| /* |
| * fs/sdcardfs/derived_perm.c |
| * |
| * Copyright (c) 2013 Samsung Electronics Co. Ltd |
| * Authors: Daeho Jeong, Woojoong Lee, Seunghwan Hyun, |
| * Sunghwan Yun, Sungjong Seo |
| * |
| * This program has been developed as a stackable file system based on |
| * the WrapFS which written by |
| * |
| * Copyright (c) 1998-2011 Erez Zadok |
| * Copyright (c) 2009 Shrikar Archak |
| * Copyright (c) 2003-2011 Stony Brook University |
| * Copyright (c) 2003-2011 The Research Foundation of SUNY |
| * |
| * This file is dual licensed. It may be redistributed and/or modified |
| * under the terms of the Apache 2.0 License OR version 2 of the GNU |
| * General Public License. |
| */ |
| |
| #include "sdcardfs.h" |
| |
| /* copy derived state from parent inode */ |
| static void inherit_derived_state(struct inode *parent, struct inode *child) |
| { |
| struct sdcardfs_inode_info *pi = SDCARDFS_I(parent); |
| struct sdcardfs_inode_info *ci = SDCARDFS_I(child); |
| |
| ci->data->perm = PERM_INHERIT; |
| ci->data->userid = pi->data->userid; |
| ci->data->d_uid = pi->data->d_uid; |
| ci->data->under_android = pi->data->under_android; |
| ci->data->under_cache = pi->data->under_cache; |
| ci->data->under_obb = pi->data->under_obb; |
| set_top(ci, pi->top_data); |
| |
| ci->data->under_knox = pi->data->under_knox; |
| } |
| |
| /* helper function for derived state */ |
| void setup_derived_state(struct inode *inode, perm_t perm, userid_t userid, |
| uid_t uid, bool under_android, |
| struct sdcardfs_inode_data *top) |
| { |
| struct sdcardfs_inode_info *info = SDCARDFS_I(inode); |
| |
| info->data->perm = perm; |
| info->data->userid = userid; |
| info->data->d_uid = uid; |
| info->data->under_android = under_android; |
| info->data->under_cache = false; |
| info->data->under_obb = false; |
| set_top(info, top); |
| |
| info->data->under_knox = false; |
| } |
| |
| /* While renaming, there is a point where we want the path from dentry, |
| * but the name from newdentry |
| */ |
| void get_derived_permission_new(struct dentry *parent, struct dentry *dentry, |
| const struct qstr *name) |
| { |
| struct sdcardfs_inode_info *info = SDCARDFS_I(d_inode(dentry)); |
| struct sdcardfs_inode_data *parent_data = |
| SDCARDFS_I(d_inode(parent))->data; |
| appid_t appid; |
| unsigned long user_num; |
| int err; |
| struct qstr q_Android = QSTR_LITERAL("Android"); |
| struct qstr q_data = QSTR_LITERAL("data"); |
| struct qstr q_obb = QSTR_LITERAL("obb"); |
| struct qstr q_media = QSTR_LITERAL("media"); |
| struct qstr q_cache = QSTR_LITERAL("cache"); |
| /* refer to perm_t in sdcardfs.h */ |
| struct qstr q_knox = QSTR_LITERAL("knox"); |
| struct qstr q_shared = QSTR_LITERAL("shared"); |
| |
| |
| /* By default, each inode inherits from its parent. |
| * the properties are maintained on its private fields |
| * because the inode attributes will be modified with that of |
| * its lower inode. |
| * These values are used by our custom permission call instead |
| * of using the inode permissions. |
| */ |
| |
| inherit_derived_state(d_inode(parent), d_inode(dentry)); |
| |
| /* Files don't get special labels */ |
| if (!S_ISDIR(d_inode(dentry)->i_mode)) |
| return; |
| /* Derive custom permissions based on parent and current node */ |
| switch (parent_data->perm) { |
| case PERM_INHERIT: |
| case PERM_ANDROID_PACKAGE_CACHE: |
| /* Already inherited above */ |
| break; |
| case PERM_PRE_ROOT: |
| /* Legacy internal layout places users at top level */ |
| info->data->perm = PERM_ROOT; |
| err = kstrtoul(name->name, 10, &user_num); |
| if (err) |
| info->data->userid = 0; |
| else |
| info->data->userid = user_num; |
| set_top(info, info->data); |
| break; |
| case PERM_ROOT: |
| /* Assume masked off by default. */ |
| if (qstr_case_eq(name, &q_Android)) { |
| /* App-specific directories inside; let anyone traverse */ |
| info->data->perm = PERM_ANDROID; |
| info->data->under_android = true; |
| set_top(info, info->data); |
| } else if (qstr_case_eq(name, &q_knox)) { |
| info->data->perm = PERM_KNOX_PRE_ROOT; |
| info->data->under_knox = true; |
| set_top(info, info->data); |
| } |
| break; |
| case PERM_ANDROID: |
| if (qstr_case_eq(name, &q_data)) { |
| /* App-specific directories inside; let anyone traverse */ |
| info->data->perm = PERM_ANDROID_DATA; |
| set_top(info, info->data); |
| } else if (qstr_case_eq(name, &q_obb)) { |
| /* App-specific directories inside; let anyone traverse */ |
| info->data->perm = PERM_ANDROID_OBB; |
| info->data->under_obb = true; |
| set_top(info, info->data); |
| /* Single OBB directory is always shared */ |
| } else if (qstr_case_eq(name, &q_media)) { |
| /* App-specific directories inside; let anyone traverse */ |
| info->data->perm = PERM_ANDROID_MEDIA; |
| set_top(info, info->data); |
| } |
| break; |
| case PERM_ANDROID_OBB: |
| case PERM_ANDROID_DATA: |
| case PERM_ANDROID_MEDIA: |
| info->data->perm = PERM_ANDROID_PACKAGE; |
| appid = get_appid(name->name); |
| if (appid != 0 && !is_excluded(name->name, parent_data->userid)) |
| info->data->d_uid = |
| multiuser_get_uid(parent_data->userid, appid); |
| set_top(info, info->data); |
| break; |
| case PERM_ANDROID_PACKAGE: |
| if (qstr_case_eq(name, &q_cache)) { |
| info->data->perm = PERM_ANDROID_PACKAGE_CACHE; |
| info->data->under_cache = true; |
| } |
| break; |
| |
| /* KNOX */ |
| case PERM_KNOX_PRE_ROOT: |
| info->data->perm = PERM_KNOX_ROOT; |
| err = kstrtoul(name->name, 10, &user_num); |
| if (err) |
| info->data->userid = 10; /* default container no. */ |
| else |
| info->data->userid = user_num; |
| set_top(info, info->data); |
| break; |
| case PERM_KNOX_ROOT: |
| if (qstr_case_eq(name, &q_Android)) |
| info->data->perm = PERM_KNOX_ANDROID; |
| break; |
| case PERM_KNOX_ANDROID: |
| if (qstr_case_eq(name, &q_data)) { |
| info->data->perm = PERM_KNOX_ANDROID_DATA; |
| } else if (qstr_case_eq(name, &q_shared)) { |
| info->data->perm = PERM_KNOX_ANDROID_SHARED; |
| info->data->d_uid = |
| multiuser_get_uid(parent_data->userid, 0); |
| set_top(info, info->data); |
| } |
| break; |
| case PERM_KNOX_ANDROID_DATA: |
| info->data->perm = PERM_KNOX_ANDROID_PACKAGE; |
| appid = get_appid(name->name); |
| if (appid != 0 && !is_excluded(name->name, parent_data->userid)) |
| info->data->d_uid = |
| multiuser_get_uid(parent_data->userid, appid); |
| set_top(info, info->data); |
| break; |
| case PERM_KNOX_ANDROID_SHARED: |
| case PERM_KNOX_ANDROID_PACKAGE: |
| break; |
| } |
| } |
| |
| void get_derived_permission(struct dentry *parent, struct dentry *dentry) |
| { |
| get_derived_permission_new(parent, dentry, &dentry->d_name); |
| } |
| |
| static appid_t get_type(const char *name) |
| { |
| const char *ext = strrchr(name, '.'); |
| appid_t id; |
| |
| if (ext && ext[0]) { |
| ext = &ext[1]; |
| id = get_ext_gid(ext); |
| return id?:AID_MEDIA_RW; |
| } |
| return AID_MEDIA_RW; |
| } |
| |
| void fixup_lower_ownership(struct dentry *dentry, const char *name) |
| { |
| struct path path; |
| struct inode *inode; |
| struct inode *delegated_inode = NULL; |
| int error; |
| struct sdcardfs_inode_info *info; |
| struct sdcardfs_inode_data *info_d; |
| struct sdcardfs_inode_data *info_top; |
| perm_t perm; |
| struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb); |
| uid_t uid = sbi->options.fs_low_uid; |
| gid_t gid = sbi->options.fs_low_gid; |
| struct iattr newattrs; |
| |
| if (!sbi->options.gid_derivation) |
| return; |
| |
| info = SDCARDFS_I(d_inode(dentry)); |
| info_d = info->data; |
| perm = info_d->perm; |
| if (info_d->under_obb) { |
| perm = PERM_ANDROID_OBB; |
| } else if (info_d->under_cache) { |
| perm = PERM_ANDROID_PACKAGE_CACHE; |
| } else if (perm == PERM_INHERIT) { |
| info_top = top_data_get(info); |
| perm = info_top->perm; |
| data_put(info_top); |
| } |
| |
| switch (perm) { |
| case PERM_ROOT: |
| case PERM_ANDROID: |
| case PERM_ANDROID_DATA: |
| case PERM_ANDROID_MEDIA: |
| case PERM_ANDROID_PACKAGE: |
| case PERM_ANDROID_PACKAGE_CACHE: |
| uid = multiuser_get_uid(info_d->userid, uid); |
| break; |
| case PERM_ANDROID_OBB: |
| uid = AID_MEDIA_OBB; |
| break; |
| case PERM_PRE_ROOT: |
| default: |
| break; |
| } |
| switch (perm) { |
| case PERM_ROOT: |
| case PERM_ANDROID: |
| case PERM_ANDROID_DATA: |
| case PERM_ANDROID_MEDIA: |
| if (S_ISDIR(d_inode(dentry)->i_mode)) |
| gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW); |
| else |
| gid = multiuser_get_uid(info_d->userid, get_type(name)); |
| break; |
| case PERM_ANDROID_OBB: |
| gid = AID_MEDIA_OBB; |
| break; |
| case PERM_ANDROID_PACKAGE: |
| if (uid_is_app(info_d->d_uid)) |
| gid = multiuser_get_ext_gid(info_d->d_uid); |
| else |
| gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW); |
| break; |
| case PERM_ANDROID_PACKAGE_CACHE: |
| if (uid_is_app(info_d->d_uid)) |
| gid = multiuser_get_ext_cache_gid(info_d->d_uid); |
| else |
| gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW); |
| break; |
| case PERM_PRE_ROOT: |
| default: |
| break; |
| } |
| |
| sdcardfs_get_lower_path(dentry, &path); |
| inode = d_inode(path.dentry); |
| if (d_inode(path.dentry)->i_gid.val != gid || d_inode(path.dentry)->i_uid.val != uid) { |
| retry_deleg: |
| newattrs.ia_valid = ATTR_GID | ATTR_UID | ATTR_FORCE; |
| newattrs.ia_uid = make_kuid(current_user_ns(), uid); |
| newattrs.ia_gid = make_kgid(current_user_ns(), gid); |
| if (!S_ISDIR(inode->i_mode)) |
| newattrs.ia_valid |= |
| ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV; |
| mutex_lock(&inode->i_mutex); |
| error = security_path_chown(&path, newattrs.ia_uid, newattrs.ia_gid); |
| if (!error) |
| error = notify_change2(path.mnt, path.dentry, &newattrs, &delegated_inode); |
| mutex_unlock(&inode->i_mutex); |
| if (delegated_inode) { |
| error = break_deleg_wait(&delegated_inode); |
| if (!error) |
| goto retry_deleg; |
| } |
| if (error) |
| pr_debug("sdcardfs: Failed to touch up lower fs gid/uid for %s\n", name); |
| } |
| sdcardfs_put_lower_path(dentry, &path); |
| } |
| |
| static int descendant_may_need_fixup(struct sdcardfs_inode_data *data, |
| struct limit_search *limit) |
| { |
| if (data->perm == PERM_ROOT) |
| return (limit->flags & BY_USERID) ? |
| data->userid == limit->userid : 1; |
| if (data->perm == PERM_PRE_ROOT || data->perm == PERM_ANDROID) |
| return 1; |
| return 0; |
| } |
| |
| static int needs_fixup(perm_t perm) |
| { |
| if (perm == PERM_ANDROID_DATA || perm == PERM_ANDROID_OBB |
| || perm == PERM_ANDROID_MEDIA) |
| return 1; |
| return 0; |
| } |
| |
| static void __fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit, int depth) |
| { |
| struct dentry *child; |
| struct sdcardfs_inode_info *info; |
| |
| /* |
| * All paths will terminate their recursion on hitting PERM_ANDROID_OBB, |
| * PERM_ANDROID_MEDIA, or PERM_ANDROID_DATA. This happens at a depth of |
| * at most 3. |
| */ |
| WARN(depth > 3, "%s: Max expected depth exceeded!\n", __func__); |
| spin_lock_nested(&dentry->d_lock, depth); |
| if (!d_inode(dentry)) { |
| spin_unlock(&dentry->d_lock); |
| return; |
| } |
| info = SDCARDFS_I(d_inode(dentry)); |
| |
| if (needs_fixup(info->data->perm)) { |
| list_for_each_entry(child, &dentry->d_subdirs, d_child) { |
| spin_lock_nested(&child->d_lock, depth + 1); |
| if (!(limit->flags & BY_NAME) || qstr_case_eq(&child->d_name, &limit->name)) { |
| if (d_inode(child)) { |
| get_derived_permission(dentry, child); |
| fixup_tmp_permissions(d_inode(child)); |
| spin_unlock(&child->d_lock); |
| break; |
| } |
| } |
| spin_unlock(&child->d_lock); |
| } |
| } else if (descendant_may_need_fixup(info->data, limit)) { |
| list_for_each_entry(child, &dentry->d_subdirs, d_child) { |
| __fixup_perms_recursive(child, limit, depth + 1); |
| } |
| } |
| spin_unlock(&dentry->d_lock); |
| } |
| |
| void fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit) |
| { |
| __fixup_perms_recursive(dentry, limit, 0); |
| } |
| |
| /* main function for updating derived permission */ |
| inline void update_derived_permission_lock(struct dentry *dentry) |
| { |
| struct dentry *parent; |
| |
| if (!dentry || !d_inode(dentry)) { |
| pr_err("sdcardfs: %s: invalid dentry\n", __func__); |
| return; |
| } |
| /* FIXME: |
| * 1. need to check whether the dentry is updated or not |
| * 2. remove the root dentry update |
| */ |
| if (!IS_ROOT(dentry)) { |
| parent = dget_parent(dentry); |
| if (parent) { |
| get_derived_permission(parent, dentry); |
| dput(parent); |
| } |
| } |
| fixup_tmp_permissions(d_inode(dentry)); |
| } |
| |
| int need_graft_path(struct dentry *dentry) |
| { |
| int ret = 0; |
| struct dentry *parent = dget_parent(dentry); |
| struct sdcardfs_inode_info *parent_info = SDCARDFS_I(d_inode(parent)); |
| struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb); |
| struct qstr obb = QSTR_LITERAL("obb"); |
| |
| if (parent_info->data->perm == PERM_ANDROID && |
| qstr_case_eq(&dentry->d_name, &obb)) { |
| |
| /* /Android/obb is the base obbpath of DERIVED_UNIFIED */ |
| if (!(sbi->options.multiuser == false |
| && parent_info->data->userid == 0)) { |
| ret = 1; |
| } |
| } |
| dput(parent); |
| return ret; |
| } |
| |
| int is_obbpath_invalid(struct dentry *dent) |
| { |
| int ret = 0; |
| struct sdcardfs_dentry_info *di = SDCARDFS_D(dent); |
| struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dent->d_sb); |
| char *path_buf, *obbpath_s; |
| int need_put = 0; |
| struct path lower_path; |
| |
| /* check the base obbpath has been changed. |
| * this routine can check an uninitialized obb dentry as well. |
| * regarding the uninitialized obb, refer to the sdcardfs_mkdir() |
| */ |
| spin_lock(&di->lock); |
| if (di->orig_path.dentry) { |
| if (!di->lower_path.dentry) { |
| ret = 1; |
| } else { |
| path_get(&di->lower_path); |
| |
| path_buf = kmalloc(PATH_MAX, GFP_ATOMIC); |
| if (!path_buf) { |
| ret = 1; |
| pr_err("sdcardfs: fail to allocate path_buf in %s.\n", __func__); |
| } else { |
| obbpath_s = d_path(&di->lower_path, path_buf, PATH_MAX); |
| if (d_unhashed(di->lower_path.dentry) || |
| !str_case_eq(sbi->obbpath_s, obbpath_s)) { |
| ret = 1; |
| } |
| kfree(path_buf); |
| } |
| |
| pathcpy(&lower_path, &di->lower_path); |
| need_put = 1; |
| } |
| } |
| spin_unlock(&di->lock); |
| if (need_put) |
| path_put(&lower_path); |
| return ret; |
| } |
| |
| int is_base_obbpath(struct dentry *dentry) |
| { |
| int ret = 0; |
| struct dentry *parent = dget_parent(dentry); |
| struct sdcardfs_inode_info *parent_info = SDCARDFS_I(d_inode(parent)); |
| struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb); |
| struct qstr q_obb = QSTR_LITERAL("obb"); |
| |
| spin_lock(&SDCARDFS_D(dentry)->lock); |
| if (sbi->options.multiuser) { |
| if (parent_info->data->perm == PERM_PRE_ROOT && |
| qstr_case_eq(&dentry->d_name, &q_obb)) { |
| ret = 1; |
| } |
| } else if (parent_info->data->perm == PERM_ANDROID && |
| qstr_case_eq(&dentry->d_name, &q_obb)) { |
| ret = 1; |
| } |
| spin_unlock(&SDCARDFS_D(dentry)->lock); |
| return ret; |
| } |
| |
| /* The lower_path will be stored to the dentry's orig_path |
| * and the base obbpath will be copyed to the lower_path variable. |
| * if an error returned, there's no change in the lower_path |
| * returns: -ERRNO if error (0: no error) |
| */ |
| int setup_obb_dentry(struct dentry *dentry, struct path *lower_path) |
| { |
| int err = 0; |
| struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb); |
| struct path obbpath; |
| |
| /* A local obb dentry must have its own orig_path to support rmdir |
| * and mkdir of itself. Usually, we expect that the sbi->obbpath |
| * is avaiable on this stage. |
| */ |
| sdcardfs_set_orig_path(dentry, lower_path); |
| |
| err = kern_path(sbi->obbpath_s, |
| LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &obbpath); |
| |
| if (!err) { |
| /* the obbpath base has been found */ |
| pathcpy(lower_path, &obbpath); |
| } else { |
| /* if the sbi->obbpath is not available, we can optionally |
| * setup the lower_path with its orig_path. |
| * but, the current implementation just returns an error |
| * because the sdcard daemon also regards this case as |
| * a lookup fail. |
| */ |
| pr_info("sdcardfs: the sbi->obbpath is not available\n"); |
| } |
| return err; |
| } |
| |
| |