1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_VOLD_UTILS_H 18 #define ANDROID_VOLD_UTILS_H 19 20 #include "KeyBuffer.h" 21 22 #include <android-base/macros.h> 23 #include <android-base/unique_fd.h> 24 #include <cutils/multiuser.h> 25 #include <selinux/selinux.h> 26 #include <utils/Errors.h> 27 28 #include <chrono> 29 #include <string> 30 #include <string_view> 31 #include <vector> 32 33 struct DIR; 34 35 namespace android { 36 namespace vold { 37 38 static const char* kVoldAppDataIsolationEnabled = "persist.sys.vold_app_data_isolation_enabled"; 39 static const char* kExternalStorageSdcardfs = "external_storage.sdcardfs.enabled"; 40 41 static constexpr std::chrono::seconds kUntrustedFsckSleepTime(45); 42 static constexpr std::chrono::seconds kUntrustedMountSleepTime(20); 43 44 /* SELinux contexts used depending on the block device type */ 45 extern char* sBlkidContext; 46 extern char* sBlkidUntrustedContext; 47 extern char* sFsckContext; 48 extern char* sFsckUntrustedContext; 49 50 // TODO remove this with better solution, b/64143519 51 extern bool sSleepOnUnmount; 52 53 std::string GetFuseMountPathForUser(userid_t user_id, const std::string& relative_upper_path); 54 55 status_t CreateDeviceNode(const std::string& path, dev_t dev); 56 status_t DestroyDeviceNode(const std::string& path); 57 58 status_t SetDefaultAcl(const std::string& path, mode_t mode, uid_t uid, gid_t gid, 59 std::vector<gid_t> additionalGids); 60 61 status_t AbortFuseConnections(); 62 63 int SetQuotaInherit(const std::string& path); 64 int SetQuotaProjectId(const std::string& path, long projectId); 65 /* 66 * Creates and sets up an application-specific path on external 67 * storage with the correct ACL and project ID (if needed). 68 * 69 * ONLY for use with app-specific data directories on external storage! 70 * (eg, /Android/data/com.foo, /Android/obb/com.foo, etc.) 71 */ 72 int PrepareAppDirFromRoot(const std::string& path, const std::string& root, int appUid, 73 bool fixupExisting); 74 75 /* fs_prepare_dir wrapper that creates with SELinux context */ 76 status_t PrepareDir(const std::string& path, mode_t mode, uid_t uid, gid_t gid, 77 unsigned int attrs = 0); 78 79 /* Really unmounts the path, killing active processes along the way */ 80 status_t ForceUnmount(const std::string& path); 81 82 /* Kills any processes using given path */ 83 status_t KillProcessesUsingPath(const std::string& path); 84 85 /* Kills any processes using given tmpfs mount prifix */ 86 status_t KillProcessesWithTmpfsMountPrefix(const std::string& path); 87 88 /* Creates bind mount from source to target */ 89 status_t BindMount(const std::string& source, const std::string& target); 90 91 /** Creates a symbolic link to target */ 92 status_t Symlink(const std::string& target, const std::string& linkpath); 93 94 /** Calls unlink(2) at linkpath */ 95 status_t Unlink(const std::string& linkpath); 96 97 /** Creates the given directory if it is not already available */ 98 status_t CreateDir(const std::string& dir, mode_t mode); 99 100 bool FindValue(const std::string& raw, const std::string& key, std::string* value); 101 102 /* Reads filesystem metadata from device at path */ 103 status_t ReadMetadata(const std::string& path, std::string* fsType, std::string* fsUuid, 104 std::string* fsLabel); 105 106 /* Reads filesystem metadata from untrusted device at path */ 107 status_t ReadMetadataUntrusted(const std::string& path, std::string* fsType, std::string* fsUuid, 108 std::string* fsLabel); 109 110 /* Returns either WEXITSTATUS() status, or a negative errno */ 111 status_t ForkTimeout(int (*func)(void*), void* args, std::chrono::seconds timeout); 112 status_t ForkExecvp(const std::vector<std::string>& args, 113 std::vector<std::string>* output = nullptr, char* context = nullptr); 114 status_t ForkExecvpTimeout(const std::vector<std::string>& args, std::chrono::seconds timeout, 115 char* context = nullptr); 116 117 pid_t ForkExecvpAsync(const std::vector<std::string>& args, char* context = nullptr); 118 119 /* Gets block device size in bytes */ 120 status_t GetBlockDevSize(int fd, uint64_t* size); 121 status_t GetBlockDevSize(const std::string& path, uint64_t* size); 122 /* Gets block device size in 512 byte sectors */ 123 status_t GetBlockDev512Sectors(const std::string& path, uint64_t* nr_sec); 124 125 status_t ReadRandomBytes(size_t bytes, std::string& out); 126 status_t ReadRandomBytes(size_t bytes, char* buffer); 127 status_t GenerateRandomUuid(std::string& out); 128 129 /* Converts hex string to raw bytes, ignoring [ :-] */ 130 status_t HexToStr(const std::string& hex, std::string& str); 131 /* Converts raw bytes to hex string */ 132 status_t StrToHex(const std::string& str, std::string& hex); 133 /* Converts raw key bytes to hex string */ 134 status_t StrToHex(const KeyBuffer& str, KeyBuffer& hex); 135 /* Normalize given hex string into consistent format */ 136 status_t NormalizeHex(const std::string& in, std::string& out); 137 138 uint64_t GetFreeBytes(const std::string& path); 139 uint64_t GetTreeBytes(const std::string& path); 140 141 bool IsFilesystemSupported(const std::string& fsType); 142 bool IsSdcardfsUsed(); 143 bool IsFuseDaemon(const pid_t pid); 144 145 /* Wipes contents of block device at given path */ 146 status_t WipeBlockDevice(const std::string& path); 147 148 std::string BuildKeyPath(const std::string& partGuid); 149 150 std::string BuildDataSystemLegacyPath(userid_t userid); 151 std::string BuildDataSystemCePath(userid_t userid); 152 std::string BuildDataSystemDePath(userid_t userid); 153 std::string BuildDataProfilesDePath(userid_t userid); 154 std::string BuildDataVendorCePath(userid_t userid); 155 std::string BuildDataVendorDePath(userid_t userid); 156 157 std::string BuildDataPath(const std::string& volumeUuid); 158 std::string BuildDataMediaCePath(const std::string& volumeUuid, userid_t userid); 159 std::string BuildDataMiscCePath(const std::string& volumeUuid, userid_t userid); 160 std::string BuildDataMiscDePath(const std::string& volumeUuid, userid_t userid); 161 std::string BuildDataUserCePath(const std::string& volumeUuid, userid_t userid); 162 std::string BuildDataUserDePath(const std::string& volumeUuid, userid_t userid); 163 164 dev_t GetDevice(const std::string& path); 165 166 bool IsSymlink(const std::string& path); 167 168 bool IsSameFile(const std::string& path1, const std::string& path2); 169 170 status_t EnsureDirExists(const std::string& path, mode_t mode, uid_t uid, gid_t gid); 171 172 status_t RestoreconRecursive(const std::string& path); 173 174 // TODO: promote to android::base 175 bool Readlinkat(int dirfd, const std::string& path, std::string* result); 176 177 // Handles dynamic major assignment for virtio-block 178 bool IsVirtioBlkDevice(unsigned int major); 179 180 status_t UnmountTree(const std::string& mountPoint); 181 182 bool IsDotOrDotDot(const struct dirent& ent); 183 184 status_t DeleteDirContentsAndDir(const std::string& pathname); 185 status_t DeleteDirContents(const std::string& pathname); 186 187 status_t WaitForFile(const char* filename, std::chrono::nanoseconds timeout); 188 189 bool pathExists(const std::string& path); 190 191 bool FsyncDirectory(const std::string& dirname); 192 193 bool FsyncParentDirectory(const std::string& path); 194 195 bool MkdirsSync(const std::string& path, mode_t mode); 196 197 bool writeStringToFile(const std::string& payload, const std::string& filename); 198 199 void ConfigureMaxDirtyRatioForFuse(const std::string& fuse_mount, unsigned int max_ratio); 200 201 void ConfigureReadAheadForFuse(const std::string& fuse_mount, size_t read_ahead_kb); 202 203 status_t MountUserFuse(userid_t user_id, const std::string& absolute_lower_path, 204 const std::string& relative_upper_path, android::base::unique_fd* fuse_fd); 205 206 status_t UnmountUserFuse(userid_t userId, const std::string& absolute_lower_path, 207 const std::string& relative_upper_path); 208 209 status_t PrepareAndroidDirs(const std::string& volumeRoot); 210 211 bool IsFuseBpfEnabled(); 212 213 // Open a given directory as an FD, and return that and the corresponding procfs virtual 214 // symlink path that can be used in any API that accepts a path string. Path stays valid until 215 // the directory FD is closed. 216 // 217 // This may be useful when an API wants to restrict a path passed from an untrusted process, 218 // and do it without any TOCTOU attacks possible (e.g. where an attacker replaces one of 219 // the components with a symlink after the check passed). In that case opening a path through 220 // this function guarantees that the target directory stays the same, and that it can be 221 // referenced inside the current process via the virtual procfs symlink returned here. 222 std::pair<android::base::unique_fd, std::string> OpenDirInProcfs(std::string_view path); 223 224 status_t PrepareMountDirForUser(userid_t user_id); 225 226 } // namespace vold 227 } // namespace android 228 229 #endif 230