/* * Copyright (C) 2015 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef ANDROID_VOLD_UTILS_H #define ANDROID_VOLD_UTILS_H #include "KeyBuffer.h" #include #include #include #include #include #include #include #include #include struct DIR; namespace android { namespace vold { static const char* kVoldAppDataIsolationEnabled = "persist.sys.vold_app_data_isolation_enabled"; static const char* kExternalStorageSdcardfs = "external_storage.sdcardfs.enabled"; static const char* kFuseBpfEnabled = "persist.sys.fuse.bpf.enable"; static constexpr std::chrono::seconds kUntrustedFsckSleepTime(45); /* SELinux contexts used depending on the block device type */ extern char* sBlkidContext; extern char* sBlkidUntrustedContext; extern char* sFsckContext; extern char* sFsckUntrustedContext; // TODO remove this with better solution, b/64143519 extern bool sSleepOnUnmount; std::string GetFuseMountPathForUser(userid_t user_id, const std::string& relative_upper_path); status_t CreateDeviceNode(const std::string& path, dev_t dev); status_t DestroyDeviceNode(const std::string& path); status_t SetDefaultAcl(const std::string& path, mode_t mode, uid_t uid, gid_t gid, std::vector additionalGids); status_t AbortFuseConnections(); int SetQuotaInherit(const std::string& path); int SetQuotaProjectId(const std::string& path, long projectId); /* * Creates and sets up an application-specific path on external * storage with the correct ACL and project ID (if needed). * * ONLY for use with app-specific data directories on external storage! * (eg, /Android/data/com.foo, /Android/obb/com.foo, etc.) */ int PrepareAppDirFromRoot(const std::string& path, const std::string& root, int appUid, bool fixupExisting); /* fs_prepare_dir wrapper that creates with SELinux context */ status_t PrepareDir(const std::string& path, mode_t mode, uid_t uid, gid_t gid, unsigned int attrs = 0); /* Really unmounts the path, killing active processes along the way */ status_t ForceUnmount(const std::string& path); /* Kills any processes using given path */ status_t KillProcessesUsingPath(const std::string& path); /* Kills any processes using given tmpfs mount prifix */ status_t KillProcessesWithTmpfsMountPrefix(const std::string& path); /* Creates bind mount from source to target */ status_t BindMount(const std::string& source, const std::string& target); /** Creates a symbolic link to target */ status_t Symlink(const std::string& target, const std::string& linkpath); /** Calls unlink(2) at linkpath */ status_t Unlink(const std::string& linkpath); /** Creates the given directory if it is not already available */ status_t CreateDir(const std::string& dir, mode_t mode); bool FindValue(const std::string& raw, const std::string& key, std::string* value); /* Reads filesystem metadata from device at path */ status_t ReadMetadata(const std::string& path, std::string* fsType, std::string* fsUuid, std::string* fsLabel); /* Reads filesystem metadata from untrusted device at path */ status_t ReadMetadataUntrusted(const std::string& path, std::string* fsType, std::string* fsUuid, std::string* fsLabel); /* Returns either WEXITSTATUS() status, or a negative errno */ status_t ForkExecvp(const std::vector& args, std::vector* output = nullptr, char* context = nullptr); status_t ForkExecvpTimeout(const std::vector& args, std::chrono::seconds timeout, char* context = nullptr); pid_t ForkExecvpAsync(const std::vector& args, char* context = nullptr); /* Gets block device size in bytes */ status_t GetBlockDevSize(int fd, uint64_t* size); status_t GetBlockDevSize(const std::string& path, uint64_t* size); /* Gets block device size in 512 byte sectors */ status_t GetBlockDev512Sectors(const std::string& path, uint64_t* nr_sec); status_t ReadRandomBytes(size_t bytes, std::string& out); status_t ReadRandomBytes(size_t bytes, char* buffer); status_t GenerateRandomUuid(std::string& out); /* Converts hex string to raw bytes, ignoring [ :-] */ status_t HexToStr(const std::string& hex, std::string& str); /* Converts raw bytes to hex string */ status_t StrToHex(const std::string& str, std::string& hex); /* Converts raw key bytes to hex string */ status_t StrToHex(const KeyBuffer& str, KeyBuffer& hex); /* Normalize given hex string into consistent format */ status_t NormalizeHex(const std::string& in, std::string& out); uint64_t GetFreeBytes(const std::string& path); uint64_t GetTreeBytes(const std::string& path); bool IsFilesystemSupported(const std::string& fsType); bool IsSdcardfsUsed(); bool IsFuseDaemon(const pid_t pid); /* Wipes contents of block device at given path */ status_t WipeBlockDevice(const std::string& path); std::string BuildKeyPath(const std::string& partGuid); std::string BuildDataSystemLegacyPath(userid_t userid); std::string BuildDataSystemCePath(userid_t userid); std::string BuildDataSystemDePath(userid_t userid); std::string BuildDataMiscLegacyPath(userid_t userid); std::string BuildDataMiscCePath(userid_t userid); std::string BuildDataMiscDePath(userid_t userid); std::string BuildDataProfilesDePath(userid_t userid); std::string BuildDataVendorCePath(userid_t userid); std::string BuildDataVendorDePath(userid_t userid); std::string BuildDataPath(const std::string& volumeUuid); std::string BuildDataMediaCePath(const std::string& volumeUuid, userid_t userid); std::string BuildDataUserCePath(const std::string& volumeUuid, userid_t userid); std::string BuildDataUserDePath(const std::string& volumeUuid, userid_t userid); dev_t GetDevice(const std::string& path); bool IsSameFile(const std::string& path1, const std::string& path2); status_t EnsureDirExists(const std::string& path, mode_t mode, uid_t uid, gid_t gid); status_t RestoreconRecursive(const std::string& path); // TODO: promote to android::base bool Readlinkat(int dirfd, const std::string& path, std::string* result); // Handles dynamic major assignment for virtio-block bool IsVirtioBlkDevice(unsigned int major); status_t UnmountTreeWithPrefix(const std::string& prefix); status_t UnmountTree(const std::string& mountPoint); bool IsDotOrDotDot(const struct dirent& ent); status_t DeleteDirContentsAndDir(const std::string& pathname); status_t DeleteDirContents(const std::string& pathname); status_t WaitForFile(const char* filename, std::chrono::nanoseconds timeout); bool pathExists(const std::string& path); bool FsyncDirectory(const std::string& dirname); bool FsyncParentDirectory(const std::string& path); bool MkdirsSync(const std::string& path, mode_t mode); bool writeStringToFile(const std::string& payload, const std::string& filename); void ConfigureMaxDirtyRatioForFuse(const std::string& fuse_mount, unsigned int max_ratio); void ConfigureReadAheadForFuse(const std::string& fuse_mount, size_t read_ahead_kb); status_t MountUserFuse(userid_t user_id, const std::string& absolute_lower_path, const std::string& relative_upper_path, android::base::unique_fd* fuse_fd); status_t UnmountUserFuse(userid_t userId, const std::string& absolute_lower_path, const std::string& relative_upper_path); status_t PrepareAndroidDirs(const std::string& volumeRoot); // Open a given directory as an FD, and return that and the corresponding procfs virtual // symlink path that can be used in any API that accepts a path string. Path stays valid until // the directory FD is closed. // // This may be useful when an API wants to restrict a path passed from an untrusted process, // and do it without any TOCTOU attacks possible (e.g. where an attacker replaces one of // the components with a symlink after the check passed). In that case opening a path through // this function guarantees that the target directory stays the same, and that it can be // referenced inside the current process via the virtual procfs symlink returned here. std::pair OpenDirInProcfs(std::string_view path); } // namespace vold } // namespace android #endif