Merge "libcutils: add fs_config"

author: Mark Salyzyn 2015-04-06 12:30:58 -0500
committer: Gerrit Code Review 2015-04-06 12:30:59 -0500
commit: d42df562413c75fd7cd5b8a1d920bde8a3c22735 (patch)
tree: 02f95003bbfe7ea476d3aea97686d0e2db8bd37e
parent: d1e90c01f6409cd3babd2c38154aebf9272cd825 (diff)
parent: 8b2c7dee59f0ca89e6a0866537054a0d41dbae97 (diff)
download: platform-system-core-d42df562413c75fd7cd5b8a1d920bde8a3c22735.tar.gz
platform-system-core-d42df562413c75fd7cd5b8a1d920bde8a3c22735.tar.xz
platform-system-core-d42df562413c75fd7cd5b8a1d920bde8a3c22735.zip
2 files changed, 146 insertions, 0 deletions
diff --git a/libcutils/Android.mk b/libcutils/Android.mk
index d4450c619..c636196e6 100644
--- a/libcutils/Android.mk
+++ b/libcutils/Android.mk
@@ -32,6 +32,7 @@ commonSources := \
        sched_policy.c \
        iosched_policy.c \
        str_parms.c \
+        fs_config.c
 # some files must not be compiled when building against Mingw
 # they correspond to features not used by our host development tools
diff --git a/libcutils/fs_config.c b/libcutils/fs_config.c
new file mode 100644
index 000000000..3f6a20204
--- /dev/null
+++ b/libcutils/fs_config.c
@@ -0,0 +1,145 @@
+/*
+ * Copyright (C) 2007 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/* This file is used to define the properties of the filesystem
+** images generated by build tools (mkbootfs and mkyaffs2image) and
+** by the device side of adb.
+*/
+#define EXCLUDE_FS_CONFIG_STRUCTURES
+#include <stdint.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <private/android_filesystem_config.h>
+/* Temporary while EXCLUDE_FS_CONFIG_STRUCTURES is defined */
+struct fs_path_config {
+    unsigned mode;
+    unsigned uid;
+    unsigned gid;
+    uint64_t capabilities;
+    const char *prefix;
+};
+/* Rules for directories.
+** These rules are applied based on "first match", so they
+** should start with the most specific path and work their
+** way up to the root.
+*/
+static const struct fs_path_config android_dirs[] = {
+    { 00770, AID_SYSTEM, AID_CACHE,  0, "cache" },
+    { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app" },
+    { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private" },
+    { 00771, AID_ROOT,   AID_ROOT,   0, "data/dalvik-cache" },
+    { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/data" },
+    { 00771, AID_SHELL,  AID_SHELL,  0, "data/local/tmp" },
+    { 00771, AID_SHELL,  AID_SHELL,  0, "data/local" },
+    { 01771, AID_SYSTEM, AID_MISC,   0, "data/misc" },
+    { 00770, AID_DHCP,   AID_DHCP,   0, "data/misc/dhcp" },
+    { 00771, AID_SHARED_RELRO, AID_SHARED_RELRO, 0, "data/misc/shared_relro" },
+    { 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media" },
+    { 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/Music" },
+    { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data" },
+    { 00750, AID_ROOT,   AID_SHELL,  0, "sbin" },
+    { 00755, AID_ROOT,   AID_SHELL,  0, "system/bin" },
+    { 00755, AID_ROOT,   AID_SHELL,  0, "system/vendor" },
+    { 00755, AID_ROOT,   AID_SHELL,  0, "system/xbin" },
+    { 00755, AID_ROOT,   AID_ROOT,   0, "system/etc/ppp" },
+    { 00755, AID_ROOT,   AID_SHELL,  0, "vendor" },
+    { 00777, AID_ROOT,   AID_ROOT,   0, "sdcard" },
+    { 00755, AID_ROOT,   AID_ROOT,   0, 0 },
+};
+/* Rules for files.
+** These rules are applied based on "first match", so they
+** should start with the most specific path and work their
+** way up to the root. Prefixes ending in * denotes wildcard
+** and will allow partial matches.
+*/
+static const struct fs_path_config android_files[] = {
+    { 00440, AID_ROOT,      AID_SHELL,     0, "system/etc/init.goldfish.rc" },
+    { 00550, AID_ROOT,      AID_SHELL,     0, "system/etc/init.goldfish.sh" },
+    { 00550, AID_ROOT,      AID_SHELL,     0, "system/etc/init.ril" },
+    { 00550, AID_DHCP,      AID_SHELL,     0, "system/etc/dhcpcd/dhcpcd-run-hooks" },
+    { 00555, AID_ROOT,      AID_ROOT,      0, "system/etc/ppp/*" },
+    { 00555, AID_ROOT,      AID_ROOT,      0, "system/etc/rc.*" },
+    { 00644, AID_SYSTEM,    AID_SYSTEM,    0, "data/app/*" },
+    { 00644, AID_MEDIA_RW,  AID_MEDIA_RW,  0, "data/media/*" },
+    { 00644, AID_SYSTEM,    AID_SYSTEM,    0, "data/app-private/*" },
+    { 00644, AID_APP,       AID_APP,       0, "data/data/*" },
+    /* the following five files are INTENTIONALLY set-uid, but they
+     * are NOT included on user builds. */
+    { 04750, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
+    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/librank" },
+    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procrank" },
+    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },
+    { 04770, AID_ROOT,      AID_RADIO,     0, "system/bin/pppd-ril" },
+    /* the following files have enhanced capabilities and ARE included in user builds. */
+    { 00750, AID_ROOT,      AID_SHELL,     (1ULL << CAP_SETUID) | (1ULL << CAP_SETGID), "system/bin/run-as" },
+    { 00700, AID_SYSTEM,    AID_SHELL,     (1ULL << CAP_BLOCK_SUSPEND), "system/bin/inputflinger" },
+    { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/uncrypt" },
+    { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/install-recovery.sh" },
+    { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/*" },
+    { 00755, AID_ROOT,      AID_ROOT,      0, "system/lib/valgrind/*" },
+    { 00755, AID_ROOT,      AID_ROOT,      0, "system/lib64/valgrind/*" },
+    { 00755, AID_ROOT,      AID_SHELL,     0, "system/xbin/*" },
+    { 00755, AID_ROOT,      AID_SHELL,     0, "system/vendor/bin/*" },
+    { 00755, AID_ROOT,      AID_SHELL,     0, "vendor/bin/*" },
+    { 00750, AID_ROOT,      AID_SHELL,     0, "sbin/*" },
+    { 00755, AID_ROOT,      AID_ROOT,      0, "bin/*" },
+    { 00750, AID_ROOT,      AID_SHELL,     0, "init*" },
+    { 00750, AID_ROOT,      AID_SHELL,     0, "sbin/fs_mgr" },
+    { 00640, AID_ROOT,      AID_SHELL,     0, "fstab.*" },
+    { 00644, AID_ROOT,      AID_ROOT,      0, 0 },
+};
+void fs_config(const char *path, int dir,
+               unsigned *uid, unsigned *gid, unsigned *mode, uint64_t *capabilities)
+{
+    const struct fs_path_config *pc;
+    int plen;
+    if (path[0] == '/') {
+        path++;
+    }
+    pc = dir ? android_dirs : android_files;
+    plen = strlen(path);
+    for(; pc->prefix; pc++){
+        int len = strlen(pc->prefix);
+        if (dir) {
+            if(plen < len) continue;
+            if(!strncmp(pc->prefix, path, len)) break;
+            continue;
+        }
+        /* If name ends in * then allow partial matches. */
+        if (pc->prefix[len -1] == '*') {
+            if(!strncmp(pc->prefix, path, len - 1)) break;
+        } else if (plen == len){
+            if(!strncmp(pc->prefix, path, len)) break;
+        }
+    }
+    *uid = pc->uid;
+    *gid = pc->gid;
+    *mode = (*mode & (~07777)) | pc->mode;
+    *capabilities = pc->capabilities;
+}
author	Mark Salyzyn	2015-04-06 12:30:58 -0500
committer	Gerrit Code Review	2015-04-06 12:30:59 -0500
commit	d42df562413c75fd7cd5b8a1d920bde8a3c22735 (patch)
tree	02f95003bbfe7ea476d3aea97686d0e2db8bd37e
parent	d1e90c01f6409cd3babd2c38154aebf9272cd825 (diff)
parent	8b2c7dee59f0ca89e6a0866537054a0d41dbae97 (diff)
download	platform-system-core-d42df562413c75fd7cd5b8a1d920bde8a3c22735.tar.gz platform-system-core-d42df562413c75fd7cd5b8a1d920bde8a3c22735.tar.xz platform-system-core-d42df562413c75fd7cd5b8a1d920bde8a3c22735.zip

diff --git a/libcutils/Android.mk b/libcutils/Android.mk index d4450c619..c636196e6 100644 --- a/libcutils/Android.mk +++ b/libcutils/Android.mk
@@ -32,6 +32,7 @@ commonSources := \
32	sched_policy.c \	32	sched_policy.c \
33	iosched_policy.c \	33	iosched_policy.c \
34	str_parms.c \	34	str_parms.c \
		35	fs_config.c
35		36
36	# some files must not be compiled when building against Mingw	37	# some files must not be compiled when building against Mingw
37	# they correspond to features not used by our host development tools	38	# they correspond to features not used by our host development tools


diff --git a/libcutils/fs_config.c b/libcutils/fs_config.c new file mode 100644 index 000000000..3f6a20204 --- /dev/null +++ b/libcutils/fs_config.c
@@ -0,0 +1,145 @@
		1	/*
		2	* Copyright (C) 2007 The Android Open Source Project
		3	*
		4	* Licensed under the Apache License, Version 2.0 (the "License");
		5	* you may not use this file except in compliance with the License.
		6	* You may obtain a copy of the License at
		7	*
		8	* http://www.apache.org/licenses/LICENSE-2.0
		9	*
		10	* Unless required by applicable law or agreed to in writing, software
		11	* distributed under the License is distributed on an "AS IS" BASIS,
		12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		13	* See the License for the specific language governing permissions and
		14	* limitations under the License.
		15	*/
		16
		17	/* This file is used to define the properties of the filesystem
		18	** images generated by build tools (mkbootfs and mkyaffs2image) and
		19	** by the device side of adb.
		20	*/
		21
		22	#define EXCLUDE_FS_CONFIG_STRUCTURES
		23
		24	#include <stdint.h>
		25	#include <string.h>
		26	#include <sys/stat.h>
		27
		28	#include <private/android_filesystem_config.h>
		29
		30	/* Temporary while EXCLUDE_FS_CONFIG_STRUCTURES is defined */
		31	struct fs_path_config {
		32	unsigned mode;
		33	unsigned uid;
		34	unsigned gid;
		35	uint64_t capabilities;
		36	const char *prefix;
		37	};
		38
		39	/* Rules for directories.
		40	** These rules are applied based on "first match", so they
		41	** should start with the most specific path and work their
		42	** way up to the root.
		43	*/
		44
		45	static const struct fs_path_config android_dirs[] = {
		46	{ 00770, AID_SYSTEM, AID_CACHE, 0, "cache" },
		47	{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app" },
		48	{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private" },
		49	{ 00771, AID_ROOT, AID_ROOT, 0, "data/dalvik-cache" },
		50	{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/data" },
		51	{ 00771, AID_SHELL, AID_SHELL, 0, "data/local/tmp" },
		52	{ 00771, AID_SHELL, AID_SHELL, 0, "data/local" },
		53	{ 01771, AID_SYSTEM, AID_MISC, 0, "data/misc" },
		54	{ 00770, AID_DHCP, AID_DHCP, 0, "data/misc/dhcp" },
		55	{ 00771, AID_SHARED_RELRO, AID_SHARED_RELRO, 0, "data/misc/shared_relro" },
		56	{ 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media" },
		57	{ 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/Music" },
		58	{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data" },
		59	{ 00750, AID_ROOT, AID_SHELL, 0, "sbin" },
		60	{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin" },
		61	{ 00755, AID_ROOT, AID_SHELL, 0, "system/vendor" },
		62	{ 00755, AID_ROOT, AID_SHELL, 0, "system/xbin" },
		63	{ 00755, AID_ROOT, AID_ROOT, 0, "system/etc/ppp" },
		64	{ 00755, AID_ROOT, AID_SHELL, 0, "vendor" },
		65	{ 00777, AID_ROOT, AID_ROOT, 0, "sdcard" },
		66	{ 00755, AID_ROOT, AID_ROOT, 0, 0 },
		67	};
		68
		69	/* Rules for files.
		70	** These rules are applied based on "first match", so they
		71	** should start with the most specific path and work their
		72	** way up to the root. Prefixes ending in * denotes wildcard
		73	** and will allow partial matches.
		74	*/
		75	static const struct fs_path_config android_files[] = {
		76	{ 00440, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.rc" },
		77	{ 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.sh" },
		78	{ 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.ril" },
		79	{ 00550, AID_DHCP, AID_SHELL, 0, "system/etc/dhcpcd/dhcpcd-run-hooks" },
		80	{ 00555, AID_ROOT, AID_ROOT, 0, "system/etc/ppp/*" },
		81	{ 00555, AID_ROOT, AID_ROOT, 0, "system/etc/rc.*" },
		82	{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app/*" },
		83	{ 00644, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/*" },
		84	{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private/*" },
		85	{ 00644, AID_APP, AID_APP, 0, "data/data/*" },
		86
		87	/* the following five files are INTENTIONALLY set-uid, but they
		88	* are NOT included on user builds. */
		89	{ 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
		90	{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/librank" },
		91	{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procrank" },
		92	{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
		93	{ 04770, AID_ROOT, AID_RADIO, 0, "system/bin/pppd-ril" },
		94
		95	/* the following files have enhanced capabilities and ARE included in user builds. */
		96	{ 00750, AID_ROOT, AID_SHELL, (1ULL << CAP_SETUID) \| (1ULL << CAP_SETGID), "system/bin/run-as" },
		97	{ 00700, AID_SYSTEM, AID_SHELL, (1ULL << CAP_BLOCK_SUSPEND), "system/bin/inputflinger" },
		98
		99	{ 00750, AID_ROOT, AID_ROOT, 0, "system/bin/uncrypt" },
		100	{ 00750, AID_ROOT, AID_ROOT, 0, "system/bin/install-recovery.sh" },
		101	{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/*" },
		102	{ 00755, AID_ROOT, AID_ROOT, 0, "system/lib/valgrind/*" },
		103	{ 00755, AID_ROOT, AID_ROOT, 0, "system/lib64/valgrind/*" },
		104	{ 00755, AID_ROOT, AID_SHELL, 0, "system/xbin/*" },
		105	{ 00755, AID_ROOT, AID_SHELL, 0, "system/vendor/bin/*" },
		106	{ 00755, AID_ROOT, AID_SHELL, 0, "vendor/bin/*" },
		107	{ 00750, AID_ROOT, AID_SHELL, 0, "sbin/*" },
		108	{ 00755, AID_ROOT, AID_ROOT, 0, "bin/*" },
		109	{ 00750, AID_ROOT, AID_SHELL, 0, "init*" },
		110	{ 00750, AID_ROOT, AID_SHELL, 0, "sbin/fs_mgr" },
		111	{ 00640, AID_ROOT, AID_SHELL, 0, "fstab.*" },
		112	{ 00644, AID_ROOT, AID_ROOT, 0, 0 },
		113	};
		114
		115	void fs_config(const char *path, int dir,
		116	unsigned uid, unsigned gid, unsigned mode, uint64_t capabilities)
		117	{
		118	const struct fs_path_config *pc;
		119	int plen;
		120
		121	if (path[0] == '/') {
		122	path++;
		123	}
		124
		125	pc = dir ? android_dirs : android_files;
		126	plen = strlen(path);
		127	for(; pc->prefix; pc++){
		128	int len = strlen(pc->prefix);
		129	if (dir) {
		130	if(plen < len) continue;
		131	if(!strncmp(pc->prefix, path, len)) break;
		132	continue;
		133	}
		134	/* If name ends in * then allow partial matches. */
		135	if (pc->prefix[len -1] == '*') {
		136	if(!strncmp(pc->prefix, path, len - 1)) break;
		137	} else if (plen == len){
		138	if(!strncmp(pc->prefix, path, len)) break;
		139	}
		140	}
		141	*uid = pc->uid;
		142	*gid = pc->gid;
		143	mode = (mode & (~07777)) \| pc->mode;
		144	*capabilities = pc->capabilities;
		145	}