2015-04-01 16:42:01 +02:00
|
|
|
/*
|
|
|
|
|
* Copyright (C) 2007 The Android Open Source Project
|
|
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
2017-11-10 19:22:07 +01:00
|
|
|
#include <private/fs_config.h>
|
|
|
|
|
|
2017-05-02 17:56:15 +02:00
|
|
|
// This file is used to define the properties of the filesystem
|
|
|
|
|
// images generated by build tools (mkbootfs and mkyaffs2image) and
|
|
|
|
|
// by the device side of adb.
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2015-04-01 18:24:22 +02:00
|
|
|
#define LOG_TAG "fs_config"
|
|
|
|
|
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <fcntl.h>
|
2019-02-02 16:34:29 +01:00
|
|
|
#include <fnmatch.h>
|
2015-04-01 16:42:01 +02:00
|
|
|
#include <stdint.h>
|
2015-04-01 18:24:22 +02:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
2015-04-01 16:42:01 +02:00
|
|
|
#include <string.h>
|
|
|
|
|
#include <sys/stat.h>
|
2015-04-01 18:24:22 +02:00
|
|
|
#include <sys/types.h>
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2019-02-02 16:34:29 +01:00
|
|
|
#include <string>
|
|
|
|
|
|
|
|
|
|
#include <android-base/strings.h>
|
2017-01-10 22:19:54 +01:00
|
|
|
#include <log/log.h>
|
2015-04-01 16:42:01 +02:00
|
|
|
#include <private/android_filesystem_config.h>
|
2015-04-16 17:13:32 +02:00
|
|
|
#include <utils/Compat.h>
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2015-04-16 17:40:55 +02:00
|
|
|
#ifndef O_BINARY
|
|
|
|
|
#define O_BINARY 0
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-02-02 16:34:29 +01:00
|
|
|
using android::base::EndsWith;
|
|
|
|
|
using android::base::StartsWith;
|
|
|
|
|
|
2017-05-02 17:56:15 +02:00
|
|
|
// My kingdom for <endian.h>
|
|
|
|
|
static inline uint16_t get2LE(const uint8_t* src) {
|
|
|
|
|
return src[0] | (src[1] << 8);
|
|
|
|
|
}
|
2015-04-01 18:24:22 +02:00
|
|
|
|
2017-03-20 16:15:40 +01:00
|
|
|
static inline uint64_t get8LE(const uint8_t* src) {
|
2015-04-01 18:24:22 +02:00
|
|
|
uint32_t low, high;
|
|
|
|
|
|
|
|
|
|
low = src[0] | (src[1] << 8) | (src[2] << 16) | (src[3] << 24);
|
|
|
|
|
high = src[4] | (src[5] << 8) | (src[6] << 16) | (src[7] << 24);
|
2017-03-20 16:15:40 +01:00
|
|
|
return ((uint64_t)high << 32) | (uint64_t)low;
|
2015-04-01 18:24:22 +02:00
|
|
|
}
|
|
|
|
|
|
2017-03-20 16:15:40 +01:00
|
|
|
#define ALIGN(x, alignment) (((x) + ((alignment)-1)) & ~((alignment)-1))
|
2015-04-01 20:02:00 +02:00
|
|
|
|
2017-05-02 17:56:15 +02:00
|
|
|
// Rules for directories.
|
|
|
|
|
// These rules are applied based on "first match", so they
|
|
|
|
|
// should start with the most specific path and work their
|
|
|
|
|
// way up to the root.
|
2015-04-01 16:42:01 +02:00
|
|
|
|
|
|
|
|
static const struct fs_path_config android_dirs[] = {
|
Set bin directories to 0751
Currently, /system/bin, /system/xbin, /product/bin, and /vendor/bin
are 0755, which allows any process to iterate through those
directories and list out the contents. For the vast majority of
processes, this is unnecessary. They only need to know whether a
particular binary exists or doesn't exist, but they don't need to
know the other binaries within those directories.
Allowing this is particularly problematic for SELinux. In particular,
some third party Android applications try to examine every file in
the bin directories, generating SELinux audit noise along the
way. This audit noise makes it harder to see real bugs, and falsely
implies an architectural dependency between the application and random
files in directories like /system/bin.
This change removes the ability to list the contents of the various bin
directories, preventing random probing by such apps. The ability to
execute files, or to probe a specific file by name, remain unchanged.
Addresses SELinux denials similar to the following:
avc: denied { getattr } for comm="Thread-11" path="/system/bin/atrace" dev="dm-0" ino=189 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=uk.co.santander.santanderUK
avc: denied { getattr } for comm="Binder:26637_2" path="/system/bin/atrace" dev="dm-0" ino=168 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=com.tencent.mm
avc: denied { getattr } for comm="Thread-12" path="/system/bin/apexd" dev="dm-0" ino=451 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:apexd_exec:s0 tclass=file permissive=1 app=com.grppl.android.shell.CMBlloydsTSB73
Shell access to these directories continues to be allowed, to allow for
host-side CTS tests.
Also adjust the indentation of some clang directives, to make the
presubmit hooks happy.
Test: Device boots and no apparent problems.
Change-Id: Ibe75682fac1983d39f3f479a5850ab5a96f6627d
2018-11-11 17:39:20 +01:00
|
|
|
// clang-format off
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00770, AID_SYSTEM, AID_CACHE, 0, "cache" },
|
2018-02-07 19:55:56 +01:00
|
|
|
{ 00555, AID_ROOT, AID_ROOT, 0, "config" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app" },
|
|
|
|
|
{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private" },
|
|
|
|
|
{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app-ephemeral" },
|
|
|
|
|
{ 00771, AID_ROOT, AID_ROOT, 0, "data/dalvik-cache" },
|
|
|
|
|
{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/data" },
|
|
|
|
|
{ 00771, AID_SHELL, AID_SHELL, 0, "data/local/tmp" },
|
|
|
|
|
{ 00771, AID_SHELL, AID_SHELL, 0, "data/local" },
|
|
|
|
|
{ 00770, AID_DHCP, AID_DHCP, 0, "data/misc/dhcp" },
|
2015-04-01 16:42:01 +02:00
|
|
|
{ 00771, AID_SHARED_RELRO, AID_SHARED_RELRO, 0, "data/misc/shared_relro" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 01771, AID_SYSTEM, AID_MISC, 0, "data/misc" },
|
|
|
|
|
{ 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/Music" },
|
|
|
|
|
{ 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media" },
|
|
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest" },
|
|
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest64" },
|
|
|
|
|
{ 00775, AID_ROOT, AID_ROOT, 0, "data/preloads" },
|
|
|
|
|
{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data" },
|
|
|
|
|
{ 00755, AID_ROOT, AID_SYSTEM, 0, "mnt" },
|
Set bin directories to 0751
Currently, /system/bin, /system/xbin, /product/bin, and /vendor/bin
are 0755, which allows any process to iterate through those
directories and list out the contents. For the vast majority of
processes, this is unnecessary. They only need to know whether a
particular binary exists or doesn't exist, but they don't need to
know the other binaries within those directories.
Allowing this is particularly problematic for SELinux. In particular,
some third party Android applications try to examine every file in
the bin directories, generating SELinux audit noise along the
way. This audit noise makes it harder to see real bugs, and falsely
implies an architectural dependency between the application and random
files in directories like /system/bin.
This change removes the ability to list the contents of the various bin
directories, preventing random probing by such apps. The ability to
execute files, or to probe a specific file by name, remain unchanged.
Addresses SELinux denials similar to the following:
avc: denied { getattr } for comm="Thread-11" path="/system/bin/atrace" dev="dm-0" ino=189 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=uk.co.santander.santanderUK
avc: denied { getattr } for comm="Binder:26637_2" path="/system/bin/atrace" dev="dm-0" ino=168 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=com.tencent.mm
avc: denied { getattr } for comm="Thread-12" path="/system/bin/apexd" dev="dm-0" ino=451 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:apexd_exec:s0 tclass=file permissive=1 app=com.grppl.android.shell.CMBlloydsTSB73
Shell access to these directories continues to be allowed, to allow for
host-side CTS tests.
Also adjust the indentation of some clang directives, to make the
presubmit hooks happy.
Test: Device boots and no apparent problems.
Change-Id: Ibe75682fac1983d39f3f479a5850ab5a96f6627d
2018-11-11 17:39:20 +01:00
|
|
|
{ 00751, AID_ROOT, AID_SHELL, 0, "product/bin" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "sbin" },
|
|
|
|
|
{ 00777, AID_ROOT, AID_ROOT, 0, "sdcard" },
|
|
|
|
|
{ 00751, AID_ROOT, AID_SDCARD_R, 0, "storage" },
|
2019-04-02 17:54:17 +02:00
|
|
|
{ 00751, AID_ROOT, AID_SHELL, 0, "system/bin" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00755, AID_ROOT, AID_ROOT, 0, "system/etc/ppp" },
|
|
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/vendor" },
|
Set bin directories to 0751
Currently, /system/bin, /system/xbin, /product/bin, and /vendor/bin
are 0755, which allows any process to iterate through those
directories and list out the contents. For the vast majority of
processes, this is unnecessary. They only need to know whether a
particular binary exists or doesn't exist, but they don't need to
know the other binaries within those directories.
Allowing this is particularly problematic for SELinux. In particular,
some third party Android applications try to examine every file in
the bin directories, generating SELinux audit noise along the
way. This audit noise makes it harder to see real bugs, and falsely
implies an architectural dependency between the application and random
files in directories like /system/bin.
This change removes the ability to list the contents of the various bin
directories, preventing random probing by such apps. The ability to
execute files, or to probe a specific file by name, remain unchanged.
Addresses SELinux denials similar to the following:
avc: denied { getattr } for comm="Thread-11" path="/system/bin/atrace" dev="dm-0" ino=189 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=uk.co.santander.santanderUK
avc: denied { getattr } for comm="Binder:26637_2" path="/system/bin/atrace" dev="dm-0" ino=168 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=com.tencent.mm
avc: denied { getattr } for comm="Thread-12" path="/system/bin/apexd" dev="dm-0" ino=451 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:apexd_exec:s0 tclass=file permissive=1 app=com.grppl.android.shell.CMBlloydsTSB73
Shell access to these directories continues to be allowed, to allow for
host-side CTS tests.
Also adjust the indentation of some clang directives, to make the
presubmit hooks happy.
Test: Device boots and no apparent problems.
Change-Id: Ibe75682fac1983d39f3f479a5850ab5a96f6627d
2018-11-11 17:39:20 +01:00
|
|
|
{ 00751, AID_ROOT, AID_SHELL, 0, "system/xbin" },
|
2019-02-08 18:58:12 +01:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/apex/*/bin" },
|
Set bin directories to 0751
Currently, /system/bin, /system/xbin, /product/bin, and /vendor/bin
are 0755, which allows any process to iterate through those
directories and list out the contents. For the vast majority of
processes, this is unnecessary. They only need to know whether a
particular binary exists or doesn't exist, but they don't need to
know the other binaries within those directories.
Allowing this is particularly problematic for SELinux. In particular,
some third party Android applications try to examine every file in
the bin directories, generating SELinux audit noise along the
way. This audit noise makes it harder to see real bugs, and falsely
implies an architectural dependency between the application and random
files in directories like /system/bin.
This change removes the ability to list the contents of the various bin
directories, preventing random probing by such apps. The ability to
execute files, or to probe a specific file by name, remain unchanged.
Addresses SELinux denials similar to the following:
avc: denied { getattr } for comm="Thread-11" path="/system/bin/atrace" dev="dm-0" ino=189 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=uk.co.santander.santanderUK
avc: denied { getattr } for comm="Binder:26637_2" path="/system/bin/atrace" dev="dm-0" ino=168 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=com.tencent.mm
avc: denied { getattr } for comm="Thread-12" path="/system/bin/apexd" dev="dm-0" ino=451 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:apexd_exec:s0 tclass=file permissive=1 app=com.grppl.android.shell.CMBlloydsTSB73
Shell access to these directories continues to be allowed, to allow for
host-side CTS tests.
Also adjust the indentation of some clang directives, to make the
presubmit hooks happy.
Test: Device boots and no apparent problems.
Change-Id: Ibe75682fac1983d39f3f479a5850ab5a96f6627d
2018-11-11 17:39:20 +01:00
|
|
|
{ 00751, AID_ROOT, AID_SHELL, 0, "vendor/bin" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "vendor" },
|
|
|
|
|
{ 00755, AID_ROOT, AID_ROOT, 0, 0 },
|
Set bin directories to 0751
Currently, /system/bin, /system/xbin, /product/bin, and /vendor/bin
are 0755, which allows any process to iterate through those
directories and list out the contents. For the vast majority of
processes, this is unnecessary. They only need to know whether a
particular binary exists or doesn't exist, but they don't need to
know the other binaries within those directories.
Allowing this is particularly problematic for SELinux. In particular,
some third party Android applications try to examine every file in
the bin directories, generating SELinux audit noise along the
way. This audit noise makes it harder to see real bugs, and falsely
implies an architectural dependency between the application and random
files in directories like /system/bin.
This change removes the ability to list the contents of the various bin
directories, preventing random probing by such apps. The ability to
execute files, or to probe a specific file by name, remain unchanged.
Addresses SELinux denials similar to the following:
avc: denied { getattr } for comm="Thread-11" path="/system/bin/atrace" dev="dm-0" ino=189 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=uk.co.santander.santanderUK
avc: denied { getattr } for comm="Binder:26637_2" path="/system/bin/atrace" dev="dm-0" ino=168 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=com.tencent.mm
avc: denied { getattr } for comm="Thread-12" path="/system/bin/apexd" dev="dm-0" ino=451 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:apexd_exec:s0 tclass=file permissive=1 app=com.grppl.android.shell.CMBlloydsTSB73
Shell access to these directories continues to be allowed, to allow for
host-side CTS tests.
Also adjust the indentation of some clang directives, to make the
presubmit hooks happy.
Test: Device boots and no apparent problems.
Change-Id: Ibe75682fac1983d39f3f479a5850ab5a96f6627d
2018-11-11 17:39:20 +01:00
|
|
|
// clang-format on
|
2015-04-01 16:42:01 +02:00
|
|
|
};
|
2017-05-02 17:56:15 +02:00
|
|
|
#ifndef __ANDROID_VNDK__
|
|
|
|
|
auto __for_testing_only__android_dirs = android_dirs;
|
|
|
|
|
#endif
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2017-05-02 17:56:15 +02:00
|
|
|
// Rules for files.
|
|
|
|
|
// These rules are applied based on "first match", so they
|
|
|
|
|
// should start with the most specific path and work their
|
|
|
|
|
// way up to the root. Prefixes ending in * denotes wildcard
|
|
|
|
|
// and will allow partial matches.
|
2017-03-20 16:15:40 +01:00
|
|
|
static const char sys_conf_dir[] = "/system/etc/fs_config_dirs";
|
|
|
|
|
static const char sys_conf_file[] = "/system/etc/fs_config_files";
|
2017-05-02 17:56:15 +02:00
|
|
|
// No restrictions are placed on the vendor and oem file-system config files,
|
|
|
|
|
// although the developer is advised to restrict the scope to the /vendor or
|
|
|
|
|
// oem/ file-system since the intent is to provide support for customized
|
|
|
|
|
// portions of a separate vendor.img or oem.img. Has to remain open so that
|
2018-11-19 20:17:35 +01:00
|
|
|
// customization can also land on /system/vendor, /system/oem, /system/odm,
|
|
|
|
|
// /system/product or /system/product_services.
|
|
|
|
|
//
|
2017-05-02 17:56:15 +02:00
|
|
|
// We expect build-time checking or filtering when constructing the associated
|
|
|
|
|
// fs_config_* files (see build/tools/fs_config/fs_config_generate.c)
|
2017-03-20 16:15:40 +01:00
|
|
|
static const char ven_conf_dir[] = "/vendor/etc/fs_config_dirs";
|
|
|
|
|
static const char ven_conf_file[] = "/vendor/etc/fs_config_files";
|
2017-03-21 16:09:52 +01:00
|
|
|
static const char oem_conf_dir[] = "/oem/etc/fs_config_dirs";
|
|
|
|
|
static const char oem_conf_file[] = "/oem/etc/fs_config_files";
|
2017-03-22 23:23:24 +01:00
|
|
|
static const char odm_conf_dir[] = "/odm/etc/fs_config_dirs";
|
|
|
|
|
static const char odm_conf_file[] = "/odm/etc/fs_config_files";
|
2018-11-19 20:17:35 +01:00
|
|
|
static const char product_conf_dir[] = "/product/etc/fs_config_dirs";
|
|
|
|
|
static const char product_conf_file[] = "/product/etc/fs_config_files";
|
|
|
|
|
static const char product_services_conf_dir[] = "/product_services/etc/fs_config_dirs";
|
|
|
|
|
static const char product_services_conf_file[] = "/product_services/etc/fs_config_files";
|
2017-03-20 16:15:40 +01:00
|
|
|
static const char* conf[][2] = {
|
2018-11-19 20:17:35 +01:00
|
|
|
{sys_conf_file, sys_conf_dir},
|
|
|
|
|
{ven_conf_file, ven_conf_dir},
|
|
|
|
|
{oem_conf_file, oem_conf_dir},
|
|
|
|
|
{odm_conf_file, odm_conf_dir},
|
|
|
|
|
{product_conf_file, product_conf_dir},
|
|
|
|
|
{product_services_conf_file, product_services_conf_dir},
|
2017-03-20 16:15:40 +01:00
|
|
|
};
|
2015-04-01 18:24:22 +02:00
|
|
|
|
2018-03-28 22:25:11 +02:00
|
|
|
// Do not use android_files to grant Linux capabilities. Use ambient capabilities in their
|
|
|
|
|
// associated init.rc file instead. See https://source.android.com/devices/tech/config/ambient.
|
|
|
|
|
|
|
|
|
|
// Do not place any new vendor/, data/vendor/, etc entries in android_files.
|
|
|
|
|
// Vendor entries should be done via a vendor or device specific config.fs.
|
|
|
|
|
// See https://source.android.com/devices/tech/config/filesystem#using-file-system-capabilities
|
2015-04-01 16:42:01 +02:00
|
|
|
static const struct fs_path_config android_files[] = {
|
2018-05-25 17:07:19 +02:00
|
|
|
// clang-format off
|
2015-04-01 16:42:01 +02:00
|
|
|
{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app/*" },
|
2015-11-24 00:24:13 +01:00
|
|
|
{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-ephemeral/*" },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private/*" },
|
2015-04-01 16:42:01 +02:00
|
|
|
{ 00644, AID_APP, AID_APP, 0, "data/data/*" },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00644, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/*" },
|
2015-11-15 03:25:31 +01:00
|
|
|
{ 00640, AID_ROOT, AID_SHELL, 0, "data/nativetest/tests.txt" },
|
|
|
|
|
{ 00640, AID_ROOT, AID_SHELL, 0, "data/nativetest64/tests.txt" },
|
2015-10-28 23:52:37 +01:00
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest/*" },
|
|
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest64/*" },
|
2017-06-02 12:59:46 +02:00
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "default.prop" }, // legacy
|
|
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "system/etc/prop.default" },
|
2017-05-25 13:18:17 +02:00
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "odm/build.prop" },
|
|
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "odm/default.prop" },
|
2017-03-22 23:23:24 +01:00
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, odm_conf_dir + 1 },
|
|
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, odm_conf_file + 1 },
|
2017-03-21 16:09:52 +01:00
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, oem_conf_dir + 1 },
|
|
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, oem_conf_file + 1 },
|
2017-11-28 04:10:10 +01:00
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "product/build.prop" },
|
2018-11-19 20:17:35 +01:00
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, product_conf_dir + 1 },
|
|
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, product_conf_file + 1 },
|
2018-08-17 02:01:25 +02:00
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "product_services/build.prop" },
|
2018-11-19 20:17:35 +01:00
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, product_services_conf_dir + 1 },
|
|
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, product_services_conf_file + 1 },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "sbin/fs_mgr" },
|
|
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/crash_dump32" },
|
|
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/crash_dump64" },
|
|
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/debuggerd" },
|
|
|
|
|
{ 00750, AID_ROOT, AID_ROOT, 0, "system/bin/install-recovery.sh" },
|
2018-06-09 00:00:40 +02:00
|
|
|
{ 00550, AID_LOGD, AID_LOGD, 0, "system/bin/logd" },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00700, AID_ROOT, AID_ROOT, 0, "system/bin/secilc" },
|
|
|
|
|
{ 00750, AID_ROOT, AID_ROOT, 0, "system/bin/uncrypt" },
|
2017-05-25 13:18:17 +02:00
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "system/build.prop" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, sys_conf_dir + 1 },
|
|
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, sys_conf_file + 1 },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00440, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.rc" },
|
|
|
|
|
{ 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.sh" },
|
|
|
|
|
{ 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.ril" },
|
|
|
|
|
{ 00555, AID_ROOT, AID_ROOT, 0, "system/etc/ppp/*" },
|
|
|
|
|
{ 00555, AID_ROOT, AID_ROOT, 0, "system/etc/rc.*" },
|
|
|
|
|
{ 00440, AID_ROOT, AID_ROOT, 0, "system/etc/recovery.img" },
|
2017-05-25 13:18:17 +02:00
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "vendor/build.prop" },
|
|
|
|
|
{ 00600, AID_ROOT, AID_ROOT, 0, "vendor/default.prop" },
|
2017-03-20 16:15:40 +01:00
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, ven_conf_dir + 1 },
|
|
|
|
|
{ 00444, AID_ROOT, AID_ROOT, 0, ven_conf_file + 1 },
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2017-05-02 17:56:15 +02:00
|
|
|
// the following two files are INTENTIONALLY set-uid, but they
|
|
|
|
|
// are NOT included on user builds.
|
2015-04-01 16:42:01 +02:00
|
|
|
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2017-05-02 17:56:15 +02:00
|
|
|
// the following files have enhanced capabilities and ARE included
|
|
|
|
|
// in user builds.
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00700, AID_SYSTEM, AID_SHELL, CAP_MASK_LONG(CAP_BLOCK_SUSPEND),
|
|
|
|
|
"system/bin/inputflinger" },
|
2016-10-28 21:41:17 +02:00
|
|
|
{ 00750, AID_ROOT, AID_SHELL, CAP_MASK_LONG(CAP_SETUID) |
|
|
|
|
|
CAP_MASK_LONG(CAP_SETGID),
|
|
|
|
|
"system/bin/run-as" },
|
2019-01-09 01:31:56 +01:00
|
|
|
{ 00750, AID_ROOT, AID_SHELL, CAP_MASK_LONG(CAP_SETUID) |
|
|
|
|
|
CAP_MASK_LONG(CAP_SETGID),
|
|
|
|
|
"system/bin/simpleperf_app_runner" },
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2017-05-02 17:56:15 +02:00
|
|
|
// Support FIFO scheduling mode in SurfaceFlinger.
|
2016-10-28 21:41:17 +02:00
|
|
|
{ 00755, AID_SYSTEM, AID_GRAPHICS, CAP_MASK_LONG(CAP_SYS_NICE),
|
|
|
|
|
"system/bin/surfaceflinger" },
|
2017-05-02 17:56:15 +02:00
|
|
|
// generic defaults
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00755, AID_ROOT, AID_ROOT, 0, "bin/*" },
|
|
|
|
|
{ 00640, AID_ROOT, AID_SHELL, 0, "fstab.*" },
|
|
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "init*" },
|
2018-05-31 06:03:58 +02:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "product/bin/*" },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00750, AID_ROOT, AID_SHELL, 0, "sbin/*" },
|
2015-04-01 16:42:01 +02:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/*" },
|
2017-03-20 16:53:24 +01:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/xbin/*" },
|
2019-02-08 18:58:12 +01:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "system/apex/*/bin/*" },
|
2015-04-01 16:42:01 +02:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "vendor/bin/*" },
|
2016-05-27 06:13:07 +02:00
|
|
|
{ 00755, AID_ROOT, AID_SHELL, 0, "vendor/xbin/*" },
|
2015-04-01 16:42:01 +02:00
|
|
|
{ 00644, AID_ROOT, AID_ROOT, 0, 0 },
|
2018-05-25 17:07:19 +02:00
|
|
|
// clang-format on
|
2015-04-01 16:42:01 +02:00
|
|
|
};
|
2017-05-02 17:56:15 +02:00
|
|
|
#ifndef __ANDROID_VNDK__
|
|
|
|
|
auto __for_testing_only__android_files = android_files;
|
|
|
|
|
#endif
|
2015-04-01 16:42:01 +02:00
|
|
|
|
2017-04-05 21:15:49 +02:00
|
|
|
static size_t strip(const char* path, size_t len, const char suffix[]) {
|
|
|
|
|
if (len < strlen(suffix)) return len;
|
|
|
|
|
if (strncmp(path + len - strlen(suffix), suffix, strlen(suffix))) return len;
|
|
|
|
|
return len - strlen(suffix);
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-20 16:15:40 +01:00
|
|
|
static int fs_config_open(int dir, int which, const char* target_out_path) {
|
2015-04-01 18:24:22 +02:00
|
|
|
int fd = -1;
|
|
|
|
|
|
2015-07-09 18:50:31 +02:00
|
|
|
if (target_out_path && *target_out_path) {
|
2017-05-02 17:56:15 +02:00
|
|
|
// target_out_path is the path to the directory holding content of
|
|
|
|
|
// system partition but as we cannot guarantee it ends with '/system'
|
|
|
|
|
// or with or without a trailing slash, need to strip them carefully.
|
2017-03-20 16:15:40 +01:00
|
|
|
char* name = NULL;
|
2017-04-05 21:15:49 +02:00
|
|
|
size_t len = strlen(target_out_path);
|
|
|
|
|
len = strip(target_out_path, len, "/");
|
|
|
|
|
len = strip(target_out_path, len, "/system");
|
|
|
|
|
if (asprintf(&name, "%.*s%s", (int)len, target_out_path, conf[which][dir]) != -1) {
|
2015-04-16 17:40:55 +02:00
|
|
|
fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_BINARY));
|
2015-04-01 18:24:22 +02:00
|
|
|
free(name);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (fd < 0) {
|
2017-03-20 16:15:40 +01:00
|
|
|
fd = TEMP_FAILURE_RETRY(open(conf[which][dir], O_RDONLY | O_BINARY));
|
2015-04-01 18:24:22 +02:00
|
|
|
}
|
|
|
|
|
return fd;
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-19 20:17:35 +01:00
|
|
|
// if path is "odm/<stuff>", "oem/<stuff>", "product/<stuff>",
|
|
|
|
|
// "product_services/<stuff>" or "vendor/<stuff>"
|
2019-02-02 16:34:29 +01:00
|
|
|
static bool is_partition(const std::string& path) {
|
2018-11-19 20:17:35 +01:00
|
|
|
static const char* partitions[] = {"odm/", "oem/", "product/", "product_services/", "vendor/"};
|
2017-05-02 23:02:17 +02:00
|
|
|
for (size_t i = 0; i < (sizeof(partitions) / sizeof(partitions[0])); ++i) {
|
2019-02-02 16:34:29 +01:00
|
|
|
if (StartsWith(path, partitions[i])) return true;
|
2017-05-02 23:02:17 +02:00
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// alias prefixes of "<partition>/<stuff>" to "system/<partition>/<stuff>" or
|
|
|
|
|
// "system/<partition>/<stuff>" to "<partition>/<stuff>"
|
2019-02-02 16:34:29 +01:00
|
|
|
static bool fs_config_cmp(bool dir, const char* prefix, size_t len, const char* path, size_t plen) {
|
|
|
|
|
std::string pattern(prefix, len);
|
|
|
|
|
std::string input(path, plen);
|
|
|
|
|
|
|
|
|
|
// Massage pattern and input so that they can be used by fnmatch where
|
|
|
|
|
// directories have to end with /.
|
|
|
|
|
if (dir) {
|
|
|
|
|
if (!EndsWith(input, "/")) {
|
|
|
|
|
input.append("/");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!EndsWith(pattern, "/*")) {
|
|
|
|
|
if (EndsWith(pattern, "/")) {
|
|
|
|
|
pattern.append("*");
|
|
|
|
|
} else {
|
|
|
|
|
pattern.append("/*");
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-06-23 00:15:56 +02:00
|
|
|
}
|
|
|
|
|
|
2019-02-02 16:34:29 +01:00
|
|
|
// no FNM_PATHNAME is set in order to match a/b/c/d with a/*
|
|
|
|
|
// FNM_ESCAPE is set in order to prevent using \\? and \\* and maintenance issues.
|
|
|
|
|
const int fnm_flags = FNM_NOESCAPE;
|
|
|
|
|
if (fnmatch(pattern.c_str(), input.c_str(), fnm_flags) == 0) return true;
|
2017-05-02 23:02:17 +02:00
|
|
|
|
2019-02-02 16:34:29 +01:00
|
|
|
static constexpr const char* kSystem = "system/";
|
|
|
|
|
if (StartsWith(input, kSystem)) {
|
|
|
|
|
input.erase(0, strlen(kSystem));
|
|
|
|
|
} else if (input.size() <= strlen(kSystem)) {
|
2017-05-02 23:02:17 +02:00
|
|
|
return false;
|
2019-02-02 16:34:29 +01:00
|
|
|
} else if (StartsWith(pattern, kSystem)) {
|
|
|
|
|
pattern.erase(0, strlen(kSystem));
|
2017-05-02 23:02:17 +02:00
|
|
|
} else {
|
2019-02-02 16:34:29 +01:00
|
|
|
return false;
|
2017-05-02 23:02:17 +02:00
|
|
|
}
|
2019-02-02 16:34:29 +01:00
|
|
|
|
|
|
|
|
if (!is_partition(pattern)) return false;
|
|
|
|
|
if (!is_partition(input)) return false;
|
|
|
|
|
return fnmatch(pattern.c_str(), input.c_str(), fnm_flags) == 0;
|
2015-04-01 18:24:22 +02:00
|
|
|
}
|
2017-06-23 00:15:56 +02:00
|
|
|
#ifndef __ANDROID_VNDK__
|
|
|
|
|
auto __for_testing_only__fs_config_cmp = fs_config_cmp;
|
|
|
|
|
#endif
|
2015-04-01 18:24:22 +02:00
|
|
|
|
2017-03-20 16:15:40 +01:00
|
|
|
void fs_config(const char* path, int dir, const char* target_out_path, unsigned* uid, unsigned* gid,
|
|
|
|
|
unsigned* mode, uint64_t* capabilities) {
|
|
|
|
|
const struct fs_path_config* pc;
|
2017-03-20 16:15:40 +01:00
|
|
|
size_t which, plen;
|
2015-04-01 16:42:01 +02:00
|
|
|
|
|
|
|
|
if (path[0] == '/') {
|
|
|
|
|
path++;
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-16 00:30:30 +02:00
|
|
|
plen = strlen(path);
|
2015-04-01 18:24:22 +02:00
|
|
|
|
2017-03-20 16:15:40 +01:00
|
|
|
for (which = 0; which < (sizeof(conf) / sizeof(conf[0])); ++which) {
|
2015-04-16 04:27:39 +02:00
|
|
|
struct fs_path_config_from_file header;
|
|
|
|
|
|
2017-03-20 16:15:40 +01:00
|
|
|
int fd = fs_config_open(dir, which, target_out_path);
|
|
|
|
|
if (fd < 0) continue;
|
|
|
|
|
|
2015-04-16 04:27:39 +02:00
|
|
|
while (TEMP_FAILURE_RETRY(read(fd, &header, sizeof(header))) == sizeof(header)) {
|
2017-03-20 16:15:40 +01:00
|
|
|
char* prefix;
|
|
|
|
|
uint16_t host_len = get2LE((const uint8_t*)&header.len);
|
2015-04-16 04:27:39 +02:00
|
|
|
ssize_t len, remainder = host_len - sizeof(header);
|
2015-04-01 18:24:22 +02:00
|
|
|
if (remainder <= 0) {
|
2017-03-20 16:15:40 +01:00
|
|
|
ALOGE("%s len is corrupted", conf[which][dir]);
|
2015-04-16 04:27:39 +02:00
|
|
|
break;
|
|
|
|
|
}
|
2017-05-02 17:56:15 +02:00
|
|
|
prefix = static_cast<char*>(calloc(1, remainder));
|
2015-04-16 04:27:39 +02:00
|
|
|
if (!prefix) {
|
2017-03-20 16:15:40 +01:00
|
|
|
ALOGE("%s out of memory", conf[which][dir]);
|
2015-04-01 18:24:22 +02:00
|
|
|
break;
|
|
|
|
|
}
|
2015-04-16 04:27:39 +02:00
|
|
|
if (TEMP_FAILURE_RETRY(read(fd, prefix, remainder)) != remainder) {
|
|
|
|
|
free(prefix);
|
2017-03-20 16:15:40 +01:00
|
|
|
ALOGE("%s prefix is truncated", conf[which][dir]);
|
2015-04-16 04:27:39 +02:00
|
|
|
break;
|
2015-04-01 18:24:22 +02:00
|
|
|
}
|
2015-04-16 04:27:39 +02:00
|
|
|
len = strnlen(prefix, remainder);
|
2017-05-02 17:56:15 +02:00
|
|
|
if (len >= remainder) { // missing a terminating null
|
2015-04-16 04:27:39 +02:00
|
|
|
free(prefix);
|
2017-03-20 16:15:40 +01:00
|
|
|
ALOGE("%s is corrupted", conf[which][dir]);
|
2015-04-01 18:24:22 +02:00
|
|
|
break;
|
|
|
|
|
}
|
2015-04-16 04:27:39 +02:00
|
|
|
if (fs_config_cmp(dir, prefix, len, path, plen)) {
|
|
|
|
|
free(prefix);
|
|
|
|
|
close(fd);
|
2017-03-20 16:15:40 +01:00
|
|
|
*uid = get2LE((const uint8_t*)&(header.uid));
|
|
|
|
|
*gid = get2LE((const uint8_t*)&(header.gid));
|
|
|
|
|
*mode = (*mode & (~07777)) | get2LE((const uint8_t*)&(header.mode));
|
|
|
|
|
*capabilities = get8LE((const uint8_t*)&(header.capabilities));
|
2015-04-16 04:27:39 +02:00
|
|
|
return;
|
2015-04-01 18:24:22 +02:00
|
|
|
}
|
2015-04-16 04:27:39 +02:00
|
|
|
free(prefix);
|
2015-04-16 00:30:30 +02:00
|
|
|
}
|
2015-04-01 18:24:22 +02:00
|
|
|
close(fd);
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-20 16:15:40 +01:00
|
|
|
for (pc = dir ? android_dirs : android_files; pc->prefix; pc++) {
|
2015-04-01 18:24:22 +02:00
|
|
|
if (fs_config_cmp(dir, pc->prefix, strlen(pc->prefix), path, plen)) {
|
|
|
|
|
break;
|
2015-04-01 16:42:01 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
*uid = pc->uid;
|
|
|
|
|
*gid = pc->gid;
|
|
|
|
|
*mode = (*mode & (~07777)) | pc->mode;
|
|
|
|
|
*capabilities = pc->capabilities;
|
|
|
|
|
}
|
2015-04-01 20:02:00 +02:00
|
|
|
|
2017-03-20 16:15:40 +01:00
|
|
|
ssize_t fs_config_generate(char* buffer, size_t length, const struct fs_path_config* pc) {
|
|
|
|
|
struct fs_path_config_from_file* p = (struct fs_path_config_from_file*)buffer;
|
2015-04-01 20:02:00 +02:00
|
|
|
size_t len = ALIGN(sizeof(*p) + strlen(pc->prefix) + 1, sizeof(uint64_t));
|
|
|
|
|
|
|
|
|
|
if ((length < len) || (len > UINT16_MAX)) {
|
|
|
|
|
return -ENOSPC;
|
|
|
|
|
}
|
|
|
|
|
memset(p, 0, len);
|
|
|
|
|
uint16_t host_len = len;
|
2017-03-20 16:15:40 +01:00
|
|
|
p->len = get2LE((const uint8_t*)&host_len);
|
|
|
|
|
p->mode = get2LE((const uint8_t*)&(pc->mode));
|
|
|
|
|
p->uid = get2LE((const uint8_t*)&(pc->uid));
|
|
|
|
|
p->gid = get2LE((const uint8_t*)&(pc->gid));
|
|
|
|
|
p->capabilities = get8LE((const uint8_t*)&(pc->capabilities));
|
2015-04-01 20:02:00 +02:00
|
|
|
strcpy(p->prefix, pc->prefix);
|
|
|
|
|
return len;
|
|
|
|
|
}
|
