aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to 'fs/sdcardfs/sdcardfs.h')
-rw-r--r--fs/sdcardfs/sdcardfs.h244
1 files changed, 173 insertions, 71 deletions
diff --git a/fs/sdcardfs/sdcardfs.h b/fs/sdcardfs/sdcardfs.h
index f111f898b630..2b67b9a8ef9f 100644
--- a/fs/sdcardfs/sdcardfs.h
+++ b/fs/sdcardfs/sdcardfs.h
@@ -29,6 +29,7 @@
29#include <linux/dcache.h> 29#include <linux/dcache.h>
30#include <linux/file.h> 30#include <linux/file.h>
31#include <linux/fs.h> 31#include <linux/fs.h>
32#include <linux/aio.h>
32#include <linux/mm.h> 33#include <linux/mm.h>
33#include <linux/mount.h> 34#include <linux/mount.h>
34#include <linux/namei.h> 35#include <linux/namei.h>
@@ -52,7 +53,7 @@
52#define SDCARDFS_ROOT_INO 1 53#define SDCARDFS_ROOT_INO 1
53 54
54/* useful for tracking code reachability */ 55/* useful for tracking code reachability */
55#define UDBG printk(KERN_DEFAULT "DBG:%s:%s:%d\n", __FILE__, __func__, __LINE__) 56#define UDBG pr_default("DBG:%s:%s:%d\n", __FILE__, __func__, __LINE__)
56 57
57#define SDCARDFS_DIRENT_SIZE 256 58#define SDCARDFS_DIRENT_SIZE 256
58 59
@@ -65,71 +66,87 @@
65#define AID_SDCARD_PICS 1033 /* external storage photos access */ 66#define AID_SDCARD_PICS 1033 /* external storage photos access */
66#define AID_SDCARD_AV 1034 /* external storage audio/video access */ 67#define AID_SDCARD_AV 1034 /* external storage audio/video access */
67#define AID_SDCARD_ALL 1035 /* access all users external storage */ 68#define AID_SDCARD_ALL 1035 /* access all users external storage */
69#define AID_MEDIA_OBB 1059 /* obb files */
70
71#define AID_SDCARD_IMAGE 1057
68 72
69#define AID_PACKAGE_INFO 1027 73#define AID_PACKAGE_INFO 1027
70 74
71#define fix_derived_permission(x) \ 75
76/*
77 * Permissions are handled by our permission function.
78 * We don't want anyone who happens to look at our inode value to prematurely
79 * block access, so store more permissive values. These are probably never
80 * used.
81 */
82#define fixup_tmp_permissions(x) \
72 do { \ 83 do { \
73 (x)->i_uid = make_kuid(&init_user_ns, SDCARDFS_I(x)->d_uid); \ 84 (x)->i_uid = make_kuid(&init_user_ns, SDCARDFS_I(x)->d_uid); \
74 (x)->i_gid = make_kgid(&init_user_ns, get_gid(SDCARDFS_I(x))); \ 85 (x)->i_gid = make_kgid(&init_user_ns, AID_SDCARD_RW); \
75 (x)->i_mode = ((x)->i_mode & S_IFMT) | get_mode(SDCARDFS_I(x));\ 86 (x)->i_mode = ((x)->i_mode & S_IFMT) | 0775;\
76 } while (0) 87 } while (0)
77 88
78
79/* OVERRIDE_CRED() and REVERT_CRED() 89/* OVERRIDE_CRED() and REVERT_CRED()
80 * OVERRID_CRED() 90 * OVERRIDE_CRED()
81 * backup original task->cred 91 * backup original task->cred
82 * and modifies task->cred->fsuid/fsgid to specified value. 92 * and modifies task->cred->fsuid/fsgid to specified value.
83 * REVERT_CRED() 93 * REVERT_CRED()
84 * restore original task->cred->fsuid/fsgid. 94 * restore original task->cred->fsuid/fsgid.
85 * These two macro should be used in pair, and OVERRIDE_CRED() should be 95 * These two macro should be used in pair, and OVERRIDE_CRED() should be
86 * placed at the beginning of a function, right after variable declaration. 96 * placed at the beginning of a function, right after variable declaration.
87 */ 97 */
88#define OVERRIDE_CRED(sdcardfs_sbi, saved_cred) \ 98#define OVERRIDE_CRED(sdcardfs_sbi, saved_cred, info) \
89 saved_cred = override_fsids(sdcardfs_sbi); \ 99 do { \
90 if (!saved_cred) { return -ENOMEM; } 100 saved_cred = override_fsids(sdcardfs_sbi, info); \
101 if (!saved_cred) \
102 return -ENOMEM; \
103 } while (0)
91 104
92#define OVERRIDE_CRED_PTR(sdcardfs_sbi, saved_cred) \ 105#define OVERRIDE_CRED_PTR(sdcardfs_sbi, saved_cred, info) \
93 saved_cred = override_fsids(sdcardfs_sbi); \ 106 do { \
94 if (!saved_cred) { return ERR_PTR(-ENOMEM); } 107 saved_cred = override_fsids(sdcardfs_sbi, info); \
108 if (!saved_cred) \
109 return ERR_PTR(-ENOMEM); \
110 } while (0)
95 111
96#define REVERT_CRED(saved_cred) revert_fsids(saved_cred) 112#define REVERT_CRED(saved_cred) revert_fsids(saved_cred)
97 113
98#define DEBUG_CRED() \
99 printk("KAKJAGI: %s:%d fsuid %d fsgid %d\n", \
100 __FUNCTION__, __LINE__, \
101 (int)current->cred->fsuid, \
102 (int)current->cred->fsgid);
103
104/* Android 5.0 support */ 114/* Android 5.0 support */
105 115
106/* Permission mode for a specific node. Controls how file permissions 116/* Permission mode for a specific node. Controls how file permissions
107 * are derived for children nodes. */ 117 * are derived for children nodes.
118 */
108typedef enum { 119typedef enum {
109 /* Nothing special; this node should just inherit from its parent. */ 120 /* Nothing special; this node should just inherit from its parent. */
110 PERM_INHERIT, 121 PERM_INHERIT,
111 /* This node is one level above a normal root; used for legacy layouts 122 /* This node is one level above a normal root; used for legacy layouts
112 * which use the first level to represent user_id. */ 123 * which use the first level to represent user_id.
113 PERM_PRE_ROOT, 124 */
114 /* This node is "/" */ 125 PERM_PRE_ROOT,
115 PERM_ROOT, 126 /* This node is "/" */
116 /* This node is "/Android" */ 127 PERM_ROOT,
117 PERM_ANDROID, 128 /* This node is "/Android" */
118 /* This node is "/Android/data" */ 129 PERM_ANDROID,
119 PERM_ANDROID_DATA, 130 /* This node is "/Android/data" */
120 /* This node is "/Android/obb" */ 131 PERM_ANDROID_DATA,
121 PERM_ANDROID_OBB, 132 /* This node is "/Android/obb" */
122 /* This node is "/Android/media" */ 133 PERM_ANDROID_OBB,
123 PERM_ANDROID_MEDIA, 134 /* This node is "/Android/media" */
135 PERM_ANDROID_MEDIA,
136 /* This node is "/Android/[data|media|obb]/[package]" */
137 PERM_ANDROID_PACKAGE,
138 /* This node is "/Android/[data|media|obb]/[package]/cache" */
139 PERM_ANDROID_PACKAGE_CACHE,
124} perm_t; 140} perm_t;
125 141
126struct sdcardfs_sb_info; 142struct sdcardfs_sb_info;
127struct sdcardfs_mount_options; 143struct sdcardfs_mount_options;
144struct sdcardfs_inode_info;
128 145
129/* Do not directly use this function. Use OVERRIDE_CRED() instead. */ 146/* Do not directly use this function. Use OVERRIDE_CRED() instead. */
130const struct cred * override_fsids(struct sdcardfs_sb_info* sbi); 147const struct cred *override_fsids(struct sdcardfs_sb_info *sbi, struct sdcardfs_inode_info *info);
131/* Do not directly use this function, use REVERT_CRED() instead. */ 148/* Do not directly use this function, use REVERT_CRED() instead. */
132void revert_fsids(const struct cred * old_cred); 149void revert_fsids(const struct cred *old_cred);
133 150
134/* operations vectors defined in specific files */ 151/* operations vectors defined in specific files */
135extern const struct file_operations sdcardfs_main_fops; 152extern const struct file_operations sdcardfs_main_fops;
@@ -169,6 +186,10 @@ struct sdcardfs_inode_info {
169 userid_t userid; 186 userid_t userid;
170 uid_t d_uid; 187 uid_t d_uid;
171 bool under_android; 188 bool under_android;
189 bool under_cache;
190 bool under_obb;
191 /* top folder for ownership */
192 struct inode *top;
172 193
173 struct inode vfs_inode; 194 struct inode vfs_inode;
174}; 195};
@@ -185,18 +206,25 @@ struct sdcardfs_mount_options {
185 uid_t fs_low_uid; 206 uid_t fs_low_uid;
186 gid_t fs_low_gid; 207 gid_t fs_low_gid;
187 userid_t fs_user_id; 208 userid_t fs_user_id;
188 gid_t gid;
189 mode_t mask;
190 bool multiuser; 209 bool multiuser;
191 unsigned int reserved_mb; 210 unsigned int reserved_mb;
192}; 211};
193 212
213struct sdcardfs_vfsmount_options {
214 gid_t gid;
215 mode_t mask;
216};
217
218extern int parse_options_remount(struct super_block *sb, char *options, int silent,
219 struct sdcardfs_vfsmount_options *vfsopts);
220
194/* sdcardfs super-block data in memory */ 221/* sdcardfs super-block data in memory */
195struct sdcardfs_sb_info { 222struct sdcardfs_sb_info {
196 struct super_block *sb; 223 struct super_block *sb;
197 struct super_block *lower_sb; 224 struct super_block *lower_sb;
198 /* derived perm policy : some of options have been added 225 /* derived perm policy : some of options have been added
199 * to sdcardfs_mount_options (Android 4.4 support) */ 226 * to sdcardfs_mount_options (Android 4.4 support)
227 */
200 struct sdcardfs_mount_options options; 228 struct sdcardfs_mount_options options;
201 spinlock_t lock; /* protects obbpath */ 229 spinlock_t lock; /* protects obbpath */
202 char *obbpath_s; 230 char *obbpath_s;
@@ -307,7 +335,7 @@ static inline void sdcardfs_put_reset_##pname(const struct dentry *dent) \
307{ \ 335{ \
308 struct path pname; \ 336 struct path pname; \
309 spin_lock(&SDCARDFS_D(dent)->lock); \ 337 spin_lock(&SDCARDFS_D(dent)->lock); \
310 if(SDCARDFS_D(dent)->pname.dentry) { \ 338 if (SDCARDFS_D(dent)->pname.dentry) { \
311 pathcpy(&pname, &SDCARDFS_D(dent)->pname); \ 339 pathcpy(&pname, &SDCARDFS_D(dent)->pname); \
312 SDCARDFS_D(dent)->pname.dentry = NULL; \ 340 SDCARDFS_D(dent)->pname.dentry = NULL; \
313 SDCARDFS_D(dent)->pname.mnt = NULL; \ 341 SDCARDFS_D(dent)->pname.mnt = NULL; \
@@ -321,38 +349,78 @@ static inline void sdcardfs_put_reset_##pname(const struct dentry *dent) \
321SDCARDFS_DENT_FUNC(lower_path) 349SDCARDFS_DENT_FUNC(lower_path)
322SDCARDFS_DENT_FUNC(orig_path) 350SDCARDFS_DENT_FUNC(orig_path)
323 351
324static inline int get_gid(struct sdcardfs_inode_info *info) { 352static inline bool sbinfo_has_sdcard_magic(struct sdcardfs_sb_info *sbinfo)
325 struct sdcardfs_sb_info *sb_info = SDCARDFS_SB(info->vfs_inode.i_sb); 353{
326 if (sb_info->options.gid == AID_SDCARD_RW) { 354 return sbinfo && sbinfo->sb && sbinfo->sb->s_magic == SDCARDFS_SUPER_MAGIC;
355}
356
357/* grab a refererence if we aren't linking to ourself */
358static inline void set_top(struct sdcardfs_inode_info *info, struct inode *top)
359{
360 struct inode *old_top = NULL;
361
362 BUG_ON(IS_ERR_OR_NULL(top));
363 if (info->top && info->top != &info->vfs_inode)
364 old_top = info->top;
365 if (top != &info->vfs_inode)
366 igrab(top);
367 info->top = top;
368 iput(old_top);
369}
370
371static inline struct inode *grab_top(struct sdcardfs_inode_info *info)
372{
373 struct inode *top = info->top;
374
375 if (top)
376 return igrab(top);
377 else
378 return NULL;
379}
380
381static inline void release_top(struct sdcardfs_inode_info *info)
382{
383 iput(info->top);
384}
385
386static inline int get_gid(struct vfsmount *mnt, struct sdcardfs_inode_info *info)
387{
388 struct sdcardfs_vfsmount_options *opts = mnt->data;
389
390 if (opts->gid == AID_SDCARD_RW)
327 /* As an optimization, certain trusted system components only run 391 /* As an optimization, certain trusted system components only run
328 * as owner but operate across all users. Since we're now handing 392 * as owner but operate across all users. Since we're now handing
329 * out the sdcard_rw GID only to trusted apps, we're okay relaxing 393 * out the sdcard_rw GID only to trusted apps, we're okay relaxing
330 * the user boundary enforcement for the default view. The UIDs 394 * the user boundary enforcement for the default view. The UIDs
331 * assigned to app directories are still multiuser aware. */ 395 * assigned to app directories are still multiuser aware.
396 */
332 return AID_SDCARD_RW; 397 return AID_SDCARD_RW;
333 } else { 398 else
334 return multiuser_get_uid(info->userid, sb_info->options.gid); 399 return multiuser_get_uid(info->userid, opts->gid);
335 }
336} 400}
337static inline int get_mode(struct sdcardfs_inode_info *info) { 401
402static inline int get_mode(struct vfsmount *mnt, struct sdcardfs_inode_info *info)
403{
338 int owner_mode; 404 int owner_mode;
339 int filtered_mode; 405 int filtered_mode;
340 struct sdcardfs_sb_info *sb_info = SDCARDFS_SB(info->vfs_inode.i_sb); 406 struct sdcardfs_vfsmount_options *opts = mnt->data;
341 int visible_mode = 0775 & ~sb_info->options.mask; 407 int visible_mode = 0775 & ~opts->mask;
408
342 409
343 if (info->perm == PERM_PRE_ROOT) { 410 if (info->perm == PERM_PRE_ROOT) {
344 /* Top of multi-user view should always be visible to ensure 411 /* Top of multi-user view should always be visible to ensure
345 * secondary users can traverse inside. */ 412 * secondary users can traverse inside.
413 */
346 visible_mode = 0711; 414 visible_mode = 0711;
347 } else if (info->under_android) { 415 } else if (info->under_android) {
348 /* Block "other" access to Android directories, since only apps 416 /* Block "other" access to Android directories, since only apps
349 * belonging to a specific user should be in there; we still 417 * belonging to a specific user should be in there; we still
350 * leave +x open for the default view. */ 418 * leave +x open for the default view.
351 if (sb_info->options.gid == AID_SDCARD_RW) { 419 */
420 if (opts->gid == AID_SDCARD_RW)
352 visible_mode = visible_mode & ~0006; 421 visible_mode = visible_mode & ~0006;
353 } else { 422 else
354 visible_mode = visible_mode & ~0007; 423 visible_mode = visible_mode & ~0007;
355 }
356 } 424 }
357 owner_mode = info->lower_inode->i_mode & 0700; 425 owner_mode = info->lower_inode->i_mode & 0700;
358 filtered_mode = visible_mode & (owner_mode | (owner_mode >> 3) | (owner_mode >> 6)); 426 filtered_mode = visible_mode & (owner_mode | (owner_mode >> 3) | (owner_mode >> 6));
@@ -377,7 +445,7 @@ static inline void sdcardfs_get_real_lower(const struct dentry *dent,
377 /* in case of a local obb dentry 445 /* in case of a local obb dentry
378 * the orig_path should be returned 446 * the orig_path should be returned
379 */ 447 */
380 if(has_graft_path(dent)) 448 if (has_graft_path(dent))
381 sdcardfs_get_orig_path(dent, real_lower); 449 sdcardfs_get_orig_path(dent, real_lower);
382 else 450 else
383 sdcardfs_get_lower_path(dent, real_lower); 451 sdcardfs_get_lower_path(dent, real_lower);
@@ -386,7 +454,7 @@ static inline void sdcardfs_get_real_lower(const struct dentry *dent,
386static inline void sdcardfs_put_real_lower(const struct dentry *dent, 454static inline void sdcardfs_put_real_lower(const struct dentry *dent,
387 struct path *real_lower) 455 struct path *real_lower)
388{ 456{
389 if(has_graft_path(dent)) 457 if (has_graft_path(dent))
390 sdcardfs_put_orig_path(dent, real_lower); 458 sdcardfs_put_orig_path(dent, real_lower);
391 else 459 else
392 sdcardfs_put_lower_path(dent, real_lower); 460 sdcardfs_put_lower_path(dent, real_lower);
@@ -396,20 +464,31 @@ extern struct mutex sdcardfs_super_list_lock;
396extern struct list_head sdcardfs_super_list; 464extern struct list_head sdcardfs_super_list;
397 465
398/* for packagelist.c */ 466/* for packagelist.c */
399extern appid_t get_appid(void *pkgl_id, const char *app_name); 467extern appid_t get_appid(const char *app_name);
400extern int check_caller_access_to_name(struct inode *parent_node, const char* name); 468extern appid_t get_ext_gid(const char *app_name);
469extern appid_t is_excluded(const char *app_name, userid_t userid);
470extern int check_caller_access_to_name(struct inode *parent_node, const struct qstr *name);
401extern int open_flags_to_access_mode(int open_flags); 471extern int open_flags_to_access_mode(int open_flags);
402extern int packagelist_init(void); 472extern int packagelist_init(void);
403extern void packagelist_exit(void); 473extern void packagelist_exit(void);
404 474
405/* for derived_perm.c */ 475/* for derived_perm.c */
406extern void setup_derived_state(struct inode *inode, perm_t perm, 476#define BY_NAME (1 << 0)
407 userid_t userid, uid_t uid, bool under_android); 477#define BY_USERID (1 << 1)
478struct limit_search {
479 unsigned int flags;
480 struct qstr name;
481 userid_t userid;
482};
483
484extern void setup_derived_state(struct inode *inode, perm_t perm, userid_t userid,
485 uid_t uid, bool under_android, struct inode *top);
408extern void get_derived_permission(struct dentry *parent, struct dentry *dentry); 486extern void get_derived_permission(struct dentry *parent, struct dentry *dentry);
409extern void get_derived_permission_new(struct dentry *parent, struct dentry *dentry, struct dentry *newdentry); 487extern void get_derived_permission_new(struct dentry *parent, struct dentry *dentry, const struct qstr *name);
410extern void get_derive_permissions_recursive(struct dentry *parent); 488extern void fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit);
411 489
412extern void update_derived_permission_lock(struct dentry *dentry); 490extern void update_derived_permission_lock(struct dentry *dentry);
491void fixup_lower_ownership(struct dentry *dentry, const char *name);
413extern int need_graft_path(struct dentry *dentry); 492extern int need_graft_path(struct dentry *dentry);
414extern int is_base_obbpath(struct dentry *dentry); 493extern int is_base_obbpath(struct dentry *dentry);
415extern int is_obbpath_invalid(struct dentry *dentry); 494extern int is_obbpath_invalid(struct dentry *dentry);
@@ -419,6 +498,7 @@ extern int setup_obb_dentry(struct dentry *dentry, struct path *lower_path);
419static inline struct dentry *lock_parent(struct dentry *dentry) 498static inline struct dentry *lock_parent(struct dentry *dentry)
420{ 499{
421 struct dentry *dir = dget_parent(dentry); 500 struct dentry *dir = dget_parent(dentry);
501
422 mutex_lock_nested(&d_inode(dir)->i_mutex, I_MUTEX_PARENT); 502 mutex_lock_nested(&d_inode(dir)->i_mutex, I_MUTEX_PARENT);
423 return dir; 503 return dir;
424} 504}
@@ -444,7 +524,7 @@ static inline int prepare_dir(const char *path_s, uid_t uid, gid_t gid, mode_t m
444 goto out_unlock; 524 goto out_unlock;
445 } 525 }
446 526
447 err = vfs_mkdir(d_inode(parent.dentry), dent, mode); 527 err = vfs_mkdir2(parent.mnt, d_inode(parent.dentry), dent, mode);
448 if (err) { 528 if (err) {
449 if (err == -EEXIST) 529 if (err == -EEXIST)
450 err = 0; 530 err = 0;
@@ -455,7 +535,7 @@ static inline int prepare_dir(const char *path_s, uid_t uid, gid_t gid, mode_t m
455 attrs.ia_gid = make_kgid(&init_user_ns, gid); 535 attrs.ia_gid = make_kgid(&init_user_ns, gid);
456 attrs.ia_valid = ATTR_UID | ATTR_GID; 536 attrs.ia_valid = ATTR_UID | ATTR_GID;
457 mutex_lock(&d_inode(dent)->i_mutex); 537 mutex_lock(&d_inode(dent)->i_mutex);
458 notify_change(dent, &attrs, NULL); 538 notify_change2(parent.mnt, dent, &attrs, NULL);
459 mutex_unlock(&d_inode(dent)->i_mutex); 539 mutex_unlock(&d_inode(dent)->i_mutex);
460 540
461out_dput: 541out_dput:
@@ -513,12 +593,16 @@ static inline int check_min_free_space(struct dentry *dentry, size_t size, int d
513 return 1; 593 return 1;
514} 594}
515 595
516/* Copies attrs and maintains sdcardfs managed attrs */ 596/*
597 * Copies attrs and maintains sdcardfs managed attrs
598 * Since our permission check handles all special permissions, set those to be open
599 */
517static inline void sdcardfs_copy_and_fix_attrs(struct inode *dest, const struct inode *src) 600static inline void sdcardfs_copy_and_fix_attrs(struct inode *dest, const struct inode *src)
518{ 601{
519 dest->i_mode = (src->i_mode & S_IFMT) | get_mode(SDCARDFS_I(dest)); 602 dest->i_mode = (src->i_mode & S_IFMT) | S_IRWXU | S_IRWXG |
603 S_IROTH | S_IXOTH; /* 0775 */
520 dest->i_uid = make_kuid(&init_user_ns, SDCARDFS_I(dest)->d_uid); 604 dest->i_uid = make_kuid(&init_user_ns, SDCARDFS_I(dest)->d_uid);
521 dest->i_gid = make_kgid(&init_user_ns, get_gid(SDCARDFS_I(dest))); 605 dest->i_gid = make_kgid(&init_user_ns, AID_SDCARD_RW);
522 dest->i_rdev = src->i_rdev; 606 dest->i_rdev = src->i_rdev;
523 dest->i_atime = src->i_atime; 607 dest->i_atime = src->i_atime;
524 dest->i_mtime = src->i_mtime; 608 dest->i_mtime = src->i_mtime;
@@ -527,4 +611,22 @@ static inline void sdcardfs_copy_and_fix_attrs(struct inode *dest, const struct
527 dest->i_flags = src->i_flags; 611 dest->i_flags = src->i_flags;
528 set_nlink(dest, src->i_nlink); 612 set_nlink(dest, src->i_nlink);
529} 613}
614
615static inline bool str_case_eq(const char *s1, const char *s2)
616{
617 return !strcasecmp(s1, s2);
618}
619
620static inline bool str_n_case_eq(const char *s1, const char *s2, size_t len)
621{
622 return !strncasecmp(s1, s2, len);
623}
624
625static inline bool qstr_case_eq(const struct qstr *q1, const struct qstr *q2)
626{
627 return q1->len == q2->len && str_case_eq(q1->name, q2->name);
628}
629
630#define QSTR_LITERAL(string) QSTR_INIT(string, sizeof(string)-1)
631
530#endif /* not _SDCARDFS_H_ */ 632#endif /* not _SDCARDFS_H_ */