Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / 9813914a3b5b7010bcb8d70df2b383aa9839e976 / . / sdcard / sdcard.cpp
blob: 77d5a91f1233d33274f5ccb49444f316909ca751 [file] [log] [blame]
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]1// Copyright (C) 2016 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15#define LOG_TAG "sdcard"
16
17#include <dirent.h>
18#include <errno.h>
19#include <fcntl.h>
20#include <linux/fuse.h>
21#include <pthread.h>
22#include <stdlib.h>
23#include <string.h>
24#include <sys/inotify.h>
25#include <sys/mount.h>
26#include <sys/resource.h>
27#include <sys/stat.h>
28#include <sys/types.h>
29#include <unistd.h>
30
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]31#include <android-base/file.h>
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]32#include <android-base/logging.h>
Jorge Lucangeli Obesbae15b42016-07-18 13:46:42 -0400[diff] [blame]33#include <android-base/macros.h>
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]34#include <android-base/stringprintf.h>
35#include <android-base/strings.h>
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]36
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]37#include <cutils/fs.h>
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]38#include <cutils/multiuser.h>
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]39#include <cutils/properties.h>
40
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]41#include <packagelistparser/packagelistparser.h>
42
Jorge Lucangeli Obesc96f53e2016-07-14 14:50:14 -0400[diff] [blame]43#include <libminijail.h>
44#include <scoped_minijail.h>
45
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]46#include <private/android_filesystem_config.h>
47
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]48// README
49//
50// What is this?
51//
52// sdcard is a program that uses FUSE to emulate FAT-on-sdcard style
53// directory permissions (all files are given fixed owner, group, and
54// permissions at creation, owner, group, and permissions are not
55// changeable, symlinks and hardlinks are not createable, etc.
56//
57// See usage() for command line options.
58//
59// It must be run as root, but will drop to requested UID/GID as soon as it
60// mounts a filesystem. It will refuse to run if requested UID/GID are zero.
61//
62// Things I believe to be true:
63//
64// - ops that return a fuse_entry (LOOKUP, MKNOD, MKDIR, LINK, SYMLINK,
65// CREAT) must bump that node's refcount
66// - don't forget that FORGET can forget multiple references (req->nlookup)
67// - if an op that returns a fuse_entry fails writing the reply to the
68// kernel, you must rollback the refcount to reflect the reference the
69// kernel did not actually acquire
70//
71// This daemon can also derive custom filesystem permissions based on directory
72// structure when requested. These custom permissions support several features:
73//
74// - Apps can access their own files in /Android/data/com.example/ without
75// requiring any additional GIDs.
76// - Separate permissions for protecting directories like Pictures and Music.
77// - Multi-user separation on the same physical device.
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]78
79#include "fuse.h"
80
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]81#define PROP_SDCARDFS_DEVICE "ro.sys.sdcardfs"
82#define PROP_SDCARDFS_USER "persist.sys.sdcardfs"
83
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]84/* Supplementary groups to execute with. */
85static const gid_t kGroups[1] = { AID_PACKAGE_INFO };
86
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]87static bool package_parse_callback(pkg_info *info, void *userdata) {
88 struct fuse_global *global = (struct fuse_global *)userdata;
Jorge Lucangeli Obesd6d8faa2016-07-19 12:10:26 -0400[diff] [blame]89 bool res = global->package_to_appid->emplace(info->name, info->uid).second;
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]90 packagelist_free(info);
Jorge Lucangeli Obesd6d8faa2016-07-19 12:10:26 -0400[diff] [blame]91 return res;
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]92}
93
94static bool read_package_list(struct fuse_global* global) {
95 pthread_mutex_lock(&global->lock);
96
Jorge Lucangeli Obesd6d8faa2016-07-19 12:10:26 -0400[diff] [blame]97 global->package_to_appid->clear();
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]98 bool rc = packagelist_parse(package_parse_callback, global);
Jorge Lucangeli Obese157b252016-07-26 15:22:31 -0400[diff] [blame]99 DLOG(INFO) << "read_package_list: found " << global->package_to_appid->size() << " packages";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]100
Jorge Lucangeli Obesd6d8faa2016-07-19 12:10:26 -0400[diff] [blame]101 // Regenerate ownership details using newly loaded mapping.
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]102 derive_permissions_recursive_locked(global->fuse_default, &global->root);
103
104 pthread_mutex_unlock(&global->lock);
105
106 return rc;
107}
108
109static void watch_package_list(struct fuse_global* global) {
110 struct inotify_event *event;
111 char event_buf[512];
112
113 int nfd = inotify_init();
Christopher Ferrisd6b0d372016-10-06 12:51:20 -0700[diff] [blame]114 if (nfd == -1) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]115 PLOG(ERROR) << "inotify_init failed";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]116 return;
117 }
118
119 bool active = false;
120 while (1) {
121 if (!active) {
122 int res = inotify_add_watch(nfd, PACKAGES_LIST_FILE, IN_DELETE_SELF);
123 if (res == -1) {
124 if (errno == ENOENT || errno == EACCES) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]125 /* Framework may not have created the file yet, sleep and retry. */
126 LOG(ERROR) << "missing \"" << PACKAGES_LIST_FILE << "\"; retrying...";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]127 sleep(3);
128 continue;
129 } else {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]130 PLOG(ERROR) << "inotify_add_watch failed";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]131 return;
132 }
133 }
134
135 /* Watch above will tell us about any future changes, so
136 * read the current state. */
137 if (read_package_list(global) == false) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]138 LOG(ERROR) << "read_package_list failed";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]139 return;
140 }
141 active = true;
142 }
143
144 int event_pos = 0;
Christopher Ferrisd6b0d372016-10-06 12:51:20 -0700[diff] [blame]145 ssize_t res = TEMP_FAILURE_RETRY(read(nfd, event_buf, sizeof(event_buf)));
146 if (res == -1) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]147 PLOG(ERROR) << "failed to read inotify event";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]148 return;
Christopher Ferrisd6b0d372016-10-06 12:51:20 -0700[diff] [blame]149 } else if (static_cast<size_t>(res) < sizeof(*event)) {
150 LOG(ERROR) << "failed to read inotify event: read " << res << " expected "
151 << sizeof(event_buf);
152 return;
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]153 }
154
Christopher Ferrisd6b0d372016-10-06 12:51:20 -0700[diff] [blame]155 while (res >= static_cast<ssize_t>(sizeof(*event))) {
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]156 int event_size;
Christopher Ferrisd6b0d372016-10-06 12:51:20 -0700[diff] [blame]157 event = reinterpret_cast<struct inotify_event*>(event_buf + event_pos);
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]158
Jorge Lucangeli Obese157b252016-07-26 15:22:31 -0400[diff] [blame]159 DLOG(INFO) << "inotify event: " << std::hex << event->mask << std::dec;
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]160 if ((event->mask & IN_IGNORED) == IN_IGNORED) {
161 /* Previously watched file was deleted, probably due to move
162 * that swapped in new data; re-arm the watch and read. */
163 active = false;
164 }
165
166 event_size = sizeof(*event) + event->len;
167 res -= event_size;
168 event_pos += event_size;
169 }
170 }
171}
172
173static int fuse_setup(struct fuse* fuse, gid_t gid, mode_t mask) {
174 char opts[256];
175
Christopher Ferrisd6b0d372016-10-06 12:51:20 -0700[diff] [blame]176 fuse->fd = TEMP_FAILURE_RETRY(open("/dev/fuse", O_RDWR | O_CLOEXEC));
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]177 if (fuse->fd == -1) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]178 PLOG(ERROR) << "failed to open fuse device";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]179 return -1;
180 }
181
182 umount2(fuse->dest_path, MNT_DETACH);
183
184 snprintf(opts, sizeof(opts),
185 "fd=%i,rootmode=40000,default_permissions,allow_other,user_id=%d,group_id=%d",
186 fuse->fd, fuse->global->uid, fuse->global->gid);
Christopher Ferrisd6b0d372016-10-06 12:51:20 -0700[diff] [blame]187 if (mount("/dev/fuse", fuse->dest_path, "fuse", MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_NOATIME,
188 opts) == -1) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]189 PLOG(ERROR) << "failed to mount fuse filesystem";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]190 return -1;
191 }
192
193 fuse->gid = gid;
194 fuse->mask = mask;
195
196 return 0;
197}
198
Jorge Lucangeli Obesc96f53e2016-07-14 14:50:14 -0400[diff] [blame]199static void drop_privs(uid_t uid, gid_t gid) {
200 ScopedMinijail j(minijail_new());
Jorge Lucangeli Obesbae15b42016-07-18 13:46:42 -0400[diff] [blame]201 minijail_set_supplementary_gids(j.get(), arraysize(kGroups), kGroups);
Jorge Lucangeli Obesc96f53e2016-07-14 14:50:14 -0400[diff] [blame]202 minijail_change_gid(j.get(), gid);
203 minijail_change_uid(j.get(), uid);
204 /* minijail_enter() will abort if priv-dropping fails. */
205 minijail_enter(j.get());
206}
207
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]208static void* start_handler(void* data) {
209 struct fuse_handler* handler = static_cast<fuse_handler*>(data);
210 handle_fuse_requests(handler);
211 return NULL;
212}
213
214static void run(const char* source_path, const char* label, uid_t uid,
215 gid_t gid, userid_t userid, bool multi_user, bool full_write) {
216 struct fuse_global global;
217 struct fuse fuse_default;
218 struct fuse fuse_read;
219 struct fuse fuse_write;
220 struct fuse_handler handler_default;
221 struct fuse_handler handler_read;
222 struct fuse_handler handler_write;
223 pthread_t thread_default;
224 pthread_t thread_read;
225 pthread_t thread_write;
226
227 memset(&global, 0, sizeof(global));
228 memset(&fuse_default, 0, sizeof(fuse_default));
229 memset(&fuse_read, 0, sizeof(fuse_read));
230 memset(&fuse_write, 0, sizeof(fuse_write));
231 memset(&handler_default, 0, sizeof(handler_default));
232 memset(&handler_read, 0, sizeof(handler_read));
233 memset(&handler_write, 0, sizeof(handler_write));
234
235 pthread_mutex_init(&global.lock, NULL);
Jorge Lucangeli Obesd6d8faa2016-07-19 12:10:26 -0400[diff] [blame]236 global.package_to_appid = new AppIdMap;
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]237 global.uid = uid;
238 global.gid = gid;
239 global.multi_user = multi_user;
240 global.next_generation = 0;
241 global.inode_ctr = 1;
242
243 memset(&global.root, 0, sizeof(global.root));
244 global.root.nid = FUSE_ROOT_ID; /* 1 */
245 global.root.refcount = 2;
246 global.root.namelen = strlen(source_path);
247 global.root.name = strdup(source_path);
248 global.root.userid = userid;
249 global.root.uid = AID_ROOT;
250 global.root.under_android = false;
251
Ting-Yuan Huang1991ae92017-08-29 15:48:30 -0700[diff] [blame]252 // Clang static analyzer think strcpy potentially overwrites other fields
253 // in global. Use snprintf() to mute the false warning.
254 snprintf(global.source_path, sizeof(global.source_path), "%s", source_path);
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]255
256 if (multi_user) {
257 global.root.perm = PERM_PRE_ROOT;
258 snprintf(global.obb_path, sizeof(global.obb_path), "%s/obb", source_path);
259 } else {
260 global.root.perm = PERM_ROOT;
261 snprintf(global.obb_path, sizeof(global.obb_path), "%s/Android/obb", source_path);
262 }
263
264 fuse_default.global = &global;
265 fuse_read.global = &global;
266 fuse_write.global = &global;
267
268 global.fuse_default = &fuse_default;
269 global.fuse_read = &fuse_read;
270 global.fuse_write = &fuse_write;
271
272 snprintf(fuse_default.dest_path, PATH_MAX, "/mnt/runtime/default/%s", label);
273 snprintf(fuse_read.dest_path, PATH_MAX, "/mnt/runtime/read/%s", label);
274 snprintf(fuse_write.dest_path, PATH_MAX, "/mnt/runtime/write/%s", label);
275
276 handler_default.fuse = &fuse_default;
277 handler_read.fuse = &fuse_read;
278 handler_write.fuse = &fuse_write;
279
280 handler_default.token = 0;
281 handler_read.token = 1;
282 handler_write.token = 2;
283
284 umask(0);
285
286 if (multi_user) {
287 /* Multi-user storage is fully isolated per user, so "other"
288 * permissions are completely masked off. */
289 if (fuse_setup(&fuse_default, AID_SDCARD_RW, 0006)
290 || fuse_setup(&fuse_read, AID_EVERYBODY, 0027)
291 || fuse_setup(&fuse_write, AID_EVERYBODY, full_write ? 0007 : 0027)) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]292 PLOG(FATAL) << "failed to fuse_setup";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]293 }
294 } else {
295 /* Physical storage is readable by all users on device, but
296 * the Android directories are masked off to a single user
297 * deep inside attr_from_stat(). */
298 if (fuse_setup(&fuse_default, AID_SDCARD_RW, 0006)
299 || fuse_setup(&fuse_read, AID_EVERYBODY, full_write ? 0027 : 0022)
300 || fuse_setup(&fuse_write, AID_EVERYBODY, full_write ? 0007 : 0022)) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]301 PLOG(FATAL) << "failed to fuse_setup";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]302 }
303 }
304
Jorge Lucangeli Obesc96f53e2016-07-14 14:50:14 -0400[diff] [blame]305 // Will abort if priv-dropping fails.
306 drop_privs(uid, gid);
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]307
308 if (multi_user) {
309 fs_prepare_dir(global.obb_path, 0775, uid, gid);
310 }
311
312 if (pthread_create(&thread_default, NULL, start_handler, &handler_default)
313 || pthread_create(&thread_read, NULL, start_handler, &handler_read)
314 || pthread_create(&thread_write, NULL, start_handler, &handler_write)) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]315 LOG(FATAL) << "failed to pthread_create";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]316 }
317
318 watch_package_list(&global);
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]319 LOG(FATAL) << "terminated prematurely";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]320}
321
Rom Lemarchand98139142017-09-15 18:47:50 +0000[diff] [blame^]322static bool sdcardfs_setup(const std::string& source_path, const std::string& dest_path,
323 uid_t fsuid, gid_t fsgid, bool multi_user, userid_t userid, gid_t gid,
324 mode_t mask, bool derive_gid) {
325 std::string opts = android::base::StringPrintf(
326 "fsuid=%d,fsgid=%d,%s%smask=%d,userid=%d,gid=%d", fsuid, fsgid,
327 multi_user ? "multiuser," : "", derive_gid ? "derive_gid," : "", mask, userid, gid);
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]328
329 if (mount(source_path.c_str(), dest_path.c_str(), "sdcardfs",
Christopher Ferrisd6b0d372016-10-06 12:51:20 -0700[diff] [blame]330 MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_NOATIME, opts.c_str()) == -1) {
Rom Lemarchand98139142017-09-15 18:47:50 +0000[diff] [blame^]331 if (derive_gid) {
332 PLOG(ERROR) << "trying to mount sdcardfs filesystem without derive_gid";
333 /* Maybe this isn't supported on this kernel. Try without. */
334 opts = android::base::StringPrintf("fsuid=%d,fsgid=%d,%smask=%d,userid=%d,gid=%d",
335 fsuid, fsgid, multi_user ? "multiuser," : "", mask,
336 userid, gid);
337 if (mount(source_path.c_str(), dest_path.c_str(), "sdcardfs",
338 MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_NOATIME, opts.c_str()) == -1) {
339 PLOG(ERROR) << "failed to mount sdcardfs filesystem";
340 return false;
341 }
342 } else {
343 PLOG(ERROR) << "failed to mount sdcardfs filesystem";
344 return false;
345 }
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]346 }
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]347 return true;
348}
349
Daniel Rosenbergfc592322016-10-27 17:43:37 -0700[diff] [blame]350static bool sdcardfs_setup_bind_remount(const std::string& source_path, const std::string& dest_path,
351 gid_t gid, mode_t mask) {
352 std::string opts = android::base::StringPrintf("mask=%d,gid=%d", mask, gid);
353
354 if (mount(source_path.c_str(), dest_path.c_str(), nullptr,
355 MS_BIND, nullptr) != 0) {
356 PLOG(ERROR) << "failed to bind mount sdcardfs filesystem";
357 return false;
358 }
359
360 if (mount(source_path.c_str(), dest_path.c_str(), "none",
361 MS_REMOUNT | MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_NOATIME, opts.c_str()) != 0) {
362 PLOG(ERROR) << "failed to mount sdcardfs filesystem";
363 if (umount2(dest_path.c_str(), MNT_DETACH))
364 PLOG(WARNING) << "Failed to unmount bind";
365 return false;
366 }
367
368 return true;
369}
370
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]371static void run_sdcardfs(const std::string& source_path, const std::string& label, uid_t uid,
Rom Lemarchand98139142017-09-15 18:47:50 +0000[diff] [blame^]372 gid_t gid, userid_t userid, bool multi_user, bool full_write,
373 bool derive_gid) {
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]374 std::string dest_path_default = "/mnt/runtime/default/" + label;
375 std::string dest_path_read = "/mnt/runtime/read/" + label;
376 std::string dest_path_write = "/mnt/runtime/write/" + label;
377
378 umask(0);
379 if (multi_user) {
380 // Multi-user storage is fully isolated per user, so "other"
381 // permissions are completely masked off.
382 if (!sdcardfs_setup(source_path, dest_path_default, uid, gid, multi_user, userid,
Rom Lemarchand98139142017-09-15 18:47:50 +0000[diff] [blame^]383 AID_SDCARD_RW, 0006, derive_gid) ||
384 !sdcardfs_setup_bind_remount(dest_path_default, dest_path_read, AID_EVERYBODY, 0027) ||
385 !sdcardfs_setup_bind_remount(dest_path_default, dest_path_write, AID_EVERYBODY,
386 full_write ? 0007 : 0027)) {
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]387 LOG(FATAL) << "failed to sdcardfs_setup";
388 }
389 } else {
390 // Physical storage is readable by all users on device, but
391 // the Android directories are masked off to a single user
392 // deep inside attr_from_stat().
393 if (!sdcardfs_setup(source_path, dest_path_default, uid, gid, multi_user, userid,
Rom Lemarchand98139142017-09-15 18:47:50 +0000[diff] [blame^]394 AID_SDCARD_RW, 0006, derive_gid) ||
395 !sdcardfs_setup_bind_remount(dest_path_default, dest_path_read, AID_EVERYBODY,
396 full_write ? 0027 : 0022) ||
397 !sdcardfs_setup_bind_remount(dest_path_default, dest_path_write, AID_EVERYBODY,
398 full_write ? 0007 : 0022)) {
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]399 LOG(FATAL) << "failed to sdcardfs_setup";
400 }
401 }
402
403 // Will abort if priv-dropping fails.
404 drop_privs(uid, gid);
405
406 if (multi_user) {
407 std::string obb_path = source_path + "/obb";
408 fs_prepare_dir(obb_path.c_str(), 0775, uid, gid);
409 }
410
411 exit(0);
412}
413
414static bool supports_sdcardfs(void) {
415 std::string filesystems;
416 if (!android::base::ReadFileToString("/proc/filesystems", &filesystems)) {
417 PLOG(ERROR) << "Could not read /proc/filesystems";
418 return false;
419 }
420 for (const auto& fs : android::base::Split(filesystems, "\n")) {
421 if (fs.find("sdcardfs") != std::string::npos) return true;
422 }
423 return false;
424}
425
426static bool should_use_sdcardfs(void) {
427 char property[PROPERTY_VALUE_MAX];
428
429 // Allow user to have a strong opinion about state
430 property_get(PROP_SDCARDFS_USER, property, "");
431 if (!strcmp(property, "force_on")) {
432 LOG(WARNING) << "User explicitly enabled sdcardfs";
433 return supports_sdcardfs();
434 } else if (!strcmp(property, "force_off")) {
435 LOG(WARNING) << "User explicitly disabled sdcardfs";
436 return false;
437 }
438
439 // Fall back to device opinion about state
Daniel Rosenbergcd591812017-03-20 13:09:06 -0700[diff] [blame]440 if (property_get_bool(PROP_SDCARDFS_DEVICE, true)) {
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]441 LOG(WARNING) << "Device explicitly enabled sdcardfs";
442 return supports_sdcardfs();
443 } else {
444 LOG(WARNING) << "Device explicitly disabled sdcardfs";
445 return false;
446 }
447}
448
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]449static int usage() {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]450 LOG(ERROR) << "usage: sdcard [OPTIONS] <source_path> <label>"
451 << " -u: specify UID to run as"
452 << " -g: specify GID to run as"
453 << " -U: specify user ID that owns device"
454 << " -m: source_path is multi-user"
Rom Lemarchand98139142017-09-15 18:47:50 +0000[diff] [blame^]455 << " -w: runtime write mount has full write access"
456 << " -P preserve owners on the lower file system";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]457 return 1;
458}
459
460int main(int argc, char **argv) {
461 const char *source_path = NULL;
462 const char *label = NULL;
463 uid_t uid = 0;
464 gid_t gid = 0;
465 userid_t userid = 0;
466 bool multi_user = false;
467 bool full_write = false;
Rom Lemarchand98139142017-09-15 18:47:50 +0000[diff] [blame^]468 bool derive_gid = false;
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]469 int i;
470 struct rlimit rlim;
471 int fs_version;
472
473 int opt;
Rom Lemarchand98139142017-09-15 18:47:50 +0000[diff] [blame^]474 while ((opt = getopt(argc, argv, "u:g:U:mwG")) != -1) {
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]475 switch (opt) {
476 case 'u':
477 uid = strtoul(optarg, NULL, 10);
478 break;
479 case 'g':
480 gid = strtoul(optarg, NULL, 10);
481 break;
482 case 'U':
483 userid = strtoul(optarg, NULL, 10);
484 break;
485 case 'm':
486 multi_user = true;
487 break;
488 case 'w':
489 full_write = true;
490 break;
Rom Lemarchand98139142017-09-15 18:47:50 +0000[diff] [blame^]491 case 'G':
492 derive_gid = true;
493 break;
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]494 case '?':
495 default:
496 return usage();
497 }
498 }
499
500 for (i = optind; i < argc; i++) {
501 char* arg = argv[i];
502 if (!source_path) {
503 source_path = arg;
504 } else if (!label) {
505 label = arg;
506 } else {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]507 LOG(ERROR) << "too many arguments";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]508 return usage();
509 }
510 }
511
512 if (!source_path) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]513 LOG(ERROR) << "no source path specified";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]514 return usage();
515 }
516 if (!label) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]517 LOG(ERROR) << "no label specified";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]518 return usage();
519 }
520 if (!uid || !gid) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]521 LOG(ERROR) << "uid and gid must be nonzero";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]522 return usage();
523 }
524
525 rlim.rlim_cur = 8192;
526 rlim.rlim_max = 8192;
Christopher Ferrisd6b0d372016-10-06 12:51:20 -0700[diff] [blame]527 if (setrlimit(RLIMIT_NOFILE, &rlim) == -1) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]528 PLOG(ERROR) << "setting RLIMIT_NOFILE failed";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]529 }
530
531 while ((fs_read_atomic_int("/data/.layout_version", &fs_version) == -1) || (fs_version < 3)) {
Jorge Lucangeli Obesc9e17102016-07-12 17:05:32 -0400[diff] [blame]532 LOG(ERROR) << "installd fs upgrade not yet complete; waiting...";
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]533 sleep(1);
534 }
535
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]536 if (should_use_sdcardfs()) {
Rom Lemarchand98139142017-09-15 18:47:50 +0000[diff] [blame^]537 run_sdcardfs(source_path, label, uid, gid, userid, multi_user, full_write, derive_gid);
Daniel Rosenberg95268192016-08-26 16:54:46 -0700[diff] [blame]538 } else {
539 run(source_path, label, uid, gid, userid, multi_user, full_write);
540 }
Jorge Lucangeli Obesc255f252016-07-12 15:13:05 -0400[diff] [blame]541 return 1;
542}