Remove unnecessary local ID in authfs
AuthFS had the unnecessary flexibility to associate a local file ID /
filesystem entry name with the remote FD. Remove this flexibility since
we can always use the remote FD to name the file entry.
Also, rename some of the "id" with "fd". Although id/identifiler may
make better sense in the API, calling it fd/file descriptor could reduce
mental overhead.
Bug: 203251769
Test: atest AuthFsHostTest
Test: atest ComposHostTestCases
Change-Id: I7a75ef4ed21fb00f5c7f80c560d1f654d21268cd
diff --git a/authfs/src/main.rs b/authfs/src/main.rs
index 0add77f..a5fe2c3 100644
--- a/authfs/src/main.rs
+++ b/authfs/src/main.rs
@@ -62,33 +62,33 @@
/// A read-only remote file with integrity check. Can be multiple.
///
- /// For example, `--remote-verified-file 5:10:/path/to/cert` tells the filesystem to associate
- /// entry 5 with a remote file 10, and need to be verified against the /path/to/cert.
+ /// For example, `--remote-ro-file 5:/path/to/cert` tells the filesystem to associate the
+ /// file $MOUNTPOINT/5 with a remote FD 5, and need to be verified against the /path/to/cert.
#[structopt(long, parse(try_from_str = parse_remote_ro_file_option))]
remote_ro_file: Vec<OptionRemoteRoFile>,
/// A read-only remote file without integrity check. Can be multiple.
///
- /// For example, `--remote-unverified-file 5:10` tells the filesystem to associate entry 5
- /// with a remote file 10.
- #[structopt(long, parse(try_from_str = parse_remote_ro_file_unverified_option))]
- remote_ro_file_unverified: Vec<OptionRemoteRoFileUnverified>,
+ /// For example, `--remote-ro-file-unverified 5` tells the filesystem to associate the file
+ /// $MOUNTPOINT/5 with a remote FD 5.
+ #[structopt(long)]
+ remote_ro_file_unverified: Vec<i32>,
/// A new read-writable remote file with integrity check. Can be multiple.
///
- /// For example, `--remote-new-verified-file 12:34` tells the filesystem to associate entry 12
- /// with a remote file 34.
- #[structopt(long, parse(try_from_str = parse_remote_new_rw_file_option))]
- remote_new_rw_file: Vec<OptionRemoteRwFile>,
+ /// For example, `--remote-new-rw-file 5` tells the filesystem to associate the file
+ /// $MOUNTPOINT/5 with a remote FD 5.
+ #[structopt(long)]
+ remote_new_rw_file: Vec<i32>,
/// A new directory that is assumed empty in the backing filesystem. New files created in this
/// directory are integrity-protected in the same way as --remote-new-verified-file. Can be
/// multiple.
///
- /// For example, `--remote-new-verified-dir 12:34` tells the filesystem to associate entry 12
- /// with a remote dir FD 34.
- #[structopt(long, parse(try_from_str = parse_remote_new_rw_dir_option))]
- remote_new_rw_dir: Vec<OptionRemoteRwDir>,
+ /// For example, `--remote-new-rw-dir 5` tells the filesystem to associate $MOUNTPOINT/5
+ /// with a remote dir FD 5.
+ #[structopt(long)]
+ remote_new_rw_dir: Vec<i32>,
/// Enable debugging features.
#[structopt(long)]
@@ -96,97 +96,40 @@
}
struct OptionRemoteRoFile {
- ino: Inode,
-
/// ID to refer to the remote file.
- remote_id: i32,
+ remote_fd: i32,
/// Certificate to verify the authenticity of the file's fs-verity signature.
/// TODO(170494765): Implement PKCS#7 signature verification.
_certificate_path: PathBuf,
}
-struct OptionRemoteRoFileUnverified {
- ino: Inode,
-
- /// ID to refer to the remote file.
- remote_id: i32,
-}
-
-struct OptionRemoteRwFile {
- ino: Inode,
-
- /// ID to refer to the remote file.
- remote_id: i32,
-}
-
-struct OptionRemoteRwDir {
- ino: Inode,
-
- /// ID to refer to the remote dir.
- remote_id: i32,
-}
-
fn parse_remote_ro_file_option(option: &str) -> Result<OptionRemoteRoFile> {
let strs: Vec<&str> = option.split(':').collect();
- if strs.len() != 3 {
+ if strs.len() != 2 {
bail!("Invalid option: {}", option);
}
Ok(OptionRemoteRoFile {
- ino: strs[0].parse::<Inode>()?,
- remote_id: strs[1].parse::<i32>()?,
- _certificate_path: PathBuf::from(strs[2]),
- })
-}
-
-fn parse_remote_ro_file_unverified_option(option: &str) -> Result<OptionRemoteRoFileUnverified> {
- let strs: Vec<&str> = option.split(':').collect();
- if strs.len() != 2 {
- bail!("Invalid option: {}", option);
- }
- Ok(OptionRemoteRoFileUnverified {
- ino: strs[0].parse::<Inode>()?,
- remote_id: strs[1].parse::<i32>()?,
- })
-}
-
-fn parse_remote_new_rw_file_option(option: &str) -> Result<OptionRemoteRwFile> {
- let strs: Vec<&str> = option.split(':').collect();
- if strs.len() != 2 {
- bail!("Invalid option: {}", option);
- }
- Ok(OptionRemoteRwFile {
- ino: strs[0].parse::<Inode>().unwrap(),
- remote_id: strs[1].parse::<i32>().unwrap(),
- })
-}
-
-fn parse_remote_new_rw_dir_option(option: &str) -> Result<OptionRemoteRwDir> {
- let strs: Vec<&str> = option.split(':').collect();
- if strs.len() != 2 {
- bail!("Invalid option: {}", option);
- }
- Ok(OptionRemoteRwDir {
- ino: strs[0].parse::<Inode>().unwrap(),
- remote_id: strs[1].parse::<i32>().unwrap(),
+ remote_fd: strs[0].parse::<i32>()?,
+ _certificate_path: PathBuf::from(strs[1]),
})
}
fn new_config_remote_verified_file(
service: file::VirtFdService,
- remote_id: i32,
+ remote_fd: i32,
file_size: u64,
) -> Result<FileConfig> {
- let signature = service.readFsveritySignature(remote_id).context("Failed to read signature")?;
+ let signature = service.readFsveritySignature(remote_fd).context("Failed to read signature")?;
let authenticator = FakeAuthenticator::always_succeed();
Ok(FileConfig::VerifiedReadonly {
reader: VerifiedFileReader::new(
&authenticator,
- RemoteFileReader::new(service.clone(), remote_id),
+ RemoteFileReader::new(service.clone(), remote_fd),
file_size,
signature,
- RemoteMerkleTreeReader::new(service.clone(), remote_id),
+ RemoteMerkleTreeReader::new(service.clone(), remote_fd),
)?,
file_size,
})
@@ -194,26 +137,26 @@
fn new_config_remote_unverified_file(
service: file::VirtFdService,
- remote_id: i32,
+ remote_fd: i32,
file_size: u64,
) -> Result<FileConfig> {
- let reader = RemoteFileReader::new(service, remote_id);
+ let reader = RemoteFileReader::new(service, remote_fd);
Ok(FileConfig::UnverifiedReadonly { reader, file_size })
}
fn new_config_remote_new_verified_file(
service: file::VirtFdService,
- remote_id: i32,
+ remote_fd: i32,
) -> Result<FileConfig> {
- let remote_file = RemoteFileEditor::new(service, remote_id);
+ let remote_file = RemoteFileEditor::new(service, remote_fd);
Ok(FileConfig::VerifiedNew { editor: VerifiedFileEditor::new(remote_file) })
}
fn new_config_remote_new_verified_dir(
service: file::VirtFdService,
- remote_id: i32,
+ remote_fd: i32,
) -> Result<FileConfig> {
- let dir = RemoteDirEditor::new(service, remote_id);
+ let dir = RemoteDirEditor::new(service, remote_fd);
Ok(FileConfig::VerifiedNewDirectory { dir })
}
@@ -224,37 +167,40 @@
for config in &args.remote_ro_file {
file_pool.insert(
- config.ino,
+ config.remote_fd.try_into()?,
new_config_remote_verified_file(
service.clone(),
- config.remote_id,
- service.getFileSize(config.remote_id)?.try_into()?,
+ config.remote_fd,
+ service.getFileSize(config.remote_fd)?.try_into()?,
)?,
);
}
- for config in &args.remote_ro_file_unverified {
+ for remote_fd in &args.remote_ro_file_unverified {
+ let remote_fd = *remote_fd;
file_pool.insert(
- config.ino,
+ remote_fd.try_into()?,
new_config_remote_unverified_file(
service.clone(),
- config.remote_id,
- service.getFileSize(config.remote_id)?.try_into()?,
+ remote_fd,
+ service.getFileSize(remote_fd)?.try_into()?,
)?,
);
}
- for config in &args.remote_new_rw_file {
+ for remote_fd in &args.remote_new_rw_file {
+ let remote_fd = *remote_fd;
file_pool.insert(
- config.ino,
- new_config_remote_new_verified_file(service.clone(), config.remote_id)?,
+ remote_fd.try_into()?,
+ new_config_remote_new_verified_file(service.clone(), remote_fd)?,
);
}
- for config in &args.remote_new_rw_dir {
+ for remote_fd in &args.remote_new_rw_dir {
+ let remote_fd = *remote_fd;
file_pool.insert(
- config.ino,
- new_config_remote_new_verified_dir(service.clone(), config.remote_id)?,
+ remote_fd.try_into()?,
+ new_config_remote_new_verified_dir(service.clone(), remote_fd)?,
);
}