Commit graph

14 commits

Author SHA1 Message Date
Jorge Lucangeli Obes
e157b253d4 Fix sdcard logging.
Use C++ logging for everything.

Bug: 30222003
Change-Id: I5c5d85102b01df6965a515b59aa275ac85f50f00
2016-07-26 16:52:48 -04:00
Jorge Lucangeli Obes
c96f53e2fe Use Minijail for privilege dropping.
Having so many copies of privilege-dropping code leads to errors.
De-duplicate this code and use Minijail for it.

Bug: 30156807

Change-Id: I36c85962b913a12efe5648a23cbacc5bcbb3853c
2016-07-15 10:16:59 -04:00
Treehugger Robot
a17427cb1e Merge "Convert fuse.c to C++." 2016-07-14 19:42:32 +00:00
Jorge Lucangeli Obes
c9e1710acc Use C++ logging in sdcard.cpp.
This gets rid of a bunch of "strerror(errno)" bits.
Will convert fuse.cpp after
https://android-review.googlesource.com/#/c/247780 lands.

Bug: 30110940

Change-Id: Iacefe5b6519b217ed687c709763fe5827b3b0b59
2016-07-14 10:06:34 -04:00
Jorge Lucangeli Obes
f08ba05581 Convert fuse.c to C++.
Fix string literals and cast void* appropriately. Alternatively, we
could switch some of the allocations to new/delete, but we would need
to make sure that none of those end up passed to other code that will
call free(3) on them.

Bug: 30110940
Change-Id: I6f39df65cd960930530e5a1f8420a28d50adc25d
2016-07-14 10:03:22 -04:00
Jorge Lucangeli Obes
c255f25ccb Extract the FUSE implementation from the main sdcard.c file.
sdcard.c is a *really* big file. This makes it hard to do things like
improving priv dropping or adding more sandboxing. Extract all
FUSE-related code to a separate unit, fuse.{h|c}, which exports only
two functions. Convert the rest of sdcard.c to C++ as sdcard.cpp.
fuse.c is kept as C (at least for now) since interacting with the FUSE
API is realistically easier from C.

Bug: 30110940

Change-Id: I188bfdc21c184742117e07539adb09090d4d747c
2016-07-13 10:57:29 -04:00
Daniel Micay
83c0c7b2ab enable integer sanitizer for sdcard service
The previous false positive fix (df9c4a01) is enough to pass tests, and
it doesn't appear that there are any remaining issues.

Change-Id: Ib9812f1201ff0cd2ae8c8371737754fc328765b5
2016-05-05 16:03:32 -04:00
Dimitry Ivanov
3042d6d040 Add dependency on liblog
Bug: http://b/27171986
Change-Id: I4af3b4b9f17972327b926ad9ee0d03672d1d4a64
2016-02-12 14:56:40 -08:00
William Roberts
e509980542 sdcard: use libpackageparser
Switch from the internal packages.list file parser
implementation to a common parser library.

See Change-Id: I87a406802f95d8e7bfd8ee85f723f80e9e6b6c0c
for all of the details.

Change-Id: I98924dce406b322e0d402bca7fdac51f6a1e6a4b
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2015-10-22 22:52:35 +00:00
Elliott Hughes
f184f54466 sdcard doesn't need to explicitly ask for libc!
Change-Id: I110063f39b02da979f97d29e9cb4f5b295de0311
2015-03-16 20:12:58 -07:00
Mark Salyzyn
676ffd54cb sdcard: Turn on -Werror
Change-Id: I40fce5a69a898e79542aa7688d077ff7bc40ed4f
2014-05-21 12:58:38 -07:00
Jeff Sharkey
dfe0cbab3f Richer SD card permissions through FUSE.
Changes the FUSE daemon to synthesize an Android-specific set of
filesystem permissions, even when the underlying media storage is
permissionless.  This is designed to support several features:

First, apps can access their own files in /Android/data/com.example/
without requiring any external storage permissions.  This is enabled
by allowing o+x on parent directories, and assigning the UID owner
based on the directory name (package name).  The mapping from package
to appId is parsed from packages.list, which is updated when apps are
added/removed.  Changes are observed through inotify.  It creates
missing package name directories when requested and valid.

Second, support for separate permissions for photos and audio/video
content on the device through new GIDs which are assigned based on
top-level directory names.

Finally, support for multi-user separation on the same physical media
through new /Android/user/ directory, which will be bind-mounted
into place.  It recursively applies the above rules to each secondary
user.

rwxrwx--x root:sdcard_rw     /
rwxrwx--- root:sdcard_pics   /Pictures
rwxrwx--- root:sdcard_av     /Music

rwxrwx--x root:sdcard_rw     /Android
rwxrwx--x root:sdcard_rw     /Android/data
rwxrwx--- u0_a12:sdcard_rw   /Android/data/com.example
rwxrwx--x root:sdcard_rw     /Android/obb/
rwxrwx--- u0_a12:sdcard_rw   /Android/obb/com.example

rwxrwx--- root:sdcard_all    /Android/user
rwxrwx--x root:sdcard_rw     /Android/user/10
rwxrwx--- u10_a12:sdcard_rw  /Android/user/10/Android/data/com.example

These derived permissions are disabled by default.  Switched option
parsing to getopt().

Change-Id: I21bf5d79d13f0f07a6a116122b16395f4f97505b
2013-08-08 17:26:41 -07:00
Jeff Brown
6249b9009f Make sdcard daemon multi-threaded.
The essential idea here is that a handler thread only needs to
hold a lock on the global node table while it is manipulating
nodes.  The actual I/O operation is then performed without
holding any locks.

By default, we use 2 threads but this can be configured on the
command-line.  Work is sheduled somewhat arbitrarily by the
handler threads.  Whichever thread happens to read() the next
request first wins the right process it.  This policy is very
simple but potentially wastes threads when there isn't much
work to be done.  We can always improve this later if needed.

Change-Id: Id27a27c2c9b40d4f8e35a6bef9dd84f0dfacf337
2012-06-04 13:15:04 -07:00
Brian Swetland
03ee9479a4 sdcard: a program to create a "virtual" /sdcard pointed at a path
sdcard is a program that uses FUSE to emulate FAT-on-sdcard style
directory permissions (all files are given fixed owner, group, and
permissions at creation, owner, group, and permissions are not
changeable, symlinks and hardlinks are not createable, etc.

usage: sdcard <path> <uid> <gid>

It must be run as root, but will change to uid/gid as soon as it
mounts a filesystem on /sdcard.  It will refuse to run if uid or
gid are zero.

Change-Id: I9a5d2e5daaebeee632f8470172cbb77b7fa689f8
Signed-off-by: Brian Swetland <swetland@google.com>
2010-08-12 18:01:08 -07:00