A few changes got dropped along merge resolution. This adds them back
Affected CLs:
Ie188cb044be2ad87166f2d43c32a1f6b97660de0
Ibdb72ad16a1e6c3a01edcb03d003c42de7a03cd6
Change-Id: I1924f5a4bd7564ceaf9bb3a45b7fb7804b3619d7
"PRI{u,x}64" was not compiling on C++ because of macro expansions.
Implement DLOG the same way DCHECK is implemented in
<android-base/logging.h>, and mechanically replace the problematic
lines with C++ logging. Remaining TRACE() lines will be replaced in a
follow-up CL.
Bug: 30222003
Change-Id: I377a91722eb4c035093fc96b79438c4f638b9a45
Having CaseInsensitiveCompare use strcasecomp is not ideal, but other
solutions are not prettier.
Also, add a TODO to fix FUSE_TRACE, broken by the switch to C++.
Bug: 27147273
Change-Id: I0017c3a7d0254eb81abd128b97cd06c5ad0d1dff
Having so many copies of privilege-dropping code leads to errors.
De-duplicate this code and use Minijail for it.
Bug: 30156807
Change-Id: I36c85962b913a12efe5648a23cbacc5bcbb3853c
This gets rid of a bunch of "strerror(errno)" bits.
Will convert fuse.cpp after
https://android-review.googlesource.com/#/c/247780 lands.
Bug: 30110940
Change-Id: Iacefe5b6519b217ed687c709763fe5827b3b0b59
Fix string literals and cast void* appropriately. Alternatively, we
could switch some of the allocations to new/delete, but we would need
to make sure that none of those end up passed to other code that will
call free(3) on them.
Bug: 30110940
Change-Id: I6f39df65cd960930530e5a1f8420a28d50adc25d
sdcard.c is a *really* big file. This makes it hard to do things like
improving priv dropping or adding more sandboxing. Extract all
FUSE-related code to a separate unit, fuse.{h|c}, which exports only
two functions. Convert the rest of sdcard.c to C++ as sdcard.cpp.
fuse.c is kept as C (at least for now) since interacting with the FUSE
API is realistically easier from C.
Bug: 30110940
Change-Id: I188bfdc21c184742117e07539adb09090d4d747c
The previous false positive fix (df9c4a01) is enough to pass tests, and
it doesn't appear that there are any remaining issues.
Change-Id: Ib9812f1201ff0cd2ae8c8371737754fc328765b5
This allows inotify requests on FUSE to be alerted when any
other stacked filesystem would trigger an inotify for the
same file.
Bug: 23904372
Change-Id: I4289b38230c314432eaf2c0d20d4ccefc058f59e
An incorrect size was causing an unsigned value
to wrap, causing it to write past the end of
the buffer.
Bug: 28085658
Change-Id: Ie9625c729cca024d514ba2880ff97209d435a165
am: 20ca983
* commit '20ca9836b9a780c41a22850f478a29f29677553e':
Give users and devices control over sdcardfs.
Change-Id: I0144b346157952f79fdde5100f0fdc01daa58d9b
Instead of relying only on kernel support for sdcardfs, give each
device the ability to quickly toggle between sdcardfs and FUSE. Also
add the ability to users to explicitly enable/disable the behavior
for testing and debugging purposes.
Bug: 27991427
Change-Id: Ie188cb044be2ad87166f2d43c32a1f6b97660de0
Add ability to use sdcardfs if kernel support is found.
In the future, we will likely remove the fuse components
entirely, but for now, just use sdcardfs when possible.
Bug: 19160983
Change-Id: I35e4d6cb5976c00c6f87ff7fc478ba9f9d212c05
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Use a non yet maintainer reviewed kernel patch from QCOM that greatly
improves IO speed in case it is available from the device specific
kernel headers.
Bug: 24216004
Change-Id: I4101d80082c9ad9d042dde5c620ddb309d193d52
When packages change, existing package-specific directories may have
gained/lost a UID mapping, so we need to update the permissions for
any in-memory nodes.
This allows an app to deliver data for another package before that
package is installed, which is the typical pattern of how OBB files
are delivered.
Also fix bug by re-deriving permissions when files are moved.
Bug: 25399427
Change-Id: I06f38a24ad7dee5f5099ba81429aef03208e5683
When packages change, existing package-specific directories may have
gained/lost a UID mapping, so we need to update the permissions for
any in-memory nodes.
This allows an app to deliver data for another package before that
package is installed, which is the typical pattern of how OBB files
are delivered.
Also fix bug by re-deriving permissions when files are moved.
Bug: 25399427
Change-Id: I06f38a24ad7dee5f5099ba81429aef03208e5683
When packages change, existing package-specific directories may have
gained/lost a UID mapping, so we need to update the permissions for
any in-memory nodes.
This allows an app to deliver data for another package before that
package is installed, which is the typical pattern of how OBB files
are delivered.
Also fix bug by re-deriving permissions when files are moved.
Bug: 25399427
Change-Id: I06f38a24ad7dee5f5099ba81429aef03208e5683
Switch from the internal packages.list file parser
implementation to a common parser library.
See Change-Id: I87a406802f95d8e7bfd8ee85f723f80e9e6b6c0c
for all of the details.
Change-Id: I98924dce406b322e0d402bca7fdac51f6a1e6a4b
Signed-off-by: William Roberts <william.c.roberts@intel.com>
We have a bunch of magic that mounts the correct view of storage
access based on the runtime permissions of an app, but we forgot to
protect the real underlying data sources; oops.
This series of changes just bumps the directory heirarchy one level
to give us /mnt/runtime which we can mask off as 0700 to prevent
people from jumping to the exposed internals.
Also add CTS tests to verify that we're protecting access to
internal mount points like this.
Bug: 22964288
Change-Id: I32068e63a3362b37e8ebca1418f900bb8537b498
Long ago, we mounted secondary physical cards as readable by all
users on the device, which enabled the use-case of loading media on
a card and viewing it from all users.
More recently, we started giving write access to these secondary
physical cards, but this created a one-directional channel for
communication across user boundaries; something that CDD disallows.
This change is designed to give us the best of both worlds: the
package-specific directories are writable for the user that mounted
the card, but access to those "Android" directories are blocked for
all other users. Other users remain able to read content elsewhere
on the card.
Bug: 22787184
Change-Id: I4a04a1a857a65becf5fd37d775d927af022b40ca
Instead of having each view build and maintain its own tree
representing the underlying storage, switch to building a single tree
that each view augments with GID/mode specific behavior.
This has the nice property of a single file always having the same
node ID when presented across multiple views, giving us a firm handle
that we can use to invalidate kernel caches.
Specifically, when a file is deleted through one view, we now tell
the kernel to invalidate that file in the other two views.
Bug: 22477678, 22375891
Change-Id: I3ff041d549d41040839cde9773504719a508219f