| /* |
| * Copyright (C) 2010 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #define LOG_TAG "sdcard" |
| |
| #include <ctype.h> |
| #include <dirent.h> |
| #include <errno.h> |
| #include <fcntl.h> |
| #include <inttypes.h> |
| #include <limits.h> |
| #include <linux/fuse.h> |
| #include <pthread.h> |
| #include <stdbool.h> |
| #include <stdio.h> |
| #include <stdlib.h> |
| #include <string.h> |
| #include <sys/inotify.h> |
| #include <sys/mount.h> |
| #include <sys/param.h> |
| #include <sys/resource.h> |
| #include <sys/stat.h> |
| #include <sys/statfs.h> |
| #include <sys/time.h> |
| #include <sys/types.h> |
| #include <sys/uio.h> |
| #include <unistd.h> |
| |
| #include <cutils/fs.h> |
| #include <cutils/hashmap.h> |
| #include <cutils/log.h> |
| #include <cutils/multiuser.h> |
| #include <packagelistparser/packagelistparser.h> |
| |
| #include <private/android_filesystem_config.h> |
| |
| /* README |
| * |
| * What is this? |
| * |
| * sdcard is a program that uses FUSE to emulate FAT-on-sdcard style |
| * directory permissions (all files are given fixed owner, group, and |
| * permissions at creation, owner, group, and permissions are not |
| * changeable, symlinks and hardlinks are not createable, etc. |
| * |
| * See usage() for command line options. |
| * |
| * It must be run as root, but will drop to requested UID/GID as soon as it |
| * mounts a filesystem. It will refuse to run if requested UID/GID are zero. |
| * |
| * Things I believe to be true: |
| * |
| * - ops that return a fuse_entry (LOOKUP, MKNOD, MKDIR, LINK, SYMLINK, |
| * CREAT) must bump that node's refcount |
| * - don't forget that FORGET can forget multiple references (req->nlookup) |
| * - if an op that returns a fuse_entry fails writing the reply to the |
| * kernel, you must rollback the refcount to reflect the reference the |
| * kernel did not actually acquire |
| * |
| * This daemon can also derive custom filesystem permissions based on directory |
| * structure when requested. These custom permissions support several features: |
| * |
| * - Apps can access their own files in /Android/data/com.example/ without |
| * requiring any additional GIDs. |
| * - Separate permissions for protecting directories like Pictures and Music. |
| * - Multi-user separation on the same physical device. |
| */ |
| |
| #define FUSE_TRACE 0 |
| |
| #if FUSE_TRACE |
| #define TRACE(x...) ALOGD(x) |
| #else |
| #define TRACE(x...) do {} while (0) |
| #endif |
| |
| #define ERROR(x...) ALOGE(x) |
| |
| #define FUSE_UNKNOWN_INO 0xffffffff |
| |
| /* Maximum number of bytes to write in one request. */ |
| #define MAX_WRITE (256 * 1024) |
| |
| /* Maximum number of bytes to read in one request. */ |
| #define MAX_READ (128 * 1024) |
| |
| /* Largest possible request. |
| * The request size is bounded by the maximum size of a FUSE_WRITE request because it has |
| * the largest possible data payload. */ |
| #define MAX_REQUEST_SIZE (sizeof(struct fuse_in_header) + sizeof(struct fuse_write_in) + MAX_WRITE) |
| |
| /* Pseudo-error constant used to indicate that no fuse status is needed |
| * or that a reply has already been written. */ |
| #define NO_STATUS 1 |
| |
| /* Supplementary groups to execute with */ |
| static const gid_t kGroups[1] = { AID_PACKAGE_INFO }; |
| |
| /* Permission mode for a specific node. Controls how file permissions |
| * are derived for children nodes. */ |
| typedef enum { |
| /* Nothing special; this node should just inherit from its parent. */ |
| PERM_INHERIT, |
| /* This node is one level above a normal root; used for legacy layouts |
| * which use the first level to represent user_id. */ |
| PERM_PRE_ROOT, |
| /* This node is "/" */ |
| PERM_ROOT, |
| /* This node is "/Android" */ |
| PERM_ANDROID, |
| /* This node is "/Android/data" */ |
| PERM_ANDROID_DATA, |
| /* This node is "/Android/obb" */ |
| PERM_ANDROID_OBB, |
| /* This node is "/Android/media" */ |
| PERM_ANDROID_MEDIA, |
| } perm_t; |
| |
| struct handle { |
| int fd; |
| }; |
| |
| struct dirhandle { |
| DIR *d; |
| }; |
| |
| struct node { |
| __u32 refcount; |
| __u64 nid; |
| __u64 gen; |
| /* |
| * The inode number for this FUSE node. Note that this isn't stable across |
| * multiple invocations of the FUSE daemon. |
| */ |
| __u32 ino; |
| |
| /* State derived based on current position in hierarchy. */ |
| perm_t perm; |
| userid_t userid; |
| uid_t uid; |
| bool under_android; |
| |
| struct node *next; /* per-dir sibling list */ |
| struct node *child; /* first contained file by this dir */ |
| struct node *parent; /* containing directory */ |
| |
| size_t namelen; |
| char *name; |
| /* If non-null, this is the real name of the file in the underlying storage. |
| * This may differ from the field "name" only by case. |
| * strlen(actual_name) will always equal strlen(name), so it is safe to use |
| * namelen for both fields. |
| */ |
| char *actual_name; |
| |
| /* If non-null, an exact underlying path that should be grafted into this |
| * position. Used to support things like OBB. */ |
| char* graft_path; |
| size_t graft_pathlen; |
| |
| bool deleted; |
| }; |
| |
| static int str_hash(void *key) { |
| return hashmapHash(key, strlen(key)); |
| } |
| |
| /** Test if two string keys are equal ignoring case */ |
| static bool str_icase_equals(void *keyA, void *keyB) { |
| return strcasecmp(keyA, keyB) == 0; |
| } |
| |
| /* Global data for all FUSE mounts */ |
| struct fuse_global { |
| pthread_mutex_t lock; |
| |
| uid_t uid; |
| gid_t gid; |
| bool multi_user; |
| |
| char source_path[PATH_MAX]; |
| char obb_path[PATH_MAX]; |
| |
| Hashmap* package_to_appid; |
| |
| __u64 next_generation; |
| struct node root; |
| |
| /* Used to allocate unique inode numbers for fuse nodes. We use |
| * a simple counter based scheme where inode numbers from deleted |
| * nodes aren't reused. Note that inode allocations are not stable |
| * across multiple invocation of the sdcard daemon, but that shouldn't |
| * be a huge problem in practice. |
| * |
| * Note that we restrict inodes to 32 bit unsigned integers to prevent |
| * truncation on 32 bit processes when unsigned long long stat.st_ino is |
| * assigned to an unsigned long ino_t type in an LP32 process. |
| * |
| * Also note that fuse_attr and fuse_dirent inode values are 64 bits wide |
| * on both LP32 and LP64, but the fuse kernel code doesn't squash 64 bit |
| * inode numbers into 32 bit values on 64 bit kernels (see fuse_squash_ino |
| * in fs/fuse/inode.c). |
| * |
| * Accesses must be guarded by |lock|. |
| */ |
| __u32 inode_ctr; |
| |
| struct fuse* fuse_default; |
| struct fuse* fuse_read; |
| struct fuse* fuse_write; |
| }; |
| |
| /* Single FUSE mount */ |
| struct fuse { |
| struct fuse_global* global; |
| |
| char dest_path[PATH_MAX]; |
| |
| int fd; |
| |
| gid_t gid; |
| mode_t mask; |
| }; |
| |
| /* Private data used by a single FUSE handler */ |
| struct fuse_handler { |
| struct fuse* fuse; |
| int token; |
| |
| /* To save memory, we never use the contents of the request buffer and the read |
| * buffer at the same time. This allows us to share the underlying storage. */ |
| union { |
| __u8 request_buffer[MAX_REQUEST_SIZE]; |
| __u8 read_buffer[MAX_READ + PAGE_SIZE]; |
| }; |
| }; |
| |
| static inline void *id_to_ptr(__u64 nid) |
| { |
| return (void *) (uintptr_t) nid; |
| } |
| |
| static inline __u64 ptr_to_id(void *ptr) |
| { |
| return (__u64) (uintptr_t) ptr; |
| } |
| |
| static void acquire_node_locked(struct node* node) |
| { |
| node->refcount++; |
| TRACE("ACQUIRE %p (%s) rc=%d\n", node, node->name, node->refcount); |
| } |
| |
| static void remove_node_from_parent_locked(struct node* node); |
| |
| static void release_node_locked(struct node* node) |
| { |
| TRACE("RELEASE %p (%s) rc=%d\n", node, node->name, node->refcount); |
| if (node->refcount > 0) { |
| node->refcount--; |
| if (!node->refcount) { |
| TRACE("DESTROY %p (%s)\n", node, node->name); |
| remove_node_from_parent_locked(node); |
| |
| /* TODO: remove debugging - poison memory */ |
| memset(node->name, 0xef, node->namelen); |
| free(node->name); |
| free(node->actual_name); |
| memset(node, 0xfc, sizeof(*node)); |
| free(node); |
| } |
| } else { |
| ERROR("Zero refcnt %p\n", node); |
| } |
| } |
| |
| static void add_node_to_parent_locked(struct node *node, struct node *parent) { |
| node->parent = parent; |
| node->next = parent->child; |
| parent->child = node; |
| acquire_node_locked(parent); |
| } |
| |
| static void remove_node_from_parent_locked(struct node* node) |
| { |
| if (node->parent) { |
| if (node->parent->child == node) { |
| node->parent->child = node->parent->child->next; |
| } else { |
| struct node *node2; |
| node2 = node->parent->child; |
| while (node2->next != node) |
| node2 = node2->next; |
| node2->next = node->next; |
| } |
| release_node_locked(node->parent); |
| node->parent = NULL; |
| node->next = NULL; |
| } |
| } |
| |
| /* Gets the absolute path to a node into the provided buffer. |
| * |
| * Populates 'buf' with the path and returns the length of the path on success, |
| * or returns -1 if the path is too long for the provided buffer. |
| */ |
| static ssize_t get_node_path_locked(struct node* node, char* buf, size_t bufsize) { |
| const char* name; |
| size_t namelen; |
| if (node->graft_path) { |
| name = node->graft_path; |
| namelen = node->graft_pathlen; |
| } else if (node->actual_name) { |
| name = node->actual_name; |
| namelen = node->namelen; |
| } else { |
| name = node->name; |
| namelen = node->namelen; |
| } |
| |
| if (bufsize < namelen + 1) { |
| return -1; |
| } |
| |
| ssize_t pathlen = 0; |
| if (node->parent && node->graft_path == NULL) { |
| pathlen = get_node_path_locked(node->parent, buf, bufsize - namelen - 2); |
| if (pathlen < 0) { |
| return -1; |
| } |
| buf[pathlen++] = '/'; |
| } |
| |
| memcpy(buf + pathlen, name, namelen + 1); /* include trailing \0 */ |
| return pathlen + namelen; |
| } |
| |
| /* Finds the absolute path of a file within a given directory. |
| * Performs a case-insensitive search for the file and sets the buffer to the path |
| * of the first matching file. If 'search' is zero or if no match is found, sets |
| * the buffer to the path that the file would have, assuming the name were case-sensitive. |
| * |
| * Populates 'buf' with the path and returns the actual name (within 'buf') on success, |
| * or returns NULL if the path is too long for the provided buffer. |
| */ |
| static char* find_file_within(const char* path, const char* name, |
| char* buf, size_t bufsize, int search) |
| { |
| size_t pathlen = strlen(path); |
| size_t namelen = strlen(name); |
| size_t childlen = pathlen + namelen + 1; |
| char* actual; |
| |
| if (bufsize <= childlen) { |
| return NULL; |
| } |
| |
| memcpy(buf, path, pathlen); |
| buf[pathlen] = '/'; |
| actual = buf + pathlen + 1; |
| memcpy(actual, name, namelen + 1); |
| |
| if (search && access(buf, F_OK)) { |
| struct dirent* entry; |
| DIR* dir = opendir(path); |
| if (!dir) { |
| ERROR("opendir %s failed: %s\n", path, strerror(errno)); |
| return actual; |
| } |
| while ((entry = readdir(dir))) { |
| if (!strcasecmp(entry->d_name, name)) { |
| /* we have a match - replace the name, don't need to copy the null again */ |
| memcpy(actual, entry->d_name, namelen); |
| break; |
| } |
| } |
| closedir(dir); |
| } |
| return actual; |
| } |
| |
| static void attr_from_stat(struct fuse* fuse, struct fuse_attr *attr, |
| const struct stat *s, const struct node* node) { |
| attr->ino = node->ino; |
| attr->size = s->st_size; |
| attr->blocks = s->st_blocks; |
| attr->atime = s->st_atim.tv_sec; |
| attr->mtime = s->st_mtim.tv_sec; |
| attr->ctime = s->st_ctim.tv_sec; |
| attr->atimensec = s->st_atim.tv_nsec; |
| attr->mtimensec = s->st_mtim.tv_nsec; |
| attr->ctimensec = s->st_ctim.tv_nsec; |
| attr->mode = s->st_mode; |
| attr->nlink = s->st_nlink; |
| |
| attr->uid = node->uid; |
| |
| if (fuse->gid == AID_SDCARD_RW) { |
| /* As an optimization, certain trusted system components only run |
| * as owner but operate across all users. Since we're now handing |
| * out the sdcard_rw GID only to trusted apps, we're okay relaxing |
| * the user boundary enforcement for the default view. The UIDs |
| * assigned to app directories are still multiuser aware. */ |
| attr->gid = AID_SDCARD_RW; |
| } else { |
| attr->gid = multiuser_get_uid(node->userid, fuse->gid); |
| } |
| |
| int visible_mode = 0775 & ~fuse->mask; |
| if (node->perm == PERM_PRE_ROOT) { |
| /* Top of multi-user view should always be visible to ensure |
| * secondary users can traverse inside. */ |
| visible_mode = 0711; |
| } else if (node->under_android) { |
| /* Block "other" access to Android directories, since only apps |
| * belonging to a specific user should be in there; we still |
| * leave +x open for the default view. */ |
| if (fuse->gid == AID_SDCARD_RW) { |
| visible_mode = visible_mode & ~0006; |
| } else { |
| visible_mode = visible_mode & ~0007; |
| } |
| } |
| int owner_mode = s->st_mode & 0700; |
| int filtered_mode = visible_mode & (owner_mode | (owner_mode >> 3) | (owner_mode >> 6)); |
| attr->mode = (attr->mode & S_IFMT) | filtered_mode; |
| } |
| |
| static int touch(char* path, mode_t mode) { |
| int fd = open(path, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, mode); |
| if (fd == -1) { |
| if (errno == EEXIST) { |
| return 0; |
| } else { |
| ERROR("Failed to open(%s): %s\n", path, strerror(errno)); |
| return -1; |
| } |
| } |
| close(fd); |
| return 0; |
| } |
| |
| static void derive_permissions_locked(struct fuse* fuse, struct node *parent, |
| struct node *node) { |
| appid_t appid; |
| |
| /* By default, each node inherits from its parent */ |
| node->perm = PERM_INHERIT; |
| node->userid = parent->userid; |
| node->uid = parent->uid; |
| node->under_android = parent->under_android; |
| |
| /* Derive custom permissions based on parent and current node */ |
| switch (parent->perm) { |
| case PERM_INHERIT: |
| /* Already inherited above */ |
| break; |
| case PERM_PRE_ROOT: |
| /* Legacy internal layout places users at top level */ |
| node->perm = PERM_ROOT; |
| node->userid = strtoul(node->name, NULL, 10); |
| break; |
| case PERM_ROOT: |
| /* Assume masked off by default. */ |
| if (!strcasecmp(node->name, "Android")) { |
| /* App-specific directories inside; let anyone traverse */ |
| node->perm = PERM_ANDROID; |
| node->under_android = true; |
| } |
| break; |
| case PERM_ANDROID: |
| if (!strcasecmp(node->name, "data")) { |
| /* App-specific directories inside; let anyone traverse */ |
| node->perm = PERM_ANDROID_DATA; |
| } else if (!strcasecmp(node->name, "obb")) { |
| /* App-specific directories inside; let anyone traverse */ |
| node->perm = PERM_ANDROID_OBB; |
| /* Single OBB directory is always shared */ |
| node->graft_path = fuse->global->obb_path; |
| node->graft_pathlen = strlen(fuse->global->obb_path); |
| } else if (!strcasecmp(node->name, "media")) { |
| /* App-specific directories inside; let anyone traverse */ |
| node->perm = PERM_ANDROID_MEDIA; |
| } |
| break; |
| case PERM_ANDROID_DATA: |
| case PERM_ANDROID_OBB: |
| case PERM_ANDROID_MEDIA: |
| appid = (appid_t) (uintptr_t) hashmapGet(fuse->global->package_to_appid, node->name); |
| if (appid != 0) { |
| node->uid = multiuser_get_uid(parent->userid, appid); |
| } |
| break; |
| } |
| } |
| |
| static void derive_permissions_recursive_locked(struct fuse* fuse, struct node *parent) { |
| struct node *node; |
| for (node = parent->child; node; node = node->next) { |
| derive_permissions_locked(fuse, parent, node); |
| if (node->child) { |
| derive_permissions_recursive_locked(fuse, node); |
| } |
| } |
| } |
| |
| /* Kernel has already enforced everything we returned through |
| * derive_permissions_locked(), so this is used to lock down access |
| * even further, such as enforcing that apps hold sdcard_rw. */ |
| static bool check_caller_access_to_name(struct fuse* fuse, |
| const struct fuse_in_header *hdr, const struct node* parent_node, |
| const char* name, int mode) { |
| /* Always block security-sensitive files at root */ |
| if (parent_node && parent_node->perm == PERM_ROOT) { |
| if (!strcasecmp(name, "autorun.inf") |
| || !strcasecmp(name, ".android_secure") |
| || !strcasecmp(name, "android_secure")) { |
| return false; |
| } |
| } |
| |
| /* Root always has access; access for any other UIDs should always |
| * be controlled through packages.list. */ |
| if (hdr->uid == 0) { |
| return true; |
| } |
| |
| /* No extra permissions to enforce */ |
| return true; |
| } |
| |
| static bool check_caller_access_to_node(struct fuse* fuse, |
| const struct fuse_in_header *hdr, const struct node* node, int mode) { |
| return check_caller_access_to_name(fuse, hdr, node->parent, node->name, mode); |
| } |
| |
| struct node *create_node_locked(struct fuse* fuse, |
| struct node *parent, const char *name, const char* actual_name) |
| { |
| struct node *node; |
| size_t namelen = strlen(name); |
| |
| // Detect overflows in the inode counter. "4 billion nodes should be enough |
| // for everybody". |
| if (fuse->global->inode_ctr == 0) { |
| ERROR("No more inode numbers available"); |
| return NULL; |
| } |
| |
| node = calloc(1, sizeof(struct node)); |
| if (!node) { |
| return NULL; |
| } |
| node->name = malloc(namelen + 1); |
| if (!node->name) { |
| free(node); |
| return NULL; |
| } |
| memcpy(node->name, name, namelen + 1); |
| if (strcmp(name, actual_name)) { |
| node->actual_name = malloc(namelen + 1); |
| if (!node->actual_name) { |
| free(node->name); |
| free(node); |
| return NULL; |
| } |
| memcpy(node->actual_name, actual_name, namelen + 1); |
| } |
| node->namelen = namelen; |
| node->nid = ptr_to_id(node); |
| node->ino = fuse->global->inode_ctr++; |
| node->gen = fuse->global->next_generation++; |
| |
| node->deleted = false; |
| |
| derive_permissions_locked(fuse, parent, node); |
| acquire_node_locked(node); |
| add_node_to_parent_locked(node, parent); |
| return node; |
| } |
| |
| static int rename_node_locked(struct node *node, const char *name, |
| const char* actual_name) |
| { |
| size_t namelen = strlen(name); |
| int need_actual_name = strcmp(name, actual_name); |
| |
| /* make the storage bigger without actually changing the name |
| * in case an error occurs part way */ |
| if (namelen > node->namelen) { |
| char* new_name = realloc(node->name, namelen + 1); |
| if (!new_name) { |
| return -ENOMEM; |
| } |
| node->name = new_name; |
| if (need_actual_name && node->actual_name) { |
| char* new_actual_name = realloc(node->actual_name, namelen + 1); |
| if (!new_actual_name) { |
| return -ENOMEM; |
| } |
| node->actual_name = new_actual_name; |
| } |
| } |
| |
| /* update the name, taking care to allocate storage before overwriting the old name */ |
| if (need_actual_name) { |
| if (!node->actual_name) { |
| node->actual_name = malloc(namelen + 1); |
| if (!node->actual_name) { |
| return -ENOMEM; |
| } |
| } |
| memcpy(node->actual_name, actual_name, namelen + 1); |
| } else { |
| free(node->actual_name); |
| node->actual_name = NULL; |
| } |
| memcpy(node->name, name, namelen + 1); |
| node->namelen = namelen; |
| return 0; |
| } |
| |
| static struct node *lookup_node_by_id_locked(struct fuse *fuse, __u64 nid) |
| { |
| if (nid == FUSE_ROOT_ID) { |
| return &fuse->global->root; |
| } else { |
| return id_to_ptr(nid); |
| } |
| } |
| |
| static struct node* lookup_node_and_path_by_id_locked(struct fuse* fuse, __u64 nid, |
| char* buf, size_t bufsize) |
| { |
| struct node* node = lookup_node_by_id_locked(fuse, nid); |
| if (node && get_node_path_locked(node, buf, bufsize) < 0) { |
| node = NULL; |
| } |
| return node; |
| } |
| |
| static struct node *lookup_child_by_name_locked(struct node *node, const char *name) |
| { |
| for (node = node->child; node; node = node->next) { |
| /* use exact string comparison, nodes that differ by case |
| * must be considered distinct even if they refer to the same |
| * underlying file as otherwise operations such as "mv x x" |
| * will not work because the source and target nodes are the same. */ |
| if (!strcmp(name, node->name) && !node->deleted) { |
| return node; |
| } |
| } |
| return 0; |
| } |
| |
| static struct node* acquire_or_create_child_locked( |
| struct fuse* fuse, struct node* parent, |
| const char* name, const char* actual_name) |
| { |
| struct node* child = lookup_child_by_name_locked(parent, name); |
| if (child) { |
| acquire_node_locked(child); |
| } else { |
| child = create_node_locked(fuse, parent, name, actual_name); |
| } |
| return child; |
| } |
| |
| static void fuse_status(struct fuse *fuse, __u64 unique, int err) |
| { |
| struct fuse_out_header hdr; |
| hdr.len = sizeof(hdr); |
| hdr.error = err; |
| hdr.unique = unique; |
| write(fuse->fd, &hdr, sizeof(hdr)); |
| } |
| |
| static void fuse_reply(struct fuse *fuse, __u64 unique, void *data, int len) |
| { |
| struct fuse_out_header hdr; |
| struct iovec vec[2]; |
| int res; |
| |
| hdr.len = len + sizeof(hdr); |
| hdr.error = 0; |
| hdr.unique = unique; |
| |
| vec[0].iov_base = &hdr; |
| vec[0].iov_len = sizeof(hdr); |
| vec[1].iov_base = data; |
| vec[1].iov_len = len; |
| |
| res = writev(fuse->fd, vec, 2); |
| if (res < 0) { |
| ERROR("*** REPLY FAILED *** %d\n", errno); |
| } |
| } |
| |
| static int fuse_reply_entry(struct fuse* fuse, __u64 unique, |
| struct node* parent, const char* name, const char* actual_name, |
| const char* path) |
| { |
| struct node* node; |
| struct fuse_entry_out out; |
| struct stat s; |
| |
| if (lstat(path, &s) < 0) { |
| return -errno; |
| } |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| node = acquire_or_create_child_locked(fuse, parent, name, actual_name); |
| if (!node) { |
| pthread_mutex_unlock(&fuse->global->lock); |
| return -ENOMEM; |
| } |
| memset(&out, 0, sizeof(out)); |
| attr_from_stat(fuse, &out.attr, &s, node); |
| out.attr_valid = 10; |
| out.entry_valid = 10; |
| out.nodeid = node->nid; |
| out.generation = node->gen; |
| pthread_mutex_unlock(&fuse->global->lock); |
| fuse_reply(fuse, unique, &out, sizeof(out)); |
| return NO_STATUS; |
| } |
| |
| static int fuse_reply_attr(struct fuse* fuse, __u64 unique, const struct node* node, |
| const char* path) |
| { |
| struct fuse_attr_out out; |
| struct stat s; |
| |
| if (lstat(path, &s) < 0) { |
| return -errno; |
| } |
| memset(&out, 0, sizeof(out)); |
| attr_from_stat(fuse, &out.attr, &s, node); |
| out.attr_valid = 10; |
| fuse_reply(fuse, unique, &out, sizeof(out)); |
| return NO_STATUS; |
| } |
| |
| static void fuse_notify_delete(struct fuse* fuse, const __u64 parent, |
| const __u64 child, const char* name) { |
| struct fuse_out_header hdr; |
| struct fuse_notify_delete_out data; |
| struct iovec vec[3]; |
| size_t namelen = strlen(name); |
| int res; |
| |
| hdr.len = sizeof(hdr) + sizeof(data) + namelen + 1; |
| hdr.error = FUSE_NOTIFY_DELETE; |
| hdr.unique = 0; |
| |
| data.parent = parent; |
| data.child = child; |
| data.namelen = namelen; |
| data.padding = 0; |
| |
| vec[0].iov_base = &hdr; |
| vec[0].iov_len = sizeof(hdr); |
| vec[1].iov_base = &data; |
| vec[1].iov_len = sizeof(data); |
| vec[2].iov_base = (void*) name; |
| vec[2].iov_len = namelen + 1; |
| |
| res = writev(fuse->fd, vec, 3); |
| /* Ignore ENOENT, since other views may not have seen the entry */ |
| if (res < 0 && errno != ENOENT) { |
| ERROR("*** NOTIFY FAILED *** %d\n", errno); |
| } |
| } |
| |
| static int handle_lookup(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header *hdr, const char* name) |
| { |
| struct node* parent_node; |
| char parent_path[PATH_MAX]; |
| char child_path[PATH_MAX]; |
| const char* actual_name; |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| parent_node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, |
| parent_path, sizeof(parent_path)); |
| TRACE("[%d] LOOKUP %s @ %"PRIx64" (%s)\n", handler->token, name, hdr->nodeid, |
| parent_node ? parent_node->name : "?"); |
| pthread_mutex_unlock(&fuse->global->lock); |
| |
| if (!parent_node || !(actual_name = find_file_within(parent_path, name, |
| child_path, sizeof(child_path), 1))) { |
| return -ENOENT; |
| } |
| if (!check_caller_access_to_name(fuse, hdr, parent_node, name, R_OK)) { |
| return -EACCES; |
| } |
| |
| return fuse_reply_entry(fuse, hdr->unique, parent_node, name, actual_name, child_path); |
| } |
| |
| static int handle_forget(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header *hdr, const struct fuse_forget_in *req) |
| { |
| struct node* node; |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| node = lookup_node_by_id_locked(fuse, hdr->nodeid); |
| TRACE("[%d] FORGET #%"PRIu64" @ %"PRIx64" (%s)\n", handler->token, req->nlookup, |
| hdr->nodeid, node ? node->name : "?"); |
| if (node) { |
| __u64 n = req->nlookup; |
| while (n) { |
| n--; |
| release_node_locked(node); |
| } |
| } |
| pthread_mutex_unlock(&fuse->global->lock); |
| return NO_STATUS; /* no reply */ |
| } |
| |
| static int handle_getattr(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header *hdr, const struct fuse_getattr_in *req) |
| { |
| struct node* node; |
| char path[PATH_MAX]; |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, path, sizeof(path)); |
| TRACE("[%d] GETATTR flags=%x fh=%"PRIx64" @ %"PRIx64" (%s)\n", handler->token, |
| req->getattr_flags, req->fh, hdr->nodeid, node ? node->name : "?"); |
| pthread_mutex_unlock(&fuse->global->lock); |
| |
| if (!node) { |
| return -ENOENT; |
| } |
| if (!check_caller_access_to_node(fuse, hdr, node, R_OK)) { |
| return -EACCES; |
| } |
| |
| return fuse_reply_attr(fuse, hdr->unique, node, path); |
| } |
| |
| static int handle_setattr(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header *hdr, const struct fuse_setattr_in *req) |
| { |
| struct node* node; |
| char path[PATH_MAX]; |
| struct timespec times[2]; |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, path, sizeof(path)); |
| TRACE("[%d] SETATTR fh=%"PRIx64" valid=%x @ %"PRIx64" (%s)\n", handler->token, |
| req->fh, req->valid, hdr->nodeid, node ? node->name : "?"); |
| pthread_mutex_unlock(&fuse->global->lock); |
| |
| if (!node) { |
| return -ENOENT; |
| } |
| |
| if (!(req->valid & FATTR_FH) && |
| !check_caller_access_to_node(fuse, hdr, node, W_OK)) { |
| return -EACCES; |
| } |
| |
| /* XXX: incomplete implementation on purpose. |
| * chmod/chown should NEVER be implemented.*/ |
| |
| if ((req->valid & FATTR_SIZE) && truncate64(path, req->size) < 0) { |
| return -errno; |
| } |
| |
| /* Handle changing atime and mtime. If FATTR_ATIME_and FATTR_ATIME_NOW |
| * are both set, then set it to the current time. Else, set it to the |
| * time specified in the request. Same goes for mtime. Use utimensat(2) |
| * as it allows ATIME and MTIME to be changed independently, and has |
| * nanosecond resolution which fuse also has. |
| */ |
| if (req->valid & (FATTR_ATIME | FATTR_MTIME)) { |
| times[0].tv_nsec = UTIME_OMIT; |
| times[1].tv_nsec = UTIME_OMIT; |
| if (req->valid & FATTR_ATIME) { |
| if (req->valid & FATTR_ATIME_NOW) { |
| times[0].tv_nsec = UTIME_NOW; |
| } else { |
| times[0].tv_sec = req->atime; |
| times[0].tv_nsec = req->atimensec; |
| } |
| } |
| if (req->valid & FATTR_MTIME) { |
| if (req->valid & FATTR_MTIME_NOW) { |
| times[1].tv_nsec = UTIME_NOW; |
| } else { |
| times[1].tv_sec = req->mtime; |
| times[1].tv_nsec = req->mtimensec; |
| } |
| } |
| TRACE("[%d] Calling utimensat on %s with atime %ld, mtime=%ld\n", |
| handler->token, path, times[0].tv_sec, times[1].tv_sec); |
| if (utimensat(-1, path, times, 0) < 0) { |
| return -errno; |
| } |
| } |
| return fuse_reply_attr(fuse, hdr->unique, node, path); |
| } |
| |
| static int handle_mknod(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const struct fuse_mknod_in* req, const char* name) |
| { |
| struct node* parent_node; |
| char parent_path[PATH_MAX]; |
| char child_path[PATH_MAX]; |
| const char* actual_name; |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| parent_node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, |
| parent_path, sizeof(parent_path)); |
| TRACE("[%d] MKNOD %s 0%o @ %"PRIx64" (%s)\n", handler->token, |
| name, req->mode, hdr->nodeid, parent_node ? parent_node->name : "?"); |
| pthread_mutex_unlock(&fuse->global->lock); |
| |
| if (!parent_node || !(actual_name = find_file_within(parent_path, name, |
| child_path, sizeof(child_path), 1))) { |
| return -ENOENT; |
| } |
| if (!check_caller_access_to_name(fuse, hdr, parent_node, name, W_OK)) { |
| return -EACCES; |
| } |
| __u32 mode = (req->mode & (~0777)) | 0664; |
| if (mknod(child_path, mode, req->rdev) < 0) { |
| return -errno; |
| } |
| return fuse_reply_entry(fuse, hdr->unique, parent_node, name, actual_name, child_path); |
| } |
| |
| static int handle_mkdir(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const struct fuse_mkdir_in* req, const char* name) |
| { |
| struct node* parent_node; |
| char parent_path[PATH_MAX]; |
| char child_path[PATH_MAX]; |
| const char* actual_name; |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| parent_node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, |
| parent_path, sizeof(parent_path)); |
| TRACE("[%d] MKDIR %s 0%o @ %"PRIx64" (%s)\n", handler->token, |
| name, req->mode, hdr->nodeid, parent_node ? parent_node->name : "?"); |
| pthread_mutex_unlock(&fuse->global->lock); |
| |
| if (!parent_node || !(actual_name = find_file_within(parent_path, name, |
| child_path, sizeof(child_path), 1))) { |
| return -ENOENT; |
| } |
| if (!check_caller_access_to_name(fuse, hdr, parent_node, name, W_OK)) { |
| return -EACCES; |
| } |
| __u32 mode = (req->mode & (~0777)) | 0775; |
| if (mkdir(child_path, mode) < 0) { |
| return -errno; |
| } |
| |
| /* When creating /Android/data and /Android/obb, mark them as .nomedia */ |
| if (parent_node->perm == PERM_ANDROID && !strcasecmp(name, "data")) { |
| char nomedia[PATH_MAX]; |
| snprintf(nomedia, PATH_MAX, "%s/.nomedia", child_path); |
| if (touch(nomedia, 0664) != 0) { |
| ERROR("Failed to touch(%s): %s\n", nomedia, strerror(errno)); |
| return -ENOENT; |
| } |
| } |
| if (parent_node->perm == PERM_ANDROID && !strcasecmp(name, "obb")) { |
| char nomedia[PATH_MAX]; |
| snprintf(nomedia, PATH_MAX, "%s/.nomedia", fuse->global->obb_path); |
| if (touch(nomedia, 0664) != 0) { |
| ERROR("Failed to touch(%s): %s\n", nomedia, strerror(errno)); |
| return -ENOENT; |
| } |
| } |
| |
| return fuse_reply_entry(fuse, hdr->unique, parent_node, name, actual_name, child_path); |
| } |
| |
| static int handle_unlink(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const char* name) |
| { |
| struct node* parent_node; |
| struct node* child_node; |
| char parent_path[PATH_MAX]; |
| char child_path[PATH_MAX]; |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| parent_node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, |
| parent_path, sizeof(parent_path)); |
| TRACE("[%d] UNLINK %s @ %"PRIx64" (%s)\n", handler->token, |
| name, hdr->nodeid, parent_node ? parent_node->name : "?"); |
| pthread_mutex_unlock(&fuse->global->lock); |
| |
| if (!parent_node || !find_file_within(parent_path, name, |
| child_path, sizeof(child_path), 1)) { |
| return -ENOENT; |
| } |
| if (!check_caller_access_to_name(fuse, hdr, parent_node, name, W_OK)) { |
| return -EACCES; |
| } |
| if (unlink(child_path) < 0) { |
| return -errno; |
| } |
| pthread_mutex_lock(&fuse->global->lock); |
| child_node = lookup_child_by_name_locked(parent_node, name); |
| if (child_node) { |
| child_node->deleted = true; |
| } |
| pthread_mutex_unlock(&fuse->global->lock); |
| if (parent_node && child_node) { |
| /* Tell all other views that node is gone */ |
| TRACE("[%d] fuse_notify_delete parent=%"PRIx64", child=%"PRIx64", name=%s\n", |
| handler->token, (uint64_t) parent_node->nid, (uint64_t) child_node->nid, name); |
| if (fuse != fuse->global->fuse_default) { |
| fuse_notify_delete(fuse->global->fuse_default, parent_node->nid, child_node->nid, name); |
| } |
| if (fuse != fuse->global->fuse_read) { |
| fuse_notify_delete(fuse->global->fuse_read, parent_node->nid, child_node->nid, name); |
| } |
| if (fuse != fuse->global->fuse_write) { |
| fuse_notify_delete(fuse->global->fuse_write, parent_node->nid, child_node->nid, name); |
| } |
| } |
| return 0; |
| } |
| |
| static int handle_rmdir(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const char* name) |
| { |
| struct node* child_node; |
| struct node* parent_node; |
| char parent_path[PATH_MAX]; |
| char child_path[PATH_MAX]; |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| parent_node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, |
| parent_path, sizeof(parent_path)); |
| TRACE("[%d] RMDIR %s @ %"PRIx64" (%s)\n", handler->token, |
| name, hdr->nodeid, parent_node ? parent_node->name : "?"); |
| pthread_mutex_unlock(&fuse->global->lock); |
| |
| if (!parent_node || !find_file_within(parent_path, name, |
| child_path, sizeof(child_path), 1)) { |
| return -ENOENT; |
| } |
| if (!check_caller_access_to_name(fuse, hdr, parent_node, name, W_OK)) { |
| return -EACCES; |
| } |
| if (rmdir(child_path) < 0) { |
| return -errno; |
| } |
| pthread_mutex_lock(&fuse->global->lock); |
| child_node = lookup_child_by_name_locked(parent_node, name); |
| if (child_node) { |
| child_node->deleted = true; |
| } |
| pthread_mutex_unlock(&fuse->global->lock); |
| if (parent_node && child_node) { |
| /* Tell all other views that node is gone */ |
| TRACE("[%d] fuse_notify_delete parent=%"PRIx64", child=%"PRIx64", name=%s\n", |
| handler->token, (uint64_t) parent_node->nid, (uint64_t) child_node->nid, name); |
| if (fuse != fuse->global->fuse_default) { |
| fuse_notify_delete(fuse->global->fuse_default, parent_node->nid, child_node->nid, name); |
| } |
| if (fuse != fuse->global->fuse_read) { |
| fuse_notify_delete(fuse->global->fuse_read, parent_node->nid, child_node->nid, name); |
| } |
| if (fuse != fuse->global->fuse_write) { |
| fuse_notify_delete(fuse->global->fuse_write, parent_node->nid, child_node->nid, name); |
| } |
| } |
| return 0; |
| } |
| |
| static int handle_rename(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const struct fuse_rename_in* req, |
| const char* old_name, const char* new_name) |
| { |
| struct node* old_parent_node; |
| struct node* new_parent_node; |
| struct node* child_node; |
| char old_parent_path[PATH_MAX]; |
| char new_parent_path[PATH_MAX]; |
| char old_child_path[PATH_MAX]; |
| char new_child_path[PATH_MAX]; |
| const char* new_actual_name; |
| int res; |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| old_parent_node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, |
| old_parent_path, sizeof(old_parent_path)); |
| new_parent_node = lookup_node_and_path_by_id_locked(fuse, req->newdir, |
| new_parent_path, sizeof(new_parent_path)); |
| TRACE("[%d] RENAME %s->%s @ %"PRIx64" (%s) -> %"PRIx64" (%s)\n", handler->token, |
| old_name, new_name, |
| hdr->nodeid, old_parent_node ? old_parent_node->name : "?", |
| req->newdir, new_parent_node ? new_parent_node->name : "?"); |
| if (!old_parent_node || !new_parent_node) { |
| res = -ENOENT; |
| goto lookup_error; |
| } |
| if (!check_caller_access_to_name(fuse, hdr, old_parent_node, old_name, W_OK)) { |
| res = -EACCES; |
| goto lookup_error; |
| } |
| if (!check_caller_access_to_name(fuse, hdr, new_parent_node, new_name, W_OK)) { |
| res = -EACCES; |
| goto lookup_error; |
| } |
| child_node = lookup_child_by_name_locked(old_parent_node, old_name); |
| if (!child_node || get_node_path_locked(child_node, |
| old_child_path, sizeof(old_child_path)) < 0) { |
| res = -ENOENT; |
| goto lookup_error; |
| } |
| acquire_node_locked(child_node); |
| pthread_mutex_unlock(&fuse->global->lock); |
| |
| /* Special case for renaming a file where destination is same path |
| * differing only by case. In this case we don't want to look for a case |
| * insensitive match. This allows commands like "mv foo FOO" to work as expected. |
| */ |
| int search = old_parent_node != new_parent_node |
| || strcasecmp(old_name, new_name); |
| if (!(new_actual_name = find_file_within(new_parent_path, new_name, |
| new_child_path, sizeof(new_child_path), search))) { |
| res = -ENOENT; |
| goto io_error; |
| } |
| |
| TRACE("[%d] RENAME %s->%s\n", handler->token, old_child_path, new_child_path); |
| res = rename(old_child_path, new_child_path); |
| if (res < 0) { |
| res = -errno; |
| goto io_error; |
| } |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| res = rename_node_locked(child_node, new_name, new_actual_name); |
| if (!res) { |
| remove_node_from_parent_locked(child_node); |
| derive_permissions_locked(fuse, new_parent_node, child_node); |
| derive_permissions_recursive_locked(fuse, child_node); |
| add_node_to_parent_locked(child_node, new_parent_node); |
| } |
| goto done; |
| |
| io_error: |
| pthread_mutex_lock(&fuse->global->lock); |
| done: |
| release_node_locked(child_node); |
| lookup_error: |
| pthread_mutex_unlock(&fuse->global->lock); |
| return res; |
| } |
| |
| static int open_flags_to_access_mode(int open_flags) { |
| if ((open_flags & O_ACCMODE) == O_RDONLY) { |
| return R_OK; |
| } else if ((open_flags & O_ACCMODE) == O_WRONLY) { |
| return W_OK; |
| } else { |
| /* Probably O_RDRW, but treat as default to be safe */ |
| return R_OK | W_OK; |
| } |
| } |
| |
| static int handle_open(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const struct fuse_open_in* req) |
| { |
| struct node* node; |
| char path[PATH_MAX]; |
| struct fuse_open_out out; |
| struct handle *h; |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, path, sizeof(path)); |
| TRACE("[%d] OPEN 0%o @ %"PRIx64" (%s)\n", handler->token, |
| req->flags, hdr->nodeid, node ? node->name : "?"); |
| pthread_mutex_unlock(&fuse->global->lock); |
| |
| if (!node) { |
| return -ENOENT; |
| } |
| if (!check_caller_access_to_node(fuse, hdr, node, |
| open_flags_to_access_mode(req->flags))) { |
| return -EACCES; |
| } |
| h = malloc(sizeof(*h)); |
| if (!h) { |
| return -ENOMEM; |
| } |
| TRACE("[%d] OPEN %s\n", handler->token, path); |
| h->fd = open(path, req->flags); |
| if (h->fd < 0) { |
| free(h); |
| return -errno; |
| } |
| out.fh = ptr_to_id(h); |
| out.open_flags = 0; |
| |
| #ifdef FUSE_STACKED_IO |
| out.lower_fd = h->fd; |
| #else |
| out.padding = 0; |
| #endif |
| |
| fuse_reply(fuse, hdr->unique, &out, sizeof(out)); |
| return NO_STATUS; |
| } |
| |
| static int handle_read(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const struct fuse_read_in* req) |
| { |
| struct handle *h = id_to_ptr(req->fh); |
| __u64 unique = hdr->unique; |
| __u32 size = req->size; |
| __u64 offset = req->offset; |
| int res; |
| __u8 *read_buffer = (__u8 *) ((uintptr_t)(handler->read_buffer + PAGE_SIZE) & ~((uintptr_t)PAGE_SIZE-1)); |
| |
| /* Don't access any other fields of hdr or req beyond this point, the read buffer |
| * overlaps the request buffer and will clobber data in the request. This |
| * saves us 128KB per request handler thread at the cost of this scary comment. */ |
| |
| TRACE("[%d] READ %p(%d) %u@%"PRIu64"\n", handler->token, |
| h, h->fd, size, (uint64_t) offset); |
| if (size > MAX_READ) { |
| return -EINVAL; |
| } |
| res = pread64(h->fd, read_buffer, size, offset); |
| if (res < 0) { |
| return -errno; |
| } |
| fuse_reply(fuse, unique, read_buffer, res); |
| return NO_STATUS; |
| } |
| |
| static int handle_write(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const struct fuse_write_in* req, |
| const void* buffer) |
| { |
| struct fuse_write_out out; |
| struct handle *h = id_to_ptr(req->fh); |
| int res; |
| __u8 aligned_buffer[req->size] __attribute__((__aligned__(PAGE_SIZE))); |
| |
| if (req->flags & O_DIRECT) { |
| memcpy(aligned_buffer, buffer, req->size); |
| buffer = (const __u8*) aligned_buffer; |
| } |
| |
| TRACE("[%d] WRITE %p(%d) %u@%"PRIu64"\n", handler->token, |
| h, h->fd, req->size, req->offset); |
| res = pwrite64(h->fd, buffer, req->size, req->offset); |
| if (res < 0) { |
| return -errno; |
| } |
| out.size = res; |
| out.padding = 0; |
| fuse_reply(fuse, hdr->unique, &out, sizeof(out)); |
| return NO_STATUS; |
| } |
| |
| static int handle_statfs(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr) |
| { |
| char path[PATH_MAX]; |
| struct statfs stat; |
| struct fuse_statfs_out out; |
| int res; |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| TRACE("[%d] STATFS\n", handler->token); |
| res = get_node_path_locked(&fuse->global->root, path, sizeof(path)); |
| pthread_mutex_unlock(&fuse->global->lock); |
| if (res < 0) { |
| return -ENOENT; |
| } |
| if (statfs(fuse->global->root.name, &stat) < 0) { |
| return -errno; |
| } |
| memset(&out, 0, sizeof(out)); |
| out.st.blocks = stat.f_blocks; |
| out.st.bfree = stat.f_bfree; |
| out.st.bavail = stat.f_bavail; |
| out.st.files = stat.f_files; |
| out.st.ffree = stat.f_ffree; |
| out.st.bsize = stat.f_bsize; |
| out.st.namelen = stat.f_namelen; |
| out.st.frsize = stat.f_frsize; |
| fuse_reply(fuse, hdr->unique, &out, sizeof(out)); |
| return NO_STATUS; |
| } |
| |
| static int handle_release(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const struct fuse_release_in* req) |
| { |
| struct handle *h = id_to_ptr(req->fh); |
| |
| TRACE("[%d] RELEASE %p(%d)\n", handler->token, h, h->fd); |
| close(h->fd); |
| free(h); |
| return 0; |
| } |
| |
| static int handle_fsync(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const struct fuse_fsync_in* req) |
| { |
| bool is_dir = (hdr->opcode == FUSE_FSYNCDIR); |
| bool is_data_sync = req->fsync_flags & 1; |
| |
| int fd = -1; |
| if (is_dir) { |
| struct dirhandle *dh = id_to_ptr(req->fh); |
| fd = dirfd(dh->d); |
| } else { |
| struct handle *h = id_to_ptr(req->fh); |
| fd = h->fd; |
| } |
| |
| TRACE("[%d] %s %p(%d) is_data_sync=%d\n", handler->token, |
| is_dir ? "FSYNCDIR" : "FSYNC", |
| id_to_ptr(req->fh), fd, is_data_sync); |
| int res = is_data_sync ? fdatasync(fd) : fsync(fd); |
| if (res == -1) { |
| return -errno; |
| } |
| return 0; |
| } |
| |
| static int handle_flush(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr) |
| { |
| TRACE("[%d] FLUSH\n", handler->token); |
| return 0; |
| } |
| |
| static int handle_opendir(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const struct fuse_open_in* req) |
| { |
| struct node* node; |
| char path[PATH_MAX]; |
| struct fuse_open_out out; |
| struct dirhandle *h; |
| |
| pthread_mutex_lock(&fuse->global->lock); |
| node = lookup_node_and_path_by_id_locked(fuse, hdr->nodeid, path, sizeof(path)); |
| TRACE("[%d] OPENDIR @ %"PRIx64" (%s)\n", handler->token, |
| hdr->nodeid, node ? node->name : "?"); |
| pthread_mutex_unlock(&fuse->global->lock); |
| |
| if (!node) { |
| return -ENOENT; |
| } |
| if (!check_caller_access_to_node(fuse, hdr, node, R_OK)) { |
| return -EACCES; |
| } |
| h = malloc(sizeof(*h)); |
| if (!h) { |
| return -ENOMEM; |
| } |
| TRACE("[%d] OPENDIR %s\n", handler->token, path); |
| h->d = opendir(path); |
| if (!h->d) { |
| free(h); |
| return -errno; |
| } |
| out.fh = ptr_to_id(h); |
| out.open_flags = 0; |
| |
| #ifdef FUSE_STACKED_IO |
| out.lower_fd = -1; |
| #else |
| out.padding = 0; |
| #endif |
| |
| fuse_reply(fuse, hdr->unique, &out, sizeof(out)); |
| return NO_STATUS; |
| } |
| |
| static int handle_readdir(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const struct fuse_read_in* req) |
| { |
| char buffer[8192]; |
| struct fuse_dirent *fde = (struct fuse_dirent*) buffer; |
| struct dirent *de; |
| struct dirhandle *h = id_to_ptr(req->fh); |
| |
| TRACE("[%d] READDIR %p\n", handler->token, h); |
| if (req->offset == 0) { |
| /* rewinddir() might have been called above us, so rewind here too */ |
| TRACE("[%d] calling rewinddir()\n", handler->token); |
| rewinddir(h->d); |
| } |
| de = readdir(h->d); |
| if (!de) { |
| return 0; |
| } |
| fde->ino = FUSE_UNKNOWN_INO; |
| /* increment the offset so we can detect when rewinddir() seeks back to the beginning */ |
| fde->off = req->offset + 1; |
| fde->type = de->d_type; |
| fde->namelen = strlen(de->d_name); |
| memcpy(fde->name, de->d_name, fde->namelen + 1); |
| fuse_reply(fuse, hdr->unique, fde, |
| FUSE_DIRENT_ALIGN(sizeof(struct fuse_dirent) + fde->namelen)); |
| return NO_STATUS; |
| } |
| |
| static int handle_releasedir(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const struct fuse_release_in* req) |
| { |
| struct dirhandle *h = id_to_ptr(req->fh); |
| |
| TRACE("[%d] RELEASEDIR %p\n", handler->token, h); |
| closedir(h->d); |
| free(h); |
| return 0; |
| } |
| |
| static int handle_init(struct fuse* fuse, struct fuse_handler* handler, |
| const struct fuse_in_header* hdr, const struct fuse_init_in* req) |
| { |
| struct fuse_init_out out; |
| size_t fuse_struct_size; |
| |
| TRACE("[%d] INIT ver=%d.%d maxread=%d flags=%x\n", |
| handler->token, req->major, req->minor, req->max_readahead, req->flags); |
| |
| /* Kernel 2.6.16 is the first stable kernel with struct fuse_init_out |
| * defined (fuse version 7.6). The structure is the same from 7.6 through |
| * 7.22. Beginning with 7.23, the structure increased in size and added |
| * new parameters. |
| */ |
| if (req->major != FUSE_KERNEL_VERSION || req->minor < 6) { |
| ERROR("Fuse kernel version mismatch: Kernel version %d.%d, Expected at least %d.6", |
| req->major, req->minor, FUSE_KERNEL_VERSION); |
| return -1; |
| } |
| |
| /* We limit ourselves to 15 because we don't handle BATCH_FORGET yet */ |
| out.minor = MIN(req->minor, 15); |
| fuse_struct_size = sizeof(out); |
| #if defined(FUSE_COMPAT_22_INIT_OUT_SIZE) |
| /* FUSE_KERNEL_VERSION >= 23. */ |
| |
| /* If the kernel only works on minor revs older than or equal to 22, |
| * then use the older structure size since this code only uses the 7.22 |
| * version of the structure. */ |
| if (req->minor <= 22) { |
| fuse_struct_size = FUSE_COMPAT_22_INIT_OUT_SIZE; |
| } |
| #endif |
| |
| out.major = FUSE_KERNEL_VERSION; |
| out.max_readahead = req->max_readahead; |
| out.flags = FUSE_ATOMIC_O_TRUNC | FUSE_BIG_WRITES; |
| |
| #ifdef FUSE_STACKED_IO |
| out.flags |= FUSE_STACKED_IO; |
| #endif |
| |
| out.max_background = 32; |
| out.congestion_threshold = 32; |
| out.max_write = MAX_WRITE; |
| fuse_reply(fuse, hdr->unique, &out, fuse_struct_size); |
| return NO_STATUS; |
| } |
| |
| static int handle_fuse_request(struct fuse *fuse, struct fuse_handler* handler, |
| const struct fuse_in_header *hdr, const void *data, size_t data_len) |
| { |
| switch (hdr->opcode) { |
| case FUSE_LOOKUP: { /* bytez[] -> entry_out */ |
| const char* name = data; |
| return handle_lookup(fuse, handler, hdr, name); |
| } |
| |
| case FUSE_FORGET: { |
| const struct fuse_forget_in *req = data; |
| return handle_forget(fuse, handler, hdr, req); |
| } |
| |
| case FUSE_GETATTR: { /* getattr_in -> attr_out */ |
| const struct fuse_getattr_in *req = data; |
| return handle_getattr(fuse, handler, hdr, req); |
| } |
| |
| case FUSE_SETATTR: { /* setattr_in -> attr_out */ |
| const struct fuse_setattr_in *req = data; |
| return handle_setattr(fuse, handler, hdr, req); |
| } |
| |
| // case FUSE_READLINK: |
| // case FUSE_SYMLINK: |
| case FUSE_MKNOD: { /* mknod_in, bytez[] -> entry_out */ |
| const struct fuse_mknod_in *req = data; |
| const char *name = ((const char*) data) + sizeof(*req); |
| return handle_mknod(fuse, handler, hdr, req, name); |
| } |
| |
| case FUSE_MKDIR: { /* mkdir_in, bytez[] -> entry_out */ |
| const struct fuse_mkdir_in *req = data; |
| const char *name = ((const char*) data) + sizeof(*req); |
| return handle_mkdir(fuse, handler, hdr, req, name); |
| } |
| |
| case FUSE_UNLINK: { /* bytez[] -> */ |
| const char* name = data; |
| return handle_unlink(fuse, handler, hdr, name); |
| } |
| |
| case FUSE_RMDIR: { /* bytez[] -> */ |
| const char* name = data; |
| return handle_rmdir(fuse, handler, hdr, name); |
| } |
| |
| case FUSE_RENAME: { /* rename_in, oldname, newname -> */ |
| const struct fuse_rename_in *req = data; |
| const char *old_name = ((const char*) data) + sizeof(*req); |
| const char *new_name = old_name + strlen(old_name) + 1; |
| return handle_rename(fuse, handler, hdr, req, old_name, new_name); |
| } |
| |
| // case FUSE_LINK: |
| case FUSE_OPEN: { /* open_in -> open_out */ |
| const struct fuse_open_in *req = data; |
| return handle_open(fuse, handler, hdr, req); |
| } |
| |
| case FUSE_READ: { /* read_in -> byte[] */ |
| const struct fuse_read_in *req = data; |
| return handle_read(fuse, handler, hdr, req); |
| } |
| |
| case FUSE_WRITE: { /* write_in, byte[write_in.size] -> write_out */ |
| const struct fuse_write_in *req = data; |
| const void* buffer = (const __u8*)data + sizeof(*req); |
| return handle_write(fuse, handler, hdr, req, buffer); |
| } |
| |
| case FUSE_STATFS: { /* getattr_in -> attr_out */ |
| return handle_statfs(fuse, handler, hdr); |
| } |
| |
| case FUSE_RELEASE: { /* release_in -> */ |
| const struct fuse_release_in *req = data; |
| return handle_release(fuse, handler, hdr, req); |
| } |
| |
| case FUSE_FSYNC: |
| case FUSE_FSYNCDIR: { |
| const struct fuse_fsync_in *req = data; |
| return handle_fsync(fuse, handler, hdr, req); |
| } |
| |
| // case FUSE_SETXATTR: |
| // case FUSE_GETXATTR: |
| // case FUSE_LISTXATTR: |
| // case FUSE_REMOVEXATTR: |
| case FUSE_FLUSH: { |
| return handle_flush(fuse, handler, hdr); |
| } |
| |
| case FUSE_OPENDIR: { /* open_in -> open_out */ |
| const struct fuse_open_in *req = data; |
| return handle_opendir(fuse, handler, hdr, req); |
| } |
| |
| case FUSE_READDIR: { |
| const struct fuse_read_in *req = data; |
| return handle_readdir(fuse, handler, hdr, req); |
| } |
| |
| case FUSE_RELEASEDIR: { /* release_in -> */ |
| const struct fuse_release_in *req = data; |
| return handle_releasedir(fuse, handler, hdr, req); |
| } |
| |
| case FUSE_INIT: { /* init_in -> init_out */ |
| const struct fuse_init_in *req = data; |
| return handle_init(fuse, handler, hdr, req); |
| } |
| |
| default: { |
| TRACE("[%d] NOTIMPL op=%d uniq=%"PRIx64" nid=%"PRIx64"\n", |
| handler->token, hdr->opcode, hdr->unique, hdr->nodeid); |
| return -ENOSYS; |
| } |
| } |
| } |
| |
| static void handle_fuse_requests(struct fuse_handler* handler) |
| { |
| struct fuse* fuse = handler->fuse; |
| for (;;) { |
| ssize_t len = TEMP_FAILURE_RETRY(read(fuse->fd, |
| handler->request_buffer, sizeof(handler->request_buffer))); |
| if (len < 0) { |
| if (errno == ENODEV) { |
| ERROR("[%d] someone stole our marbles!\n", handler->token); |
| exit(2); |
| } |
| ERROR("[%d] handle_fuse_requests: errno=%d\n", handler->token, errno); |
| continue; |
| } |
| |
| if ((size_t)len < sizeof(struct fuse_in_header)) { |
| ERROR("[%d] request too short: len=%zu\n", handler->token, (size_t)len); |
| continue; |
| } |
| |
| const struct fuse_in_header *hdr = (void*)handler->request_buffer; |
| if (hdr->len != (size_t)len) { |
| ERROR("[%d] malformed header: len=%zu, hdr->len=%u\n", |
| handler->token, (size_t)len, hdr->len); |
| continue; |
| } |
| |
| const void *data = handler->request_buffer + sizeof(struct fuse_in_header); |
| size_t data_len = len - sizeof(struct fuse_in_header); |
| __u64 unique = hdr->unique; |
| int res = handle_fuse_request(fuse, handler, hdr, data, data_len); |
| |
| /* We do not access the request again after this point because the underlying |
| * buffer storage may have been reused while processing the request. */ |
| |
| if (res != NO_STATUS) { |
| if (res) { |
| TRACE("[%d] ERROR %d\n", handler->token, res); |
| } |
| fuse_status(fuse, unique, res); |
| } |
| } |
| } |
| |
| static void* start_handler(void* data) |
| { |
| struct fuse_handler* handler = data; |
| handle_fuse_requests(handler); |
| return NULL; |
| } |
| |
| static bool remove_str_to_int(void *key, void *value, void *context) { |
| Hashmap* map = context; |
| hashmapRemove(map, key); |
| free(key); |
| return true; |
| } |
| |
| static bool package_parse_callback(pkg_info *info, void *userdata) { |
| struct fuse_global *global = (struct fuse_global *)userdata; |
| |
| char* name = strdup(info->name); |
| hashmapPut(global->package_to_appid, name, (void*) (uintptr_t) info->uid); |
| packagelist_free(info); |
| return true; |
| } |
| |
| static bool read_package_list(struct fuse_global* global) { |
| pthread_mutex_lock(&global->lock); |
| |
| hashmapForEach(global->package_to_appid, remove_str_to_int, global->package_to_appid); |
| |
| bool rc = packagelist_parse(package_parse_callback, global); |
| TRACE("read_package_list: found %zu packages\n", |
| hashmapSize(global->package_to_appid)); |
| |
| /* Regenerate ownership details using newly loaded mapping */ |
| derive_permissions_recursive_locked(global->fuse_default, &global->root); |
| |
| pthread_mutex_unlock(&global->lock); |
| |
| return rc; |
| } |
| |
| static void watch_package_list(struct fuse_global* global) { |
| struct inotify_event *event; |
| char event_buf[512]; |
| |
| int nfd = inotify_init(); |
| if (nfd < 0) { |
| ERROR("inotify_init failed: %s\n", strerror(errno)); |
| return; |
| } |
| |
| bool active = false; |
| while (1) { |
| if (!active) { |
| int res = inotify_add_watch(nfd, PACKAGES_LIST_FILE, IN_DELETE_SELF); |
| if (res == -1) { |
| if (errno == ENOENT || errno == EACCES) { |
| /* Framework may not have created yet, sleep and retry */ |
| ERROR("missing \"%s\"; retrying\n", PACKAGES_LIST_FILE); |
| sleep(3); |
| continue; |
| } else { |
| ERROR("inotify_add_watch failed: %s\n", strerror(errno)); |
| return; |
| } |
| } |
| |
| /* Watch above will tell us about any future changes, so |
| * read the current state. */ |
| if (read_package_list(global) == false) { |
| ERROR("read_package_list failed\n"); |
| return; |
| } |
| active = true; |
| } |
| |
| int event_pos = 0; |
| int res = read(nfd, event_buf, sizeof(event_buf)); |
| if (res < (int) sizeof(*event)) { |
| if (errno == EINTR) |
| continue; |
| ERROR("failed to read inotify event: %s\n", strerror(errno)); |
| return; |
| } |
| |
| while (res >= (int) sizeof(*event)) { |
| int event_size; |
| event = (struct inotify_event *) (event_buf + event_pos); |
| |
| TRACE("inotify event: %08x\n", event->mask); |
| if ((event->mask & IN_IGNORED) == IN_IGNORED) { |
| /* Previously watched file was deleted, probably due to move |
| * that swapped in new data; re-arm the watch and read. */ |
| active = false; |
| } |
| |
| event_size = sizeof(*event) + event->len; |
| res -= event_size; |
| event_pos += event_size; |
| } |
| } |
| } |
| |
| static int usage() { |
| ERROR("usage: sdcard [OPTIONS] <source_path> <label>\n" |
| " -u: specify UID to run as\n" |
| " -g: specify GID to run as\n" |
| " -U: specify user ID that owns device\n" |
| " -m: source_path is multi-user\n" |
| " -w: runtime write mount has full write access\n" |
| "\n"); |
| return 1; |
| } |
| |
| static int fuse_setup(struct fuse* fuse, gid_t gid, mode_t mask) { |
| char opts[256]; |
| |
| fuse->fd = open("/dev/fuse", O_RDWR); |
| if (fuse->fd == -1) { |
| ERROR("failed to open fuse device: %s\n", strerror(errno)); |
| return -1; |
| } |
| |
| umount2(fuse->dest_path, MNT_DETACH); |
| |
| snprintf(opts, sizeof(opts), |
| "fd=%i,rootmode=40000,default_permissions,allow_other,user_id=%d,group_id=%d", |
| fuse->fd, fuse->global->uid, fuse->global->gid); |
| if (mount("/dev/fuse", fuse->dest_path, "fuse", MS_NOSUID | MS_NODEV | MS_NOEXEC | |
| MS_NOATIME, opts) != 0) { |
| ERROR("failed to mount fuse filesystem: %s\n", strerror(errno)); |
| return -1; |
| } |
| |
| fuse->gid = gid; |
| fuse->mask = mask; |
| |
| return 0; |
| } |
| |
| static void run(const char* source_path, const char* label, uid_t uid, |
| gid_t gid, userid_t userid, bool multi_user, bool full_write) { |
| struct fuse_global global; |
| struct fuse fuse_default; |
| struct fuse fuse_read; |
| struct fuse fuse_write; |
| struct fuse_handler handler_default; |
| struct fuse_handler handler_read; |
| struct fuse_handler handler_write; |
| pthread_t thread_default; |
| pthread_t thread_read; |
| pthread_t thread_write; |
| |
| memset(&global, 0, sizeof(global)); |
| memset(&fuse_default, 0, sizeof(fuse_default)); |
| memset(&fuse_read, 0, sizeof(fuse_read)); |
| memset(&fuse_write, 0, sizeof(fuse_write)); |
| memset(&handler_default, 0, sizeof(handler_default)); |
| memset(&handler_read, 0, sizeof(handler_read)); |
| memset(&handler_write, 0, sizeof(handler_write)); |
| |
| pthread_mutex_init(&global.lock, NULL); |
| global.package_to_appid = hashmapCreate(256, str_hash, str_icase_equals); |
| global.uid = uid; |
| global.gid = gid; |
| global.multi_user = multi_user; |
| global.next_generation = 0; |
| global.inode_ctr = 1; |
| |
| memset(&global.root, 0, sizeof(global.root)); |
| global.root.nid = FUSE_ROOT_ID; /* 1 */ |
| global.root.refcount = 2; |
| global.root.namelen = strlen(source_path); |
| global.root.name = strdup(source_path); |
| global.root.userid = userid; |
| global.root.uid = AID_ROOT; |
| global.root.under_android = false; |
| |
| strcpy(global.source_path, source_path); |
| |
| if (multi_user) { |
| global.root.perm = PERM_PRE_ROOT; |
| snprintf(global.obb_path, sizeof(global.obb_path), "%s/obb", source_path); |
| } else { |
| global.root.perm = PERM_ROOT; |
| snprintf(global.obb_path, sizeof(global.obb_path), "%s/Android/obb", source_path); |
| } |
| |
| fuse_default.global = &global; |
| fuse_read.global = &global; |
| fuse_write.global = &global; |
| |
| global.fuse_default = &fuse_default; |
| global.fuse_read = &fuse_read; |
| global.fuse_write = &fuse_write; |
| |
| snprintf(fuse_default.dest_path, PATH_MAX, "/mnt/runtime/default/%s", label); |
| snprintf(fuse_read.dest_path, PATH_MAX, "/mnt/runtime/read/%s", label); |
| snprintf(fuse_write.dest_path, PATH_MAX, "/mnt/runtime/write/%s", label); |
| |
| handler_default.fuse = &fuse_default; |
| handler_read.fuse = &fuse_read; |
| handler_write.fuse = &fuse_write; |
| |
| handler_default.token = 0; |
| handler_read.token = 1; |
| handler_write.token = 2; |
| |
| umask(0); |
| |
| if (multi_user) { |
| /* Multi-user storage is fully isolated per user, so "other" |
| * permissions are completely masked off. */ |
| if (fuse_setup(&fuse_default, AID_SDCARD_RW, 0006) |
| || fuse_setup(&fuse_read, AID_EVERYBODY, 0027) |
| || fuse_setup(&fuse_write, AID_EVERYBODY, full_write ? 0007 : 0027)) { |
| ERROR("failed to fuse_setup\n"); |
| exit(1); |
| } |
| } else { |
| /* Physical storage is readable by all users on device, but |
| * the Android directories are masked off to a single user |
| * deep inside attr_from_stat(). */ |
| if (fuse_setup(&fuse_default, AID_SDCARD_RW, 0006) |
| || fuse_setup(&fuse_read, AID_EVERYBODY, full_write ? 0027 : 0022) |
| || fuse_setup(&fuse_write, AID_EVERYBODY, full_write ? 0007 : 0022)) { |
| ERROR("failed to fuse_setup\n"); |
| exit(1); |
| } |
| } |
| |
| /* Drop privs */ |
| if (setgroups(sizeof(kGroups) / sizeof(kGroups[0]), kGroups) < 0) { |
| ERROR("cannot setgroups: %s\n", strerror(errno)); |
| exit(1); |
| } |
| if (setgid(gid) < 0) { |
| ERROR("cannot setgid: %s\n", strerror(errno)); |
| exit(1); |
| } |
| if (setuid(uid) < 0) { |
| ERROR("cannot setuid: %s\n", strerror(errno)); |
| exit(1); |
| } |
| |
| if (multi_user) { |
| fs_prepare_dir(global.obb_path, 0775, uid, gid); |
| } |
| |
| if (pthread_create(&thread_default, NULL, start_handler, &handler_default) |
| || pthread_create(&thread_read, NULL, start_handler, &handler_read) |
| || pthread_create(&thread_write, NULL, start_handler, &handler_write)) { |
| ERROR("failed to pthread_create\n"); |
| exit(1); |
| } |
| |
| watch_package_list(&global); |
| ERROR("terminated prematurely\n"); |
| exit(1); |
| } |
| |
| int main(int argc, char **argv) { |
| const char *source_path = NULL; |
| const char *label = NULL; |
| uid_t uid = 0; |
| gid_t gid = 0; |
| userid_t userid = 0; |
| bool multi_user = false; |
| bool full_write = false; |
| int i; |
| struct rlimit rlim; |
| int fs_version; |
| |
| int opt; |
| while ((opt = getopt(argc, argv, "u:g:U:mw")) != -1) { |
| switch (opt) { |
| case 'u': |
| uid = strtoul(optarg, NULL, 10); |
| break; |
| case 'g': |
| gid = strtoul(optarg, NULL, 10); |
| break; |
| case 'U': |
| userid = strtoul(optarg, NULL, 10); |
| break; |
| case 'm': |
| multi_user = true; |
| break; |
| case 'w': |
| full_write = true; |
| break; |
| case '?': |
| default: |
| return usage(); |
| } |
| } |
| |
| for (i = optind; i < argc; i++) { |
| char* arg = argv[i]; |
| if (!source_path) { |
| source_path = arg; |
| } else if (!label) { |
| label = arg; |
| } else { |
| ERROR("too many arguments\n"); |
| return usage(); |
| } |
| } |
| |
| if (!source_path) { |
| ERROR("no source path specified\n"); |
| return usage(); |
| } |
| if (!label) { |
| ERROR("no label specified\n"); |
| return usage(); |
| } |
| if (!uid || !gid) { |
| ERROR("uid and gid must be nonzero\n"); |
| return usage(); |
| } |
| |
| rlim.rlim_cur = 8192; |
| rlim.rlim_max = 8192; |
| if (setrlimit(RLIMIT_NOFILE, &rlim)) { |
| ERROR("Error setting RLIMIT_NOFILE, errno = %d\n", errno); |
| } |
| |
| while ((fs_read_atomic_int("/data/.layout_version", &fs_version) == -1) || (fs_version < 3)) { |
| ERROR("installd fs upgrade not yet complete. Waiting...\n"); |
| sleep(1); |
| } |
| |
| run(source_path, label, uid, gid, userid, multi_user, full_write); |
| return 1; |
| } |