libs/androidfw/ApkParsing.cpp

*d57664e9SAndroid Build Coastguard Worker/*
*d57664e9SAndroid Build Coastguard Worker * Copyright (C) 2022 The Android Open Source Project
*d57664e9SAndroid Build Coastguard Worker *
*d57664e9SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
*d57664e9SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
*d57664e9SAndroid Build Coastguard Worker * You may obtain a copy of the License at
*d57664e9SAndroid Build Coastguard Worker *
*d57664e9SAndroid Build Coastguard Worker *      http://www.apache.org/licenses/LICENSE-2.0
*d57664e9SAndroid Build Coastguard Worker *
*d57664e9SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
*d57664e9SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
*d57664e9SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*d57664e9SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
*d57664e9SAndroid Build Coastguard Worker * limitations under the License.
*d57664e9SAndroid Build Coastguard Worker */
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Worker#include "androidfw/ApkParsing.h"
*d57664e9SAndroid Build Coastguard Worker#include <algorithm>
*d57664e9SAndroid Build Coastguard Worker#include <array>
*d57664e9SAndroid Build Coastguard Worker#include <stdlib.h>
*d57664e9SAndroid Build Coastguard Worker#include <string_view>
*d57664e9SAndroid Build Coastguard Worker#include <sys/types.h>
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Workerconst std::string_view APK_LIB = "lib/";
*d57664e9SAndroid Build Coastguard Workerconst size_t APK_LIB_LEN = APK_LIB.size();
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Workerconst std::string_view LIB_PREFIX = "/lib";
*d57664e9SAndroid Build Coastguard Workerconst size_t LIB_PREFIX_LEN = LIB_PREFIX.size();
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Workerconst std::string_view LIB_SUFFIX = ".so";
*d57664e9SAndroid Build Coastguard Workerconst size_t LIB_SUFFIX_LEN = LIB_SUFFIX.size();
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Workerstatic const std::array<std::string_view, 2> abis = {"arm64-v8a", "x86_64"};
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Workernamespace android::util {
*d57664e9SAndroid Build Coastguard Workerconst char* ValidLibraryPathLastSlash(const char* fileName, bool suppress64Bit, bool debuggable) {
*d57664e9SAndroid Build Coastguard Worker    // Make sure the filename is at least to the minimum library name size.
*d57664e9SAndroid Build Coastguard Worker    const size_t fileNameLen = strlen(fileName);
*d57664e9SAndroid Build Coastguard Worker    static const size_t minLength = APK_LIB_LEN + 2 + LIB_PREFIX_LEN + 1 + LIB_SUFFIX_LEN;
*d57664e9SAndroid Build Coastguard Worker    if (fileNameLen < minLength) {
*d57664e9SAndroid Build Coastguard Worker        return nullptr;
*d57664e9SAndroid Build Coastguard Worker    }
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Worker    const char* lastSlash = strrchr(fileName, '/');
*d57664e9SAndroid Build Coastguard Worker    if (!lastSlash) {
*d57664e9SAndroid Build Coastguard Worker        return nullptr;
*d57664e9SAndroid Build Coastguard Worker    }
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Worker    // Skip directories.
*d57664e9SAndroid Build Coastguard Worker    if (*(lastSlash + 1) == 0) {
*d57664e9SAndroid Build Coastguard Worker        return nullptr;
*d57664e9SAndroid Build Coastguard Worker    }
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Worker    // Make sure the filename is safe.
*d57664e9SAndroid Build Coastguard Worker    if (!isFilenameSafe(lastSlash + 1)) {
*d57664e9SAndroid Build Coastguard Worker        return nullptr;
*d57664e9SAndroid Build Coastguard Worker    }
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Worker    // Make sure file starts with 'lib/' prefix.
*d57664e9SAndroid Build Coastguard Worker    if (strncmp(fileName, APK_LIB.data(), APK_LIB_LEN) != 0) {
*d57664e9SAndroid Build Coastguard Worker        return nullptr;
*d57664e9SAndroid Build Coastguard Worker    }
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Worker    // Make sure there aren't subdirectories by checking if the next / after lib/ is the last slash
*d57664e9SAndroid Build Coastguard Worker    if (memchr(fileName + APK_LIB_LEN, '/', fileNameLen - APK_LIB_LEN) != lastSlash) {
*d57664e9SAndroid Build Coastguard Worker        return nullptr;
*d57664e9SAndroid Build Coastguard Worker    }
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Worker    if (!debuggable) {
*d57664e9SAndroid Build Coastguard Worker        // Make sure the filename starts with lib and ends with ".so".
*d57664e9SAndroid Build Coastguard Worker        if (strncmp(fileName + fileNameLen - LIB_SUFFIX_LEN, LIB_SUFFIX.data(), LIB_SUFFIX_LEN) != 0
*d57664e9SAndroid Build Coastguard Worker            || strncmp(lastSlash, LIB_PREFIX.data(), LIB_PREFIX_LEN) != 0) {
*d57664e9SAndroid Build Coastguard Worker            return nullptr;
*d57664e9SAndroid Build Coastguard Worker        }
*d57664e9SAndroid Build Coastguard Worker    }
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Worker    // Don't include 64 bit versions if they are suppressed
*d57664e9SAndroid Build Coastguard Worker    if (suppress64Bit && std::find(abis.begin(), abis.end(), std::string_view(
*d57664e9SAndroid Build Coastguard Worker        fileName + APK_LIB_LEN, lastSlash - fileName - APK_LIB_LEN)) != abis.end()) {
*d57664e9SAndroid Build Coastguard Worker      return nullptr;
*d57664e9SAndroid Build Coastguard Worker    }
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Worker    return lastSlash;
*d57664e9SAndroid Build Coastguard Worker}
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Workerbool isFilenameSafe(const char* filename) {
*d57664e9SAndroid Build Coastguard Worker    off_t offset = 0;
*d57664e9SAndroid Build Coastguard Worker    for (;;) {
*d57664e9SAndroid Build Coastguard Worker        switch (*(filename + offset)) {
*d57664e9SAndroid Build Coastguard Worker        case 0:
*d57664e9SAndroid Build Coastguard Worker            // Null.
*d57664e9SAndroid Build Coastguard Worker            // If we've reached the end, all the other characters are good.
*d57664e9SAndroid Build Coastguard Worker            return true;
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Worker        case 'A' ... 'Z':
*d57664e9SAndroid Build Coastguard Worker        case 'a' ... 'z':
*d57664e9SAndroid Build Coastguard Worker        case '0' ... '9':
*d57664e9SAndroid Build Coastguard Worker        case '+':
*d57664e9SAndroid Build Coastguard Worker        case ',':
*d57664e9SAndroid Build Coastguard Worker        case '-':
*d57664e9SAndroid Build Coastguard Worker        case '.':
*d57664e9SAndroid Build Coastguard Worker        case '/':
*d57664e9SAndroid Build Coastguard Worker        case '=':
*d57664e9SAndroid Build Coastguard Worker        case '_':
*d57664e9SAndroid Build Coastguard Worker            offset++;
*d57664e9SAndroid Build Coastguard Worker            break;
*d57664e9SAndroid Build Coastguard Worker
*d57664e9SAndroid Build Coastguard Worker        default:
*d57664e9SAndroid Build Coastguard Worker            // We found something that is not good.
*d57664e9SAndroid Build Coastguard Worker            return false;
*d57664e9SAndroid Build Coastguard Worker        }
*d57664e9SAndroid Build Coastguard Worker    }
*d57664e9SAndroid Build Coastguard Worker    // Should not reach here.
*d57664e9SAndroid Build Coastguard Worker}
*d57664e9SAndroid Build Coastguard Worker}