2015-03-03 06:01:40 +01:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2015 The Android Open Source Project
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "Utils.h"
|
2017-10-20 17:07:53 +02:00
|
|
|
|
2015-03-03 06:01:40 +01:00
|
|
|
#include "Process.h"
|
2017-10-20 17:07:53 +02:00
|
|
|
#include "sehandle.h"
|
2015-03-03 06:01:40 +01:00
|
|
|
|
2015-12-05 00:50:53 +01:00
|
|
|
#include <android-base/file.h>
|
|
|
|
#include <android-base/logging.h>
|
2017-06-16 02:13:56 +02:00
|
|
|
#include <android-base/properties.h>
|
2017-10-07 02:02:53 +02:00
|
|
|
#include <android-base/strings.h>
|
2015-12-05 00:50:53 +01:00
|
|
|
#include <android-base/stringprintf.h>
|
2015-03-03 06:01:40 +01:00
|
|
|
#include <cutils/fs.h>
|
2015-03-31 19:35:33 +02:00
|
|
|
#include <logwrap/logwrap.h>
|
2017-06-16 02:13:56 +02:00
|
|
|
#include <private/android_filesystem_config.h>
|
2015-03-03 06:01:40 +01:00
|
|
|
|
2015-04-09 06:07:21 +02:00
|
|
|
#include <mutex>
|
2015-04-25 01:00:03 +02:00
|
|
|
#include <dirent.h>
|
2015-03-03 06:01:40 +01:00
|
|
|
#include <fcntl.h>
|
|
|
|
#include <linux/fs.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <sys/mount.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/stat.h>
|
2017-05-18 18:08:24 +02:00
|
|
|
#include <sys/sysmacros.h>
|
2015-03-03 06:01:40 +01:00
|
|
|
#include <sys/wait.h>
|
2015-04-25 01:00:03 +02:00
|
|
|
#include <sys/statvfs.h>
|
2015-03-03 06:01:40 +01:00
|
|
|
|
|
|
|
#ifndef UMOUNT_NOFOLLOW
|
|
|
|
#define UMOUNT_NOFOLLOW 0x00000008 /* Don't follow symlink on umount */
|
|
|
|
#endif
|
|
|
|
|
2015-05-22 07:35:42 +02:00
|
|
|
using android::base::ReadFileToString;
|
2015-03-31 19:35:33 +02:00
|
|
|
using android::base::StringPrintf;
|
|
|
|
|
2015-03-03 06:01:40 +01:00
|
|
|
namespace android {
|
|
|
|
namespace vold {
|
|
|
|
|
2015-04-01 20:54:32 +02:00
|
|
|
security_context_t sBlkidContext = nullptr;
|
|
|
|
security_context_t sBlkidUntrustedContext = nullptr;
|
|
|
|
security_context_t sFsckContext = nullptr;
|
|
|
|
security_context_t sFsckUntrustedContext = nullptr;
|
|
|
|
|
2017-10-20 17:07:53 +02:00
|
|
|
bool sSleepOnUnmount = true;
|
|
|
|
|
2015-03-31 19:35:33 +02:00
|
|
|
static const char* kBlkidPath = "/system/bin/blkid";
|
2015-06-18 23:25:08 +02:00
|
|
|
static const char* kKeyPath = "/data/misc/vold";
|
2015-03-31 19:35:33 +02:00
|
|
|
|
2015-05-22 07:35:42 +02:00
|
|
|
static const char* kProcFilesystems = "/proc/filesystems";
|
|
|
|
|
2017-10-19 01:02:21 +02:00
|
|
|
// Lock used to protect process-level SELinux changes from racing with each
|
|
|
|
// other between multiple threads.
|
|
|
|
static std::mutex kSecurityLock;
|
|
|
|
|
2015-03-03 06:01:40 +01:00
|
|
|
status_t CreateDeviceNode(const std::string& path, dev_t dev) {
|
2017-10-19 01:02:21 +02:00
|
|
|
std::lock_guard<std::mutex> lock(kSecurityLock);
|
2015-03-03 06:01:40 +01:00
|
|
|
const char* cpath = path.c_str();
|
|
|
|
status_t res = 0;
|
|
|
|
|
|
|
|
char* secontext = nullptr;
|
|
|
|
if (sehandle) {
|
|
|
|
if (!selabel_lookup(sehandle, &secontext, cpath, S_IFBLK)) {
|
|
|
|
setfscreatecon(secontext);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
mode_t mode = 0660 | S_IFBLK;
|
|
|
|
if (mknod(cpath, mode, dev) < 0) {
|
|
|
|
if (errno != EEXIST) {
|
2015-03-14 00:09:20 +01:00
|
|
|
PLOG(ERROR) << "Failed to create device node for " << major(dev)
|
|
|
|
<< ":" << minor(dev) << " at " << path;
|
2015-03-03 06:01:40 +01:00
|
|
|
res = -errno;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (secontext) {
|
|
|
|
setfscreatecon(nullptr);
|
|
|
|
freecon(secontext);
|
|
|
|
}
|
|
|
|
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
|
|
|
status_t DestroyDeviceNode(const std::string& path) {
|
|
|
|
const char* cpath = path.c_str();
|
|
|
|
if (TEMP_FAILURE_RETRY(unlink(cpath))) {
|
|
|
|
return -errno;
|
|
|
|
} else {
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-04-06 23:08:45 +02:00
|
|
|
status_t PrepareDir(const std::string& path, mode_t mode, uid_t uid, gid_t gid) {
|
2017-10-19 01:02:21 +02:00
|
|
|
std::lock_guard<std::mutex> lock(kSecurityLock);
|
2015-04-06 23:08:45 +02:00
|
|
|
const char* cpath = path.c_str();
|
|
|
|
|
|
|
|
char* secontext = nullptr;
|
|
|
|
if (sehandle) {
|
|
|
|
if (!selabel_lookup(sehandle, &secontext, cpath, S_IFDIR)) {
|
|
|
|
setfscreatecon(secontext);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int res = fs_prepare_dir(cpath, mode, uid, gid);
|
|
|
|
|
|
|
|
if (secontext) {
|
|
|
|
setfscreatecon(nullptr);
|
|
|
|
freecon(secontext);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (res == 0) {
|
|
|
|
return OK;
|
|
|
|
} else {
|
|
|
|
return -errno;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-03-03 06:01:40 +01:00
|
|
|
status_t ForceUnmount(const std::string& path) {
|
|
|
|
const char* cpath = path.c_str();
|
|
|
|
if (!umount2(cpath, UMOUNT_NOFOLLOW) || errno == EINVAL || errno == ENOENT) {
|
|
|
|
return OK;
|
|
|
|
}
|
2015-10-21 21:16:12 +02:00
|
|
|
// Apps might still be handling eject request, so wait before
|
|
|
|
// we start sending signals
|
2017-10-20 17:07:53 +02:00
|
|
|
if (sSleepOnUnmount) sleep(5);
|
2015-04-09 06:07:21 +02:00
|
|
|
|
2017-10-07 02:02:53 +02:00
|
|
|
KillProcessesWithOpenFiles(path, SIGINT);
|
2017-10-20 17:07:53 +02:00
|
|
|
if (sSleepOnUnmount) sleep(5);
|
2015-04-09 06:07:21 +02:00
|
|
|
if (!umount2(cpath, UMOUNT_NOFOLLOW) || errno == EINVAL || errno == ENOENT) {
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
2017-10-07 02:02:53 +02:00
|
|
|
KillProcessesWithOpenFiles(path, SIGTERM);
|
2017-10-20 17:07:53 +02:00
|
|
|
if (sSleepOnUnmount) sleep(5);
|
2015-03-03 06:01:40 +01:00
|
|
|
if (!umount2(cpath, UMOUNT_NOFOLLOW) || errno == EINVAL || errno == ENOENT) {
|
|
|
|
return OK;
|
|
|
|
}
|
2015-04-06 23:08:45 +02:00
|
|
|
|
2017-10-07 02:02:53 +02:00
|
|
|
KillProcessesWithOpenFiles(path, SIGKILL);
|
2017-10-20 17:07:53 +02:00
|
|
|
if (sSleepOnUnmount) sleep(5);
|
2015-03-03 06:01:40 +01:00
|
|
|
if (!umount2(cpath, UMOUNT_NOFOLLOW) || errno == EINVAL || errno == ENOENT) {
|
|
|
|
return OK;
|
|
|
|
}
|
2015-04-06 23:08:45 +02:00
|
|
|
|
2015-03-03 06:01:40 +01:00
|
|
|
return -errno;
|
|
|
|
}
|
|
|
|
|
2015-10-21 21:16:12 +02:00
|
|
|
status_t KillProcessesUsingPath(const std::string& path) {
|
2017-10-07 02:02:53 +02:00
|
|
|
if (KillProcessesWithOpenFiles(path, SIGINT) == 0) {
|
2015-10-21 21:16:12 +02:00
|
|
|
return OK;
|
|
|
|
}
|
2017-10-20 17:07:53 +02:00
|
|
|
if (sSleepOnUnmount) sleep(5);
|
2015-10-21 21:16:12 +02:00
|
|
|
|
2017-10-07 02:02:53 +02:00
|
|
|
if (KillProcessesWithOpenFiles(path, SIGTERM) == 0) {
|
2015-10-21 21:16:12 +02:00
|
|
|
return OK;
|
|
|
|
}
|
2017-10-20 17:07:53 +02:00
|
|
|
if (sSleepOnUnmount) sleep(5);
|
2015-10-21 21:16:12 +02:00
|
|
|
|
2017-10-07 02:02:53 +02:00
|
|
|
if (KillProcessesWithOpenFiles(path, SIGKILL) == 0) {
|
2015-10-21 21:16:12 +02:00
|
|
|
return OK;
|
|
|
|
}
|
2017-10-20 17:07:53 +02:00
|
|
|
if (sSleepOnUnmount) sleep(5);
|
2015-10-21 21:16:12 +02:00
|
|
|
|
|
|
|
// Send SIGKILL a second time to determine if we've
|
|
|
|
// actually killed everyone with open files
|
2017-10-07 02:02:53 +02:00
|
|
|
if (KillProcessesWithOpenFiles(path, SIGKILL) == 0) {
|
2015-10-21 21:16:12 +02:00
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
PLOG(ERROR) << "Failed to kill processes using " << path;
|
|
|
|
return -EBUSY;
|
|
|
|
}
|
|
|
|
|
2015-03-14 00:09:20 +01:00
|
|
|
status_t BindMount(const std::string& source, const std::string& target) {
|
|
|
|
if (::mount(source.c_str(), target.c_str(), "", MS_BIND, NULL)) {
|
|
|
|
PLOG(ERROR) << "Failed to bind mount " << source << " to " << target;
|
|
|
|
return -errno;
|
|
|
|
}
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
2017-10-07 02:02:53 +02:00
|
|
|
bool FindValue(const std::string& raw, const std::string& key, std::string* value) {
|
|
|
|
auto qual = key + "=\"";
|
|
|
|
auto start = raw.find(qual);
|
|
|
|
if (start > 0 && raw[start - 1] != ' ') {
|
|
|
|
start = raw.find(qual, start + 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (start == std::string::npos) return false;
|
|
|
|
start += qual.length();
|
|
|
|
|
|
|
|
auto end = raw.find("\"", start);
|
|
|
|
if (end == std::string::npos) return false;
|
|
|
|
|
|
|
|
*value = raw.substr(start, end - start);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static status_t readMetadata(const std::string& path, std::string* fsType,
|
|
|
|
std::string* fsUuid, std::string* fsLabel, bool untrusted) {
|
|
|
|
fsType->clear();
|
|
|
|
fsUuid->clear();
|
|
|
|
fsLabel->clear();
|
2015-03-31 19:35:33 +02:00
|
|
|
|
2015-04-09 06:07:21 +02:00
|
|
|
std::vector<std::string> cmd;
|
|
|
|
cmd.push_back(kBlkidPath);
|
|
|
|
cmd.push_back("-c");
|
|
|
|
cmd.push_back("/dev/null");
|
2015-08-13 01:04:35 +02:00
|
|
|
cmd.push_back("-s");
|
|
|
|
cmd.push_back("TYPE");
|
|
|
|
cmd.push_back("-s");
|
|
|
|
cmd.push_back("UUID");
|
|
|
|
cmd.push_back("-s");
|
|
|
|
cmd.push_back("LABEL");
|
2015-04-09 06:07:21 +02:00
|
|
|
cmd.push_back(path);
|
|
|
|
|
|
|
|
std::vector<std::string> output;
|
|
|
|
status_t res = ForkExecvp(cmd, output, untrusted ? sBlkidUntrustedContext : sBlkidContext);
|
|
|
|
if (res != OK) {
|
|
|
|
LOG(WARNING) << "blkid failed to identify " << path;
|
|
|
|
return res;
|
2015-03-31 19:35:33 +02:00
|
|
|
}
|
|
|
|
|
2016-07-27 23:11:02 +02:00
|
|
|
for (const auto& line : output) {
|
2015-03-31 19:35:33 +02:00
|
|
|
// Extract values from blkid output, if defined
|
2017-10-07 02:02:53 +02:00
|
|
|
FindValue(line, "TYPE", fsType);
|
|
|
|
FindValue(line, "UUID", fsUuid);
|
|
|
|
FindValue(line, "LABEL", fsLabel);
|
2015-03-31 19:35:33 +02:00
|
|
|
}
|
|
|
|
|
2015-04-09 06:07:21 +02:00
|
|
|
return OK;
|
2015-03-31 19:35:33 +02:00
|
|
|
}
|
|
|
|
|
2017-10-07 02:02:53 +02:00
|
|
|
status_t ReadMetadata(const std::string& path, std::string* fsType,
|
|
|
|
std::string* fsUuid, std::string* fsLabel) {
|
2015-04-01 20:54:32 +02:00
|
|
|
return readMetadata(path, fsType, fsUuid, fsLabel, false);
|
|
|
|
}
|
|
|
|
|
2017-10-07 02:02:53 +02:00
|
|
|
status_t ReadMetadataUntrusted(const std::string& path, std::string* fsType,
|
|
|
|
std::string* fsUuid, std::string* fsLabel) {
|
2015-04-01 20:54:32 +02:00
|
|
|
return readMetadata(path, fsType, fsUuid, fsLabel, true);
|
|
|
|
}
|
|
|
|
|
2015-04-09 06:07:21 +02:00
|
|
|
status_t ForkExecvp(const std::vector<std::string>& args) {
|
|
|
|
return ForkExecvp(args, nullptr);
|
|
|
|
}
|
|
|
|
|
|
|
|
status_t ForkExecvp(const std::vector<std::string>& args, security_context_t context) {
|
2017-10-19 01:02:21 +02:00
|
|
|
std::lock_guard<std::mutex> lock(kSecurityLock);
|
2015-04-09 06:07:21 +02:00
|
|
|
size_t argc = args.size();
|
2015-03-31 19:35:33 +02:00
|
|
|
char** argv = (char**) calloc(argc, sizeof(char*));
|
2015-04-09 06:07:21 +02:00
|
|
|
for (size_t i = 0; i < argc; i++) {
|
2015-03-31 19:35:33 +02:00
|
|
|
argv[i] = (char*) args[i].c_str();
|
|
|
|
if (i == 0) {
|
|
|
|
LOG(VERBOSE) << args[i];
|
|
|
|
} else {
|
|
|
|
LOG(VERBOSE) << " " << args[i];
|
|
|
|
}
|
|
|
|
}
|
2015-04-09 06:07:21 +02:00
|
|
|
|
2017-10-20 17:17:54 +02:00
|
|
|
if (context) {
|
|
|
|
if (setexeccon(context)) {
|
|
|
|
LOG(ERROR) << "Failed to setexeccon";
|
|
|
|
abort();
|
|
|
|
}
|
2015-04-25 01:00:03 +02:00
|
|
|
}
|
|
|
|
status_t res = android_fork_execvp(argc, argv, NULL, false, true);
|
2017-10-20 17:17:54 +02:00
|
|
|
if (context) {
|
|
|
|
if (setexeccon(nullptr)) {
|
|
|
|
LOG(ERROR) << "Failed to setexeccon";
|
|
|
|
abort();
|
|
|
|
}
|
2015-04-09 06:07:21 +02:00
|
|
|
}
|
2015-04-25 01:00:03 +02:00
|
|
|
|
2015-03-31 19:35:33 +02:00
|
|
|
free(argv);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
2015-04-09 06:07:21 +02:00
|
|
|
status_t ForkExecvp(const std::vector<std::string>& args,
|
|
|
|
std::vector<std::string>& output) {
|
|
|
|
return ForkExecvp(args, output, nullptr);
|
|
|
|
}
|
|
|
|
|
|
|
|
status_t ForkExecvp(const std::vector<std::string>& args,
|
|
|
|
std::vector<std::string>& output, security_context_t context) {
|
2017-10-19 01:02:21 +02:00
|
|
|
std::lock_guard<std::mutex> lock(kSecurityLock);
|
2015-04-09 06:07:21 +02:00
|
|
|
std::string cmd;
|
|
|
|
for (size_t i = 0; i < args.size(); i++) {
|
|
|
|
cmd += args[i] + " ";
|
|
|
|
if (i == 0) {
|
|
|
|
LOG(VERBOSE) << args[i];
|
|
|
|
} else {
|
|
|
|
LOG(VERBOSE) << " " << args[i];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
output.clear();
|
|
|
|
|
2017-10-20 17:17:54 +02:00
|
|
|
if (context) {
|
|
|
|
if (setexeccon(context)) {
|
|
|
|
LOG(ERROR) << "Failed to setexeccon";
|
|
|
|
abort();
|
|
|
|
}
|
2015-04-25 01:00:03 +02:00
|
|
|
}
|
2017-03-28 00:18:50 +02:00
|
|
|
FILE* fp = popen(cmd.c_str(), "r"); // NOLINT
|
2017-10-20 17:17:54 +02:00
|
|
|
if (context) {
|
|
|
|
if (setexeccon(nullptr)) {
|
|
|
|
LOG(ERROR) << "Failed to setexeccon";
|
|
|
|
abort();
|
|
|
|
}
|
2015-04-09 06:07:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!fp) {
|
|
|
|
PLOG(ERROR) << "Failed to popen " << cmd;
|
|
|
|
return -errno;
|
|
|
|
}
|
|
|
|
char line[1024];
|
|
|
|
while (fgets(line, sizeof(line), fp) != nullptr) {
|
|
|
|
LOG(VERBOSE) << line;
|
|
|
|
output.push_back(std::string(line));
|
|
|
|
}
|
|
|
|
if (pclose(fp) != 0) {
|
|
|
|
PLOG(ERROR) << "Failed to pclose " << cmd;
|
|
|
|
return -errno;
|
|
|
|
}
|
|
|
|
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
2015-04-25 01:00:03 +02:00
|
|
|
pid_t ForkExecvpAsync(const std::vector<std::string>& args) {
|
|
|
|
size_t argc = args.size();
|
|
|
|
char** argv = (char**) calloc(argc + 1, sizeof(char*));
|
|
|
|
for (size_t i = 0; i < argc; i++) {
|
|
|
|
argv[i] = (char*) args[i].c_str();
|
|
|
|
if (i == 0) {
|
|
|
|
LOG(VERBOSE) << args[i];
|
|
|
|
} else {
|
|
|
|
LOG(VERBOSE) << " " << args[i];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pid_t pid = fork();
|
|
|
|
if (pid == 0) {
|
|
|
|
close(STDIN_FILENO);
|
|
|
|
close(STDOUT_FILENO);
|
|
|
|
close(STDERR_FILENO);
|
|
|
|
|
|
|
|
if (execvp(argv[0], argv)) {
|
|
|
|
PLOG(ERROR) << "Failed to exec";
|
|
|
|
}
|
|
|
|
|
|
|
|
_exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (pid == -1) {
|
|
|
|
PLOG(ERROR) << "Failed to exec";
|
|
|
|
}
|
|
|
|
|
|
|
|
free(argv);
|
|
|
|
return pid;
|
|
|
|
}
|
|
|
|
|
2015-03-31 19:35:33 +02:00
|
|
|
status_t ReadRandomBytes(size_t bytes, std::string& out) {
|
2017-08-01 18:15:53 +02:00
|
|
|
out.resize(bytes);
|
|
|
|
return ReadRandomBytes(bytes, &out[0]);
|
|
|
|
}
|
2015-03-31 19:35:33 +02:00
|
|
|
|
2017-08-01 18:15:53 +02:00
|
|
|
status_t ReadRandomBytes(size_t bytes, char* buf) {
|
2015-03-31 19:35:33 +02:00
|
|
|
int fd = TEMP_FAILURE_RETRY(open("/dev/urandom", O_RDONLY | O_CLOEXEC | O_NOFOLLOW));
|
|
|
|
if (fd == -1) {
|
|
|
|
return -errno;
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t n;
|
2017-08-01 18:15:53 +02:00
|
|
|
while ((n = TEMP_FAILURE_RETRY(read(fd, &buf[0], bytes))) > 0) {
|
2015-03-31 19:35:33 +02:00
|
|
|
bytes -= n;
|
2017-08-01 18:15:53 +02:00
|
|
|
buf += n;
|
2015-03-31 19:35:33 +02:00
|
|
|
}
|
2015-05-16 03:34:24 +02:00
|
|
|
close(fd);
|
2015-03-31 19:35:33 +02:00
|
|
|
|
|
|
|
if (bytes == 0) {
|
|
|
|
return OK;
|
|
|
|
} else {
|
|
|
|
return -EIO;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Progress towards FBE and adoptable storage.
Offer to adopt storage devices on FBE devices, but keep it guarded
behind a system property for now, since we still need to work out key
storage details.
When migrating shared storage, leave user-specific /data/media
directories in place, since they already have the needed crypto
policies defined.
Enable journaling, quotas, and encrypt options when formatting
newly adopted devices. installd already gracefully handles older
partitions without quota enabled.
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 62290006, 36757864, 29117062, 37395736
Bug: 29923055, 25861755, 30230655, 37436961
Change-Id: Ibbeb6ec9db2394a279bbac221a2b20711d65494e
2017-06-21 21:52:23 +02:00
|
|
|
status_t GenerateRandomUuid(std::string& out) {
|
|
|
|
status_t res = ReadRandomBytes(16, out);
|
|
|
|
if (res == OK) {
|
|
|
|
out[6] &= 0x0f; /* clear version */
|
|
|
|
out[6] |= 0x40; /* set to version 4 */
|
|
|
|
out[8] &= 0x3f; /* clear variant */
|
|
|
|
out[8] |= 0x80; /* set to IETF variant */
|
|
|
|
}
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
2015-03-31 19:35:33 +02:00
|
|
|
status_t HexToStr(const std::string& hex, std::string& str) {
|
|
|
|
str.clear();
|
|
|
|
bool even = true;
|
|
|
|
char cur = 0;
|
|
|
|
for (size_t i = 0; i < hex.size(); i++) {
|
|
|
|
int val = 0;
|
|
|
|
switch (hex[i]) {
|
|
|
|
case ' ': case '-': case ':': continue;
|
|
|
|
case 'f': case 'F': val = 15; break;
|
|
|
|
case 'e': case 'E': val = 14; break;
|
|
|
|
case 'd': case 'D': val = 13; break;
|
|
|
|
case 'c': case 'C': val = 12; break;
|
|
|
|
case 'b': case 'B': val = 11; break;
|
|
|
|
case 'a': case 'A': val = 10; break;
|
|
|
|
case '9': val = 9; break;
|
|
|
|
case '8': val = 8; break;
|
|
|
|
case '7': val = 7; break;
|
|
|
|
case '6': val = 6; break;
|
|
|
|
case '5': val = 5; break;
|
|
|
|
case '4': val = 4; break;
|
|
|
|
case '3': val = 3; break;
|
|
|
|
case '2': val = 2; break;
|
|
|
|
case '1': val = 1; break;
|
|
|
|
case '0': val = 0; break;
|
|
|
|
default: return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (even) {
|
|
|
|
cur = val << 4;
|
|
|
|
} else {
|
|
|
|
cur += val;
|
|
|
|
str.push_back(cur);
|
|
|
|
cur = 0;
|
|
|
|
}
|
|
|
|
even = !even;
|
|
|
|
}
|
|
|
|
return even ? OK : -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static const char* kLookup = "0123456789abcdef";
|
|
|
|
|
|
|
|
status_t StrToHex(const std::string& str, std::string& hex) {
|
|
|
|
hex.clear();
|
|
|
|
for (size_t i = 0; i < str.size(); i++) {
|
2015-04-30 00:57:48 +02:00
|
|
|
hex.push_back(kLookup[(str[i] & 0xF0) >> 4]);
|
2015-03-31 19:35:33 +02:00
|
|
|
hex.push_back(kLookup[str[i] & 0x0F]);
|
|
|
|
}
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
2017-08-01 18:15:53 +02:00
|
|
|
status_t StrToHex(const KeyBuffer& str, KeyBuffer& hex) {
|
|
|
|
hex.clear();
|
|
|
|
for (size_t i = 0; i < str.size(); i++) {
|
|
|
|
hex.push_back(kLookup[(str.data()[i] & 0xF0) >> 4]);
|
|
|
|
hex.push_back(kLookup[str.data()[i] & 0x0F]);
|
|
|
|
}
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
2015-06-18 23:25:08 +02:00
|
|
|
status_t NormalizeHex(const std::string& in, std::string& out) {
|
|
|
|
std::string tmp;
|
|
|
|
if (HexToStr(in, tmp)) {
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
return StrToHex(tmp, out);
|
|
|
|
}
|
|
|
|
|
2015-04-25 01:00:03 +02:00
|
|
|
uint64_t GetFreeBytes(const std::string& path) {
|
|
|
|
struct statvfs sb;
|
|
|
|
if (statvfs(path.c_str(), &sb) == 0) {
|
2017-04-04 01:11:45 +02:00
|
|
|
return (uint64_t) sb.f_bavail * sb.f_frsize;
|
2015-04-25 01:00:03 +02:00
|
|
|
} else {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO: borrowed from frameworks/native/libs/diskusage/ which should
|
|
|
|
// eventually be migrated into system/
|
|
|
|
static int64_t stat_size(struct stat *s) {
|
|
|
|
int64_t blksize = s->st_blksize;
|
|
|
|
// count actual blocks used instead of nominal file size
|
|
|
|
int64_t size = s->st_blocks * 512;
|
|
|
|
|
|
|
|
if (blksize) {
|
|
|
|
/* round up to filesystem block size */
|
|
|
|
size = (size + blksize - 1) & (~(blksize - 1));
|
|
|
|
}
|
|
|
|
|
|
|
|
return size;
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO: borrowed from frameworks/native/libs/diskusage/ which should
|
|
|
|
// eventually be migrated into system/
|
|
|
|
int64_t calculate_dir_size(int dfd) {
|
|
|
|
int64_t size = 0;
|
|
|
|
struct stat s;
|
|
|
|
DIR *d;
|
|
|
|
struct dirent *de;
|
|
|
|
|
|
|
|
d = fdopendir(dfd);
|
|
|
|
if (d == NULL) {
|
|
|
|
close(dfd);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
while ((de = readdir(d))) {
|
|
|
|
const char *name = de->d_name;
|
|
|
|
if (fstatat(dfd, name, &s, AT_SYMLINK_NOFOLLOW) == 0) {
|
|
|
|
size += stat_size(&s);
|
|
|
|
}
|
|
|
|
if (de->d_type == DT_DIR) {
|
|
|
|
int subfd;
|
|
|
|
|
|
|
|
/* always skip "." and ".." */
|
|
|
|
if (name[0] == '.') {
|
|
|
|
if (name[1] == 0)
|
|
|
|
continue;
|
|
|
|
if ((name[1] == '.') && (name[2] == 0))
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2017-03-27 18:49:21 +02:00
|
|
|
subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
|
2015-04-25 01:00:03 +02:00
|
|
|
if (subfd >= 0) {
|
|
|
|
size += calculate_dir_size(subfd);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
closedir(d);
|
|
|
|
return size;
|
|
|
|
}
|
|
|
|
|
|
|
|
uint64_t GetTreeBytes(const std::string& path) {
|
2017-03-27 18:49:21 +02:00
|
|
|
int dirfd = open(path.c_str(), O_RDONLY | O_DIRECTORY | O_CLOEXEC);
|
2015-04-25 01:00:03 +02:00
|
|
|
if (dirfd < 0) {
|
|
|
|
PLOG(WARNING) << "Failed to open " << path;
|
|
|
|
return -1;
|
|
|
|
} else {
|
|
|
|
uint64_t res = calculate_dir_size(dirfd);
|
|
|
|
close(dirfd);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-05-22 07:35:42 +02:00
|
|
|
bool IsFilesystemSupported(const std::string& fsType) {
|
|
|
|
std::string supported;
|
|
|
|
if (!ReadFileToString(kProcFilesystems, &supported)) {
|
|
|
|
PLOG(ERROR) << "Failed to read supported filesystems";
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return supported.find(fsType + "\n") != std::string::npos;
|
|
|
|
}
|
|
|
|
|
|
|
|
status_t WipeBlockDevice(const std::string& path) {
|
|
|
|
status_t res = -1;
|
|
|
|
const char* c_path = path.c_str();
|
|
|
|
unsigned long nr_sec = 0;
|
|
|
|
unsigned long long range[2];
|
|
|
|
|
|
|
|
int fd = TEMP_FAILURE_RETRY(open(c_path, O_RDWR | O_CLOEXEC));
|
|
|
|
if (fd == -1) {
|
|
|
|
PLOG(ERROR) << "Failed to open " << path;
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
2015-10-29 09:39:00 +01:00
|
|
|
if ((ioctl(fd, BLKGETSIZE, &nr_sec)) == -1) {
|
2015-05-22 07:35:42 +02:00
|
|
|
PLOG(ERROR) << "Failed to determine size of " << path;
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
|
|
|
range[0] = 0;
|
|
|
|
range[1] = (unsigned long long) nr_sec * 512;
|
|
|
|
|
|
|
|
LOG(INFO) << "About to discard " << range[1] << " on " << path;
|
|
|
|
if (ioctl(fd, BLKDISCARD, &range) == 0) {
|
|
|
|
LOG(INFO) << "Discard success on " << path;
|
|
|
|
res = 0;
|
|
|
|
} else {
|
|
|
|
PLOG(ERROR) << "Discard failure on " << path;
|
|
|
|
}
|
|
|
|
|
|
|
|
done:
|
|
|
|
close(fd);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
2015-11-09 02:56:23 +01:00
|
|
|
static bool isValidFilename(const std::string& name) {
|
|
|
|
if (name.empty() || (name == ".") || (name == "..")
|
|
|
|
|| (name.find('/') != std::string::npos)) {
|
|
|
|
return false;
|
|
|
|
} else {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-06-18 23:25:08 +02:00
|
|
|
std::string BuildKeyPath(const std::string& partGuid) {
|
|
|
|
return StringPrintf("%s/expand_%s.key", kKeyPath, partGuid.c_str());
|
|
|
|
}
|
|
|
|
|
2016-04-15 04:45:16 +02:00
|
|
|
std::string BuildDataSystemLegacyPath(userid_t userId) {
|
2017-10-09 19:55:21 +02:00
|
|
|
return StringPrintf("%s/system/users/%u", BuildDataPath("").c_str(), userId);
|
2016-04-15 04:45:16 +02:00
|
|
|
}
|
|
|
|
|
2015-11-09 02:56:23 +01:00
|
|
|
std::string BuildDataSystemCePath(userid_t userId) {
|
2017-10-09 19:55:21 +02:00
|
|
|
return StringPrintf("%s/system_ce/%u", BuildDataPath("").c_str(), userId);
|
2016-02-02 01:02:29 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
std::string BuildDataSystemDePath(userid_t userId) {
|
2017-10-09 19:55:21 +02:00
|
|
|
return StringPrintf("%s/system_de/%u", BuildDataPath("").c_str(), userId);
|
2016-02-02 01:02:29 +01:00
|
|
|
}
|
|
|
|
|
2016-04-15 04:45:16 +02:00
|
|
|
std::string BuildDataMiscLegacyPath(userid_t userId) {
|
2017-10-09 19:55:21 +02:00
|
|
|
return StringPrintf("%s/misc/user/%u", BuildDataPath("").c_str(), userId);
|
2016-04-15 04:45:16 +02:00
|
|
|
}
|
|
|
|
|
2016-02-02 01:02:29 +01:00
|
|
|
std::string BuildDataMiscCePath(userid_t userId) {
|
2017-10-09 19:55:21 +02:00
|
|
|
return StringPrintf("%s/misc_ce/%u", BuildDataPath("").c_str(), userId);
|
2016-02-02 01:02:29 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
std::string BuildDataMiscDePath(userid_t userId) {
|
2017-10-09 19:55:21 +02:00
|
|
|
return StringPrintf("%s/misc_de/%u", BuildDataPath("").c_str(), userId);
|
2015-11-09 02:56:23 +01:00
|
|
|
}
|
|
|
|
|
2016-02-17 21:14:46 +01:00
|
|
|
// Keep in sync with installd (frameworks/native/cmds/installd/utils.h)
|
|
|
|
std::string BuildDataProfilesDePath(userid_t userId) {
|
2017-10-09 19:55:21 +02:00
|
|
|
return StringPrintf("%s/misc/profiles/cur/%u", BuildDataPath("").c_str(), userId);
|
2016-02-17 21:14:46 +01:00
|
|
|
}
|
|
|
|
|
2017-10-09 19:55:21 +02:00
|
|
|
std::string BuildDataPath(const std::string& volumeUuid) {
|
2015-11-09 02:56:23 +01:00
|
|
|
// TODO: unify with installd path generation logic
|
2017-10-09 19:55:21 +02:00
|
|
|
if (volumeUuid.empty()) {
|
2015-11-09 02:56:23 +01:00
|
|
|
return "/data";
|
|
|
|
} else {
|
|
|
|
CHECK(isValidFilename(volumeUuid));
|
2017-10-09 19:55:21 +02:00
|
|
|
return StringPrintf("/mnt/expand/%s", volumeUuid.c_str());
|
2015-11-09 02:56:23 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-10-09 19:55:21 +02:00
|
|
|
std::string BuildDataMediaCePath(const std::string& volumeUuid, userid_t userId) {
|
2015-12-08 01:27:01 +01:00
|
|
|
// TODO: unify with installd path generation logic
|
|
|
|
std::string data(BuildDataPath(volumeUuid));
|
|
|
|
return StringPrintf("%s/media/%u", data.c_str(), userId);
|
|
|
|
}
|
|
|
|
|
2017-10-09 19:55:21 +02:00
|
|
|
std::string BuildDataUserCePath(const std::string& volumeUuid, userid_t userId) {
|
2015-11-09 02:56:23 +01:00
|
|
|
// TODO: unify with installd path generation logic
|
|
|
|
std::string data(BuildDataPath(volumeUuid));
|
2017-10-09 19:55:21 +02:00
|
|
|
if (volumeUuid.empty() && userId == 0) {
|
2017-04-11 18:09:00 +02:00
|
|
|
std::string legacy = StringPrintf("%s/data", data.c_str());
|
|
|
|
struct stat sb;
|
|
|
|
if (lstat(legacy.c_str(), &sb) == 0 && S_ISDIR(sb.st_mode)) {
|
|
|
|
/* /data/data is dir, return /data/data for legacy system */
|
|
|
|
return legacy;
|
2015-11-09 02:56:23 +01:00
|
|
|
}
|
|
|
|
}
|
2017-04-11 18:09:00 +02:00
|
|
|
return StringPrintf("%s/user/%u", data.c_str(), userId);
|
2015-11-09 02:56:23 +01:00
|
|
|
}
|
|
|
|
|
2017-10-09 19:55:21 +02:00
|
|
|
std::string BuildDataUserDePath(const std::string& volumeUuid, userid_t userId) {
|
2015-11-09 02:56:23 +01:00
|
|
|
// TODO: unify with installd path generation logic
|
|
|
|
std::string data(BuildDataPath(volumeUuid));
|
|
|
|
return StringPrintf("%s/user_de/%u", data.c_str(), userId);
|
|
|
|
}
|
|
|
|
|
2015-06-24 20:49:24 +02:00
|
|
|
dev_t GetDevice(const std::string& path) {
|
|
|
|
struct stat sb;
|
|
|
|
if (stat(path.c_str(), &sb)) {
|
|
|
|
PLOG(WARNING) << "Failed to stat " << path;
|
|
|
|
return 0;
|
|
|
|
} else {
|
|
|
|
return sb.st_dev;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-07-16 00:20:22 +02:00
|
|
|
status_t RestoreconRecursive(const std::string& path) {
|
|
|
|
LOG(VERBOSE) << "Starting restorecon of " << path;
|
|
|
|
|
2017-06-16 02:13:56 +02:00
|
|
|
static constexpr const char* kRestoreconString = "selinux.restorecon_recursive";
|
|
|
|
|
|
|
|
android::base::SetProperty(kRestoreconString, "");
|
|
|
|
android::base::SetProperty(kRestoreconString, path);
|
|
|
|
|
|
|
|
android::base::WaitForProperty(kRestoreconString, path);
|
2016-07-16 00:20:22 +02:00
|
|
|
|
|
|
|
LOG(VERBOSE) << "Finished restorecon of " << path;
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
2017-10-07 02:02:53 +02:00
|
|
|
bool Readlinkat(int dirfd, const std::string& path, std::string* result) {
|
|
|
|
// Shamelessly borrowed from android::base::Readlink()
|
|
|
|
result->clear();
|
|
|
|
|
|
|
|
// Most Linux file systems (ext2 and ext4, say) limit symbolic links to
|
|
|
|
// 4095 bytes. Since we'll copy out into the string anyway, it doesn't
|
|
|
|
// waste memory to just start there. We add 1 so that we can recognize
|
|
|
|
// whether it actually fit (rather than being truncated to 4095).
|
|
|
|
std::vector<char> buf(4095 + 1);
|
|
|
|
while (true) {
|
|
|
|
ssize_t size = readlinkat(dirfd, path.c_str(), &buf[0], buf.size());
|
|
|
|
// Unrecoverable error?
|
|
|
|
if (size == -1)
|
|
|
|
return false;
|
|
|
|
// It fit! (If size == buf.size(), it may have been truncated.)
|
|
|
|
if (static_cast<size_t>(size) < buf.size()) {
|
|
|
|
result->assign(&buf[0], size);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
// Double our buffer and try again.
|
|
|
|
buf.resize(buf.size() * 2);
|
2016-01-29 06:33:51 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-01-08 10:36:47 +01:00
|
|
|
bool IsRunningInEmulator() {
|
2017-06-16 02:13:56 +02:00
|
|
|
return android::base::GetBoolProperty("ro.kernel.qemu", false);
|
2016-01-08 10:36:47 +01:00
|
|
|
}
|
|
|
|
|
2015-03-03 06:01:40 +01:00
|
|
|
} // namespace vold
|
|
|
|
} // namespace android
|