From a3e06084564c86ff618c40f185f3676b8b629b94 Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Fri, 27 Aug 2010 08:31:35 -0700 Subject: [PATCH] Allow execute on mounted ASEC and OBB containers This allows us to place shared libraries in these containers which may only be loaded if they are executable. Change-Id: I78fa9ab6d5c58ec8b98c40004da72aebc0aade2a --- Fat.cpp | 7 ++++--- Fat.h | 5 +++-- Volume.cpp | 3 ++- VolumeManager.cpp | 8 ++++---- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/Fat.cpp b/Fat.cpp index 7a86aac..4754c66 100644 --- a/Fat.cpp +++ b/Fat.cpp @@ -93,14 +93,15 @@ int Fat::check(const char *fsPath) { } int Fat::doMount(const char *fsPath, const char *mountPoint, - bool ro, bool remount, int ownerUid, int ownerGid, - int permMask, bool createLost) { + bool ro, bool remount, bool executable, + int ownerUid, int ownerGid, int permMask, bool createLost) { int rc; unsigned long flags; char mountData[255]; - flags = MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_DIRSYNC; + flags = MS_NODEV | MS_NOSUID | MS_DIRSYNC; + flags |= (executable ? 0 : MS_NOEXEC); flags |= (ro ? MS_RDONLY : 0); flags |= (remount ? MS_REMOUNT : 0); diff --git a/Fat.h b/Fat.h index f056090..e02d88c 100644 --- a/Fat.h +++ b/Fat.h @@ -22,8 +22,9 @@ class Fat { public: static int check(const char *fsPath); - static int doMount(const char *fsPath, const char *mountPoint, bool ro, - bool remount, int ownerUid, int ownerGid, int permMask, + static int doMount(const char *fsPath, const char *mountPoint, + bool ro, bool remount, bool executable, + int ownerUid, int ownerGid, int permMask, bool createLost); static int format(const char *fsPath, unsigned int numSectors); }; diff --git a/Volume.cpp b/Volume.cpp index f945b15..190b64b 100644 --- a/Volume.cpp +++ b/Volume.cpp @@ -323,7 +323,8 @@ int Volume::mountVol() { * muck with it before exposing it to non priviledged users. */ errno = 0; - if (Fat::doMount(devicePath, "/mnt/secure/staging", false, false, 1000, 1015, 0702, true)) { + if (Fat::doMount(devicePath, "/mnt/secure/staging", false, false, false, + 1000, 1015, 0702, true)) { SLOGE("%s failed to mount via VFAT (%s)\n", devicePath, strerror(errno)); continue; } diff --git a/VolumeManager.cpp b/VolumeManager.cpp index 2cdac70..231b308 100644 --- a/VolumeManager.cpp +++ b/VolumeManager.cpp @@ -431,7 +431,7 @@ int VolumeManager::createAsec(const char *id, unsigned int numSectors, } } - if (Fat::doMount(dmDevice, mountPoint, false, false, ownerUid, + if (Fat::doMount(dmDevice, mountPoint, false, false, false, ownerUid, 0, 0000, false)) { SLOGE("ASEC FAT mount failed (%s)", strerror(errno)); if (cleanupDm) { @@ -469,7 +469,7 @@ int VolumeManager::finalizeAsec(const char *id) { snprintf(mountPoint, sizeof(mountPoint), "%s/%s", Volume::ASECDIR, id); // XXX: - if (Fat::doMount(loopDevice, mountPoint, true, true, 0, 0, 0227, false)) { + if (Fat::doMount(loopDevice, mountPoint, true, true, true, 0, 0, 0227, false)) { SLOGE("ASEC finalize mount failed (%s)", strerror(errno)); return -1; } @@ -779,7 +779,7 @@ int VolumeManager::mountAsec(const char *id, const char *key, int ownerUid) { } } - if (Fat::doMount(dmDevice, mountPoint, true, false, ownerUid, 0, + if (Fat::doMount(dmDevice, mountPoint, true, false, true, ownerUid, 0, 0222, false)) { // 0227, false)) { SLOGE("ASEC mount failed (%s)", strerror(errno)); @@ -884,7 +884,7 @@ int VolumeManager::mountObb(const char *img, const char *key, int ownerUid) { } } - if (Fat::doMount(dmDevice, mountPoint, true, false, ownerUid, 0, + if (Fat::doMount(dmDevice, mountPoint, true, false, true, ownerUid, 0, 0227, false)) { SLOGE("Image mount failed (%s)", strerror(errno)); if (cleanupDm) {