diff options
Diffstat (limited to 'include')
l---------[-rw-r--r--] | include/private/android_filesystem_capability.h | 120 | ||||
l---------[-rw-r--r--] | include/private/android_filesystem_config.h | 224 | ||||
l---------[-rw-r--r--] | include/private/canned_fs_config.h | 27 |
3 files changed, 3 insertions, 368 deletions
diff --git a/include/private/android_filesystem_capability.h b/include/private/android_filesystem_capability.h index b92d3db16..f310b35f5 100644..120000 --- a/include/private/android_filesystem_capability.h +++ b/include/private/android_filesystem_capability.h | |||
@@ -1,119 +1 @@ | |||
1 | /* | ../../libcutils/include/private/android_filesystem_capability.h \ No newline at end of file | |
2 | * Copyright (C) 2013 The Android Open Source Project | ||
3 | * | ||
4 | * Licensed under the Apache License, Version 2.0 (the "License"); | ||
5 | * you may not use this file except in compliance with the License. | ||
6 | * You may obtain a copy of the License at | ||
7 | * | ||
8 | * http://www.apache.org/licenses/LICENSE-2.0 | ||
9 | * | ||
10 | * Unless required by applicable law or agreed to in writing, software | ||
11 | * distributed under the License is distributed on an "AS IS" BASIS, | ||
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
13 | * See the License for the specific language governing permissions and | ||
14 | * limitations under the License. | ||
15 | */ | ||
16 | |||
17 | /* | ||
18 | * Taken from linux/capability.h, with minor modifications | ||
19 | */ | ||
20 | |||
21 | #ifndef _SYSTEM_CORE_INCLUDE_PRIVATE_ANDROID_FILESYSTEM_CAPABILITY_H | ||
22 | #define _SYSTEM_CORE_INCLUDE_PRIVATE_ANDROID_FILESYSTEM_CAPABILITY_H | ||
23 | |||
24 | #include <stdint.h> | ||
25 | |||
26 | #define __user | ||
27 | #define __u32 uint32_t | ||
28 | #define __le32 uint32_t | ||
29 | |||
30 | #define _LINUX_CAPABILITY_VERSION_1 0x19980330 | ||
31 | #define _LINUX_CAPABILITY_U32S_1 1 | ||
32 | #define _LINUX_CAPABILITY_VERSION_2 0x20071026 | ||
33 | #define _LINUX_CAPABILITY_U32S_2 2 | ||
34 | #define _LINUX_CAPABILITY_VERSION_3 0x20080522 | ||
35 | #define _LINUX_CAPABILITY_U32S_3 2 | ||
36 | |||
37 | typedef struct __user_cap_header_struct { | ||
38 | __u32 version; | ||
39 | int pid; | ||
40 | } __user *cap_user_header_t; | ||
41 | |||
42 | typedef struct __user_cap_data_struct { | ||
43 | __u32 effective; | ||
44 | __u32 permitted; | ||
45 | __u32 inheritable; | ||
46 | } __user *cap_user_data_t; | ||
47 | |||
48 | #define VFS_CAP_REVISION_MASK 0xFF000000 | ||
49 | #define VFS_CAP_REVISION_SHIFT 24 | ||
50 | #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK | ||
51 | #define VFS_CAP_FLAGS_EFFECTIVE 0x000001 | ||
52 | #define VFS_CAP_REVISION_1 0x01000000 | ||
53 | #define VFS_CAP_U32_1 1 | ||
54 | #define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1)) | ||
55 | #define VFS_CAP_REVISION_2 0x02000000 | ||
56 | #define VFS_CAP_U32_2 2 | ||
57 | #define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2)) | ||
58 | #define XATTR_CAPS_SZ XATTR_CAPS_SZ_2 | ||
59 | #define VFS_CAP_U32 VFS_CAP_U32_2 | ||
60 | #define VFS_CAP_REVISION VFS_CAP_REVISION_2 | ||
61 | |||
62 | struct vfs_cap_data { | ||
63 | __le32 magic_etc; | ||
64 | struct { | ||
65 | __le32 permitted; | ||
66 | __le32 inheritable; | ||
67 | } data[VFS_CAP_U32]; | ||
68 | }; | ||
69 | |||
70 | #define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1 | ||
71 | #define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1 | ||
72 | #define CAP_CHOWN 0 | ||
73 | #define CAP_DAC_OVERRIDE 1 | ||
74 | #define CAP_DAC_READ_SEARCH 2 | ||
75 | #define CAP_FOWNER 3 | ||
76 | #define CAP_FSETID 4 | ||
77 | #define CAP_KILL 5 | ||
78 | #define CAP_SETGID 6 | ||
79 | #define CAP_SETUID 7 | ||
80 | #define CAP_SETPCAP 8 | ||
81 | #define CAP_LINUX_IMMUTABLE 9 | ||
82 | #define CAP_NET_BIND_SERVICE 10 | ||
83 | #define CAP_NET_BROADCAST 11 | ||
84 | #define CAP_NET_ADMIN 12 | ||
85 | #define CAP_NET_RAW 13 | ||
86 | #define CAP_IPC_LOCK 14 | ||
87 | #define CAP_IPC_OWNER 15 | ||
88 | #define CAP_SYS_MODULE 16 | ||
89 | #define CAP_SYS_RAWIO 17 | ||
90 | #define CAP_SYS_CHROOT 18 | ||
91 | #define CAP_SYS_PTRACE 19 | ||
92 | #define CAP_SYS_PACCT 20 | ||
93 | #define CAP_SYS_ADMIN 21 | ||
94 | #define CAP_SYS_BOOT 22 | ||
95 | #define CAP_SYS_NICE 23 | ||
96 | #define CAP_SYS_RESOURCE 24 | ||
97 | #define CAP_SYS_TIME 25 | ||
98 | #define CAP_SYS_TTY_CONFIG 26 | ||
99 | #define CAP_MKNOD 27 | ||
100 | #define CAP_LEASE 28 | ||
101 | #define CAP_AUDIT_WRITE 29 | ||
102 | #define CAP_AUDIT_CONTROL 30 | ||
103 | #define CAP_SETFCAP 31 | ||
104 | #define CAP_MAC_OVERRIDE 32 | ||
105 | #define CAP_MAC_ADMIN 33 | ||
106 | #define CAP_SYSLOG 34 | ||
107 | #define CAP_WAKE_ALARM 35 | ||
108 | #define CAP_BLOCK_SUSPEND 36 | ||
109 | #define CAP_AUDIT_READ 37 | ||
110 | #define CAP_LAST_CAP CAP_AUDIT_READ | ||
111 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) | ||
112 | #define CAP_TO_INDEX(x) ((x) >> 5) | ||
113 | #define CAP_TO_MASK(x) (1 << ((x) & 31)) | ||
114 | |||
115 | #undef __user | ||
116 | #undef __u32 | ||
117 | #undef __le32 | ||
118 | |||
119 | #endif | ||
diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h index d20007075..f28a5641f 100644..120000 --- a/include/private/android_filesystem_config.h +++ b/include/private/android_filesystem_config.h | |||
@@ -1,223 +1 @@ | |||
1 | /* | ../../libcutils/include/private/android_filesystem_config.h \ No newline at end of file | |
2 | * Copyright (C) 2007 The Android Open Source Project | ||
3 | * | ||
4 | * Licensed under the Apache License, Version 2.0 (the "License"); | ||
5 | * you may not use this file except in compliance with the License. | ||
6 | * You may obtain a copy of the License at | ||
7 | * | ||
8 | * http://www.apache.org/licenses/LICENSE-2.0 | ||
9 | * | ||
10 | * Unless required by applicable law or agreed to in writing, software | ||
11 | * distributed under the License is distributed on an "AS IS" BASIS, | ||
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
13 | * See the License for the specific language governing permissions and | ||
14 | * limitations under the License. | ||
15 | */ | ||
16 | |||
17 | /* This file is used to define the properties of the filesystem | ||
18 | ** images generated by build tools (mkbootfs and mkyaffs2image) and | ||
19 | ** by the device side of adb. | ||
20 | */ | ||
21 | |||
22 | /* | ||
23 | * This file is consumed by build/tools/fs_config and is used | ||
24 | * for generating various files. Anything #define AID_<name> | ||
25 | * becomes the mapping for getpwnam/getpwuid, etc. The <name> | ||
26 | * field is lowercased. | ||
27 | * For example: | ||
28 | * #define AID_FOO_BAR 6666 becomes a friendly name of "foo_bar" | ||
29 | * | ||
30 | * The above holds true with the exception of: | ||
31 | * mediacodec | ||
32 | * mediaex | ||
33 | * mediadrm | ||
34 | * Whose friendly names do not match the #define statements. | ||
35 | * | ||
36 | * Additionally, AID_OEM_RESERVED_START and AID_OEM_RESERVED_END | ||
37 | * can be used to define reserved OEM ranges used for sanity checks | ||
38 | * during the build process. The rules are, they must end with START/END | ||
39 | * The proper convention is incrementing a number like so: | ||
40 | * AID_OEM_RESERVED_START | ||
41 | * AID_OEM_RESERVED_1_START | ||
42 | * AID_OEM_RESERVED_2_START | ||
43 | * ... | ||
44 | * The same applies to the END. | ||
45 | * They are not required to be in order, but must not overlap each other and | ||
46 | * must define a START and END'ing range. START must be smaller than END. | ||
47 | */ | ||
48 | |||
49 | #ifndef _ANDROID_FILESYSTEM_CONFIG_H_ | ||
50 | #define _ANDROID_FILESYSTEM_CONFIG_H_ | ||
51 | |||
52 | #include <sys/cdefs.h> | ||
53 | #include <sys/types.h> | ||
54 | #include <stdint.h> | ||
55 | |||
56 | #if defined(__ANDROID__) | ||
57 | #include <linux/capability.h> | ||
58 | #else | ||
59 | #include "android_filesystem_capability.h" | ||
60 | #endif | ||
61 | |||
62 | #define CAP_MASK_LONG(cap_name) (1ULL << (cap_name)) | ||
63 | |||
64 | /* This is the master Users and Groups config for the platform. | ||
65 | * DO NOT EVER RENUMBER | ||
66 | */ | ||
67 | |||
68 | #define AID_ROOT 0 /* traditional unix root user */ | ||
69 | |||
70 | #define AID_SYSTEM 1000 /* system server */ | ||
71 | |||
72 | #define AID_RADIO 1001 /* telephony subsystem, RIL */ | ||
73 | #define AID_BLUETOOTH 1002 /* bluetooth subsystem */ | ||
74 | #define AID_GRAPHICS 1003 /* graphics devices */ | ||
75 | #define AID_INPUT 1004 /* input devices */ | ||
76 | #define AID_AUDIO 1005 /* audio devices */ | ||
77 | #define AID_CAMERA 1006 /* camera devices */ | ||
78 | #define AID_LOG 1007 /* log devices */ | ||
79 | #define AID_COMPASS 1008 /* compass device */ | ||
80 | #define AID_MOUNT 1009 /* mountd socket */ | ||
81 | #define AID_WIFI 1010 /* wifi subsystem */ | ||
82 | #define AID_ADB 1011 /* android debug bridge (adbd) */ | ||
83 | #define AID_INSTALL 1012 /* group for installing packages */ | ||
84 | #define AID_MEDIA 1013 /* mediaserver process */ | ||
85 | #define AID_DHCP 1014 /* dhcp client */ | ||
86 | #define AID_SDCARD_RW 1015 /* external storage write access */ | ||
87 | #define AID_VPN 1016 /* vpn system */ | ||
88 | #define AID_KEYSTORE 1017 /* keystore subsystem */ | ||
89 | #define AID_USB 1018 /* USB devices */ | ||
90 | #define AID_DRM 1019 /* DRM server */ | ||
91 | #define AID_MDNSR 1020 /* MulticastDNSResponder (service discovery) */ | ||
92 | #define AID_GPS 1021 /* GPS daemon */ | ||
93 | #define AID_UNUSED1 1022 /* deprecated, DO NOT USE */ | ||
94 | #define AID_MEDIA_RW 1023 /* internal media storage write access */ | ||
95 | #define AID_MTP 1024 /* MTP USB driver access */ | ||
96 | #define AID_UNUSED2 1025 /* deprecated, DO NOT USE */ | ||
97 | #define AID_DRMRPC 1026 /* group for drm rpc */ | ||
98 | #define AID_NFC 1027 /* nfc subsystem */ | ||
99 | #define AID_SDCARD_R 1028 /* external storage read access */ | ||
100 | #define AID_CLAT 1029 /* clat part of nat464 */ | ||
101 | #define AID_LOOP_RADIO 1030 /* loop radio devices */ | ||
102 | #define AID_MEDIA_DRM 1031 /* MediaDrm plugins */ | ||
103 | #define AID_PACKAGE_INFO 1032 /* access to installed package details */ | ||
104 | #define AID_SDCARD_PICS 1033 /* external storage photos access */ | ||
105 | #define AID_SDCARD_AV 1034 /* external storage audio/video access */ | ||
106 | #define AID_SDCARD_ALL 1035 /* access all users external storage */ | ||
107 | #define AID_LOGD 1036 /* log daemon */ | ||
108 | #define AID_SHARED_RELRO 1037 /* creator of shared GNU RELRO files */ | ||
109 | #define AID_DBUS 1038 /* dbus-daemon IPC broker process */ | ||
110 | #define AID_TLSDATE 1039 /* tlsdate unprivileged user */ | ||
111 | #define AID_MEDIA_EX 1040 /* mediaextractor process */ | ||
112 | #define AID_AUDIOSERVER 1041 /* audioserver process */ | ||
113 | #define AID_METRICS_COLL 1042 /* metrics_collector process */ | ||
114 | #define AID_METRICSD 1043 /* metricsd process */ | ||
115 | #define AID_WEBSERV 1044 /* webservd process */ | ||
116 | #define AID_DEBUGGERD 1045 /* debuggerd unprivileged user */ | ||
117 | #define AID_MEDIA_CODEC 1046 /* mediacodec process */ | ||
118 | #define AID_CAMERASERVER 1047 /* cameraserver process */ | ||
119 | #define AID_FIREWALL 1048 /* firewalld process */ | ||
120 | #define AID_TRUNKS 1049 /* trunksd process (TPM daemon) */ | ||
121 | #define AID_NVRAM 1050 /* Access-controlled NVRAM */ | ||
122 | #define AID_DNS 1051 /* DNS resolution daemon (system: netd) */ | ||
123 | #define AID_DNS_TETHER 1052 /* DNS resolution daemon (tether: dnsmasq) */ | ||
124 | #define AID_WEBVIEW_ZYGOTE 1053 /* WebView zygote process */ | ||
125 | #define AID_VEHICLE_NETWORK 1054 /* Vehicle network service */ | ||
126 | #define AID_MEDIA_AUDIO 1055 /* GID for audio files on internal media storage */ | ||
127 | #define AID_MEDIA_VIDEO 1056 /* GID for video files on internal media storage */ | ||
128 | #define AID_MEDIA_IMAGE 1057 /* GID for image files on internal media storage */ | ||
129 | #define AID_TOMBSTONED 1058 /* tombstoned user */ | ||
130 | #define AID_MEDIA_OBB 1059 /* GID for OBB files on internal media storage */ | ||
131 | #define AID_ESE 1060 /* embedded secure element (eSE) subsystem */ | ||
132 | #define AID_OTA_UPDATE 1061 /* resource tracking UID for OTA updates */ | ||
133 | /* Changes to this file must be made in AOSP, *not* in internal branches. */ | ||
134 | |||
135 | #define AID_SHELL 2000 /* adb and debug shell user */ | ||
136 | #define AID_CACHE 2001 /* cache access */ | ||
137 | #define AID_DIAG 2002 /* access to diagnostic resources */ | ||
138 | |||
139 | /* The range 2900-2999 is reserved for OEM, and must never be | ||
140 | * used here */ | ||
141 | #define AID_OEM_RESERVED_START 2900 | ||
142 | #define AID_OEM_RESERVED_END 2999 | ||
143 | |||
144 | /* The 3000 series are intended for use as supplemental group id's only. | ||
145 | * They indicate special Android capabilities that the kernel is aware of. */ | ||
146 | #define AID_NET_BT_ADMIN 3001 /* bluetooth: create any socket */ | ||
147 | #define AID_NET_BT 3002 /* bluetooth: create sco, rfcomm or l2cap sockets */ | ||
148 | #define AID_INET 3003 /* can create AF_INET and AF_INET6 sockets */ | ||
149 | #define AID_NET_RAW 3004 /* can create raw INET sockets */ | ||
150 | #define AID_NET_ADMIN 3005 /* can configure interfaces and routing tables. */ | ||
151 | #define AID_NET_BW_STATS 3006 /* read bandwidth statistics */ | ||
152 | #define AID_NET_BW_ACCT 3007 /* change bandwidth statistics accounting */ | ||
153 | #define AID_READPROC 3009 /* Allow /proc read access */ | ||
154 | #define AID_WAKELOCK 3010 /* Allow system wakelock read/write access */ | ||
155 | |||
156 | /* The range 5000-5999 is also reserved for OEM, and must never be used here. */ | ||
157 | #define AID_OEM_RESERVED_2_START 5000 | ||
158 | #define AID_OEM_RESERVED_2_END 5999 | ||
159 | |||
160 | #define AID_EVERYBODY 9997 /* shared between all apps in the same profile */ | ||
161 | #define AID_MISC 9998 /* access to misc storage */ | ||
162 | #define AID_NOBODY 9999 | ||
163 | |||
164 | #define AID_APP 10000 /* TODO: switch users over to AID_APP_START */ | ||
165 | #define AID_APP_START 10000 /* first app user */ | ||
166 | #define AID_APP_END 19999 /* last app user */ | ||
167 | |||
168 | #define AID_CACHE_GID_START 20000 /* start of gids for apps to mark cached data */ | ||
169 | #define AID_CACHE_GID_END 29999 /* end of gids for apps to mark cached data */ | ||
170 | |||
171 | #define AID_EXT_GID_START 30000 /* start of gids for apps to mark external data */ | ||
172 | #define AID_EXT_GID_END 39999 /* end of gids for apps to mark external data */ | ||
173 | |||
174 | #define AID_SHARED_GID_START 50000 /* start of gids for apps in each user to share */ | ||
175 | #define AID_SHARED_GID_END 59999 /* end of gids for apps in each user to share */ | ||
176 | |||
177 | #define AID_ISOLATED_START 99000 /* start of uids for fully isolated sandboxed processes */ | ||
178 | #define AID_ISOLATED_END 99999 /* end of uids for fully isolated sandboxed processes */ | ||
179 | |||
180 | #define AID_USER 100000 /* TODO: switch users over to AID_USER_OFFSET */ | ||
181 | #define AID_USER_OFFSET 100000 /* offset for uid ranges for each user */ | ||
182 | |||
183 | /* | ||
184 | * android_ids has moved to pwd/grp functionality. | ||
185 | * If you need to add one, the structure is now | ||
186 | * auto-generated based on the AID_ constraints | ||
187 | * documented at the top of this header file. | ||
188 | * Also see build/tools/fs_config for more details. | ||
189 | */ | ||
190 | |||
191 | #if !defined(EXCLUDE_FS_CONFIG_STRUCTURES) | ||
192 | |||
193 | struct fs_path_config { | ||
194 | unsigned mode; | ||
195 | unsigned uid; | ||
196 | unsigned gid; | ||
197 | uint64_t capabilities; | ||
198 | const char *prefix; | ||
199 | }; | ||
200 | |||
201 | /* Rules for directories and files has moved to system/code/libcutils/fs_config.c */ | ||
202 | |||
203 | __BEGIN_DECLS | ||
204 | |||
205 | /* | ||
206 | * Used in: | ||
207 | * build/tools/fs_config/fs_config.c | ||
208 | * build/tools/fs_get_stats/fs_get_stats.c | ||
209 | * system/extras/ext4_utils/make_ext4fs_main.c | ||
210 | * external/squashfs-tools/squashfs-tools/android.c | ||
211 | * system/core/cpio/mkbootfs.c | ||
212 | * system/core/adb/file_sync_service.cpp | ||
213 | * system/extras/ext4_utils/canned_fs_config.c | ||
214 | */ | ||
215 | void fs_config(const char *path, int dir, const char *target_out_path, | ||
216 | unsigned *uid, unsigned *gid, unsigned *mode, uint64_t *capabilities); | ||
217 | |||
218 | ssize_t fs_config_generate(char *buffer, size_t length, const struct fs_path_config *pc); | ||
219 | |||
220 | __END_DECLS | ||
221 | |||
222 | #endif | ||
223 | #endif | ||
diff --git a/include/private/canned_fs_config.h b/include/private/canned_fs_config.h index d9f51ca3e..8f92b2d6a 100644..120000 --- a/include/private/canned_fs_config.h +++ b/include/private/canned_fs_config.h | |||
@@ -1,26 +1 @@ | |||
1 | /* | ../../libcutils/include/private/canned_fs_config.h \ No newline at end of file | |
2 | * Copyright (C) 2014 The Android Open Source Project | ||
3 | * | ||
4 | * Licensed under the Apache License, Version 2.0 (the "License"); | ||
5 | * you may not use this file except in compliance with the License. | ||
6 | * You may obtain a copy of the License at | ||
7 | * | ||
8 | * http://www.apache.org/licenses/LICENSE-2.0 | ||
9 | * | ||
10 | * Unless required by applicable law or agreed to in writing, software | ||
11 | * distributed under the License is distributed on an "AS IS" BASIS, | ||
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
13 | * See the License for the specific language governing permissions and | ||
14 | * limitations under the License. | ||
15 | */ | ||
16 | |||
17 | #ifndef _CANNED_FS_CONFIG_H | ||
18 | #define _CANNED_FS_CONFIG_H | ||
19 | |||
20 | #include <inttypes.h> | ||
21 | |||
22 | int load_canned_fs_config(const char* fn); | ||
23 | void canned_fs_config(const char* path, int dir, const char* target_out_path, | ||
24 | unsigned* uid, unsigned* gid, unsigned* mode, uint64_t* capabilities); | ||
25 | |||
26 | #endif | ||