2015-04-01 16:42:01 +02:00
|
|
|
/*
|
|
|
|
|
* Copyright (C) 2007 The Android Open Source Project
|
|
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
2017-11-10 19:22:07 +01:00
|
|
|
#include <private/fs_config.h>
|
|
|
|
|
|
2017-05-02 17:56:15 +02:00
|
|
|
// This file is used to define the properties of the filesystem
|
|
|
|
|
// images generated by build tools (mkbootfs and mkyaffs2image) and
|
|
|
|
|
// by the device side of adb.
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2015-04-01 18:24:22 +02:00
|
|
|
#define LOG_TAG "fs_config"
|
|
|
|
|
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <fcntl.h>
|
2019-02-02 16:34:29 +01:00
|
|
|
#include <fnmatch.h>
|
2015-04-01 16:42:01 +02:00
|
|
|
#include <stdint.h>
|
2015-04-01 18:24:22 +02:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
2015-04-01 16:42:01 +02:00
|
|
|
#include <string.h>
|
|
|
|
|
#include <sys/stat.h>
|
2015-04-01 18:24:22 +02:00
|
|
|
#include <sys/types.h>
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2019-02-02 16:34:29 +01:00
|
|
|
#include <string>
|
|
|
|
|
|
|
|
|
|
#include <android-base/strings.h>
|
2021-03-08 19:50:59 +01:00
|
|
|
#include <cutils/fs.h>
|
2017-01-10 22:19:54 +01:00
|
|
|
#include <log/log.h>
|
2015-04-01 16:42:01 +02:00
|
|
|
#include <private/android_filesystem_config.h>
|
|
|
|
|
|
2019-06-17 23:19:39 +02:00
|
|
|
#include "fs_config.h"
|
|
|
|
|
|
2019-02-02 16:34:29 +01:00
|
|
|
using android::base::EndsWith;
|
|
|
|
|
using android::base::StartsWith;
|
|
|
|
|
|
2017-03-20 16:15:40 +01:00
|
|
|
#define ALIGN(x, alignment) (((x) + ((alignment)-1)) & ~((alignment)-1))
|
2019-06-17 23:19:39 +02:00
|
|
|
#define CAP_MASK_LONG(cap_name) (1ULL << (cap_name))
|
2015-04-01 20:02:00 +02:00
|
|
|
|
2017-05-02 17:56:15 +02:00
|
|
|
// Rules for directories.
|
|
|
|
|
// These rules are applied based on "first match", so they
|
|
|
|
|
// should start with the most specific path and work their
|
|
|
|
|
// way up to the root.
|
2015-04-01 16:42:01 +02:00
|
|
|
|
|
|
|
|
static const struct fs_path_config android_dirs[] = {
|
Set bin directories to 0751
Currently, /system/bin, /system/xbin, /product/bin, and /vendor/bin
are 0755, which allows any process to iterate through those
directories and list out the contents. For the vast majority of
processes, this is unnecessary. They only need to know whether a
particular binary exists or doesn't exist, but they don't need to
know the other binaries within those directories.
Allowing this is particularly problematic for SELinux. In particular,
some third party Android applications try to examine every file in
the bin directories, generating SELinux audit noise along the
way. This audit noise makes it harder to see real bugs, and falsely
implies an architectural dependency between the application and random
files in directories like /system/bin.
This change removes the ability to list the contents of the various bin
directories, preventing random probing by such apps. The ability to
execute files, or to probe a specific file by name, remain unchanged.
Addresses SELinux denials similar to the following:
avc: denied { getattr } for comm="Thread-11" path="/system/bin/atrace" dev="dm-0" ino=189 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=uk.co.santander.santanderUK
avc: denied { getattr } for comm="Binder:26637_2" path="/system/bin/atrace" dev="dm-0" ino=168 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=com.tencent.mm
avc: denied { getattr } for comm="Thread-12" path="/system/bin/apexd" dev="dm-0" ino=451 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:apexd_exec:s0 tclass=file permissive=1 app=com.grppl.android.shell.CMBlloydsTSB73
Shell access to these directories continues to be allowed, to allow for
host-side CTS tests.
Also adjust the indentation of some clang directives, to make the
presubmit hooks happy.
Test: Device boots and no apparent problems.
Change-Id: Ibe75682fac1983d39f3f479a5850ab5a96f6627d
2018-11-11 17:39:20 +01:00
|
|
|
// clang-format off
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00770, AID_SYSTEM, AID_CACHE, 0, "cache" },
|
2018-02-07 19:55:56 +01:00
|
|
|
{ 00555, AID_ROOT, AID_ROOT, 0, "config" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app" },
|
|
|
|
|
{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private" },
|
|
|
|
|
{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app-ephemeral" },
|
|
|
|
|
{ 00771, AID_ROOT, AID_ROOT, 0, "data/dalvik-cache" },
|
|
|
|
|
{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/data" },
|
|
|
|
|
{ 00771, AID_SHELL, AID_SHELL, 0, "data/local/tmp" },
|
|
|
|
|
{ 00771, AID_SHELL, AID_SHELL, 0, "data/local" },
|
|
|
|
|
{ 00770, AID_DHCP, AID_DHCP, 0, "data/misc/dhcp" },
|
2015-04-01 16:42:01 +02:00
|
|
|
{ 00771, AID_SHARED_RELRO, AID_SHARED_RELRO, 0, "data/misc/shared_relro" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 01771, AID_SYSTEM, AID_MISC, 0, "data/misc" },
|
|
|
|
|
{ 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/Music" },
|
|
|
|
|
{ 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media" },
|
|
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest" },
|
|
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest64" },
|
2019-10-10 08:27:11 +02:00
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "data/benchmarktest" },
|
|
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "data/benchmarktest64" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00775, AID_ROOT, AID_ROOT, 0, "data/preloads" },
|
|
|
|
|
{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data" },
|
|
|
|
|
{ 00755, AID_ROOT, AID_SYSTEM, 0, "mnt" },
|
Set bin directories to 0751
Currently, /system/bin, /system/xbin, /product/bin, and /vendor/bin
are 0755, which allows any process to iterate through those
directories and list out the contents. For the vast majority of
processes, this is unnecessary. They only need to know whether a
particular binary exists or doesn't exist, but they don't need to
know the other binaries within those directories.
Allowing this is particularly problematic for SELinux. In particular,
some third party Android applications try to examine every file in
the bin directories, generating SELinux audit noise along the
way. This audit noise makes it harder to see real bugs, and falsely
implies an architectural dependency between the application and random
files in directories like /system/bin.
This change removes the ability to list the contents of the various bin
directories, preventing random probing by such apps. The ability to
execute files, or to probe a specific file by name, remain unchanged.
Addresses SELinux denials similar to the following:
avc: denied { getattr } for comm="Thread-11" path="/system/bin/atrace" dev="dm-0" ino=189 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=uk.co.santander.santanderUK
avc: denied { getattr } for comm="Binder:26637_2" path="/system/bin/atrace" dev="dm-0" ino=168 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=com.tencent.mm
avc: denied { getattr } for comm="Thread-12" path="/system/bin/apexd" dev="dm-0" ino=451 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:apexd_exec:s0 tclass=file permissive=1 app=com.grppl.android.shell.CMBlloydsTSB73
Shell access to these directories continues to be allowed, to allow for
host-side CTS tests.
Also adjust the indentation of some clang directives, to make the
presubmit hooks happy.
Test: Device boots and no apparent problems.
Change-Id: Ibe75682fac1983d39f3f479a5850ab5a96f6627d
2018-11-11 17:39:20 +01:00
|
|
|
{ 00751, AID_ROOT, AID_SHELL, 0, "product/bin" },
|
2020-09-21 12:37:05 +02:00
|
|
|
{ 00751, AID_ROOT, AID_SHELL, 0, "product/apex/*/bin" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00777, AID_ROOT, AID_ROOT, 0, "sdcard" },
|
|
|
|
|
{ 00751, AID_ROOT, AID_SDCARD_R, 0, "storage" },
|
2023-04-11 08:08:32 +02:00
|
|
|
{ 00750, AID_ROOT, AID_SYSTEM, 0, "system/apex/com.android.tethering/bin/for-system" },
|
2019-04-02 17:54:17 +02:00
|
|
|
{ 00751, AID_ROOT, AID_SHELL, 0, "system/bin" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00755, AID_ROOT, AID_ROOT, 0, "system/etc/ppp" },
|
|
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/vendor" },
|
2020-07-20 17:14:55 +02:00
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "system/xbin" },
|
2019-09-11 03:54:28 +02:00
|
|
|
{ 00751, AID_ROOT, AID_SHELL, 0, "system/apex/*/bin" },
|
2023-04-18 23:08:12 +02:00
|
|
|
{ 00750, AID_ROOT, AID_SYSTEM, 0, "system_ext/apex/com.android.tethering/bin/for-system" },
|
2019-11-07 07:41:48 +01:00
|
|
|
{ 00751, AID_ROOT, AID_SHELL, 0, "system_ext/bin" },
|
2019-12-19 19:54:57 +01:00
|
|
|
{ 00751, AID_ROOT, AID_SHELL, 0, "system_ext/apex/*/bin" },
|
Set bin directories to 0751
Currently, /system/bin, /system/xbin, /product/bin, and /vendor/bin
are 0755, which allows any process to iterate through those
directories and list out the contents. For the vast majority of
processes, this is unnecessary. They only need to know whether a
particular binary exists or doesn't exist, but they don't need to
know the other binaries within those directories.
Allowing this is particularly problematic for SELinux. In particular,
some third party Android applications try to examine every file in
the bin directories, generating SELinux audit noise along the
way. This audit noise makes it harder to see real bugs, and falsely
implies an architectural dependency between the application and random
files in directories like /system/bin.
This change removes the ability to list the contents of the various bin
directories, preventing random probing by such apps. The ability to
execute files, or to probe a specific file by name, remain unchanged.
Addresses SELinux denials similar to the following:
avc: denied { getattr } for comm="Thread-11" path="/system/bin/atrace" dev="dm-0" ino=189 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=uk.co.santander.santanderUK
avc: denied { getattr } for comm="Binder:26637_2" path="/system/bin/atrace" dev="dm-0" ino=168 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=com.tencent.mm
avc: denied { getattr } for comm="Thread-12" path="/system/bin/apexd" dev="dm-0" ino=451 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:apexd_exec:s0 tclass=file permissive=1 app=com.grppl.android.shell.CMBlloydsTSB73
Shell access to these directories continues to be allowed, to allow for
host-side CTS tests.
Also adjust the indentation of some clang directives, to make the
presubmit hooks happy.
Test: Device boots and no apparent problems.
Change-Id: Ibe75682fac1983d39f3f479a5850ab5a96f6627d
2018-11-11 17:39:20 +01:00
|
|
|
{ 00751, AID_ROOT, AID_SHELL, 0, "vendor/bin" },
|
2020-09-21 12:37:05 +02:00
|
|
|
{ 00751, AID_ROOT, AID_SHELL, 0, "vendor/apex/*/bin" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "vendor" },
|
adb: Do not use fs_config unless we are root (try 3).
This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
When pushing to a directory that does not have an explicit
fs_config, such as /data/local/tmp or /tmp, use the original
file mode. Because adb copies u permissions into g and o
(and in general because the umask on the host may have
made these files world writable), this requires adding more
fs_config entries to cover directories that may contain dex files
i.e. /{odm,product,system,system_ext,vendor}/{framework,app,priv-app}
to avoid hitting a SecurityException caused by writable dex files, e.g.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: FATAL EXCEPTION: main
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: Process: android.test.app.system_priv, PID: 4815
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: java.lang.SecurityException: Writable dex file '/system/priv-app/loadlibrarytest_system_priv_app/loadlibrarytest_system_priv_app.apk' is not allowed.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFileNative(Native Method)
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFile(DexFile.java:406)
Bug: 171233429
Bug: 311263616
Change-Id: I18f70095c793d08a25ff59e1851f6dc7648ce4dc
2024-02-28 04:37:41 +01:00
|
|
|
{},
|
Set bin directories to 0751
Currently, /system/bin, /system/xbin, /product/bin, and /vendor/bin
are 0755, which allows any process to iterate through those
directories and list out the contents. For the vast majority of
processes, this is unnecessary. They only need to know whether a
particular binary exists or doesn't exist, but they don't need to
know the other binaries within those directories.
Allowing this is particularly problematic for SELinux. In particular,
some third party Android applications try to examine every file in
the bin directories, generating SELinux audit noise along the
way. This audit noise makes it harder to see real bugs, and falsely
implies an architectural dependency between the application and random
files in directories like /system/bin.
This change removes the ability to list the contents of the various bin
directories, preventing random probing by such apps. The ability to
execute files, or to probe a specific file by name, remain unchanged.
Addresses SELinux denials similar to the following:
avc: denied { getattr } for comm="Thread-11" path="/system/bin/atrace" dev="dm-0" ino=189 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=uk.co.santander.santanderUK
avc: denied { getattr } for comm="Binder:26637_2" path="/system/bin/atrace" dev="dm-0" ino=168 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=com.tencent.mm
avc: denied { getattr } for comm="Thread-12" path="/system/bin/apexd" dev="dm-0" ino=451 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:apexd_exec:s0 tclass=file permissive=1 app=com.grppl.android.shell.CMBlloydsTSB73
Shell access to these directories continues to be allowed, to allow for
host-side CTS tests.
Also adjust the indentation of some clang directives, to make the
presubmit hooks happy.
Test: Device boots and no apparent problems.
Change-Id: Ibe75682fac1983d39f3f479a5850ab5a96f6627d
2018-11-11 17:39:20 +01:00
|
|
|
// clang-format on
|
2015-04-01 16:42:01 +02:00
|
|
|
};
|
2017-05-02 17:56:15 +02:00
|
|
|
#ifndef __ANDROID_VNDK__
|
|
|
|
|
auto __for_testing_only__android_dirs = android_dirs;
|
|
|
|
|
#endif
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2017-05-02 17:56:15 +02:00
|
|
|
// Rules for files.
|
|
|
|
|
// These rules are applied based on "first match", so they
|
|
|
|
|
// should start with the most specific path and work their
|
|
|
|
|
// way up to the root. Prefixes ending in * denotes wildcard
|
|
|
|
|
// and will allow partial matches.
|
2017-03-20 16:15:40 +01:00
|
|
|
static const char sys_conf_dir[] = "/system/etc/fs_config_dirs";
|
|
|
|
|
static const char sys_conf_file[] = "/system/etc/fs_config_files";
|
2017-05-02 17:56:15 +02:00
|
|
|
// No restrictions are placed on the vendor and oem file-system config files,
|
|
|
|
|
// although the developer is advised to restrict the scope to the /vendor or
|
|
|
|
|
// oem/ file-system since the intent is to provide support for customized
|
|
|
|
|
// portions of a separate vendor.img or oem.img. Has to remain open so that
|
2018-11-19 20:17:35 +01:00
|
|
|
// customization can also land on /system/vendor, /system/oem, /system/odm,
|
2019-06-28 07:28:00 +02:00
|
|
|
// /system/product or /system/system_ext.
|
2018-11-19 20:17:35 +01:00
|
|
|
//
|
2017-05-02 17:56:15 +02:00
|
|
|
// We expect build-time checking or filtering when constructing the associated
|
|
|
|
|
// fs_config_* files (see build/tools/fs_config/fs_config_generate.c)
|
2017-03-20 16:15:40 +01:00
|
|
|
static const char ven_conf_dir[] = "/vendor/etc/fs_config_dirs";
|
|
|
|
|
static const char ven_conf_file[] = "/vendor/etc/fs_config_files";
|
2017-03-21 16:09:52 +01:00
|
|
|
static const char oem_conf_dir[] = "/oem/etc/fs_config_dirs";
|
|
|
|
|
static const char oem_conf_file[] = "/oem/etc/fs_config_files";
|
2017-03-22 23:23:24 +01:00
|
|
|
static const char odm_conf_dir[] = "/odm/etc/fs_config_dirs";
|
|
|
|
|
static const char odm_conf_file[] = "/odm/etc/fs_config_files";
|
2018-11-19 20:17:35 +01:00
|
|
|
static const char product_conf_dir[] = "/product/etc/fs_config_dirs";
|
|
|
|
|
static const char product_conf_file[] = "/product/etc/fs_config_files";
|
2019-06-28 07:28:00 +02:00
|
|
|
static const char system_ext_conf_dir[] = "/system_ext/etc/fs_config_dirs";
|
|
|
|
|
static const char system_ext_conf_file[] = "/system_ext/etc/fs_config_files";
|
2017-03-20 16:15:40 +01:00
|
|
|
static const char* conf[][2] = {
|
2019-06-28 07:28:00 +02:00
|
|
|
{sys_conf_file, sys_conf_dir}, {ven_conf_file, ven_conf_dir},
|
|
|
|
|
{oem_conf_file, oem_conf_dir}, {odm_conf_file, odm_conf_dir},
|
|
|
|
|
{product_conf_file, product_conf_dir}, {system_ext_conf_file, system_ext_conf_dir},
|
2017-03-20 16:15:40 +01:00
|
|
|
};
|
2015-04-01 18:24:22 +02:00
|
|
|
|
2018-03-28 22:25:11 +02:00
|
|
|
// Do not use android_files to grant Linux capabilities. Use ambient capabilities in their
|
|
|
|
|
// associated init.rc file instead. See https://source.android.com/devices/tech/config/ambient.
|
|
|
|
|
|
|
|
|
|
// Do not place any new vendor/, data/vendor/, etc entries in android_files.
|
|
|
|
|
// Vendor entries should be done via a vendor or device specific config.fs.
|
|
|
|
|
// See https://source.android.com/devices/tech/config/filesystem#using-file-system-capabilities
|
2015-04-01 16:42:01 +02:00
|
|
|
static const struct fs_path_config android_files[] = {
|
2018-05-25 17:07:19 +02:00
|
|
|
// clang-format off
|
2015-04-01 16:42:01 +02:00
|
|
|
{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app/*" },
|
2015-11-24 00:24:13 +01:00
|
|
|
{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-ephemeral/*" },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private/*" },
|
2015-04-01 16:42:01 +02:00
|
|
|
{ 00644, AID_APP, AID_APP, 0, "data/data/*" },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00644, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/*" },
|
2015-11-15 03:25:31 +01:00
|
|
|
{ 00640, AID_ROOT, AID_SHELL, 0, "data/nativetest/tests.txt" },
|
|
|
|
|
{ 00640, AID_ROOT, AID_SHELL, 0, "data/nativetest64/tests.txt" },
|
2015-10-28 23:52:37 +01:00
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest/*" },
|
|
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest64/*" },
|
2019-10-10 08:27:11 +02:00
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "data/benchmarktest/*" },
|
|
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "data/benchmarktest64/*" },
|
2017-06-02 12:59:46 +02:00
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "default.prop" }, // legacy
|
|
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "system/etc/prop.default" },
|
2019-05-17 09:40:18 +02:00
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "odm/build.prop" }, // legacy; only for P release
|
|
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "odm/default.prop" }, // legacy; only for P release
|
|
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "odm/etc/build.prop" },
|
2017-03-22 23:23:24 +01:00
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, odm_conf_dir + 1 },
|
|
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, odm_conf_file + 1 },
|
2017-03-21 16:09:52 +01:00
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, oem_conf_dir + 1 },
|
|
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, oem_conf_file + 1 },
|
2017-11-28 04:10:10 +01:00
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "product/build.prop" },
|
2018-11-19 20:17:35 +01:00
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, product_conf_dir + 1 },
|
|
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, product_conf_file + 1 },
|
2019-06-28 07:28:00 +02:00
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "system_ext/build.prop" },
|
|
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, system_ext_conf_dir + 1 },
|
|
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, system_ext_conf_file + 1 },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/crash_dump32" },
|
|
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/crash_dump64" },
|
|
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/debuggerd" },
|
2018-06-09 00:00:40 +02:00
|
|
|
{ 00550, AID_LOGD, AID_LOGD, 0, "system/bin/logd" },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00700, AID_ROOT, AID_ROOT, 0, "system/bin/secilc" },
|
|
|
|
|
{ 00750, AID_ROOT, AID_ROOT, 0, "system/bin/uncrypt" },
|
2017-05-25 13:18:17 +02:00
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "system/build.prop" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, sys_conf_dir + 1 },
|
|
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, sys_conf_file + 1 },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00440, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.rc" },
|
|
|
|
|
{ 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.sh" },
|
|
|
|
|
{ 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.ril" },
|
|
|
|
|
{ 00555, AID_ROOT, AID_ROOT, 0, "system/etc/ppp/*" },
|
|
|
|
|
{ 00555, AID_ROOT, AID_ROOT, 0, "system/etc/rc.*" },
|
Moving recovery resources from /system to /vendor
This change is part of a topic that moves the recovery resources from the
system partition to the vendor partition, if it exists, or the vendor directory
on the system partition otherwise. The recovery resources are moving from the
system image to the vendor partition so that a single system image may be used
with either an A/B or a non-A/B vendor image. The topic removes a delta in the
system image that prevented such reuse in the past.
The recovery resources that are moving are involved with updating the recovery
partition after an update. In a non-A/B configuration, the system boots from
the recovery partition, updates the other partitions (system, vendor, etc.)
Then, the next time the system boots normally, a script updates the recovery
partition (if necessary). This script, the executables it invokes, and the data
files that it uses were previously on the system partition. The resources that
are moving include the following.
* install-recovery.sh
* applypatch
* recovery-resource.dat (if present)
* recovery-from-boot.p (if present)
This change moves the recovery resources to vendor in libcutils/fs_config.cpp
and removes the flash_recovery service from rootdir/init.rc. This service moved
to a vendor init.rc file in bootable/recovery/applypatch.
Bug: 68319577
Test: Ensure that recovery partition is updated correctly.
Change-Id: I492f7989ea8042912e9d0e0eadeaa351affbee13
2019-09-18 01:30:37 +02:00
|
|
|
{ 00750, AID_ROOT, AID_ROOT, 0, "vendor/bin/install-recovery.sh" },
|
2017-05-25 13:18:17 +02:00
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "vendor/build.prop" },
|
|
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "vendor/default.prop" },
|
Moving recovery resources from /system to /vendor
This change is part of a topic that moves the recovery resources from the
system partition to the vendor partition, if it exists, or the vendor directory
on the system partition otherwise. The recovery resources are moving from the
system image to the vendor partition so that a single system image may be used
with either an A/B or a non-A/B vendor image. The topic removes a delta in the
system image that prevented such reuse in the past.
The recovery resources that are moving are involved with updating the recovery
partition after an update. In a non-A/B configuration, the system boots from
the recovery partition, updates the other partitions (system, vendor, etc.)
Then, the next time the system boots normally, a script updates the recovery
partition (if necessary). This script, the executables it invokes, and the data
files that it uses were previously on the system partition. The resources that
are moving include the following.
* install-recovery.sh
* applypatch
* recovery-resource.dat (if present)
* recovery-from-boot.p (if present)
This change moves the recovery resources to vendor in libcutils/fs_config.cpp
and removes the flash_recovery service from rootdir/init.rc. This service moved
to a vendor init.rc file in bootable/recovery/applypatch.
Bug: 68319577
Test: Ensure that recovery partition is updated correctly.
Change-Id: I492f7989ea8042912e9d0e0eadeaa351affbee13
2019-09-18 01:30:37 +02:00
|
|
|
{ 00440, AID_ROOT, AID_ROOT, 0, "vendor/etc/recovery.img" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, ven_conf_dir + 1 },
|
|
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, ven_conf_file + 1 },
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2017-05-02 17:56:15 +02:00
|
|
|
// the following two files are INTENTIONALLY set-uid, but they
|
|
|
|
|
// are NOT included on user builds.
|
2015-04-01 16:42:01 +02:00
|
|
|
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2017-05-02 17:56:15 +02:00
|
|
|
// the following files have enhanced capabilities and ARE included
|
|
|
|
|
// in user builds.
|
2023-04-11 08:08:32 +02:00
|
|
|
{ 06755, AID_CLAT, AID_CLAT, 0, "system/apex/com.android.tethering/bin/for-system/clatd" },
|
2023-04-18 23:08:12 +02:00
|
|
|
{ 06755, AID_CLAT, AID_CLAT, 0, "system_ext/apex/com.android.tethering/bin/for-system/clatd" },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00700, AID_SYSTEM, AID_SHELL, CAP_MASK_LONG(CAP_BLOCK_SUSPEND),
|
|
|
|
|
"system/bin/inputflinger" },
|
2016-10-28 21:41:17 +02:00
|
|
|
{ 00750, AID_ROOT, AID_SHELL, CAP_MASK_LONG(CAP_SETUID) |
|
|
|
|
|
CAP_MASK_LONG(CAP_SETGID),
|
|
|
|
|
"system/bin/run-as" },
|
2019-01-09 01:31:56 +01:00
|
|
|
{ 00750, AID_ROOT, AID_SHELL, CAP_MASK_LONG(CAP_SETUID) |
|
|
|
|
|
CAP_MASK_LONG(CAP_SETGID),
|
|
|
|
|
"system/bin/simpleperf_app_runner" },
|
2020-01-23 01:44:55 +01:00
|
|
|
{ 00755, AID_ROOT, AID_ROOT, 0, "first_stage_ramdisk/system/bin/e2fsck" },
|
2020-11-20 00:20:44 +01:00
|
|
|
#ifdef __LP64__
|
|
|
|
|
{ 00755, AID_ROOT, AID_ROOT, 0, "first_stage_ramdisk/system/bin/linker64" },
|
|
|
|
|
#else
|
|
|
|
|
{ 00755, AID_ROOT, AID_ROOT, 0, "first_stage_ramdisk/system/bin/linker" },
|
|
|
|
|
#endif
|
2020-02-12 21:27:33 +01:00
|
|
|
{ 00755, AID_ROOT, AID_ROOT, 0, "first_stage_ramdisk/system/bin/resize2fs" },
|
2020-07-08 22:31:37 +02:00
|
|
|
{ 00755, AID_ROOT, AID_ROOT, 0, "first_stage_ramdisk/system/bin/snapuserd" },
|
2023-07-31 14:00:43 +02:00
|
|
|
{ 00755, AID_ROOT, AID_ROOT, 0, "first_stage_ramdisk/system/bin/snapuserd_ramdisk" },
|
2020-11-20 00:20:44 +01:00
|
|
|
{ 00755, AID_ROOT, AID_ROOT, 0, "first_stage_ramdisk/system/bin/tune2fs" },
|
2021-12-30 00:11:00 +01:00
|
|
|
{ 00755, AID_ROOT, AID_ROOT, 0, "first_stage_ramdisk/system/bin/fsck.f2fs" },
|
2017-05-02 17:56:15 +02:00
|
|
|
// generic defaults
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00755, AID_ROOT, AID_ROOT, 0, "bin/*" },
|
|
|
|
|
{ 00640, AID_ROOT, AID_SHELL, 0, "fstab.*" },
|
|
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "init*" },
|
2019-05-03 10:48:17 +02:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "odm/bin/*" },
|
adb: Do not use fs_config unless we are root (try 3).
This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
When pushing to a directory that does not have an explicit
fs_config, such as /data/local/tmp or /tmp, use the original
file mode. Because adb copies u permissions into g and o
(and in general because the umask on the host may have
made these files world writable), this requires adding more
fs_config entries to cover directories that may contain dex files
i.e. /{odm,product,system,system_ext,vendor}/{framework,app,priv-app}
to avoid hitting a SecurityException caused by writable dex files, e.g.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: FATAL EXCEPTION: main
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: Process: android.test.app.system_priv, PID: 4815
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: java.lang.SecurityException: Writable dex file '/system/priv-app/loadlibrarytest_system_priv_app/loadlibrarytest_system_priv_app.apk' is not allowed.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFileNative(Native Method)
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFile(DexFile.java:406)
Bug: 171233429
Bug: 311263616
Change-Id: I18f70095c793d08a25ff59e1851f6dc7648ce4dc
2024-02-28 04:37:41 +01:00
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "odm/framework/*" },
|
|
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "odm/app/*" },
|
|
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "odm/priv-app/*" },
|
2018-05-31 06:03:58 +02:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "product/bin/*" },
|
2020-09-21 12:37:05 +02:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "product/apex/*bin/*" },
|
adb: Do not use fs_config unless we are root (try 3).
This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
When pushing to a directory that does not have an explicit
fs_config, such as /data/local/tmp or /tmp, use the original
file mode. Because adb copies u permissions into g and o
(and in general because the umask on the host may have
made these files world writable), this requires adding more
fs_config entries to cover directories that may contain dex files
i.e. /{odm,product,system,system_ext,vendor}/{framework,app,priv-app}
to avoid hitting a SecurityException caused by writable dex files, e.g.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: FATAL EXCEPTION: main
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: Process: android.test.app.system_priv, PID: 4815
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: java.lang.SecurityException: Writable dex file '/system/priv-app/loadlibrarytest_system_priv_app/loadlibrarytest_system_priv_app.apk' is not allowed.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFileNative(Native Method)
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFile(DexFile.java:406)
Bug: 171233429
Bug: 311263616
Change-Id: I18f70095c793d08a25ff59e1851f6dc7648ce4dc
2024-02-28 04:37:41 +01:00
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "product/framework/*" },
|
|
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "product/app/*" },
|
|
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "product/priv-app/*" },
|
2015-04-01 16:42:01 +02:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/*" },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/xbin/*" },
|
2019-02-08 18:58:12 +01:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/apex/*/bin/*" },
|
adb: Do not use fs_config unless we are root (try 3).
This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
When pushing to a directory that does not have an explicit
fs_config, such as /data/local/tmp or /tmp, use the original
file mode. Because adb copies u permissions into g and o
(and in general because the umask on the host may have
made these files world writable), this requires adding more
fs_config entries to cover directories that may contain dex files
i.e. /{odm,product,system,system_ext,vendor}/{framework,app,priv-app}
to avoid hitting a SecurityException caused by writable dex files, e.g.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: FATAL EXCEPTION: main
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: Process: android.test.app.system_priv, PID: 4815
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: java.lang.SecurityException: Writable dex file '/system/priv-app/loadlibrarytest_system_priv_app/loadlibrarytest_system_priv_app.apk' is not allowed.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFileNative(Native Method)
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFile(DexFile.java:406)
Bug: 171233429
Bug: 311263616
Change-Id: I18f70095c793d08a25ff59e1851f6dc7648ce4dc
2024-02-28 04:37:41 +01:00
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "system/framework/*" },
|
|
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "system/app/*" },
|
|
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "system/priv-app/*" },
|
2019-11-07 07:41:48 +01:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system_ext/bin/*" },
|
2019-12-19 19:54:57 +01:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system_ext/apex/*/bin/*" },
|
adb: Do not use fs_config unless we are root (try 3).
This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
When pushing to a directory that does not have an explicit
fs_config, such as /data/local/tmp or /tmp, use the original
file mode. Because adb copies u permissions into g and o
(and in general because the umask on the host may have
made these files world writable), this requires adding more
fs_config entries to cover directories that may contain dex files
i.e. /{odm,product,system,system_ext,vendor}/{framework,app,priv-app}
to avoid hitting a SecurityException caused by writable dex files, e.g.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: FATAL EXCEPTION: main
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: Process: android.test.app.system_priv, PID: 4815
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: java.lang.SecurityException: Writable dex file '/system/priv-app/loadlibrarytest_system_priv_app/loadlibrarytest_system_priv_app.apk' is not allowed.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFileNative(Native Method)
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFile(DexFile.java:406)
Bug: 171233429
Bug: 311263616
Change-Id: I18f70095c793d08a25ff59e1851f6dc7648ce4dc
2024-02-28 04:37:41 +01:00
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "system_ext/framework/*" },
|
|
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "system_ext/app/*" },
|
|
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "system_ext/priv-app/*" },
|
2015-04-01 16:42:01 +02:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "vendor/bin/*" },
|
2020-09-21 12:37:05 +02:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "vendor/apex/*bin/*" },
|
2016-05-27 06:13:07 +02:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "vendor/xbin/*" },
|
adb: Do not use fs_config unless we are root (try 3).
This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
When pushing to a directory that does not have an explicit
fs_config, such as /data/local/tmp or /tmp, use the original
file mode. Because adb copies u permissions into g and o
(and in general because the umask on the host may have
made these files world writable), this requires adding more
fs_config entries to cover directories that may contain dex files
i.e. /{odm,product,system,system_ext,vendor}/{framework,app,priv-app}
to avoid hitting a SecurityException caused by writable dex files, e.g.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: FATAL EXCEPTION: main
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: Process: android.test.app.system_priv, PID: 4815
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: java.lang.SecurityException: Writable dex file '/system/priv-app/loadlibrarytest_system_priv_app/loadlibrarytest_system_priv_app.apk' is not allowed.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFileNative(Native Method)
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFile(DexFile.java:406)
Bug: 171233429
Bug: 311263616
Change-Id: I18f70095c793d08a25ff59e1851f6dc7648ce4dc
2024-02-28 04:37:41 +01:00
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "vendor/framework/*" },
|
|
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "vendor/app/*" },
|
|
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, "vendor/priv-app/*" },
|
|
|
|
|
{},
|
2018-05-25 17:07:19 +02:00
|
|
|
// clang-format on
|
2015-04-01 16:42:01 +02:00
|
|
|
};
|
2017-05-02 17:56:15 +02:00
|
|
|
#ifndef __ANDROID_VNDK__
|
|
|
|
|
auto __for_testing_only__android_files = android_files;
|
|
|
|
|
#endif
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2017-04-05 21:15:49 +02:00
|
|
|
static size_t strip(const char* path, size_t len, const char suffix[]) {
|
|
|
|
|
if (len < strlen(suffix)) return len;
|
|
|
|
|
if (strncmp(path + len - strlen(suffix), suffix, strlen(suffix))) return len;
|
|
|
|
|
return len - strlen(suffix);
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-20 16:15:40 +01:00
|
|
|
static int fs_config_open(int dir, int which, const char* target_out_path) {
|
2015-04-01 18:24:22 +02:00
|
|
|
int fd = -1;
|
|
|
|
|
|
2015-07-09 18:50:31 +02:00
|
|
|
if (target_out_path && *target_out_path) {
|
2017-05-02 17:56:15 +02:00
|
|
|
// target_out_path is the path to the directory holding content of
|
|
|
|
|
// system partition but as we cannot guarantee it ends with '/system'
|
|
|
|
|
// or with or without a trailing slash, need to strip them carefully.
|
2017-03-20 16:15:40 +01:00
|
|
|
char* name = NULL;
|
2017-04-05 21:15:49 +02:00
|
|
|
size_t len = strlen(target_out_path);
|
|
|
|
|
len = strip(target_out_path, len, "/");
|
|
|
|
|
len = strip(target_out_path, len, "/system");
|
|
|
|
|
if (asprintf(&name, "%.*s%s", (int)len, target_out_path, conf[which][dir]) != -1) {
|
2023-09-22 16:37:37 +02:00
|
|
|
fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY));
|
2015-04-01 18:24:22 +02:00
|
|
|
free(name);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (fd < 0) {
|
2023-09-22 16:37:37 +02:00
|
|
|
fd = TEMP_FAILURE_RETRY(open(conf[which][dir], O_RDONLY));
|
2015-04-01 18:24:22 +02:00
|
|
|
}
|
|
|
|
|
return fd;
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-19 20:17:35 +01:00
|
|
|
// if path is "odm/<stuff>", "oem/<stuff>", "product/<stuff>",
|
2019-06-28 07:28:00 +02:00
|
|
|
// "system_ext/<stuff>" or "vendor/<stuff>"
|
2019-02-02 16:34:29 +01:00
|
|
|
static bool is_partition(const std::string& path) {
|
2019-06-28 07:28:00 +02:00
|
|
|
static const char* partitions[] = {"odm/", "oem/", "product/", "system_ext/", "vendor/"};
|
2017-05-02 23:02:17 +02:00
|
|
|
for (size_t i = 0; i < (sizeof(partitions) / sizeof(partitions[0])); ++i) {
|
2019-02-02 16:34:29 +01:00
|
|
|
if (StartsWith(path, partitions[i])) return true;
|
2017-05-02 23:02:17 +02:00
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// alias prefixes of "<partition>/<stuff>" to "system/<partition>/<stuff>" or
|
|
|
|
|
// "system/<partition>/<stuff>" to "<partition>/<stuff>"
|
2019-02-02 16:34:29 +01:00
|
|
|
static bool fs_config_cmp(bool dir, const char* prefix, size_t len, const char* path, size_t plen) {
|
|
|
|
|
std::string pattern(prefix, len);
|
|
|
|
|
std::string input(path, plen);
|
|
|
|
|
|
|
|
|
|
// Massage pattern and input so that they can be used by fnmatch where
|
|
|
|
|
// directories have to end with /.
|
|
|
|
|
if (dir) {
|
|
|
|
|
if (!EndsWith(input, "/")) {
|
|
|
|
|
input.append("/");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!EndsWith(pattern, "/*")) {
|
|
|
|
|
if (EndsWith(pattern, "/")) {
|
|
|
|
|
pattern.append("*");
|
|
|
|
|
} else {
|
|
|
|
|
pattern.append("/*");
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-06-23 00:15:56 +02:00
|
|
|
}
|
|
|
|
|
|
2019-02-02 16:34:29 +01:00
|
|
|
// no FNM_PATHNAME is set in order to match a/b/c/d with a/*
|
|
|
|
|
// FNM_ESCAPE is set in order to prevent using \\? and \\* and maintenance issues.
|
|
|
|
|
const int fnm_flags = FNM_NOESCAPE;
|
|
|
|
|
if (fnmatch(pattern.c_str(), input.c_str(), fnm_flags) == 0) return true;
|
2017-05-02 23:02:17 +02:00
|
|
|
|
2019-05-03 10:48:17 +02:00
|
|
|
// Check match between logical partition's files and patterns.
|
2019-06-28 07:28:00 +02:00
|
|
|
static constexpr const char* kLogicalPartitions[] = {"system/product/", "system/system_ext/",
|
|
|
|
|
"system/vendor/", "vendor/odm/"};
|
2019-05-03 10:48:17 +02:00
|
|
|
for (auto& logical_partition : kLogicalPartitions) {
|
|
|
|
|
if (StartsWith(input, logical_partition)) {
|
|
|
|
|
std::string input_in_partition = input.substr(input.find('/') + 1);
|
|
|
|
|
if (!is_partition(input_in_partition)) continue;
|
|
|
|
|
if (fnmatch(pattern.c_str(), input_in_partition.c_str(), fnm_flags) == 0) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-05-02 23:02:17 +02:00
|
|
|
}
|
2019-05-03 10:48:17 +02:00
|
|
|
return false;
|
2015-04-01 18:24:22 +02:00
|
|
|
}
|
2017-06-23 00:15:56 +02:00
|
|
|
#ifndef __ANDROID_VNDK__
|
|
|
|
|
auto __for_testing_only__fs_config_cmp = fs_config_cmp;
|
|
|
|
|
#endif
|
2015-04-01 18:24:22 +02:00
|
|
|
|
adb: Do not use fs_config unless we are root (try 3).
This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
When pushing to a directory that does not have an explicit
fs_config, such as /data/local/tmp or /tmp, use the original
file mode. Because adb copies u permissions into g and o
(and in general because the umask on the host may have
made these files world writable), this requires adding more
fs_config entries to cover directories that may contain dex files
i.e. /{odm,product,system,system_ext,vendor}/{framework,app,priv-app}
to avoid hitting a SecurityException caused by writable dex files, e.g.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: FATAL EXCEPTION: main
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: Process: android.test.app.system_priv, PID: 4815
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: java.lang.SecurityException: Writable dex file '/system/priv-app/loadlibrarytest_system_priv_app/loadlibrarytest_system_priv_app.apk' is not allowed.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFileNative(Native Method)
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFile(DexFile.java:406)
Bug: 171233429
Bug: 311263616
Change-Id: I18f70095c793d08a25ff59e1851f6dc7648ce4dc
2024-02-28 04:37:41 +01:00
|
|
|
bool get_fs_config(const char* path, bool dir, const char* target_out_path,
|
|
|
|
|
struct fs_config* fs_conf) {
|
2017-03-20 16:15:40 +01:00
|
|
|
const struct fs_path_config* pc;
|
2017-03-20 16:15:40 +01:00
|
|
|
size_t which, plen;
|
2015-04-01 16:42:01 +02:00
|
|
|
|
|
|
|
|
if (path[0] == '/') {
|
|
|
|
|
path++;
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-16 00:30:30 +02:00
|
|
|
plen = strlen(path);
|
2015-04-01 18:24:22 +02:00
|
|
|
|
2017-03-20 16:15:40 +01:00
|
|
|
for (which = 0; which < (sizeof(conf) / sizeof(conf[0])); ++which) {
|
2015-04-16 04:27:39 +02:00
|
|
|
struct fs_path_config_from_file header;
|
|
|
|
|
|
2017-03-20 16:15:40 +01:00
|
|
|
int fd = fs_config_open(dir, which, target_out_path);
|
|
|
|
|
if (fd < 0) continue;
|
|
|
|
|
|
2015-04-16 04:27:39 +02:00
|
|
|
while (TEMP_FAILURE_RETRY(read(fd, &header, sizeof(header))) == sizeof(header)) {
|
2017-03-20 16:15:40 +01:00
|
|
|
char* prefix;
|
2019-06-17 23:28:37 +02:00
|
|
|
uint16_t host_len = header.len;
|
2015-04-16 04:27:39 +02:00
|
|
|
ssize_t len, remainder = host_len - sizeof(header);
|
2015-04-01 18:24:22 +02:00
|
|
|
if (remainder <= 0) {
|
2017-03-20 16:15:40 +01:00
|
|
|
ALOGE("%s len is corrupted", conf[which][dir]);
|
2015-04-16 04:27:39 +02:00
|
|
|
break;
|
|
|
|
|
}
|
2017-05-02 17:56:15 +02:00
|
|
|
prefix = static_cast<char*>(calloc(1, remainder));
|
2015-04-16 04:27:39 +02:00
|
|
|
if (!prefix) {
|
2017-03-20 16:15:40 +01:00
|
|
|
ALOGE("%s out of memory", conf[which][dir]);
|
2015-04-01 18:24:22 +02:00
|
|
|
break;
|
|
|
|
|
}
|
2015-04-16 04:27:39 +02:00
|
|
|
if (TEMP_FAILURE_RETRY(read(fd, prefix, remainder)) != remainder) {
|
|
|
|
|
free(prefix);
|
2017-03-20 16:15:40 +01:00
|
|
|
ALOGE("%s prefix is truncated", conf[which][dir]);
|
2015-04-16 04:27:39 +02:00
|
|
|
break;
|
2015-04-01 18:24:22 +02:00
|
|
|
}
|
2015-04-16 04:27:39 +02:00
|
|
|
len = strnlen(prefix, remainder);
|
2017-05-02 17:56:15 +02:00
|
|
|
if (len >= remainder) { // missing a terminating null
|
2015-04-16 04:27:39 +02:00
|
|
|
free(prefix);
|
2017-03-20 16:15:40 +01:00
|
|
|
ALOGE("%s is corrupted", conf[which][dir]);
|
2015-04-01 18:24:22 +02:00
|
|
|
break;
|
|
|
|
|
}
|
2015-04-16 04:27:39 +02:00
|
|
|
if (fs_config_cmp(dir, prefix, len, path, plen)) {
|
|
|
|
|
free(prefix);
|
|
|
|
|
close(fd);
|
adb: Do not use fs_config unless we are root (try 3).
This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
When pushing to a directory that does not have an explicit
fs_config, such as /data/local/tmp or /tmp, use the original
file mode. Because adb copies u permissions into g and o
(and in general because the umask on the host may have
made these files world writable), this requires adding more
fs_config entries to cover directories that may contain dex files
i.e. /{odm,product,system,system_ext,vendor}/{framework,app,priv-app}
to avoid hitting a SecurityException caused by writable dex files, e.g.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: FATAL EXCEPTION: main
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: Process: android.test.app.system_priv, PID: 4815
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: java.lang.SecurityException: Writable dex file '/system/priv-app/loadlibrarytest_system_priv_app/loadlibrarytest_system_priv_app.apk' is not allowed.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFileNative(Native Method)
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFile(DexFile.java:406)
Bug: 171233429
Bug: 311263616
Change-Id: I18f70095c793d08a25ff59e1851f6dc7648ce4dc
2024-02-28 04:37:41 +01:00
|
|
|
fs_conf->uid = header.uid;
|
|
|
|
|
fs_conf->gid = header.gid;
|
|
|
|
|
fs_conf->mode = header.mode;
|
|
|
|
|
fs_conf->capabilities = header.capabilities;
|
|
|
|
|
return true;
|
2015-04-01 18:24:22 +02:00
|
|
|
}
|
2015-04-16 04:27:39 +02:00
|
|
|
free(prefix);
|
2015-04-16 00:30:30 +02:00
|
|
|
}
|
2015-04-01 18:24:22 +02:00
|
|
|
close(fd);
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-20 16:15:40 +01:00
|
|
|
for (pc = dir ? android_dirs : android_files; pc->prefix; pc++) {
|
2015-04-01 18:24:22 +02:00
|
|
|
if (fs_config_cmp(dir, pc->prefix, strlen(pc->prefix), path, plen)) {
|
adb: Do not use fs_config unless we are root (try 3).
This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
When pushing to a directory that does not have an explicit
fs_config, such as /data/local/tmp or /tmp, use the original
file mode. Because adb copies u permissions into g and o
(and in general because the umask on the host may have
made these files world writable), this requires adding more
fs_config entries to cover directories that may contain dex files
i.e. /{odm,product,system,system_ext,vendor}/{framework,app,priv-app}
to avoid hitting a SecurityException caused by writable dex files, e.g.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: FATAL EXCEPTION: main
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: Process: android.test.app.system_priv, PID: 4815
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: java.lang.SecurityException: Writable dex file '/system/priv-app/loadlibrarytest_system_priv_app/loadlibrarytest_system_priv_app.apk' is not allowed.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFileNative(Native Method)
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFile(DexFile.java:406)
Bug: 171233429
Bug: 311263616
Change-Id: I18f70095c793d08a25ff59e1851f6dc7648ce4dc
2024-02-28 04:37:41 +01:00
|
|
|
fs_conf->uid = pc->uid;
|
|
|
|
|
fs_conf->gid = pc->gid;
|
|
|
|
|
fs_conf->mode = pc->mode;
|
|
|
|
|
fs_conf->capabilities = pc->capabilities;
|
|
|
|
|
return true;
|
2015-04-01 16:42:01 +02:00
|
|
|
}
|
|
|
|
|
}
|
adb: Do not use fs_config unless we are root (try 3).
This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
When pushing to a directory that does not have an explicit
fs_config, such as /data/local/tmp or /tmp, use the original
file mode. Because adb copies u permissions into g and o
(and in general because the umask on the host may have
made these files world writable), this requires adding more
fs_config entries to cover directories that may contain dex files
i.e. /{odm,product,system,system_ext,vendor}/{framework,app,priv-app}
to avoid hitting a SecurityException caused by writable dex files, e.g.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: FATAL EXCEPTION: main
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: Process: android.test.app.system_priv, PID: 4815
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: java.lang.SecurityException: Writable dex file '/system/priv-app/loadlibrarytest_system_priv_app/loadlibrarytest_system_priv_app.apk' is not allowed.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFileNative(Native Method)
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFile(DexFile.java:406)
Bug: 171233429
Bug: 311263616
Change-Id: I18f70095c793d08a25ff59e1851f6dc7648ce4dc
2024-02-28 04:37:41 +01:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void fs_config(const char* path, int dir, const char* target_out_path, unsigned* uid, unsigned* gid,
|
|
|
|
|
unsigned* mode, uint64_t* capabilities) {
|
|
|
|
|
struct fs_config conf;
|
|
|
|
|
if (get_fs_config(path, dir, target_out_path, &conf)) {
|
|
|
|
|
*uid = conf.uid;
|
|
|
|
|
*gid = conf.gid;
|
|
|
|
|
*mode = (*mode & S_IFMT) | conf.mode;
|
|
|
|
|
*capabilities = conf.capabilities;
|
|
|
|
|
} else {
|
|
|
|
|
*uid = AID_ROOT;
|
|
|
|
|
*gid = AID_ROOT;
|
|
|
|
|
*mode = (*mode & S_IFMT) | (dir ? 0755 : 0644);
|
|
|
|
|
*capabilities = 0;
|
|
|
|
|
}
|
2015-04-01 16:42:01 +02:00
|
|
|
}
|
