summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to 'include')
l---------[-rw-r--r--]include/private/android_filesystem_capability.h120
l---------[-rw-r--r--]include/private/android_filesystem_config.h224
l---------[-rw-r--r--]include/private/canned_fs_config.h27
3 files changed, 3 insertions, 368 deletions
diff --git a/include/private/android_filesystem_capability.h b/include/private/android_filesystem_capability.h
index b92d3db16..f310b35f5 100644..120000
--- a/include/private/android_filesystem_capability.h
+++ b/include/private/android_filesystem_capability.h
@@ -1,119 +1 @@
1/* ../../libcutils/include/private/android_filesystem_capability.h \ No newline at end of file
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/*
18 * Taken from linux/capability.h, with minor modifications
19 */
20
21#ifndef _SYSTEM_CORE_INCLUDE_PRIVATE_ANDROID_FILESYSTEM_CAPABILITY_H
22#define _SYSTEM_CORE_INCLUDE_PRIVATE_ANDROID_FILESYSTEM_CAPABILITY_H
23
24#include <stdint.h>
25
26#define __user
27#define __u32 uint32_t
28#define __le32 uint32_t
29
30#define _LINUX_CAPABILITY_VERSION_1 0x19980330
31#define _LINUX_CAPABILITY_U32S_1 1
32#define _LINUX_CAPABILITY_VERSION_2 0x20071026
33#define _LINUX_CAPABILITY_U32S_2 2
34#define _LINUX_CAPABILITY_VERSION_3 0x20080522
35#define _LINUX_CAPABILITY_U32S_3 2
36
37typedef struct __user_cap_header_struct {
38 __u32 version;
39 int pid;
40} __user *cap_user_header_t;
41
42typedef struct __user_cap_data_struct {
43 __u32 effective;
44 __u32 permitted;
45 __u32 inheritable;
46} __user *cap_user_data_t;
47
48#define VFS_CAP_REVISION_MASK 0xFF000000
49#define VFS_CAP_REVISION_SHIFT 24
50#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK
51#define VFS_CAP_FLAGS_EFFECTIVE 0x000001
52#define VFS_CAP_REVISION_1 0x01000000
53#define VFS_CAP_U32_1 1
54#define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1))
55#define VFS_CAP_REVISION_2 0x02000000
56#define VFS_CAP_U32_2 2
57#define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2))
58#define XATTR_CAPS_SZ XATTR_CAPS_SZ_2
59#define VFS_CAP_U32 VFS_CAP_U32_2
60#define VFS_CAP_REVISION VFS_CAP_REVISION_2
61
62struct vfs_cap_data {
63 __le32 magic_etc;
64 struct {
65 __le32 permitted;
66 __le32 inheritable;
67 } data[VFS_CAP_U32];
68};
69
70#define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1
71#define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1
72#define CAP_CHOWN 0
73#define CAP_DAC_OVERRIDE 1
74#define CAP_DAC_READ_SEARCH 2
75#define CAP_FOWNER 3
76#define CAP_FSETID 4
77#define CAP_KILL 5
78#define CAP_SETGID 6
79#define CAP_SETUID 7
80#define CAP_SETPCAP 8
81#define CAP_LINUX_IMMUTABLE 9
82#define CAP_NET_BIND_SERVICE 10
83#define CAP_NET_BROADCAST 11
84#define CAP_NET_ADMIN 12
85#define CAP_NET_RAW 13
86#define CAP_IPC_LOCK 14
87#define CAP_IPC_OWNER 15
88#define CAP_SYS_MODULE 16
89#define CAP_SYS_RAWIO 17
90#define CAP_SYS_CHROOT 18
91#define CAP_SYS_PTRACE 19
92#define CAP_SYS_PACCT 20
93#define CAP_SYS_ADMIN 21
94#define CAP_SYS_BOOT 22
95#define CAP_SYS_NICE 23
96#define CAP_SYS_RESOURCE 24
97#define CAP_SYS_TIME 25
98#define CAP_SYS_TTY_CONFIG 26
99#define CAP_MKNOD 27
100#define CAP_LEASE 28
101#define CAP_AUDIT_WRITE 29
102#define CAP_AUDIT_CONTROL 30
103#define CAP_SETFCAP 31
104#define CAP_MAC_OVERRIDE 32
105#define CAP_MAC_ADMIN 33
106#define CAP_SYSLOG 34
107#define CAP_WAKE_ALARM 35
108#define CAP_BLOCK_SUSPEND 36
109#define CAP_AUDIT_READ 37
110#define CAP_LAST_CAP CAP_AUDIT_READ
111#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
112#define CAP_TO_INDEX(x) ((x) >> 5)
113#define CAP_TO_MASK(x) (1 << ((x) & 31))
114
115#undef __user
116#undef __u32
117#undef __le32
118
119#endif
diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h
index d20007075..f28a5641f 100644..120000
--- a/include/private/android_filesystem_config.h
+++ b/include/private/android_filesystem_config.h
@@ -1,223 +1 @@
1/* ../../libcutils/include/private/android_filesystem_config.h \ No newline at end of file
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* This file is used to define the properties of the filesystem
18** images generated by build tools (mkbootfs and mkyaffs2image) and
19** by the device side of adb.
20*/
21
22/*
23 * This file is consumed by build/tools/fs_config and is used
24 * for generating various files. Anything #define AID_<name>
25 * becomes the mapping for getpwnam/getpwuid, etc. The <name>
26 * field is lowercased.
27 * For example:
28 * #define AID_FOO_BAR 6666 becomes a friendly name of "foo_bar"
29 *
30 * The above holds true with the exception of:
31 * mediacodec
32 * mediaex
33 * mediadrm
34 * Whose friendly names do not match the #define statements.
35 *
36 * Additionally, AID_OEM_RESERVED_START and AID_OEM_RESERVED_END
37 * can be used to define reserved OEM ranges used for sanity checks
38 * during the build process. The rules are, they must end with START/END
39 * The proper convention is incrementing a number like so:
40 * AID_OEM_RESERVED_START
41 * AID_OEM_RESERVED_1_START
42 * AID_OEM_RESERVED_2_START
43 * ...
44 * The same applies to the END.
45 * They are not required to be in order, but must not overlap each other and
46 * must define a START and END'ing range. START must be smaller than END.
47 */
48
49#ifndef _ANDROID_FILESYSTEM_CONFIG_H_
50#define _ANDROID_FILESYSTEM_CONFIG_H_
51
52#include <sys/cdefs.h>
53#include <sys/types.h>
54#include <stdint.h>
55
56#if defined(__ANDROID__)
57#include <linux/capability.h>
58#else
59#include "android_filesystem_capability.h"
60#endif
61
62#define CAP_MASK_LONG(cap_name) (1ULL << (cap_name))
63
64/* This is the master Users and Groups config for the platform.
65 * DO NOT EVER RENUMBER
66 */
67
68#define AID_ROOT 0 /* traditional unix root user */
69
70#define AID_SYSTEM 1000 /* system server */
71
72#define AID_RADIO 1001 /* telephony subsystem, RIL */
73#define AID_BLUETOOTH 1002 /* bluetooth subsystem */
74#define AID_GRAPHICS 1003 /* graphics devices */
75#define AID_INPUT 1004 /* input devices */
76#define AID_AUDIO 1005 /* audio devices */
77#define AID_CAMERA 1006 /* camera devices */
78#define AID_LOG 1007 /* log devices */
79#define AID_COMPASS 1008 /* compass device */
80#define AID_MOUNT 1009 /* mountd socket */
81#define AID_WIFI 1010 /* wifi subsystem */
82#define AID_ADB 1011 /* android debug bridge (adbd) */
83#define AID_INSTALL 1012 /* group for installing packages */
84#define AID_MEDIA 1013 /* mediaserver process */
85#define AID_DHCP 1014 /* dhcp client */
86#define AID_SDCARD_RW 1015 /* external storage write access */
87#define AID_VPN 1016 /* vpn system */
88#define AID_KEYSTORE 1017 /* keystore subsystem */
89#define AID_USB 1018 /* USB devices */
90#define AID_DRM 1019 /* DRM server */
91#define AID_MDNSR 1020 /* MulticastDNSResponder (service discovery) */
92#define AID_GPS 1021 /* GPS daemon */
93#define AID_UNUSED1 1022 /* deprecated, DO NOT USE */
94#define AID_MEDIA_RW 1023 /* internal media storage write access */
95#define AID_MTP 1024 /* MTP USB driver access */
96#define AID_UNUSED2 1025 /* deprecated, DO NOT USE */
97#define AID_DRMRPC 1026 /* group for drm rpc */
98#define AID_NFC 1027 /* nfc subsystem */
99#define AID_SDCARD_R 1028 /* external storage read access */
100#define AID_CLAT 1029 /* clat part of nat464 */
101#define AID_LOOP_RADIO 1030 /* loop radio devices */
102#define AID_MEDIA_DRM 1031 /* MediaDrm plugins */
103#define AID_PACKAGE_INFO 1032 /* access to installed package details */
104#define AID_SDCARD_PICS 1033 /* external storage photos access */
105#define AID_SDCARD_AV 1034 /* external storage audio/video access */
106#define AID_SDCARD_ALL 1035 /* access all users external storage */
107#define AID_LOGD 1036 /* log daemon */
108#define AID_SHARED_RELRO 1037 /* creator of shared GNU RELRO files */
109#define AID_DBUS 1038 /* dbus-daemon IPC broker process */
110#define AID_TLSDATE 1039 /* tlsdate unprivileged user */
111#define AID_MEDIA_EX 1040 /* mediaextractor process */
112#define AID_AUDIOSERVER 1041 /* audioserver process */
113#define AID_METRICS_COLL 1042 /* metrics_collector process */
114#define AID_METRICSD 1043 /* metricsd process */
115#define AID_WEBSERV 1044 /* webservd process */
116#define AID_DEBUGGERD 1045 /* debuggerd unprivileged user */
117#define AID_MEDIA_CODEC 1046 /* mediacodec process */
118#define AID_CAMERASERVER 1047 /* cameraserver process */
119#define AID_FIREWALL 1048 /* firewalld process */
120#define AID_TRUNKS 1049 /* trunksd process (TPM daemon) */
121#define AID_NVRAM 1050 /* Access-controlled NVRAM */
122#define AID_DNS 1051 /* DNS resolution daemon (system: netd) */
123#define AID_DNS_TETHER 1052 /* DNS resolution daemon (tether: dnsmasq) */
124#define AID_WEBVIEW_ZYGOTE 1053 /* WebView zygote process */
125#define AID_VEHICLE_NETWORK 1054 /* Vehicle network service */
126#define AID_MEDIA_AUDIO 1055 /* GID for audio files on internal media storage */
127#define AID_MEDIA_VIDEO 1056 /* GID for video files on internal media storage */
128#define AID_MEDIA_IMAGE 1057 /* GID for image files on internal media storage */
129#define AID_TOMBSTONED 1058 /* tombstoned user */
130#define AID_MEDIA_OBB 1059 /* GID for OBB files on internal media storage */
131#define AID_ESE 1060 /* embedded secure element (eSE) subsystem */
132#define AID_OTA_UPDATE 1061 /* resource tracking UID for OTA updates */
133/* Changes to this file must be made in AOSP, *not* in internal branches. */
134
135#define AID_SHELL 2000 /* adb and debug shell user */
136#define AID_CACHE 2001 /* cache access */
137#define AID_DIAG 2002 /* access to diagnostic resources */
138
139/* The range 2900-2999 is reserved for OEM, and must never be
140 * used here */
141#define AID_OEM_RESERVED_START 2900
142#define AID_OEM_RESERVED_END 2999
143
144/* The 3000 series are intended for use as supplemental group id's only.
145 * They indicate special Android capabilities that the kernel is aware of. */
146#define AID_NET_BT_ADMIN 3001 /* bluetooth: create any socket */
147#define AID_NET_BT 3002 /* bluetooth: create sco, rfcomm or l2cap sockets */
148#define AID_INET 3003 /* can create AF_INET and AF_INET6 sockets */
149#define AID_NET_RAW 3004 /* can create raw INET sockets */
150#define AID_NET_ADMIN 3005 /* can configure interfaces and routing tables. */
151#define AID_NET_BW_STATS 3006 /* read bandwidth statistics */
152#define AID_NET_BW_ACCT 3007 /* change bandwidth statistics accounting */
153#define AID_READPROC 3009 /* Allow /proc read access */
154#define AID_WAKELOCK 3010 /* Allow system wakelock read/write access */
155
156/* The range 5000-5999 is also reserved for OEM, and must never be used here. */
157#define AID_OEM_RESERVED_2_START 5000
158#define AID_OEM_RESERVED_2_END 5999
159
160#define AID_EVERYBODY 9997 /* shared between all apps in the same profile */
161#define AID_MISC 9998 /* access to misc storage */
162#define AID_NOBODY 9999
163
164#define AID_APP 10000 /* TODO: switch users over to AID_APP_START */
165#define AID_APP_START 10000 /* first app user */
166#define AID_APP_END 19999 /* last app user */
167
168#define AID_CACHE_GID_START 20000 /* start of gids for apps to mark cached data */
169#define AID_CACHE_GID_END 29999 /* end of gids for apps to mark cached data */
170
171#define AID_EXT_GID_START 30000 /* start of gids for apps to mark external data */
172#define AID_EXT_GID_END 39999 /* end of gids for apps to mark external data */
173
174#define AID_SHARED_GID_START 50000 /* start of gids for apps in each user to share */
175#define AID_SHARED_GID_END 59999 /* end of gids for apps in each user to share */
176
177#define AID_ISOLATED_START 99000 /* start of uids for fully isolated sandboxed processes */
178#define AID_ISOLATED_END 99999 /* end of uids for fully isolated sandboxed processes */
179
180#define AID_USER 100000 /* TODO: switch users over to AID_USER_OFFSET */
181#define AID_USER_OFFSET 100000 /* offset for uid ranges for each user */
182
183/*
184 * android_ids has moved to pwd/grp functionality.
185 * If you need to add one, the structure is now
186 * auto-generated based on the AID_ constraints
187 * documented at the top of this header file.
188 * Also see build/tools/fs_config for more details.
189 */
190
191#if !defined(EXCLUDE_FS_CONFIG_STRUCTURES)
192
193struct fs_path_config {
194 unsigned mode;
195 unsigned uid;
196 unsigned gid;
197 uint64_t capabilities;
198 const char *prefix;
199};
200
201/* Rules for directories and files has moved to system/code/libcutils/fs_config.c */
202
203__BEGIN_DECLS
204
205/*
206 * Used in:
207 * build/tools/fs_config/fs_config.c
208 * build/tools/fs_get_stats/fs_get_stats.c
209 * system/extras/ext4_utils/make_ext4fs_main.c
210 * external/squashfs-tools/squashfs-tools/android.c
211 * system/core/cpio/mkbootfs.c
212 * system/core/adb/file_sync_service.cpp
213 * system/extras/ext4_utils/canned_fs_config.c
214 */
215void fs_config(const char *path, int dir, const char *target_out_path,
216 unsigned *uid, unsigned *gid, unsigned *mode, uint64_t *capabilities);
217
218ssize_t fs_config_generate(char *buffer, size_t length, const struct fs_path_config *pc);
219
220__END_DECLS
221
222#endif
223#endif
diff --git a/include/private/canned_fs_config.h b/include/private/canned_fs_config.h
index d9f51ca3e..8f92b2d6a 100644..120000
--- a/include/private/canned_fs_config.h
+++ b/include/private/canned_fs_config.h
@@ -1,26 +1 @@
1/* ../../libcutils/include/private/canned_fs_config.h \ No newline at end of file
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef _CANNED_FS_CONFIG_H
18#define _CANNED_FS_CONFIG_H
19
20#include <inttypes.h>
21
22int load_canned_fs_config(const char* fn);
23void canned_fs_config(const char* path, int dir, const char* target_out_path,
24 unsigned* uid, unsigned* gid, unsigned* mode, uint64_t* capabilities);
25
26#endif