Support remote readonly directory
A remote readonly directory allows a user process to open/read files at
the configured mountpoint sub-directory, e.g.
/authfs/42/system/framework/framework.jar. Only allowlisted files are
visible.
There will be transparent integrity checks for all files under such a
directory, but it is not done in this change yet (tracked by
b/203251769).
See doc of `Args::remote_ro_dir` in main.rs for more details.
Bug: 203251769
Test: atest AuthFsHostTest
Change-Id: I716d6820a047761159c79947504579677c0fdeec
diff --git a/authfs/src/file/remote_file.rs b/authfs/src/file/remote_file.rs
index 903c143..039285f 100644
--- a/authfs/src/file/remote_file.rs
+++ b/authfs/src/file/remote_file.rs
@@ -17,6 +17,7 @@
use std::cmp::min;
use std::convert::TryFrom;
use std::io;
+use std::path::Path;
use super::{ChunkBuffer, RandomWrite, ReadByChunk, VirtFdService};
use crate::common::CHUNK_SIZE;
@@ -48,6 +49,29 @@
pub fn new(service: VirtFdService, file_fd: i32) -> Self {
RemoteFileReader { service, file_fd }
}
+
+ pub fn new_by_path(
+ service: VirtFdService,
+ dir_fd: i32,
+ related_path: &Path,
+ ) -> io::Result<Self> {
+ let file_fd =
+ service.openFileInDirectory(dir_fd, related_path.to_str().unwrap()).map_err(|e| {
+ io::Error::new(
+ io::ErrorKind::Other,
+ format!(
+ "Failed to create a remote file reader by path {}: {}",
+ related_path.display(),
+ e.get_description()
+ ),
+ )
+ })?;
+ Ok(RemoteFileReader { service, file_fd })
+ }
+
+ pub fn get_remote_fd(&self) -> i32 {
+ self.file_fd
+ }
}
impl ReadByChunk for RemoteFileReader {