slave+shared". |
| Result<void> BindMount(const std::string& source, const std::string& target) { |
| // Don't bind-mount repeatedly. |
| CHECK(!PathStartsWith(source, DexoptChrootSetup::CHROOT_DIR)); |
| // Don't follow symlinks. |
| CHECK(!OR_RETURN(IsSelfOrParentSymlink(target))) << target; |
| // system_server has a different mount namespace from init, and it uses slave mounts. E.g: |
| // |
| // a: init mount ns: shared(1): /foo |
| // b: init mount ns: shared(2): /mnt |
| // c: SS mount ns: slave(1): /foo |
| // d: SS mount ns: slave(2): /mnt |
| // |
| // We create our chroot setup in the init namespace but also want it to appear inside the |
| // system_server one, since we need to access some files in it from system_server (in particular |
| // service-art.jar). |
| // |
| // Hence we want the mount propagation type to be "slave+shared": Slave of the init namespace so |
| // that unmounts in the chroot doesn't affect the rest of the system, while at the same time |
| // shared with the system_server namespace so that it gets the same mounts recursively in the |
| // chroot tree. This can be achieved in 4 steps: |
| // |
| // 1. Bind-mount /foo at a temp mount point /mnt/pre_reboot_dexopt/mount_tmp. |
| // a: init mount ns: shared(1): /foo |
| // b: init mount ns: shared(2): /mnt |
| // e: init mount ns: shared(1): /mnt/pre_reboot_dexopt/mount_tmp |
| // c: SS mount ns: slave(1): /foo |
| // d: SS mount ns: slave(2): /mnt |
| // f: SS mount ns: slave(1): /mnt/pre_reboot_dexopt/mount_tmp |
| // |
| // 2. Make the temp mount point slave. |
| // a: init mount ns: shared(1): /foo |
| // b: init mount ns: shared(2): /mnt |
| // e: init mount ns: slave(1): /mnt/pre_reboot_dexopt/mount_tmp |
| // c: SS mount ns: slave(1): /foo |
| // d: SS mount ns: slave(2): /mnt |
| // f: SS mount ns: slave(1): /mnt/pre_reboot_dexopt/mount_tmp |
| // |
| // 3. Bind-mount the temp mount point at /mnt/pre_reboot_dexopt/chroot/foo. (The new mount point |
| // gets "slave+shared". It gets "slave" because the source (`e`) is "slave", and it gets |
| // "shared" because the dest (`b`) is "shared".) |
| // a: init mount ns: shared(1): /foo |
| // b: init mount ns: shared(2): /mnt |
| // e: init mount ns: slave(1): /mnt/pre_reboot_dexopt/mount_tmp |
| // g: init mount ns: slave(1),shared(3): /mnt/pre_reboot_dexopt/chroot/foo |
| // b: SS mount ns: slave(1): /foo |
| // d: SS mount ns: slave(2): /mnt |
| // f: SS mount ns: slave(1): /mnt/pre_reboot_dexopt/mount_tmp |
| // h: SS mount ns: slave(3): /mnt/pre_reboot_dexopt/chroot/foo |
| // |
| // 4. Unmount the temp mount point. |
| // a: init mount ns: shared(1): /foo |
| // b: init mount ns: shared(2): /mnt |
| // g: init mount ns: slave(1),shared(3): /mnt/pre_reboot_dexopt/chroot/foo |
| // b: SS mount ns: slave(1): /foo |
| // d: SS mount ns: slave(2): /mnt |
| // h: SS mount ns: slave(3): /mnt/pre_reboot_dexopt/chroot/foo |
| // |
| // At this point, we have achieved what we want. `g` is a slave of `a` so that unmounts in `g` |
| // doesn't affect `a`, and `g` is shared with `h` so that mounts in `g` are propagated to `h`. |
| OR_RETURN(CreateDir(*kBindMountTmpDir)); |
| if (mount(source.c_str(), |
| kBindMountTmpDir->c_str(), |
| /*fs_type=*/nullptr, |
| MS_BIND, |
| /*data=*/nullptr) != 0) { |
| return ErrnoErrorf("Failed to bind-mount '{}' at '{}' ('{}' -> '{}')", |
| source, |
| *kBindMountTmpDir, |
| source, |
| target); |
| } |
| auto cleanup = make_scope_guard([&]() { |
| Result<void> result = Unmount(*kBindMountTmpDir, /*logging=*/false); |
| if (!result.ok()) { |
| LOG(ERROR) << result.error().message(); |
| } |
| }); |
| if (mount(/*source=*/nullptr, |
| kBindMountTmpDir->c_str(), |
| /*fs_type=*/nullptr, |
| MS_SLAVE, |
| /*data=*/nullptr) != 0) { |
| return ErrnoErrorf( |
| "Failed to make mount slave for '{}' ('{}' -> '{}')", *kBindMountTmpDir, source, target); |
| } |
| if (mount(kBindMountTmpDir->c_str(), |
| target.c_str(), |
| /*fs_type=*/nullptr, |
| MS_BIND, |
| /*data=*/nullptr) != 0) { |
| return ErrnoErrorf("Failed to bind-mount '{}' at '{}' ('{}' -> '{}')", |
| *kBindMountTmpDir, |
| target, |
| source, |
| target); |
| } |
| LOG(INFO) << ART_FORMAT("Bind-mounted '{}' at '{}'", source, target); |
| return {}; |
| } |
| |
| Result<void> BindMountRecursive(const std::string& source, const std::string& target) { |
| CHECK(!source.ends_with('/')); |
| OR_RETURN(BindMount(source, target)); |
| |
| // Mount and make slave one by one. Do not use MS_REC because we don't want to mount a child if |
| // the parent cannot be slave (i.e., is shared). Otherwise, unmount events will be undesirably |
| // propagated to the source. For example, if "/dev" and "/dev/pts" are mounted at "/chroot/dev" |
| // and "/chroot/dev/pts" respectively, and "/chroot/dev" is shared, then unmounting |
| // "/chroot/dev/pts" will also unmount "/dev/pts". |
| // |
| // The list is in mount order. |
| std::vector<FstabEntry> entries = OR_RETURN(GetProcMountsDescendantsOfPath(source)); |
| for (const FstabEntry& entry : entries) { |
| CHECK(!entry.mount_point.ends_with('/')); |
| std::string_view sub_dir = entry.mount_point; |
| CHECK(ConsumePrefix(&sub_dir, source)); |
| if (sub_dir.empty()) { |
| // `source` itself. Already mounted. |
| continue; |
| } |
| OR_RETURN(BindMount(entry.mount_point, std::string(target).append(sub_dir))); |
| } |
| return {}; |
| } |
| |
| std::string GetBlockDeviceName(const std::string& partition, const std::string& slot) { |
| return ART_FORMAT("/dev/block/mapper/{}{}", partition, slot); |
| } |
| |
| Result<std::vector<std::string>> GetSupportedFilesystems() { |
| std::string content; |
| if (!ReadFileToString("/proc/filesystems", &content)) { |
| return ErrnoErrorf("Failed to read '/proc/filesystems'"); |
| } |
| std::vector<std::string> filesystems; |
| for (const std::string& line : Split(content, "\n")) { |
| std::vector<std::string> tokens = Tokenize(line, " \t"); |
| // If there are two tokens, the first token is a "nodev" mark, meaning it's not for a block |
| // device, so we skip it. |
| if (tokens.size() == 1) { |
| filesystems.push_back(tokens[0]); |
| } |
| } |
| // Prioritize the filesystems that are known to behave correctly, just in case some bad |
| // filesystems are unexpectedly happy to mount volumes that aren't of their types. We have never |
| // seen this case in practice though. |
| constexpr const char* kWellKnownFilesystems[] = {"erofs", "ext4"}; |
| for (const char* well_known_fs : kWellKnownFilesystems) { |
| auto it = std::find(filesystems.begin(), filesystems.end(), well_known_fs); |
| if (it != filesystems.end()) { |
| filesystems.erase(it); |
| filesystems.insert(filesystems.begin(), well_known_fs); |
| } |
| } |
| return filesystems; |
| } |
| |
| Result<void> Mount(const std::string& block_device, const std::string& target, bool is_optional) { |
| static const NoDestructor<Result<std::vector<std::string>>> supported_filesystems( |
| GetSupportedFilesystems()); |
| if (!supported_filesystems->ok()) { |
| return supported_filesystems->error(); |
| } |
| std::vector<std::string> error_msgs; |
| for (const std::string& filesystem : supported_filesystems->value()) { |
| if (mount(block_device.c_str(), |
| target.c_str(), |
| filesystem.c_str(), |
| MS_RDONLY, |
| /*data=*/nullptr) == 0) { |
| // Success. |
| LOG(INFO) << ART_FORMAT( |
| "Mounted '{}' at '{}' with type '{}'", block_device, target, filesystem); |
| return {}; |
| } else { |
| if (errno == ENOENT && is_optional) { |
| LOG(INFO) << ART_FORMAT("Skipped non-existing block device '{}'", block_device); |
| return {}; |
| } |
| error_msgs.push_back(ART_FORMAT("Tried '{}': {}", filesystem, strerror(errno))); |
| if (errno != EINVAL && errno != EBUSY) { |
| // If the filesystem type is wrong, `errno` must be either `EINVAL` or `EBUSY`. For example, |
| // we've seen that trying to mount a device with a wrong filesystem type yields `EBUSY` if |
| // the device is also mounted elsewhere, though we can't find any document about this |
| // behavior. |
| break; |
| } |
| } |
| } |
| return Errorf("Failed to mount '{}' at '{}':\n{}", block_device, target, Join(error_msgs, '\n')); |
| } |
| |
| Result<void> MountTmpfs(const std::string& target, std::string_view se_context) { |
| if (mount(/*source=*/"tmpfs", |
| target.c_str(), |
| /*fs_type=*/"tmpfs", |
| MS_NODEV | MS_NOEXEC | MS_NOSUID, |
| ART_FORMAT("mode={:#o},rootcontext={}", kChrootDefaultMode, se_context).c_str()) != 0) { |
| return ErrnoErrorf("Failed to mount tmpfs at '{}'", target); |
| } |
| return {}; |
| } |
| |
| Result<std::optional<std::string>> LoadOtaSlotFile() { |
| std::string content; |
| if (!ReadFileToString(*kOtaSlotFile, &content)) { |
| return ErrnoErrorf("Failed to read '{}'", *kOtaSlotFile); |
| } |
| if (content == "_a" || content == "_b") { |
| return content; |
| } |
| if (content.empty()) { |
| return std::nullopt; |
| } |
| return Errorf("Invalid content of '{}': '{}'", *kOtaSlotFile, content); |
| } |
| |
| Result<void> PatchLinkerConfigForCompatEnv() { |
| std::string art_linker_config_content; |
| if (!ReadFileToString(PathInChroot("/linkerconfig/com.android.art/ld.config.txt"), |
| &art_linker_config_content)) { |
| return ErrnoErrorf("Failed to read ART linker config"); |
| } |
| |
| std::string compat_section = |
| OR_RETURN(ConstructLinkerConfigCompatEnvSection(art_linker_config_content)); |
| |
| // Append the patched section to the global linker config. Because the compat env path doesn't |
| // start with "/apex", the global linker config is the one that takes effect. |
| std::string global_linker_config_path = PathInChroot("/linkerconfig/ld.config.txt"); |
| std::string global_linker_config_content; |
| if (!ReadFileToString(global_linker_config_path, &global_linker_config_content)) { |
| return ErrnoErrorf("Failed to read global linker config"); |
| } |
| |
| if (!WriteStringToFile("dir.com.android.art.compat = /mnt/compat_env/apex/com.android.art/bin\n" + |
| global_linker_config_content + compat_section, |
| global_linker_config_path)) { |
| return ErrnoErrorf("Failed to write global linker config"); |
| } |
| |
| LOG(INFO) << "Patched " << global_linker_config_path; |
| return {}; |
| } |
| |
| // Platform libraries communicate with things outside of chroot through unstable APIs. Examples are |
| // `libbinder_ndk.so` talking to `servicemanager` and `libcgrouprc.so` reading |
| // `/dev/cgroup_info/cgroup.rc`. To work around incompatibility issues, we bind-mount the old |
| // platform library directories into chroot so that both sides of a communication are old and |
| // therefore align with each other. |
| // After bind-mounting old platform libraries, the chroot environment has a combination of new |
| // modules and old platform libraries. We currently use the new linker config in such an |
| // environment, which is potentially problematic. If we start to see problems, we should consider |
| // generating a more correct linker config in a more complex way. |
| Result<void> PrepareExternalLibDirs() { |
| std::vector<const char*> existing_lib_dirs; |
| std::copy_if(kExternalLibDirs.begin(), |
| kExternalLibDirs.end(), |
| std::back_inserter(existing_lib_dirs), |
| OS::DirectoryExists); |
| if (existing_lib_dirs.empty()) { |
| return Errorf("Unexpectedly missing platform library directories. Tried '{}'", |
| android::base::Join(kExternalLibDirs, "', '")); |
| } |
| |
| // We should bind-mount all existing lib dirs or none of them. Try the first one to decide what |
| // to do next. |
| Result<void> result = BindMount(existing_lib_dirs[0], PathInChroot(existing_lib_dirs[0])); |
| if (result.ok()) { |
| for (size_t i = 1; i < existing_lib_dirs.size(); i++) { |
| OR_RETURN(BindMount(existing_lib_dirs[i], PathInChroot(existing_lib_dirs[i]))); |
| } |
| } else if (result.error().code() == EACCES) { |
| // We don't have the permission to do so on V. Fall back to bind-mounting elsewhere. |
| LOG(WARNING) << result.error().message(); |
| |
| OR_RETURN(CreateDir(PathInChroot("/mnt/compat_env"))); |
| OR_RETURN(CreateDir(PathInChroot("/mnt/compat_env/system"))); |
| OR_RETURN(CreateDir(PathInChroot("/mnt/compat_env/system_ext"))); |
| OR_RETURN(CreateDir(PathInChroot("/mnt/compat_env/apex"))); |
| OR_RETURN(CreateDir(PathInChroot("/mnt/compat_env/apex/com.android.art"))); |
| OR_RETURN(CreateDir(PathInChroot("/mnt/compat_env/apex/com.android.art/bin"))); |
| OR_RETURN(BindMountDirect(PathInChroot("/apex/com.android.art/bin"), |
| PathInChroot("/mnt/compat_env/apex/com.android.art/bin"))); |
| for (const char* lib_dir : existing_lib_dirs) { |
| OR_RETURN(CreateDir(PathInChroot("/mnt/compat_env") + lib_dir)); |
| OR_RETURN(BindMountDirect(lib_dir, PathInChroot("/mnt/compat_env") + lib_dir)); |
| } |
| |
| OR_RETURN(PatchLinkerConfigForCompatEnv()); |
| } else { |
| return result; |
| } |
| |
| return {}; |
| } |
| |
| } // namespace |
| |
| ScopedAStatus DexoptChrootSetup::setUp(const std::optional<std::string>& in_otaSlot, |
| bool in_mapSnapshotsForOta) { |
| if (!mu_.try_lock()) { |
| return Fatal("Unexpected concurrent calls"); |
| } |
| std::lock_guard<std::mutex> lock(mu_, std::adopt_lock); |
| |
| if (in_otaSlot.has_value() && (in_otaSlot.value() != "_a" && in_otaSlot.value() != "_b")) { |
| return Fatal(ART_FORMAT("Invalid OTA slot '{}'", in_otaSlot.value())); |
| } |
| OR_RETURN_NON_FATAL(SetUpChroot(in_otaSlot, in_mapSnapshotsForOta)); |
| return ScopedAStatus::ok(); |
| } |
| |
| ScopedAStatus DexoptChrootSetup::init() { |
| if (!mu_.try_lock()) { |
| return Fatal("Unexpected concurrent calls"); |
| } |
| std::lock_guard<std::mutex> lock(mu_, std::adopt_lock); |
| |
| if (OS::FileExists(PathInChroot("/linkerconfig/ld.config.txt").c_str())) { |
| return Fatal("init must not be repeatedly called"); |
| } |
| |
| OR_RETURN_NON_FATAL(InitChroot()); |
| return ScopedAStatus::ok(); |
| } |
| |
| ScopedAStatus DexoptChrootSetup::tearDown(bool in_allowConcurrent) { |
| if (in_allowConcurrent) { |
| // Normally, we don't expect concurrent calls, but this method may be called upon system server |
| // restart when another call initiated by the previous system_server instance is still being |
| // processed. |
| mu_.lock(); |
| } else { |
| if (!mu_.try_lock()) { |
| return Fatal("Unexpected concurrent calls"); |
| } |
| } |
| std::lock_guard<std::mutex> lock(mu_, std::adopt_lock); |
| |
| OR_RETURN_NON_FATAL(TearDownChroot()); |
| return ScopedAStatus::ok(); |
| } |
| |
| Result<void> DexoptChrootSetup::Start() { |
| ScopedAStatus status = ScopedAStatus::fromStatus( |
| AServiceManager_registerLazyService(this->asBinder().get(), kServiceName)); |
| if (!status.isOk()) { |
| return Error() << status.getDescription(); |
| } |
| |
| ABinderProcess_startThreadPool(); |
| |
| return {}; |
| } |
| |
| Result<void> DexoptChrootSetup::SetUpChroot(const std::optional<std::string>& ota_slot, |
| bool map_snapshots_for_ota) const { |
| // Set the default permission mode for new files and dirs to be `kChrootDefaultMode`. |
| umask(~kChrootDefaultMode & 0777); |
| |
| // In case there is some leftover. |
| OR_RETURN(TearDownChroot()); |
| |
| // Prepare the root dir of chroot. The parent directory has been created by init (see `init.rc`). |
| OR_RETURN(CreateDir(CHROOT_DIR)); |
| LOG(INFO) << ART_FORMAT("Created '{}'", CHROOT_DIR); |
| |
| std::vector<std::tuple<std::string, std::string>> additional_system_partitions = { |
| {"system_ext", "/system_ext"}, |
| {"vendor", "/vendor"}, |
| {"product", "/product"}, |
| }; |
| |
| std::string partitions_from_sysprop = |
| GetProperty(kAdditionalPartitionsSysprop, /*default_value=*/""); |
| std::vector<std::string_view> partitions_from_sysprop_entries; |
| art::Split(partitions_from_sysprop, ',', &partitions_from_sysprop_entries); |
| for (std::string_view entry : partitions_from_sysprop_entries) { |
| std::vector<std::string_view> pair; |
| art::Split(entry, ':', &pair); |
| if (pair.size() != 2 || pair[0].empty() || pair[1].empty() || !pair[1].starts_with('/')) { |
| return Errorf("Malformed entry in '{}': '{}'", kAdditionalPartitionsSysprop, entry); |
| } |
| additional_system_partitions.emplace_back(std::string(pair[0]), std::string(pair[1])); |
| } |
| |
| if (!IsOtaUpdate(ota_slot)) { // Mainline update |
| OR_RETURN(BindMount("/", CHROOT_DIR)); |
| // Normally, we don't need to bind-mount "/system" because it's a part of the image mounted at |
| // "/". However, when readonly partitions are remounted read-write, an overlay is created at |
| // "/system", so we need to bind-mount "/system" to handle this case. On devices where readonly |
| // partitions are not remounted, bind-mounting "/system" doesn't hurt. |
| OR_RETURN(BindMount("/system", PathInChroot("/system"))); |
| for (const auto& [partition, mount_point] : additional_system_partitions) { |
| // Some additional partitions are optional. On a device where an additional partition doesn't |
| // exist, the mount point of the partition is a symlink to a directory inside /system. |
| if (!OR_RETURN(IsSymlink(mount_point))) { |
| OR_RETURN(BindMount(mount_point, PathInChroot(mount_point))); |
| } |
| } |
| } else { |
| CHECK(ota_slot.value() == "_a" || ota_slot.value() == "_b"); |
| |
| if (map_snapshots_for_ota) { |
| // Write the file early in case `snapshotctl map` fails in the middle, leaving some devices |
| // mapped. We don't assume that `snapshotctl map` is transactional. |
| if (!WriteStringToFile("", *kSnapshotMappedFile)) { |
| return ErrnoErrorf("Failed to write '{}'", *kSnapshotMappedFile); |
| } |
| |
| // Run `snapshotctl map` through init to map block devices. We can't run it ourselves because |
| // it requires the UID to be 0. See `sys.snapshotctl.map` in `init.rc`. |
| if (!SetProperty("sys.snapshotctl.map", "requested")) { |
| return Errorf("Failed to request snapshotctl map"); |
| } |
| if (!WaitForProperty("sys.snapshotctl.map", "finished", kSnapshotCtlTimeout)) { |
| return Errorf("snapshotctl timed out"); |
| } |
| |
| // We don't know whether snapshotctl succeeded or not, but if it failed, the mount operation |
| // below will fail with `ENOENT`. |
| OR_RETURN( |
| Mount(GetBlockDeviceName("system", ota_slot.value()), CHROOT_DIR, /*is_optional=*/false)); |
| } else { |
| // update_engine has mounted `system` at `/postinstall` for us. |
| OR_RETURN(BindMount("/postinstall", CHROOT_DIR)); |
| } |
| |
| for (const auto& [partition, mount_point] : additional_system_partitions) { |
| OR_RETURN(Mount(GetBlockDeviceName(partition, ota_slot.value()), |
| PathInChroot(mount_point), |
| /*is_optional=*/true)); |
| } |
| } |
| |
| OR_RETURN(MountTmpfs(PathInChroot("/apex"), "u:object_r:apex_mnt_dir:s0")); |
| OR_RETURN(MountTmpfs(PathInChroot("/linkerconfig"), "u:object_r:linkerconfig_file:s0")); |
| OR_RETURN(MountTmpfs(PathInChroot("/mnt"), "u:object_r:pre_reboot_dexopt_file:s0")); |
| OR_RETURN(CreateDir(PathInChroot("/mnt/artd_tmp"))); |
| OR_RETURN(MountTmpfs(PathInChroot("/mnt/artd_tmp"), "u:object_r:pre_reboot_dexopt_artd_file:s0")); |
| OR_RETURN(CreateDir(PathInChroot("/mnt/expand"))); |
| |
| std::vector<std::string> bind_mount_srcs = { |
| // Data partitions. |
| "/data", |
| "/mnt/expand", |
| // Linux API filesystems. |
| "/dev", |
| "/proc", |
| "/sys", |
| // For apexd to query staged APEX sessions. |
| "/metadata", |
| }; |
| |
| for (const std::string& src : bind_mount_srcs) { |
| OR_RETURN(BindMountRecursive(src, PathInChroot(src))); |
| } |
| |
| if (!WriteStringToFile(ota_slot.value_or(""), *kOtaSlotFile)) { |
| return ErrnoErrorf("Failed to write '{}'", *kOtaSlotFile); |
| } |
| |
| return {}; |
| } |
| |
| Result<void> DexoptChrootSetup::InitChroot() const { |
| std::optional<std::string> ota_slot = OR_RETURN(LoadOtaSlotFile()); |
| |
| // Generate empty linker config to suppress warnings. |
| if (!android::base::WriteStringToFile("", PathInChroot("/linkerconfig/ld.config.txt"))) { |
| PLOG(WARNING) << "Failed to generate empty linker config to suppress warnings"; |
| } |
| |
| CmdlineBuilder args = OR_RETURN(GetArtExecCmdlineBuilder()); |
| args.Add("--") |
| .Add("/system/bin/apexd") |
| .Add("--otachroot-bootstrap") |
| .AddIf(!IsOtaUpdate(ota_slot), "--also-include-staged-apexes"); |
| OR_RETURN(Run("apexd", args.Get())); |
| |
| args = OR_RETURN(GetArtExecCmdlineBuilder()); |
| args.Add("--drop-capabilities") |
| .Add("--") |
| .Add("/apex/com.android.runtime/bin/linkerconfig") |
| .Add("--target") |
| .Add("/linkerconfig"); |
| OR_RETURN(Run("linkerconfig", args.Get())); |
| |
| if (IsOtaUpdate(ota_slot)) { |
| OR_RETURN(PrepareExternalLibDirs()); |
| } |
| |
| return {}; |
| } |
| |
| Result<void> DexoptChrootSetup::TearDownChroot() const { |
| // For mount points in `kExternalLibDirs`, make sure we have unmounted them before running apexd, |
| // as apexd expects new libraries. |
| // For mount points under "/mnt/compat_env", make sure we have unmounted them before running |
| // apexd, as apexd doesn't expect apexes to be in-use. |
| std::vector<FstabEntry> entries = OR_RETURN(GetProcMountsDescendantsOfPath(CHROOT_DIR)); |
| for (const FstabEntry entry : entries) { |
| std::string_view mount_point_in_chroot = entry.mount_point; |
| CHECK(ConsumePrefix(&mount_point_in_chroot, CHROOT_DIR)); |
| if (mount_point_in_chroot.empty()) { |
| continue; // The root mount. |
| } |
| if (ContainsElement(kExternalLibDirs, mount_point_in_chroot) || |
| PathStartsWith(mount_point_in_chroot, "/mnt/compat_env")) { |
| OR_RETURN(Unmount(entry.mount_point)); |
| } |
| } |
| |
| std::vector<FstabEntry> apex_entries = |
| OR_RETURN(GetProcMountsDescendantsOfPath(PathInChroot("/apex"))); |
| // If there is only one entry, it's /apex itself. |
| bool has_apex = apex_entries.size() > 1; |
| |
| if (has_apex && OS::FileExists(PathInChroot("/system/bin/apexd").c_str())) { |
| // Delegate to apexd to unmount all APEXes. It also cleans up loop devices. |
| CmdlineBuilder args = OR_RETURN(GetArtExecCmdlineBuilder()); |
| args.Add("--") |
| .Add("/system/bin/apexd") |
| .Add("--unmount-all") |
| .Add("--also-include-staged-apexes"); |
| OR_RETURN(Run("apexd", args.Get())); |
| } |
| |
| // Double check to make sure all APEXes are unmounted, just in case apexd incorrectly reported |
| // success. |
| apex_entries = OR_RETURN(GetProcMountsDescendantsOfPath(PathInChroot("/apex"))); |
| for (const FstabEntry& entry : apex_entries) { |
| if (entry.mount_point != PathInChroot("/apex")) { |
| return Errorf("apexd didn't unmount '{}'. See logs for details", entry.mount_point); |
| } |
| } |
| |
| // The list is in mount order. |
| entries = OR_RETURN(GetProcMountsDescendantsOfPath(CHROOT_DIR)); |
| for (auto it = entries.rbegin(); it != entries.rend(); it++) { |
| OR_RETURN(Unmount(it->mount_point)); |
| } |
| |
| std::error_code ec; |
| std::uintmax_t removed = std::filesystem::remove_all(CHROOT_DIR, ec); |
| if (ec) { |
| return Errorf("Failed to remove dir '{}': {}", CHROOT_DIR, ec.message()); |
| } |
| if (removed > 0) { |
| LOG(INFO) << ART_FORMAT("Removed '{}'", CHROOT_DIR); |
| } |
| |
| if (!OR_RETURN(GetProcMountsDescendantsOfPath(*kBindMountTmpDir)).empty()) { |
| OR_RETURN(Unmount(*kBindMountTmpDir)); |
| } |
| |
| std::filesystem::remove_all(*kBindMountTmpDir, ec); |
| if (ec) { |
| return Errorf("Failed to remove dir '{}': {}", *kBindMountTmpDir, ec.message()); |
| } |
| |
| std::filesystem::remove(*kOtaSlotFile, ec); |
| if (ec) { |
| return Errorf("Failed to remove file '{}': {}", *kOtaSlotFile, ec.message()); |
| } |
| |
| if (OS::FileExists(kSnapshotMappedFile->c_str())) { |
| if (!SetProperty("sys.snapshotctl.unmap", "requested")) { |
| return Errorf("Failed to request snapshotctl unmap"); |
| } |
| if (!WaitForProperty("sys.snapshotctl.unmap", "finished", kSnapshotCtlTimeout)) { |
| return Errorf("snapshotctl timed out"); |
| } |
| std::filesystem::remove(*kSnapshotMappedFile, ec); |
| if (ec) { |
| return Errorf("Failed to remove file '{}': {}", *kSnapshotMappedFile, ec.message()); |
| } |
| } |
| |
| return {}; |
| } |
| |
| std::string PathInChroot(std::string_view path) { |
| return std::string(DexoptChrootSetup::CHROOT_DIR).append(path); |
| } |
| |
| Result<std::string> ConstructLinkerConfigCompatEnvSection( |
| const std::string& art_linker_config_content) { |
| std::regex system_lib_re(R"re((=\s*|:)/(system(?:_ext)?/\$\{LIB\}))re"); |
| constexpr const char* kSystemLibFmt = "$1/mnt/compat_env/$2"; |
| |
| // Make a copy of the [com.android.art] section and patch particular lines. |
| std::string compat_section; |
| bool is_in_art_section = false; |
| bool replaced = false; |
| std::vector<std::string_view> art_linker_config_lines; |
| art::Split(art_linker_config_content, '\n', &art_linker_config_lines); |
| for (std::string_view line : art_linker_config_lines) { |
| if (!is_in_art_section && line == "[com.android.art]") { |
| is_in_art_section = true; |
| } else if (is_in_art_section && line.starts_with('[')) { |
| is_in_art_section = false; |
| } |
| |
| if (is_in_art_section) { |
| if (line == "[com.android.art]") { |
| compat_section += "[com.android.art.compat]\n"; |
| } else { |
| std::string patched_line = |
| std::regex_replace(std::string(line), system_lib_re, kSystemLibFmt); |
| if (line != patched_line) { |
| LOG(DEBUG) << ART_FORMAT("Replacing '{}' with '{}'", line, patched_line); |
| replaced = true; |
| } |
| compat_section += patched_line; |
| compat_section += '\n'; |
| } |
| } |
| } |
| if (!replaced) { |
| return Errorf("No matching lines to patch in ART linker config"); |
| } |
| return compat_section; |
| } |
| |
| } // namespace dexopt_chroot_setup |
| } // namespace art |