Changes the FUSE daemon to synthesize an Android-specific set of
filesystem permissions, even when the underlying media storage is
permissionless. This is designed to support several features:
First, apps can access their own files in /Android/data/com.example/
without requiring any external storage permissions. This is enabled
by allowing o+x on parent directories, and assigning the UID owner
based on the directory name (package name). The mapping from package
to appId is parsed from packages.list, which is updated when apps are
added/removed. Changes are observed through inotify. It creates
missing package name directories when requested and valid.
Second, support for separate permissions for photos and audio/video
content on the device through new GIDs which are assigned based on
top-level directory names.
Finally, support for multi-user separation on the same physical media
through new /Android/user/ directory, which will be bind-mounted
into place. It recursively applies the above rules to each secondary
user.
rwxrwx--x root:sdcard_rw /
rwxrwx--- root:sdcard_pics /Pictures
rwxrwx--- root:sdcard_av /Music
rwxrwx--x root:sdcard_rw /Android
rwxrwx--x root:sdcard_rw /Android/data
rwxrwx--- u0_a12:sdcard_rw /Android/data/com.example
rwxrwx--x root:sdcard_rw /Android/obb/
rwxrwx--- u0_a12:sdcard_rw /Android/obb/com.example
rwxrwx--- root:sdcard_all /Android/user
rwxrwx--x root:sdcard_rw /Android/user/10
rwxrwx--- u10_a12:sdcard_rw /Android/user/10/Android/data/com.example
These derived permissions are disabled by default. Switched option
parsing to getopt().
Change-Id: I21bf5d79d13f0f07a6a116122b16395f4f97505b
The essential idea here is that a handler thread only needs to
hold a lock on the global node table while it is manipulating
nodes. The actual I/O operation is then performed without
holding any locks.
By default, we use 2 threads but this can be configured on the
command-line. Work is sheduled somewhat arbitrarily by the
handler threads. Whichever thread happens to read() the next
request first wins the right process it. This policy is very
simple but potentially wastes threads when there isn't much
work to be done. We can always improve this later if needed.
Change-Id: Id27a27c2c9b40d4f8e35a6bef9dd84f0dfacf337
sdcard is a program that uses FUSE to emulate FAT-on-sdcard style
directory permissions (all files are given fixed owner, group, and
permissions at creation, owner, group, and permissions are not
changeable, symlinks and hardlinks are not createable, etc.
usage: sdcard <path> <uid> <gid>
It must be run as root, but will change to uid/gid as soon as it
mounts a filesystem on /sdcard. It will refuse to run if uid or
gid are zero.
Change-Id: I9a5d2e5daaebeee632f8470172cbb77b7fa689f8
Signed-off-by: Brian Swetland <swetland@google.com>
