1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "linkerconfig/namespace.h"
18
19 #include <android-base/strings.h>
20
21 #include "linkerconfig/apex.h"
22 #include "linkerconfig/environment.h"
23 #include "linkerconfig/log.h"
24
25 using android::base::Result;
26
27 namespace {
28 constexpr const char* kDataAsanPath = "/data/asan";
29
VerifyIfApexNamespaceContainsAllSharedLink(const android::linkerconfig::modules::Namespace & ns)30 Result<void> VerifyIfApexNamespaceContainsAllSharedLink(
31 const android::linkerconfig::modules::Namespace& ns) {
32 auto apex = ns.GetApexSource();
33 // If namespace is not from APEX there is no need to check this.
34 // Vendor apexes are allowed to use 'allow_all_shared_libs'.
35 if (apex.name == "" || apex.in_vendor) {
36 return {};
37 }
38
39 const auto& links = ns.Links();
40 for (const auto& link : links) {
41 if (link.IsAllSharedLibsAllowed()) {
42 return Errorf(
43 "APEX namespace {} is not allowed to have link with all shared libs "
44 "allowed.",
45 ns.GetName());
46 }
47 }
48 return {};
49 }
50
51 } // namespace
52
53 namespace android {
54 namespace linkerconfig {
55 namespace modules {
56
InitializeWithApex(Namespace & ns,const ApexInfo & apex_info)57 void InitializeWithApex(Namespace& ns, const ApexInfo& apex_info) {
58 ns.AddSearchPath(apex_info.path + "/${LIB}");
59 if (apex_info.InVendor()) {
60 // Adding an additional subdir(hw) to make the migration easier because
61 // many vendor modules today are installed in ./hw subdir.
62 ns.AddSearchPath(apex_info.path + "/${LIB}/hw");
63 }
64 ns.AddPermittedPath(apex_info.path + "/${LIB}");
65 ns.AddPermittedPath("/system/${LIB}");
66 ns.AddPermittedPath("/system_ext/${LIB}");
67 for (const auto& permitted_path : apex_info.permitted_paths) {
68 ns.AddPermittedPath(permitted_path);
69 }
70 if (apex_info.has_shared_lib) {
71 ns.AddPermittedPath("/apex");
72 }
73 ns.AddProvides(apex_info.provide_libs);
74 ns.AddRequires(apex_info.require_libs);
75 ns.SetApexSource(ApexSource{apex_info.name, apex_info.InVendor()});
76 }
77
GetLink(const std::string & target_namespace)78 Link& Namespace::GetLink(const std::string& target_namespace) {
79 for (auto& link : links_) {
80 if (link.To() == target_namespace) {
81 return link;
82 }
83 }
84 return links_.emplace_back(name_, target_namespace);
85 }
86
WriteConfig(ConfigWriter & writer) const87 void Namespace::WriteConfig(ConfigWriter& writer) const {
88 auto verify_result = VerifyContents();
89 if (!verify_result.ok()) {
90 LOG(ERROR) << "Namespace " << name_
91 << " is not valid : " << verify_result.error();
92 return;
93 }
94
95 const auto prefix = "namespace." + name_ + ".";
96
97 writer.WriteLine(prefix + "isolated = " + (is_isolated_ ? "true" : "false"));
98
99 if (is_visible_) {
100 writer.WriteLine(prefix + "visible = true");
101 }
102
103 writer.WriteVars(prefix + "search.paths", search_paths_);
104 writer.WriteVars(prefix + "permitted.paths", permitted_paths_);
105 writer.WriteVars(prefix + "asan.search.paths", asan_search_paths_);
106 writer.WriteVars(prefix + "asan.permitted.paths", asan_permitted_paths_);
107 writer.WriteVars(prefix + "hwasan.search.paths", search_paths_, "/hwasan");
108 writer.WriteVars(
109 prefix + "hwasan.permitted.paths", permitted_paths_, "/hwasan");
110 writer.WriteVars(prefix + "allowed_libs", allowed_libs_);
111
112 std::vector<std::string> link_list;
113 link_list.reserve(links_.size());
114 for (const auto& link : links_) {
115 if (link.Empty()) continue;
116 if (link.To() == name_) {
117 LOG(WARNING) << "Ignore link to self namespace : " << name_;
118 continue;
119 }
120 link_list.push_back(link.To());
121 }
122 if (!link_list.empty()) {
123 writer.WriteLine(prefix + "links = " + android::base::Join(link_list, ","));
124 for (const auto& link : links_) {
125 if (link.Empty()) continue;
126 if (link.To() == name_) continue;
127 link.WriteConfig(writer);
128 }
129 }
130 }
131
AddSearchPath(const std::string & path)132 void Namespace::AddSearchPath(const std::string& path) {
133 search_paths_.push_back(path);
134
135 if (RequiresAsanPath(path)) {
136 asan_search_paths_.push_back(CreateAsanPath(path));
137 }
138 asan_search_paths_.push_back(path);
139 }
140
AddPermittedPath(const std::string & path)141 void Namespace::AddPermittedPath(const std::string& path) {
142 permitted_paths_.push_back(path);
143
144 if (RequiresAsanPath(path)) {
145 asan_permitted_paths_.push_back(CreateAsanPath(path));
146 }
147 asan_permitted_paths_.push_back(path);
148 }
149
AddAllowedLib(const std::string & path)150 void Namespace::AddAllowedLib(const std::string& path) {
151 allowed_libs_.push_back(path);
152 }
153
GetName() const154 std::string Namespace::GetName() const {
155 return name_;
156 }
157
RequiresAsanPath(const std::string & path)158 bool Namespace::RequiresAsanPath(const std::string& path) {
159 return !android::base::StartsWith(path, "/apex");
160 }
161
CreateAsanPath(const std::string & path)162 const std::string Namespace::CreateAsanPath(const std::string& path) {
163 return kDataAsanPath + path;
164 }
165
VerifyContents() const166 Result<void> Namespace::VerifyContents() const {
167 auto apex_with_all_shared_link =
168 VerifyIfApexNamespaceContainsAllSharedLink(*this);
169 if (!apex_with_all_shared_link.ok()) {
170 return apex_with_all_shared_link.error();
171 }
172
173 return {};
174 }
175
176 } // namespace modules
177 } // namespace linkerconfig
178 } // namespace android
179