xref: /aosp_15_r20/system/core/trusty/apploader/apploader.cpp (revision 00c7fec1bb09f3284aad6a6f96d2f63dfc3650ad) 
1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define LOG_TAG "TrustyAppLoader"
18 
19 #include <BufferAllocator/BufferAllocator.h>
20 #include <android-base/logging.h>
21 #include <android-base/unique_fd.h>
22 #include <assert.h>
23 #include <fcntl.h>
24 #include <getopt.h>
25 #include <stdbool.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <sys/mman.h>
30 #include <sys/sendfile.h>
31 #include <sys/stat.h>
32 #include <sys/types.h>
33 #include <trusty/tipc.h>
34 #include <unistd.h>
35 #include <algorithm>
36 #include <string>
37 
38 #include "apploader_ipc.h"
39 
40 using android::base::unique_fd;
41 using std::string;
42 
43 constexpr const char kTrustyDefaultDeviceName[] = "/dev/trusty-ipc-dev0";
44 
45 static const char* dev_name = kTrustyDefaultDeviceName;
46 
47 static const char* _sopts = "hD:";
48 static const struct option _lopts[] = {
49         {"help", no_argument, 0, 'h'},
50         {"dev", required_argument, 0, 'D'},
51         {0, 0, 0, 0},
52 };
53 
54 static const char* usage =
55         "Usage: %s [options] package-file\n"
56         "\n"
57         "options:\n"
58         "  -h, --help            prints this message and exit\n"
59         "  -D, --dev name        Trusty device name\n"
60         "\n";
61 
print_usage_and_exit(const char * prog,int code)62 static void print_usage_and_exit(const char* prog, int code) {
63     fprintf(stderr, usage, prog);
64     exit(code);
65 }
66 
parse_options(int argc,char ** argv)67 static void parse_options(int argc, char** argv) {
68     int c;
69     int oidx = 0;
70 
71     while (1) {
72         c = getopt_long(argc, argv, _sopts, _lopts, &oidx);
73         if (c == -1) {
74             break; /* done */
75         }
76 
77         switch (c) {
78             case 'h':
79                 print_usage_and_exit(argv[0], EXIT_SUCCESS);
80                 break;
81 
82             case 'D':
83                 dev_name = strdup(optarg);
84                 break;
85 
86             default:
87                 print_usage_and_exit(argv[0], EXIT_FAILURE);
88         }
89     }
90 }
91 
read_file(const char * file_name,off64_t * out_file_size)92 static unique_fd read_file(const char* file_name, off64_t* out_file_size) {
93     int rc;
94     long page_size = sysconf(_SC_PAGESIZE);
95     off64_t file_size, file_page_offset, file_page_size;
96     struct stat64 st;
97 
98     unique_fd file_fd(TEMP_FAILURE_RETRY(open(file_name, O_RDONLY)));
99     if (!file_fd.ok()) {
100         PLOG(ERROR) << "Error opening file " << file_name;
101         return {};
102     }
103 
104     rc = fstat64(file_fd, &st);
105     if (rc < 0) {
106         PLOG(ERROR) << "Error calling stat on file '" << file_name << "'";
107         return {};
108     }
109 
110     if (st.st_size == 0) {
111         LOG(ERROR) << "Zero length file '" << file_name << "'";
112         return {};
113     }
114 
115     file_size = st.st_size;
116 
117     /* The dmabuf size needs to be a multiple of the page size */
118     file_page_offset = file_size & (page_size - 1);
119     if (file_page_offset) {
120         file_page_offset = page_size - file_page_offset;
121     }
122     if (__builtin_add_overflow(file_size, file_page_offset, &file_page_size)) {
123         LOG(ERROR) << "Failed to page-align file size";
124         return {};
125     }
126 
127     BufferAllocator alloc;
128     unique_fd dmabuf_fd(alloc.Alloc(kDmabufSystemHeapName, file_page_size));
129     if (!dmabuf_fd.ok()) {
130         LOG(ERROR) << "Error creating dmabuf for " << file_page_size
131                    << " bytes: " << dmabuf_fd.get();
132         return dmabuf_fd;
133     }
134 
135     void* shm = mmap(0, file_page_size, PROT_READ | PROT_WRITE, MAP_SHARED, dmabuf_fd, 0);
136     if (shm == MAP_FAILED) {
137         return {};
138     }
139 
140     off64_t file_offset = 0;
141     while (file_offset < file_size) {
142         ssize_t num_read = TEMP_FAILURE_RETRY(
143                 pread(file_fd, (char*)shm + file_offset, file_size - file_offset, file_offset));
144 
145         if (num_read < 0) {
146             PLOG(ERROR) << "Error reading package file '" << file_name << "'";
147             break;
148         }
149 
150         if (num_read == 0) {
151             LOG(ERROR) << "Unexpected end of file '" << file_name << "'";
152             break;
153         }
154 
155         file_offset += (off64_t)num_read;
156     }
157 
158     munmap(shm, file_page_size);
159 
160     if (file_offset < file_size) {
161         return {};
162     }
163 
164     assert(file_offset == file_size);
165     if (out_file_size) {
166         *out_file_size = file_size;
167     }
168 
169     return dmabuf_fd;
170 }
171 
send_load_message(int tipc_fd,int package_fd,off64_t package_size)172 static ssize_t send_load_message(int tipc_fd, int package_fd, off64_t package_size) {
173     struct apploader_header hdr = {
174             .cmd = APPLOADER_CMD_LOAD_APPLICATION,
175     };
176     struct apploader_load_app_req req = {
177             .package_size = static_cast<uint64_t>(package_size),
178     };
179     struct iovec tx[2] = {{&hdr, sizeof(hdr)}, {&req, sizeof(req)}};
180     struct trusty_shm shm = {
181             .fd = package_fd,
182             .transfer = TRUSTY_SHARE,
183     };
184     return tipc_send(tipc_fd, tx, 2, &shm, 1);
185 }
186 
read_response(int tipc_fd)187 static ssize_t read_response(int tipc_fd) {
188     struct apploader_resp resp;
189     ssize_t rc = read(tipc_fd, &resp, sizeof(resp));
190     if (rc < 0) {
191         PLOG(ERROR) << "Failed to read response";
192         return rc;
193     }
194 
195     if (rc < sizeof(resp)) {
196         LOG(ERROR) << "Not enough data in response: " << rc;
197         return -EIO;
198     }
199 
200     if (resp.hdr.cmd != (APPLOADER_CMD_LOAD_APPLICATION | APPLOADER_RESP_BIT)) {
201         LOG(ERROR) << "Invalid command in response: " << resp.hdr.cmd;
202         return -EINVAL;
203     }
204 
205     switch (resp.error) {
206         case APPLOADER_NO_ERROR:
207             break;
208         case APPLOADER_ERR_UNKNOWN_CMD:
209             LOG(ERROR) << "Error: unknown command";
210             break;
211         case APPLOADER_ERR_INVALID_CMD:
212             LOG(ERROR) << "Error: invalid command arguments";
213             break;
214         case APPLOADER_ERR_NO_MEMORY:
215             LOG(ERROR) << "Error: out of Trusty memory";
216             break;
217         case APPLOADER_ERR_VERIFICATION_FAILED:
218             LOG(ERROR) << "Error: failed to verify the package";
219             break;
220         case APPLOADER_ERR_LOADING_FAILED:
221             LOG(ERROR) << "Error: failed to load the package";
222             break;
223         case APPLOADER_ERR_ALREADY_EXISTS:
224             LOG(ERROR) << "Error: application already exists";
225             break;
226         case APPLOADER_ERR_INTERNAL:
227             LOG(ERROR) << "Error: internal apploader error";
228             break;
229         case APPLOADER_ERR_INVALID_VERSION:
230             LOG(ERROR) << "Error: invalid application version";
231             break;
232         case APPLOADER_ERR_POLICY_VIOLATION:
233             LOG(ERROR) << "Error: loading denied by policy engine";
234             break;
235         case APPLOADER_ERR_NOT_ENCRYPTED:
236             LOG(ERROR) << "Error: unmet application encryption requirement";
237             break;
238         default:
239             LOG(ERROR) << "Unrecognized error: " << resp.error;
240             break;
241     }
242 
243     return static_cast<ssize_t>(resp.error);
244 }
245 
send_app_package(const char * package_file_name)246 static ssize_t send_app_package(const char* package_file_name) {
247     ssize_t rc = 0;
248     int tipc_fd = -1;
249     off64_t package_size;
250 
251     unique_fd package_fd = read_file(package_file_name, &package_size);
252     if (!package_fd.ok()) {
253         rc = -1;
254         goto err_read_file;
255     }
256 
257     tipc_fd = tipc_connect(dev_name, APPLOADER_PORT);
258     if (tipc_fd < 0) {
259         LOG(ERROR) << "Failed to connect to Trusty app loader: " << strerror(-tipc_fd);
260         // print this to stderr too to avoid silently exiting when run as non-root
261         fprintf(stderr, "Failed to connect to Trusty app loader: %s\n", strerror(-tipc_fd));
262         rc = tipc_fd;
263         goto err_tipc_connect;
264     }
265 
266     rc = send_load_message(tipc_fd, package_fd, package_size);
267     if (rc < 0) {
268         LOG(ERROR) << "Failed to send package: " << rc;
269         goto err_send;
270     }
271 
272     rc = read_response(tipc_fd);
273 
274 err_send:
275     tipc_close(tipc_fd);
276 err_tipc_connect:
277 err_read_file:
278     return rc;
279 }
280 
main(int argc,char ** argv)281 int main(int argc, char** argv) {
282     parse_options(argc, argv);
283     if (optind + 1 != argc) {
284         print_usage_and_exit(argv[0], EXIT_FAILURE);
285     }
286 
287     int rc = send_app_package(argv[optind]);
288     return rc == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
289 }
290