Commit Graph

36 Commits

Author SHA1 Message Date
Jeff Sharkey 39ff0ae0f6 Only check caller when deriving permissions.
Bug: 10547597
Change-Id: Ied909f9047c2567e93dde0f4658d6e4b9ff161ab
2013-08-30 13:58:13 -07:00
Jeff Sharkey aa04e818a4 Fix recursive locking bug.
handle_rename() would end up acquiring the lock twice.  Change to
always derive has_rw inside earlier locks (instead of acquiring a
second time), and pass the value into check_caller_access_to_name().

Bug: 10547597
Change-Id: If5744d6d226a4785676c19d0f7fdf1c05060ed76
2013-08-30 10:28:21 -07:00
Ken Sumrall 57d4b4ea6f Merge "Fix handle_opendir() in the sdcard daemon" into klp-dev 2013-08-15 03:28:31 +00:00
Ken Sumrall 3a8768804c Fix handle_opendir() in the sdcard daemon
The fuse_open_out structure returned to the kernel by handle_opendir()
was not properly initializing all the fields.  The symptom was recursive
ls (ls -R) failing on the emulated sdcard filesystem, because rewinddir(3)
was failing with ESPIPE.

Bug: 7168594
Change-Id: I56ddfd3453e6aac34fe6e001e88c4c46fb2eb271
2013-08-14 20:02:13 -07:00
Jeff Sharkey 977a9f3b1a Add legacy layout support to FUSE, enforce write.
The legacy internal layout places users at the top-level of the
filesystem, so handle with new PERM_LEGACY_PRE_ROOT when requested.

Mirror single OBB directory between all users without requiring fancy
bind mounts by letting a nodes graft in another part of the
underlying tree.

Move to everything having "sdcard_r" GID by default, and verify that
calling apps hold "sdcard_rw" when performing mutations. Determines
app group membership from new packages.list column.

Flag to optionally enable sdcard_pics/sdcard_av permissions
splitting. Flag to supply a default GID for all files. Ignore
attempts to access security sensitive files. Fix run-as to check for
new "package_info" GID.

Change-Id: Id5f3680779109141c65fb8fa1daf56597f49ea0d
2013-08-14 12:01:38 -07:00
Jeff Sharkey dfe0cbab3f Richer SD card permissions through FUSE.
Changes the FUSE daemon to synthesize an Android-specific set of
filesystem permissions, even when the underlying media storage is
permissionless.  This is designed to support several features:

First, apps can access their own files in /Android/data/com.example/
without requiring any external storage permissions.  This is enabled
by allowing o+x on parent directories, and assigning the UID owner
based on the directory name (package name).  The mapping from package
to appId is parsed from packages.list, which is updated when apps are
added/removed.  Changes are observed through inotify.  It creates
missing package name directories when requested and valid.

Second, support for separate permissions for photos and audio/video
content on the device through new GIDs which are assigned based on
top-level directory names.

Finally, support for multi-user separation on the same physical media
through new /Android/user/ directory, which will be bind-mounted
into place.  It recursively applies the above rules to each secondary
user.

rwxrwx--x root:sdcard_rw     /
rwxrwx--- root:sdcard_pics   /Pictures
rwxrwx--- root:sdcard_av     /Music

rwxrwx--x root:sdcard_rw     /Android
rwxrwx--x root:sdcard_rw     /Android/data
rwxrwx--- u0_a12:sdcard_rw   /Android/data/com.example
rwxrwx--x root:sdcard_rw     /Android/obb/
rwxrwx--- u0_a12:sdcard_rw   /Android/obb/com.example

rwxrwx--- root:sdcard_all    /Android/user
rwxrwx--x root:sdcard_rw     /Android/user/10
rwxrwx--- u10_a12:sdcard_rw  /Android/user/10/Android/data/com.example

These derived permissions are disabled by default.  Switched option
parsing to getopt().

Change-Id: I21bf5d79d13f0f07a6a116122b16395f4f97505b
2013-08-08 17:26:41 -07:00
Ken Sumrall 2fd72cc221 Raise the max file open limit in sdcard
The default is 1024 files, and in some testing, the limit has been
hit.  This raises the limit to 8192.  Going higher starts to cause
performance issues (I started to notice that around 16K open files
in my testing) as sdcard does linear searches.  If a higher max
is needed, then the sdcard daemon will need some optimizations.

Bug: 7442187

Change-Id: I7aba7f4556ed70651f36244294a6756f3d6b8963
2013-02-11 15:42:22 -08:00
Jean-Baptiste Queru e92372ba9e resolved conflicts for merge of 2237ca4c to jb-mr1-dev
Change-Id: I04982ff2b092274b940a621b238c2246349aa85e
2012-08-15 10:01:12 -07:00
Edwin Vane 29bdc876e4 Fixing signed/unsigned comparison warnings
Clang turned up some signed/unsigned comparison warnings. These warnings
have been fixed by cleaning up sdcard slightly:
- Don't use negative numbers for invalid gid/uid.
- sdcard takes a fixed number of arguments now so assert on that instead
  of using a for loop.
  - Also fixed usage string to reflect this fact.

Change-Id: Iee58a8e9aaedb3d40ad7dfeef63d8cd1fe1cd248
Author: Edwin Vane <edwin.vane@intel.com>
Reviewed-by: Kevin P Schoedel <kevin.p.schoedel@intel.com>
2012-08-14 13:16:55 -04:00
Jeff Sharkey e169bd05ec Source and destination paths for sdcard.
Enables init.rc to provide both paths, instead of hard-coding the
destination.

Bug: 6925012
Change-Id: I666cde710baad965b98619b68fcbcbb104973da3
2012-08-13 16:58:39 -07:00
Jeff Brown 6249b9009f Make sdcard daemon multi-threaded.
The essential idea here is that a handler thread only needs to
hold a lock on the global node table while it is manipulating
nodes.  The actual I/O operation is then performed without
holding any locks.

By default, we use 2 threads but this can be configured on the
command-line.  Work is sheduled somewhat arbitrarily by the
handler threads.  Whichever thread happens to read() the next
request first wins the right process it.  This policy is very
simple but potentially wastes threads when there isn't much
work to be done.  We can always improve this later if needed.

Change-Id: Id27a27c2c9b40d4f8e35a6bef9dd84f0dfacf337
2012-06-04 13:15:04 -07:00
Jeff Brown fc1e1a0ab4 Refactor request opcode handlers.
This is mostly a structural change.  The handlers have been moved
into individual functions, which will help with upcoming changes.

Change-Id: I774739d859e177d6b5d4186d2771444166b734fa
2012-06-04 13:14:16 -07:00
Jeff Brown 7729d2450f Move buffers into a handler structure.
Also use PATH_MAX instead of PATH_BUFFER to determine the
maximum path length.

Change-Id: Ic78f731d339a2a97766d29d222dd27cac4e620ce
2012-06-04 13:14:04 -07:00
Jeff Brown 6fd921ae03 Implement FUSE_FSYNC request.
This request is needed for application correctness, without which
data corruption may result.

Bug: 6488845
Change-Id: I3d676c2e40f6e6b37d5d270c7cb40f1bf8c1fa47
2012-06-04 13:13:57 -07:00
Jeff Brown 847158476c More code cleanup.
Use constants to specify MAX_READ and MAX_WRITE buffer sizes and
use that to determine the size of the buffers that we need.

Be more careful about how the request header and data payload are
extracted.  For example, the old code did len -= hdr->len, but
since len == hdr->len, this value was always 0.  It turns out we
didn't use len thereafter, but we might want to for sanity checking
incoming requests.

Use const to make it clearer what data is coming out of the request.

Removed spurious error reply from FUSE_WRITE.  It serves no purpose
and is ignored by the kernel.

Bug: 6488845
Change-Id: Ia328532979868f0aaea43744a49662f2f4511bfe
2012-06-04 13:13:48 -07:00
Jeff Brown 2656735f51 Code cleanup.
Removed references to unsupported command-line arguments.

Fixed compiler warnings.

Bug: 6488845
Change-Id: I50cb865609ea0fa5824ae2741b831cd886033055
2012-06-04 13:13:39 -07:00
Sundar Raman e5d32128b0 sdcard: use FUSE_BIG_WRITES for FUSE writes
Slightly optimizes the writes used by sdcard to increase
throughput and decrease cpu load. Update the read
size to 256 x 1024 + 128 from current 8192 bytes since
writes can go as high as that.

Change-Id: I3bad425f31d4aa6f44f546e3d31439fd5bdca9ea
Signed-off-by: Sundar Raman <sunds@ti.com>
2012-05-01 15:28:05 -07:00
Jeff Sharkey cfa9f65026 Migrate emulated SD card to /storage/sdcard.
Bug: 6131916
Change-Id: Iab4d2a36b1dd979f7a9a0583d51dca3c5e38e681
2012-04-09 19:09:39 -07:00
Yuncheol Heo 2fc9fc7c8e Fix returning errno values which should be negative.
Change-Id: Id6464b127678ca1d9f4afa7c99fcfce361f4ad4a
2011-07-22 22:05:27 +09:00
Ken Sumrall ca1030ae42 am b26662c0: am c3e69903: am 97919656: Add support for the utime(2) family of system calls to the sdcard fuse filesystem.
* commit 'b26662c0a2876767b2c06cb740f07b1010f91548':
  Add support for the utime(2) family of system calls to the sdcard fuse filesystem.
2011-03-24 22:36:56 -07:00
Ken Sumrall 9791965680 Add support for the utime(2) family of system calls to the sdcard fuse filesystem.
Add support for the utime(2) family of system calls to change the modify
and access time of files.  Requires an updated bionic with support for
the utimensat(2) system call.

Change-Id: I8cc0c0e6671c5708849752f47e4c3d4be2858b61
2011-03-24 18:29:41 -07:00
Terry Heo (Woncheol) 8349cce829 Fix uninitialized variable bug in sdcard emulator
- Following members were not initialized in fuse_init().
  fuse->root.actual_name
  fuse->root.gen
- Initialize fuse->root with memset().

Change-Id: I4bce754ace608b526961f59049b2d780fd99756f
2011-03-16 13:10:08 +09:00
Mike Lockwood 75e17a8908 sdcard: Fix readdir implementation so rewinddir will work correctly
Fixes problem with "ls -R" in /mnt/sdcard

BUG: 3309556

Change-Id: Ie2246585439116de3cb40f4005f3b44a0439f54c
Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-01-25 17:22:47 -08:00
Mike Lockwood 575a2bbee3 sdcard: Remove lower case squashing of file names
sdcard daemon will now create new files and directories using
the actual name passed in by the client.
For existing files, sdcard will do case insensitive matching
when case sensitive lookup fails.

Change-Id: I89f995ea01beb2c63a9b36943dbcfaa16e7cd972
Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-01-23 16:20:28 -08:00
Mike Lockwood b94d320b1e sdcard: Fix lower case squashing for case insensitivity support.
The fuse layer in the kernel does not support case insensitive file systems.
But the sdcard daemon's fuse_lookup was returning the same file object for
different file names, which caused problems in the kernel fuse layer's dcache,
resulting in EBUSY errors if the same directory was opened twice under different
names differing only by case.

To fix this, the sdcard daemon will return different file objects for files or directories
that differ only by case. Now the squashing occurs only in the interaction between
the sdcard daemon and the underlying file system in /data/media, and sdcard maintains
the illusion for the kernel fuse layer that there are two separate files.

Example:  Suppose both /mnt/sdcard/foo.txt and /mnt/sdcard/FOO.TXT are opened.
Previously, the sdcard would squash this to a single node, and return the same
node to the kernel fuse implementation twice, and would open the underlying file
/data/media/foo.txt only once.   Now sdcard will create two separate nodes will open
/data/media/foo.txt twice, once for mnt/sdcard/foo.txt and again for /mnt/sdcard/FOO.TXT.

Change-Id: I70e36b7822142750d3eeeb75edd6464ec7c79f2a
Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-01-17 21:06:26 -08:00
Mike Lockwood 1bedb73f9f sdcard: Have the -f option fix user/group permissions as well as file name case
Change-Id: I280ded6ce79fb11752c89ebafa663d7ee29edebc
Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-01-13 13:38:42 -05:00
Mike Lockwood 4f35e623a2 sdcard: Add command line options for lowercase file name squashing:
-l   squash all file names to lower case when creating new files
-f   rename existing files to make them lower case

Change-Id: I3245deb690228cf577bdc9bd4b0fcf0306ea3e16
Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-01-12 17:29:02 -05:00
Mike Lockwood 51b3a2d77a sdcard: Force file names to lower case in order to provide case insensitivity
Change-Id: I2cdb12c7e296e1c28b66e32c7037dce060eecd67
Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-01-12 12:55:05 -05:00
Kenny Root 90749774ed Use pread64/pwrite64 instead of pread/pwrite
>2GB files were failing strangely when pread was used instead of
pread64. Also writing to files should use pwrite64 in case they grow
over 2GB.

Bug: 3205336
Change-Id: I0c9619de35680093d7777ca132ce488eae502216
2011-01-11 16:05:10 -08:00
Paul Eastham 77085c570e Fix refcounting in the rename case.
Change-Id: I59dbac8c92bda450e6d89f7f180241fd4b5bbae6
2011-01-04 21:06:03 -08:00
Paul Eastham 11ccdb3be6 Properly reflect RENAME ops in FUSE internal state
In response to a RENAME, we actually need to rename and move the virtual
node.  To support this, filenames are now allocated separately, as reallocing
the whole node to accommodate a longer filename would break the direct
mapping of fhs and inodes to fuse pointers.

Change-Id: I71e5a965f875dedc5f58f9d182156734b29ca179
2010-10-14 11:04:26 -07:00
Paul Eastham f43219e0b1 Partially implement SETATTR for sdcard/FUSE
Handle truncate cases within SETATTR so that truncate() and ftruncate() call
will work.

Change-Id: I5a9862dcaa6ca7b5e9115cb5d3bfed88787fa7ac
Signed-off-by: Paul Eastham <eastham@google.com>
2010-09-24 08:13:49 -07:00
Mike Lockwood fc1a13bfdd sdcard: Add support for the O_TRUNC open() flag
BUG: 2935163

Change-Id: I9f76b24147b2f87ddb7869bb72baac03e86ef7e6
Signed-off-by: Mike Lockwood <lockwood@android.com>
2010-08-20 10:30:15 -04:00
Mike Lockwood 4553b08d75 sdcard: Implement statfs, stat time values and change mount point to /mnt/sdcard
Change-Id: Iac2c4ec47af7d47d76a82916866ad36782caf25c
Signed-off-by: Mike Lockwood <lockwood@android.com>
2010-08-16 14:16:13 -04:00
Brian Swetland b14a2c6e34 fix up permissions
Change-Id: I93c828ebc755ad2a2055066c8af65dfde7dc7b2e
2010-08-12 18:22:23 -07:00
Brian Swetland 03ee9479a4 sdcard: a program to create a "virtual" /sdcard pointed at a path
sdcard is a program that uses FUSE to emulate FAT-on-sdcard style
directory permissions (all files are given fixed owner, group, and
permissions at creation, owner, group, and permissions are not
changeable, symlinks and hardlinks are not createable, etc.

usage: sdcard <path> <uid> <gid>

It must be run as root, but will change to uid/gid as soon as it
mounts a filesystem on /sdcard.  It will refuse to run if uid or
gid are zero.

Change-Id: I9a5d2e5daaebeee632f8470172cbb77b7fa689f8
Signed-off-by: Brian Swetland <swetland@google.com>
2010-08-12 18:01:08 -07:00