2 * fs/sdcardfs/derived_perm.c
4 * Copyright (c) 2013 Samsung Electronics Co. Ltd
5 * Authors: Daeho Jeong, Woojoong Lee, Seunghwan Hyun,
6 * Sunghwan Yun, Sungjong Seo
8 * This program has been developed as a stackable file system based on
9 * the WrapFS which written by
11 * Copyright (c) 1998-2011 Erez Zadok
12 * Copyright (c) 2009 Shrikar Archak
13 * Copyright (c) 2003-2011 Stony Brook University
14 * Copyright (c) 2003-2011 The Research Foundation of SUNY
16 * This file is dual licensed. It may be redistributed and/or modified
17 * under the terms of the Apache 2.0 License OR version 2 of the GNU
18 * General Public License.
23 /* copy derived state from parent inode */
24 static void inherit_derived_state(struct inode
*parent
, struct inode
*child
)
26 struct sdcardfs_inode_info
*pi
= SDCARDFS_I(parent
);
27 struct sdcardfs_inode_info
*ci
= SDCARDFS_I(child
);
29 ci
->data
->perm
= PERM_INHERIT
;
30 ci
->data
->userid
= pi
->data
->userid
;
31 ci
->data
->d_uid
= pi
->data
->d_uid
;
32 ci
->data
->under_android
= pi
->data
->under_android
;
33 ci
->data
->under_cache
= pi
->data
->under_cache
;
34 ci
->data
->under_obb
= pi
->data
->under_obb
;
37 /* helper function for derived state */
38 void setup_derived_state(struct inode
*inode
, perm_t perm
, userid_t userid
,
41 struct sdcardfs_inode_info
*info
= SDCARDFS_I(inode
);
43 info
->data
->perm
= perm
;
44 info
->data
->userid
= userid
;
45 info
->data
->d_uid
= uid
;
46 info
->data
->under_android
= false;
47 info
->data
->under_cache
= false;
48 info
->data
->under_obb
= false;
51 /* While renaming, there is a point where we want the path from dentry,
52 * but the name from newdentry
54 void get_derived_permission_new(struct dentry
*parent
, struct dentry
*dentry
,
55 const struct qstr
*name
)
57 struct sdcardfs_inode_info
*info
= SDCARDFS_I(dentry
->d_inode
);
58 struct sdcardfs_inode_info
*parent_info
= SDCARDFS_I(parent
->d_inode
);
59 struct sdcardfs_inode_data
*parent_data
= parent_info
->data
;
61 unsigned long user_num
;
63 struct qstr q_Android
= QSTR_LITERAL("Android");
64 struct qstr q_data
= QSTR_LITERAL("data");
65 struct qstr q_sandbox
= QSTR_LITERAL("sandbox");
66 struct qstr q_obb
= QSTR_LITERAL("obb");
67 struct qstr q_media
= QSTR_LITERAL("media");
68 struct qstr q_cache
= QSTR_LITERAL("cache");
70 /* By default, each inode inherits from its parent.
71 * the properties are maintained on its private fields
72 * because the inode attributes will be modified with that of
74 * These values are used by our custom permission call instead
75 * of using the inode permissions.
78 inherit_derived_state(parent
->d_inode
, dentry
->d_inode
);
80 /* Files don't get special labels */
81 if (!S_ISDIR(dentry
->d_inode
->i_mode
)) {
82 set_top(info
, parent_info
);
85 /* Derive custom permissions based on parent and current node */
86 switch (parent_data
->perm
) {
88 case PERM_ANDROID_PACKAGE_CACHE
:
89 set_top(info
, parent_info
);
92 /* Legacy internal layout places users at top level */
93 info
->data
->perm
= PERM_ROOT
;
94 err
= kstrtoul(name
->name
, 10, &user_num
);
96 info
->data
->userid
= 0;
98 info
->data
->userid
= user_num
;
101 /* Assume masked off by default. */
102 if (qstr_case_eq(name
, &q_Android
)) {
103 /* App-specific directories inside; let anyone traverse */
104 info
->data
->perm
= PERM_ANDROID
;
105 info
->data
->under_android
= true;
107 set_top(info
, parent_info
);
111 if (qstr_case_eq(name
, &q_data
)) {
112 /* App-specific directories inside; let anyone traverse */
113 info
->data
->perm
= PERM_ANDROID_DATA
;
114 } else if (qstr_case_eq(name
, &q_sandbox
)) {
115 /* App-specific directories inside; let anyone traverse */
116 info
->data
->perm
= PERM_ANDROID_DATA
;
117 } else if (qstr_case_eq(name
, &q_obb
)) {
118 /* App-specific directories inside; let anyone traverse */
119 info
->data
->perm
= PERM_ANDROID_OBB
;
120 info
->data
->under_obb
= true;
121 /* Single OBB directory is always shared */
122 } else if (qstr_case_eq(name
, &q_media
)) {
123 /* App-specific directories inside; let anyone traverse */
124 info
->data
->perm
= PERM_ANDROID_MEDIA
;
126 set_top(info
, parent_info
);
129 case PERM_ANDROID_OBB
:
130 case PERM_ANDROID_DATA
:
131 case PERM_ANDROID_MEDIA
:
132 info
->data
->perm
= PERM_ANDROID_PACKAGE
;
133 appid
= get_appid(name
->name
);
134 if (appid
!= 0 && !is_excluded(name
->name
, parent_data
->userid
))
136 multiuser_get_uid(parent_data
->userid
, appid
);
138 case PERM_ANDROID_PACKAGE
:
139 if (qstr_case_eq(name
, &q_cache
)) {
140 info
->data
->perm
= PERM_ANDROID_PACKAGE_CACHE
;
141 info
->data
->under_cache
= true;
143 set_top(info
, parent_info
);
148 void get_derived_permission(struct dentry
*parent
, struct dentry
*dentry
)
150 get_derived_permission_new(parent
, dentry
, &dentry
->d_name
);
153 static appid_t
get_type(const char *name
)
155 const char *ext
= strrchr(name
, '.');
160 id
= get_ext_gid(ext
);
161 return id
?:AID_MEDIA_RW
;
166 void fixup_lower_ownership(struct dentry
*dentry
, const char *name
)
171 struct sdcardfs_inode_info
*info
;
172 struct sdcardfs_inode_data
*info_d
;
173 struct sdcardfs_inode_data
*info_top
;
175 struct sdcardfs_sb_info
*sbi
= SDCARDFS_SB(dentry
->d_sb
);
176 uid_t uid
= sbi
->options
.fs_low_uid
;
177 gid_t gid
= sbi
->options
.fs_low_gid
;
178 struct iattr newattrs
;
180 if (!sbi
->options
.gid_derivation
)
183 info
= SDCARDFS_I(dentry
->d_inode
);
186 if (info_d
->under_obb
) {
187 perm
= PERM_ANDROID_OBB
;
188 } else if (info_d
->under_cache
) {
189 perm
= PERM_ANDROID_PACKAGE_CACHE
;
190 } else if (perm
== PERM_INHERIT
) {
191 info_top
= top_data_get(info
);
192 perm
= info_top
->perm
;
199 case PERM_ANDROID_DATA
:
200 case PERM_ANDROID_MEDIA
:
201 case PERM_ANDROID_PACKAGE
:
202 case PERM_ANDROID_PACKAGE_CACHE
:
203 uid
= multiuser_get_uid(info_d
->userid
, uid
);
205 case PERM_ANDROID_OBB
:
215 case PERM_ANDROID_DATA
:
216 case PERM_ANDROID_MEDIA
:
217 if (S_ISDIR(dentry
->d_inode
->i_mode
))
218 gid
= multiuser_get_uid(info_d
->userid
, AID_MEDIA_RW
);
220 gid
= multiuser_get_uid(info_d
->userid
, get_type(name
));
222 case PERM_ANDROID_OBB
:
225 case PERM_ANDROID_PACKAGE
:
226 if (uid_is_app(info_d
->d_uid
))
227 gid
= multiuser_get_ext_gid(info_d
->d_uid
);
229 gid
= multiuser_get_uid(info_d
->userid
, AID_MEDIA_RW
);
231 case PERM_ANDROID_PACKAGE_CACHE
:
232 if (uid_is_app(info_d
->d_uid
))
233 gid
= multiuser_get_ext_cache_gid(info_d
->d_uid
);
235 gid
= multiuser_get_uid(info_d
->userid
, AID_MEDIA_RW
);
242 sdcardfs_get_lower_path(dentry
, &path
);
243 inode
= path
.dentry
->d_inode
;
244 if (path
.dentry
->d_inode
->i_gid
!= gid
|| path
.dentry
->d_inode
->i_uid
!= uid
) {
245 newattrs
.ia_valid
= ATTR_GID
| ATTR_UID
| ATTR_FORCE
;
246 newattrs
.ia_uid
= make_kuid(current_user_ns(), uid
);
247 newattrs
.ia_gid
= make_kgid(current_user_ns(), gid
);
248 if (!S_ISDIR(inode
->i_mode
))
250 ATTR_KILL_SUID
| ATTR_KILL_SGID
| ATTR_KILL_PRIV
;
251 mutex_lock(&inode
->i_mutex
);
252 error
= security_path_chown(&path
, newattrs
.ia_uid
, newattrs
.ia_gid
);
254 error
= notify_change2(path
.mnt
, path
.dentry
, &newattrs
);
255 mutex_unlock(&inode
->i_mutex
);
257 pr_debug("sdcardfs: Failed to touch up lower fs gid/uid for %s\n", name
);
259 sdcardfs_put_lower_path(dentry
, &path
);
262 static int descendant_may_need_fixup(struct sdcardfs_inode_data
*data
,
263 struct limit_search
*limit
)
265 if (data
->perm
== PERM_ROOT
)
266 return (limit
->flags
& BY_USERID
) ?
267 data
->userid
== limit
->userid
: 1;
268 if (data
->perm
== PERM_PRE_ROOT
|| data
->perm
== PERM_ANDROID
)
273 static int needs_fixup(perm_t perm
)
275 if (perm
== PERM_ANDROID_DATA
|| perm
== PERM_ANDROID_OBB
276 || perm
== PERM_ANDROID_MEDIA
)
281 static void __fixup_perms_recursive(struct dentry
*dentry
, struct limit_search
*limit
, int depth
)
283 struct dentry
*child
;
284 struct sdcardfs_inode_info
*info
;
287 * All paths will terminate their recursion on hitting PERM_ANDROID_OBB,
288 * PERM_ANDROID_MEDIA, or PERM_ANDROID_DATA. This happens at a depth of
291 WARN(depth
> 3, "%s: Max expected depth exceeded!\n", __func__
);
292 spin_lock_nested(&dentry
->d_lock
, depth
);
293 if (!dentry
->d_inode
) {
294 spin_unlock(&dentry
->d_lock
);
297 info
= SDCARDFS_I(dentry
->d_inode
);
299 if (needs_fixup(info
->data
->perm
)) {
300 list_for_each_entry(child
, &dentry
->d_subdirs
, d_child
) {
301 spin_lock_nested(&child
->d_lock
, depth
+ 1);
302 if (!(limit
->flags
& BY_NAME
) || qstr_case_eq(&child
->d_name
, &limit
->name
)) {
303 if (child
->d_inode
) {
304 get_derived_permission(dentry
, child
);
305 fixup_tmp_permissions(child
->d_inode
);
306 spin_unlock(&child
->d_lock
);
310 spin_unlock(&child
->d_lock
);
312 } else if (descendant_may_need_fixup(info
->data
, limit
)) {
313 list_for_each_entry(child
, &dentry
->d_subdirs
, d_child
) {
314 __fixup_perms_recursive(child
, limit
, depth
+ 1);
317 spin_unlock(&dentry
->d_lock
);
320 void fixup_perms_recursive(struct dentry
*dentry
, struct limit_search
*limit
)
322 __fixup_perms_recursive(dentry
, limit
, 0);
325 /* main function for updating derived permission */
326 inline void update_derived_permission_lock(struct dentry
*dentry
)
328 struct dentry
*parent
;
330 if (!dentry
|| !dentry
->d_inode
) {
331 pr_err("sdcardfs: %s: invalid dentry\n", __func__
);
335 * 1. need to check whether the dentry is updated or not
336 * 2. remove the root dentry update
338 if (!IS_ROOT(dentry
)) {
339 parent
= dget_parent(dentry
);
341 get_derived_permission(parent
, dentry
);
345 fixup_tmp_permissions(dentry
->d_inode
);
348 int need_graft_path(struct dentry
*dentry
)
351 struct dentry
*parent
= dget_parent(dentry
);
352 struct sdcardfs_inode_info
*parent_info
= SDCARDFS_I(parent
->d_inode
);
353 struct sdcardfs_sb_info
*sbi
= SDCARDFS_SB(dentry
->d_sb
);
354 struct qstr obb
= QSTR_LITERAL("obb");
356 if (parent_info
->data
->perm
== PERM_ANDROID
&&
357 qstr_case_eq(&dentry
->d_name
, &obb
)) {
359 /* /Android/obb is the base obbpath of DERIVED_UNIFIED */
360 if (!(sbi
->options
.multiuser
== false
361 && parent_info
->data
->userid
== 0)) {
369 int is_obbpath_invalid(struct dentry
*dent
)
372 struct sdcardfs_dentry_info
*di
= SDCARDFS_D(dent
);
373 struct sdcardfs_sb_info
*sbi
= SDCARDFS_SB(dent
->d_sb
);
374 char *path_buf
, *obbpath_s
;
376 struct path lower_path
;
378 /* check the base obbpath has been changed.
379 * this routine can check an uninitialized obb dentry as well.
380 * regarding the uninitialized obb, refer to the sdcardfs_mkdir()
382 spin_lock(&di
->lock
);
383 if (di
->orig_path
.dentry
) {
384 if (!di
->lower_path
.dentry
) {
387 path_get(&di
->lower_path
);
389 path_buf
= kmalloc(PATH_MAX
, GFP_ATOMIC
);
392 pr_err("sdcardfs: fail to allocate path_buf in %s.\n", __func__
);
394 obbpath_s
= d_path(&di
->lower_path
, path_buf
, PATH_MAX
);
395 if (d_unhashed(di
->lower_path
.dentry
) ||
396 !str_case_eq(sbi
->obbpath_s
, obbpath_s
)) {
402 pathcpy(&lower_path
, &di
->lower_path
);
406 spin_unlock(&di
->lock
);
408 path_put(&lower_path
);
412 int is_base_obbpath(struct dentry
*dentry
)
415 struct dentry
*parent
= dget_parent(dentry
);
416 struct sdcardfs_inode_info
*parent_info
= SDCARDFS_I(parent
->d_inode
);
417 struct sdcardfs_sb_info
*sbi
= SDCARDFS_SB(dentry
->d_sb
);
418 struct qstr q_obb
= QSTR_LITERAL("obb");
420 spin_lock(&SDCARDFS_D(dentry
)->lock
);
421 if (sbi
->options
.multiuser
) {
422 if (parent_info
->data
->perm
== PERM_PRE_ROOT
&&
423 qstr_case_eq(&dentry
->d_name
, &q_obb
)) {
426 } else if (parent_info
->data
->perm
== PERM_ANDROID
&&
427 qstr_case_eq(&dentry
->d_name
, &q_obb
)) {
430 spin_unlock(&SDCARDFS_D(dentry
)->lock
);
434 /* The lower_path will be stored to the dentry's orig_path
435 * and the base obbpath will be copyed to the lower_path variable.
436 * if an error returned, there's no change in the lower_path
437 * returns: -ERRNO if error (0: no error)
439 int setup_obb_dentry(struct dentry
*dentry
, struct path
*lower_path
)
442 struct sdcardfs_sb_info
*sbi
= SDCARDFS_SB(dentry
->d_sb
);
445 /* A local obb dentry must have its own orig_path to support rmdir
446 * and mkdir of itself. Usually, we expect that the sbi->obbpath
447 * is avaiable on this stage.
449 sdcardfs_set_orig_path(dentry
, lower_path
);
451 err
= kern_path(sbi
->obbpath_s
,
452 LOOKUP_FOLLOW
| LOOKUP_DIRECTORY
, &obbpath
);
455 /* the obbpath base has been found */
456 pathcpy(lower_path
, &obbpath
);
458 /* if the sbi->obbpath is not available, we can optionally
459 * setup the lower_path with its orig_path.
460 * but, the current implementation just returns an error
461 * because the sdcard daemon also regards this case as
464 pr_info("sdcardfs: the sbi->obbpath is not available\n");