Android/redroid-patches
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a5c70c0dd89c12b5027c902ab4182f31d38f3bb7
redroid-patches/android-10.0.0_r47/system/core/0002-bring-back-fuse.patch
Ziyang Zhou a5c70c0dd8 refine sdcard for android-10.0.0_r47
2025-09-07 22:03:59 +08:00

2329 lines
84 KiB
Diff
Raw Blame History

From 4173a1b73e4d6290ecb5cf214df24849f373c6e8 Mon Sep 17 00:00:00 2001
From: Ziyang Zhou <ziyang.zhou@outlook.com>
Date: Sun, 9 May 2021 23:27:12 +0800
Subject: bring back fuse
---
sdcard/Android.bp | 17 -
sdcard/Android.mk | 13 +
sdcard/OWNERS | 1 -
sdcard/fuse.cpp | 1479 +++++++++++++++++++++++++++++++++++++++++++++
sdcard/fuse.h | 210 +++++++
sdcard/sdcard.cpp | 443 ++++++++++----
6 files changed, 2040 insertions(+), 123 deletions(-)
delete mode 100644 sdcard/Android.bp
create mode 100644 sdcard/Android.mk
delete mode 100644 sdcard/OWNERS
create mode 100644 sdcard/fuse.cpp
create mode 100644 sdcard/fuse.h
diff --git a/sdcard/Android.bp b/sdcard/Android.bp
deleted file mode 100644
index c096587..0000000
--- a/sdcard/Android.bp
+++ /dev/null
@@ -1,17 +0,0 @@
-cc_binary {
- srcs: ["sdcard.cpp"],
- name: "sdcard",
- cflags: [
- "-Wall",
- "-Wno-unused-parameter",
- "-Werror",
- ],
- shared_libs: [
- "libbase",
- "libcutils",
- "libminijail",
- ],
- sanitize: {
- misc_undefined: ["integer"],
- },
-}
diff --git a/sdcard/Android.mk b/sdcard/Android.mk
new file mode 100644
index 0000000..0c58574
--- /dev/null
+++ b/sdcard/Android.mk
@@ -0,0 +1,13 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES := sdcard.cpp fuse.cpp
+LOCAL_MODULE := sdcard
+LOCAL_CFLAGS := -Wall -Wno-unused-parameter -Werror
+LOCAL_SHARED_LIBRARIES := libbase libcutils libminijail libpackagelistparser
+
+LOCAL_SANITIZE := integer
+LOCAL_CLANG := true
+
+include $(BUILD_EXECUTABLE)
diff --git a/sdcard/OWNERS b/sdcard/OWNERS
deleted file mode 100644
index 199a0f8..0000000
--- a/sdcard/OWNERS
+++ /dev/null
@@ -1 +0,0 @@
-drosen@google.com
diff --git a/sdcard/fuse.cpp b/sdcard/fuse.cpp
new file mode 100644
index 0000000..05c6bfe
--- /dev/null
+++ b/sdcard/fuse.cpp
@@ -0,0 +1,1479 @@
+/*
+ * Copyright (C) 2010 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+#define LOG_TAG "sdcard"
+
+#include "fuse.h"
+
+#include <android-base/logging.h>
+
+/* FUSE_CANONICAL_PATH is not currently upstreamed */
+#define FUSE_CANONICAL_PATH 2016
+
+#define FUSE_UNKNOWN_INO 0xffffffff
+
+/* Pseudo-error constant used to indicate that no fuse status is needed
+ * or that a reply has already been written. */
+#define NO_STATUS 1
+
+static inline void *id_to_ptr(__u64 nid)
+{
+ return (void *) (uintptr_t) nid;
+}
+
+static inline __u64 ptr_to_id(void *ptr)
+{
+ return (__u64) (uintptr_t) ptr;
+}
+
+static void acquire_node_locked(struct node* node)
+{
+ node->refcount++;
+ DLOG(INFO) << "ACQUIRE " << std::hex << node << std::dec
+ << " (" << node->name << ") rc=" << node->refcount;
+}
+
+static void remove_node_from_parent_locked(struct node* node);
+
+static void release_node_locked(struct node* node)
+{
+ DLOG(INFO) << "RELEASE " << std::hex << node << std::dec
+ << " (" << node->name << ") rc=" << node->refcount;
+ if (node->refcount > 0) {
+ node->refcount--;
+ if (!node->refcount) {
+ DLOG(INFO) << "DESTROY " << std::hex << node << std::dec << " (" << node->name << ")";
+ remove_node_from_parent_locked(node);
+
+ /* TODO: remove debugging - poison memory */
+ memset(node->name, 0xef, node->namelen);
+ free(node->name);
+ free(node->actual_name);
+ memset(node, 0xfc, sizeof(*node));
+ free(node);
+ }
+ } else {
+ LOG(ERROR) << std::hex << node << std::dec << " refcount=0";
+ }
+}
+
+static void add_node_to_parent_locked(struct node *node, struct node *parent) {
+ node->parent = parent;
+ node->next = parent->child;
+ parent->child = node;
+ acquire_node_locked(parent);
+}
+
+static void remove_node_from_parent_locked(struct node* node)
+{
+ if (node->parent) {
+ if (node->parent->child == node) {
+ node->parent->child = node->parent->child->next;
+ } else {
+ struct node *node2;
+ node2 = node->parent->child;
+ while (node2->next != node)
+ node2 = node2->next;
+ node2->next = node->next;
+ }
+ release_node_locked(node->parent);
+ node->parent = NULL;
+ node->next = NULL;
+ }
+}
+
+/* Gets the absolute path to a node into the provided buffer.
+ *
+ * Populates 'buf' with the path and returns the length of the path on success,
+ * or returns -1 if the path is too long for the provided buffer.
+ */
+static ssize_t get_node_path_locked(struct node* node, char* buf, size_t bufsize) {
+ const char* name;
+ size_t namelen;
+ if (node->graft_path) {
+ name = node->graft_path;
+ namelen = node->graft_pathlen;
+ } else if (node->actual_name) {
+ name = node->actual_name;
+ namelen = node->namelen;
+ } else {
+ name = node->name;
+ namelen = node->namelen;
+ }
+
+ if (bufsize < namelen + 1) {
+ return -1;
+ }
+
+ ssize_t pathlen = 0;
+ if (node->parent && node->graft_path == NULL) {
+ pathlen = get_node_path_locked(node->parent, buf, bufsize - namelen - 1);
+ if (pathlen < 0) {
+ return -1;
+ }
+ buf[pathlen++] = '/';
+ }
+
+ memcpy(buf + pathlen, name, namelen + 1); /* include trailing \0 */
+ return pathlen + namelen;
+}
+
+/* Finds the absolute path of a file within a given directory.
+ * Performs a case-insensitive search for the file and sets the buffer to the path
+ * of the first matching file. If 'search' is zero or if no match is found, sets
+ * the buffer to the path that the file would have, assuming the name were case-sensitive.
+ *
+ * Populates 'buf' with the path and returns the actual name (within 'buf') on success,
+ * or returns NULL if the path is too long for the provided buffer.
+ */
+static char* find_file_within(const char* path, const char* name,
+ char* buf, size_t bufsize, int search)
+{
+ size_t pathlen = strlen(path);
+ size_t namelen = strlen(name);
+ size_t childlen = pathlen + namelen + 1;
+ char* actual;
+
+ if (bufsize <= childlen) {
+ return NULL;
+ }
+
+ memcpy(buf, path, pathlen);
+ buf[pathlen] = '/';
+ actual = buf + pathlen + 1;
+ memcpy(actual, name, namelen + 1);
+
+ if (search && access(buf, F_OK)) {
+ struct dirent* entry;
+ DIR* dir = opendir(path);
+ if (!dir) {
+ PLOG(ERROR) << "opendir(" << path << ") failed";
+ return actual;
+ }
+ while ((entry = readdir(dir))) {
+ if (!strcasecmp(entry->d_name, name)) {
+ /* we have a match - replace the name, don't need to copy the null again */
+ memcpy(actual, entry->d_name, namelen);
+ break;
+ }
+ }
+ closedir(dir);
+ }
+ return actual;
+}
+
+static void attr_from_stat(struct fuse* fuse, struct fuse_attr *attr,
+ const struct stat *s, const struct node* node) {
+ attr->ino = node->ino;
+ attr->size = s->st_size;
+ attr->blocks = s->st_blocks;
+ attr->atime = s->st_atim.tv_sec;
+ attr->mtime = s->st_mtim.tv_sec;
+ attr->ctime = s->st_ctim.tv_sec;
+ attr->atimensec = s->st_atim.tv_nsec;
+ attr->mtimensec = s->st_mtim.tv_nsec;
+ attr->ctimensec = s->st_ctim.tv_nsec;
+ attr->mode = s->st_mode;
+ attr->nlink = s->st_nlink;
+
+ attr->uid = node->uid;
+
+ if (fuse->gid == AID_SDCARD_RW) {
+ /* As an optimization, certain trusted system components only run
+ * as owner but operate across all users. Since we're now handing
+ * out the sdcard_rw GID only to trusted apps, we're okay relaxing
+ * the user boundary enforcement for the default view. The UIDs
+ * assigned to app directories are still multiuser aware. */
+ attr->gid = AID_SDCARD_RW;
+ } else {
+ attr->gid = multiuser_get_uid(node->userid, fuse->gid);
+ }
+
+ int visible_mode = 0775 & ~fuse->mask;
+ if (node->perm == PERM_PRE_ROOT) {
+ /* Top of multi-user view should always be visible to ensure
+ * secondary users can traverse inside. */
+ visible_mode = 0711;
+ } else if (node->under_android) {
+ /* Block "other" access to Android directories, since only apps
+ * belonging to a specific user should be in there; we still
+ * leave +x open for the default view. */
+ if (fuse->gid == AID_SDCARD_RW) {
+ visible_mode = visible_mode & ~0006;
+ } else {
+ visible_mode = visible_mode & ~0007;
+ }
+ }
+ int owner_mode = s->st_mode & 0700;
+ int filtered_mode = visible_mode & (owner_mode | (owner_mode >> 3) | (owner_mode >> 6));
+ attr->mode = (attr->mode & S_IFMT) | filtered_mode;
+}
+
+static int touch(char* path, mode_t mode) {
+ int fd = TEMP_FAILURE_RETRY(open(path, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW | O_CLOEXEC,
+ mode));
+ if (fd == -1) {
+ if (errno == EEXIST) {
+ return 0;
+ } else {
+ PLOG(ERROR) << "open(" << path << ") failed";
+ return -1;
+ }
+ }
+ close(fd);
+ return 0;
+}
+
+static void derive_permissions_locked(struct fuse* fuse, struct node *parent,
+ struct node *node) {
+ appid_t appid;
+
+ /* By default, each node inherits from its parent */
+ node->perm = PERM_INHERIT;
+ node->userid = parent->userid;
+ node->uid = parent->uid;
+ node->under_android = parent->under_android;
+
+ /* Derive custom permissions based on parent and current node */
+ switch (parent->perm) {
+ case PERM_INHERIT:
+ /* Already inherited above */
+ break;
+ case PERM_PRE_ROOT:
+ /* Legacy internal layout places users at top level */
+ node->perm = PERM_ROOT;
+ node->userid = strtoul(node->name, NULL, 10);
+ break;
+ case PERM_ROOT:
+ /* Assume masked off by default. */
+ if (!strcasecmp(node->name, "Android")) {
+ /* App-specific directories inside; let anyone traverse */
+ node->perm = PERM_ANDROID;
+ node->under_android = true;
+ }
+ break;
+ case PERM_ANDROID:
+ if (!strcasecmp(node->name, "data")) {
+ /* App-specific directories inside; let anyone traverse */
+ node->perm = PERM_ANDROID_DATA;
+ } else if (!strcasecmp(node->name, "obb")) {
+ /* App-specific directories inside; let anyone traverse */
+ node->perm = PERM_ANDROID_OBB;
+ /* Single OBB directory is always shared */
+ node->graft_path = fuse->global->obb_path;
+ node->graft_pathlen = strlen(fuse->global->obb_path);
+ } else if (!strcasecmp(node->name, "media")) {
+ /* App-specific directories inside; let anyone traverse */
+ node->perm = PERM_ANDROID_MEDIA;
+ }
+ break;
+ case PERM_ANDROID_DATA:
+ case PERM_ANDROID_OBB:
+ case PERM_ANDROID_MEDIA:
+ const auto& iter = fuse->global->package_to_appid->find(node->name);
+ if (iter != fuse->global->package_to_appid->end()) {
+ appid = iter->second;
+ node->uid = multiuser_get_uid(parent->userid, appid);
+ }
+ break;
+ }
+}
+
+void derive_permissions_recursive_locked(struct fuse* fuse, struct node *parent) {
+ struct node *node;
+ for (node = parent->child; node; node = node->next) {
+ derive_permissions_locked(fuse, parent, node);
+ if (node->child) {
+ derive_permissions_recursive_locked(fuse, node);
+ }
+ }
+}
+
+/* Kernel has already enforced everything we returned through
+ * derive_permissions_locked(), so this is used to lock down access
+ * even further, such as enforcing that apps hold sdcard_rw. */
+static bool check_caller_access_to_name(struct fuse* fuse,
+ const struct fuse_in_header *hdr, const struct node* parent_node,
+ const char* name, int mode) {
+ /* Always block security-sensitive files at root */
+ if (parent_node && parent_node->perm == PERM_ROOT) {
+ if (!strcasecmp(name, "autorun.inf")
+ || !strcasecmp(name, ".android_secure")
+ || !strcasecmp(name, "android_secure")) {
+ return false;
+ }
+ }
+
+ /* Root always has access; access for any other UIDs should always
+ * be controlled through packages.list. */
+ if (hdr->uid == 0) {
+ return true;
+ }
+
+ /* No extra permissions to enforce */
+ return true;
+}
+
+static bool check_caller_access_to_node(struct fuse* fuse,
+ const struct fuse_in_header *hdr, const struct node* node, int mode) {
+ return check_caller_access_to_name(fuse, hdr, node->parent, node->name, mode);
+}
+
+struct node *create_node_locked(struct fuse* fuse,
+ struct node *parent, const char *name, const char* actual_name)
+{
+ struct node *node;
+ size_t namelen = strlen(name);
+
+ // Detect overflows in the inode counter. "4 billion nodes should be enough
+ // for everybody".
+ if (fuse->global->inode_ctr == 0) {
+ LOG(ERROR) << "No more inode numbers available";
+ return NULL;
+ }
+
+ node = static_cast<struct node*>(calloc(1, sizeof(struct node)));
+ if (!node) {
+ return NULL;
+ }
+ node->name = static_cast<char*>(malloc(namelen + 1));
+ if (!node->name) {
+ free(node);
+ return NULL;
+ }
+ memcpy(node->name, name, namelen + 1);
+ if (strcmp(name, actual_name)) {
+ node->actual_name = static_cast<char*>(malloc(namelen + 1));
+ if (!node->actual_name) {
+ free(node->name);
+ free(node);
+ return NULL;
+ }
+ memcpy(node->actual_name, actual_name, namelen + 1);
+ }
+ node->namelen = namelen;
+ node->nid = ptr_to_id(node);
+ node->ino = fuse->global->inode_ctr++;
+ node->gen = fuse->global->next_generation++;
+
+ node->deleted = false;
+
+ derive_permissions_locked(fuse, parent, node);
+ acquire_node_locked(node);
+ add_node_to_parent_locked(node, parent);
+ return node;
+}
+
+static int rename_node_locked(struct node *node, const char *name,
+ const char* actual_name)
+{
+ size_t namelen = strlen(name);
+ int need_actual_name = strcmp(name, actual_name);
+
+ /* make the storage bigger without actually changing the name
+ * in case an error occurs part way */
+ if (namelen > node->namelen) {
+ char* new_name = static_cast<char*>(realloc(node->name, namelen + 1));
+ if (!new_name) {
+ return -ENOMEM;
+ }
+ node->name = new_name;
+ if (need_actual_name && node->actual_name) {
+ char* new_actual_name = static_cast<char*>(realloc(node->actual_name, namelen + 1));
+ if (!new_actual_name) {
+ return -ENOMEM;
+ }
+ node->actual_name = new_actual_name;
+ }
+ }
+
+ /* update the name, taking care to allocate storage before overwriting the old name */
+ if (need_actual_name) {
+ if (!node->actual_name) {
+ node->actual_name = static_cast<char*>(malloc(namelen + 1));
+ if (!node->actual_name) {
+ return -ENOMEM;
+ }
+ }
+ memcpy(node->actual_name, actual_name, namelen + 1);
+ } else {
+ free(node->actual_name);
+ node->actual_name = NULL;
+ }
+ memcpy(node->name, name, namelen + 1);
+ node->namelen = namelen;
+ return 0;
+}
+
+static struct node *lookup_node_by_id_locked(struct fuse *fuse, __u64 nid)
+{
+ if (nid == FUSE_ROOT_ID) {
+ return &fuse->global->root;
+ } else {
+ return static_cast<struct node*>(id_to_ptr(nid));
+ }
+}
+
+static struct node* lookup_node_and_path_by_id_locked(struct fuse* fuse, __u64 nid,
+ char* buf, size_t bufsize)
+{
+ struct node* node = lookup_node_by_id_locked(fuse, nid);
+ if (node && get_node_path_locked(node, buf, bufsize) < 0) {
+ node = NULL;
+ }
+ return node;
+}
+
+static struct node *lookup_child_by_name_locked(struct node *node, const char *name)
+{
+ for (node = node->child; node; node = node->next) {
+ /* use exact string comparison, nodes that differ by case
+ * must be considered distinct even if they refer to the same
+ * underlying file as otherwise operations such as "mv x x"
+ * will not work because the source and target nodes are the same. */
+ if (!strcmp(name, node->name) && !node->deleted) {
+ return node;
+ }
+ }
+ return 0;
+}
+
+static struct node* acquire_or_create_child_locked(
+ struct fuse* fuse, struct node* parent,
+ const char* name, const char* actual_name)
+{
+ struct node* child = lookup_child_by_name_locked(parent, name);
+ if (child) {
+ acquire_node_locked(child);
+ } else {
+ child = create_node_locked(fuse, parent, name, actual_name);
+ }
+ return child;
+}
+
+static void fuse_status(struct fuse *fuse, __u64 unique, int err)
+{
+ struct fuse_out_header hdr;
+ hdr.len = sizeof(hdr);
+ hdr.error = err;
+ hdr.unique = unique;
+ ssize_t ret = TEMP_FAILURE_RETRY(write(fuse->fd, &hdr, sizeof(hdr)));
+ if (ret == -1) {
+ PLOG(ERROR) << "*** STATUS FAILED ***";
+ } else if (static_cast<size_t>(ret) != sizeof(hdr)) {
+ LOG(ERROR) << "*** STATUS FAILED: written " << ret << " expected "
+ << sizeof(hdr) << " ***";
+ }
+}
+
+static void fuse_reply(struct fuse *fuse, __u64 unique, void *data, int len)
+{
+ struct fuse_out_header hdr;
+ hdr.len = len + sizeof(hdr);
+ hdr.error = 0;
+ hdr.unique = unique;
+
+ struct iovec vec[2];
+ vec[0].iov_base = &hdr;
+ vec[0].iov_len = sizeof(hdr);
+ vec[1].iov_base = data;
+ vec[1].iov_len = len;
+
+ ssize_t ret = TEMP_FAILURE_RETRY(writev(fuse->fd, vec, 2));
+ if (ret == -1) {
+ PLOG(ERROR) << "*** REPLY FAILED ***";
+ } else if (static_cast<size_t>(ret) != sizeof(hdr) + len) {
+ LOG(ERROR) << "*** REPLY FAILED: written " << ret << " expected "
+ << sizeof(hdr) + len << " ***";
+ }
+}
+
+static int fuse_reply_entry(struct fuse* fuse, __u64 unique,
+ struct node* parent, const char* name, const char* actual_name,
+ const char* path)
+{
+ struct node* node;
+ struct fuse_entry_out out;
+ struct stat s;
+
+ if (lstat(path, &s) == -1) {
+ return -errno;
+ }
+
+ pthread_mutex_lock(&fuse->global->lock);
+ node = acquire_or_create_child_locked(fuse, parent, name, actual_name);
+ if (!node) {
+ pthread_mutex_unlock(&fuse->global->lock);
+ return -ENOMEM;
+ }
+ memset(&out, 0, sizeof(out));
+ attr_from_stat(fuse, &out.attr, &s, node);
+ out.attr_valid = 10;
+ out.entry_valid = 10;
+ out.nodeid = node->nid;
+ out.generation = node->gen;
+ pthread_mutex_unlock(&fuse->global->lock);
+ fuse_reply(fuse, unique, &out, sizeof(out));
+ return NO_STATUS;
+}
+
+static int fuse_reply_attr(struct fuse* fuse, __u64 unique, const struct node* node,
+ const char* path)
+{
+ struct fuse_attr_out out;
+ struct stat s;
+
+ if (lstat(path, &s) == -1) {
+ return -errno;
+ }
+ memset(&out, 0, sizeof(out));
+ attr_from_stat(fuse, &out.attr, &s, node);
+ out.attr_valid = 10;
+ fuse_reply(fuse, unique, &out, sizeof(out));
+ return NO_STATUS;
+}
+
+static void fuse_notify_delete(struct fuse* fuse, const __u64 parent,
+ const __u64 child, const char* name) {
+ struct fuse_out_header hdr;
+ struct fuse_notify_delete_out data;
+ size_t namelen = strlen(name);
+ hdr.len = sizeof(hdr) + sizeof(data) + namelen + 1;
+ hdr.error = FUSE_NOTIFY_DELETE;
+ hdr.unique = 0;
+
+ data.parent = parent;
+ data.child = child;
+ data.namelen = namelen;
+ data.padding = 0;
+
+ struct iovec vec[3];
+ vec[0].iov_base = &hdr;
+ vec[0].iov_len = sizeof(hdr);
+ vec[1].iov_base = &data;
+ vec[1].iov_len = sizeof(data);
+ vec[2].iov_base = (void*) name;
+ vec[2].iov_len = namelen + 1;
+
+ ssize_t ret = TEMP_FAILURE_RETRY(writev(fuse->fd, vec, 3));
+ /* Ignore ENOENT, since other views may not have seen the entry */
+ if (ret == -1) {
+ if (errno != ENOENT) {
+ PLOG(ERROR) << "*** NOTIFY FAILED ***";
+ }
+ } else if (static_cast<size_t>(ret) != sizeof(hdr) + sizeof(data) + namelen + 1) {
+ LOG(ERROR) << "*** NOTIFY FAILED: written " << ret << " expected "
+ << sizeof(hdr) + sizeof(data) + namelen + 1 << " ***";
+ }
+}
+
+static int handle_lookup(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header *hdr, const char* name)
+{
+ struct node* parent_node;
+ char parent_path[PATH_MAX];
+ char child_path[PATH_MAX];
+ const char* actual_name;
+
+ pthread_mutex_lock(&fuse->global->lock);
+ parent_node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid,
+ parent_path, sizeof(parent_path));
+ DLOG(INFO) << "[" << handler->token << "] LOOKUP " << name << " @ " << hdr->nodeid
+ << " (" << (parent_node ? parent_node->name : "?") << ")";
+ pthread_mutex_unlock(&fuse->global->lock);
+
+ if (!parent_node || !(actual_name = find_file_within(parent_path, name,
+ child_path, sizeof(child_path), 1))) {
+ return -ENOENT;
+ }
+ if (!check_caller_access_to_name(fuse, hdr, parent_node, name, R_OK)) {
+ return -EACCES;
+ }
+
+ return fuse_reply_entry(fuse, hdr->unique, parent_node, name, actual_name, child_path);
+}
+
+static int handle_forget(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header *hdr, const struct fuse_forget_in *req)
+{
+ struct node* node;
+
+ pthread_mutex_lock(&fuse->global->lock);
+ node = lookup_node_by_id_locked(fuse, hdr->nodeid);
+ DLOG(INFO) << "[" << handler->token << "] FORGET #" << req->nlookup
+ << " @ " << std::hex << hdr->nodeid
+ << " (" << (node ? node->name : "?") << ")";
+ if (node) {
+ __u64 n = req->nlookup;
+ while (n) {
+ n--;
+ release_node_locked(node);
+ }
+ }
+ pthread_mutex_unlock(&fuse->global->lock);
+ return NO_STATUS; /* no reply */
+}
+
+static int handle_getattr(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header *hdr, const struct fuse_getattr_in *req)
+{
+ struct node* node;
+ char path[PATH_MAX];
+
+ pthread_mutex_lock(&fuse->global->lock);
+ node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, path, sizeof(path));
+ DLOG(INFO) << "[" << handler->token << "] GETATTR flags=" << req->getattr_flags
+ << " fh=" << std::hex << req->fh << " @ " << hdr->nodeid << std::dec
+ << " (" << (node ? node->name : "?") << ")";
+ pthread_mutex_unlock(&fuse->global->lock);
+
+ if (!node) {
+ return -ENOENT;
+ }
+ if (!check_caller_access_to_node(fuse, hdr, node, R_OK)) {
+ return -EACCES;
+ }
+
+ return fuse_reply_attr(fuse, hdr->unique, node, path);
+}
+
+static int handle_setattr(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header *hdr, const struct fuse_setattr_in *req)
+{
+ struct node* node;
+ char path[PATH_MAX];
+ struct timespec times[2];
+
+ pthread_mutex_lock(&fuse->global->lock);
+ node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, path, sizeof(path));
+ DLOG(INFO) << "[" << handler->token << "] SETATTR fh=" << std::hex << req->fh
+ << " valid=" << std::hex << req->valid << " @ " << hdr->nodeid << std::dec
+ << " (" << (node ? node->name : "?") << ")";
+ pthread_mutex_unlock(&fuse->global->lock);
+
+ if (!node) {
+ return -ENOENT;
+ }
+
+ if (!(req->valid & FATTR_FH) &&
+ !check_caller_access_to_node(fuse, hdr, node, W_OK)) {
+ return -EACCES;
+ }
+
+ /* XXX: incomplete implementation on purpose.
+ * chmod/chown should NEVER be implemented.*/
+
+ if ((req->valid & FATTR_SIZE) && TEMP_FAILURE_RETRY(truncate64(path, req->size)) == -1) {
+ return -errno;
+ }
+
+ /* Handle changing atime and mtime. If FATTR_ATIME_and FATTR_ATIME_NOW
+ * are both set, then set it to the current time. Else, set it to the
+ * time specified in the request. Same goes for mtime. Use utimensat(2)
+ * as it allows ATIME and MTIME to be changed independently, and has
+ * nanosecond resolution which fuse also has.
+ */
+ if (req->valid & (FATTR_ATIME | FATTR_MTIME)) {
+ times[0].tv_nsec = UTIME_OMIT;
+ times[1].tv_nsec = UTIME_OMIT;
+ if (req->valid & FATTR_ATIME) {
+ if (req->valid & FATTR_ATIME_NOW) {
+ times[0].tv_nsec = UTIME_NOW;
+ } else {
+ times[0].tv_sec = req->atime;
+ times[0].tv_nsec = req->atimensec;
+ }
+ }
+ if (req->valid & FATTR_MTIME) {
+ if (req->valid & FATTR_MTIME_NOW) {
+ times[1].tv_nsec = UTIME_NOW;
+ } else {
+ times[1].tv_sec = req->mtime;
+ times[1].tv_nsec = req->mtimensec;
+ }
+ }
+ DLOG(INFO) << "[" << handler->token << "] Calling utimensat on " << path
+ << " with atime " << times[0].tv_sec << ", mtime=" << times[1].tv_sec;
+ if (utimensat(-1, path, times, 0) < 0) {
+ return -errno;
+ }
+ }
+ return fuse_reply_attr(fuse, hdr->unique, node, path);
+}
+
+static int handle_mknod(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const struct fuse_mknod_in* req, const char* name)
+{
+ struct node* parent_node;
+ char parent_path[PATH_MAX];
+ char child_path[PATH_MAX];
+ const char* actual_name;
+
+ pthread_mutex_lock(&fuse->global->lock);
+ parent_node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid,
+ parent_path, sizeof(parent_path));
+ DLOG(INFO) << "[" << handler->token << "] MKNOD " << name << " 0" << std::oct << req->mode
+ << " @ " << std::hex << hdr->nodeid
+ << " (" << (parent_node ? parent_node->name : "?") << ")";
+ pthread_mutex_unlock(&fuse->global->lock);
+
+ if (!parent_node || !(actual_name = find_file_within(parent_path, name,
+ child_path, sizeof(child_path), 1))) {
+ return -ENOENT;
+ }
+ if (!check_caller_access_to_name(fuse, hdr, parent_node, name, W_OK)) {
+ return -EACCES;
+ }
+ __u32 mode = (req->mode & (~0777)) | 0664;
+ if (mknod(child_path, mode, req->rdev) == -1) {
+ return -errno;
+ }
+ return fuse_reply_entry(fuse, hdr->unique, parent_node, name, actual_name, child_path);
+}
+
+static int handle_mkdir(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const struct fuse_mkdir_in* req, const char* name)
+{
+ struct node* parent_node;
+ char parent_path[PATH_MAX];
+ char child_path[PATH_MAX];
+ const char* actual_name;
+
+ pthread_mutex_lock(&fuse->global->lock);
+ parent_node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid,
+ parent_path, sizeof(parent_path));
+ DLOG(INFO) << "[" << handler->token << "] MKDIR " << name << " 0" << std::oct << req->mode
+ << " @ " << std::hex << hdr->nodeid
+ << " (" << (parent_node ? parent_node->name : "?") << ")";
+ pthread_mutex_unlock(&fuse->global->lock);
+
+ if (!parent_node || !(actual_name = find_file_within(parent_path, name,
+ child_path, sizeof(child_path), 1))) {
+ return -ENOENT;
+ }
+ if (!check_caller_access_to_name(fuse, hdr, parent_node, name, W_OK)) {
+ return -EACCES;
+ }
+ __u32 mode = (req->mode & (~0777)) | 0775;
+ if (mkdir(child_path, mode) == -1) {
+ return -errno;
+ }
+
+ /* When creating /Android/data and /Android/obb, mark them as .nomedia */
+ if (parent_node->perm == PERM_ANDROID && !strcasecmp(name, "data")) {
+ char nomedia[PATH_MAX];
+ snprintf(nomedia, PATH_MAX, "%s/.nomedia", child_path);
+ if (touch(nomedia, 0664) != 0) {
+ PLOG(ERROR) << "touch(" << nomedia << ") failed";
+ return -ENOENT;
+ }
+ }
+ if (parent_node->perm == PERM_ANDROID && !strcasecmp(name, "obb")) {
+ char nomedia[PATH_MAX];
+ snprintf(nomedia, PATH_MAX, "%s/.nomedia", fuse->global->obb_path);
+ if (touch(nomedia, 0664) != 0) {
+ PLOG(ERROR) << "touch(" << nomedia << ") failed";
+ return -ENOENT;
+ }
+ }
+
+ return fuse_reply_entry(fuse, hdr->unique, parent_node, name, actual_name, child_path);
+}
+
+static int handle_unlink(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const char* name)
+{
+ struct node* parent_node;
+ struct node* child_node;
+ char parent_path[PATH_MAX];
+ char child_path[PATH_MAX];
+
+ pthread_mutex_lock(&fuse->global->lock);
+ parent_node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid,
+ parent_path, sizeof(parent_path));
+ DLOG(INFO) << "[" << handler->token << "] UNLINK " << name << " @ " << std::hex << hdr->nodeid
+ << " (" << (parent_node ? parent_node->name : "?") << ")";
+ pthread_mutex_unlock(&fuse->global->lock);
+
+ if (!parent_node || !find_file_within(parent_path, name,
+ child_path, sizeof(child_path), 1)) {
+ return -ENOENT;
+ }
+ if (!check_caller_access_to_name(fuse, hdr, parent_node, name, W_OK)) {
+ return -EACCES;
+ }
+ if (unlink(child_path) == -1) {
+ return -errno;
+ }
+ pthread_mutex_lock(&fuse->global->lock);
+ child_node = lookup_child_by_name_locked(parent_node, name);
+ if (child_node) {
+ child_node->deleted = true;
+ }
+ pthread_mutex_unlock(&fuse->global->lock);
+ if (parent_node && child_node) {
+ /* Tell all other views that node is gone */
+ DLOG(INFO) << "[" << handler->token << "] fuse_notify_delete"
+ << " parent=" << std::hex << parent_node->nid
+ << ", child=" << std::hex << child_node->nid << std::dec
+ << ", name=" << name;
+ if (fuse != fuse->global->fuse_default) {
+ fuse_notify_delete(fuse->global->fuse_default, parent_node->nid, child_node->nid, name);
+ }
+ if (fuse != fuse->global->fuse_read) {
+ fuse_notify_delete(fuse->global->fuse_read, parent_node->nid, child_node->nid, name);
+ }
+ if (fuse != fuse->global->fuse_write) {
+ fuse_notify_delete(fuse->global->fuse_write, parent_node->nid, child_node->nid, name);
+ }
+ if (fuse != fuse->global->fuse_full) {
+ fuse_notify_delete(fuse->global->fuse_full, parent_node->nid, child_node->nid, name);
+ }
+ }
+ return 0;
+}
+
+static int handle_rmdir(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const char* name)
+{
+ struct node* child_node;
+ struct node* parent_node;
+ char parent_path[PATH_MAX];
+ char child_path[PATH_MAX];
+
+ pthread_mutex_lock(&fuse->global->lock);
+ parent_node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid,
+ parent_path, sizeof(parent_path));
+ DLOG(INFO) << "[" << handler->token << "] UNLINK " << name << " @ " << std::hex << hdr->nodeid
+ << " (" << (parent_node ? parent_node->name : "?") << ")";
+ pthread_mutex_unlock(&fuse->global->lock);
+
+ if (!parent_node || !find_file_within(parent_path, name,
+ child_path, sizeof(child_path), 1)) {
+ return -ENOENT;
+ }
+ if (!check_caller_access_to_name(fuse, hdr, parent_node, name, W_OK)) {
+ return -EACCES;
+ }
+ if (rmdir(child_path) == -1) {
+ return -errno;
+ }
+ pthread_mutex_lock(&fuse->global->lock);
+ child_node = lookup_child_by_name_locked(parent_node, name);
+ if (child_node) {
+ child_node->deleted = true;
+ }
+ pthread_mutex_unlock(&fuse->global->lock);
+ if (parent_node && child_node) {
+ /* Tell all other views that node is gone */
+ DLOG(INFO) << "[" << handler->token << "] fuse_notify_delete"
+ << " parent=" << std::hex << parent_node->nid
+ << ", child=" << std::hex << child_node->nid << std::dec
+ << ", name=" << name;
+ if (fuse != fuse->global->fuse_default) {
+ fuse_notify_delete(fuse->global->fuse_default, parent_node->nid, child_node->nid, name);
+ }
+ if (fuse != fuse->global->fuse_read) {
+ fuse_notify_delete(fuse->global->fuse_read, parent_node->nid, child_node->nid, name);
+ }
+ if (fuse != fuse->global->fuse_write) {
+ fuse_notify_delete(fuse->global->fuse_write, parent_node->nid, child_node->nid, name);
+ }
+ }
+ return 0;
+}
+
+static int handle_rename(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const struct fuse_rename_in* req,
+ const char* old_name, const char* new_name)
+{
+ struct node* old_parent_node;
+ struct node* new_parent_node;
+ struct node* child_node;
+ char old_parent_path[PATH_MAX];
+ char new_parent_path[PATH_MAX];
+ char old_child_path[PATH_MAX];
+ char new_child_path[PATH_MAX];
+ const char* new_actual_name;
+ int search;
+ int res;
+
+ pthread_mutex_lock(&fuse->global->lock);
+ old_parent_node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid,
+ old_parent_path, sizeof(old_parent_path));
+ new_parent_node = lookup_node_and_path_by_id_locked(fuse, req->newdir,
+ new_parent_path, sizeof(new_parent_path));
+ DLOG(INFO) << "[" << handler->token << "] RENAME " << old_name << "->" << new_name
+ << " @ " << std::hex << hdr->nodeid
+ << " (" << (old_parent_node ? old_parent_node->name : "?") << ") -> "
+ << std::hex << req->newdir
+ << " (" << (new_parent_node ? new_parent_node->name : "?") << ")";
+ if (!old_parent_node || !new_parent_node) {
+ res = -ENOENT;
+ goto lookup_error;
+ }
+ if (!check_caller_access_to_name(fuse, hdr, old_parent_node, old_name, W_OK)) {
+ res = -EACCES;
+ goto lookup_error;
+ }
+ if (!check_caller_access_to_name(fuse, hdr, new_parent_node, new_name, W_OK)) {
+ res = -EACCES;
+ goto lookup_error;
+ }
+ child_node = lookup_child_by_name_locked(old_parent_node, old_name);
+ if (!child_node || get_node_path_locked(child_node,
+ old_child_path, sizeof(old_child_path)) < 0) {
+ res = -ENOENT;
+ goto lookup_error;
+ }
+ acquire_node_locked(child_node);
+ pthread_mutex_unlock(&fuse->global->lock);
+
+ /* Special case for renaming a file where destination is same path
+ * differing only by case. In this case we don't want to look for a case
+ * insensitive match. This allows commands like "mv foo FOO" to work as expected.
+ */
+ search = old_parent_node != new_parent_node
+ || strcasecmp(old_name, new_name);
+ if (!(new_actual_name = find_file_within(new_parent_path, new_name,
+ new_child_path, sizeof(new_child_path), search))) {
+ res = -ENOENT;
+ goto io_error;
+ }
+
+ DLOG(INFO) << "[" << handler->token << "] RENAME " << old_child_path << "->" << new_child_path;
+ res = rename(old_child_path, new_child_path);
+ if (res == -1) {
+ res = -errno;
+ goto io_error;
+ }
+
+ pthread_mutex_lock(&fuse->global->lock);
+ res = rename_node_locked(child_node, new_name, new_actual_name);
+ if (!res) {
+ remove_node_from_parent_locked(child_node);
+ derive_permissions_locked(fuse, new_parent_node, child_node);
+ derive_permissions_recursive_locked(fuse, child_node);
+ add_node_to_parent_locked(child_node, new_parent_node);
+ }
+ goto done;
+
+io_error:
+ pthread_mutex_lock(&fuse->global->lock);
+done:
+ release_node_locked(child_node);
+lookup_error:
+ pthread_mutex_unlock(&fuse->global->lock);
+ return res;
+}
+
+static int open_flags_to_access_mode(int open_flags) {
+ if ((open_flags & O_ACCMODE) == O_RDONLY) {
+ return R_OK;
+ } else if ((open_flags & O_ACCMODE) == O_WRONLY) {
+ return W_OK;
+ } else {
+ /* Probably O_RDRW, but treat as default to be safe */
+ return R_OK | W_OK;
+ }
+}
+
+static int handle_open(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const struct fuse_open_in* req)
+{
+ struct node* node;
+ char path[PATH_MAX];
+ struct fuse_open_out out = {};
+ struct handle *h;
+
+ pthread_mutex_lock(&fuse->global->lock);
+ node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, path, sizeof(path));
+ DLOG(INFO) << "[" << handler->token << "] OPEN 0" << std::oct << req->flags
+ << " @ " << std::hex << hdr->nodeid << std::dec
+ << " (" << (node ? node->name : "?") << ")";
+ pthread_mutex_unlock(&fuse->global->lock);
+
+ if (!node) {
+ return -ENOENT;
+ }
+ if (!check_caller_access_to_node(fuse, hdr, node,
+ open_flags_to_access_mode(req->flags))) {
+ return -EACCES;
+ }
+ h = static_cast<struct handle*>(malloc(sizeof(*h)));
+ if (!h) {
+ return -ENOMEM;
+ }
+ DLOG(INFO) << "[" << handler->token << "] OPEN " << path;
+ h->fd = TEMP_FAILURE_RETRY(open(path, req->flags));
+ if (h->fd == -1) {
+ free(h);
+ return -errno;
+ }
+ out.fh = ptr_to_id(h);
+ out.open_flags = 0;
+ fuse_reply(fuse, hdr->unique, &out, sizeof(out));
+ return NO_STATUS;
+}
+
+static int handle_read(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const struct fuse_read_in* req)
+{
+ struct handle *h = static_cast<struct handle*>(id_to_ptr(req->fh));
+ __u64 unique = hdr->unique;
+ __u32 size = req->size;
+ __u64 offset = req->offset;
+ int res;
+ __u8 *read_buffer = (__u8 *) ((uintptr_t)(handler->read_buffer + PAGE_SIZE) & ~((uintptr_t)PAGE_SIZE-1));
+
+ /* Don't access any other fields of hdr or req beyond this point, the read buffer
+ * overlaps the request buffer and will clobber data in the request. This
+ * saves us 128KB per request handler thread at the cost of this scary comment. */
+
+ DLOG(INFO) << "[" << handler->token << "] READ " << std::hex << h << std::dec
+ << "(" << h->fd << ") " << size << "@" << offset;
+ if (size > MAX_READ) {
+ return -EINVAL;
+ }
+ res = TEMP_FAILURE_RETRY(pread64(h->fd, read_buffer, size, offset));
+ if (res == -1) {
+ return -errno;
+ }
+ fuse_reply(fuse, unique, read_buffer, res);
+ return NO_STATUS;
+}
+
+static int handle_write(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const struct fuse_write_in* req,
+ const void* buffer)
+{
+ struct fuse_write_out out;
+ struct handle *h = static_cast<struct handle*>(id_to_ptr(req->fh));
+ int res;
+ __u8 aligned_buffer[req->size] __attribute__((__aligned__(PAGE_SIZE)));
+
+ if (req->flags & O_DIRECT) {
+ memcpy(aligned_buffer, buffer, req->size);
+ buffer = (const __u8*) aligned_buffer;
+ }
+
+ DLOG(INFO) << "[" << handler->token << "] WRITE " << std::hex << h << std::dec
+ << "(" << h->fd << ") " << req->size << "@" << req->offset;
+ res = TEMP_FAILURE_RETRY(pwrite64(h->fd, buffer, req->size, req->offset));
+ if (res == -1) {
+ return -errno;
+ }
+ out.size = res;
+ out.padding = 0;
+ fuse_reply(fuse, hdr->unique, &out, sizeof(out));
+ return NO_STATUS;
+}
+
+static int handle_statfs(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr)
+{
+ char path[PATH_MAX];
+ struct statfs stat;
+ struct fuse_statfs_out out;
+ int res;
+
+ pthread_mutex_lock(&fuse->global->lock);
+ DLOG(INFO) << "[" << handler->token << "] STATFS";
+ res = get_node_path_locked(&fuse->global->root, path, sizeof(path));
+ pthread_mutex_unlock(&fuse->global->lock);
+ if (res < 0) {
+ return -ENOENT;
+ }
+ if (TEMP_FAILURE_RETRY(statfs(fuse->global->root.name, &stat)) == -1) {
+ return -errno;
+ }
+ memset(&out, 0, sizeof(out));
+ out.st.blocks = stat.f_blocks;
+ out.st.bfree = stat.f_bfree;
+ out.st.bavail = stat.f_bavail;
+ out.st.files = stat.f_files;
+ out.st.ffree = stat.f_ffree;
+ out.st.bsize = stat.f_bsize;
+ out.st.namelen = stat.f_namelen;
+ out.st.frsize = stat.f_frsize;
+ fuse_reply(fuse, hdr->unique, &out, sizeof(out));
+ return NO_STATUS;
+}
+
+static int handle_release(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const struct fuse_release_in* req)
+{
+ struct handle *h = static_cast<struct handle*>(id_to_ptr(req->fh));
+
+ DLOG(INFO) << "[" << handler->token << "] RELEASE " << std::hex << h << std::dec
+ << "(" << h->fd << ")";
+ close(h->fd);
+ free(h);
+ return 0;
+}
+
+static int handle_fsync(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const struct fuse_fsync_in* req)
+{
+ bool is_dir = (hdr->opcode == FUSE_FSYNCDIR);
+ bool is_data_sync = req->fsync_flags & 1;
+
+ int fd = -1;
+ if (is_dir) {
+ struct dirhandle *dh = static_cast<struct dirhandle*>(id_to_ptr(req->fh));
+ fd = dirfd(dh->d);
+ } else {
+ struct handle *h = static_cast<struct handle*>(id_to_ptr(req->fh));
+ fd = h->fd;
+ }
+
+ DLOG(INFO) << "[" << handler->token << "] " << (is_dir ? "FSYNCDIR" : "FSYNC") << " "
+ << std::hex << req->fh << std::dec << "(" << fd << ") is_data_sync=" << is_data_sync;
+ int res = is_data_sync ? fdatasync(fd) : fsync(fd);
+ if (res == -1) {
+ return -errno;
+ }
+ return 0;
+}
+
+static int handle_flush(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr)
+{
+ DLOG(INFO) << "[" << handler->token << "] FLUSH";
+ return 0;
+}
+
+static int handle_opendir(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const struct fuse_open_in* req)
+{
+ struct node* node;
+ char path[PATH_MAX];
+ struct fuse_open_out out = {};
+ struct dirhandle *h;
+
+ pthread_mutex_lock(&fuse->global->lock);
+ node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, path, sizeof(path));
+ DLOG(INFO) << "[" << handler->token << "] OPENDIR @ " << std::hex << hdr->nodeid
+ << " (" << (node ? node->name : "?") << ")";
+ pthread_mutex_unlock(&fuse->global->lock);
+
+ if (!node) {
+ return -ENOENT;
+ }
+ if (!check_caller_access_to_node(fuse, hdr, node, R_OK)) {
+ return -EACCES;
+ }
+ h = static_cast<struct dirhandle*>(malloc(sizeof(*h)));
+ if (!h) {
+ return -ENOMEM;
+ }
+ DLOG(INFO) << "[" << handler->token << "] OPENDIR " << path;
+ h->d = opendir(path);
+ if (!h->d) {
+ free(h);
+ return -errno;
+ }
+ out.fh = ptr_to_id(h);
+ out.open_flags = 0;
+ fuse_reply(fuse, hdr->unique, &out, sizeof(out));
+ return NO_STATUS;
+}
+
+static int handle_readdir(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const struct fuse_read_in* req)
+{
+ char buffer[8192];
+ struct fuse_dirent *fde = (struct fuse_dirent*) buffer;
+ struct dirent *de;
+ struct dirhandle *h = static_cast<struct dirhandle*>(id_to_ptr(req->fh));
+
+ DLOG(INFO) << "[" << handler->token << "] READDIR " << h;
+ if (req->offset == 0) {
+ /* rewinddir() might have been called above us, so rewind here too */
+ DLOG(INFO) << "[" << handler->token << "] calling rewinddir()";
+ rewinddir(h->d);
+ }
+ de = readdir(h->d);
+ if (!de) {
+ return 0;
+ }
+ fde->ino = FUSE_UNKNOWN_INO;
+ /* increment the offset so we can detect when rewinddir() seeks back to the beginning */
+ fde->off = req->offset + 1;
+ fde->type = de->d_type;
+ fde->namelen = strlen(de->d_name);
+ memcpy(fde->name, de->d_name, fde->namelen + 1);
+ fuse_reply(fuse, hdr->unique, fde,
+ FUSE_DIRENT_ALIGN(sizeof(struct fuse_dirent) + fde->namelen));
+ return NO_STATUS;
+}
+
+static int handle_releasedir(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const struct fuse_release_in* req)
+{
+ struct dirhandle *h = static_cast<struct dirhandle*>(id_to_ptr(req->fh));
+
+ DLOG(INFO) << "[" << handler->token << "] RELEASEDIR " << h;
+ closedir(h->d);
+ free(h);
+ return 0;
+}
+
+static int handle_init(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header* hdr, const struct fuse_init_in* req)
+{
+ struct fuse_init_out out;
+ size_t fuse_struct_size;
+
+ DLOG(INFO) << "[" << handler->token << "] INIT ver=" << req->major << "." << req->minor
+ << " maxread=" << req->max_readahead << " flags=" << std::hex << req->flags;
+
+ /* Kernel 2.6.16 is the first stable kernel with struct fuse_init_out
+ * defined (fuse version 7.6). The structure is the same from 7.6 through
+ * 7.22. Beginning with 7.23, the structure increased in size and added
+ * new parameters.
+ */
+ if (req->major != FUSE_KERNEL_VERSION || req->minor < 6) {
+ LOG(ERROR) << "Fuse kernel version mismatch: Kernel version "
+ << req->major << "." << req->minor
+ << ", Expected at least " << FUSE_KERNEL_VERSION << ".6";
+ return -1;
+ }
+
+ /* We limit ourselves to 15 because we don't handle BATCH_FORGET yet */
+ out.minor = MIN(req->minor, 15);
+ fuse_struct_size = sizeof(out);
+#if defined(FUSE_COMPAT_22_INIT_OUT_SIZE)
+ /* FUSE_KERNEL_VERSION >= 23. */
+
+ /* Since we return minor version 15, the kernel does not accept the latest
+ * fuse_init_out size. We need to use FUSE_COMPAT_22_INIT_OUT_SIZE always.*/
+ fuse_struct_size = FUSE_COMPAT_22_INIT_OUT_SIZE;
+#endif
+
+ out.major = FUSE_KERNEL_VERSION;
+ out.max_readahead = req->max_readahead;
+ out.flags = FUSE_ATOMIC_O_TRUNC | FUSE_BIG_WRITES;
+ out.max_background = 32;
+ out.congestion_threshold = 32;
+ out.max_write = MAX_WRITE;
+ fuse_reply(fuse, hdr->unique, &out, fuse_struct_size);
+ return NO_STATUS;
+}
+
+static int handle_canonical_path(struct fuse* fuse, struct fuse_handler* handler,
+ const struct fuse_in_header *hdr)
+{
+ struct node* node;
+ char path[PATH_MAX];
+ int len;
+
+ pthread_mutex_lock(&fuse->global->lock);
+ node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid,
+ path, sizeof(path));
+ DLOG(INFO) << "[" << handler->token << "] CANONICAL_PATH @ " << std::hex << hdr->nodeid
+ << std::dec << " (" << (node ? node->name : "?") << ")";
+ pthread_mutex_unlock(&fuse->global->lock);
+
+ if (!node) {
+ return -ENOENT;
+ }
+ if (!check_caller_access_to_node(fuse, hdr, node, R_OK)) {
+ return -EACCES;
+ }
+ len = strlen(path);
+ if (len + 1 > PATH_MAX)
+ len = PATH_MAX - 1;
+ path[PATH_MAX - 1] = 0;
+ fuse_reply(fuse, hdr->unique, path, len + 1);
+ return NO_STATUS;
+}
+
+static int handle_fuse_request(struct fuse *fuse, struct fuse_handler* handler,
+ const struct fuse_in_header *hdr, const void *data, size_t data_len)
+{
+ switch (hdr->opcode) {
+ case FUSE_LOOKUP: { /* bytez[] -> entry_out */
+ const char *name = static_cast<const char*>(data);
+ return handle_lookup(fuse, handler, hdr, name);
+ }
+
+ case FUSE_FORGET: {
+ const struct fuse_forget_in *req = static_cast<const struct fuse_forget_in*>(data);
+ return handle_forget(fuse, handler, hdr, req);
+ }
+
+ case FUSE_GETATTR: { /* getattr_in -> attr_out */
+ const struct fuse_getattr_in *req = static_cast<const struct fuse_getattr_in*>(data);
+ return handle_getattr(fuse, handler, hdr, req);
+ }
+
+ case FUSE_SETATTR: { /* setattr_in -> attr_out */
+ const struct fuse_setattr_in *req = static_cast<const struct fuse_setattr_in*>(data);
+ return handle_setattr(fuse, handler, hdr, req);
+ }
+
+// case FUSE_READLINK:
+// case FUSE_SYMLINK:
+ case FUSE_MKNOD: { /* mknod_in, bytez[] -> entry_out */
+ const struct fuse_mknod_in *req = static_cast<const struct fuse_mknod_in*>(data);
+ const char *name = ((const char*) data) + sizeof(*req);
+ return handle_mknod(fuse, handler, hdr, req, name);
+ }
+
+ case FUSE_MKDIR: { /* mkdir_in, bytez[] -> entry_out */
+ const struct fuse_mkdir_in *req = static_cast<const struct fuse_mkdir_in*>(data);
+ const char *name = ((const char*) data) + sizeof(*req);
+ return handle_mkdir(fuse, handler, hdr, req, name);
+ }
+
+ case FUSE_UNLINK: { /* bytez[] -> */
+ const char *name = static_cast<const char*>(data);
+ return handle_unlink(fuse, handler, hdr, name);
+ }
+
+ case FUSE_RMDIR: { /* bytez[] -> */
+ const char *name = static_cast<const char*>(data);
+ return handle_rmdir(fuse, handler, hdr, name);
+ }
+
+ case FUSE_RENAME: { /* rename_in, oldname, newname -> */
+ const struct fuse_rename_in *req = static_cast<const struct fuse_rename_in*>(data);
+ const char *old_name = ((const char*) data) + sizeof(*req);
+ const char *new_name = old_name + strlen(old_name) + 1;
+ return handle_rename(fuse, handler, hdr, req, old_name, new_name);
+ }
+
+// case FUSE_LINK:
+ case FUSE_OPEN: { /* open_in -> open_out */
+ const struct fuse_open_in *req = static_cast<const struct fuse_open_in*>(data);
+ return handle_open(fuse, handler, hdr, req);
+ }
+
+ case FUSE_READ: { /* read_in -> byte[] */
+ const struct fuse_read_in *req = static_cast<const struct fuse_read_in*>(data);
+ return handle_read(fuse, handler, hdr, req);
+ }
+
+ case FUSE_WRITE: { /* write_in, byte[write_in.size] -> write_out */
+ const struct fuse_write_in *req = static_cast<const struct fuse_write_in*>(data);
+ const void* buffer = (const __u8*)data + sizeof(*req);
+ return handle_write(fuse, handler, hdr, req, buffer);
+ }
+
+ case FUSE_STATFS: { /* getattr_in -> attr_out */
+ return handle_statfs(fuse, handler, hdr);
+ }
+
+ case FUSE_RELEASE: { /* release_in -> */
+ const struct fuse_release_in *req = static_cast<const struct fuse_release_in*>(data);
+ return handle_release(fuse, handler, hdr, req);
+ }
+
+ case FUSE_FSYNC:
+ case FUSE_FSYNCDIR: {
+ const struct fuse_fsync_in *req = static_cast<const struct fuse_fsync_in*>(data);
+ return handle_fsync(fuse, handler, hdr, req);
+ }
+
+// case FUSE_SETXATTR:
+// case FUSE_GETXATTR:
+// case FUSE_LISTXATTR:
+// case FUSE_REMOVEXATTR:
+ case FUSE_FLUSH: {
+ return handle_flush(fuse, handler, hdr);
+ }
+
+ case FUSE_OPENDIR: { /* open_in -> open_out */
+ const struct fuse_open_in *req = static_cast<const struct fuse_open_in*>(data);
+ return handle_opendir(fuse, handler, hdr, req);
+ }
+
+ case FUSE_READDIR: {
+ const struct fuse_read_in *req = static_cast<const struct fuse_read_in*>(data);
+ return handle_readdir(fuse, handler, hdr, req);
+ }
+
+ case FUSE_RELEASEDIR: { /* release_in -> */
+ const struct fuse_release_in *req = static_cast<const struct fuse_release_in*>(data);
+ return handle_releasedir(fuse, handler, hdr, req);
+ }
+
+ case FUSE_INIT: { /* init_in -> init_out */
+ const struct fuse_init_in *req = static_cast<const struct fuse_init_in*>(data);
+ return handle_init(fuse, handler, hdr, req);
+ }
+
+ case FUSE_CANONICAL_PATH: { /* nodeid -> bytez[] */
+ return handle_canonical_path(fuse, handler, hdr);
+ }
+
+ default: {
+ DLOG(INFO) << "[" << handler->token << "] NOTIMPL op=" << hdr->opcode
+ << "uniq=" << std::hex << hdr->unique << "nid=" << hdr->nodeid << std::dec;
+ return -ENOSYS;
+ }
+ }
+}
+
+void handle_fuse_requests(struct fuse_handler* handler)
+{
+ struct fuse* fuse = handler->fuse;
+ for (;;) {
+ ssize_t len = TEMP_FAILURE_RETRY(read(fuse->fd,
+ handler->request_buffer, sizeof(handler->request_buffer)));
+ if (len == -1) {
+ if (errno == ENODEV) {
+ LOG(ERROR) << "[" << handler->token << "] someone stole our marbles!";
+ exit(2);
+ }
+ PLOG(ERROR) << "[" << handler->token << "] handle_fuse_requests";
+ continue;
+ }
+
+ if (static_cast<size_t>(len) < sizeof(struct fuse_in_header)) {
+ LOG(ERROR) << "[" << handler->token << "] request too short: len=" << len;
+ continue;
+ }
+
+ const struct fuse_in_header* hdr =
+ reinterpret_cast<const struct fuse_in_header*>(handler->request_buffer);
+ if (hdr->len != static_cast<size_t>(len)) {
+ LOG(ERROR) << "[" << handler->token << "] malformed header: len=" << len
+ << ", hdr->len=" << hdr->len;
+ continue;
+ }
+
+ const void *data = handler->request_buffer + sizeof(struct fuse_in_header);
+ size_t data_len = len - sizeof(struct fuse_in_header);
+ __u64 unique = hdr->unique;
+ int res = handle_fuse_request(fuse, handler, hdr, data, data_len);
+
+ /* We do not access the request again after this point because the underlying
+ * buffer storage may have been reused while processing the request. */
+
+ if (res != NO_STATUS) {
+ if (res) {
+ DLOG(INFO) << "[" << handler->token << "] ERROR " << res;
+ }
+ fuse_status(fuse, unique, res);
+ }
+ }
+}
diff --git a/sdcard/fuse.h b/sdcard/fuse.h
new file mode 100644
index 0000000..b4c2bb1
--- /dev/null
+++ b/sdcard/fuse.h
@@ -0,0 +1,210 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FUSE_H_
+#define FUSE_H_
+
+#include <dirent.h>
+#include <fcntl.h>
+#include <linux/fuse.h>
+#include <pthread.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/statfs.h>
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <unistd.h>
+
+#include <map>
+#include <string>
+
+#include <android-base/logging.h>
+#include <cutils/fs.h>
+#include <cutils/multiuser.h>
+#include <packagelistparser/packagelistparser.h>
+
+#include <private/android_filesystem_config.h>
+
+#define FUSE_TRACE 0
+
+#if FUSE_TRACE
+static constexpr bool kEnableDLog = true;
+#else // FUSE_TRACE == 0
+static constexpr bool kEnableDLog = false;
+#endif
+
+// Use same strategy as DCHECK().
+#define DLOG(x) \
+ if (kEnableDLog) LOG(x)
+
+/* Maximum number of bytes to write in one request. */
+#define MAX_WRITE (256 * 1024)
+
+/* Maximum number of bytes to read in one request. */
+#define MAX_READ (128 * 1024)
+
+/* Largest possible request.
+ * The request size is bounded by the maximum size of a FUSE_WRITE request because it has
+ * the largest possible data payload. */
+#define MAX_REQUEST_SIZE (sizeof(struct fuse_in_header) + sizeof(struct fuse_write_in) + MAX_WRITE)
+
+namespace {
+struct CaseInsensitiveCompare {
+ bool operator()(const std::string& lhs, const std::string& rhs) const {
+ return strcasecmp(lhs.c_str(), rhs.c_str()) < 0;
+ }
+};
+}
+
+using AppIdMap = std::map<std::string, appid_t, CaseInsensitiveCompare>;
+
+/* Permission mode for a specific node. Controls how file permissions
+ * are derived for children nodes. */
+typedef enum {
+ /* Nothing special; this node should just inherit from its parent. */
+ PERM_INHERIT,
+ /* This node is one level above a normal root; used for legacy layouts
+ * which use the first level to represent user_id. */
+ PERM_PRE_ROOT,
+ /* This node is "/" */
+ PERM_ROOT,
+ /* This node is "/Android" */
+ PERM_ANDROID,
+ /* This node is "/Android/data" */
+ PERM_ANDROID_DATA,
+ /* This node is "/Android/obb" */
+ PERM_ANDROID_OBB,
+ /* This node is "/Android/media" */
+ PERM_ANDROID_MEDIA,
+} perm_t;
+
+struct handle {
+ int fd;
+};
+
+struct dirhandle {
+ DIR *d;
+};
+
+struct node {
+ __u32 refcount;
+ __u64 nid;
+ __u64 gen;
+ /*
+ * The inode number for this FUSE node. Note that this isn't stable across
+ * multiple invocations of the FUSE daemon.
+ */
+ __u32 ino;
+
+ /* State derived based on current position in hierarchy. */
+ perm_t perm;
+ userid_t userid;
+ uid_t uid;
+ bool under_android;
+
+ struct node *next; /* per-dir sibling list */
+ struct node *child; /* first contained file by this dir */
+ struct node *parent; /* containing directory */
+
+ size_t namelen;
+ char *name;
+ /* If non-null, this is the real name of the file in the underlying storage.
+ * This may differ from the field "name" only by case.
+ * strlen(actual_name) will always equal strlen(name), so it is safe to use
+ * namelen for both fields.
+ */
+ char *actual_name;
+
+ /* If non-null, an exact underlying path that should be grafted into this
+ * position. Used to support things like OBB. */
+ char* graft_path;
+ size_t graft_pathlen;
+
+ bool deleted;
+};
+
+/* Global data for all FUSE mounts */
+struct fuse_global {
+ pthread_mutex_t lock;
+
+ uid_t uid;
+ gid_t gid;
+ bool multi_user;
+
+ char source_path[PATH_MAX];
+ char obb_path[PATH_MAX];
+
+ AppIdMap* package_to_appid;
+
+ __u64 next_generation;
+ struct node root;
+
+ /* Used to allocate unique inode numbers for fuse nodes. We use
+ * a simple counter based scheme where inode numbers from deleted
+ * nodes aren't reused. Note that inode allocations are not stable
+ * across multiple invocation of the sdcard daemon, but that shouldn't
+ * be a huge problem in practice.
+ *
+ * Note that we restrict inodes to 32 bit unsigned integers to prevent
+ * truncation on 32 bit processes when unsigned long long stat.st_ino is
+ * assigned to an unsigned long ino_t type in an LP32 process.
+ *
+ * Also note that fuse_attr and fuse_dirent inode values are 64 bits wide
+ * on both LP32 and LP64, but the fuse kernel code doesn't squash 64 bit
+ * inode numbers into 32 bit values on 64 bit kernels (see fuse_squash_ino
+ * in fs/fuse/inode.c).
+ *
+ * Accesses must be guarded by |lock|.
+ */
+ __u32 inode_ctr;
+
+ struct fuse* fuse_default;
+ struct fuse* fuse_read;
+ struct fuse* fuse_write;
+ struct fuse* fuse_full;
+};
+
+/* Single FUSE mount */
+struct fuse {
+ struct fuse_global* global;
+
+ char dest_path[PATH_MAX];
+
+ int fd;
+
+ gid_t gid;
+ mode_t mask;
+};
+
+/* Private data used by a single FUSE handler */
+struct fuse_handler {
+ struct fuse* fuse;
+ int token;
+
+ /* To save memory, we never use the contents of the request buffer and the read
+ * buffer at the same time. This allows us to share the underlying storage. */
+ union {
+ __u8 request_buffer[MAX_REQUEST_SIZE];
+ __u8 read_buffer[MAX_READ + PAGE_SIZE];
+ };
+};
+
+void handle_fuse_requests(struct fuse_handler* handler);
+void derive_permissions_recursive_locked(struct fuse* fuse, struct node *parent);
+
+#endif /* FUSE_H_ */
diff --git a/sdcard/sdcard.cpp b/sdcard/sdcard.cpp
index 2b35819..0c9f343 100644
--- a/sdcard/sdcard.cpp
+++ b/sdcard/sdcard.cpp
@@ -27,7 +27,6 @@
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
-#include <vector>
#include <android-base/file.h>
#include <android-base/logging.h>
@@ -39,55 +38,163 @@
#include <cutils/multiuser.h>
#include <cutils/properties.h>
+#include <packagelistparser/packagelistparser.h>
+
#include <libminijail.h>
#include <scoped_minijail.h>
#include <private/android_filesystem_config.h>
+// README
+//
+// What is this?
+//
+// sdcard is a program that uses FUSE to emulate FAT-on-sdcard style
+// directory permissions (all files are given fixed owner, group, and
+// permissions at creation, owner, group, and permissions are not
+// changeable, symlinks and hardlinks are not createable, etc.
+//
+// See usage() for command line options.
+//
+// It must be run as root, but will drop to requested UID/GID as soon as it
+// mounts a filesystem. It will refuse to run if requested UID/GID are zero.
+//
+// Things I believe to be true:
+//
+// - ops that return a fuse_entry (LOOKUP, MKNOD, MKDIR, LINK, SYMLINK,
+// CREAT) must bump that node's refcount
+// - don't forget that FORGET can forget multiple references (req->nlookup)
+// - if an op that returns a fuse_entry fails writing the reply to the
+// kernel, you must rollback the refcount to reflect the reference the
+// kernel did not actually acquire
+//
+// This daemon can also derive custom filesystem permissions based on directory
+// structure when requested. These custom permissions support several features:
+//
+// - Apps can access their own files in /Android/data/com.example/ without
+// requiring any additional GIDs.
+// - Separate permissions for protecting directories like Pictures and Music.
+// - Multi-user separation on the same physical device.
+
+#include "fuse.h"
+
#define PROP_SDCARDFS_DEVICE "ro.sys.sdcardfs"
#define PROP_SDCARDFS_USER "persist.sys.sdcardfs"
-static bool supports_esdfs(void) {
- std::string filesystems;
- if (!android::base::ReadFileToString("/proc/filesystems", &filesystems)) {
- PLOG(ERROR) << "Could not read /proc/filesystems";
- return false;
+/* Supplementary groups to execute with. */
+static const gid_t kGroups[1] = { AID_PACKAGE_INFO };
+
+static bool package_parse_callback(pkg_info *info, void *userdata) {
+ struct fuse_global *global = (struct fuse_global *)userdata;
+ bool res = global->package_to_appid->emplace(info->name, info->uid).second;
+ packagelist_free(info);
+ return res;
+}
+
+static bool read_package_list(struct fuse_global* global) {
+ pthread_mutex_lock(&global->lock);
+
+ global->package_to_appid->clear();
+ bool rc = packagelist_parse(package_parse_callback, global);
+ DLOG(INFO) << "read_package_list: found " << global->package_to_appid->size() << " packages";
+
+ // Regenerate ownership details using newly loaded mapping.
+ derive_permissions_recursive_locked(global->fuse_default, &global->root);
+
+ pthread_mutex_unlock(&global->lock);
+
+ return rc;
+}
+
+static void watch_package_list(struct fuse_global* global) {
+ struct inotify_event *event;
+ char event_buf[512];
+
+ int nfd = inotify_init();
+ if (nfd == -1) {
+ PLOG(ERROR) << "inotify_init failed";
+ return;
}
- for (const auto& fs : android::base::Split(filesystems, "\n")) {
- if (fs.find("esdfs") != std::string::npos) return true;
+
+ bool active = false;
+ while (1) {
+ if (!active) {
+ int res = inotify_add_watch(nfd, PACKAGES_LIST_FILE, IN_DELETE_SELF);
+ if (res == -1) {
+ if (errno == ENOENT || errno == EACCES) {
+ /* Framework may not have created the file yet, sleep and retry. */
+ LOG(ERROR) << "missing \"" << PACKAGES_LIST_FILE << "\"; retrying...";
+ sleep(3);
+ continue;
+ } else {
+ PLOG(ERROR) << "inotify_add_watch failed";
+ return;
+ }
+ }
+
+ /* Watch above will tell us about any future changes, so
+ * read the current state. */
+ if (read_package_list(global) == false) {
+ LOG(ERROR) << "read_package_list failed";
+ return;
+ }
+ active = true;
+ }
+
+ int event_pos = 0;
+ ssize_t res = TEMP_FAILURE_RETRY(read(nfd, event_buf, sizeof(event_buf)));
+ if (res == -1) {
+ PLOG(ERROR) << "failed to read inotify event";
+ return;
+ } else if (static_cast<size_t>(res) < sizeof(*event)) {
+ LOG(ERROR) << "failed to read inotify event: read " << res << " expected "
+ << sizeof(event_buf);
+ return;
+ }
+
+ while (res >= static_cast<ssize_t>(sizeof(*event))) {
+ int event_size;
+ event = reinterpret_cast<struct inotify_event*>(event_buf + event_pos);
+
+ DLOG(INFO) << "inotify event: " << std::hex << event->mask << std::dec;
+ if ((event->mask & IN_IGNORED) == IN_IGNORED) {
+ /* Previously watched file was deleted, probably due to move
+ * that swapped in new data; re-arm the watch and read. */
+ active = false;
+ }
+
+ event_size = sizeof(*event) + event->len;
+ res -= event_size;
+ event_pos += event_size;
+ }
}
- return false;
}
-static bool should_use_sdcardfs(void) {
- char property[PROPERTY_VALUE_MAX];
+static int fuse_setup(struct fuse* fuse, gid_t gid, mode_t mask) {
+ char opts[256];
- // Allow user to have a strong opinion about state
- property_get(PROP_SDCARDFS_USER, property, "");
- if (!strcmp(property, "force_on")) {
- LOG(WARNING) << "User explicitly enabled sdcardfs";
- return true;
- } else if (!strcmp(property, "force_off")) {
- LOG(WARNING) << "User explicitly disabled sdcardfs";
- return !supports_esdfs();
+ fuse->fd = TEMP_FAILURE_RETRY(open("/dev/fuse", O_RDWR | O_CLOEXEC));
+ if (fuse->fd == -1) {
+ PLOG(ERROR) << "failed to open fuse device";
+ return -1;
}
- // Fall back to device opinion about state
- if (property_get_bool(PROP_SDCARDFS_DEVICE, true)) {
- LOG(WARNING) << "Device explicitly enabled sdcardfs";
- return true;
- } else {
- LOG(WARNING) << "Device explicitly disabled sdcardfs";
- return !supports_esdfs();
+ umount2(fuse->dest_path, MNT_DETACH);
+
+ snprintf(opts, sizeof(opts),
+ "fd=%i,rootmode=40000,default_permissions,allow_other,user_id=%d,group_id=%d",
+ fuse->fd, fuse->global->uid, fuse->global->gid);
+ if (mount("/dev/fuse", fuse->dest_path, "fuse", MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_NOATIME,
+ opts) == -1) {
+ PLOG(ERROR) << "failed to mount fuse filesystem";
+ return -1;
}
-}
-// NOTE: This is a vestigial program that simply exists to mount the in-kernel
-// sdcardfs filesystem. The older FUSE-based design that used to live here has
-// been completely removed to avoid confusion.
+ fuse->gid = gid;
+ fuse->mask = mask;
-/* Supplementary groups to execute with. */
-static const gid_t kGroups[1] = { AID_PACKAGE_INFO };
+ return 0;
+}
static void drop_privs(uid_t uid, gid_t gid) {
ScopedMinijail j(minijail_new());
@@ -98,35 +205,157 @@ static void drop_privs(uid_t uid, gid_t gid) {
minijail_enter(j.get());
}
-static bool sdcardfs_setup(const std::string& source_path, const std::string& dest_path,
- uid_t fsuid, gid_t fsgid, bool multi_user, userid_t userid, gid_t gid,
- mode_t mask, bool derive_gid, bool default_normal, bool unshared_obb,
- bool use_esdfs) {
- // Add new options at the end of the vector.
- std::vector<std::string> new_opts_list;
- if (multi_user) new_opts_list.push_back("multiuser,");
- if (derive_gid) new_opts_list.push_back("derive_gid,");
- if (default_normal) new_opts_list.push_back("default_normal,");
- if (unshared_obb) new_opts_list.push_back("unshared_obb,");
- // Try several attempts, each time with one less option, to gracefully
- // handle older kernels that aren't updated yet.
- for (int i = 0; i <= new_opts_list.size(); ++i) {
- std::string new_opts;
- for (int j = 0; j < new_opts_list.size() - i; ++j) {
- new_opts += new_opts_list[j];
+static void* start_handler(void* data) {
+ struct fuse_handler* handler = static_cast<fuse_handler*>(data);
+ handle_fuse_requests(handler);
+ return NULL;
+}
+
+static void run(const char* source_path, const char* label, uid_t uid,
+ gid_t gid, userid_t userid, bool multi_user, bool full_write) {
+ struct fuse_global global;
+ struct fuse fuse_default;
+ struct fuse fuse_read;
+ struct fuse fuse_write;
+ struct fuse fuse_full;
+ struct fuse_handler handler_default;
+ struct fuse_handler handler_read;
+ struct fuse_handler handler_write;
+ struct fuse_handler handler_full;
+ pthread_t thread_default;
+ pthread_t thread_read;
+ pthread_t thread_write;
+ pthread_t thread_full;
+
+ memset(&global, 0, sizeof(global));
+ memset(&fuse_default, 0, sizeof(fuse_default));
+ memset(&fuse_read, 0, sizeof(fuse_read));
+ memset(&fuse_write, 0, sizeof(fuse_write));
+ memset(&fuse_full, 0, sizeof(fuse_full));
+ memset(&handler_default, 0, sizeof(handler_default));
+ memset(&handler_read, 0, sizeof(handler_read));
+ memset(&handler_write, 0, sizeof(handler_write));
+ memset(&handler_full, 0, sizeof(handler_full));
+
+ pthread_mutex_init(&global.lock, NULL);
+ global.package_to_appid = new AppIdMap;
+ global.uid = uid;
+ global.gid = gid;
+ global.multi_user = multi_user;
+ global.next_generation = 0;
+ global.inode_ctr = 1;
+
+ memset(&global.root, 0, sizeof(global.root));
+ global.root.nid = FUSE_ROOT_ID; /* 1 */
+ global.root.refcount = 2;
+ global.root.namelen = strlen(source_path);
+ global.root.name = strdup(source_path);
+ global.root.userid = userid;
+ global.root.uid = AID_ROOT;
+ global.root.under_android = false;
+
+ strcpy(global.source_path, source_path);
+
+ if (multi_user) {
+ global.root.perm = PERM_PRE_ROOT;
+ snprintf(global.obb_path, sizeof(global.obb_path), "%s/obb", source_path);
+ } else {
+ global.root.perm = PERM_ROOT;
+ snprintf(global.obb_path, sizeof(global.obb_path), "%s/Android/obb", source_path);
+ }
+
+ fuse_default.global = &global;
+ fuse_read.global = &global;
+ fuse_write.global = &global;
+ fuse_full.global = &global;
+
+ global.fuse_default = &fuse_default;
+ global.fuse_read = &fuse_read;
+ global.fuse_write = &fuse_write;
+ global.fuse_full = &fuse_full;
+
+ snprintf(fuse_default.dest_path, PATH_MAX, "/mnt/runtime/default/%s", label);
+ snprintf(fuse_read.dest_path, PATH_MAX, "/mnt/runtime/read/%s", label);
+ snprintf(fuse_write.dest_path, PATH_MAX, "/mnt/runtime/write/%s", label);
+ snprintf(fuse_full.dest_path, PATH_MAX, "/mnt/runtime/full/%s", label);
+
+ handler_default.fuse = &fuse_default;
+ handler_read.fuse = &fuse_read;
+ handler_write.fuse = &fuse_write;
+ handler_full.fuse = &fuse_full;
+
+ handler_default.token = 0;
+ handler_read.token = 1;
+ handler_write.token = 2;
+ handler_full.token = 3;
+
+ umask(0);
+
+ if (multi_user) {
+ /* Multi-user storage is fully isolated per user, so "other"
+ * permissions are completely masked off. */
+ if (fuse_setup(&fuse_default, AID_SDCARD_RW, 0006)
+ || fuse_setup(&fuse_read, AID_EVERYBODY, 0027)
+ || fuse_setup(&fuse_write, AID_EVERYBODY, full_write ? 0007 : 0027)
+ || fuse_setup(&fuse_full, AID_EVERYBODY, 0007)) {
+ PLOG(FATAL) << "failed to fuse_setup";
+ }
+ } else {
+ /* Physical storage is readable by all users on device, but
+ * the Android directories are masked off to a single user
+ * deep inside attr_from_stat(). */
+ if (fuse_setup(&fuse_default, AID_SDCARD_RW, 0006)
+ || fuse_setup(&fuse_read, AID_EVERYBODY, full_write ? 0027 : 0022)
+ || fuse_setup(&fuse_write, AID_EVERYBODY, full_write ? 0007 : 0022)
+ || fuse_setup(&fuse_full, AID_EVERYBODY, 0007)) {
+ PLOG(FATAL) << "failed to fuse_setup";
}
+ }
+
+ // Will abort if priv-dropping fails.
+ drop_privs(uid, gid);
+
+ if (multi_user) {
+ fs_prepare_dir(global.obb_path, 0775, uid, gid);
+ }
- auto opts = android::base::StringPrintf("fsuid=%d,fsgid=%d,%smask=%d,userid=%d,gid=%d",
- fsuid, fsgid, new_opts.c_str(), mask, userid, gid);
- if (mount(source_path.c_str(), dest_path.c_str(), use_esdfs ? "esdfs" : "sdcardfs",
- MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_NOATIME, opts.c_str()) == -1) {
- PLOG(WARNING) << "Failed to mount sdcardfs with options " << opts;
+ if (pthread_create(&thread_default, NULL, start_handler, &handler_default)
+ || pthread_create(&thread_read, NULL, start_handler, &handler_read)
+ || pthread_create(&thread_write, NULL, start_handler, &handler_write)
+ || pthread_create(&thread_full, NULL, start_handler, &handler_full)) {
+ LOG(FATAL) << "failed to pthread_create";
+ }
+
+ watch_package_list(&global);
+ LOG(FATAL) << "terminated prematurely";
+}
+
+static bool sdcardfs_setup(const std::string& source_path, const std::string& dest_path,
+ uid_t fsuid, gid_t fsgid, bool multi_user, userid_t userid, gid_t gid,
+ mode_t mask, bool derive_gid) {
+ std::string opts = android::base::StringPrintf(
+ "fsuid=%d,fsgid=%d,%s%smask=%d,userid=%d,gid=%d", fsuid, fsgid,
+ multi_user ? "multiuser," : "", derive_gid ? "derive_gid," : "", mask, userid, gid);
+
+ if (mount(source_path.c_str(), dest_path.c_str(), "sdcardfs",
+ MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_NOATIME, opts.c_str()) == -1) {
+ if (derive_gid) {
+ PLOG(ERROR) << "trying to mount sdcardfs filesystem without derive_gid";
+ /* Maybe this isn't supported on this kernel. Try without. */
+ opts = android::base::StringPrintf("fsuid=%d,fsgid=%d,%smask=%d,userid=%d,gid=%d",
+ fsuid, fsgid, multi_user ? "multiuser," : "", mask,
+ userid, gid);
+ if (mount(source_path.c_str(), dest_path.c_str(), "sdcardfs",
+ MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_NOATIME, opts.c_str()) == -1) {
+ PLOG(ERROR) << "failed to mount sdcardfs filesystem";
+ return false;
+ }
} else {
- return true;
+ PLOG(ERROR) << "failed to mount sdcardfs filesystem";
+ return false;
}
}
-
- return false;
+ return true;
}
static bool sdcardfs_setup_bind_remount(const std::string& source_path, const std::string& dest_path,
@@ -150,22 +379,9 @@ static bool sdcardfs_setup_bind_remount(const std::string& source_path, const st
return true;
}
-static bool sdcardfs_setup_secondary(const std::string& default_path,
- const std::string& source_path, const std::string& dest_path,
- uid_t fsuid, gid_t fsgid, bool multi_user, userid_t userid,
- gid_t gid, mode_t mask, bool derive_gid, bool default_normal,
- bool unshared_obb, bool use_esdfs) {
- if (use_esdfs) {
- return sdcardfs_setup(source_path, dest_path, fsuid, fsgid, multi_user, userid, gid, mask,
- derive_gid, default_normal, unshared_obb, use_esdfs);
- } else {
- return sdcardfs_setup_bind_remount(default_path, dest_path, gid, mask);
- }
-}
-
static void run_sdcardfs(const std::string& source_path, const std::string& label, uid_t uid,
gid_t gid, userid_t userid, bool multi_user, bool full_write,
- bool derive_gid, bool default_normal, bool unshared_obb, bool use_esdfs) {
+ bool derive_gid) {
std::string dest_path_default = "/mnt/runtime/default/" + label;
std::string dest_path_read = "/mnt/runtime/read/" + label;
std::string dest_path_write = "/mnt/runtime/write/" + label;
@@ -176,17 +392,11 @@ static void run_sdcardfs(const std::string& source_path, const std::string& labe
// Multi-user storage is fully isolated per user, so "other"
// permissions are completely masked off.
if (!sdcardfs_setup(source_path, dest_path_default, uid, gid, multi_user, userid,
- AID_SDCARD_RW, 0006, derive_gid, default_normal, unshared_obb,
- use_esdfs) ||
- !sdcardfs_setup_secondary(dest_path_default, source_path, dest_path_read, uid, gid,
- multi_user, userid, AID_EVERYBODY, 0027, derive_gid,
- default_normal, unshared_obb, use_esdfs) ||
- !sdcardfs_setup_secondary(dest_path_default, source_path, dest_path_write, uid, gid,
- multi_user, userid, AID_EVERYBODY, full_write ? 0007 : 0027,
- derive_gid, default_normal, unshared_obb, use_esdfs) ||
- !sdcardfs_setup_secondary(dest_path_default, source_path, dest_path_full, uid, gid,
- multi_user, userid, AID_EVERYBODY, 0007, derive_gid,
- default_normal, unshared_obb, use_esdfs)) {
+ AID_SDCARD_RW, 0006, derive_gid) ||
+ !sdcardfs_setup_bind_remount(dest_path_default, dest_path_read, AID_EVERYBODY, 0027) ||
+ !sdcardfs_setup_bind_remount(dest_path_default, dest_path_write, AID_EVERYBODY,
+ full_write ? 0007 : 0027) ||
+ !sdcardfs_setup_bind_remount(dest_path_default, dest_path_full, AID_EVERYBODY, 0007)) {
LOG(FATAL) << "failed to sdcardfs_setup";
}
} else {
@@ -194,17 +404,12 @@ static void run_sdcardfs(const std::string& source_path, const std::string& labe
// the Android directories are masked off to a single user
// deep inside attr_from_stat().
if (!sdcardfs_setup(source_path, dest_path_default, uid, gid, multi_user, userid,
- AID_SDCARD_RW, 0006, derive_gid, default_normal, unshared_obb,
- use_esdfs) ||
- !sdcardfs_setup_secondary(dest_path_default, source_path, dest_path_read, uid, gid,
- multi_user, userid, AID_EVERYBODY, full_write ? 0027 : 0022,
- derive_gid, default_normal, unshared_obb, use_esdfs) ||
- !sdcardfs_setup_secondary(dest_path_default, source_path, dest_path_write, uid, gid,
- multi_user, userid, AID_EVERYBODY, full_write ? 0007 : 0022,
- derive_gid, default_normal, unshared_obb, use_esdfs) ||
- !sdcardfs_setup_secondary(dest_path_default, source_path, dest_path_full, uid, gid,
- multi_user, userid, AID_EVERYBODY, 0007, derive_gid,
- default_normal, unshared_obb, use_esdfs)) {
+ AID_SDCARD_RW, 0006, derive_gid) ||
+ !sdcardfs_setup_bind_remount(dest_path_default, dest_path_read, AID_EVERYBODY,
+ full_write ? 0027 : 0022) ||
+ !sdcardfs_setup_bind_remount(dest_path_default, dest_path_write, AID_EVERYBODY,
+ full_write ? 0007 : 0022) ||
+ !sdcardfs_setup_bind_remount(dest_path_default, dest_path_full, AID_EVERYBODY, 0007)) {
LOG(FATAL) << "failed to sdcardfs_setup";
}
}
@@ -220,6 +425,41 @@ static void run_sdcardfs(const std::string& source_path, const std::string& labe
exit(0);
}
+static bool supports_sdcardfs(void) {
+ std::string filesystems;
+ if (!android::base::ReadFileToString("/proc/filesystems", &filesystems)) {
+ PLOG(ERROR) << "Could not read /proc/filesystems";
+ return false;
+ }
+ for (const auto& fs : android::base::Split(filesystems, "\n")) {
+ if (fs.find("sdcardfs") != std::string::npos) return true;
+ }
+ return false;
+}
+
+static bool should_use_sdcardfs(void) {
+ char property[PROPERTY_VALUE_MAX];
+
+ // Allow user to have a strong opinion about state
+ property_get(PROP_SDCARDFS_USER, property, "");
+ if (!strcmp(property, "force_on")) {
+ LOG(WARNING) << "User explicitly enabled sdcardfs";
+ return supports_sdcardfs();
+ } else if (!strcmp(property, "force_off")) {
+ LOG(WARNING) << "User explicitly disabled sdcardfs";
+ return false;
+ }
+
+ // Fall back to device opinion about state
+ if (property_get_bool(PROP_SDCARDFS_DEVICE, true)) {
+ LOG(WARNING) << "Device explicitly enabled sdcardfs";
+ return supports_sdcardfs();
+ } else {
+ LOG(WARNING) << "Device explicitly disabled sdcardfs";
+ return false;
+ }
+}
+
static int usage() {
LOG(ERROR) << "usage: sdcard [OPTIONS] <source_path> <label>"
<< " -u: specify UID to run as"
@@ -227,8 +467,7 @@ static int usage() {
<< " -U: specify user ID that owns device"
<< " -m: source_path is multi-user"
<< " -w: runtime write mount has full write access"
- << " -P: preserve owners on the lower file system"
- << " -o: obb dir doesn't need to be shared between users";
+ << " -P preserve owners on the lower file system";
return 1;
}
@@ -241,15 +480,10 @@ int main(int argc, char **argv) {
bool multi_user = false;
bool full_write = false;
bool derive_gid = false;
- bool default_normal = false;
- bool unshared_obb = false;
int i;
struct rlimit rlim;
int fs_version;
- setenv("ANDROID_LOG_TAGS", "*:v", 1);
- android::base::InitLogging(argv, android::base::LogdLogger(android::base::SYSTEM));
-
int opt;
while ((opt = getopt(argc, argv, "u:g:U:mwGio")) != -1) {
switch (opt) {
@@ -272,14 +506,10 @@ int main(int argc, char **argv) {
derive_gid = true;
break;
case 'i':
- default_normal = true;
- break;
case 'o':
- unshared_obb = true;
break;
case '?':
default:
- LOG(ERROR) << "Unknown option: '" << opt << "'";
return usage();
}
}
@@ -320,7 +550,10 @@ int main(int argc, char **argv) {
sleep(1);
}
- run_sdcardfs(source_path, label, uid, gid, userid, multi_user, full_write, derive_gid,
- default_normal, unshared_obb, !should_use_sdcardfs());
+ if (should_use_sdcardfs()) {
+ run_sdcardfs(source_path, label, uid, gid, userid, multi_user, full_write, derive_gid);
+ } else {
+ run(source_path, label, uid, gid, userid, multi_user, full_write);
+ }
return 1;
}
--
2.49.0
Reference in New Issue View Git Blame Copy Permalink