Commit Graph

133 Commits

Author SHA1 Message Date
Daniel Rosenberg 9526819c70 sdcard: Fix bad merge
A few changes got dropped along merge resolution. This adds them back

Affected CLs:
Ie188cb044be2ad87166f2d43c32a1f6b97660de0
Ibdb72ad16a1e6c3a01edcb03d003c42de7a03cd6

Change-Id: I1924f5a4bd7564ceaf9bb3a45b7fb7804b3619d7
2016-08-31 00:04:22 +00:00
Jorge Lucangeli Obes 8df46540b4 Fix one last use of TRACE().
Bug: 30222003
Change-Id: I3d0a29cb92e83416eb6851b54cb72886da4f7cf2
(cherry picked from commit a65f3e1a1f)
2016-07-29 22:02:41 +00:00
Jorge Lucangeli Obes 60b896c438 Merge \"Fix sdcard logging.\"
am: 47b077a44f

Change-Id: Ib0a0b5083d09d60bd0ee42bebcecced05b3645e5
2016-07-27 01:31:20 +00:00
Jorge Lucangeli Obes e157b253d4 Fix sdcard logging.
Use C++ logging for everything.

Bug: 30222003
Change-Id: I5c5d85102b01df6965a515b59aa275ac85f50f00
2016-07-26 16:52:48 -04:00
Jorge Lucangeli Obes e629ced86a resolve merge conflicts of c6e22ba to stage-aosp-master
Change-Id: I65550ff841d27f985a3ab8618ecdf4a3500fb0be
2016-07-21 23:14:46 -04:00
Jorge Lucangeli Obes 714ec9d1de sdcard: Fix compilation with FUSE_TRACE == 1.
"PRI{u,x}64" was not compiling on C++ because of macro expansions.
Implement DLOG the same way DCHECK is implemented in
<android-base/logging.h>, and mechanically replace the problematic
lines with C++ logging. Remaining TRACE() lines will be replaced in a
follow-up CL.

Bug: 30222003

Change-Id: I377a91722eb4c035093fc96b79438c4f638b9a45
2016-07-21 17:11:47 -04:00
Jorge Lucangeli Obes 0d039c4c44 Merge \"sdcard: Use std::map.\"
am: c15ab6e2c6

Change-Id: Icacd305ffdf501ce6d7a6bbdd73d5f245575d804
2016-07-20 02:11:47 +00:00
Jorge Lucangeli Obes d6d8faa690 sdcard: Use std::map.
Having CaseInsensitiveCompare use strcasecomp is not ideal, but other
solutions are not prettier.

Also, add a TODO to fix FUSE_TRACE, broken by the switch to C++.

Bug: 27147273

Change-Id: I0017c3a7d0254eb81abd128b97cd06c5ad0d1dff
2016-07-19 17:01:15 -04:00
Jorge Lucangeli Obes 3ab30ecf4c Merge \"Use arraysize() for supplementary groups.\"
am: ddbcecec3a

Change-Id: Ia8405d8bc181b1cdbf1f0812c0dbe8f7701747ef
2016-07-18 20:06:19 +00:00
Jorge Lucangeli Obes bae15b4f46 Use arraysize() for supplementary groups.
Also make adbd use ScopedMinijail.

Bug: 30191189
Change-Id: I5e259aa466817b51037912aba043ba75bd35f9e1
2016-07-18 13:46:42 -04:00
Jorge Lucangeli Obes fe4f764e75 Merge \"Use Minijail for privilege dropping.\"
am: 97f49e5cb3

Change-Id: I032ea3fcdac1a16bf36d43731b8533214264fee2
2016-07-18 16:06:38 +00:00
Jorge Lucangeli Obes c96f53e2fe Use Minijail for privilege dropping.
Having so many copies of privilege-dropping code leads to errors.
De-duplicate this code and use Minijail for it.

Bug: 30156807

Change-Id: I36c85962b913a12efe5648a23cbacc5bcbb3853c
2016-07-15 10:16:59 -04:00
Jorge Lucangeli Obes da4bc7484f Merge \"Convert fuse.c to C++.\"
am: a17427cb1e

Change-Id: Ie112f67f724e511b6c8ffabd0db04f3e017132cc
2016-07-14 19:47:37 +00:00
Jorge Lucangeli Obes 29b874de70 Merge \"Use C++ logging in sdcard.cpp.\"
am: 2703425de8

Change-Id: I90103d0521bd2cd4de3710adf3bc6013721cb6f9
2016-07-14 19:47:36 +00:00
Treehugger Robot a17427cb1e Merge "Convert fuse.c to C++." 2016-07-14 19:42:32 +00:00
Jorge Lucangeli Obes c9e1710acc Use C++ logging in sdcard.cpp.
This gets rid of a bunch of "strerror(errno)" bits.
Will convert fuse.cpp after
https://android-review.googlesource.com/#/c/247780 lands.

Bug: 30110940

Change-Id: Iacefe5b6519b217ed687c709763fe5827b3b0b59
2016-07-14 10:06:34 -04:00
Jorge Lucangeli Obes f08ba05581 Convert fuse.c to C++.
Fix string literals and cast void* appropriately. Alternatively, we
could switch some of the allocations to new/delete, but we would need
to make sure that none of those end up passed to other code that will
call free(3) on them.

Bug: 30110940
Change-Id: I6f39df65cd960930530e5a1f8420a28d50adc25d
2016-07-14 10:03:22 -04:00
Jorge Lucangeli Obes dba909bd9e resolve merge conflicts of 1b9b273 to stage-aosp-master
Change-Id: I12a541cb698d1df866b8be4dc1e35cb99e6f1e64
2016-07-13 15:23:45 -04:00
Jorge Lucangeli Obes c255f25ccb Extract the FUSE implementation from the main sdcard.c file.
sdcard.c is a *really* big file. This makes it hard to do things like
improving priv dropping or adding more sandboxing. Extract all
FUSE-related code to a separate unit, fuse.{h|c}, which exports only
two functions. Convert the rest of sdcard.c to C++ as sdcard.cpp.
fuse.c is kept as C (at least for now) since interacting with the FUSE
API is realistically easier from C.

Bug: 30110940

Change-Id: I188bfdc21c184742117e07539adb09090d4d747c
2016-07-13 10:57:29 -04:00
Nick Kralevich 478c557145 Merge "enable integer sanitizer for sdcard service" am: 532ab82e10
am: 2f67f4687b

* commit '2f67f4687b94bcead719d504ea4f77571ae84b3b':
  enable integer sanitizer for sdcard service

Change-Id: Ib54476445c01a1f5bd6234aec66c7019939a3858
2016-05-06 17:10:38 +00:00
Daniel Micay 83c0c7b2ab enable integer sanitizer for sdcard service
The previous false positive fix (df9c4a01) is enough to pass tests, and
it doesn't appear that there are any remaining issues.

Change-Id: Ib9812f1201ff0cd2ae8c8371737754fc328765b5
2016-05-05 16:03:32 -04:00
Daniel Rosenberg d4f91171bd Add support for FUSE_CANONICAL_PATH
am: 2abee9e

* commit '2abee9e063d1549fb006853b27f378c7d22192af':
  Add support for FUSE_CANONICAL_PATH

Change-Id: I47a41bc0b5b3a013e59932cbf66ae6852e15b1c3
2016-04-26 23:05:23 +00:00
Treehugger Robot e307f769f1 Merge "sdcard: avoid benign unsigned overflow" am: 64461c2
am: 182b310

* commit '182b310b1de5654a93c21417c77722897b93882d':
  sdcard: avoid benign unsigned overflow

Change-Id: I14e80911060bb609de5b91a4c56315cd701857f9
2016-04-26 17:19:46 +00:00
Daniel Micay df9c4a0166 sdcard: avoid benign unsigned overflow
Change-Id: Id9427b4e01602bba31f8958b8d491b092b31482b
2016-04-26 12:08:46 -04:00
Daniel Rosenberg 2abee9e063 Add support for FUSE_CANONICAL_PATH
This allows inotify requests on FUSE to be alerted when any
other stacked filesystem would trigger an inotify for the
same file.

Bug: 23904372
Change-Id: I4289b38230c314432eaf2c0d20d4ccefc058f59e
2016-04-25 20:42:57 -07:00
Daniel Rosenberg 2a9dc6581f Merge "Fix overflow in path building" into nyc-dev
am: c414027

* commit 'c414027e927fa025877afd53b27886b6c3b19cfd':
  Fix overflow in path building

Change-Id: I6e2692539738d81055cc49a183a34261074e5e68
2016-04-13 18:39:06 +00:00
Daniel Rosenberg db4638ee30 Fix overflow in path building
An incorrect size was causing an unsigned value
to wrap, causing it to write past the end of
the buffer.

Bug: 28085658
Change-Id: Ie9625c729cca024d514ba2880ff97209d435a165
2016-04-12 16:38:41 -07:00
Jeff Sharkey 0762e99064 Give users and devices control over sdcardfs.
am: 20ca983

* commit '20ca9836b9a780c41a22850f478a29f29677553e':
  Give users and devices control over sdcardfs.

Change-Id: I0144b346157952f79fdde5100f0fdc01daa58d9b
2016-04-07 18:05:28 +00:00
Jeff Sharkey 20ca9836b9 Give users and devices control over sdcardfs.
Instead of relying only on kernel support for sdcardfs, give each
device the ability to quickly toggle between sdcardfs and FUSE.  Also
add the ability to users to explicitly enable/disable the behavior
for testing and debugging purposes.

Bug: 27991427
Change-Id: Ie188cb044be2ad87166f2d43c32a1f6b97660de0
2016-04-07 11:05:22 -06:00
Daniel Rosenberg 298cb9a1e9 Merge "Revert "Revert "sdcard: Support sdcardfs""" into nyc-dev
am: 71f6b95

* commit '71f6b9569c2c707d061b96e48021b4be617e40a4':
  Revert "Revert "sdcard: Support sdcardfs""

Change-Id: I37880f88c21bec8a0dcd4ff8e93ea0986f0b8475
2016-03-31 22:47:30 +00:00
Daniel Rosenberg 3aa261c05a Revert "Revert "sdcard: Support sdcardfs""
Issue resolved by commit
6855c48093e109c92df39340a8355a3be2540b8e
"Skip mounting sdcardfs in core mode."

This reverts commit f8fccd2f5a.

Bug: 27932087
Change-Id: Ibdb72ad16a1e6c3a01edcb03d003c42de7a03cd6
2016-03-31 22:01:41 +00:00
Mark Salyzyn 35b004a56d Merge "Revert "sdcard: Support sdcardfs"" into nyc-dev
am: 6267d70

* commit '6267d70b2646e020c09439944bebc6aff1d7d652':
  Revert "sdcard: Support sdcardfs"

Change-Id: Iab8254f8cbbf54c29857dcf51911a208eab02115
2016-03-31 16:15:59 +00:00
Mark Salyzyn f8fccd2f5a Revert "sdcard: Support sdcardfs"
This reverts commit 2bd0efa89c.

Bug: 27932087
Change-Id: Ie27f17c1f283514b90ce9da0c895b528d87e5f47
2016-03-31 16:03:22 +00:00
Daniel Rosenberg 65c8f0b9e6 Merge "sdcard: Support sdcardfs" into nyc-dev
am: a775e62

* commit 'a775e6269308db9c56a8b53b85e7bfbb739b2221':
  sdcard: Support sdcardfs
2016-03-17 22:02:23 +00:00
Daniel Rosenberg 2bd0efa89c sdcard: Support sdcardfs
Add ability to use sdcardfs if kernel support is found.
In the future, we will likely remove the fuse components
entirely, but for now, just use sdcardfs when possible.

Bug: 19160983
Change-Id: I35e4d6cb5976c00c6f87ff7fc478ba9f9d212c05
Signed-off-by: Daniel Rosenberg <drosen@google.com>
2016-03-16 15:58:24 -07:00
Bill Yi 4409f1446c Merge commit '4352ee87fd74b931d4b58192fb8974e91aa899d0' into HEAD 2016-02-17 11:37:00 -08:00
Dimitry Ivanov 3042d6d040 Add dependency on liblog
Bug: http://b/27171986
Change-Id: I4af3b4b9f17972327b926ad9ee0d03672d1d4a64
2016-02-12 14:56:40 -08:00
Thierry Strudel 234a846ac8 Merge "[DO NOT MERGE] Use FUSE_SHORTCIRCUIT if available" into mnc-dr1.5-dev am: b84295d027
am: bbaa2b296a

* commit 'bbaa2b296ad836e9d6511549661884d94b53ccee':
  [DO NOT MERGE] Use FUSE_SHORTCIRCUIT if available
2016-01-14 00:52:50 +00:00
Thierry Strudel ac5175f9a6 [DO NOT MERGE] Use FUSE_SHORTCIRCUIT if available
Use a non yet maintainer reviewed kernel patch from QCOM that greatly
improves IO speed in case it is available from the device specific
kernel headers.

Bug: 24216004
Change-Id: I4101d80082c9ad9d042dde5c620ddb309d193d52
2016-01-13 15:11:35 -08:00
Jeff Sharkey f7aad11c1c Re-derive permissions after package changes.
When packages change, existing package-specific directories may have
gained/lost a UID mapping, so we need to update the permissions for
any in-memory nodes.

This allows an app to deliver data for another package before that
package is installed, which is the typical pattern of how OBB files
are delivered.

Also fix bug by re-deriving permissions when files are moved.

Bug: 25399427
Change-Id: I06f38a24ad7dee5f5099ba81429aef03208e5683
2015-12-16 13:20:53 -07:00
Jeff Sharkey 22b912628e Re-derive permissions after package changes.
When packages change, existing package-specific directories may have
gained/lost a UID mapping, so we need to update the permissions for
any in-memory nodes.

This allows an app to deliver data for another package before that
package is installed, which is the typical pattern of how OBB files
are delivered.

Also fix bug by re-deriving permissions when files are moved.

Bug: 25399427
Change-Id: I06f38a24ad7dee5f5099ba81429aef03208e5683
2015-12-16 13:08:29 -07:00
Jeff Sharkey fe76461944 Re-derive permissions after package changes.
When packages change, existing package-specific directories may have
gained/lost a UID mapping, so we need to update the permissions for
any in-memory nodes.

This allows an app to deliver data for another package before that
package is installed, which is the typical pattern of how OBB files
are delivered.

Also fix bug by re-deriving permissions when files are moved.

Bug: 25399427
Change-Id: I06f38a24ad7dee5f5099ba81429aef03208e5683
2015-12-14 15:38:24 -07:00
William Roberts e509980542 sdcard: use libpackageparser
Switch from the internal packages.list file parser
implementation to a common parser library.

See Change-Id: I87a406802f95d8e7bfd8ee85f723f80e9e6b6c0c
for all of the details.

Change-Id: I98924dce406b322e0d402bca7fdac51f6a1e6a4b
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2015-10-22 22:52:35 +00:00
Jeff Sharkey fdf1487493 resolved conflicts for merge of b9f438ff to mnc-dev-plus-aosp
Change-Id: I7103bacb1b2d7dc29b4f8d9dddb2fec1feb869d3
2015-08-06 12:52:25 -07:00
Jeff Sharkey b9f438ff84 Protect runtime storage mount points.
We have a bunch of magic that mounts the correct view of storage
access based on the runtime permissions of an app, but we forgot to
protect the real underlying data sources; oops.

This series of changes just bumps the directory heirarchy one level
to give us /mnt/runtime which we can mask off as 0700 to prevent
people from jumping to the exposed internals.

Also add CTS tests to verify that we're protecting access to
internal mount points like this.

Bug: 22964288
Change-Id: I32068e63a3362b37e8ebca1418f900bb8537b498
2015-08-06 11:45:31 -07:00
Jeff Sharkey e01761998b am d57125af: Merge "Give secondary users read-only physical cards." into mnc-dev
* commit 'd57125af1a81f34b162ecd5de81e6f1365aff588':
  Give secondary users read-only physical cards.
2015-07-29 04:04:33 +00:00
Elliott Hughes b6bfa337e5 am 07bed194: am 87998c07: Merge "Move sdcard off PAGESIZE and onto PAGE_SIZE."
* commit '07bed1941f902c1d65a410e49d33882e0da7b5ed':
  Move sdcard off PAGESIZE and onto PAGE_SIZE.
2015-07-29 00:17:17 +00:00
Elliott Hughes e24e9a5091 Move sdcard off PAGESIZE and onto PAGE_SIZE.
Only sdcard is using PAGESIZE, and glibc doesn't have it.

Bug: http://b/22735893
Change-Id: Ib8af14a2e99d98881a79f21ad1a695499c7d74bd
2015-07-28 16:36:47 -07:00
Jeff Sharkey 10a239b971 Give secondary users read-only physical cards.
Long ago, we mounted secondary physical cards as readable by all
users on the device, which enabled the use-case of loading media on
a card and viewing it from all users.

More recently, we started giving write access to these secondary
physical cards, but this created a one-directional channel for
communication across user boundaries; something that CDD disallows.

This change is designed to give us the best of both worlds: the
package-specific directories are writable for the user that mounted
the card, but access to those "Android" directories are blocked for
all other users.  Other users remain able to read content elsewhere
on the card.

Bug: 22787184
Change-Id: I4a04a1a857a65becf5fd37d775d927af022b40ca
2015-07-28 14:42:21 -07:00
Jeff Sharkey ed2fe57c25 Use single tree for multiple storage views.
Instead of having each view build and maintain its own tree
representing the underlying storage, switch to building a single tree
that each view augments with GID/mode specific behavior.

This has the nice property of a single file always having the same
node ID when presented across multiple views, giving us a firm handle
that we can use to invalidate kernel caches.

Specifically, when a file is deleted through one view, we now tell
the kernel to invalidate that file in the other two views.

Bug: 22477678, 22375891
Change-Id: I3ff041d549d41040839cde9773504719a508219f
2015-07-16 15:30:45 -07:00