diff options
author | Mark Salyzyn | 2015-04-06 12:30:58 -0500 |
---|---|---|
committer | Gerrit Code Review | 2015-04-06 12:30:59 -0500 |
commit | d42df562413c75fd7cd5b8a1d920bde8a3c22735 (patch) | |
tree | 02f95003bbfe7ea476d3aea97686d0e2db8bd37e | |
parent | d1e90c01f6409cd3babd2c38154aebf9272cd825 (diff) | |
parent | 8b2c7dee59f0ca89e6a0866537054a0d41dbae97 (diff) | |
download | platform-system-core-d42df562413c75fd7cd5b8a1d920bde8a3c22735.tar.gz platform-system-core-d42df562413c75fd7cd5b8a1d920bde8a3c22735.tar.xz platform-system-core-d42df562413c75fd7cd5b8a1d920bde8a3c22735.zip |
Merge "libcutils: add fs_config"
-rw-r--r-- | libcutils/Android.mk | 1 | ||||
-rw-r--r-- | libcutils/fs_config.c | 145 |
2 files changed, 146 insertions, 0 deletions
diff --git a/libcutils/Android.mk b/libcutils/Android.mk index d4450c619..c636196e6 100644 --- a/libcutils/Android.mk +++ b/libcutils/Android.mk | |||
@@ -32,6 +32,7 @@ commonSources := \ | |||
32 | sched_policy.c \ | 32 | sched_policy.c \ |
33 | iosched_policy.c \ | 33 | iosched_policy.c \ |
34 | str_parms.c \ | 34 | str_parms.c \ |
35 | fs_config.c | ||
35 | 36 | ||
36 | # some files must not be compiled when building against Mingw | 37 | # some files must not be compiled when building against Mingw |
37 | # they correspond to features not used by our host development tools | 38 | # they correspond to features not used by our host development tools |
diff --git a/libcutils/fs_config.c b/libcutils/fs_config.c new file mode 100644 index 000000000..3f6a20204 --- /dev/null +++ b/libcutils/fs_config.c | |||
@@ -0,0 +1,145 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2007 The Android Open Source Project | ||
3 | * | ||
4 | * Licensed under the Apache License, Version 2.0 (the "License"); | ||
5 | * you may not use this file except in compliance with the License. | ||
6 | * You may obtain a copy of the License at | ||
7 | * | ||
8 | * http://www.apache.org/licenses/LICENSE-2.0 | ||
9 | * | ||
10 | * Unless required by applicable law or agreed to in writing, software | ||
11 | * distributed under the License is distributed on an "AS IS" BASIS, | ||
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
13 | * See the License for the specific language governing permissions and | ||
14 | * limitations under the License. | ||
15 | */ | ||
16 | |||
17 | /* This file is used to define the properties of the filesystem | ||
18 | ** images generated by build tools (mkbootfs and mkyaffs2image) and | ||
19 | ** by the device side of adb. | ||
20 | */ | ||
21 | |||
22 | #define EXCLUDE_FS_CONFIG_STRUCTURES | ||
23 | |||
24 | #include <stdint.h> | ||
25 | #include <string.h> | ||
26 | #include <sys/stat.h> | ||
27 | |||
28 | #include <private/android_filesystem_config.h> | ||
29 | |||
30 | /* Temporary while EXCLUDE_FS_CONFIG_STRUCTURES is defined */ | ||
31 | struct fs_path_config { | ||
32 | unsigned mode; | ||
33 | unsigned uid; | ||
34 | unsigned gid; | ||
35 | uint64_t capabilities; | ||
36 | const char *prefix; | ||
37 | }; | ||
38 | |||
39 | /* Rules for directories. | ||
40 | ** These rules are applied based on "first match", so they | ||
41 | ** should start with the most specific path and work their | ||
42 | ** way up to the root. | ||
43 | */ | ||
44 | |||
45 | static const struct fs_path_config android_dirs[] = { | ||
46 | { 00770, AID_SYSTEM, AID_CACHE, 0, "cache" }, | ||
47 | { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app" }, | ||
48 | { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private" }, | ||
49 | { 00771, AID_ROOT, AID_ROOT, 0, "data/dalvik-cache" }, | ||
50 | { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/data" }, | ||
51 | { 00771, AID_SHELL, AID_SHELL, 0, "data/local/tmp" }, | ||
52 | { 00771, AID_SHELL, AID_SHELL, 0, "data/local" }, | ||
53 | { 01771, AID_SYSTEM, AID_MISC, 0, "data/misc" }, | ||
54 | { 00770, AID_DHCP, AID_DHCP, 0, "data/misc/dhcp" }, | ||
55 | { 00771, AID_SHARED_RELRO, AID_SHARED_RELRO, 0, "data/misc/shared_relro" }, | ||
56 | { 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media" }, | ||
57 | { 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/Music" }, | ||
58 | { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data" }, | ||
59 | { 00750, AID_ROOT, AID_SHELL, 0, "sbin" }, | ||
60 | { 00755, AID_ROOT, AID_SHELL, 0, "system/bin" }, | ||
61 | { 00755, AID_ROOT, AID_SHELL, 0, "system/vendor" }, | ||
62 | { 00755, AID_ROOT, AID_SHELL, 0, "system/xbin" }, | ||
63 | { 00755, AID_ROOT, AID_ROOT, 0, "system/etc/ppp" }, | ||
64 | { 00755, AID_ROOT, AID_SHELL, 0, "vendor" }, | ||
65 | { 00777, AID_ROOT, AID_ROOT, 0, "sdcard" }, | ||
66 | { 00755, AID_ROOT, AID_ROOT, 0, 0 }, | ||
67 | }; | ||
68 | |||
69 | /* Rules for files. | ||
70 | ** These rules are applied based on "first match", so they | ||
71 | ** should start with the most specific path and work their | ||
72 | ** way up to the root. Prefixes ending in * denotes wildcard | ||
73 | ** and will allow partial matches. | ||
74 | */ | ||
75 | static const struct fs_path_config android_files[] = { | ||
76 | { 00440, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.rc" }, | ||
77 | { 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.sh" }, | ||
78 | { 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.ril" }, | ||
79 | { 00550, AID_DHCP, AID_SHELL, 0, "system/etc/dhcpcd/dhcpcd-run-hooks" }, | ||
80 | { 00555, AID_ROOT, AID_ROOT, 0, "system/etc/ppp/*" }, | ||
81 | { 00555, AID_ROOT, AID_ROOT, 0, "system/etc/rc.*" }, | ||
82 | { 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app/*" }, | ||
83 | { 00644, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/*" }, | ||
84 | { 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private/*" }, | ||
85 | { 00644, AID_APP, AID_APP, 0, "data/data/*" }, | ||
86 | |||
87 | /* the following five files are INTENTIONALLY set-uid, but they | ||
88 | * are NOT included on user builds. */ | ||
89 | { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" }, | ||
90 | { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/librank" }, | ||
91 | { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procrank" }, | ||
92 | { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" }, | ||
93 | { 04770, AID_ROOT, AID_RADIO, 0, "system/bin/pppd-ril" }, | ||
94 | |||
95 | /* the following files have enhanced capabilities and ARE included in user builds. */ | ||
96 | { 00750, AID_ROOT, AID_SHELL, (1ULL << CAP_SETUID) | (1ULL << CAP_SETGID), "system/bin/run-as" }, | ||
97 | { 00700, AID_SYSTEM, AID_SHELL, (1ULL << CAP_BLOCK_SUSPEND), "system/bin/inputflinger" }, | ||
98 | |||
99 | { 00750, AID_ROOT, AID_ROOT, 0, "system/bin/uncrypt" }, | ||
100 | { 00750, AID_ROOT, AID_ROOT, 0, "system/bin/install-recovery.sh" }, | ||
101 | { 00755, AID_ROOT, AID_SHELL, 0, "system/bin/*" }, | ||
102 | { 00755, AID_ROOT, AID_ROOT, 0, "system/lib/valgrind/*" }, | ||
103 | { 00755, AID_ROOT, AID_ROOT, 0, "system/lib64/valgrind/*" }, | ||
104 | { 00755, AID_ROOT, AID_SHELL, 0, "system/xbin/*" }, | ||
105 | { 00755, AID_ROOT, AID_SHELL, 0, "system/vendor/bin/*" }, | ||
106 | { 00755, AID_ROOT, AID_SHELL, 0, "vendor/bin/*" }, | ||
107 | { 00750, AID_ROOT, AID_SHELL, 0, "sbin/*" }, | ||
108 | { 00755, AID_ROOT, AID_ROOT, 0, "bin/*" }, | ||
109 | { 00750, AID_ROOT, AID_SHELL, 0, "init*" }, | ||
110 | { 00750, AID_ROOT, AID_SHELL, 0, "sbin/fs_mgr" }, | ||
111 | { 00640, AID_ROOT, AID_SHELL, 0, "fstab.*" }, | ||
112 | { 00644, AID_ROOT, AID_ROOT, 0, 0 }, | ||
113 | }; | ||
114 | |||
115 | void fs_config(const char *path, int dir, | ||
116 | unsigned *uid, unsigned *gid, unsigned *mode, uint64_t *capabilities) | ||
117 | { | ||
118 | const struct fs_path_config *pc; | ||
119 | int plen; | ||
120 | |||
121 | if (path[0] == '/') { | ||
122 | path++; | ||
123 | } | ||
124 | |||
125 | pc = dir ? android_dirs : android_files; | ||
126 | plen = strlen(path); | ||
127 | for(; pc->prefix; pc++){ | ||
128 | int len = strlen(pc->prefix); | ||
129 | if (dir) { | ||
130 | if(plen < len) continue; | ||
131 | if(!strncmp(pc->prefix, path, len)) break; | ||
132 | continue; | ||
133 | } | ||
134 | /* If name ends in * then allow partial matches. */ | ||
135 | if (pc->prefix[len -1] == '*') { | ||
136 | if(!strncmp(pc->prefix, path, len - 1)) break; | ||
137 | } else if (plen == len){ | ||
138 | if(!strncmp(pc->prefix, path, len)) break; | ||
139 | } | ||
140 | } | ||
141 | *uid = pc->uid; | ||
142 | *gid = pc->gid; | ||
143 | *mode = (*mode & (~07777)) | pc->mode; | ||
144 | *capabilities = pc->capabilities; | ||
145 | } | ||