Bug: 11118565 Bug: 27915347 Bug: 27992761 Bug: 28024488 Bug: 30013843 Bug: 30954918 Bug: 34133558 Bug: 34262585 Bug: 34542611 Bug: 34691169 Bug: 34723223 Bug: 35307857 Bug: 35331000 Bug: 35633782 Bug: 35643557 Bug: 35666680 bug: 35766959 Bug: 35766959 Bug: 35848445 Bug: 36004503 Bug: 36007653 Bug: 36138424 Bug: 36160015 Bug: 37193650 Bug: 37231161 Bug: 37488099 Bug: 37516160 Bug: 38045152 Bug: 38117720 Bug: 38502532 Bug: 62390017 Bug: 63245673 Bug: 63260873 Bug: 63785372 Bug: 64672411 Bug: 70278506 Bug: 72007585 Bug: 73055997 Bug: 73287721 Bug: 75987238 Bug: 77923821 Bug: 78262592 Bug: 111641492 Bug: 111642636 Bug: 111860541 Bug: 120446149 Change-Id: Ic1e01e602ce335d97342be54f3da0c5c65c087cc Signed-off-by: Daniel Rosenberg <drosen@google.com> [astrachan: Folded the following changes into this patch: 903cea7ab0b2 ("ANDROID: Included sdcardfs source code for kernel 3.0") 612a725e3d97 ("ANDROID: Port of sdcardfs to 4.4") e4187c55208b ("ANDROID: Changed type-casting in packagelist management") cf76072a5cd8 ("ANDROID: sdcardfs: Bring up to date with Android M permissions:") a43aa502c608 ("ANDROID: sdcardfs: Add support for d_canonical_path") d8fefbf85af2 ("ANDROID: sdcardfs: remove effectless config option") 416677409336 ("ANDROID: sdcardfs: Remove unused code") 8e49a570d351 ("ANDROID: sdcardfs: remove unneeded __init and __exit") 40ee0e93f1d7 ("ANDROID: sdcardfs: Truncate packages_gid.list on overflow") b1d9602aa3fe ("ANDROID: sdcardfs: fix itnull.cocci warnings") 60a177f5a167 ("ANDROID: sdcardfs: override umask on mkdir and create") efb3d2695203 ("ANDROID: sdcardfs: Check for other cases on path lookup") 0da87f63666f ("ANDROID: sdcardfs: Fix locking for permission fix up") 75b93060655e ("ANDROID: sdcardfs: Switch package list to RCU") 657b0a00f497 ("ANDROID: sdcardfs: Added top to sdcardfs_inode_info") 5008d91cba25 ("ANDROID: sdcardfs: fix external storage exporting incorrect uid") e06c452d0d07 ("ANDROID: sdcardfs: Move directory unlock before touch") 72e5443a2816 ("ANDROID: sdcardfs: User new permission2 functions") ae8be7da556d ("ANDROID: sdcardfs: Add gid and mask to private mount data") 151a3efe57a6 ("ANDROID: sdcardfs: Use per mount permissions") cff865a370f3 ("ANDROID: sdcardfs: Switch ->d_inode to d_inode()") 065ac66804bf ("ANDROID: sdcardfs: Fix locking issue with permision fix up") 31ea603eb3c4 ("ANDROID: sdcardfs: use wrappers to access i_mutex") c25c2f5018a2 ("ANDROID: sdcardfs: add parent pointer into dentry name hash") 58616bb4ec68 ("ANDROID: sdcardfs: get rid of 'parent' argument of ->d_compare()") 1654d7ffdd20 ("ANDROID: sdcardfs: Propagate dentry down to inode_change_ok()") 39335cac1d2f ("ANDROID: sdcardfs: make it use new .rename i_op") 7622bb3fcc79 ("ANDROID: sdcardfs: eliminate the offset argument to ->direct_IO") 843bd7295ee0 ("ANDROID: sdcardfs: Allow non-owners to touch") e3d74804d174 ("ANDROID: sdcardfs: Refactor configfs interface") 5833eda87a72 ("ANDROID: sdcardfs: add support for user permission isolation") d83fb1f41dd4 ("ANDROID: sdcardfs: Remove redundant operation") 8767af17c0e5 ("ANDROID: sdcardfs: Add GID Derivation to sdcardfs") 7119d96ad3ee ("ANDROID: sdcardfs: switch to full_name_hash and qstr") 778e02a54859 ("ANDROID: sdcardfs: Switch strcasecmp for internal call") cd4965d04404 ("ANDROID: sdcardfs: Fix incorrect hash") 40a2ee053505 ("ANDROID: sdcardfs: Add missing path_put") da5342bac57a ("ANDROID: sdcardfs: Don't bother deleting freelist") c91857b01e05 ("ANDROID: sdcardfs: implement vm_ops->page_mkwrite") f62b3906044b ("ANDROID: sdcardfs: support direct-IO (DIO) operations") c2e216d36d63 ("ANDROID: sdcardfs: Fix case insensitive lookup") 57b92ab6f774 ("ANDROID: sdcardfs: rate limit warning print") 8534cee39a81 ("ANDROID: sdcardfs: Replace get/put with d_lock") 156085b2fccf ("ANDROID: sdcardfs: Use spin_lock_nested") 8a260cabac4e ("ANDROID: sdcardfs: Switch to internal case insensitive compare") a8d51569573c ("ANDROID: sdcardfs: Use d_invalidate instead of drop_recurisve") 932a6071de63 ("ANDROID: sdcardfs: Get the blocksize from the lower fs") 0ad4c0f87527 ("ANDROID: sdcardfs: declare MODULE_ALIAS_FS") b97c83b5b683 ("ANDROID: sdcardfs: Use case insensitive hash function") 9920dfb08265 ("ANDROID: sdcardfs: move path_put outside of spinlock") f9a25348b233 ("ANDROID: sdcardfs: Remove uninformative prints") 720d9030bea1 ("ANDROID: sdcardfs: Fix gid issue") 4cbb7fa6e66c ("ANDROID: sdcardfs: correct order of descriptors") 6cff6cc301ed ("ANDROID: sdcardfs: Fix formatting") ac2a40412e26 ("ANDROID: sdcardfs: Fix style issues with comments") 2212bb8ec064 ("ANDROID: sdcardfs: remove unneeded null check") 4c1a0add8d21 ("ANDROID: sdcardfs: Use pr_[...] instead of printk") 74535fe211ac ("ANDROID: sdcardfs: Use to kstrout") e6cf8dffd014 ("ANDROID: sdcardfs: Use seq_puts over seq_printf") 2b1ac93a90b6 ("ANDROID: sdcardfs: Fix style issues in macros") bab6d117426f ("ANDROID: sdcardfs: remove unnecessary call to do_munmap") 1c0bf09f19b6 ("ANDROID: sdcardfs: copy lower inode attributes in ->ioctl") 42f3db55942b ("ANDROID: sdcardfs: fix ->llseek to update upper and lower offset") 97ad6205055e ("ANDROID: sdcardfs: add read_iter/write_iter opeations") be9abc81332b ("ANDROID: sdcardfs: use d_splice_alias") 4e90114cb1b4 ("ANDROID: sdcardfs: update module info") 0e1f7ab14924 ("ANDROID: sdcardfs: Directly pass lower file for mmap") 28be4beb43f9 ("ANDROID: sdcardfs: Change cache GID value") 9fc2c452aefe ("ANDROID: sdcardfs: ->iget fixes") 9bb72cf15cbc ("ANDROID: sdcardfs: Don't do d_add for lower fs") 1bc21a04c11b ("ANDROID: sdcardfs: Don't complain in fixup_lower_ownership") 0fb5b10b28a9 ("ANDROID: sdcardfs: Use filesystem specific hash") 30e2f0aadce2 ("ANDROID: sdcardfs: Copy meta-data from lower inode") f748c7053194 ("ANDROID: sdcardfs: Avoid setting GIDs outside of valid ranges") 3d38f08bacdb ("ANDROID: sdcardfs: Call lower fs's revalidate") 2d1f1c203978 ("ANDROID: sdcardfs: Don't iput if we didn't igrab") 857fc5e717fc ("ANDROID: sdcardfs: fix sdcardfs_destroy_inode for the inode RCU approach") 4fceeccf1d23 ("ANDROID: sdcardfs: Move top to its own struct") f51470044a15 ("ANDROID: sdcardfs: Check for NULL in revalidate") 8c7f6c97ac81 ("ANDROID: sdcardfs: d_splice_alias can return error values") 17da01b37d61 ("ANDROID: sdcardfs: remove dead function open_flags_to_access_mode()") 16662dd604be ("ANDROID: sdcardfs: use mount_nodev and fix a issue in sdcardfs_kill_sb") 43c0dca6039a ("ANDROID: sdcardfs: Remove unnecessary lock") 48960c25cdc1 ("ANDROID: sdcardfs: override credential for ioctl to lower fs") 5d6410b9a88d ("ANDROID: Sdcardfs: Move gid derivation under flag") c7dd98431f83 ("ANDROID: sdcardfs: Add default_normal option") db9bf31a5d86 ("ANDROID: sdcardfs: port to 4.14") c70c9d1e82d2 ("ANDROID: sdcardfs: Use lower getattr times/size") 04e961477d62 ("ANDROID: sdcardfs: Protect set_top") 1ed04b79d281 ("ANDROID: sdcardfs: Hold i_mutex for i_size_write") 77f52fc10982 ("ANDROID: sdcardfs: Set num in extension_details during make_item") d71596efa247 ("ANDROID: sdcardfs: fix lock issue on 32 bit/SMP architectures") ee6b07fced4a ("ANDROID: sdcardfs: Fix sdcardfs to stop creating cases-sensitive duplicate entries.") ce12807d5b75 ("ANDROID: sdcardfs: Check for private data earlier") c080450304cd ("ANDROID: sdcardfs: d_make_root calls iput") 900e77796781 ("ANDROID: sdcardfs: Set s_root to NULL after putting") 49092e89ffa4 ("ANDROID: sdcardfs: Don't d_drop in d_revalidate") e1f978bc9b9c ("ANDROID: sdcardfs: fix potential crash when reserved_mb is not zero") faa148eaf8ed ("ANDROID: sdcardfs: Check stacked filesystem depth") 6edd721e972c ("ANDROID: sdcardfs: Don't use OVERRIDE_CRED macro") 11ca578b4336 ("ANDROID: sdcardfs: Change current->fs under lock") 83dea6ba6ea7 ("ANDROID: sdcardfs: Use inode iversion helpers") 12064f3a794e ("ANDROID: sdcardfs: Add option to drop unused dentries") d9fe221bbf84 ("ANDROID: sdcardfs: Add sandbox") f544ad0b1547 ("ANDROID: sdcardfs: Add option to not link obb")] Signed-off-by: Alistair Strachan <astrachan@google.com>
478 lines
13 KiB
C
478 lines
13 KiB
C
/*
|
|
* fs/sdcardfs/derived_perm.c
|
|
*
|
|
* Copyright (c) 2013 Samsung Electronics Co. Ltd
|
|
* Authors: Daeho Jeong, Woojoong Lee, Seunghwan Hyun,
|
|
* Sunghwan Yun, Sungjong Seo
|
|
*
|
|
* This program has been developed as a stackable file system based on
|
|
* the WrapFS which written by
|
|
*
|
|
* Copyright (c) 1998-2011 Erez Zadok
|
|
* Copyright (c) 2009 Shrikar Archak
|
|
* Copyright (c) 2003-2011 Stony Brook University
|
|
* Copyright (c) 2003-2011 The Research Foundation of SUNY
|
|
*
|
|
* This file is dual licensed. It may be redistributed and/or modified
|
|
* under the terms of the Apache 2.0 License OR version 2 of the GNU
|
|
* General Public License.
|
|
*/
|
|
|
|
#include "sdcardfs.h"
|
|
|
|
/* copy derived state from parent inode */
|
|
static void inherit_derived_state(struct inode *parent, struct inode *child)
|
|
{
|
|
struct sdcardfs_inode_info *pi = SDCARDFS_I(parent);
|
|
struct sdcardfs_inode_info *ci = SDCARDFS_I(child);
|
|
|
|
ci->data->perm = PERM_INHERIT;
|
|
ci->data->userid = pi->data->userid;
|
|
ci->data->d_uid = pi->data->d_uid;
|
|
ci->data->under_android = pi->data->under_android;
|
|
ci->data->under_cache = pi->data->under_cache;
|
|
ci->data->under_obb = pi->data->under_obb;
|
|
}
|
|
|
|
/* helper function for derived state */
|
|
void setup_derived_state(struct inode *inode, perm_t perm, userid_t userid,
|
|
uid_t uid)
|
|
{
|
|
struct sdcardfs_inode_info *info = SDCARDFS_I(inode);
|
|
|
|
info->data->perm = perm;
|
|
info->data->userid = userid;
|
|
info->data->d_uid = uid;
|
|
info->data->under_android = false;
|
|
info->data->under_cache = false;
|
|
info->data->under_obb = false;
|
|
}
|
|
|
|
/* While renaming, there is a point where we want the path from dentry,
|
|
* but the name from newdentry
|
|
*/
|
|
void get_derived_permission_new(struct dentry *parent, struct dentry *dentry,
|
|
const struct qstr *name)
|
|
{
|
|
struct sdcardfs_inode_info *info = SDCARDFS_I(d_inode(dentry));
|
|
struct sdcardfs_inode_info *parent_info = SDCARDFS_I(d_inode(parent));
|
|
struct sdcardfs_inode_data *parent_data = parent_info->data;
|
|
appid_t appid;
|
|
unsigned long user_num;
|
|
int err;
|
|
struct qstr q_Android = QSTR_LITERAL("Android");
|
|
struct qstr q_data = QSTR_LITERAL("data");
|
|
struct qstr q_sandbox = QSTR_LITERAL("sandbox");
|
|
struct qstr q_obb = QSTR_LITERAL("obb");
|
|
struct qstr q_media = QSTR_LITERAL("media");
|
|
struct qstr q_cache = QSTR_LITERAL("cache");
|
|
|
|
/* By default, each inode inherits from its parent.
|
|
* the properties are maintained on its private fields
|
|
* because the inode attributes will be modified with that of
|
|
* its lower inode.
|
|
* These values are used by our custom permission call instead
|
|
* of using the inode permissions.
|
|
*/
|
|
|
|
inherit_derived_state(d_inode(parent), d_inode(dentry));
|
|
|
|
/* Files don't get special labels */
|
|
if (!S_ISDIR(d_inode(dentry)->i_mode)) {
|
|
set_top(info, parent_info);
|
|
return;
|
|
}
|
|
/* Derive custom permissions based on parent and current node */
|
|
switch (parent_data->perm) {
|
|
case PERM_INHERIT:
|
|
case PERM_ANDROID_PACKAGE_CACHE:
|
|
set_top(info, parent_info);
|
|
break;
|
|
case PERM_PRE_ROOT:
|
|
/* Legacy internal layout places users at top level */
|
|
info->data->perm = PERM_ROOT;
|
|
err = kstrtoul(name->name, 10, &user_num);
|
|
if (err)
|
|
info->data->userid = 0;
|
|
else
|
|
info->data->userid = user_num;
|
|
break;
|
|
case PERM_ROOT:
|
|
/* Assume masked off by default. */
|
|
if (qstr_case_eq(name, &q_Android)) {
|
|
/* App-specific directories inside; let anyone traverse */
|
|
info->data->perm = PERM_ANDROID;
|
|
info->data->under_android = true;
|
|
} else {
|
|
set_top(info, parent_info);
|
|
}
|
|
break;
|
|
case PERM_ANDROID:
|
|
if (qstr_case_eq(name, &q_data)) {
|
|
/* App-specific directories inside; let anyone traverse */
|
|
info->data->perm = PERM_ANDROID_DATA;
|
|
} else if (qstr_case_eq(name, &q_sandbox)) {
|
|
/* App-specific directories inside; let anyone traverse */
|
|
info->data->perm = PERM_ANDROID_DATA;
|
|
} else if (qstr_case_eq(name, &q_obb)) {
|
|
/* App-specific directories inside; let anyone traverse */
|
|
info->data->perm = PERM_ANDROID_OBB;
|
|
info->data->under_obb = true;
|
|
/* Single OBB directory is always shared */
|
|
} else if (qstr_case_eq(name, &q_media)) {
|
|
/* App-specific directories inside; let anyone traverse */
|
|
info->data->perm = PERM_ANDROID_MEDIA;
|
|
} else {
|
|
set_top(info, parent_info);
|
|
}
|
|
break;
|
|
case PERM_ANDROID_OBB:
|
|
case PERM_ANDROID_DATA:
|
|
case PERM_ANDROID_MEDIA:
|
|
info->data->perm = PERM_ANDROID_PACKAGE;
|
|
appid = get_appid(name->name);
|
|
if (appid != 0 && !is_excluded(name->name, parent_data->userid))
|
|
info->data->d_uid =
|
|
multiuser_get_uid(parent_data->userid, appid);
|
|
break;
|
|
case PERM_ANDROID_PACKAGE:
|
|
if (qstr_case_eq(name, &q_cache)) {
|
|
info->data->perm = PERM_ANDROID_PACKAGE_CACHE;
|
|
info->data->under_cache = true;
|
|
}
|
|
set_top(info, parent_info);
|
|
break;
|
|
}
|
|
}
|
|
|
|
void get_derived_permission(struct dentry *parent, struct dentry *dentry)
|
|
{
|
|
get_derived_permission_new(parent, dentry, &dentry->d_name);
|
|
}
|
|
|
|
static appid_t get_type(const char *name)
|
|
{
|
|
const char *ext = strrchr(name, '.');
|
|
appid_t id;
|
|
|
|
if (ext && ext[0]) {
|
|
ext = &ext[1];
|
|
id = get_ext_gid(ext);
|
|
return id?:AID_MEDIA_RW;
|
|
}
|
|
return AID_MEDIA_RW;
|
|
}
|
|
|
|
void fixup_lower_ownership(struct dentry *dentry, const char *name)
|
|
{
|
|
struct path path;
|
|
struct inode *inode;
|
|
struct inode *delegated_inode = NULL;
|
|
int error;
|
|
struct sdcardfs_inode_info *info;
|
|
struct sdcardfs_inode_data *info_d;
|
|
struct sdcardfs_inode_data *info_top;
|
|
perm_t perm;
|
|
struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
|
|
uid_t uid = sbi->options.fs_low_uid;
|
|
gid_t gid = sbi->options.fs_low_gid;
|
|
struct iattr newattrs;
|
|
|
|
if (!sbi->options.gid_derivation)
|
|
return;
|
|
|
|
info = SDCARDFS_I(d_inode(dentry));
|
|
info_d = info->data;
|
|
perm = info_d->perm;
|
|
if (info_d->under_obb) {
|
|
perm = PERM_ANDROID_OBB;
|
|
} else if (info_d->under_cache) {
|
|
perm = PERM_ANDROID_PACKAGE_CACHE;
|
|
} else if (perm == PERM_INHERIT) {
|
|
info_top = top_data_get(info);
|
|
perm = info_top->perm;
|
|
data_put(info_top);
|
|
}
|
|
|
|
switch (perm) {
|
|
case PERM_ROOT:
|
|
case PERM_ANDROID:
|
|
case PERM_ANDROID_DATA:
|
|
case PERM_ANDROID_MEDIA:
|
|
case PERM_ANDROID_PACKAGE:
|
|
case PERM_ANDROID_PACKAGE_CACHE:
|
|
uid = multiuser_get_uid(info_d->userid, uid);
|
|
break;
|
|
case PERM_ANDROID_OBB:
|
|
uid = AID_MEDIA_OBB;
|
|
break;
|
|
case PERM_PRE_ROOT:
|
|
default:
|
|
break;
|
|
}
|
|
switch (perm) {
|
|
case PERM_ROOT:
|
|
case PERM_ANDROID:
|
|
case PERM_ANDROID_DATA:
|
|
case PERM_ANDROID_MEDIA:
|
|
if (S_ISDIR(d_inode(dentry)->i_mode))
|
|
gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
|
|
else
|
|
gid = multiuser_get_uid(info_d->userid, get_type(name));
|
|
break;
|
|
case PERM_ANDROID_OBB:
|
|
gid = AID_MEDIA_OBB;
|
|
break;
|
|
case PERM_ANDROID_PACKAGE:
|
|
if (uid_is_app(info_d->d_uid))
|
|
gid = multiuser_get_ext_gid(info_d->d_uid);
|
|
else
|
|
gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
|
|
break;
|
|
case PERM_ANDROID_PACKAGE_CACHE:
|
|
if (uid_is_app(info_d->d_uid))
|
|
gid = multiuser_get_ext_cache_gid(info_d->d_uid);
|
|
else
|
|
gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
|
|
break;
|
|
case PERM_PRE_ROOT:
|
|
default:
|
|
break;
|
|
}
|
|
|
|
sdcardfs_get_lower_path(dentry, &path);
|
|
inode = d_inode(path.dentry);
|
|
if (d_inode(path.dentry)->i_gid.val != gid || d_inode(path.dentry)->i_uid.val != uid) {
|
|
retry_deleg:
|
|
newattrs.ia_valid = ATTR_GID | ATTR_UID | ATTR_FORCE;
|
|
newattrs.ia_uid = make_kuid(current_user_ns(), uid);
|
|
newattrs.ia_gid = make_kgid(current_user_ns(), gid);
|
|
if (!S_ISDIR(inode->i_mode))
|
|
newattrs.ia_valid |=
|
|
ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
|
|
inode_lock(inode);
|
|
error = security_path_chown(&path, newattrs.ia_uid, newattrs.ia_gid);
|
|
if (!error)
|
|
error = notify_change2(path.mnt, path.dentry, &newattrs, &delegated_inode);
|
|
inode_unlock(inode);
|
|
if (delegated_inode) {
|
|
error = break_deleg_wait(&delegated_inode);
|
|
if (!error)
|
|
goto retry_deleg;
|
|
}
|
|
if (error)
|
|
pr_debug("sdcardfs: Failed to touch up lower fs gid/uid for %s\n", name);
|
|
}
|
|
sdcardfs_put_lower_path(dentry, &path);
|
|
}
|
|
|
|
static int descendant_may_need_fixup(struct sdcardfs_inode_data *data,
|
|
struct limit_search *limit)
|
|
{
|
|
if (data->perm == PERM_ROOT)
|
|
return (limit->flags & BY_USERID) ?
|
|
data->userid == limit->userid : 1;
|
|
if (data->perm == PERM_PRE_ROOT || data->perm == PERM_ANDROID)
|
|
return 1;
|
|
return 0;
|
|
}
|
|
|
|
static int needs_fixup(perm_t perm)
|
|
{
|
|
if (perm == PERM_ANDROID_DATA || perm == PERM_ANDROID_OBB
|
|
|| perm == PERM_ANDROID_MEDIA)
|
|
return 1;
|
|
return 0;
|
|
}
|
|
|
|
static void __fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit, int depth)
|
|
{
|
|
struct dentry *child;
|
|
struct sdcardfs_inode_info *info;
|
|
|
|
/*
|
|
* All paths will terminate their recursion on hitting PERM_ANDROID_OBB,
|
|
* PERM_ANDROID_MEDIA, or PERM_ANDROID_DATA. This happens at a depth of
|
|
* at most 3.
|
|
*/
|
|
WARN(depth > 3, "%s: Max expected depth exceeded!\n", __func__);
|
|
spin_lock_nested(&dentry->d_lock, depth);
|
|
if (!d_inode(dentry)) {
|
|
spin_unlock(&dentry->d_lock);
|
|
return;
|
|
}
|
|
info = SDCARDFS_I(d_inode(dentry));
|
|
|
|
if (needs_fixup(info->data->perm)) {
|
|
list_for_each_entry(child, &dentry->d_subdirs, d_child) {
|
|
spin_lock_nested(&child->d_lock, depth + 1);
|
|
if (!(limit->flags & BY_NAME) || qstr_case_eq(&child->d_name, &limit->name)) {
|
|
if (d_inode(child)) {
|
|
get_derived_permission(dentry, child);
|
|
fixup_tmp_permissions(d_inode(child));
|
|
spin_unlock(&child->d_lock);
|
|
break;
|
|
}
|
|
}
|
|
spin_unlock(&child->d_lock);
|
|
}
|
|
} else if (descendant_may_need_fixup(info->data, limit)) {
|
|
list_for_each_entry(child, &dentry->d_subdirs, d_child) {
|
|
__fixup_perms_recursive(child, limit, depth + 1);
|
|
}
|
|
}
|
|
spin_unlock(&dentry->d_lock);
|
|
}
|
|
|
|
void fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit)
|
|
{
|
|
__fixup_perms_recursive(dentry, limit, 0);
|
|
}
|
|
|
|
/* main function for updating derived permission */
|
|
inline void update_derived_permission_lock(struct dentry *dentry)
|
|
{
|
|
struct dentry *parent;
|
|
|
|
if (!dentry || !d_inode(dentry)) {
|
|
pr_err("sdcardfs: %s: invalid dentry\n", __func__);
|
|
return;
|
|
}
|
|
/* FIXME:
|
|
* 1. need to check whether the dentry is updated or not
|
|
* 2. remove the root dentry update
|
|
*/
|
|
if (!IS_ROOT(dentry)) {
|
|
parent = dget_parent(dentry);
|
|
if (parent) {
|
|
get_derived_permission(parent, dentry);
|
|
dput(parent);
|
|
}
|
|
}
|
|
fixup_tmp_permissions(d_inode(dentry));
|
|
}
|
|
|
|
int need_graft_path(struct dentry *dentry)
|
|
{
|
|
int ret = 0;
|
|
struct dentry *parent = dget_parent(dentry);
|
|
struct sdcardfs_inode_info *parent_info = SDCARDFS_I(d_inode(parent));
|
|
struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
|
|
struct qstr obb = QSTR_LITERAL("obb");
|
|
|
|
if (!sbi->options.unshared_obb &&
|
|
parent_info->data->perm == PERM_ANDROID &&
|
|
qstr_case_eq(&dentry->d_name, &obb)) {
|
|
|
|
/* /Android/obb is the base obbpath of DERIVED_UNIFIED */
|
|
if (!(sbi->options.multiuser == false
|
|
&& parent_info->data->userid == 0)) {
|
|
ret = 1;
|
|
}
|
|
}
|
|
dput(parent);
|
|
return ret;
|
|
}
|
|
|
|
int is_obbpath_invalid(struct dentry *dent)
|
|
{
|
|
int ret = 0;
|
|
struct sdcardfs_dentry_info *di = SDCARDFS_D(dent);
|
|
struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dent->d_sb);
|
|
char *path_buf, *obbpath_s;
|
|
int need_put = 0;
|
|
struct path lower_path;
|
|
|
|
/* check the base obbpath has been changed.
|
|
* this routine can check an uninitialized obb dentry as well.
|
|
* regarding the uninitialized obb, refer to the sdcardfs_mkdir()
|
|
*/
|
|
spin_lock(&di->lock);
|
|
if (di->orig_path.dentry) {
|
|
if (!di->lower_path.dentry) {
|
|
ret = 1;
|
|
} else {
|
|
path_get(&di->lower_path);
|
|
|
|
path_buf = kmalloc(PATH_MAX, GFP_ATOMIC);
|
|
if (!path_buf) {
|
|
ret = 1;
|
|
pr_err("sdcardfs: fail to allocate path_buf in %s.\n", __func__);
|
|
} else {
|
|
obbpath_s = d_path(&di->lower_path, path_buf, PATH_MAX);
|
|
if (d_unhashed(di->lower_path.dentry) ||
|
|
!str_case_eq(sbi->obbpath_s, obbpath_s)) {
|
|
ret = 1;
|
|
}
|
|
kfree(path_buf);
|
|
}
|
|
|
|
pathcpy(&lower_path, &di->lower_path);
|
|
need_put = 1;
|
|
}
|
|
}
|
|
spin_unlock(&di->lock);
|
|
if (need_put)
|
|
path_put(&lower_path);
|
|
return ret;
|
|
}
|
|
|
|
int is_base_obbpath(struct dentry *dentry)
|
|
{
|
|
int ret = 0;
|
|
struct dentry *parent = dget_parent(dentry);
|
|
struct sdcardfs_inode_info *parent_info = SDCARDFS_I(d_inode(parent));
|
|
struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
|
|
struct qstr q_obb = QSTR_LITERAL("obb");
|
|
|
|
spin_lock(&SDCARDFS_D(dentry)->lock);
|
|
if (sbi->options.multiuser) {
|
|
if (parent_info->data->perm == PERM_PRE_ROOT &&
|
|
qstr_case_eq(&dentry->d_name, &q_obb)) {
|
|
ret = 1;
|
|
}
|
|
} else if (parent_info->data->perm == PERM_ANDROID &&
|
|
qstr_case_eq(&dentry->d_name, &q_obb)) {
|
|
ret = 1;
|
|
}
|
|
spin_unlock(&SDCARDFS_D(dentry)->lock);
|
|
return ret;
|
|
}
|
|
|
|
/* The lower_path will be stored to the dentry's orig_path
|
|
* and the base obbpath will be copyed to the lower_path variable.
|
|
* if an error returned, there's no change in the lower_path
|
|
* returns: -ERRNO if error (0: no error)
|
|
*/
|
|
int setup_obb_dentry(struct dentry *dentry, struct path *lower_path)
|
|
{
|
|
int err = 0;
|
|
struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
|
|
struct path obbpath;
|
|
|
|
/* A local obb dentry must have its own orig_path to support rmdir
|
|
* and mkdir of itself. Usually, we expect that the sbi->obbpath
|
|
* is avaiable on this stage.
|
|
*/
|
|
sdcardfs_set_orig_path(dentry, lower_path);
|
|
|
|
err = kern_path(sbi->obbpath_s,
|
|
LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &obbpath);
|
|
|
|
if (!err) {
|
|
/* the obbpath base has been found */
|
|
pathcpy(lower_path, &obbpath);
|
|
} else {
|
|
/* if the sbi->obbpath is not available, we can optionally
|
|
* setup the lower_path with its orig_path.
|
|
* but, the current implementation just returns an error
|
|
* because the sdcard daemon also regards this case as
|
|
* a lookup fail.
|
|
*/
|
|
pr_info("sdcardfs: the sbi->obbpath is not available\n");
|
|
}
|
|
return err;
|
|
}
|
|
|
|
|