apexd/apex_file_repository.h - platform/system/apex - Git at Google

 /*
  * Copyright (C) 2019 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #pragma once

 #include <android-base/result.h>

 #include <functional>
 #include <optional>
 #include <string>
 #include <unordered_map>
 #include <unordered_set>
 #include <vector>

 #include "apex_constants.h"
 #include "apex_file.h"

 namespace android {
 namespace apex {

 using ApexFileRef = std::reference_wrapper<const android::apex::ApexFile>;

 // This class serves as a ApexFile repository for all apexes on device. It also
 // provides information about the ApexFiles it hosts, such as which are
 // pre-installed and which are data. Such information can be used, for example,
 // to verify validity of an apex before trying to mount it.
 //
 // It's expected to have a single instance of this class in a process that
 // mounts apexes (e.g. apexd, otapreopt_chroot).
 class ApexFileRepository final {
  public:
   // c-tors and d-tor are exposed for testing.
   explicit ApexFileRepository(
       const std::string& decompression_dir = kApexDecompressedDir)
       : decompression_dir_(decompression_dir){};
   explicit ApexFileRepository(
       bool enforce_multi_install_partition,
       const std::vector<std::string>& multi_install_select_prop_prefixes)
       : multi_install_select_prop_prefixes_(multi_install_select_prop_prefixes),
         enforce_multi_install_partition_(enforce_multi_install_partition){};

   explicit ApexFileRepository(const std::string& decompression_dir,
                               bool ignore_duplicate_apex_definitions)
       : ignore_duplicate_apex_definitions_(ignore_duplicate_apex_definitions),
         decompression_dir_(decompression_dir){};

   ~ApexFileRepository() {
     pre_installed_store_.clear();
     data_store_.clear();
   };

   // Returns a singletone instance of this class.
   static ApexFileRepository& GetInstance();

   // Populate instance by collecting pre-installed apex files from the given
   // |prebuilt_dirs|.
   // Note: this call is **not thread safe** and is expected to be performed in a
   // single thread during initialization of apexd. After initialization is
   // finished, all queries to the instance are thread safe.
   android::base::Result<void> AddPreInstalledApex(
       const std::vector<std::string>& prebuilt_dirs);

   // Populate instance by collecting host-provided apex files via
   // |metadata_partition|. Host can provide its apexes to a VM instance via the
   // virtual disk image which has partitions: (see
   // /packages/modules/Virtualization/microdroid for the details)
   //  - metadata partition(/dev/block/vd*1) should be accessed by
   //  setting the system property apexd.payload_metadata.prop. On microdroid,
   //  this is /dev/block/by-name/payload-metadata.
   //  - each subsequence partition(/dev/block/vd*{2,3,..}) represents an APEX
   //  archive.
   // It will fail if there is more than one apex with the same name in
   // pre-installed and block apexes. Note: this call is **not thread safe** and
   // is expected to be performed in a single thread during initialization of
   // apexd. After initialization is finished, all queries to the instance are
   // thread safe.
   // This will return the number of block apexes that were added.
   android::base::Result<int> AddBlockApex(
       const std::string& metadata_partition);

   // Populate instance by collecting data apex files from the given |data_dir|.
   // Note: this call is **not thread safe** and is expected to be performed in a
   // single thread during initialization of apexd. After initialization is
   // finished, all queries to the instance are thread safe.
   android::base::Result<void> AddDataApex(const std::string& data_dir);

   // Returns trusted public key for an apex with the given |name|.
   android::base::Result<const std::string> GetPublicKey(
       const std::string& name) const;

   // Returns path to the pre-installed version of an apex with the given |name|.
   android::base::Result<const std::string> GetPreinstalledPath(
       const std::string& name) const;

   // Returns path to the data version of an apex with the given |name|.
   android::base::Result<const std::string> GetDataPath(
       const std::string& name) const;

   // Returns root digest of an apex with the given |path| for block apexes.
   std::optional<std::string> GetBlockApexRootDigest(
       const std::string& path) const;

   // Returns timestamp to be used for the block apex of the given |path|.
   std::optional<int64_t> GetBlockApexLastUpdateSeconds(
       const std::string& path) const;

   // Checks whether there is a pre-installed version of an apex with the given
   // |name|.
   bool HasPreInstalledVersion(const std::string& name) const;

   // Checks whether there is a data version of an apex with the given |name|.
   bool HasDataVersion(const std::string& name) const;

   // Checks if given |apex| is pre-installed.
   bool IsPreInstalledApex(const ApexFile& apex) const;

   // Checks if given |apex| is decompressed from a pre-installed APEX
   bool IsDecompressedApex(const ApexFile& apex) const;

   // Checks if given |apex| is loaded from block device.
   bool IsBlockApex(const ApexFile& apex) const;

   // Returns reference to all pre-installed APEX on device
   std::vector<ApexFileRef> GetPreInstalledApexFiles() const;

   // Returns reference to all data APEX on device
   std::vector<ApexFileRef> GetDataApexFiles() const;

   // Group all ApexFiles on device by their package name
   std::unordered_map<std::string, std::vector<ApexFileRef>> AllApexFilesByName()
       const;

   // Returns a pre-installed version of apex with the given name. Caller is
   // expected to check if there is a pre-installed apex with the given name
   // using |HasPreinstalledVersion| function.
   ApexFileRef GetPreInstalledApex(const std::string& name) const;
   // Returns a data version of apex with the given name. Caller is
   // expected to check if there is a data apex with the given name
   // using |HasDataVersion| function.
   ApexFileRef GetDataApex(const std::string& name) const;

   // Clears ApexFileRepostiry.
   // Only use in tests.
   void Reset(const std::string& decompression_dir = kApexDecompressedDir) {
     pre_installed_store_.clear();
     data_store_.clear();
     block_apex_overrides_.clear();
     decompression_dir_ = decompression_dir;
     block_disk_path_.reset();
   }

  private:
   // Non-copyable && non-moveable.
   ApexFileRepository(const ApexFileRepository&) = delete;
   ApexFileRepository& operator=(const ApexFileRepository&) = delete;
   ApexFileRepository& operator=(ApexFileRepository&&) = delete;
   ApexFileRepository(ApexFileRepository&&) = delete;

   // Scans apexes in the given directory and adds collected data into
   // |pre_installed_store_|.
   android::base::Result<void> ScanBuiltInDir(const std::string& dir);

   std::unordered_map<std::string, ApexFile> pre_installed_store_, data_store_;

   // Multi-installed APEX name -> all encountered public keys for this APEX.
   std::unordered_map<std::string, std::unordered_set<std::string>>
       multi_install_public_keys_;

   // Prefixes used when looking for multi-installed APEX sysprops.
   // Order matters: the first non-empty prop value is returned.
   std::vector<std::string> multi_install_select_prop_prefixes_ =
       kMultiApexSelectPrefix;

   // Allows multi-install APEXes outside of expected partitions.
   // Only set false in tests.
   bool enforce_multi_install_partition_ = true;

   // Ignore duplicate vendor APEX definitions, normally a duplicate definition
   // is considered an error.
   bool ignore_duplicate_apex_definitions_ = false;

   // Decompression directory which will be used to determine if apex is
   // decompressed or not
   std::string decompression_dir_;

   // Disk path where block apexes are read from. AddBlockApex() sets this.
   std::optional<std::string> block_disk_path_;

   // Information from the metadata for block apexes, overriding the file data.
   struct BlockApexOverride {
     // Root digest for the APEX. When specified in block apex config, it
     // should be used/checked when activating the apex to avoid
     // TOCTOU(time-of-check to time-of-use).
     std::optional<std::string> block_apex_root_digest;
     // The last update time of the APEX.
     std::optional<int64_t> last_update_seconds;
   };

   // Use "path" as key instead of APEX name because there can be multiple
   // versions of sharedlibs APEXes.
   std::unordered_map<std::string, BlockApexOverride> block_apex_overrides_;
 };

 }  // namespace apex
 }  // namespace android
	/*
	* Copyright (C) 2019 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#pragma once

	#include <android-base/result.h>

	#include <functional>
	#include <optional>
	#include <string>
	#include <unordered_map>
	#include <unordered_set>
	#include <vector>

	#include "apex_constants.h"
	#include "apex_file.h"

	namespace android {
	namespace apex {

	using ApexFileRef = std::reference_wrapper<const android::apex::ApexFile>;

	// This class serves as a ApexFile repository for all apexes on device. It also
	// provides information about the ApexFiles it hosts, such as which are
	// pre-installed and which are data. Such information can be used, for example,
	// to verify validity of an apex before trying to mount it.
	//
	// It's expected to have a single instance of this class in a process that
	// mounts apexes (e.g. apexd, otapreopt_chroot).
	class ApexFileRepository final {
	public:
	// c-tors and d-tor are exposed for testing.
	explicit ApexFileRepository(
	const std::string& decompression_dir = kApexDecompressedDir)
	: decompression_dir_(decompression_dir){};
	explicit ApexFileRepository(
	bool enforce_multi_install_partition,
	const std::vector<std::string>& multi_install_select_prop_prefixes)
	: multi_install_select_prop_prefixes_(multi_install_select_prop_prefixes),
	enforce_multi_install_partition_(enforce_multi_install_partition){};

	explicit ApexFileRepository(const std::string& decompression_dir,
	bool ignore_duplicate_apex_definitions)
	: ignore_duplicate_apex_definitions_(ignore_duplicate_apex_definitions),
	decompression_dir_(decompression_dir){};

	~ApexFileRepository() {
	pre_installed_store_.clear();
	data_store_.clear();
	};

	// Returns a singletone instance of this class.
	static ApexFileRepository& GetInstance();

	// Populate instance by collecting pre-installed apex files from the given
	// \|prebuilt_dirs\|.
	// Note: this call is not thread safe and is expected to be performed in a
	// single thread during initialization of apexd. After initialization is
	// finished, all queries to the instance are thread safe.
	android::base::Result<void> AddPreInstalledApex(
	const std::vector<std::string>& prebuilt_dirs);

	// Populate instance by collecting host-provided apex files via
	// \|metadata_partition\|. Host can provide its apexes to a VM instance via the
	// virtual disk image which has partitions: (see
	// /packages/modules/Virtualization/microdroid for the details)
	// - metadata partition(/dev/block/vd*1) should be accessed by
	// setting the system property apexd.payload_metadata.prop. On microdroid,
	// this is /dev/block/by-name/payload-metadata.
	// - each subsequence partition(/dev/block/vd*{2,3,..}) represents an APEX
	// archive.
	// It will fail if there is more than one apex with the same name in
	// pre-installed and block apexes. Note: this call is not thread safe and
	// is expected to be performed in a single thread during initialization of
	// apexd. After initialization is finished, all queries to the instance are
	// thread safe.
	// This will return the number of block apexes that were added.
	android::base::Result<int> AddBlockApex(
	const std::string& metadata_partition);

	// Populate instance by collecting data apex files from the given \|data_dir\|.
	// Note: this call is not thread safe and is expected to be performed in a
	// single thread during initialization of apexd. After initialization is
	// finished, all queries to the instance are thread safe.
	android::base::Result<void> AddDataApex(const std::string& data_dir);

	// Returns trusted public key for an apex with the given \|name\|.
	android::base::Result<const std::string> GetPublicKey(
	const std::string& name) const;

	// Returns path to the pre-installed version of an apex with the given \|name\|.
	android::base::Result<const std::string> GetPreinstalledPath(
	const std::string& name) const;

	// Returns path to the data version of an apex with the given \|name\|.
	android::base::Result<const std::string> GetDataPath(
	const std::string& name) const;

	// Returns root digest of an apex with the given \|path\| for block apexes.
	std::optional<std::string> GetBlockApexRootDigest(
	const std::string& path) const;

	// Returns timestamp to be used for the block apex of the given \|path\|.
	std::optional<int64_t> GetBlockApexLastUpdateSeconds(
	const std::string& path) const;

	// Checks whether there is a pre-installed version of an apex with the given
	// \|name\|.
	bool HasPreInstalledVersion(const std::string& name) const;

	// Checks whether there is a data version of an apex with the given \|name\|.
	bool HasDataVersion(const std::string& name) const;

	// Checks if given \|apex\| is pre-installed.
	bool IsPreInstalledApex(const ApexFile& apex) const;

	// Checks if given \|apex\| is decompressed from a pre-installed APEX
	bool IsDecompressedApex(const ApexFile& apex) const;

	// Checks if given \|apex\| is loaded from block device.
	bool IsBlockApex(const ApexFile& apex) const;

	// Returns reference to all pre-installed APEX on device
	std::vector<ApexFileRef> GetPreInstalledApexFiles() const;

	// Returns reference to all data APEX on device
	std::vector<ApexFileRef> GetDataApexFiles() const;

	// Group all ApexFiles on device by their package name
	std::unordered_map<std::string, std::vector<ApexFileRef>> AllApexFilesByName()
	const;

	// Returns a pre-installed version of apex with the given name. Caller is
	// expected to check if there is a pre-installed apex with the given name
	// using \|HasPreinstalledVersion\| function.
	ApexFileRef GetPreInstalledApex(const std::string& name) const;
	// Returns a data version of apex with the given name. Caller is
	// expected to check if there is a data apex with the given name
	// using \|HasDataVersion\| function.
	ApexFileRef GetDataApex(const std::string& name) const;

	// Clears ApexFileRepostiry.
	// Only use in tests.
	void Reset(const std::string& decompression_dir = kApexDecompressedDir) {
	pre_installed_store_.clear();
	data_store_.clear();
	block_apex_overrides_.clear();
	decompression_dir_ = decompression_dir;
	block_disk_path_.reset();
	}

	private:
	// Non-copyable && non-moveable.
	ApexFileRepository(const ApexFileRepository&) = delete;
	ApexFileRepository& operator=(const ApexFileRepository&) = delete;
	ApexFileRepository& operator=(ApexFileRepository&&) = delete;
	ApexFileRepository(ApexFileRepository&&) = delete;

	// Scans apexes in the given directory and adds collected data into
	// \|pre_installed_store_\|.
	android::base::Result<void> ScanBuiltInDir(const std::string& dir);

	std::unordered_map<std::string, ApexFile> pre_installed_store_, data_store_;

	// Multi-installed APEX name -> all encountered public keys for this APEX.
	std::unordered_map<std::string, std::unordered_set<std::string>>
	multi_install_public_keys_;

	// Prefixes used when looking for multi-installed APEX sysprops.
	// Order matters: the first non-empty prop value is returned.
	std::vector<std::string> multi_install_select_prop_prefixes_ =
	kMultiApexSelectPrefix;

	// Allows multi-install APEXes outside of expected partitions.
	// Only set false in tests.
	bool enforce_multi_install_partition_ = true;

	// Ignore duplicate vendor APEX definitions, normally a duplicate definition
	// is considered an error.
	bool ignore_duplicate_apex_definitions_ = false;

	// Decompression directory which will be used to determine if apex is
	// decompressed or not
	std::string decompression_dir_;

	// Disk path where block apexes are read from. AddBlockApex() sets this.
	std::optional<std::string> block_disk_path_;

	// Information from the metadata for block apexes, overriding the file data.
	struct BlockApexOverride {
	// Root digest for the APEX. When specified in block apex config, it
	// should be used/checked when activating the apex to avoid
	// TOCTOU(time-of-check to time-of-use).
	std::optional<std::string> block_apex_root_digest;
	// The last update time of the APEX.
	std::optional<int64_t> last_update_seconds;
	};

	// Use "path" as key instead of APEX name because there can be multiple
	// versions of sharedlibs APEXes.
	std::unordered_map<std::string, BlockApexOverride> block_apex_overrides_;
	};

	} // namespace apex
	} // namespace android