diff --git a/Fat.cpp b/Fat.cpp index 6537a68..4b1558a 100644 --- a/Fat.cpp +++ b/Fat.cpp @@ -92,9 +92,12 @@ int Fat::check(const char *fsPath) { return 0; } -int Fat::doMount(const char *fsPath, const char *mountPoint, bool ro, bool remount) { +int Fat::doMount(const char *fsPath, const char *mountPoint, + bool ro, bool remount, int ownerUid, int ownerGid, + int permMask, bool createLost) { int rc; unsigned long flags; + char mountData[255]; flags = MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_DIRSYNC; @@ -112,28 +115,22 @@ int Fat::doMount(const char *fsPath, const char *mountPoint, bool ro, bool remou if (value[0] == '1') { LOGW("The SD card is world-writable because the" " 'persist.sampling_profiler' system property is set to '1'."); - rc = mount(fsPath, mountPoint, (const char *) "vfat", (unsigned long) flags, - (const void *) "utf8,uid=1000,gid=1015,fmask=000,dmask=000,shortname=mixed"); - } else { - /* - * The mount masks restrict access so that: - * 1. The 'system' user cannot access the SD card at all - - * (protects system_server from grabbing file references) - * 2. Group users can RWX - * 3. Others can only RX - */ - rc = mount(fsPath, mountPoint, "vfat", flags, - "utf8,uid=1000,gid=1015,fmask=702,dmask=702,shortname=mixed"); + permMask = 0; } + sprintf(mountData, + "utf8,uid=%d,gid=%d,fmask=%o,dmask=%o,shortname=mixed", + ownerUid, ownerGid, permMask, permMask); + + rc = mount(fsPath, mountPoint, "vfat", flags, mountData); + if (rc && errno == EROFS) { LOGE("%s appears to be a read only filesystem - retrying mount RO", fsPath); flags |= MS_RDONLY; - rc = mount(fsPath, mountPoint, "vfat", flags, - "utf8,uid=1000,gid=1015,fmask=702,dmask=702,shortname=mixed"); + rc = mount(fsPath, mountPoint, "vfat", flags, mountData); } - if (rc == 0) { + if (rc == 0 && createLost) { char *lost_path; asprintf(&lost_path, "%s/LOST.DIR", mountPoint); if (access(lost_path, F_OK)) { diff --git a/Fat.h b/Fat.h index e5d76e3..ab16a7f 100644 --- a/Fat.h +++ b/Fat.h @@ -23,7 +23,8 @@ class Fat { public: static int check(const char *fsPath); static int doMount(const char *fsPath, const char *mountPoint, bool ro, - bool remount); + bool remount, int ownerUid, int ownerGid, int permMask, + bool createLost); static int format(const char *fsPath); }; diff --git a/Volume.cpp b/Volume.cpp index 787d4cd..6926d77 100644 --- a/Volume.cpp +++ b/Volume.cpp @@ -268,7 +268,8 @@ int Volume::mountVol() { LOGI("%s checks out - attempting to mount\n", devicePath); errno = 0; - if (!(rc = Fat::doMount(devicePath, getMountpoint(), false, false))) { + if (!(rc = Fat::doMount(devicePath, getMountpoint(), false, false, + 1000, 1015, 0702, true))) { LOGI("%s sucessfully mounted for volume %s\n", devicePath, getLabel()); setState(Volume::State_Mounted); diff --git a/VolumeManager.cpp b/VolumeManager.cpp index f4b62c4..830c634 100644 --- a/VolumeManager.cpp +++ b/VolumeManager.cpp @@ -226,7 +226,8 @@ int VolumeManager::createAsec(const char *id, int sizeMb, return -1; } - if (Fat::doMount(loopDevice, mountPoint, false, false)) { + if (Fat::doMount(loopDevice, mountPoint, false, false, ownerUid, + 0, 0007, false)) { LOGE("ASEC FAT mount failed (%s)", strerror(errno)); Loop::destroyByDevice(loopDevice); unlink(asecFileName); @@ -250,7 +251,8 @@ int VolumeManager::finalizeAsec(const char *id) { } snprintf(mountPoint, sizeof(mountPoint), "/asec/%s", id); - if (Fat::doMount(loopDevice, mountPoint, true, true)) { + // XXX: + if (Fat::doMount(loopDevice, mountPoint, true, true, 0, 0, 0227, false)) { LOGE("ASEC finalize mount failed (%s)", strerror(errno)); return -1; } @@ -331,7 +333,8 @@ int VolumeManager::mountAsec(const char *id, const char *key, int ownerUid) { return -1; } - if (Fat::doMount(loopDevice, mountPoint, true, false)) { + if (Fat::doMount(loopDevice, mountPoint, true, false, ownerUid, 0, + 0227, false)) { LOGE("ASEC mount failed (%s)", strerror(errno)); return -1; }