1*f40fafd4SAndroid Build Coastguard Worker /* 2*f40fafd4SAndroid Build Coastguard Worker * Copyright (C) 2015 The Android Open Source Project 3*f40fafd4SAndroid Build Coastguard Worker * 4*f40fafd4SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*f40fafd4SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*f40fafd4SAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*f40fafd4SAndroid Build Coastguard Worker * 8*f40fafd4SAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*f40fafd4SAndroid Build Coastguard Worker * 10*f40fafd4SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*f40fafd4SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*f40fafd4SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*f40fafd4SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*f40fafd4SAndroid Build Coastguard Worker * limitations under the License. 15*f40fafd4SAndroid Build Coastguard Worker */ 16*f40fafd4SAndroid Build Coastguard Worker 17*f40fafd4SAndroid Build Coastguard Worker #ifndef ANDROID_VOLD_UTILS_H 18*f40fafd4SAndroid Build Coastguard Worker #define ANDROID_VOLD_UTILS_H 19*f40fafd4SAndroid Build Coastguard Worker 20*f40fafd4SAndroid Build Coastguard Worker #include "KeyBuffer.h" 21*f40fafd4SAndroid Build Coastguard Worker 22*f40fafd4SAndroid Build Coastguard Worker #include <android-base/macros.h> 23*f40fafd4SAndroid Build Coastguard Worker #include <android-base/unique_fd.h> 24*f40fafd4SAndroid Build Coastguard Worker #include <cutils/multiuser.h> 25*f40fafd4SAndroid Build Coastguard Worker #include <selinux/selinux.h> 26*f40fafd4SAndroid Build Coastguard Worker #include <utils/Errors.h> 27*f40fafd4SAndroid Build Coastguard Worker 28*f40fafd4SAndroid Build Coastguard Worker #include <chrono> 29*f40fafd4SAndroid Build Coastguard Worker #include <string> 30*f40fafd4SAndroid Build Coastguard Worker #include <string_view> 31*f40fafd4SAndroid Build Coastguard Worker #include <vector> 32*f40fafd4SAndroid Build Coastguard Worker 33*f40fafd4SAndroid Build Coastguard Worker struct DIR; 34*f40fafd4SAndroid Build Coastguard Worker 35*f40fafd4SAndroid Build Coastguard Worker namespace android { 36*f40fafd4SAndroid Build Coastguard Worker namespace vold { 37*f40fafd4SAndroid Build Coastguard Worker 38*f40fafd4SAndroid Build Coastguard Worker static const char* kVoldAppDataIsolationEnabled = "persist.sys.vold_app_data_isolation_enabled"; 39*f40fafd4SAndroid Build Coastguard Worker static const char* kExternalStorageSdcardfs = "external_storage.sdcardfs.enabled"; 40*f40fafd4SAndroid Build Coastguard Worker 41*f40fafd4SAndroid Build Coastguard Worker static constexpr std::chrono::seconds kUntrustedFsckSleepTime(45); 42*f40fafd4SAndroid Build Coastguard Worker static constexpr std::chrono::seconds kUntrustedMountSleepTime(20); 43*f40fafd4SAndroid Build Coastguard Worker 44*f40fafd4SAndroid Build Coastguard Worker /* SELinux contexts used depending on the block device type */ 45*f40fafd4SAndroid Build Coastguard Worker extern char* sBlkidContext; 46*f40fafd4SAndroid Build Coastguard Worker extern char* sBlkidUntrustedContext; 47*f40fafd4SAndroid Build Coastguard Worker extern char* sFsckContext; 48*f40fafd4SAndroid Build Coastguard Worker extern char* sFsckUntrustedContext; 49*f40fafd4SAndroid Build Coastguard Worker 50*f40fafd4SAndroid Build Coastguard Worker // TODO remove this with better solution, b/64143519 51*f40fafd4SAndroid Build Coastguard Worker extern bool sSleepOnUnmount; 52*f40fafd4SAndroid Build Coastguard Worker 53*f40fafd4SAndroid Build Coastguard Worker std::string GetFuseMountPathForUser(userid_t user_id, const std::string& relative_upper_path); 54*f40fafd4SAndroid Build Coastguard Worker 55*f40fafd4SAndroid Build Coastguard Worker status_t CreateDeviceNode(const std::string& path, dev_t dev); 56*f40fafd4SAndroid Build Coastguard Worker status_t DestroyDeviceNode(const std::string& path); 57*f40fafd4SAndroid Build Coastguard Worker 58*f40fafd4SAndroid Build Coastguard Worker status_t SetDefaultAcl(const std::string& path, mode_t mode, uid_t uid, gid_t gid, 59*f40fafd4SAndroid Build Coastguard Worker std::vector<gid_t> additionalGids); 60*f40fafd4SAndroid Build Coastguard Worker 61*f40fafd4SAndroid Build Coastguard Worker status_t AbortFuseConnections(); 62*f40fafd4SAndroid Build Coastguard Worker 63*f40fafd4SAndroid Build Coastguard Worker int SetQuotaInherit(const std::string& path); 64*f40fafd4SAndroid Build Coastguard Worker int SetQuotaProjectId(const std::string& path, long projectId); 65*f40fafd4SAndroid Build Coastguard Worker /* 66*f40fafd4SAndroid Build Coastguard Worker * Creates and sets up an application-specific path on external 67*f40fafd4SAndroid Build Coastguard Worker * storage with the correct ACL and project ID (if needed). 68*f40fafd4SAndroid Build Coastguard Worker * 69*f40fafd4SAndroid Build Coastguard Worker * ONLY for use with app-specific data directories on external storage! 70*f40fafd4SAndroid Build Coastguard Worker * (eg, /Android/data/com.foo, /Android/obb/com.foo, etc.) 71*f40fafd4SAndroid Build Coastguard Worker */ 72*f40fafd4SAndroid Build Coastguard Worker int PrepareAppDirFromRoot(const std::string& path, const std::string& root, int appUid, 73*f40fafd4SAndroid Build Coastguard Worker bool fixupExisting); 74*f40fafd4SAndroid Build Coastguard Worker 75*f40fafd4SAndroid Build Coastguard Worker /* fs_prepare_dir wrapper that creates with SELinux context */ 76*f40fafd4SAndroid Build Coastguard Worker status_t PrepareDir(const std::string& path, mode_t mode, uid_t uid, gid_t gid, 77*f40fafd4SAndroid Build Coastguard Worker unsigned int attrs = 0); 78*f40fafd4SAndroid Build Coastguard Worker 79*f40fafd4SAndroid Build Coastguard Worker /* Really unmounts the path, killing active processes along the way */ 80*f40fafd4SAndroid Build Coastguard Worker status_t ForceUnmount(const std::string& path); 81*f40fafd4SAndroid Build Coastguard Worker 82*f40fafd4SAndroid Build Coastguard Worker /* Kills any processes using given path */ 83*f40fafd4SAndroid Build Coastguard Worker status_t KillProcessesUsingPath(const std::string& path); 84*f40fafd4SAndroid Build Coastguard Worker 85*f40fafd4SAndroid Build Coastguard Worker /* Kills any processes using given tmpfs mount prifix */ 86*f40fafd4SAndroid Build Coastguard Worker status_t KillProcessesWithTmpfsMountPrefix(const std::string& path); 87*f40fafd4SAndroid Build Coastguard Worker 88*f40fafd4SAndroid Build Coastguard Worker /* Creates bind mount from source to target */ 89*f40fafd4SAndroid Build Coastguard Worker status_t BindMount(const std::string& source, const std::string& target); 90*f40fafd4SAndroid Build Coastguard Worker 91*f40fafd4SAndroid Build Coastguard Worker /** Creates a symbolic link to target */ 92*f40fafd4SAndroid Build Coastguard Worker status_t Symlink(const std::string& target, const std::string& linkpath); 93*f40fafd4SAndroid Build Coastguard Worker 94*f40fafd4SAndroid Build Coastguard Worker /** Calls unlink(2) at linkpath */ 95*f40fafd4SAndroid Build Coastguard Worker status_t Unlink(const std::string& linkpath); 96*f40fafd4SAndroid Build Coastguard Worker 97*f40fafd4SAndroid Build Coastguard Worker /** Creates the given directory if it is not already available */ 98*f40fafd4SAndroid Build Coastguard Worker status_t CreateDir(const std::string& dir, mode_t mode); 99*f40fafd4SAndroid Build Coastguard Worker 100*f40fafd4SAndroid Build Coastguard Worker bool FindValue(const std::string& raw, const std::string& key, std::string* value); 101*f40fafd4SAndroid Build Coastguard Worker 102*f40fafd4SAndroid Build Coastguard Worker /* Reads filesystem metadata from device at path */ 103*f40fafd4SAndroid Build Coastguard Worker status_t ReadMetadata(const std::string& path, std::string* fsType, std::string* fsUuid, 104*f40fafd4SAndroid Build Coastguard Worker std::string* fsLabel); 105*f40fafd4SAndroid Build Coastguard Worker 106*f40fafd4SAndroid Build Coastguard Worker /* Reads filesystem metadata from untrusted device at path */ 107*f40fafd4SAndroid Build Coastguard Worker status_t ReadMetadataUntrusted(const std::string& path, std::string* fsType, std::string* fsUuid, 108*f40fafd4SAndroid Build Coastguard Worker std::string* fsLabel); 109*f40fafd4SAndroid Build Coastguard Worker 110*f40fafd4SAndroid Build Coastguard Worker /* Returns either WEXITSTATUS() status, or a negative errno */ 111*f40fafd4SAndroid Build Coastguard Worker status_t ForkTimeout(int (*func)(void*), void* args, std::chrono::seconds timeout); 112*f40fafd4SAndroid Build Coastguard Worker status_t ForkExecvp(const std::vector<std::string>& args, 113*f40fafd4SAndroid Build Coastguard Worker std::vector<std::string>* output = nullptr, char* context = nullptr); 114*f40fafd4SAndroid Build Coastguard Worker status_t ForkExecvpTimeout(const std::vector<std::string>& args, std::chrono::seconds timeout, 115*f40fafd4SAndroid Build Coastguard Worker char* context = nullptr); 116*f40fafd4SAndroid Build Coastguard Worker 117*f40fafd4SAndroid Build Coastguard Worker pid_t ForkExecvpAsync(const std::vector<std::string>& args, char* context = nullptr); 118*f40fafd4SAndroid Build Coastguard Worker 119*f40fafd4SAndroid Build Coastguard Worker /* Gets block device size in bytes */ 120*f40fafd4SAndroid Build Coastguard Worker status_t GetBlockDevSize(int fd, uint64_t* size); 121*f40fafd4SAndroid Build Coastguard Worker status_t GetBlockDevSize(const std::string& path, uint64_t* size); 122*f40fafd4SAndroid Build Coastguard Worker /* Gets block device size in 512 byte sectors */ 123*f40fafd4SAndroid Build Coastguard Worker status_t GetBlockDev512Sectors(const std::string& path, uint64_t* nr_sec); 124*f40fafd4SAndroid Build Coastguard Worker 125*f40fafd4SAndroid Build Coastguard Worker status_t ReadRandomBytes(size_t bytes, std::string& out); 126*f40fafd4SAndroid Build Coastguard Worker status_t ReadRandomBytes(size_t bytes, char* buffer); 127*f40fafd4SAndroid Build Coastguard Worker status_t GenerateRandomUuid(std::string& out); 128*f40fafd4SAndroid Build Coastguard Worker 129*f40fafd4SAndroid Build Coastguard Worker /* Converts hex string to raw bytes, ignoring [ :-] */ 130*f40fafd4SAndroid Build Coastguard Worker status_t HexToStr(const std::string& hex, std::string& str); 131*f40fafd4SAndroid Build Coastguard Worker /* Converts raw bytes to hex string */ 132*f40fafd4SAndroid Build Coastguard Worker status_t StrToHex(const std::string& str, std::string& hex); 133*f40fafd4SAndroid Build Coastguard Worker /* Converts raw key bytes to hex string */ 134*f40fafd4SAndroid Build Coastguard Worker status_t StrToHex(const KeyBuffer& str, KeyBuffer& hex); 135*f40fafd4SAndroid Build Coastguard Worker /* Normalize given hex string into consistent format */ 136*f40fafd4SAndroid Build Coastguard Worker status_t NormalizeHex(const std::string& in, std::string& out); 137*f40fafd4SAndroid Build Coastguard Worker 138*f40fafd4SAndroid Build Coastguard Worker uint64_t GetFreeBytes(const std::string& path); 139*f40fafd4SAndroid Build Coastguard Worker uint64_t GetTreeBytes(const std::string& path); 140*f40fafd4SAndroid Build Coastguard Worker 141*f40fafd4SAndroid Build Coastguard Worker bool IsFilesystemSupported(const std::string& fsType); 142*f40fafd4SAndroid Build Coastguard Worker bool IsSdcardfsUsed(); 143*f40fafd4SAndroid Build Coastguard Worker bool IsFuseDaemon(const pid_t pid); 144*f40fafd4SAndroid Build Coastguard Worker 145*f40fafd4SAndroid Build Coastguard Worker /* Wipes contents of block device at given path */ 146*f40fafd4SAndroid Build Coastguard Worker status_t WipeBlockDevice(const std::string& path); 147*f40fafd4SAndroid Build Coastguard Worker 148*f40fafd4SAndroid Build Coastguard Worker std::string BuildKeyPath(const std::string& partGuid); 149*f40fafd4SAndroid Build Coastguard Worker 150*f40fafd4SAndroid Build Coastguard Worker std::string BuildDataSystemLegacyPath(userid_t userid); 151*f40fafd4SAndroid Build Coastguard Worker std::string BuildDataSystemCePath(userid_t userid); 152*f40fafd4SAndroid Build Coastguard Worker std::string BuildDataSystemDePath(userid_t userid); 153*f40fafd4SAndroid Build Coastguard Worker std::string BuildDataProfilesDePath(userid_t userid); 154*f40fafd4SAndroid Build Coastguard Worker std::string BuildDataVendorCePath(userid_t userid); 155*f40fafd4SAndroid Build Coastguard Worker std::string BuildDataVendorDePath(userid_t userid); 156*f40fafd4SAndroid Build Coastguard Worker 157*f40fafd4SAndroid Build Coastguard Worker std::string BuildDataPath(const std::string& volumeUuid); 158*f40fafd4SAndroid Build Coastguard Worker std::string BuildDataMediaCePath(const std::string& volumeUuid, userid_t userid); 159*f40fafd4SAndroid Build Coastguard Worker std::string BuildDataMiscCePath(const std::string& volumeUuid, userid_t userid); 160*f40fafd4SAndroid Build Coastguard Worker std::string BuildDataMiscDePath(const std::string& volumeUuid, userid_t userid); 161*f40fafd4SAndroid Build Coastguard Worker std::string BuildDataUserCePath(const std::string& volumeUuid, userid_t userid); 162*f40fafd4SAndroid Build Coastguard Worker std::string BuildDataUserDePath(const std::string& volumeUuid, userid_t userid); 163*f40fafd4SAndroid Build Coastguard Worker 164*f40fafd4SAndroid Build Coastguard Worker dev_t GetDevice(const std::string& path); 165*f40fafd4SAndroid Build Coastguard Worker 166*f40fafd4SAndroid Build Coastguard Worker bool IsSymlink(const std::string& path); 167*f40fafd4SAndroid Build Coastguard Worker 168*f40fafd4SAndroid Build Coastguard Worker bool IsSameFile(const std::string& path1, const std::string& path2); 169*f40fafd4SAndroid Build Coastguard Worker 170*f40fafd4SAndroid Build Coastguard Worker status_t EnsureDirExists(const std::string& path, mode_t mode, uid_t uid, gid_t gid); 171*f40fafd4SAndroid Build Coastguard Worker 172*f40fafd4SAndroid Build Coastguard Worker status_t RestoreconRecursive(const std::string& path); 173*f40fafd4SAndroid Build Coastguard Worker 174*f40fafd4SAndroid Build Coastguard Worker // TODO: promote to android::base 175*f40fafd4SAndroid Build Coastguard Worker bool Readlinkat(int dirfd, const std::string& path, std::string* result); 176*f40fafd4SAndroid Build Coastguard Worker 177*f40fafd4SAndroid Build Coastguard Worker // Handles dynamic major assignment for virtio-block 178*f40fafd4SAndroid Build Coastguard Worker bool IsVirtioBlkDevice(unsigned int major); 179*f40fafd4SAndroid Build Coastguard Worker 180*f40fafd4SAndroid Build Coastguard Worker status_t UnmountTree(const std::string& mountPoint); 181*f40fafd4SAndroid Build Coastguard Worker 182*f40fafd4SAndroid Build Coastguard Worker bool IsDotOrDotDot(const struct dirent& ent); 183*f40fafd4SAndroid Build Coastguard Worker 184*f40fafd4SAndroid Build Coastguard Worker status_t DeleteDirContentsAndDir(const std::string& pathname); 185*f40fafd4SAndroid Build Coastguard Worker status_t DeleteDirContents(const std::string& pathname); 186*f40fafd4SAndroid Build Coastguard Worker 187*f40fafd4SAndroid Build Coastguard Worker status_t WaitForFile(const char* filename, std::chrono::nanoseconds timeout); 188*f40fafd4SAndroid Build Coastguard Worker 189*f40fafd4SAndroid Build Coastguard Worker bool pathExists(const std::string& path); 190*f40fafd4SAndroid Build Coastguard Worker 191*f40fafd4SAndroid Build Coastguard Worker bool FsyncDirectory(const std::string& dirname); 192*f40fafd4SAndroid Build Coastguard Worker 193*f40fafd4SAndroid Build Coastguard Worker bool FsyncParentDirectory(const std::string& path); 194*f40fafd4SAndroid Build Coastguard Worker 195*f40fafd4SAndroid Build Coastguard Worker bool MkdirsSync(const std::string& path, mode_t mode); 196*f40fafd4SAndroid Build Coastguard Worker 197*f40fafd4SAndroid Build Coastguard Worker bool writeStringToFile(const std::string& payload, const std::string& filename); 198*f40fafd4SAndroid Build Coastguard Worker 199*f40fafd4SAndroid Build Coastguard Worker void ConfigureMaxDirtyRatioForFuse(const std::string& fuse_mount, unsigned int max_ratio); 200*f40fafd4SAndroid Build Coastguard Worker 201*f40fafd4SAndroid Build Coastguard Worker void ConfigureReadAheadForFuse(const std::string& fuse_mount, size_t read_ahead_kb); 202*f40fafd4SAndroid Build Coastguard Worker 203*f40fafd4SAndroid Build Coastguard Worker status_t MountUserFuse(userid_t user_id, const std::string& absolute_lower_path, 204*f40fafd4SAndroid Build Coastguard Worker const std::string& relative_upper_path, android::base::unique_fd* fuse_fd); 205*f40fafd4SAndroid Build Coastguard Worker 206*f40fafd4SAndroid Build Coastguard Worker status_t UnmountUserFuse(userid_t userId, const std::string& absolute_lower_path, 207*f40fafd4SAndroid Build Coastguard Worker const std::string& relative_upper_path); 208*f40fafd4SAndroid Build Coastguard Worker 209*f40fafd4SAndroid Build Coastguard Worker status_t PrepareAndroidDirs(const std::string& volumeRoot); 210*f40fafd4SAndroid Build Coastguard Worker 211*f40fafd4SAndroid Build Coastguard Worker bool IsFuseBpfEnabled(); 212*f40fafd4SAndroid Build Coastguard Worker 213*f40fafd4SAndroid Build Coastguard Worker // Open a given directory as an FD, and return that and the corresponding procfs virtual 214*f40fafd4SAndroid Build Coastguard Worker // symlink path that can be used in any API that accepts a path string. Path stays valid until 215*f40fafd4SAndroid Build Coastguard Worker // the directory FD is closed. 216*f40fafd4SAndroid Build Coastguard Worker // 217*f40fafd4SAndroid Build Coastguard Worker // This may be useful when an API wants to restrict a path passed from an untrusted process, 218*f40fafd4SAndroid Build Coastguard Worker // and do it without any TOCTOU attacks possible (e.g. where an attacker replaces one of 219*f40fafd4SAndroid Build Coastguard Worker // the components with a symlink after the check passed). In that case opening a path through 220*f40fafd4SAndroid Build Coastguard Worker // this function guarantees that the target directory stays the same, and that it can be 221*f40fafd4SAndroid Build Coastguard Worker // referenced inside the current process via the virtual procfs symlink returned here. 222*f40fafd4SAndroid Build Coastguard Worker std::pair<android::base::unique_fd, std::string> OpenDirInProcfs(std::string_view path); 223*f40fafd4SAndroid Build Coastguard Worker 224*f40fafd4SAndroid Build Coastguard Worker status_t PrepareMountDirForUser(userid_t user_id); 225*f40fafd4SAndroid Build Coastguard Worker 226*f40fafd4SAndroid Build Coastguard Worker } // namespace vold 227*f40fafd4SAndroid Build Coastguard Worker } // namespace android 228*f40fafd4SAndroid Build Coastguard Worker 229*f40fafd4SAndroid Build Coastguard Worker #endif 230