blob: 50d24875271e1dff4c1ec69df14d54226dca8761 [file] [log] [blame]
/*
* fs/sdcardfs/derived_perm.c
*
* Copyright (c) 2013 Samsung Electronics Co. Ltd
* Authors: Daeho Jeong, Woojoong Lee, Seunghwan Hyun,
* Sunghwan Yun, Sungjong Seo
*
* This program has been developed as a stackable file system based on
* the WrapFS which written by
*
* Copyright (c) 1998-2011 Erez Zadok
* Copyright (c) 2009 Shrikar Archak
* Copyright (c) 2003-2011 Stony Brook University
* Copyright (c) 2003-2011 The Research Foundation of SUNY
*
* This file is dual licensed. It may be redistributed and/or modified
* under the terms of the Apache 2.0 License OR version 2 of the GNU
* General Public License.
*/
#include "sdcardfs.h"
/* copy derived state from parent inode */
static void inherit_derived_state(struct inode *parent, struct inode *child)
{
struct sdcardfs_inode_info *pi = SDCARDFS_I(parent);
struct sdcardfs_inode_info *ci = SDCARDFS_I(child);
ci->data->perm = PERM_INHERIT;
ci->data->userid = pi->data->userid;
ci->data->d_uid = pi->data->d_uid;
ci->data->under_android = pi->data->under_android;
ci->data->under_cache = pi->data->under_cache;
ci->data->under_obb = pi->data->under_obb;
set_top(ci, pi->top_data);
ci->data->under_knox = pi->data->under_knox;
}
/* helper function for derived state */
void setup_derived_state(struct inode *inode, perm_t perm, userid_t userid,
uid_t uid, bool under_android,
struct sdcardfs_inode_data *top)
{
struct sdcardfs_inode_info *info = SDCARDFS_I(inode);
info->data->perm = perm;
info->data->userid = userid;
info->data->d_uid = uid;
info->data->under_android = under_android;
info->data->under_cache = false;
info->data->under_obb = false;
set_top(info, top);
info->data->under_knox = false;
}
/* While renaming, there is a point where we want the path from dentry,
* but the name from newdentry
*/
void get_derived_permission_new(struct dentry *parent, struct dentry *dentry,
const struct qstr *name)
{
struct sdcardfs_inode_info *info = SDCARDFS_I(d_inode(dentry));
struct sdcardfs_inode_data *parent_data =
SDCARDFS_I(d_inode(parent))->data;
appid_t appid;
unsigned long user_num;
int err;
struct qstr q_Android = QSTR_LITERAL("Android");
struct qstr q_data = QSTR_LITERAL("data");
struct qstr q_obb = QSTR_LITERAL("obb");
struct qstr q_media = QSTR_LITERAL("media");
struct qstr q_cache = QSTR_LITERAL("cache");
/* refer to perm_t in sdcardfs.h */
struct qstr q_knox = QSTR_LITERAL("knox");
struct qstr q_shared = QSTR_LITERAL("shared");
/* By default, each inode inherits from its parent.
* the properties are maintained on its private fields
* because the inode attributes will be modified with that of
* its lower inode.
* These values are used by our custom permission call instead
* of using the inode permissions.
*/
inherit_derived_state(d_inode(parent), d_inode(dentry));
/* Files don't get special labels */
if (!S_ISDIR(d_inode(dentry)->i_mode))
return;
/* Derive custom permissions based on parent and current node */
switch (parent_data->perm) {
case PERM_INHERIT:
case PERM_ANDROID_PACKAGE_CACHE:
/* Already inherited above */
break;
case PERM_PRE_ROOT:
/* Legacy internal layout places users at top level */
info->data->perm = PERM_ROOT;
err = kstrtoul(name->name, 10, &user_num);
if (err)
info->data->userid = 0;
else
info->data->userid = user_num;
set_top(info, info->data);
break;
case PERM_ROOT:
/* Assume masked off by default. */
if (qstr_case_eq(name, &q_Android)) {
/* App-specific directories inside; let anyone traverse */
info->data->perm = PERM_ANDROID;
info->data->under_android = true;
set_top(info, info->data);
} else if (qstr_case_eq(name, &q_knox)) {
info->data->perm = PERM_KNOX_PRE_ROOT;
info->data->under_knox = true;
set_top(info, info->data);
}
break;
case PERM_ANDROID:
if (qstr_case_eq(name, &q_data)) {
/* App-specific directories inside; let anyone traverse */
info->data->perm = PERM_ANDROID_DATA;
set_top(info, info->data);
} else if (qstr_case_eq(name, &q_obb)) {
/* App-specific directories inside; let anyone traverse */
info->data->perm = PERM_ANDROID_OBB;
info->data->under_obb = true;
set_top(info, info->data);
/* Single OBB directory is always shared */
} else if (qstr_case_eq(name, &q_media)) {
/* App-specific directories inside; let anyone traverse */
info->data->perm = PERM_ANDROID_MEDIA;
set_top(info, info->data);
}
break;
case PERM_ANDROID_OBB:
case PERM_ANDROID_DATA:
case PERM_ANDROID_MEDIA:
info->data->perm = PERM_ANDROID_PACKAGE;
appid = get_appid(name->name);
if (appid != 0 && !is_excluded(name->name, parent_data->userid))
info->data->d_uid =
multiuser_get_uid(parent_data->userid, appid);
set_top(info, info->data);
break;
case PERM_ANDROID_PACKAGE:
if (qstr_case_eq(name, &q_cache)) {
info->data->perm = PERM_ANDROID_PACKAGE_CACHE;
info->data->under_cache = true;
}
break;
/* KNOX */
case PERM_KNOX_PRE_ROOT:
info->data->perm = PERM_KNOX_ROOT;
err = kstrtoul(name->name, 10, &user_num);
if (err)
info->data->userid = 10; /* default container no. */
else
info->data->userid = user_num;
set_top(info, info->data);
break;
case PERM_KNOX_ROOT:
if (qstr_case_eq(name, &q_Android))
info->data->perm = PERM_KNOX_ANDROID;
break;
case PERM_KNOX_ANDROID:
if (qstr_case_eq(name, &q_data)) {
info->data->perm = PERM_KNOX_ANDROID_DATA;
} else if (qstr_case_eq(name, &q_shared)) {
info->data->perm = PERM_KNOX_ANDROID_SHARED;
info->data->d_uid =
multiuser_get_uid(parent_data->userid, 0);
set_top(info, info->data);
}
break;
case PERM_KNOX_ANDROID_DATA:
info->data->perm = PERM_KNOX_ANDROID_PACKAGE;
appid = get_appid(name->name);
if (appid != 0 && !is_excluded(name->name, parent_data->userid))
info->data->d_uid =
multiuser_get_uid(parent_data->userid, appid);
set_top(info, info->data);
break;
case PERM_KNOX_ANDROID_SHARED:
case PERM_KNOX_ANDROID_PACKAGE:
break;
}
}
void get_derived_permission(struct dentry *parent, struct dentry *dentry)
{
get_derived_permission_new(parent, dentry, &dentry->d_name);
}
static appid_t get_type(const char *name)
{
const char *ext = strrchr(name, '.');
appid_t id;
if (ext && ext[0]) {
ext = &ext[1];
id = get_ext_gid(ext);
return id?:AID_MEDIA_RW;
}
return AID_MEDIA_RW;
}
void fixup_lower_ownership(struct dentry *dentry, const char *name)
{
struct path path;
struct inode *inode;
struct inode *delegated_inode = NULL;
int error;
struct sdcardfs_inode_info *info;
struct sdcardfs_inode_data *info_d;
struct sdcardfs_inode_data *info_top;
perm_t perm;
struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
uid_t uid = sbi->options.fs_low_uid;
gid_t gid = sbi->options.fs_low_gid;
struct iattr newattrs;
if (!sbi->options.gid_derivation)
return;
info = SDCARDFS_I(d_inode(dentry));
info_d = info->data;
perm = info_d->perm;
if (info_d->under_obb) {
perm = PERM_ANDROID_OBB;
} else if (info_d->under_cache) {
perm = PERM_ANDROID_PACKAGE_CACHE;
} else if (perm == PERM_INHERIT) {
info_top = top_data_get(info);
perm = info_top->perm;
data_put(info_top);
}
switch (perm) {
case PERM_ROOT:
case PERM_ANDROID:
case PERM_ANDROID_DATA:
case PERM_ANDROID_MEDIA:
case PERM_ANDROID_PACKAGE:
case PERM_ANDROID_PACKAGE_CACHE:
uid = multiuser_get_uid(info_d->userid, uid);
break;
case PERM_ANDROID_OBB:
uid = AID_MEDIA_OBB;
break;
case PERM_PRE_ROOT:
default:
break;
}
switch (perm) {
case PERM_ROOT:
case PERM_ANDROID:
case PERM_ANDROID_DATA:
case PERM_ANDROID_MEDIA:
if (S_ISDIR(d_inode(dentry)->i_mode))
gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
else
gid = multiuser_get_uid(info_d->userid, get_type(name));
break;
case PERM_ANDROID_OBB:
gid = AID_MEDIA_OBB;
break;
case PERM_ANDROID_PACKAGE:
if (uid_is_app(info_d->d_uid))
gid = multiuser_get_ext_gid(info_d->d_uid);
else
gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
break;
case PERM_ANDROID_PACKAGE_CACHE:
if (uid_is_app(info_d->d_uid))
gid = multiuser_get_ext_cache_gid(info_d->d_uid);
else
gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
break;
case PERM_PRE_ROOT:
default:
break;
}
sdcardfs_get_lower_path(dentry, &path);
inode = d_inode(path.dentry);
if (d_inode(path.dentry)->i_gid.val != gid || d_inode(path.dentry)->i_uid.val != uid) {
retry_deleg:
newattrs.ia_valid = ATTR_GID | ATTR_UID | ATTR_FORCE;
newattrs.ia_uid = make_kuid(current_user_ns(), uid);
newattrs.ia_gid = make_kgid(current_user_ns(), gid);
if (!S_ISDIR(inode->i_mode))
newattrs.ia_valid |=
ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
mutex_lock(&inode->i_mutex);
error = security_path_chown(&path, newattrs.ia_uid, newattrs.ia_gid);
if (!error)
error = notify_change2(path.mnt, path.dentry, &newattrs, &delegated_inode);
mutex_unlock(&inode->i_mutex);
if (delegated_inode) {
error = break_deleg_wait(&delegated_inode);
if (!error)
goto retry_deleg;
}
if (error)
pr_debug("sdcardfs: Failed to touch up lower fs gid/uid for %s\n", name);
}
sdcardfs_put_lower_path(dentry, &path);
}
static int descendant_may_need_fixup(struct sdcardfs_inode_data *data,
struct limit_search *limit)
{
if (data->perm == PERM_ROOT)
return (limit->flags & BY_USERID) ?
data->userid == limit->userid : 1;
if (data->perm == PERM_PRE_ROOT || data->perm == PERM_ANDROID)
return 1;
return 0;
}
static int needs_fixup(perm_t perm)
{
if (perm == PERM_ANDROID_DATA || perm == PERM_ANDROID_OBB
|| perm == PERM_ANDROID_MEDIA)
return 1;
return 0;
}
static void __fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit, int depth)
{
struct dentry *child;
struct sdcardfs_inode_info *info;
/*
* All paths will terminate their recursion on hitting PERM_ANDROID_OBB,
* PERM_ANDROID_MEDIA, or PERM_ANDROID_DATA. This happens at a depth of
* at most 3.
*/
WARN(depth > 3, "%s: Max expected depth exceeded!\n", __func__);
spin_lock_nested(&dentry->d_lock, depth);
if (!d_inode(dentry)) {
spin_unlock(&dentry->d_lock);
return;
}
info = SDCARDFS_I(d_inode(dentry));
if (needs_fixup(info->data->perm)) {
list_for_each_entry(child, &dentry->d_subdirs, d_child) {
spin_lock_nested(&child->d_lock, depth + 1);
if (!(limit->flags & BY_NAME) || qstr_case_eq(&child->d_name, &limit->name)) {
if (d_inode(child)) {
get_derived_permission(dentry, child);
fixup_tmp_permissions(d_inode(child));
spin_unlock(&child->d_lock);
break;
}
}
spin_unlock(&child->d_lock);
}
} else if (descendant_may_need_fixup(info->data, limit)) {
list_for_each_entry(child, &dentry->d_subdirs, d_child) {
__fixup_perms_recursive(child, limit, depth + 1);
}
}
spin_unlock(&dentry->d_lock);
}
void fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit)
{
__fixup_perms_recursive(dentry, limit, 0);
}
/* main function for updating derived permission */
inline void update_derived_permission_lock(struct dentry *dentry)
{
struct dentry *parent;
if (!dentry || !d_inode(dentry)) {
pr_err("sdcardfs: %s: invalid dentry\n", __func__);
return;
}
/* FIXME:
* 1. need to check whether the dentry is updated or not
* 2. remove the root dentry update
*/
if (!IS_ROOT(dentry)) {
parent = dget_parent(dentry);
if (parent) {
get_derived_permission(parent, dentry);
dput(parent);
}
}
fixup_tmp_permissions(d_inode(dentry));
}
int need_graft_path(struct dentry *dentry)
{
int ret = 0;
struct dentry *parent = dget_parent(dentry);
struct sdcardfs_inode_info *parent_info = SDCARDFS_I(d_inode(parent));
struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
struct qstr obb = QSTR_LITERAL("obb");
if (parent_info->data->perm == PERM_ANDROID &&
qstr_case_eq(&dentry->d_name, &obb)) {
/* /Android/obb is the base obbpath of DERIVED_UNIFIED */
if (!(sbi->options.multiuser == false
&& parent_info->data->userid == 0)) {
ret = 1;
}
}
dput(parent);
return ret;
}
int is_obbpath_invalid(struct dentry *dent)
{
int ret = 0;
struct sdcardfs_dentry_info *di = SDCARDFS_D(dent);
struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dent->d_sb);
char *path_buf, *obbpath_s;
int need_put = 0;
struct path lower_path;
/* check the base obbpath has been changed.
* this routine can check an uninitialized obb dentry as well.
* regarding the uninitialized obb, refer to the sdcardfs_mkdir()
*/
spin_lock(&di->lock);
if (di->orig_path.dentry) {
if (!di->lower_path.dentry) {
ret = 1;
} else {
path_get(&di->lower_path);
path_buf = kmalloc(PATH_MAX, GFP_ATOMIC);
if (!path_buf) {
ret = 1;
pr_err("sdcardfs: fail to allocate path_buf in %s.\n", __func__);
} else {
obbpath_s = d_path(&di->lower_path, path_buf, PATH_MAX);
if (d_unhashed(di->lower_path.dentry) ||
!str_case_eq(sbi->obbpath_s, obbpath_s)) {
ret = 1;
}
kfree(path_buf);
}
pathcpy(&lower_path, &di->lower_path);
need_put = 1;
}
}
spin_unlock(&di->lock);
if (need_put)
path_put(&lower_path);
return ret;
}
int is_base_obbpath(struct dentry *dentry)
{
int ret = 0;
struct dentry *parent = dget_parent(dentry);
struct sdcardfs_inode_info *parent_info = SDCARDFS_I(d_inode(parent));
struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
struct qstr q_obb = QSTR_LITERAL("obb");
spin_lock(&SDCARDFS_D(dentry)->lock);
if (sbi->options.multiuser) {
if (parent_info->data->perm == PERM_PRE_ROOT &&
qstr_case_eq(&dentry->d_name, &q_obb)) {
ret = 1;
}
} else if (parent_info->data->perm == PERM_ANDROID &&
qstr_case_eq(&dentry->d_name, &q_obb)) {
ret = 1;
}
spin_unlock(&SDCARDFS_D(dentry)->lock);
return ret;
}
/* The lower_path will be stored to the dentry's orig_path
* and the base obbpath will be copyed to the lower_path variable.
* if an error returned, there's no change in the lower_path
* returns: -ERRNO if error (0: no error)
*/
int setup_obb_dentry(struct dentry *dentry, struct path *lower_path)
{
int err = 0;
struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
struct path obbpath;
/* A local obb dentry must have its own orig_path to support rmdir
* and mkdir of itself. Usually, we expect that the sbi->obbpath
* is avaiable on this stage.
*/
sdcardfs_set_orig_path(dentry, lower_path);
err = kern_path(sbi->obbpath_s,
LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &obbpath);
if (!err) {
/* the obbpath base has been found */
pathcpy(lower_path, &obbpath);
} else {
/* if the sbi->obbpath is not available, we can optionally
* setup the lower_path with its orig_path.
* but, the current implementation just returns an error
* because the sdcard daemon also regards this case as
* a lookup fail.
*/
pr_info("sdcardfs: the sbi->obbpath is not available\n");
}
return err;
}