Revert "Revert "Add support for gid derivation on private volumes""
am: 958c216d87
Change-Id: Ic75b411b3aec784cdc19db3e5bedda7cd21a5306
diff --git a/Android.mk b/Android.mk
index d0b199d..4d812b7 100644
--- a/Android.mk
+++ b/Android.mk
@@ -2,9 +2,6 @@
common_src_files := \
VolumeManager.cpp \
- CommandListener.cpp \
- CryptCommandListener.cpp \
- VoldCommand.cpp \
NetlinkManager.cpp \
NetlinkHandler.cpp \
Process.cpp \
@@ -13,19 +10,19 @@
fs/Vfat.cpp \
Loop.cpp \
Devmapper.cpp \
- ResponseCode.cpp \
CheckBattery.cpp \
Ext4Crypt.cpp \
VoldUtil.c \
cryptfs.cpp \
- Disk.cpp \
- VolumeBase.cpp \
- PublicVolume.cpp \
- PrivateVolume.cpp \
- EmulatedVolume.cpp \
+ model/Disk.cpp \
+ model/VolumeBase.cpp \
+ model/PublicVolume.cpp \
+ model/PrivateVolume.cpp \
+ model/EmulatedVolume.cpp \
+ model/ObbVolume.cpp \
Utils.cpp \
MoveTask.cpp \
- Benchmark.cpp \
+ BenchmarkTask.cpp \
TrimTask.cpp \
KeyBuffer.cpp \
Keymaster.cpp \
@@ -35,6 +32,16 @@
secontext.cpp \
EncryptInplace.cpp \
MetadataCrypt.cpp \
+ VoldNativeService.cpp \
+
+common_aidl_files := \
+ binder/android/os/IVold.aidl \
+ binder/android/os/IVoldListener.aidl \
+ binder/android/os/IVoldTaskListener.aidl \
+
+common_aidl_includes := \
+ $(LOCAL_PATH)/binder \
+ frameworks/native/aidl/binder \
common_c_includes := \
system/extras/f2fs_utils \
@@ -75,24 +82,17 @@
libbatteryservice \
libavb \
-# TODO: include "cert-err34-c" once we move to Binder
# TODO: include "cert-err58-cpp" once 36656327 is fixed
+common_local_tidy_enabled := true
common_local_tidy_flags := -warnings-as-errors=clang-analyzer-security*,cert-*
-common_local_tidy_checks := -*,clang-analyzer-security*,cert-*,-cert-err34-c,-cert-err58-cpp
+common_local_tidy_checks := -*,clang-analyzer-security*,cert-*,-cert-err58-cpp
vold_conlyflags := -std=c11
vold_cflags := -Werror -Wall -Wno-missing-field-initializers -Wno-unused-variable -Wno-unused-parameter
required_modules :=
ifeq ($(TARGET_USERIMAGES_USE_EXT4), true)
- ifeq ($(TARGET_USES_MKE2FS), true)
- vold_cflags += -DTARGET_USES_MKE2FS
- required_modules += mke2fs
- else
- # Adoptable storage has fully moved to mke2fs, so we need both tools
- required_modules += mke2fs
- required_modules += make_ext4fs
- endif
+ required_modules += mke2fs
endif
include $(CLEAR_VARS)
@@ -100,10 +100,10 @@
LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
LOCAL_MODULE := libvold
LOCAL_CLANG := true
-LOCAL_TIDY := true
+LOCAL_TIDY := $(common_local_tidy_enabled)
LOCAL_TIDY_FLAGS := $(common_local_tidy_flags)
LOCAL_TIDY_CHECKS := $(common_local_tidy_checks)
-LOCAL_SRC_FILES := $(common_src_files)
+LOCAL_SRC_FILES := $(common_src_files) $(common_aidl_files)
LOCAL_C_INCLUDES := $(common_c_includes)
LOCAL_SHARED_LIBRARIES := $(common_shared_libraries)
LOCAL_STATIC_LIBRARIES := $(common_static_libraries)
@@ -112,6 +112,8 @@
LOCAL_CONLYFLAGS := $(vold_conlyflags)
LOCAL_REQUIRED_MODULES := $(required_modules)
+LOCAL_AIDL_INCLUDES := $(common_aidl_includes)
+
include $(BUILD_STATIC_LIBRARY)
include $(CLEAR_VARS)
@@ -119,12 +121,13 @@
LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
LOCAL_MODULE := vold
LOCAL_CLANG := true
-LOCAL_TIDY := true
+LOCAL_TIDY := $(common_local_tidy_enabled)
LOCAL_TIDY_FLAGS := $(common_local_tidy_flags)
LOCAL_TIDY_CHECKS := $(common_local_tidy_checks)
LOCAL_SRC_FILES := \
main.cpp \
- $(common_src_files)
+ $(common_src_files) \
+ $(common_aidl_files) \
LOCAL_INIT_RC := vold.rc
@@ -136,29 +139,37 @@
LOCAL_STATIC_LIBRARIES := $(common_static_libraries)
LOCAL_REQUIRED_MODULES := $(required_modules)
+LOCAL_AIDL_INCLUDES := $(common_aidl_includes)
+
include $(BUILD_EXECUTABLE)
include $(CLEAR_VARS)
LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
LOCAL_CLANG := true
-LOCAL_TIDY := true
+LOCAL_TIDY := $(common_local_tidy_enabled)
LOCAL_TIDY_FLAGS := $(common_local_tidy_flags)
LOCAL_TIDY_CHECKS := $(common_local_tidy_checks)
-LOCAL_SRC_FILES := vdc.cpp
+
+LOCAL_SRC_FILES := \
+ vdc.cpp \
+ $(common_aidl_files) \
+
LOCAL_MODULE := vdc
-LOCAL_SHARED_LIBRARIES := libcutils libbase
+LOCAL_SHARED_LIBRARIES := libbase libbinder libcutils libutils
LOCAL_CFLAGS := $(vold_cflags)
LOCAL_CONLYFLAGS := $(vold_conlyflags)
LOCAL_INIT_RC := vdc.rc
+LOCAL_AIDL_INCLUDES := $(common_aidl_includes)
+
include $(BUILD_EXECUTABLE)
include $(CLEAR_VARS)
LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
LOCAL_CLANG := true
-LOCAL_TIDY := true
+LOCAL_TIDY := $(common_local_tidy_enabled)
LOCAL_TIDY_FLAGS := $(common_local_tidy_flags)
LOCAL_TIDY_CHECKS := $(common_local_tidy_checks)
LOCAL_SRC_FILES:= \
diff --git a/Asec.h b/Asec.h
deleted file mode 100644
index dd64fd0..0000000
--- a/Asec.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2008 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef _ASEC_H
-#define _ASEC_H
-
-struct asec_superblock {
-#define ASEC_SB_MAGIC 0xc0def00d
- unsigned int magic;
-
-#define ASEC_SB_VER 1
- unsigned char ver;
-
-#define ASEC_SB_C_CIPHER_NONE 0
-#define ASEC_SB_C_CIPHER_TWOFISH 1
-#define ASEC_SB_C_CIPHER_AES 2
- unsigned char c_cipher;
-
-#define ASEC_SB_C_CHAIN_NONE 0
- unsigned char c_chain;
-
-#define ASEC_SB_C_OPTS_NONE 0
-#define ASEC_SB_C_OPTS_EXT4 1
- unsigned char c_opts;
-
-#define ASEC_SB_C_MODE_NONE 0
- unsigned char c_mode;
-} __attribute__((packed));
-
-#endif
diff --git a/Benchmark.h b/Benchmark.h
deleted file mode 100644
index 13f9009..0000000
--- a/Benchmark.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef ANDROID_VOLD_BENCHMARK_H
-#define ANDROID_VOLD_BENCHMARK_H
-
-#include <utils/Errors.h>
-#include <utils/Timers.h>
-
-#include <string>
-
-namespace android {
-namespace vold {
-
-/* Benchmark a private volume mounted at the given path */
-nsecs_t BenchmarkPrivate(const std::string& path);
-
-} // namespace vold
-} // namespace android
-
-#endif
diff --git a/Benchmark.cpp b/BenchmarkTask.cpp
similarity index 70%
rename from Benchmark.cpp
rename to BenchmarkTask.cpp
index bbab792..d10d792 100644
--- a/Benchmark.cpp
+++ b/BenchmarkTask.cpp
@@ -14,14 +14,14 @@
* limitations under the License.
*/
-#include "Benchmark.h"
+#include "BenchmarkTask.h"
#include "BenchmarkGen.h"
#include "VolumeManager.h"
-#include "ResponseCode.h"
#include <android-base/file.h>
#include <android-base/logging.h>
#include <cutils/iosched_policy.h>
+#include <hardware_legacy/power.h>
#include <private/android_filesystem_config.h>
#include <sys/time.h>
@@ -36,19 +36,35 @@
namespace android {
namespace vold {
-static void notifyResult(const std::string& path, int64_t create_d,
- int64_t drop_d, int64_t run_d, int64_t destroy_d) {
- std::string res(path +
- + " " + BenchmarkIdent()
- + " " + std::to_string(create_d)
- + " " + std::to_string(drop_d)
- + " " + std::to_string(run_d)
- + " " + std::to_string(destroy_d));
- VolumeManager::Instance()->getBroadcaster()->sendBroadcast(
- ResponseCode::BenchmarkResult, res.c_str(), false);
+static const char* kWakeLock = "BenchmarkTask";
+
+BenchmarkTask::BenchmarkTask(const std::string& path,
+ const android::sp<android::os::IVoldTaskListener>& listener) :
+ mPath(path), mListener(listener) {
}
-static nsecs_t benchmark(const std::string& path) {
+BenchmarkTask::~BenchmarkTask() {
+}
+
+void BenchmarkTask::start() {
+ mThread = std::thread(&BenchmarkTask::run, this);
+}
+
+static status_t runInternal(const std::string& rootPath, android::os::PersistableBundle& extras) {
+ auto path = rootPath;
+ path += "/misc";
+ if (android::vold::PrepareDir(path, 01771, AID_SYSTEM, AID_MISC)) {
+ return -1;
+ }
+ path += "/vold";
+ if (android::vold::PrepareDir(path, 0700, AID_ROOT, AID_ROOT)) {
+ return -1;
+ }
+ path += "/bench";
+ if (android::vold::PrepareDir(path, 0700, AID_ROOT, AID_ROOT)) {
+ return -1;
+ }
+
errno = 0;
int orig_prio = getpriority(PRIO_PROCESS, 0);
if (errno != 0) {
@@ -127,26 +143,26 @@
LOG(INFO) << "run took " << nanoseconds_to_milliseconds(run_d) << "ms";
LOG(INFO) << "destroy took " << nanoseconds_to_milliseconds(destroy_d) << "ms";
- notifyResult(path, create_d, drop_d, run_d, destroy_d);
+ extras.putString(String16("path"), String16(path.c_str()));
+ extras.putString(String16("ident"), String16(BenchmarkIdent().c_str()));
+ extras.putLong(String16("create"), create_d);
+ extras.putLong(String16("drop"), drop_d);
+ extras.putLong(String16("run"), run_d);
+ extras.putLong(String16("destroy"), destroy_d);
- return run_d;
+ return 0;
}
-nsecs_t BenchmarkPrivate(const std::string& path) {
- std::string benchPath(path);
- benchPath += "/misc";
- if (android::vold::PrepareDir(benchPath, 01771, AID_SYSTEM, AID_MISC)) {
- return -1;
+void BenchmarkTask::run() {
+ acquire_wake_lock(PARTIAL_WAKE_LOCK, kWakeLock);
+
+ android::os::PersistableBundle extras;
+ status_t res = runInternal(mPath, extras);
+ if (mListener) {
+ mListener->onFinished(res, extras);
}
- benchPath += "/vold";
- if (android::vold::PrepareDir(benchPath, 0700, AID_ROOT, AID_ROOT)) {
- return -1;
- }
- benchPath += "/bench";
- if (android::vold::PrepareDir(benchPath, 0700, AID_ROOT, AID_ROOT)) {
- return -1;
- }
- return benchmark(benchPath);
+
+ release_wake_lock(kWakeLock);
}
} // namespace vold
diff --git a/BenchmarkTask.h b/BenchmarkTask.h
new file mode 100644
index 0000000..dfa3922
--- /dev/null
+++ b/BenchmarkTask.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ANDROID_VOLD_BENCHMARK_TASK_H
+#define ANDROID_VOLD_BENCHMARK_TASK_H
+
+#include "android/os/IVoldTaskListener.h"
+#include "Utils.h"
+
+#include <string>
+#include <thread>
+
+namespace android {
+namespace vold {
+
+class BenchmarkTask {
+public:
+ BenchmarkTask(const std::string& path,
+ const android::sp<android::os::IVoldTaskListener>& listener);
+ virtual ~BenchmarkTask();
+
+ void start();
+
+private:
+ std::string mPath;
+ android::sp<android::os::IVoldTaskListener> mListener;
+ std::thread mThread;
+
+ void run();
+
+ DISALLOW_COPY_AND_ASSIGN(BenchmarkTask);
+};
+
+} // namespace vold
+} // namespace android
+
+#endif
diff --git a/CommandListener.cpp b/CommandListener.cpp
deleted file mode 100644
index 8da3f69..0000000
--- a/CommandListener.cpp
+++ /dev/null
@@ -1,877 +0,0 @@
-/*
- * Copyright (C) 2008 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <stdlib.h>
-#include <sys/mount.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <fs_mgr.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdint.h>
-#include <inttypes.h>
-#include <ctype.h>
-
-#define LOG_TAG "VoldCmdListener"
-
-#include <android-base/logging.h>
-#include <android-base/stringprintf.h>
-#include <android-base/unique_fd.h>
-#include <cutils/fs.h>
-
-#include <sysutils/SocketClient.h>
-#include <private/android_filesystem_config.h>
-
-#include "CommandListener.h"
-#include "VolumeManager.h"
-#include "VolumeBase.h"
-#include "ResponseCode.h"
-#include "Process.h"
-#include "Loop.h"
-#include "Devmapper.h"
-#include "MoveTask.h"
-#include "TrimTask.h"
-
-#define DUMP_ARGS 0
-#define DEBUG_APPFUSE 0
-
-using android::base::unique_fd;
-
-CommandListener::CommandListener() :
- FrameworkListener("vold", true) {
- registerCmd(new DumpCmd());
- registerCmd(new VolumeCmd());
- registerCmd(new AsecCmd());
- registerCmd(new ObbCmd());
- registerCmd(new StorageCmd());
- registerCmd(new FstrimCmd());
- registerCmd(new AppFuseCmd());
-}
-
-#if DUMP_ARGS
-void CommandListener::dumpArgs(int argc, char **argv, int argObscure) {
- char buffer[4096];
- char *p = buffer;
-
- memset(buffer, 0, sizeof(buffer));
- int i;
- for (i = 0; i < argc; i++) {
- unsigned int len = strlen(argv[i]) + 1; // Account for space
- if (i == argObscure) {
- len += 2; // Account for {}
- }
- if (((p - buffer) + len) < (sizeof(buffer)-1)) {
- if (i == argObscure) {
- *p++ = '{';
- *p++ = '}';
- *p++ = ' ';
- continue;
- }
- strcpy(p, argv[i]);
- p+= strlen(argv[i]);
- if (i != (argc -1)) {
- *p++ = ' ';
- }
- }
- }
- SLOGD("%s", buffer);
-}
-#else
-void CommandListener::dumpArgs(int /*argc*/, char ** /*argv*/, int /*argObscure*/) { }
-#endif
-
-int CommandListener::sendGenericOkFail(SocketClient *cli, int cond) {
- if (!cond) {
- return cli->sendMsg(ResponseCode::CommandOkay, "Command succeeded", false);
- } else {
- return cli->sendMsg(ResponseCode::OperationFailed, "Command failed", false);
- }
-}
-
-CommandListener::DumpCmd::DumpCmd() :
- VoldCommand("dump") {
-}
-
-int CommandListener::DumpCmd::runCommand(SocketClient *cli,
- int /*argc*/, char ** /*argv*/) {
- cli->sendMsg(0, "Dumping loop status", false);
- if (Loop::dumpState(cli)) {
- cli->sendMsg(ResponseCode::CommandOkay, "Loop dump failed", true);
- }
- cli->sendMsg(0, "Dumping DM status", false);
- if (Devmapper::dumpState(cli)) {
- cli->sendMsg(ResponseCode::CommandOkay, "Devmapper dump failed", true);
- }
- cli->sendMsg(0, "Dumping mounted filesystems", false);
- FILE *fp = fopen("/proc/mounts", "re");
- if (fp) {
- char line[1024];
- while (fgets(line, sizeof(line), fp)) {
- line[strlen(line)-1] = '\0';
- cli->sendMsg(0, line, false);;
- }
- fclose(fp);
- }
-
- cli->sendMsg(ResponseCode::CommandOkay, "dump complete", false);
- return 0;
-}
-
-CommandListener::VolumeCmd::VolumeCmd() :
- VoldCommand("volume") {
-}
-
-int CommandListener::VolumeCmd::runCommand(SocketClient *cli,
- int argc, char **argv) {
- dumpArgs(argc, argv, -1);
-
- if (argc < 2) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false);
- return 0;
- }
-
- VolumeManager *vm = VolumeManager::Instance();
- std::lock_guard<std::mutex> lock(vm->getLock());
-
- // TODO: tease out methods not directly related to volumes
-
- std::string cmd(argv[1]);
- if (cmd == "reset") {
- return sendGenericOkFail(cli, vm->reset());
-
- } else if (cmd == "shutdown") {
- return sendGenericOkFail(cli, vm->shutdown());
-
- } else if (cmd == "debug") {
- return sendGenericOkFail(cli, vm->setDebug(true));
-
- } else if (cmd == "partition" && argc > 3) {
- // partition [diskId] [public|private|mixed] [ratio]
- std::string id(argv[2]);
- auto disk = vm->findDisk(id);
- if (disk == nullptr) {
- return cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown disk", false);
- }
-
- std::string type(argv[3]);
- if (type == "public") {
- return sendGenericOkFail(cli, disk->partitionPublic());
- } else if (type == "private") {
- return sendGenericOkFail(cli, disk->partitionPrivate());
- } else if (type == "mixed") {
- if (argc < 4) {
- return cli->sendMsg(ResponseCode::CommandSyntaxError, nullptr, false);
- }
- int frac = atoi(argv[4]);
- return sendGenericOkFail(cli, disk->partitionMixed(frac));
- } else {
- return cli->sendMsg(ResponseCode::CommandSyntaxError, nullptr, false);
- }
-
- } else if (cmd == "mkdirs" && argc > 2) {
- // mkdirs [path]
- return sendGenericOkFail(cli, vm->mkdirs(argv[2]));
-
- } else if (cmd == "user_added" && argc > 3) {
- // user_added [user] [serial]
- return sendGenericOkFail(cli, vm->onUserAdded(atoi(argv[2]), atoi(argv[3])));
-
- } else if (cmd == "user_removed" && argc > 2) {
- // user_removed [user]
- return sendGenericOkFail(cli, vm->onUserRemoved(atoi(argv[2])));
-
- } else if (cmd == "user_started" && argc > 2) {
- // user_started [user]
- return sendGenericOkFail(cli, vm->onUserStarted(atoi(argv[2])));
-
- } else if (cmd == "user_stopped" && argc > 2) {
- // user_stopped [user]
- return sendGenericOkFail(cli, vm->onUserStopped(atoi(argv[2])));
-
- } else if (cmd == "mount" && argc > 2) {
- // mount [volId] [flags] [user]
- std::string id(argv[2]);
- auto vol = vm->findVolume(id);
- if (vol == nullptr) {
- return cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown volume", false);
- }
-
- int mountFlags = (argc > 3) ? atoi(argv[3]) : 0;
- userid_t mountUserId = (argc > 4) ? atoi(argv[4]) : -1;
-
- vol->setMountFlags(mountFlags);
- vol->setMountUserId(mountUserId);
-
- int res = vol->mount();
- if (mountFlags & android::vold::VolumeBase::MountFlags::kPrimary) {
- vm->setPrimary(vol);
- }
- return sendGenericOkFail(cli, res);
-
- } else if (cmd == "unmount" && argc > 2) {
- // unmount [volId]
- std::string id(argv[2]);
- auto vol = vm->findVolume(id);
- if (vol == nullptr) {
- return cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown volume", false);
- }
-
- return sendGenericOkFail(cli, vol->unmount());
-
- } else if (cmd == "format" && argc > 3) {
- // format [volId] [fsType|auto]
- std::string id(argv[2]);
- std::string fsType(argv[3]);
- auto vol = vm->findVolume(id);
- if (vol == nullptr) {
- return cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown volume", false);
- }
-
- return sendGenericOkFail(cli, vol->format(fsType));
-
- } else if (cmd == "move_storage" && argc > 3) {
- // move_storage [fromVolId] [toVolId]
- auto fromVol = vm->findVolume(std::string(argv[2]));
- auto toVol = vm->findVolume(std::string(argv[3]));
- if (fromVol == nullptr || toVol == nullptr) {
- return cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown volume", false);
- }
-
- (new android::vold::MoveTask(fromVol, toVol))->start();
- return sendGenericOkFail(cli, 0);
-
- } else if (cmd == "benchmark" && argc > 2) {
- // benchmark [volId]
- std::string id(argv[2]);
- nsecs_t res = vm->benchmarkPrivate(id);
- return cli->sendMsg(ResponseCode::CommandOkay,
- android::base::StringPrintf("%" PRId64, res).c_str(), false);
-
- } else if (cmd == "forget_partition" && argc > 2) {
- // forget_partition [partGuid]
- std::string partGuid(argv[2]);
- return sendGenericOkFail(cli, vm->forgetPartition(partGuid));
-
- } else if (cmd == "remount_uid" && argc > 3) {
- // remount_uid [uid] [none|default|read|write]
- uid_t uid = atoi(argv[2]);
- std::string mode(argv[3]);
- return sendGenericOkFail(cli, vm->remountUid(uid, mode));
- }
-
- return cli->sendMsg(ResponseCode::CommandSyntaxError, nullptr, false);
-}
-
-CommandListener::StorageCmd::StorageCmd() :
- VoldCommand("storage") {
-}
-
-int CommandListener::StorageCmd::runCommand(SocketClient *cli,
- int argc, char **argv) {
- /* Guarantied to be initialized by vold's main() before the CommandListener is active */
- extern struct fstab *fstab;
-
- dumpArgs(argc, argv, -1);
-
- if (argc < 2) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false);
- return 0;
- }
-
- if (!strcmp(argv[1], "mountall")) {
- if (argc != 2) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: mountall", false);
- return 0;
- }
- fs_mgr_mount_all(fstab, MOUNT_MODE_DEFAULT);
- cli->sendMsg(ResponseCode::CommandOkay, "Mountall ran successfully", false);
- return 0;
- }
- if (!strcmp(argv[1], "users")) {
- DIR *dir;
- struct dirent *de;
-
- if (argc < 3) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument: user <mountpoint>", false);
- return 0;
- }
- if (!(dir = opendir("/proc"))) {
- cli->sendMsg(ResponseCode::OperationFailed, "Failed to open /proc", true);
- return 0;
- }
-
- while ((de = readdir(dir))) {
- int pid = Process::getPid(de->d_name);
-
- if (pid < 0) {
- continue;
- }
-
- std::string processName;
- Process::getProcessName(pid, processName);
-
- if (Process::checkFileDescriptorSymLinks(pid, argv[2]) ||
- Process::checkFileMaps(pid, argv[2]) ||
- Process::checkSymLink(pid, argv[2], "cwd") ||
- Process::checkSymLink(pid, argv[2], "root") ||
- Process::checkSymLink(pid, argv[2], "exe")) {
-
- char msg[1024];
- snprintf(msg, sizeof(msg), "%d %s", pid, processName.c_str());
- cli->sendMsg(ResponseCode::StorageUsersListResult, msg, false);
- }
- }
- closedir(dir);
- cli->sendMsg(ResponseCode::CommandOkay, "Storage user list complete", false);
- } else {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown storage cmd", false);
- }
- return 0;
-}
-
-CommandListener::AsecCmd::AsecCmd() :
- VoldCommand("asec") {
-}
-
-void CommandListener::AsecCmd::listAsecsInDirectory(SocketClient *cli, const char *directory) {
- DIR *d = opendir(directory);
-
- if (!d) {
- cli->sendMsg(ResponseCode::OperationFailed, "Failed to open asec dir", true);
- return;
- }
-
- dirent* dent;
- while ((dent = readdir(d)) != NULL) {
- if (dent->d_name[0] == '.')
- continue;
- if (dent->d_type != DT_REG)
- continue;
- size_t name_len = strlen(dent->d_name);
- if (name_len > 5 && name_len < 260 &&
- !strcmp(&dent->d_name[name_len - 5], ".asec")) {
- char id[255];
- memset(id, 0, sizeof(id));
- strlcpy(id, dent->d_name, name_len - 4);
- cli->sendMsg(ResponseCode::AsecListResult, id, false);
- }
- }
- closedir(d);
-}
-
-int CommandListener::AsecCmd::runCommand(SocketClient *cli,
- int argc, char **argv) {
- if (argc < 2) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false);
- return 0;
- }
-
- VolumeManager *vm = VolumeManager::Instance();
- int rc = 0;
-
- if (!strcmp(argv[1], "list")) {
- dumpArgs(argc, argv, -1);
-
- listAsecsInDirectory(cli, VolumeManager::SEC_ASECDIR_EXT);
- listAsecsInDirectory(cli, VolumeManager::SEC_ASECDIR_INT);
- } else if (!strcmp(argv[1], "create")) {
- dumpArgs(argc, argv, 5);
- if (argc != 8) {
- cli->sendMsg(ResponseCode::CommandSyntaxError,
- "Usage: asec create <container-id> <size_mb> <fstype> <key> <ownerUid> "
- "<isExternal>", false);
- return 0;
- }
-
- unsigned long numSectors = (atoi(argv[3]) * (1024 * 1024)) / 512;
- const bool isExternal = (atoi(argv[7]) == 1);
- rc = vm->createAsec(argv[2], numSectors, argv[4], argv[5], atoi(argv[6]), isExternal);
- } else if (!strcmp(argv[1], "resize")) {
- dumpArgs(argc, argv, -1);
- if (argc != 5) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: asec resize <container-id> <size_mb> <key>", false);
- return 0;
- }
- unsigned long numSectors = (atoi(argv[3]) * (1024 * 1024)) / 512;
- rc = vm->resizeAsec(argv[2], numSectors, argv[4]);
- } else if (!strcmp(argv[1], "finalize")) {
- dumpArgs(argc, argv, -1);
- if (argc != 3) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: asec finalize <container-id>", false);
- return 0;
- }
- rc = vm->finalizeAsec(argv[2]);
- } else if (!strcmp(argv[1], "fixperms")) {
- dumpArgs(argc, argv, -1);
- if (argc != 5) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: asec fixperms <container-id> <gid> <filename>", false);
- return 0;
- }
-
- char *endptr;
- gid_t gid = (gid_t) strtoul(argv[3], &endptr, 10);
- if (*endptr != '\0') {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: asec fixperms <container-id> <gid> <filename>", false);
- return 0;
- }
-
- rc = vm->fixupAsecPermissions(argv[2], gid, argv[4]);
- } else if (!strcmp(argv[1], "destroy")) {
- dumpArgs(argc, argv, -1);
- if (argc < 3) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: asec destroy <container-id> [force]", false);
- return 0;
- }
- bool force = false;
- if (argc > 3 && !strcmp(argv[3], "force")) {
- force = true;
- }
- rc = vm->destroyAsec(argv[2], force);
- } else if (!strcmp(argv[1], "mount")) {
- dumpArgs(argc, argv, 3);
- if (argc != 6) {
- cli->sendMsg(ResponseCode::CommandSyntaxError,
- "Usage: asec mount <namespace-id> <key> <ownerUid> <ro|rw>", false);
- return 0;
- }
- bool readOnly = true;
- if (!strcmp(argv[5], "rw")) {
- readOnly = false;
- }
- rc = vm->mountAsec(argv[2], argv[3], atoi(argv[4]), readOnly);
- } else if (!strcmp(argv[1], "unmount")) {
- dumpArgs(argc, argv, -1);
- if (argc < 3) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: asec unmount <container-id> [force]", false);
- return 0;
- }
- bool force = false;
- if (argc > 3 && !strcmp(argv[3], "force")) {
- force = true;
- }
- rc = vm->unmountAsec(argv[2], force);
- } else if (!strcmp(argv[1], "rename")) {
- dumpArgs(argc, argv, -1);
- if (argc != 4) {
- cli->sendMsg(ResponseCode::CommandSyntaxError,
- "Usage: asec rename <old_id> <new_id>", false);
- return 0;
- }
- rc = vm->renameAsec(argv[2], argv[3]);
- } else if (!strcmp(argv[1], "path")) {
- dumpArgs(argc, argv, -1);
- if (argc != 3) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: asec path <container-id>", false);
- return 0;
- }
- char path[255];
-
- if (!(rc = vm->getAsecMountPath(argv[2], path, sizeof(path)))) {
- cli->sendMsg(ResponseCode::AsecPathResult, path, false);
- return 0;
- }
- } else if (!strcmp(argv[1], "fspath")) {
- dumpArgs(argc, argv, -1);
- if (argc != 3) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: asec fspath <container-id>", false);
- return 0;
- }
- char path[255];
-
- if (!(rc = vm->getAsecFilesystemPath(argv[2], path, sizeof(path)))) {
- cli->sendMsg(ResponseCode::AsecPathResult, path, false);
- return 0;
- }
- } else {
- dumpArgs(argc, argv, -1);
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown asec cmd", false);
- }
-
- if (!rc) {
- cli->sendMsg(ResponseCode::CommandOkay, "asec operation succeeded", false);
- } else {
- rc = ResponseCode::convertFromErrno();
- cli->sendMsg(rc, "asec operation failed", true);
- }
-
- return 0;
-}
-
-CommandListener::ObbCmd::ObbCmd() :
- VoldCommand("obb") {
-}
-
-int CommandListener::ObbCmd::runCommand(SocketClient *cli,
- int argc, char **argv) {
- if (argc < 2) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false);
- return 0;
- }
-
- VolumeManager *vm = VolumeManager::Instance();
- int rc = 0;
-
- if (!strcmp(argv[1], "list")) {
- dumpArgs(argc, argv, -1);
-
- rc = vm->listMountedObbs(cli);
- } else if (!strcmp(argv[1], "mount")) {
- dumpArgs(argc, argv, 3);
- if (argc != 5) {
- cli->sendMsg(ResponseCode::CommandSyntaxError,
- "Usage: obb mount <filename> <key> <ownerGid>", false);
- return 0;
- }
- rc = vm->mountObb(argv[2], argv[3], atoi(argv[4]));
- } else if (!strcmp(argv[1], "unmount")) {
- dumpArgs(argc, argv, -1);
- if (argc < 3) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: obb unmount <source file> [force]", false);
- return 0;
- }
- bool force = false;
- if (argc > 3 && !strcmp(argv[3], "force")) {
- force = true;
- }
- rc = vm->unmountObb(argv[2], force);
- } else if (!strcmp(argv[1], "path")) {
- dumpArgs(argc, argv, -1);
- if (argc != 3) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: obb path <source file>", false);
- return 0;
- }
- char path[255];
-
- if (!(rc = vm->getObbMountPath(argv[2], path, sizeof(path)))) {
- cli->sendMsg(ResponseCode::AsecPathResult, path, false);
- return 0;
- }
- } else {
- dumpArgs(argc, argv, -1);
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown obb cmd", false);
- }
-
- if (!rc) {
- cli->sendMsg(ResponseCode::CommandOkay, "obb operation succeeded", false);
- } else {
- rc = ResponseCode::convertFromErrno();
- cli->sendMsg(rc, "obb operation failed", true);
- }
-
- return 0;
-}
-
-CommandListener::FstrimCmd::FstrimCmd() :
- VoldCommand("fstrim") {
-}
-int CommandListener::FstrimCmd::runCommand(SocketClient *cli,
- int argc, char **argv) {
- if ((cli->getUid() != 0) && (cli->getUid() != AID_SYSTEM)) {
- cli->sendMsg(ResponseCode::CommandNoPermission, "No permission to run fstrim commands", false);
- return 0;
- }
-
- if (argc < 2) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false);
- return 0;
- }
-
- VolumeManager *vm = VolumeManager::Instance();
- std::lock_guard<std::mutex> lock(vm->getLock());
-
- int flags = 0;
-
- std::string cmd(argv[1]);
- if (cmd == "dotrim") {
- flags = 0;
- } else if (cmd == "dotrimbench") {
- flags = android::vold::TrimTask::Flags::kBenchmarkAfter;
- } else if (cmd == "dodtrim") {
- flags = android::vold::TrimTask::Flags::kDeepTrim;
- } else if (cmd == "dodtrimbench") {
- flags = android::vold::TrimTask::Flags::kDeepTrim
- | android::vold::TrimTask::Flags::kBenchmarkAfter;
- }
-
- (new android::vold::TrimTask(flags))->start();
- return sendGenericOkFail(cli, 0);
-}
-
-static size_t kAppFuseMaxMountPointName = 32;
-
-static android::status_t getMountPath(uid_t uid, const std::string& name, std::string* path) {
- if (name.size() > kAppFuseMaxMountPointName) {
- LOG(ERROR) << "AppFuse mount name is too long.";
- return -EINVAL;
- }
- for (size_t i = 0; i < name.size(); i++) {
- if (!isalnum(name[i])) {
- LOG(ERROR) << "AppFuse mount name contains invalid character.";
- return -EINVAL;
- }
- }
- *path = android::base::StringPrintf("/mnt/appfuse/%d_%s", uid, name.c_str());
- return android::OK;
-}
-
-static android::status_t mountInNamespace(uid_t uid, int device_fd, const std::string& path) {
- // Remove existing mount.
- android::vold::ForceUnmount(path);
-
- const auto opts = android::base::StringPrintf(
- "fd=%i,"
- "rootmode=40000,"
- "default_permissions,"
- "allow_other,"
- "user_id=%d,group_id=%d,"
- "context=\"u:object_r:app_fuse_file:s0\","
- "fscontext=u:object_r:app_fusefs:s0",
- device_fd,
- uid,
- uid);
-
- const int result = TEMP_FAILURE_RETRY(mount(
- "/dev/fuse", path.c_str(), "fuse",
- MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_NOATIME, opts.c_str()));
- if (result != 0) {
- PLOG(ERROR) << "Failed to mount " << path;
- return -errno;
- }
-
- return android::OK;
-}
-
-static android::status_t runCommandInNamespace(const std::string& command,
- uid_t uid,
- pid_t pid,
- const std::string& path,
- int device_fd) {
- if (DEBUG_APPFUSE) {
- LOG(DEBUG) << "Run app fuse command " << command << " for the path " << path
- << " in namespace " << uid;
- }
-
- unique_fd dir(open("/proc", O_RDONLY | O_DIRECTORY | O_CLOEXEC));
- if (dir.get() == -1) {
- PLOG(ERROR) << "Failed to open /proc";
- return -errno;
- }
-
- // Obtains process file descriptor.
- const std::string pid_str = android::base::StringPrintf("%d", pid);
- const unique_fd pid_fd(
- openat(dir.get(), pid_str.c_str(), O_RDONLY | O_DIRECTORY | O_CLOEXEC));
- if (pid_fd.get() == -1) {
- PLOG(ERROR) << "Failed to open /proc/" << pid;
- return -errno;
- }
-
- // Check UID of process.
- {
- struct stat sb;
- const int result = fstat(pid_fd.get(), &sb);
- if (result == -1) {
- PLOG(ERROR) << "Failed to stat /proc/" << pid;
- return -errno;
- }
- if (sb.st_uid != AID_SYSTEM) {
- LOG(ERROR) << "Only system can mount appfuse. UID expected=" << AID_SYSTEM
- << ", actual=" << sb.st_uid;
- return -EPERM;
- }
- }
-
- // Matches so far, but refuse to touch if in root namespace
- {
- char rootName[PATH_MAX];
- char pidName[PATH_MAX];
- const int root_result =
- android::vold::SaneReadLinkAt(dir.get(), "1/ns/mnt", rootName, PATH_MAX);
- const int pid_result =
- android::vold::SaneReadLinkAt(pid_fd.get(), "ns/mnt", pidName, PATH_MAX);
- if (root_result == -1) {
- LOG(ERROR) << "Failed to readlink for /proc/1/ns/mnt";
- return -EPERM;
- }
- if (pid_result == -1) {
- LOG(ERROR) << "Failed to readlink for /proc/" << pid << "/ns/mnt";
- return -EPERM;
- }
- if (!strcmp(rootName, pidName)) {
- LOG(ERROR) << "Don't mount appfuse in root namespace";
- return -EPERM;
- }
- }
-
- // We purposefully leave the namespace open across the fork
- unique_fd ns_fd(openat(pid_fd.get(), "ns/mnt", O_RDONLY)); // not O_CLOEXEC
- if (ns_fd.get() < 0) {
- PLOG(ERROR) << "Failed to open namespace for /proc/" << pid << "/ns/mnt";
- return -errno;
- }
-
- int child = fork();
- if (child == 0) {
- if (setns(ns_fd.get(), CLONE_NEWNS) != 0) {
- PLOG(ERROR) << "Failed to setns";
- _exit(-errno);
- }
-
- if (command == "mount") {
- _exit(mountInNamespace(uid, device_fd, path));
- } else if (command == "unmount") {
- // If it's just after all FD opened on mount point are closed, umount2 can fail with
- // EBUSY. To avoid the case, specify MNT_DETACH.
- if (umount2(path.c_str(), UMOUNT_NOFOLLOW | MNT_DETACH) != 0 &&
- errno != EINVAL && errno != ENOENT) {
- PLOG(ERROR) << "Failed to unmount directory.";
- _exit(-errno);
- }
- if (rmdir(path.c_str()) != 0) {
- PLOG(ERROR) << "Failed to remove the mount directory.";
- _exit(-errno);
- }
- _exit(android::OK);
- } else {
- LOG(ERROR) << "Unknown appfuse command " << command;
- _exit(-EPERM);
- }
- }
-
- if (child == -1) {
- PLOG(ERROR) << "Failed to folk child process";
- return -errno;
- }
-
- android::status_t status;
- TEMP_FAILURE_RETRY(waitpid(child, &status, 0));
-
- return status;
-}
-
-CommandListener::AppFuseCmd::AppFuseCmd() : VoldCommand("appfuse") {}
-
-int CommandListener::AppFuseCmd::runCommand(SocketClient *cli, int argc, char **argv) {
- if (argc < 2) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
- return 0;
- }
-
- const std::string command(argv[1]);
-
- if (command == "mount" && argc == 5) {
- const uid_t uid = atoi(argv[2]);
- const pid_t pid = atoi(argv[3]);
- const std::string name(argv[4]);
-
- // Check mount point name.
- std::string path;
- if (getMountPath(uid, name, &path) != android::OK) {
- return cli->sendMsg(ResponseCode::CommandParameterError,
- "Invalid mount point name.",
- false);
- }
-
- // Create directories.
- {
- const android::status_t result = android::vold::PrepareDir(path, 0700, 0, 0);
- if (result != android::OK) {
- PLOG(ERROR) << "Failed to prepare directory " << path;
- return sendGenericOkFail(cli, result);
- }
- }
-
- // Open device FD.
- unique_fd device_fd(open("/dev/fuse", O_RDWR)); // not O_CLOEXEC
- if (device_fd.get() == -1) {
- PLOG(ERROR) << "Failed to open /dev/fuse";
- return sendGenericOkFail(cli, -errno);
- }
-
- // Mount.
- {
- const android::status_t result =
- runCommandInNamespace(command, uid, pid, path, device_fd.get());
- if (result != android::OK) {
- return sendGenericOkFail(cli, result);
- }
- }
-
- return sendFd(cli, device_fd.get());
- } else if (command == "unmount" && argc == 5) {
- const uid_t uid = atoi(argv[2]);
- const uid_t pid = atoi(argv[3]);
- const std::string name(argv[4]);
-
- // Check mount point name.
- std::string path;
- if (getMountPath(uid, name, &path) != android::OK) {
- return cli->sendMsg(ResponseCode::CommandParameterError,
- "Invalid mount point name.",
- false);
- }
-
- const android::status_t result =
- runCommandInNamespace(command, uid, pid, path, -1 /* device_fd */);
- return sendGenericOkFail(cli, result);
- }
-
- return cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown appfuse cmd", false);
-}
-
-android::status_t CommandListener::AppFuseCmd::sendFd(SocketClient *cli, int fd) {
- struct iovec data;
- char dataBuffer[128];
- char controlBuffer[CMSG_SPACE(sizeof(int))];
- struct msghdr message;
-
- // Message.
- memset(&message, 0, sizeof(struct msghdr));
- message.msg_iov = &data;
- message.msg_iovlen = 1;
- message.msg_control = controlBuffer;
- message.msg_controllen = CMSG_SPACE(sizeof(int));
-
- // Data.
- data.iov_base = dataBuffer;
- data.iov_len = snprintf(dataBuffer,
- sizeof(dataBuffer),
- "200 %d AppFuse command succeeded",
- cli->getCmdNum()) + 1;
-
- // Control.
- struct cmsghdr* const controlMessage = CMSG_FIRSTHDR(&message);
- memset(controlBuffer, 0, CMSG_SPACE(sizeof(int)));
- controlMessage->cmsg_level = SOL_SOCKET;
- controlMessage->cmsg_type = SCM_RIGHTS;
- controlMessage->cmsg_len = CMSG_LEN(sizeof(int));
- *((int *) CMSG_DATA(controlMessage)) = fd;
-
- const int result = TEMP_FAILURE_RETRY(sendmsg(cli->getSocket(), &message, 0));
- if (result == -1) {
- PLOG(ERROR) << "Failed to send FD from vold";
- return -errno;
- }
-
- return android::OK;
-}
diff --git a/CommandListener.h b/CommandListener.h
deleted file mode 100644
index f858ac0..0000000
--- a/CommandListener.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (C) 2008 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef _COMMANDLISTENER_H__
-#define _COMMANDLISTENER_H__
-
-#include <sysutils/FrameworkListener.h>
-#include <utils/Errors.h>
-#include "VoldCommand.h"
-
-class CommandListener : public FrameworkListener {
-public:
- CommandListener();
- virtual ~CommandListener() {}
-
-private:
- static void dumpArgs(int argc, char **argv, int argObscure);
- static int sendGenericOkFail(SocketClient *cli, int cond);
-
- class DumpCmd : public VoldCommand {
- public:
- DumpCmd();
- virtual ~DumpCmd() {}
- int runCommand(SocketClient *c, int argc, char ** argv);
- };
-
- class VolumeCmd : public VoldCommand {
- public:
- VolumeCmd();
- virtual ~VolumeCmd() {}
- int runCommand(SocketClient *c, int argc, char ** argv);
- };
-
- class AsecCmd : public VoldCommand {
- public:
- AsecCmd();
- virtual ~AsecCmd() {}
- int runCommand(SocketClient *c, int argc, char ** argv);
- private:
- void listAsecsInDirectory(SocketClient *c, const char *directory);
- };
-
- class ObbCmd : public VoldCommand {
- public:
- ObbCmd();
- virtual ~ObbCmd() {}
- int runCommand(SocketClient *c, int argc, char ** argv);
- };
-
- class StorageCmd : public VoldCommand {
- public:
- StorageCmd();
- virtual ~StorageCmd() {}
- int runCommand(SocketClient *c, int argc, char ** argv);
- };
-
- class FstrimCmd : public VoldCommand {
- public:
- FstrimCmd();
- virtual ~FstrimCmd() {}
- int runCommand(SocketClient *c, int argc, char ** argv);
- };
-
- class AppFuseCmd : public VoldCommand {
- public:
- AppFuseCmd();
- virtual ~AppFuseCmd() {}
- int runCommand(SocketClient *c, int argc, char ** argv);
- private:
- android::status_t sendFd(SocketClient *c, int fd);
- };
-};
-
-#endif
diff --git a/CryptCommandListener.cpp b/CryptCommandListener.cpp
deleted file mode 100644
index 779338f..0000000
--- a/CryptCommandListener.cpp
+++ /dev/null
@@ -1,448 +0,0 @@
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <assert.h>
-#include <stdlib.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <fs_mgr.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdint.h>
-#include <inttypes.h>
-
-#include <algorithm>
-#include <thread>
-
-#define LOG_TAG "VoldCryptCmdListener"
-
-#include <android-base/logging.h>
-#include <android-base/stringprintf.h>
-
-#include <cutils/fs.h>
-#include <cutils/log.h>
-#include <cutils/sockets.h>
-
-#include <sysutils/SocketClient.h>
-#include <private/android_filesystem_config.h>
-
-#include "CryptCommandListener.h"
-#include "Process.h"
-#include "ResponseCode.h"
-#include "cryptfs.h"
-#include "Ext4Crypt.h"
-#include "MetadataCrypt.h"
-#include "Utils.h"
-
-#define DUMP_ARGS 0
-
-CryptCommandListener::CryptCommandListener() :
-FrameworkListener("cryptd", true) {
- registerCmd(new CryptfsCmd());
-}
-
-#if DUMP_ARGS
-void CryptCommandListener::dumpArgs(int argc, char **argv, int argObscure) {
- char buffer[4096];
- char *p = buffer;
-
- memset(buffer, 0, sizeof(buffer));
- int i;
- for (i = 0; i < argc; i++) {
- unsigned int len = strlen(argv[i]) + 1; // Account for space
- if (i == argObscure) {
- len += 2; // Account for {}
- }
- if (((p - buffer) + len) < (sizeof(buffer)-1)) {
- if (i == argObscure) {
- *p++ = '{';
- *p++ = '}';
- *p++ = ' ';
- continue;
- }
- strcpy(p, argv[i]);
- p+= strlen(argv[i]);
- if (i != (argc -1)) {
- *p++ = ' ';
- }
- }
- }
- SLOGD("%s", buffer);
-}
-#else
-void CryptCommandListener::dumpArgs(int /*argc*/, char ** /*argv*/, int /*argObscure*/) { }
-#endif
-
-int CryptCommandListener::sendGenericOkFailOnBool(SocketClient *cli, bool success) {
- if (success) {
- return cli->sendMsg(ResponseCode::CommandOkay, "Command succeeded", false);
- } else {
- return cli->sendMsg(ResponseCode::OperationFailed, "Command failed", false);
- }
-}
-
-CryptCommandListener::CryptfsCmd::CryptfsCmd() :
- VoldCommand("cryptfs") {
-}
-
-static int getType(const char* type)
-{
- if (!strcmp(type, "default")) {
- return CRYPT_TYPE_DEFAULT;
- } else if (!strcmp(type, "password")) {
- return CRYPT_TYPE_PASSWORD;
- } else if (!strcmp(type, "pin")) {
- return CRYPT_TYPE_PIN;
- } else if (!strcmp(type, "pattern")) {
- return CRYPT_TYPE_PATTERN;
- } else {
- return -1;
- }
-}
-
-static char* parseNull(char* arg) {
- if (strcmp(arg, "!") == 0) {
- return nullptr;
- } else {
- return arg;
- }
-}
-
-static bool check_argc(SocketClient *cli, const std::string &subcommand, int argc,
- int expected, std::string usage) {
- assert(expected >= 2);
- if (expected == 2) {
- assert(usage.empty());
- } else {
- assert(!usage.empty());
- assert(std::count(usage.begin(), usage.end(), ' ') + 3 == expected);
- }
- if (argc == expected) {
- return true;
- }
- auto message = std::string() + "Usage: cryptfs " + subcommand;
- if (!usage.empty()) {
- message += " " + usage;
- }
- cli->sendMsg(ResponseCode::CommandSyntaxError, message.c_str(), false);
- return false;
-}
-
-static int do_enablecrypto(char* arg2, char* arg4, int type, bool no_ui) {
- int rc;
- int tries;
- for (tries = 0; tries < 2; ++tries) {
- if (type == CRYPT_TYPE_DEFAULT) {
- rc = cryptfs_enable_default(arg2, no_ui);
- } else {
- rc = cryptfs_enable(arg2, type, arg4, no_ui);
- }
-
- if (rc == 0) {
- free(arg2);
- free(arg4);
- return 0;
- } else if (tries == 0) {
- Process::killProcessesWithOpenFiles(DATA_MNT_POINT, SIGKILL);
- }
- }
-
- free(arg2);
- free(arg4);
- return -1;
-}
-
-int CryptCommandListener::CryptfsCmd::runCommand(SocketClient *cli,
- int argc, char **argv) {
- if ((cli->getUid() != 0) && (cli->getUid() != AID_SYSTEM)) {
- cli->sendMsg(ResponseCode::CommandNoPermission, "No permission to run cryptfs commands", false);
- return 0;
- }
-
- if (argc < 2) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing subcommand", false);
- return 0;
- }
-
- int rc = 0;
-
- std::string subcommand(argv[1]);
- if (subcommand == "checkpw") {
- if (!check_argc(cli, subcommand, argc, 3, "<passwd>")) return 0;
- dumpArgs(argc, argv, 2);
- rc = cryptfs_check_passwd(argv[2]);
- } else if (subcommand == "restart") {
- if (!check_argc(cli, subcommand, argc, 2, "")) return 0;
- dumpArgs(argc, argv, -1);
-
- // Spawn as thread so init can issue commands back to vold without
- // causing deadlock, usually as a result of prep_data_fs.
- std::thread(&cryptfs_restart).detach();
- } else if (subcommand == "cryptocomplete") {
- if (!check_argc(cli, subcommand, argc, 2, "")) return 0;
- dumpArgs(argc, argv, -1);
- rc = cryptfs_crypto_complete();
- } else if (subcommand == "enablecrypto") {
- if (e4crypt_is_native()) {
- if (argc != 5 || strcmp(argv[2], "inplace") || strcmp(argv[3], "default")
- || strcmp(argv[4], "noui")) {
- cli->sendMsg(ResponseCode::CommandSyntaxError,
- "Usage with ext4crypt: cryptfs enablecrypto inplace default noui", false);
- return 0;
- }
- return sendGenericOkFailOnBool(cli, e4crypt_enable_crypto());
- }
- const char* syntax = "Usage: cryptfs enablecrypto <wipe|inplace> "
- "default|password|pin|pattern [passwd] [noui]";
-
- // This should be replaced with a command line parser if more options
- // are added
- bool valid = true;
- bool no_ui = false;
- int type = CRYPT_TYPE_DEFAULT;
- int options = 4; // Optional parameters are at this offset
- if (argc < 4) {
- // Minimum 4 parameters
- valid = false;
- } else if (strcmp(argv[2], "wipe") && strcmp(argv[2], "inplace") ) {
- // Second parameter must be wipe or inplace
- valid = false;
- } else {
- // Third parameter must be valid type
- type = getType(argv[3]);
- if (type == -1) {
- valid = false;
- } else if (type != CRYPT_TYPE_DEFAULT) {
- options++;
- }
- }
-
- if (valid) {
- if(argc < options) {
- // Too few parameters
- valid = false;
- } else if (argc == options) {
- // No more, done
- } else if (argc == options + 1) {
- // One option, must be noui
- if (!strcmp(argv[options], "noui")) {
- no_ui = true;
- } else {
- valid = false;
- }
- } else {
- // Too many options
- valid = false;
- }
- }
-
- if (!valid) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, syntax, false);
- return 0;
- }
-
- dumpArgs(argc, argv, 4);
-
- // Spawn as thread so init can issue commands back to vold without
- // causing deadlock, usually as a result of prep_data_fs.
- char* arg2 = argc > 2 ? strdup(argv[2]) : NULL;
- char* arg4 = argc > 4 ? strdup(argv[4]) : NULL;
- std::thread(&do_enablecrypto, arg2, arg4, type, no_ui).detach();
- } else if (subcommand == "enablefilecrypto") {
- if (!check_argc(cli, subcommand, argc, 2, "")) return 0;
- dumpArgs(argc, argv, -1);
- rc = e4crypt_initialize_global_de();
- } else if (subcommand == "changepw") {
- const char* syntax = "Usage: cryptfs changepw "
- "default|password|pin|pattern [newpasswd]";
- const char* password;
- if (argc == 3) {
- password = "";
- } else if (argc == 4) {
- password = argv[3];
- } else {
- cli->sendMsg(ResponseCode::CommandSyntaxError, syntax, false);
- return 0;
- }
- int type = getType(argv[2]);
- if (type == -1) {
- cli->sendMsg(ResponseCode::CommandSyntaxError, syntax, false);
- return 0;
- }
- SLOGD("cryptfs changepw %s {}", argv[2]);
- rc = cryptfs_changepw(type, password);
- } else if (subcommand == "verifypw") {
- if (!check_argc(cli, subcommand, argc, 3, "<passwd>")) return 0;
- SLOGD("cryptfs verifypw {}");
- rc = cryptfs_verify_passwd(argv[2]);
- } else if (subcommand == "getfield") {
- if (!check_argc(cli, subcommand, argc, 3, "<fieldname>")) return 0;
- char *valbuf;
- int valbuf_len = PROPERTY_VALUE_MAX;
-
- dumpArgs(argc, argv, -1);
-
- // Increase the buffer size until it is big enough for the field value stored.
- while (1) {
- valbuf = (char*)malloc(valbuf_len);
- if (valbuf == NULL) {
- cli->sendMsg(ResponseCode::OperationFailed, "Failed to allocate memory", false);
- return 0;
- }
- rc = cryptfs_getfield(argv[2], valbuf, valbuf_len);
- if (rc != CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL) {
- break;
- }
- free(valbuf);
- valbuf_len *= 2;
- }
- if (rc == CRYPTO_GETFIELD_OK) {
- cli->sendMsg(ResponseCode::CryptfsGetfieldResult, valbuf, false);
- }
- free(valbuf);
- } else if (subcommand == "setfield") {
- if (!check_argc(cli, subcommand, argc, 4, "<fieldname> <value>")) return 0;
- dumpArgs(argc, argv, -1);
- rc = cryptfs_setfield(argv[2], argv[3]);
- } else if (subcommand == "mountdefaultencrypted") {
- if (!check_argc(cli, subcommand, argc, 2, "")) return 0;
- SLOGD("cryptfs mountdefaultencrypted");
- dumpArgs(argc, argv, -1);
-
- if (e4crypt_is_native()) {
- return sendGenericOkFailOnBool(cli, e4crypt_mount_metadata_encrypted());
- }
- // Spawn as thread so init can issue commands back to vold without
- // causing deadlock, usually as a result of prep_data_fs.
- std::thread(&cryptfs_mount_default_encrypted).detach();
- } else if (subcommand == "getpwtype") {
- if (!check_argc(cli, subcommand, argc, 2, "")) return 0;
- SLOGD("cryptfs getpwtype");
- dumpArgs(argc, argv, -1);
- switch(cryptfs_get_password_type()) {
- case CRYPT_TYPE_PASSWORD:
- cli->sendMsg(ResponseCode::PasswordTypeResult, "password", false);
- return 0;
- case CRYPT_TYPE_PATTERN:
- cli->sendMsg(ResponseCode::PasswordTypeResult, "pattern", false);
- return 0;
- case CRYPT_TYPE_PIN:
- cli->sendMsg(ResponseCode::PasswordTypeResult, "pin", false);
- return 0;
- case CRYPT_TYPE_DEFAULT:
- cli->sendMsg(ResponseCode::PasswordTypeResult, "default", false);
- return 0;
- default:
- /** @TODO better error and make sure handled by callers */
- cli->sendMsg(ResponseCode::OpFailedStorageNotFound, "Error", false);
- return 0;
- }
- } else if (subcommand == "getpw") {
- if (!check_argc(cli, subcommand, argc, 2, "")) return 0;
- SLOGD("cryptfs getpw");
- dumpArgs(argc, argv, -1);
- const char* password = cryptfs_get_password();
- if (password) {
- char* message = 0;
- int size = asprintf(&message, "{{sensitive}} %s", password);
- if (size != -1) {
- cli->sendMsg(ResponseCode::CommandOkay, message, false);
- memset(message, 0, size);
- free (message);
- return 0;
- }
- }
- rc = -1;
- } else if (subcommand == "clearpw") {
- if (!check_argc(cli, subcommand, argc, 2, "")) return 0;
- SLOGD("cryptfs clearpw");
- dumpArgs(argc, argv, -1);
- cryptfs_clear_password();
- rc = 0;
-
- } else if (subcommand == "isConvertibleToFBE") {
- if (!check_argc(cli, subcommand, argc, 2, "")) return 0;
- // ext4enc:TODO: send a CommandSyntaxError if argv[2] not an integer
- SLOGD("cryptfs isConvertibleToFBE");
- dumpArgs(argc, argv, -1);
- rc = cryptfs_isConvertibleToFBE();
-
- } else if (subcommand == "init_user0") {
- if (!check_argc(cli, subcommand, argc, 2, "")) return 0;
- return sendGenericOkFailOnBool(cli, e4crypt_init_user0());
-
- } else if (subcommand == "create_user_key") {
- if (!check_argc(cli, subcommand, argc, 5, "<user> <serial> <ephemeral>")) return 0;
- return sendGenericOkFailOnBool(cli, e4crypt_vold_create_user_key(
- atoi(argv[2]), atoi(argv[3]), atoi(argv[4]) != 0));
-
- } else if (subcommand == "destroy_user_key") {
- if (!check_argc(cli, subcommand, argc, 3, "<user>")) return 0;
- return sendGenericOkFailOnBool(cli, e4crypt_destroy_user_key(atoi(argv[2])));
-
- } else if (subcommand == "add_user_key_auth") {
- if (!check_argc(cli, subcommand, argc, 6, "<user> <serial> <token> <secret>")) return 0;
- return sendGenericOkFailOnBool(cli, e4crypt_add_user_key_auth(
- atoi(argv[2]), atoi(argv[3]), argv[4], argv[5]));
-
- } else if (subcommand == "fixate_newest_user_key_auth") {
- if (!check_argc(cli, subcommand, argc, 3, "<user>")) return 0;
- return sendGenericOkFailOnBool(cli, e4crypt_fixate_newest_user_key_auth(atoi(argv[2])));
-
- } else if (subcommand == "unlock_user_key") {
- if (!check_argc(cli, subcommand, argc, 6, "<user> <serial> <token> <secret>")) return 0;
- return sendGenericOkFailOnBool(cli, e4crypt_unlock_user_key(
- atoi(argv[2]), atoi(argv[3]), argv[4], argv[5]));
-
- } else if (subcommand == "lock_user_key") {
- if (!check_argc(cli, subcommand, argc, 3, "<user>")) return 0;
- return sendGenericOkFailOnBool(cli, e4crypt_lock_user_key(atoi(argv[2])));
-
- } else if (subcommand == "prepare_user_storage") {
- if (!check_argc(cli, subcommand, argc, 6, "<uuid> <user> <serial> <flags>")) return 0;
- return sendGenericOkFailOnBool(cli, e4crypt_prepare_user_storage(
- parseNull(argv[2]), atoi(argv[3]), atoi(argv[4]), atoi(argv[5])));
-
- } else if (subcommand == "destroy_user_storage") {
- if (!check_argc(cli, subcommand, argc, 5, "<uuid> <user> <flags>")) return 0;
- return sendGenericOkFailOnBool(cli,
- e4crypt_destroy_user_storage(parseNull(argv[2]), atoi(argv[3]), atoi(argv[4])));
-
- } else if (subcommand == "secdiscard") {
- if (!check_argc(cli, subcommand, argc, 3, "<path>")) return 0;
- return sendGenericOkFailOnBool(cli,
- e4crypt_secdiscard(parseNull(argv[2])));
-
- } else {
- dumpArgs(argc, argv, -1);
- cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs subcommand", false);
- return 0;
- }
-
- // Always report that the command succeeded and return the error code.
- // The caller will check the return value to see what the error was.
- char msg[255];
- snprintf(msg, sizeof(msg), "%d", rc);
- cli->sendMsg(ResponseCode::CommandOkay, msg, false);
-
- return 0;
-}
diff --git a/CryptCommandListener.h b/CryptCommandListener.h
deleted file mode 100644
index 478ac02..0000000
--- a/CryptCommandListener.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef _CRYPTCOMMANDLISTENER_H__
-#define _CRYPTCOMMANDLISTENER_H__
-
-#include <sysutils/FrameworkListener.h>
-#include <utils/Errors.h>
-#include "VoldCommand.h"
-
-class CryptCommandListener : public FrameworkListener {
-public:
- CryptCommandListener();
- virtual ~CryptCommandListener() {}
-
-private:
- static void dumpArgs(int argc, char **argv, int argObscure);
- static int sendGenericOkFailOnBool(SocketClient *cli, bool success);
-
- class CryptfsCmd : public VoldCommand {
- public:
- CryptfsCmd();
- virtual ~CryptfsCmd() {}
- int runCommand(SocketClient *c, int argc, char ** argv);
- };
- int getSocket();
-};
-
-#endif
diff --git a/Devmapper.cpp b/Devmapper.cpp
index 4b6942d..2cbed86 100644
--- a/Devmapper.cpp
+++ b/Devmapper.cpp
@@ -14,6 +14,8 @@
* limitations under the License.
*/
+#define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
+
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
@@ -32,87 +34,17 @@
#include <cutils/log.h>
-#include <sysutils/SocketClient.h>
+#include <android-base/logging.h>
+#include <android-base/stringprintf.h>
+#include <utils/Trace.h>
#include "Devmapper.h"
#define DEVMAPPER_BUFFER_SIZE 4096
-int Devmapper::dumpState(SocketClient *c) {
+using android::base::StringPrintf;
- char *buffer = (char *) malloc(1024 * 64);
- if (!buffer) {
- SLOGE("Error allocating memory (%s)", strerror(errno));
- return -1;
- }
- memset(buffer, 0, (1024 * 64));
-
- char *buffer2 = (char *) malloc(DEVMAPPER_BUFFER_SIZE);
- if (!buffer2) {
- SLOGE("Error allocating memory (%s)", strerror(errno));
- free(buffer);
- return -1;
- }
-
- int fd;
- if ((fd = open("/dev/device-mapper", O_RDWR | O_CLOEXEC)) < 0) {
- SLOGE("Error opening devmapper (%s)", strerror(errno));
- free(buffer);
- free(buffer2);
- return -1;
- }
-
- struct dm_ioctl *io = (struct dm_ioctl *) buffer;
- ioctlInit(io, (1024 * 64), NULL, 0);
-
- if (ioctl(fd, DM_LIST_DEVICES, io)) {
- SLOGE("DM_LIST_DEVICES ioctl failed (%s)", strerror(errno));
- free(buffer);
- free(buffer2);
- close(fd);
- return -1;
- }
-
- struct dm_name_list *n = (struct dm_name_list *) (((char *) buffer) + io->data_start);
- if (!n->dev) {
- free(buffer);
- free(buffer2);
- close(fd);
- return 0;
- }
-
- unsigned nxt = 0;
- do {
- n = (struct dm_name_list *) (((char *) n) + nxt);
-
- memset(buffer2, 0, DEVMAPPER_BUFFER_SIZE);
- struct dm_ioctl *io2 = (struct dm_ioctl *) buffer2;
- ioctlInit(io2, DEVMAPPER_BUFFER_SIZE, n->name, 0);
- if (ioctl(fd, DM_DEV_STATUS, io2)) {
- if (errno != ENXIO) {
- SLOGE("DM_DEV_STATUS ioctl failed (%s)", strerror(errno));
- }
- io2 = NULL;
- }
-
- char *tmp;
- if (!io2) {
- asprintf(&tmp, "%s %llu:%llu (no status available)", n->name, MAJOR(n->dev), MINOR(n->dev));
- } else {
- asprintf(&tmp, "%s %llu:%llu %d %d 0x%.8x %llu:%llu", n->name, MAJOR(n->dev),
- MINOR(n->dev), io2->target_count, io2->open_count, io2->flags, MAJOR(io2->dev),
- MINOR(io2->dev));
- }
- c->sendMsg(0, tmp, false);
- free(tmp);
- nxt = n->next;
- } while (nxt);
-
- free(buffer);
- free(buffer2);
- close(fd);
- return 0;
-}
+static const char* kVoldPrefix = "vold:";
void Devmapper::ioctlInit(struct dm_ioctl *io, size_t dataSize,
const char *name, unsigned flags) {
@@ -130,7 +62,10 @@
}
}
-int Devmapper::lookupActive(const char *name, char *ubuffer, size_t len) {
+int Devmapper::lookupActive(const char *name_raw, char *ubuffer, size_t len) {
+ auto name_string = StringPrintf("%s%s", kVoldPrefix, name_raw);
+ const char* name = name_string.c_str();
+
char *buffer = (char *) malloc(DEVMAPPER_BUFFER_SIZE);
if (!buffer) {
SLOGE("Error allocating memory (%s)", strerror(errno));
@@ -163,8 +98,11 @@
return 0;
}
-int Devmapper::create(const char *name, const char *loopFile, const char *key,
+int Devmapper::create(const char *name_raw, const char *loopFile, const char *key,
unsigned long numSectors, char *ubuffer, size_t len) {
+ auto name_string = StringPrintf("%s%s", kVoldPrefix, name_raw);
+ const char* name = name_string.c_str();
+
char *buffer = (char *) malloc(DEVMAPPER_BUFFER_SIZE);
if (!buffer) {
SLOGE("Error allocating memory (%s)", strerror(errno));
@@ -261,7 +199,10 @@
return 0;
}
-int Devmapper::destroy(const char *name) {
+int Devmapper::destroy(const char *name_raw) {
+ auto name_string = StringPrintf("%s%s", kVoldPrefix, name_raw);
+ const char* name = name_string.c_str();
+
char *buffer = (char *) malloc(DEVMAPPER_BUFFER_SIZE);
if (!buffer) {
SLOGE("Error allocating memory (%s)", strerror(errno));
@@ -294,6 +235,75 @@
return 0;
}
+int Devmapper::destroyAll() {
+ ATRACE_NAME("Devmapper::destroyAll");
+ char *buffer = (char *) malloc(1024 * 64);
+ if (!buffer) {
+ SLOGE("Error allocating memory (%s)", strerror(errno));
+ return -1;
+ }
+ memset(buffer, 0, (1024 * 64));
+
+ char *buffer2 = (char *) malloc(DEVMAPPER_BUFFER_SIZE);
+ if (!buffer2) {
+ SLOGE("Error allocating memory (%s)", strerror(errno));
+ free(buffer);
+ return -1;
+ }
+
+ int fd;
+ if ((fd = open("/dev/device-mapper", O_RDWR | O_CLOEXEC)) < 0) {
+ SLOGE("Error opening devmapper (%s)", strerror(errno));
+ free(buffer);
+ free(buffer2);
+ return -1;
+ }
+
+ struct dm_ioctl *io = (struct dm_ioctl *) buffer;
+ ioctlInit(io, (1024 * 64), NULL, 0);
+
+ if (ioctl(fd, DM_LIST_DEVICES, io)) {
+ SLOGE("DM_LIST_DEVICES ioctl failed (%s)", strerror(errno));
+ free(buffer);
+ free(buffer2);
+ close(fd);
+ return -1;
+ }
+
+ struct dm_name_list *n = (struct dm_name_list *) (((char *) buffer) + io->data_start);
+ if (!n->dev) {
+ free(buffer);
+ free(buffer2);
+ close(fd);
+ return 0;
+ }
+
+ unsigned nxt = 0;
+ do {
+ n = (struct dm_name_list *) (((char *) n) + nxt);
+ if (strncmp(n->name, kVoldPrefix, strlen(kVoldPrefix)) == 0) {
+ LOG(DEBUG) << "Tearing down stale dm device named " << n->name;
+
+ memset(buffer2, 0, DEVMAPPER_BUFFER_SIZE);
+ struct dm_ioctl *io2 = (struct dm_ioctl *) buffer2;
+ ioctlInit(io2, DEVMAPPER_BUFFER_SIZE, n->name, 0);
+ if (ioctl(fd, DM_DEV_REMOVE, io2)) {
+ if (errno != ENXIO) {
+ PLOG(WARNING) << "Failed to destroy dm device named " << n->name;
+ }
+ }
+ } else {
+ LOG(VERBOSE) << "Found unmanaged dm device named " << n->name;
+ }
+ nxt = n->next;
+ } while (nxt);
+
+ free(buffer);
+ free(buffer2);
+ close(fd);
+ return 0;
+}
+
void *Devmapper::_align(void *ptr, unsigned int a)
{
unsigned long agn = --a;
diff --git a/Devmapper.h b/Devmapper.h
index 5b65b53..086ad78 100644
--- a/Devmapper.h
+++ b/Devmapper.h
@@ -20,15 +20,13 @@
#include <unistd.h>
#include <linux/dm-ioctl.h>
-class SocketClient;
-
class Devmapper {
public:
static int create(const char *name, const char *loopFile, const char *key,
unsigned long numSectors, char *buffer, size_t len);
static int destroy(const char *name);
+ static int destroyAll();
static int lookupActive(const char *name, char *buffer, size_t len);
- static int dumpState(SocketClient *c);
private:
static void *_align(void *ptr, unsigned int a);
diff --git a/EncryptInplace.cpp b/EncryptInplace.cpp
index 9aa2a21..4ffb8cd 100644
--- a/EncryptInplace.cpp
+++ b/EncryptInplace.cpp
@@ -18,7 +18,6 @@
#include <stdio.h>
#include <stdint.h>
-#include <stdbool.h>
#include <inttypes.h>
#include <time.h>
#include <sys/types.h>
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index dc2e42a..3ac6428 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -304,7 +304,7 @@
LOG(DEBUG) << "Skipping non-de-key " << entry->d_name;
continue;
}
- userid_t user_id = atoi(entry->d_name);
+ userid_t user_id = std::stoi(entry->d_name);
if (s_de_key_raw_refs.count(user_id) == 0) {
auto key_path = de_dir + "/" + entry->d_name;
KeyBuffer key;
diff --git a/Loop.cpp b/Loop.cpp
index 6ec5e6d..1eb9865 100644
--- a/Loop.cpp
+++ b/Loop.cpp
@@ -14,8 +14,11 @@
* limitations under the License.
*/
+#define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
+
#include <stdio.h>
#include <stdlib.h>
+#include <dirent.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
@@ -35,59 +38,21 @@
#include <android-base/logging.h>
#include <android-base/stringprintf.h>
#include <android-base/unique_fd.h>
+#include <utils/Trace.h>
-#include <sysutils/SocketClient.h>
#include "Loop.h"
-#include "Asec.h"
#include "VoldUtil.h"
#include "sehandle.h"
using android::base::StringPrintf;
using android::base::unique_fd;
-int Loop::dumpState(SocketClient *c) {
- int i;
- int fd;
- char filename[256];
+static const char* kVoldPrefix = "vold:";
- for (i = 0; i < LOOP_MAX; i++) {
- struct loop_info64 li;
- int rc;
+int Loop::lookupActive(const char *id_raw, char *buffer, size_t len) {
+ auto id_string = StringPrintf("%s%s", kVoldPrefix, id_raw);
+ const char* id = id_string.c_str();
- snprintf(filename, sizeof(filename), "/dev/block/loop%d", i);
-
- if ((fd = open(filename, O_RDWR | O_CLOEXEC)) < 0) {
- if (errno != ENOENT) {
- SLOGE("Unable to open %s (%s)", filename, strerror(errno));
- } else {
- continue;
- }
- return -1;
- }
-
- rc = ioctl(fd, LOOP_GET_STATUS64, &li);
- close(fd);
- if (rc < 0 && errno == ENXIO) {
- continue;
- }
-
- if (rc < 0) {
- SLOGE("Unable to get loop status for %s (%s)", filename,
- strerror(errno));
- return -1;
- }
- char *tmp = NULL;
- asprintf(&tmp, "%s %d %lld:%lld %llu %lld:%lld %lld 0x%x {%s} {%s}", filename, li.lo_number,
- MAJOR(li.lo_device), MINOR(li.lo_device), li.lo_inode, MAJOR(li.lo_rdevice),
- MINOR(li.lo_rdevice), li.lo_offset, li.lo_flags, li.lo_crypt_name,
- li.lo_file_name);
- c->sendMsg(0, tmp, false);
- free(tmp);
- }
- return 0;
-}
-
-int Loop::lookupActive(const char *id, char *buffer, size_t len) {
int i;
int fd;
char filename[256];
@@ -134,7 +99,10 @@
return 0;
}
-int Loop::create(const char *id, const char *loopFile, char *loopDeviceBuffer, size_t len) {
+int Loop::create(const char *id_raw, const char *loopFile, char *loopDeviceBuffer, size_t len) {
+ auto id_string = StringPrintf("%s%s", kVoldPrefix, id_raw);
+ const char* id = id_string.c_str();
+
int i;
int fd;
char filename[256];
@@ -267,6 +235,14 @@
return -errno;
}
+ struct loop_info64 li;
+ memset(&li, 0, sizeof(li));
+ strlcpy((char*) li.lo_crypt_name, kVoldPrefix, LO_NAME_SIZE);
+ if (ioctl(device_fd.get(), LOOP_SET_STATUS64, &li) == -1) {
+ PLOG(ERROR) << "Failed to LOOP_SET_STATUS64";
+ return -errno;
+ }
+
return 0;
}
@@ -289,9 +265,51 @@
return 0;
}
-int Loop::destroyByFile(const char * /*loopFile*/) {
- errno = ENOSYS;
- return -1;
+int Loop::destroyAll() {
+ ATRACE_NAME("Loop::destroyAll");
+
+ DIR* dir;
+ struct dirent* de;
+
+ std::string root = "/dev/block/";
+ if (!(dir = opendir(root.c_str()))) {
+ PLOG(ERROR) << "Failed to opendir";
+ return -1;
+ }
+
+ // Poke through all devices looking for loops
+ while ((de = readdir(dir))) {
+ if (strncmp(de->d_name, "loop", 4) != 0) continue;
+
+ auto path = root + de->d_name;
+ unique_fd fd(open(path.c_str(), O_RDWR | O_CLOEXEC));
+ if (fd.get() == -1) {
+ if (errno != ENOENT) {
+ PLOG(WARNING) << "Failed to open " << path;
+ }
+ continue;
+ }
+
+ struct loop_info64 li;
+ if (ioctl(fd.get(), LOOP_GET_STATUS64, &li) < 0) {
+ PLOG(WARNING) << "Failed to LOOP_GET_STATUS64 " << path;
+ continue;
+ }
+
+ char* id = (char*) li.lo_crypt_name;
+ if (strncmp(id, kVoldPrefix, strlen(kVoldPrefix)) == 0) {
+ LOG(DEBUG) << "Tearing down stale loop device at " << path << " named " << id;
+
+ if (ioctl(fd.get(), LOOP_CLR_FD, 0) < 0) {
+ PLOG(WARNING) << "Failed to LOOP_CLR_FD " << path;
+ }
+ } else {
+ LOG(VERBOSE) << "Found unmanaged loop device at " << path << " named " << id;
+ }
+ }
+
+ closedir(dir);
+ return 0;
}
int Loop::createImageFile(const char *file, unsigned long numSectors) {
@@ -337,46 +355,3 @@
close(fd);
return 0;
}
-
-int Loop::lookupInfo(const char *loopDevice, struct asec_superblock *sb, unsigned long *nr_sec) {
- int fd;
- struct asec_superblock buffer;
-
- if ((fd = open(loopDevice, O_RDONLY | O_CLOEXEC)) < 0) {
- SLOGE("Failed to open loopdevice (%s)", strerror(errno));
- destroyByDevice(loopDevice);
- return -1;
- }
-
- get_blkdev_size(fd, nr_sec);
- if (*nr_sec == 0) {
- SLOGE("Failed to get loop size (%s)", strerror(errno));
- destroyByDevice(loopDevice);
- close(fd);
- return -1;
- }
-
- /*
- * Try to read superblock.
- */
- memset(&buffer, 0, sizeof(struct asec_superblock));
- if (lseek(fd, ((*nr_sec - 1) * 512), SEEK_SET) < 0) {
- SLOGE("lseek failed (%s)", strerror(errno));
- close(fd);
- destroyByDevice(loopDevice);
- return -1;
- }
- if (read(fd, &buffer, sizeof(struct asec_superblock)) != sizeof(struct asec_superblock)) {
- SLOGE("superblock read failed (%s)", strerror(errno));
- close(fd);
- destroyByDevice(loopDevice);
- return -1;
- }
- close(fd);
-
- /*
- * Superblock successfully read. Copy to caller's struct.
- */
- memcpy(sb, &buffer, sizeof(struct asec_superblock));
- return 0;
-}
diff --git a/Loop.h b/Loop.h
index 5d8f427..654b8ad 100644
--- a/Loop.h
+++ b/Loop.h
@@ -21,22 +21,17 @@
#include <unistd.h>
#include <linux/loop.h>
-class SocketClient;
-
class Loop {
public:
static const int LOOP_MAX = 4096;
public:
static int lookupActive(const char *id, char *buffer, size_t len);
- static int lookupInfo(const char *loopDevice, struct asec_superblock *sb, unsigned long *nr_sec);
static int create(const char *id, const char *loopFile, char *loopDeviceBuffer, size_t len);
static int create(const std::string& file, std::string& out_device);
static int destroyByDevice(const char *loopDevice);
- static int destroyByFile(const char *loopFile);
+ static int destroyAll();
static int createImageFile(const char *file, unsigned long numSectors);
static int resizeImageFile(const char *file, unsigned long numSectors);
-
- static int dumpState(SocketClient *c);
};
#endif
diff --git a/MoveTask.cpp b/MoveTask.cpp
index c565752..4268ed4 100644
--- a/MoveTask.cpp
+++ b/MoveTask.cpp
@@ -17,7 +17,6 @@
#include "MoveTask.h"
#include "Utils.h"
#include "VolumeManager.h"
-#include "ResponseCode.h"
#include <android-base/stringprintf.h>
#include <android-base/logging.h>
@@ -45,9 +44,9 @@
static const char* kWakeLock = "MoveTask";
-MoveTask::MoveTask(const std::shared_ptr<VolumeBase>& from,
- const std::shared_ptr<VolumeBase>& to) :
- mFrom(from), mTo(to) {
+MoveTask::MoveTask(const std::shared_ptr<VolumeBase>& from, const std::shared_ptr<VolumeBase>& to,
+ const android::sp<android::os::IVoldTaskListener>& listener) :
+ mFrom(from), mTo(to), mListener(listener) {
}
MoveTask::~MoveTask() {
@@ -57,9 +56,11 @@
mThread = std::thread(&MoveTask::run, this);
}
-static void notifyProgress(int progress) {
- VolumeManager::Instance()->getBroadcaster()->sendBroadcast(ResponseCode::MoveStatus,
- StringPrintf("%d", progress).c_str(), false);
+void MoveTask::notifyProgress(int progress) {
+ if (mListener) {
+ android::os::PersistableBundle extras;
+ mListener->onStatus(progress, extras);
+ }
}
static status_t pushBackContents(const std::string& path, std::vector<std::string>& cmd,
@@ -85,7 +86,7 @@
return found ? OK : -1;
}
-static status_t execRm(const std::string& path, int startProgress, int stepProgress) {
+status_t MoveTask::execRm(const std::string& path, int startProgress, int stepProgress) {
notifyProgress(startProgress);
uint64_t expectedBytes = GetTreeBytes(path);
@@ -126,7 +127,7 @@
#endif
}
-static status_t execCp(const std::string& fromPath, const std::string& toPath,
+status_t MoveTask::execCp(const std::string& fromPath, const std::string& toPath,
int startProgress, int stepProgress) {
notifyProgress(startProgress);
diff --git a/MoveTask.h b/MoveTask.h
index b1777c0..246a24d 100644
--- a/MoveTask.h
+++ b/MoveTask.h
@@ -17,8 +17,9 @@
#ifndef ANDROID_VOLD_MOVE_TASK_H
#define ANDROID_VOLD_MOVE_TASK_H
+#include "android/os/IVoldTaskListener.h"
#include "Utils.h"
-#include "VolumeBase.h"
+#include "model/VolumeBase.h"
#include <thread>
@@ -27,7 +28,8 @@
class MoveTask {
public:
- MoveTask(const std::shared_ptr<VolumeBase>& from, const std::shared_ptr<VolumeBase>& to);
+ MoveTask(const std::shared_ptr<VolumeBase>& from, const std::shared_ptr<VolumeBase>& to,
+ const android::sp<android::os::IVoldTaskListener>& listener);
virtual ~MoveTask();
void start();
@@ -35,10 +37,17 @@
private:
std::shared_ptr<VolumeBase> mFrom;
std::shared_ptr<VolumeBase> mTo;
+ android::sp<android::os::IVoldTaskListener> mListener;
std::thread mThread;
void run();
+ void notifyProgress(int progress);
+
+ status_t execRm(const std::string& path, int startProgress, int stepProgress);
+ status_t execCp(const std::string& fromPath, const std::string& toPath,
+ int startProgress, int stepProgress);
+
DISALLOW_COPY_AND_ASSIGN(MoveTask);
};
diff --git a/ResponseCode.cpp b/ResponseCode.cpp
deleted file mode 100644
index d7e778d..0000000
--- a/ResponseCode.cpp
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2008 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <string.h>
-
-#define LOG_TAG "Vold"
-
-#include <cutils/log.h>
-
-#include "ResponseCode.h"
-
-int ResponseCode::convertFromErrno() {
- if (errno == ENODEV) {
- return(ResponseCode::OpFailedNoMedia);
- } else if (errno == ENODATA) {
- return(ResponseCode::OpFailedMediaBlank);
- } else if (errno == EIO) {
- return(ResponseCode::OpFailedMediaCorrupt);
- } else if (errno == EBUSY) {
- return(ResponseCode::OpFailedStorageBusy);
- } else if (errno == ENOENT) {
- return(ResponseCode::OpFailedStorageNotFound);
- }
-
- SLOGW("Returning OperationFailed - no handler for errno %d", errno);
- return(ResponseCode::OperationFailed);
-}
diff --git a/ResponseCode.h b/ResponseCode.h
deleted file mode 100644
index f2c533e..0000000
--- a/ResponseCode.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (C) 2008 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef _RESPONSECODE_H
-#define _RESPONSECODE_H
-
-class ResponseCode {
-public:
- // 100 series - Requestion action was initiated; expect another reply
- // before proceeding with a new command.
- static const int ActionInitiated = 100;
-
- static const int VolumeListResult = 110;
- static const int AsecListResult = 111;
- static const int StorageUsersListResult = 112;
- static const int CryptfsGetfieldResult = 113;
-
- // 200 series - Requested action has been successfully completed
- static const int CommandOkay = 200;
- static const int ShareStatusResult = 210;
- static const int AsecPathResult = 211;
- static const int ShareEnabledResult = 212;
- static const int PasswordTypeResult = 213;
-
- // 400 series - The command was accepted but the requested action
- // did not take place.
- static const int OperationFailed = 400;
- static const int OpFailedNoMedia = 401;
- static const int OpFailedMediaBlank = 402;
- static const int OpFailedMediaCorrupt = 403;
- static const int OpFailedVolNotMounted = 404;
- static const int OpFailedStorageBusy = 405;
- static const int OpFailedStorageNotFound = 406;
-
- // 500 series - The command was not accepted and the requested
- // action did not take place.
- static const int CommandSyntaxError = 500;
- static const int CommandParameterError = 501;
- static const int CommandNoPermission = 502;
-
- // 600 series - Unsolicited broadcasts
- static const int UnsolicitedInformational = 600;
- static const int VolumeStateChange = 605;
- static const int VolumeMountFailedBlank = 610;
- static const int VolumeMountFailedDamaged = 611;
- static const int VolumeMountFailedNoMedia = 612;
- static const int VolumeUuidChange = 613;
- static const int VolumeUserLabelChange = 614;
-
- static const int ShareAvailabilityChange = 620;
-
- static const int VolumeDiskInserted = 630;
- static const int VolumeDiskRemoved = 631;
- static const int VolumeBadRemoval = 632;
-
- static const int DiskCreated = 640;
- static const int DiskSizeChanged = 641;
- static const int DiskLabelChanged = 642;
- static const int DiskScanned = 643;
- static const int DiskSysPathChanged = 644;
- static const int DiskDestroyed = 649;
-
- static const int VolumeCreated = 650;
- static const int VolumeStateChanged = 651;
- static const int VolumeFsTypeChanged = 652;
- static const int VolumeFsUuidChanged = 653;
- static const int VolumeFsLabelChanged = 654;
- static const int VolumePathChanged = 655;
- static const int VolumeInternalPathChanged = 656;
- static const int VolumeDestroyed = 659;
-
- static const int MoveStatus = 660;
- static const int BenchmarkResult = 661;
- static const int TrimResult = 662;
-
- static int convertFromErrno();
-};
-#endif
diff --git a/TrimTask.cpp b/TrimTask.cpp
index 08e6499..fafb345 100644
--- a/TrimTask.cpp
+++ b/TrimTask.cpp
@@ -15,10 +15,8 @@
*/
#include "TrimTask.h"
-#include "Benchmark.h"
#include "Utils.h"
#include "VolumeManager.h"
-#include "ResponseCode.h"
#include <android-base/stringprintf.h>
#include <android-base/logging.h>
@@ -37,8 +35,6 @@
/* From a would-be kernel header */
#define FIDTRIM _IOWR('f', 128, struct fstrim_range) /* Deep discard trim */
-#define BENCHMARK_ENABLED 1
-
using android::base::StringPrintf;
namespace android {
@@ -46,7 +42,8 @@
static const char* kWakeLock = "TrimTask";
-TrimTask::TrimTask(int flags) : mFlags(flags) {
+TrimTask::TrimTask(int flags, const android::sp<android::os::IVoldTaskListener>& listener) :
+ mFlags(flags), mListener(listener) {
// Collect both fstab and vold volumes
addFromFstab();
@@ -102,23 +99,21 @@
mThread = std::thread(&TrimTask::run, this);
}
-static void notifyResult(const std::string& path, int64_t bytes, int64_t delta) {
- std::string res(path
- + " " + std::to_string(bytes)
- + " " + std::to_string(delta));
- VolumeManager::Instance()->getBroadcaster()->sendBroadcast(
- ResponseCode::TrimResult, res.c_str(), false);
-}
-
void TrimTask::run() {
acquire_wake_lock(PARTIAL_WAKE_LOCK, kWakeLock);
for (const auto& path : mPaths) {
LOG(DEBUG) << "Starting trim of " << path;
+ android::os::PersistableBundle extras;
+ extras.putString(String16("path"), String16(path.c_str()));
+
int fd = open(path.c_str(), O_RDONLY | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
if (fd < 0) {
PLOG(WARNING) << "Failed to open " << path;
+ if (mListener) {
+ mListener->onStatus(-1, extras);
+ }
continue;
}
@@ -129,22 +124,25 @@
nsecs_t start = systemTime(SYSTEM_TIME_BOOTTIME);
if (ioctl(fd, (mFlags & Flags::kDeepTrim) ? FIDTRIM : FITRIM, &range)) {
PLOG(WARNING) << "Trim failed on " << path;
- notifyResult(path, -1, -1);
+ if (mListener) {
+ mListener->onStatus(-1, extras);
+ }
} else {
- nsecs_t delta = systemTime(SYSTEM_TIME_BOOTTIME) - start;
+ nsecs_t time = systemTime(SYSTEM_TIME_BOOTTIME) - start;
LOG(INFO) << "Trimmed " << range.len << " bytes on " << path
- << " in " << nanoseconds_to_milliseconds(delta) << "ms";
- notifyResult(path, range.len, delta);
+ << " in " << nanoseconds_to_milliseconds(time) << "ms";
+ extras.putLong(String16("bytes"), range.len);
+ extras.putLong(String16("time"), time);
+ if (mListener) {
+ mListener->onStatus(0, extras);
+ }
}
close(fd);
+ }
- if (mFlags & Flags::kBenchmarkAfter) {
-#if BENCHMARK_ENABLED
- BenchmarkPrivate(path);
-#else
- LOG(DEBUG) << "Benchmark disabled";
-#endif
- }
+ if (mListener) {
+ android::os::PersistableBundle extras;
+ mListener->onFinished(0, extras);
}
release_wake_lock(kWakeLock);
diff --git a/TrimTask.h b/TrimTask.h
index 2ade7b5..a87728b 100644
--- a/TrimTask.h
+++ b/TrimTask.h
@@ -17,6 +17,7 @@
#ifndef ANDROID_VOLD_TRIM_TASK_H
#define ANDROID_VOLD_TRIM_TASK_H
+#include "android/os/IVoldTaskListener.h"
#include "Utils.h"
#include <thread>
@@ -27,18 +28,18 @@
class TrimTask {
public:
- explicit TrimTask(int flags);
+ explicit TrimTask(int flags, const android::sp<android::os::IVoldTaskListener>& listener);
virtual ~TrimTask();
enum Flags {
kDeepTrim = 1 << 0,
- kBenchmarkAfter = 1 << 1,
};
void start();
private:
int mFlags;
+ android::sp<android::os::IVoldTaskListener> mListener;
std::list<std::string> mPaths;
std::thread mThread;
diff --git a/Utils.h b/Utils.h
index 82ac440..4e2be96 100644
--- a/Utils.h
+++ b/Utils.h
@@ -19,6 +19,7 @@
#include "KeyBuffer.h"
+#include <android-base/macros.h>
#include <utils/Errors.h>
#include <cutils/multiuser.h>
#include <selinux/selinux.h>
@@ -26,14 +27,6 @@
#include <vector>
#include <string>
-// DISALLOW_COPY_AND_ASSIGN disallows the copy and operator= functions. It goes in the private:
-// declarations in a class.
-#if !defined(DISALLOW_COPY_AND_ASSIGN)
-#define DISALLOW_COPY_AND_ASSIGN(TypeName) \
- TypeName(const TypeName&) = delete; \
- void operator=(const TypeName&) = delete
-#endif
-
struct DIR;
namespace android {
diff --git a/VoldCommand.cpp b/VoldCommand.cpp
deleted file mode 100644
index 3c0d58d..0000000
--- a/VoldCommand.cpp
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright (C) 2008 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "VoldCommand.h"
-
-VoldCommand::VoldCommand(const char *cmd) :
- FrameworkCommand(cmd) {
-}
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
new file mode 100644
index 0000000..049f5ba
--- /dev/null
+++ b/VoldNativeService.cpp
@@ -0,0 +1,720 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
+
+#include "VoldNativeService.h"
+#include "VolumeManager.h"
+#include "BenchmarkTask.h"
+#include "MoveTask.h"
+#include "Process.h"
+#include "TrimTask.h"
+
+#include "cryptfs.h"
+#include "Ext4Crypt.h"
+#include "MetadataCrypt.h"
+
+#include <fstream>
+
+#include <android-base/logging.h>
+#include <android-base/stringprintf.h>
+#include <android-base/strings.h>
+#include <fs_mgr.h>
+#include <private/android_filesystem_config.h>
+#include <utils/Trace.h>
+
+#ifndef LOG_TAG
+#define LOG_TAG "vold"
+#endif
+
+using android::base::StringPrintf;
+using std::endl;
+
+namespace android {
+namespace vold {
+
+namespace {
+
+constexpr const char* kDump = "android.permission.DUMP";
+
+static binder::Status ok() {
+ return binder::Status::ok();
+}
+
+static binder::Status exception(uint32_t code, const std::string& msg) {
+ return binder::Status::fromExceptionCode(code, String8(msg.c_str()));
+}
+
+static binder::Status error(const std::string& msg) {
+ PLOG(ERROR) << msg;
+ return binder::Status::fromServiceSpecificError(errno, String8(msg.c_str()));
+}
+
+static binder::Status translate(int status) {
+ if (status == 0) {
+ return binder::Status::ok();
+ } else {
+ return binder::Status::fromServiceSpecificError(status);
+ }
+}
+
+static binder::Status translateBool(bool status) {
+ if (status) {
+ return binder::Status::ok();
+ } else {
+ return binder::Status::fromServiceSpecificError(status);
+ }
+}
+
+binder::Status checkPermission(const char* permission) {
+ pid_t pid;
+ uid_t uid;
+
+ if (checkCallingPermission(String16(permission), reinterpret_cast<int32_t*>(&pid),
+ reinterpret_cast<int32_t*>(&uid))) {
+ return ok();
+ } else {
+ return exception(binder::Status::EX_SECURITY,
+ StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission));
+ }
+}
+
+binder::Status checkUid(uid_t expectedUid) {
+ uid_t uid = IPCThreadState::self()->getCallingUid();
+ if (uid == expectedUid || uid == AID_ROOT) {
+ return ok();
+ } else {
+ return exception(binder::Status::EX_SECURITY,
+ StringPrintf("UID %d is not expected UID %d", uid, expectedUid));
+ }
+}
+
+binder::Status checkArgumentId(const std::string& id) {
+ if (id.empty()) {
+ return exception(binder::Status::EX_ILLEGAL_ARGUMENT, "Missing ID");
+ }
+ for (const char& c : id) {
+ if (!std::isalnum(c) && c != ':' && c != ',') {
+ return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
+ StringPrintf("ID %s is malformed", id.c_str()));
+ }
+ }
+ return ok();
+}
+
+binder::Status checkArgumentPath(const std::string& path) {
+ if (path.empty()) {
+ return exception(binder::Status::EX_ILLEGAL_ARGUMENT, "Missing path");
+ }
+ if (path[0] != '/') {
+ return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
+ StringPrintf("Path %s is relative", path.c_str()));
+ }
+ for (const char& c : path) {
+ if (c == '\0' || c == '\n') {
+ return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
+ StringPrintf("Path %s is malformed", path.c_str()));
+ }
+ }
+ return ok();
+}
+
+binder::Status checkArgumentHex(const std::string& hex) {
+ // Empty hex strings are allowed
+ for (const char& c : hex) {
+ if (!std::isxdigit(c) && c != ':' && c != '-') {
+ return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
+ StringPrintf("Hex %s is malformed", hex.c_str()));
+ }
+ }
+ return ok();
+}
+
+#define ENFORCE_UID(uid) { \
+ binder::Status status = checkUid((uid)); \
+ if (!status.isOk()) { \
+ return status; \
+ } \
+}
+
+#define CHECK_ARGUMENT_ID(id) { \
+ binder::Status status = checkArgumentId((id)); \
+ if (!status.isOk()) { \
+ return status; \
+ } \
+}
+
+#define CHECK_ARGUMENT_PATH(path) { \
+ binder::Status status = checkArgumentPath((path)); \
+ if (!status.isOk()) { \
+ return status; \
+ } \
+}
+
+#define CHECK_ARGUMENT_HEX(hex) { \
+ binder::Status status = checkArgumentHex((hex)); \
+ if (!status.isOk()) { \
+ return status; \
+ } \
+}
+
+#define ACQUIRE_LOCK \
+ std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getLock()); \
+ ATRACE_CALL();
+
+#define ACQUIRE_CRYPT_LOCK \
+ std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getCryptLock()); \
+ ATRACE_CALL();
+
+} // namespace
+
+status_t VoldNativeService::start() {
+ IPCThreadState::self()->disableBackgroundScheduling(true);
+ status_t ret = BinderService<VoldNativeService>::publish();
+ if (ret != android::OK) {
+ return ret;
+ }
+ sp<ProcessState> ps(ProcessState::self());
+ ps->startThreadPool();
+ ps->giveThreadPoolName();
+ return android::OK;
+}
+
+status_t VoldNativeService::dump(int fd, const Vector<String16> & /* args */) {
+ auto out = std::fstream(StringPrintf("/proc/self/fd/%d", fd));
+ const binder::Status dump_permission = checkPermission(kDump);
+ if (!dump_permission.isOk()) {
+ out << dump_permission.toString8() << endl;
+ return PERMISSION_DENIED;
+ }
+
+ ACQUIRE_LOCK;
+ out << "vold is happy!" << endl;
+ out.flush();
+ return NO_ERROR;
+}
+
+binder::Status VoldNativeService::setListener(
+ const android::sp<android::os::IVoldListener>& listener) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_LOCK;
+
+ VolumeManager::Instance()->setListener(listener);
+ return ok();
+}
+
+binder::Status VoldNativeService::monitor() {
+ ENFORCE_UID(AID_SYSTEM);
+
+ // Simply acquire/release each lock for watchdog
+ {
+ ACQUIRE_LOCK;
+ }
+ {
+ ACQUIRE_CRYPT_LOCK;
+ }
+
+ return ok();
+}
+
+binder::Status VoldNativeService::reset() {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_LOCK;
+
+ return translate(VolumeManager::Instance()->reset());
+}
+
+binder::Status VoldNativeService::shutdown() {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_LOCK;
+
+ return translate(VolumeManager::Instance()->shutdown());
+}
+
+binder::Status VoldNativeService::mountAll() {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_LOCK;
+
+ struct fstab* fstab = fs_mgr_read_fstab_default();
+ int res = fs_mgr_mount_all(fstab, MOUNT_MODE_DEFAULT);
+ fs_mgr_free_fstab(fstab);
+ return translate(res);
+}
+
+binder::Status VoldNativeService::onUserAdded(int32_t userId, int32_t userSerial) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_LOCK;
+
+ return translate(VolumeManager::Instance()->onUserAdded(userId, userSerial));
+}
+
+binder::Status VoldNativeService::onUserRemoved(int32_t userId) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_LOCK;
+
+ return translate(VolumeManager::Instance()->onUserRemoved(userId));
+}
+
+binder::Status VoldNativeService::onUserStarted(int32_t userId) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_LOCK;
+
+ return translate(VolumeManager::Instance()->onUserStarted(userId));
+}
+
+binder::Status VoldNativeService::onUserStopped(int32_t userId) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_LOCK;
+
+ return translate(VolumeManager::Instance()->onUserStopped(userId));
+}
+
+binder::Status VoldNativeService::partition(const std::string& diskId, int32_t partitionType,
+ int32_t ratio) {
+ ENFORCE_UID(AID_SYSTEM);
+ CHECK_ARGUMENT_ID(diskId);
+ ACQUIRE_LOCK;
+
+ auto disk = VolumeManager::Instance()->findDisk(diskId);
+ if (disk == nullptr) {
+ return error("Failed to find disk " + diskId);
+ }
+ switch (partitionType) {
+ case PARTITION_TYPE_PUBLIC: return translate(disk->partitionPublic());
+ case PARTITION_TYPE_PRIVATE: return translate(disk->partitionPrivate());
+ case PARTITION_TYPE_MIXED: return translate(disk->partitionMixed(ratio));
+ default: return error("Unknown type " + std::to_string(partitionType));
+ }
+}
+
+binder::Status VoldNativeService::forgetPartition(const std::string& partGuid) {
+ ENFORCE_UID(AID_SYSTEM);
+ CHECK_ARGUMENT_HEX(partGuid);
+ ACQUIRE_LOCK;
+
+ return translate(VolumeManager::Instance()->forgetPartition(partGuid));
+}
+
+binder::Status VoldNativeService::mount(const std::string& volId, int32_t mountFlags,
+ int32_t mountUserId) {
+ ENFORCE_UID(AID_SYSTEM);
+ CHECK_ARGUMENT_ID(volId);
+ ACQUIRE_LOCK;
+
+ auto vol = VolumeManager::Instance()->findVolume(volId);
+ if (vol == nullptr) {
+ return error("Failed to find volume " + volId);
+ }
+
+ vol->setMountFlags(mountFlags);
+ vol->setMountUserId(mountUserId);
+
+ int res = vol->mount();
+ if ((mountFlags & MOUNT_FLAG_PRIMARY) != 0) {
+ VolumeManager::Instance()->setPrimary(vol);
+ }
+ return translate(res);
+}
+
+binder::Status VoldNativeService::unmount(const std::string& volId) {
+ ENFORCE_UID(AID_SYSTEM);
+ CHECK_ARGUMENT_ID(volId);
+ ACQUIRE_LOCK;
+
+ auto vol = VolumeManager::Instance()->findVolume(volId);
+ if (vol == nullptr) {
+ return error("Failed to find volume " + volId);
+ }
+ return translate(vol->unmount());
+}
+
+binder::Status VoldNativeService::format(const std::string& volId, const std::string& fsType) {
+ ENFORCE_UID(AID_SYSTEM);
+ CHECK_ARGUMENT_ID(volId);
+ ACQUIRE_LOCK;
+
+ auto vol = VolumeManager::Instance()->findVolume(volId);
+ if (vol == nullptr) {
+ return error("Failed to find volume " + volId);
+ }
+ return translate(vol->format(fsType));
+}
+
+binder::Status VoldNativeService::benchmark(const std::string& volId,
+ const android::sp<android::os::IVoldTaskListener>& listener) {
+ ENFORCE_UID(AID_SYSTEM);
+ CHECK_ARGUMENT_ID(volId);
+ ACQUIRE_LOCK;
+
+ std::string path;
+ if (volId == "private" || volId == "null") {
+ path = "/data";
+ } else {
+ auto vol = VolumeManager::Instance()->findVolume(volId);
+ if (vol == nullptr) {
+ return error("Failed to find volume " + volId);
+ }
+ if (vol->getType() != VolumeBase::Type::kPrivate) {
+ return error("Volume " + volId + " not private");
+ }
+ if (vol->getState() != VolumeBase::State::kMounted) {
+ return error("Volume " + volId + " not mounted");
+ }
+ path = vol->getPath();
+ }
+
+ if (path.empty()) {
+ return error("Volume " + volId + " missing path");
+ }
+
+ (new android::vold::BenchmarkTask(path, listener))->start();
+ return ok();
+}
+
+binder::Status VoldNativeService::moveStorage(const std::string& fromVolId,
+ const std::string& toVolId, const android::sp<android::os::IVoldTaskListener>& listener) {
+ ENFORCE_UID(AID_SYSTEM);
+ CHECK_ARGUMENT_ID(fromVolId);
+ CHECK_ARGUMENT_ID(toVolId);
+ ACQUIRE_LOCK;
+
+ auto fromVol = VolumeManager::Instance()->findVolume(fromVolId);
+ auto toVol = VolumeManager::Instance()->findVolume(toVolId);
+ if (fromVol == nullptr) {
+ return error("Failed to find volume " + fromVolId);
+ } else if (toVol == nullptr) {
+ return error("Failed to find volume " + toVolId);
+ }
+ (new android::vold::MoveTask(fromVol, toVol, listener))->start();
+ return ok();
+}
+
+binder::Status VoldNativeService::remountUid(int32_t uid, int32_t remountMode) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_LOCK;
+
+ std::string tmp;
+ switch (remountMode) {
+ case REMOUNT_MODE_NONE: tmp = "none"; break;
+ case REMOUNT_MODE_DEFAULT: tmp = "default"; break;
+ case REMOUNT_MODE_READ: tmp = "read"; break;
+ case REMOUNT_MODE_WRITE: tmp = "write"; break;
+ default: return error("Unknown mode " + std::to_string(remountMode));
+ }
+ return translate(VolumeManager::Instance()->remountUid(uid, tmp));
+}
+
+binder::Status VoldNativeService::mkdirs(const std::string& path) {
+ ENFORCE_UID(AID_SYSTEM);
+ CHECK_ARGUMENT_PATH(path);
+ ACQUIRE_LOCK;
+
+ return translate(VolumeManager::Instance()->mkdirs(path.c_str()));
+}
+
+binder::Status VoldNativeService::createObb(const std::string& sourcePath,
+ const std::string& sourceKey, int32_t ownerGid, std::string* _aidl_return) {
+ ENFORCE_UID(AID_SYSTEM);
+ CHECK_ARGUMENT_PATH(sourcePath);
+ CHECK_ARGUMENT_HEX(sourceKey);
+ ACQUIRE_LOCK;
+
+ return translate(
+ VolumeManager::Instance()->createObb(sourcePath, sourceKey, ownerGid, _aidl_return));
+}
+
+binder::Status VoldNativeService::destroyObb(const std::string& volId) {
+ ENFORCE_UID(AID_SYSTEM);
+ CHECK_ARGUMENT_ID(volId);
+ ACQUIRE_LOCK;
+
+ return translate(VolumeManager::Instance()->destroyObb(volId));
+}
+
+binder::Status VoldNativeService::fstrim(int32_t fstrimFlags,
+ const android::sp<android::os::IVoldTaskListener>& listener) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_LOCK;
+
+ (new android::vold::TrimTask(fstrimFlags, listener))->start();
+ return ok();
+}
+
+binder::Status VoldNativeService::mountAppFuse(int32_t uid, int32_t pid, int32_t mountId,
+ android::base::unique_fd* _aidl_return) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_LOCK;
+
+ return translate(VolumeManager::Instance()->mountAppFuse(uid, pid, mountId, _aidl_return));
+}
+
+binder::Status VoldNativeService::unmountAppFuse(int32_t uid, int32_t pid, int32_t mountId) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_LOCK;
+
+ return translate(VolumeManager::Instance()->unmountAppFuse(uid, pid, mountId));
+}
+
+binder::Status VoldNativeService::fdeCheckPassword(const std::string& password) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translate(cryptfs_check_passwd(password.c_str()));
+}
+
+binder::Status VoldNativeService::fdeRestart() {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ // Spawn as thread so init can issue commands back to vold without
+ // causing deadlock, usually as a result of prep_data_fs.
+ std::thread(&cryptfs_restart).detach();
+ return ok();
+}
+
+binder::Status VoldNativeService::fdeComplete(int32_t* _aidl_return) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ *_aidl_return = cryptfs_crypto_complete();
+ return ok();
+}
+
+static int fdeEnableInternal(int32_t passwordType, const std::string& password,
+ int32_t encryptionFlags) {
+ bool noUi = (encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_NO_UI) != 0;
+
+ std::string how;
+ if ((encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_IN_PLACE) != 0) {
+ how = "inplace";
+ } else if ((encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_WIPE) != 0) {
+ how = "wipe";
+ } else {
+ LOG(ERROR) << "Missing encryption flag";
+ return -1;
+ }
+
+ for (int tries = 0; tries < 2; ++tries) {
+ int rc;
+ if (passwordType == VoldNativeService::PASSWORD_TYPE_DEFAULT) {
+ rc = cryptfs_enable_default(how.c_str(), noUi);
+ } else {
+ rc = cryptfs_enable(how.c_str(), passwordType, password.c_str(), noUi);
+ }
+
+ if (rc == 0) {
+ return 0;
+ } else if (tries == 0) {
+ Process::killProcessesWithOpenFiles(DATA_MNT_POINT, SIGKILL);
+ }
+ }
+
+ return -1;
+}
+
+binder::Status VoldNativeService::fdeEnable(int32_t passwordType,
+ const std::string& password, int32_t encryptionFlags) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ if (e4crypt_is_native()) {
+ if (passwordType != PASSWORD_TYPE_DEFAULT) {
+ return error("Unexpected password type");
+ }
+ if (encryptionFlags != (ENCRYPTION_FLAG_IN_PLACE | ENCRYPTION_FLAG_NO_UI)) {
+ return error("Unexpected flags");
+ }
+ return translateBool(e4crypt_enable_crypto());
+ }
+
+ // Spawn as thread so init can issue commands back to vold without
+ // causing deadlock, usually as a result of prep_data_fs.
+ std::thread(&fdeEnableInternal, passwordType, password, encryptionFlags).detach();
+ return ok();
+}
+
+binder::Status VoldNativeService::fdeChangePassword(int32_t passwordType,
+ const std::string& password) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translate(cryptfs_changepw(passwordType, password.c_str()));
+}
+
+binder::Status VoldNativeService::fdeVerifyPassword(const std::string& password) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translate(cryptfs_verify_passwd(password.c_str()));
+}
+
+binder::Status VoldNativeService::fdeGetField(const std::string& key,
+ std::string* _aidl_return) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ char buf[PROPERTY_VALUE_MAX];
+ if (cryptfs_getfield(key.c_str(), buf, sizeof(buf)) != CRYPTO_GETFIELD_OK) {
+ return error(StringPrintf("Failed to read field %s", key.c_str()));
+ } else {
+ *_aidl_return = buf;
+ return ok();
+ }
+}
+
+binder::Status VoldNativeService::fdeSetField(const std::string& key,
+ const std::string& value) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translate(cryptfs_setfield(key.c_str(), value.c_str()));
+}
+
+binder::Status VoldNativeService::fdeGetPasswordType(int32_t* _aidl_return) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ *_aidl_return = cryptfs_get_password_type();
+ return ok();
+}
+
+binder::Status VoldNativeService::fdeGetPassword(std::string* _aidl_return) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ const char* res = cryptfs_get_password();
+ if (res != nullptr) {
+ *_aidl_return = res;
+ }
+ return ok();
+}
+
+binder::Status VoldNativeService::fdeClearPassword() {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ cryptfs_clear_password();
+ return ok();
+}
+
+binder::Status VoldNativeService::fbeEnable() {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translateBool(e4crypt_initialize_global_de());
+}
+
+binder::Status VoldNativeService::mountDefaultEncrypted() {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ if (e4crypt_is_native()) {
+ return translateBool(e4crypt_mount_metadata_encrypted());
+ } else {
+ // Spawn as thread so init can issue commands back to vold without
+ // causing deadlock, usually as a result of prep_data_fs.
+ std::thread(&cryptfs_mount_default_encrypted).detach();
+ return ok();
+ }
+}
+
+binder::Status VoldNativeService::initUser0() {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translateBool(e4crypt_init_user0());
+}
+
+binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ *_aidl_return = cryptfs_isConvertibleToFBE() != 0;
+ return ok();
+}
+
+binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial,
+ bool ephemeral) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translateBool(e4crypt_vold_create_user_key(userId, userSerial, ephemeral));
+}
+
+binder::Status VoldNativeService::destroyUserKey(int32_t userId) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translateBool(e4crypt_destroy_user_key(userId));
+}
+
+binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSerial,
+ const std::string& token, const std::string& secret) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translateBool(e4crypt_add_user_key_auth(userId, userSerial, token.c_str(), secret.c_str()));
+}
+
+binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translateBool(e4crypt_fixate_newest_user_key_auth(userId));
+}
+
+binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSerial,
+ const std::string& token, const std::string& secret) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translateBool(e4crypt_unlock_user_key(userId, userSerial, token.c_str(), secret.c_str()));
+}
+
+binder::Status VoldNativeService::lockUserKey(int32_t userId) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translateBool(e4crypt_lock_user_key(userId));
+}
+
+binder::Status VoldNativeService::prepareUserStorage(const std::unique_ptr<std::string>& uuid,
+ int32_t userId, int32_t userSerial, int32_t flags) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ const char* uuid_ = uuid ? uuid->c_str() : nullptr;
+ return translateBool(e4crypt_prepare_user_storage(uuid_, userId, userSerial, flags));
+}
+
+binder::Status VoldNativeService::destroyUserStorage(const std::unique_ptr<std::string>& uuid,
+ int32_t userId, int32_t flags) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ const char* uuid_ = uuid ? uuid->c_str() : nullptr;
+ return translateBool(e4crypt_destroy_user_storage(uuid_, userId, flags));
+}
+
+binder::Status VoldNativeService::secdiscard(const std::string& path) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translateBool(e4crypt_secdiscard(path.c_str()));
+}
+
+} // namespace vold
+} // namespace android
diff --git a/VoldNativeService.h b/VoldNativeService.h
new file mode 100644
index 0000000..dd2b854
--- /dev/null
+++ b/VoldNativeService.h
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _VOLD_NATIVE_SERVICE_H_
+#define _VOLD_NATIVE_SERVICE_H_
+
+#include <android-base/unique_fd.h>
+#include <binder/BinderService.h>
+
+#include "android/os/BnVold.h"
+
+namespace android {
+namespace vold {
+
+class VoldNativeService : public BinderService<VoldNativeService>, public os::BnVold {
+public:
+ static status_t start();
+ static char const* getServiceName() { return "vold"; }
+ virtual status_t dump(int fd, const Vector<String16> &args) override;
+
+ binder::Status setListener(const android::sp<android::os::IVoldListener>& listener);
+
+ binder::Status monitor();
+ binder::Status reset();
+ binder::Status shutdown();
+ binder::Status mountAll();
+
+ binder::Status onUserAdded(int32_t userId, int32_t userSerial);
+ binder::Status onUserRemoved(int32_t userId);
+ binder::Status onUserStarted(int32_t userId);
+ binder::Status onUserStopped(int32_t userId);
+
+ binder::Status partition(const std::string& diskId, int32_t partitionType, int32_t ratio);
+ binder::Status forgetPartition(const std::string& partGuid);
+
+ binder::Status mount(const std::string& volId, int32_t mountFlags, int32_t mountUserId);
+ binder::Status unmount(const std::string& volId);
+ binder::Status format(const std::string& volId, const std::string& fsType);
+ binder::Status benchmark(const std::string& volId,
+ const android::sp<android::os::IVoldTaskListener>& listener);
+
+ binder::Status moveStorage(const std::string& fromVolId, const std::string& toVolId,
+ const android::sp<android::os::IVoldTaskListener>& listener);
+
+ binder::Status remountUid(int32_t uid, int32_t remountMode);
+
+ binder::Status mkdirs(const std::string& path);
+
+ binder::Status createObb(const std::string& sourcePath, const std::string& sourceKey,
+ int32_t ownerGid, std::string* _aidl_return);
+ binder::Status destroyObb(const std::string& volId);
+
+ binder::Status fstrim(int32_t fstrimFlags,
+ const android::sp<android::os::IVoldTaskListener>& listener);
+
+ binder::Status mountAppFuse(int32_t uid, int32_t pid, int32_t mountId,
+ android::base::unique_fd* _aidl_return);
+ binder::Status unmountAppFuse(int32_t uid, int32_t pid, int32_t mountId);
+
+ binder::Status fdeCheckPassword(const std::string& password);
+ binder::Status fdeRestart();
+ binder::Status fdeComplete(int32_t* _aidl_return);
+ binder::Status fdeEnable(int32_t passwordType,
+ const std::string& password, int32_t encryptionFlags);
+ binder::Status fdeChangePassword(int32_t passwordType,
+ const std::string& password);
+ binder::Status fdeVerifyPassword(const std::string& password);
+ binder::Status fdeGetField(const std::string& key, std::string* _aidl_return);
+ binder::Status fdeSetField(const std::string& key, const std::string& value);
+ binder::Status fdeGetPasswordType(int32_t* _aidl_return);
+ binder::Status fdeGetPassword(std::string* _aidl_return);
+ binder::Status fdeClearPassword();
+
+ binder::Status fbeEnable();
+
+ binder::Status mountDefaultEncrypted();
+ binder::Status initUser0();
+ binder::Status isConvertibleToFbe(bool* _aidl_return);
+
+ binder::Status createUserKey(int32_t userId, int32_t userSerial, bool ephemeral);
+ binder::Status destroyUserKey(int32_t userId);
+
+ binder::Status addUserKeyAuth(int32_t userId, int32_t userSerial,
+ const std::string& token, const std::string& secret);
+ binder::Status fixateNewestUserKeyAuth(int32_t userId);
+
+ binder::Status unlockUserKey(int32_t userId, int32_t userSerial,
+ const std::string& token, const std::string& secret);
+ binder::Status lockUserKey(int32_t userId);
+
+ binder::Status prepareUserStorage(const std::unique_ptr<std::string>& uuid,
+ int32_t userId, int32_t userSerial, int32_t flags);
+ binder::Status destroyUserStorage(const std::unique_ptr<std::string>& uuid,
+ int32_t userId, int32_t flags);
+
+ binder::Status secdiscard(const std::string& path);
+};
+
+} // namespace vold
+} // namespace android
+
+#endif // _VOLD_NATIVE_SERVICE_H_
diff --git a/VolumeManager.cpp b/VolumeManager.cpp
index 13a943f..d441297 100644
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@@ -14,6 +14,8 @@
* limitations under the License.
*/
+#define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
+
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
@@ -40,6 +42,7 @@
#include <android-base/stringprintf.h>
#include <cutils/fs.h>
#include <cutils/log.h>
+#include <utils/Trace.h>
#include <selinux/android.h>
@@ -47,47 +50,21 @@
#include <private/android_filesystem_config.h>
-#include "Benchmark.h"
-#include "EmulatedVolume.h"
+#include "model/EmulatedVolume.h"
+#include "model/ObbVolume.h"
#include "VolumeManager.h"
#include "NetlinkManager.h"
-#include "ResponseCode.h"
#include "Loop.h"
#include "fs/Ext4.h"
#include "fs/Vfat.h"
#include "Utils.h"
#include "Devmapper.h"
#include "Process.h"
-#include "Asec.h"
#include "VoldUtil.h"
#include "cryptfs.h"
-#define MASS_STORAGE_FILE_PATH "/sys/class/android_usb/android0/f_mass_storage/lun/file"
-
-#define ROUND_UP_POWER_OF_2(number, po2) (((!!((number) & ((1U << (po2)) - 1))) << (po2))\
- + ((number) & (~((1U << (po2)) - 1))))
-
using android::base::StringPrintf;
-
-/*
- * Path to external storage where *only* root can access ASEC image files
- */
-const char *VolumeManager::SEC_ASECDIR_EXT = "/mnt/secure/asec";
-
-/*
- * Path to internal storage where *only* root can access ASEC image files
- */
-const char *VolumeManager::SEC_ASECDIR_INT = "/data/app-asec";
-
-/*
- * Path to where secure containers are mounted
- */
-const char *VolumeManager::ASECDIR = "/mnt/asec";
-
-/*
- * Path to where OBBs are mounted
- */
-const char *VolumeManager::LOOPDIR = "/mnt/obb";
+using android::base::unique_fd;
bool VolumeManager::shutting_down = false;
@@ -103,107 +80,6 @@
static const unsigned int kMajorBlockExperimentalMin = 240;
static const unsigned int kMajorBlockExperimentalMax = 254;
-/* writes superblock at end of file or device given by name */
-static int writeSuperBlock(const char* name, struct asec_superblock *sb, unsigned int numImgSectors) {
- int sbfd = open(name, O_RDWR | O_CLOEXEC);
- if (sbfd < 0) {
- SLOGE("Failed to open %s for superblock write (%s)", name, strerror(errno));
- return -1;
- }
-
- if (lseek(sbfd, (numImgSectors * 512), SEEK_SET) < 0) {
- SLOGE("Failed to lseek for superblock (%s)", strerror(errno));
- close(sbfd);
- return -1;
- }
-
- if (write(sbfd, sb, sizeof(struct asec_superblock)) != sizeof(struct asec_superblock)) {
- SLOGE("Failed to write superblock (%s)", strerror(errno));
- close(sbfd);
- return -1;
- }
- close(sbfd);
- return 0;
-}
-
-static unsigned long adjustSectorNumExt4(unsigned long numSectors) {
- // Ext4 started to reserve 2% or 4096 clusters, whichever is smaller for
- // preventing costly operations or unexpected ENOSPC error.
- // Ext4::format() uses default block size without clustering.
- unsigned long clusterSectors = 4096 / 512;
- unsigned long reservedSectors = (numSectors * 2)/100 + (numSectors % 50 > 0);
- numSectors += reservedSectors > (4096 * clusterSectors) ? (4096 * clusterSectors) : reservedSectors;
- return ROUND_UP_POWER_OF_2(numSectors, 3);
-}
-
-static unsigned long adjustSectorNumFAT(unsigned long numSectors) {
- /*
- * Add some headroom
- */
- unsigned long fatSize = (((numSectors * 4) / 512) + 1) * 2;
- numSectors += fatSize + 2;
- /*
- * FAT is aligned to 32 kb with 512b sectors.
- */
- return ROUND_UP_POWER_OF_2(numSectors, 6);
-}
-
-static int setupLoopDevice(char* buffer, size_t len, const char* asecFileName, const char* idHash, bool debug) {
- if (Loop::lookupActive(idHash, buffer, len)) {
- if (Loop::create(idHash, asecFileName, buffer, len)) {
- SLOGE("ASEC loop device creation failed for %s (%s)", asecFileName, strerror(errno));
- return -1;
- }
- if (debug) {
- SLOGD("New loop device created at %s", buffer);
- }
- } else {
- if (debug) {
- SLOGD("Found active loopback for %s at %s", asecFileName, buffer);
- }
- }
- return 0;
-}
-
-static int setupDevMapperDevice(char* buffer, size_t len, const char* loopDevice, const char* asecFileName, const char* key, const char* idHash , unsigned long numImgSectors, bool* createdDMDevice, bool debug) {
- if (strcmp(key, "none")) {
- if (Devmapper::lookupActive(idHash, buffer, len)) {
- if (Devmapper::create(idHash, loopDevice, key, numImgSectors,
- buffer, len)) {
- SLOGE("ASEC device mapping failed for %s (%s)", asecFileName, strerror(errno));
- return -1;
- }
- if (debug) {
- SLOGD("New devmapper instance created at %s", buffer);
- }
- } else {
- if (debug) {
- SLOGD("Found active devmapper for %s at %s", asecFileName, buffer);
- }
- }
- *createdDMDevice = true;
- } else {
- strlcpy(buffer, loopDevice, len);
- *createdDMDevice = false;
- }
- return 0;
-}
-
-static void waitForDevMapper(const char *dmDevice) {
- /*
- * Wait for the device mapper node to be created. Sometimes it takes a
- * while. Wait for up to 1 second. We could also inspect incoming uevents,
- * but that would take more effort.
- */
- int tries = 25;
- while (tries--) {
- if (!access(dmDevice, F_OK) || errno != ENOENT) {
- break;
- }
- usleep(40 * 1000);
- }
-}
-
VolumeManager *VolumeManager::sInstance = NULL;
VolumeManager *VolumeManager::Instance() {
@@ -214,51 +90,14 @@
VolumeManager::VolumeManager() {
mDebug = false;
- mActiveContainers = new AsecIdCollection();
- mBroadcaster = NULL;
- mUmsSharingCount = 0;
- mSavedDirtyRatio = -1;
- // set dirty ratio to 0 when UMS is active
- mUmsDirtyRatio = 0;
+ mNextObbId = 0;
}
VolumeManager::~VolumeManager() {
- delete mActiveContainers;
-}
-
-char *VolumeManager::asecHash(const char *id, char *buffer, size_t len) {
- static const char* digits = "0123456789abcdef";
-
- unsigned char sig[MD5_DIGEST_LENGTH];
-
- if (buffer == NULL) {
- SLOGE("Destination buffer is NULL");
- errno = ESPIPE;
- return NULL;
- } else if (id == NULL) {
- SLOGE("Source buffer is NULL");
- errno = ESPIPE;
- return NULL;
- } else if (len < MD5_ASCII_LENGTH_PLUS_NULL) {
- SLOGE("Target hash buffer size < %d bytes (%zu)",
- MD5_ASCII_LENGTH_PLUS_NULL, len);
- errno = ESPIPE;
- return NULL;
- }
-
- MD5(reinterpret_cast<const unsigned char*>(id), strlen(id), sig);
-
- char *p = buffer;
- for (int i = 0; i < MD5_DIGEST_LENGTH; i++) {
- *p++ = digits[sig[i] >> 4];
- *p++ = digits[sig[i] & 0x0F];
- }
- *p = '\0';
-
- return buffer;
}
int VolumeManager::updateVirtualDisk() {
+ ATRACE_NAME("VolumeManager::updateVirtualDisk");
if (property_get_bool(kPropVirtualDisk, false)) {
if (access(kPathVirtualDisk, F_OK) != 0) {
Loop::createImageFile(kPathVirtualDisk, kSizeVirtualDisk / 512);
@@ -313,10 +152,15 @@
}
int VolumeManager::start() {
+ ATRACE_NAME("VolumeManager::start");
+
// Always start from a clean slate by unmounting everything in
// directories that we own, in case we crashed.
unmountAll();
+ Devmapper::destroyAll();
+ Loop::destroyAll();
+
// Assume that we always have an emulated volume on internal
// storage; the framework will decide if it should be mounted.
CHECK(mInternalEmulated == nullptr);
@@ -351,8 +195,8 @@
if (devType != "disk") return;
- int major = atoi(evt->findParam("MAJOR"));
- int minor = atoi(evt->findParam("MINOR"));
+ int major = std::stoi(evt->findParam("MAJOR"));
+ int minor = std::stoi(evt->findParam("MINOR"));
dev_t device = makedev(major, minor);
switch (evt->getAction()) {
@@ -437,6 +281,11 @@
return vol;
}
}
+ for (const auto& vol : mObbVolumes) {
+ if (vol->getId() == id) {
+ return vol;
+ }
+ }
return nullptr;
}
@@ -448,25 +297,6 @@
}
}
-nsecs_t VolumeManager::benchmarkPrivate(const std::string& id) {
- std::string path;
- if (id == "private" || id == "null") {
- path = "/data";
- } else {
- auto vol = findVolume(id);
- if (vol != nullptr && vol->getState() == android::vold::VolumeBase::State::kMounted) {
- path = vol->getPath();
- }
- }
-
- if (path.empty()) {
- LOG(WARNING) << "Failed to find volume for " << id;
- return -1;
- }
-
- return android::vold::BenchmarkPrivate(path);
-}
-
int VolumeManager::forgetPartition(const std::string& partGuid) {
std::string normalizedGuid;
if (android::vold::NormalizeHex(partGuid, normalizedGuid)) {
@@ -724,6 +554,7 @@
int VolumeManager::unmountAll() {
std::lock_guard<std::mutex> lock(mLock);
+ ATRACE_NAME("VolumeManager::unmountAll()");
// First, try gracefully unmounting all known devices
if (mInternalEmulated != nullptr) {
@@ -754,1205 +585,19 @@
endmntent(fp);
for (const auto& path : toUnmount) {
- SLOGW("Tearing down stale mount %s", path.c_str());
+ LOG(DEBUG) << "Tearing down stale mount " << path;
android::vold::ForceUnmount(path);
}
return 0;
}
-int VolumeManager::getObbMountPath(const char *sourceFile, char *mountPath, int mountPathLen) {
- char idHash[33];
- if (!asecHash(sourceFile, idHash, sizeof(idHash))) {
- SLOGE("Hash of '%s' failed (%s)", sourceFile, strerror(errno));
- return -1;
- }
-
- memset(mountPath, 0, mountPathLen);
- int written = snprintf(mountPath, mountPathLen, "%s/%s", VolumeManager::LOOPDIR, idHash);
- if ((written < 0) || (written >= mountPathLen)) {
- errno = EINVAL;
- return -1;
- }
-
- if (access(mountPath, F_OK)) {
- errno = ENOENT;
- return -1;
- }
-
- return 0;
-}
-
-int VolumeManager::getAsecMountPath(const char *id, char *buffer, int maxlen) {
- char asecFileName[255];
-
- if (!isLegalAsecId(id)) {
- SLOGE("getAsecMountPath: Invalid asec id \"%s\"", id);
- errno = EINVAL;
- return -1;
- }
-
- if (findAsec(id, asecFileName, sizeof(asecFileName))) {
- SLOGE("Couldn't find ASEC %s", id);
- return -1;
- }
-
- memset(buffer, 0, maxlen);
- if (access(asecFileName, F_OK)) {
- errno = ENOENT;
- return -1;
- }
-
- int written = snprintf(buffer, maxlen, "%s/%s", VolumeManager::ASECDIR, id);
- if ((written < 0) || (written >= maxlen)) {
- SLOGE("getAsecMountPath failed for %s: couldn't construct path in buffer", id);
- errno = EINVAL;
- return -1;
- }
-
- return 0;
-}
-
-int VolumeManager::getAsecFilesystemPath(const char *id, char *buffer, int maxlen) {
- char asecFileName[255];
-
- if (!isLegalAsecId(id)) {
- SLOGE("getAsecFilesystemPath: Invalid asec id \"%s\"", id);
- errno = EINVAL;
- return -1;
- }
-
- if (findAsec(id, asecFileName, sizeof(asecFileName))) {
- SLOGE("Couldn't find ASEC %s", id);
- return -1;
- }
-
- memset(buffer, 0, maxlen);
- if (access(asecFileName, F_OK)) {
- errno = ENOENT;
- return -1;
- }
-
- int written = snprintf(buffer, maxlen, "%s", asecFileName);
- if ((written < 0) || (written >= maxlen)) {
- errno = EINVAL;
- return -1;
- }
-
- return 0;
-}
-
-int VolumeManager::createAsec(const char *id, unsigned long numSectors, const char *fstype,
- const char *key, const int ownerUid, bool isExternal) {
- struct asec_superblock sb;
- memset(&sb, 0, sizeof(sb));
-
- if (!isLegalAsecId(id)) {
- SLOGE("createAsec: Invalid asec id \"%s\"", id);
- errno = EINVAL;
- return -1;
- }
-
- const bool wantFilesystem = strcmp(fstype, "none");
- bool usingExt4 = false;
- if (wantFilesystem) {
- usingExt4 = !strcmp(fstype, "ext4");
- if (usingExt4) {
- sb.c_opts |= ASEC_SB_C_OPTS_EXT4;
- } else if (strcmp(fstype, "fat")) {
- SLOGE("Invalid filesystem type %s", fstype);
- errno = EINVAL;
- return -1;
- }
- }
-
- sb.magic = ASEC_SB_MAGIC;
- sb.ver = ASEC_SB_VER;
-
- if (numSectors < ((1024*1024)/512)) {
- SLOGE("Invalid container size specified (%lu sectors)", numSectors);
- errno = EINVAL;
- return -1;
- }
-
- char asecFileName[255];
-
- if (!findAsec(id, asecFileName, sizeof(asecFileName))) {
- SLOGE("ASEC file '%s' currently exists - destroy it first! (%s)",
- asecFileName, strerror(errno));
- errno = EADDRINUSE;
- return -1;
- }
-
- const char *asecDir = isExternal ? VolumeManager::SEC_ASECDIR_EXT : VolumeManager::SEC_ASECDIR_INT;
-
- int written = snprintf(asecFileName, sizeof(asecFileName), "%s/%s.asec", asecDir, id);
- if ((written < 0) || (size_t(written) >= sizeof(asecFileName))) {
- errno = EINVAL;
- return -1;
- }
-
- if (!access(asecFileName, F_OK)) {
- SLOGE("ASEC file '%s' currently exists - destroy it first! (%s)",
- asecFileName, strerror(errno));
- errno = EADDRINUSE;
- return -1;
- }
-
- unsigned long numImgSectors;
- if (usingExt4)
- numImgSectors = adjustSectorNumExt4(numSectors);
- else
- numImgSectors = adjustSectorNumFAT(numSectors);
-
- // Add +1 for our superblock which is at the end
- if (Loop::createImageFile(asecFileName, numImgSectors + 1)) {
- SLOGE("ASEC image file creation failed (%s)", strerror(errno));
- return -1;
- }
-
- char idHash[33];
- if (!asecHash(id, idHash, sizeof(idHash))) {
- SLOGE("Hash of '%s' failed (%s)", id, strerror(errno));
- unlink(asecFileName);
- return -1;
- }
-
- char loopDevice[255];
- if (Loop::create(idHash, asecFileName, loopDevice, sizeof(loopDevice))) {
- SLOGE("ASEC loop device creation failed (%s)", strerror(errno));
- unlink(asecFileName);
- return -1;
- }
-
- char dmDevice[255];
- bool cleanupDm = false;
-
- if (strcmp(key, "none")) {
- // XXX: This is all we support for now
- sb.c_cipher = ASEC_SB_C_CIPHER_TWOFISH;
- if (Devmapper::create(idHash, loopDevice, key, numImgSectors, dmDevice,
- sizeof(dmDevice))) {
- SLOGE("ASEC device mapping failed (%s)", strerror(errno));
- Loop::destroyByDevice(loopDevice);
- unlink(asecFileName);
- return -1;
- }
- cleanupDm = true;
- } else {
- sb.c_cipher = ASEC_SB_C_CIPHER_NONE;
- strlcpy(dmDevice, loopDevice, sizeof(dmDevice));
- }
-
- /*
- * Drop down the superblock at the end of the file
- */
- if (writeSuperBlock(loopDevice, &sb, numImgSectors)) {
- if (cleanupDm) {
- Devmapper::destroy(idHash);
- }
- Loop::destroyByDevice(loopDevice);
- unlink(asecFileName);
- return -1;
- }
-
- if (wantFilesystem) {
- int formatStatus;
- char mountPoint[255];
-
- int written = snprintf(mountPoint, sizeof(mountPoint), "%s/%s", VolumeManager::ASECDIR, id);
- if ((written < 0) || (size_t(written) >= sizeof(mountPoint))) {
- SLOGE("ASEC fs format failed: couldn't construct mountPoint");
- if (cleanupDm) {
- Devmapper::destroy(idHash);
- }
- Loop::destroyByDevice(loopDevice);
- unlink(asecFileName);
- return -1;
- }
-
- if (usingExt4) {
- formatStatus = android::vold::ext4::Format(dmDevice, numImgSectors, mountPoint);
- } else {
- formatStatus = android::vold::vfat::Format(dmDevice, numImgSectors);
- }
-
- if (formatStatus < 0) {
- SLOGE("ASEC fs format failed (%s)", strerror(errno));
- if (cleanupDm) {
- Devmapper::destroy(idHash);
- }
- Loop::destroyByDevice(loopDevice);
- unlink(asecFileName);
- return -1;
- }
-
- if (mkdir(mountPoint, 0000)) {
- if (errno != EEXIST) {
- SLOGE("Mountpoint creation failed (%s)", strerror(errno));
- if (cleanupDm) {
- Devmapper::destroy(idHash);
- }
- Loop::destroyByDevice(loopDevice);
- unlink(asecFileName);
- return -1;
- }
- }
-
- int mountStatus;
- if (usingExt4) {
- mountStatus = android::vold::ext4::Mount(dmDevice, mountPoint,
- false, false, false);
- } else {
- mountStatus = android::vold::vfat::Mount(dmDevice, mountPoint,
- false, false, false, ownerUid, 0, 0000, false);
- }
-
- if (mountStatus) {
- SLOGE("ASEC FAT mount failed (%s)", strerror(errno));
- if (cleanupDm) {
- Devmapper::destroy(idHash);
- }
- Loop::destroyByDevice(loopDevice);
- unlink(asecFileName);
- return -1;
- }
-
- if (usingExt4) {
- int dirfd = open(mountPoint, O_DIRECTORY | O_CLOEXEC);
- if (dirfd >= 0) {
- if (fchown(dirfd, ownerUid, AID_SYSTEM)
- || fchmod(dirfd, S_IRUSR | S_IWUSR | S_IXUSR | S_ISGID | S_IRGRP | S_IXGRP)) {
- SLOGI("Cannot chown/chmod new ASEC mount point %s", mountPoint);
- }
- close(dirfd);
- }
- }
- } else {
- SLOGI("Created raw secure container %s (no filesystem)", id);
- }
-
- mActiveContainers->push_back(new ContainerData(strdup(id), ASEC));
- return 0;
-}
-
-int VolumeManager::resizeAsec(const char *id, unsigned long numSectors, const char *key) {
- char asecFileName[255];
- char mountPoint[255];
- bool cleanupDm = false;
-
- if (!isLegalAsecId(id)) {
- SLOGE("resizeAsec: Invalid asec id \"%s\"", id);
- errno = EINVAL;
- return -1;
- }
-
- if (findAsec(id, asecFileName, sizeof(asecFileName))) {
- SLOGE("Couldn't find ASEC %s", id);
- return -1;
- }
-
- int written = snprintf(mountPoint, sizeof(mountPoint), "%s/%s", VolumeManager::ASECDIR, id);
- if ((written < 0) || (size_t(written) >= sizeof(mountPoint))) {
- SLOGE("ASEC resize failed for %s: couldn't construct mountpoint", id);
- return -1;
- }
-
- if (isMountpointMounted(mountPoint)) {
- SLOGE("ASEC %s mounted. Unmount before resizing", id);
- errno = EBUSY;
- return -1;
- }
-
- struct asec_superblock sb;
- int fd;
- unsigned long oldNumSec = 0;
-
- if ((fd = open(asecFileName, O_RDONLY | O_CLOEXEC)) < 0) {
- SLOGE("Failed to open ASEC file (%s)", strerror(errno));
- return -1;
- }
-
- struct stat info;
- if (fstat(fd, &info) < 0) {
- SLOGE("Failed to get file size (%s)", strerror(errno));
- close(fd);
- return -1;
- }
-
- oldNumSec = info.st_size / 512;
-
- /*
- * Try to read superblock.
- */
- memset(&sb, 0, sizeof(struct asec_superblock));
- if (lseek(fd, ((oldNumSec - 1) * 512), SEEK_SET) < 0) {
- SLOGE("lseek failed (%s)", strerror(errno));
- close(fd);
- return -1;
- }
- if (read(fd, &sb, sizeof(struct asec_superblock)) != sizeof(struct asec_superblock)) {
- SLOGE("superblock read failed (%s)", strerror(errno));
- close(fd);
- return -1;
- }
- close(fd);
-
- if (mDebug) {
- SLOGD("Container sb magic/ver (%.8x/%.2x)", sb.magic, sb.ver);
- }
- if (sb.magic != ASEC_SB_MAGIC || sb.ver != ASEC_SB_VER) {
- SLOGE("Bad container magic/version (%.8x/%.2x)", sb.magic, sb.ver);
- errno = EMEDIUMTYPE;
- return -1;
- }
-
- unsigned long numImgSectors;
- if (!(sb.c_opts & ASEC_SB_C_OPTS_EXT4)) {
- SLOGE("Only ext4 partitions are supported for resize");
- errno = EINVAL;
- return -1;
- } else {
- numImgSectors = adjustSectorNumExt4(numSectors);
- }
-
- /*
- * add one block for the superblock
- */
- SLOGD("Resizing from %lu sectors to %lu sectors", oldNumSec, numImgSectors + 1);
- if (oldNumSec == numImgSectors + 1) {
- SLOGW("Size unchanged; ignoring resize request");
- return 0;
- } else if (oldNumSec > numImgSectors + 1) {
- SLOGE("Only growing is currently supported.");
- close(fd);
- return -1;
- }
-
- if (Loop::resizeImageFile(asecFileName, numImgSectors + 1)) {
- SLOGE("Resize of ASEC image file failed. Could not resize %s", id);
- return -1;
- }
-
- /*
- * Drop down a copy of the superblock at the end of the file
- */
- if (writeSuperBlock(asecFileName, &sb, numImgSectors))
- goto fail;
-
- char idHash[33];
- if (!asecHash(id, idHash, sizeof(idHash))) {
- SLOGE("Hash of '%s' failed (%s)", id, strerror(errno));
- goto fail;
- }
-
- char loopDevice[255];
- if (setupLoopDevice(loopDevice, sizeof(loopDevice), asecFileName, idHash, mDebug))
- goto fail;
-
- char dmDevice[255];
-
- if (setupDevMapperDevice(dmDevice, sizeof(dmDevice), loopDevice, asecFileName, key, idHash, numImgSectors, &cleanupDm, mDebug)) {
- Loop::destroyByDevice(loopDevice);
- goto fail;
- }
-
- /*
- * Wait for the device mapper node to be created.
- */
- waitForDevMapper(dmDevice);
-
- if (android::vold::ext4::Resize(dmDevice, numImgSectors)) {
- SLOGE("Unable to resize %s (%s)", id, strerror(errno));
- if (cleanupDm) {
- Devmapper::destroy(idHash);
- }
- Loop::destroyByDevice(loopDevice);
- goto fail;
- }
-
- return 0;
-fail:
- Loop::resizeImageFile(asecFileName, oldNumSec);
- return -1;
-}
-
-int VolumeManager::finalizeAsec(const char *id) {
- char asecFileName[255];
- char loopDevice[255];
- char mountPoint[255];
-
- if (!isLegalAsecId(id)) {
- SLOGE("finalizeAsec: Invalid asec id \"%s\"", id);
- errno = EINVAL;
- return -1;
- }
-
- if (findAsec(id, asecFileName, sizeof(asecFileName))) {
- SLOGE("Couldn't find ASEC %s", id);
- return -1;
- }
-
- char idHash[33];
- if (!asecHash(id, idHash, sizeof(idHash))) {
- SLOGE("Hash of '%s' failed (%s)", id, strerror(errno));
- return -1;
- }
-
- if (Loop::lookupActive(idHash, loopDevice, sizeof(loopDevice))) {
- SLOGE("Unable to finalize %s (%s)", id, strerror(errno));
- return -1;
- }
-
- unsigned long nr_sec = 0;
- struct asec_superblock sb;
-
- if (Loop::lookupInfo(loopDevice, &sb, &nr_sec)) {
- return -1;
- }
-
- int written = snprintf(mountPoint, sizeof(mountPoint), "%s/%s", VolumeManager::ASECDIR, id);
- if ((written < 0) || (size_t(written) >= sizeof(mountPoint))) {
- SLOGE("ASEC finalize failed: couldn't construct mountPoint");
- return -1;
- }
-
- int result = 0;
- if (sb.c_opts & ASEC_SB_C_OPTS_EXT4) {
- result = android::vold::ext4::Mount(loopDevice, mountPoint,
- true, true, true);
- } else {
- result = android::vold::vfat::Mount(loopDevice, mountPoint,
- true, true, true, 0, 0, 0227, false);
- }
-
- if (result) {
- SLOGE("ASEC finalize mount failed (%s)", strerror(errno));
- return -1;
- }
-
- if (mDebug) {
- SLOGD("ASEC %s finalized", id);
- }
- return 0;
-}
-
-int VolumeManager::fixupAsecPermissions(const char *id, gid_t gid, const char* filename) {
- char asecFileName[255];
- char loopDevice[255];
- char mountPoint[255];
-
- if (gid < AID_APP) {
- SLOGE("Group ID is not in application range");
- return -1;
- }
-
- if (!isLegalAsecId(id)) {
- SLOGE("fixupAsecPermissions: Invalid asec id \"%s\"", id);
- errno = EINVAL;
- return -1;
- }
-
- if (findAsec(id, asecFileName, sizeof(asecFileName))) {
- SLOGE("Couldn't find ASEC %s", id);
- return -1;
- }
-
- char idHash[33];
- if (!asecHash(id, idHash, sizeof(idHash))) {
- SLOGE("Hash of '%s' failed (%s)", id, strerror(errno));
- return -1;
- }
-
- if (Loop::lookupActive(idHash, loopDevice, sizeof(loopDevice))) {
- SLOGE("Unable fix permissions during lookup on %s (%s)", id, strerror(errno));
- return -1;
- }
-
- unsigned long nr_sec = 0;
- struct asec_superblock sb;
-
- if (Loop::lookupInfo(loopDevice, &sb, &nr_sec)) {
- return -1;
- }
-
- int written = snprintf(mountPoint, sizeof(mountPoint), "%s/%s", VolumeManager::ASECDIR, id);
- if ((written < 0) || (size_t(written) >= sizeof(mountPoint))) {
- SLOGE("Unable remount to fix permissions for %s: couldn't construct mountpoint", id);
- return -1;
- }
-
- int result = 0;
- if ((sb.c_opts & ASEC_SB_C_OPTS_EXT4) == 0) {
- return 0;
- }
-
- int ret = android::vold::ext4::Mount(loopDevice, mountPoint,
- false /* read-only */,
- true /* remount */,
- false /* executable */);
- if (ret) {
- SLOGE("Unable remount to fix permissions for %s (%s)", id, strerror(errno));
- return -1;
- }
-
- char *paths[] = { mountPoint, NULL };
-
- FTS *fts = fts_open(paths, FTS_PHYSICAL | FTS_NOCHDIR | FTS_XDEV, NULL);
- if (fts) {
- // Traverse the entire hierarchy and chown to system UID.
- for (FTSENT *ftsent = fts_read(fts); ftsent != NULL; ftsent = fts_read(fts)) {
- // We don't care about the lost+found directory.
- if (!strcmp(ftsent->fts_name, "lost+found")) {
- continue;
- }
-
- /*
- * There can only be one file marked as private right now.
- * This should be more robust, but it satisfies the requirements
- * we have for right now.
- */
- const bool privateFile = !strcmp(ftsent->fts_name, filename);
-
- int fd = open(ftsent->fts_accpath, O_NOFOLLOW | O_CLOEXEC);
- if (fd < 0) {
- SLOGE("Couldn't open file %s: %s", ftsent->fts_accpath, strerror(errno));
- result = -1;
- continue;
- }
-
- result |= fchown(fd, AID_SYSTEM, privateFile? gid : AID_SYSTEM);
-
- if (ftsent->fts_info & FTS_D) {
- result |= fchmod(fd, 0755);
- } else if (ftsent->fts_info & FTS_F) {
- result |= fchmod(fd, privateFile ? 0640 : 0644);
- }
-
- if (selinux_android_restorecon(ftsent->fts_path, 0) < 0) {
- SLOGE("restorecon failed for %s: %s\n", ftsent->fts_path, strerror(errno));
- result |= -1;
- }
-
- close(fd);
- }
- fts_close(fts);
-
- // Finally make the directory readable by everyone.
- int dirfd = open(mountPoint, O_DIRECTORY | O_CLOEXEC);
- if (dirfd < 0 || fchmod(dirfd, 0755)) {
- SLOGE("Couldn't change owner of existing directory %s: %s", mountPoint, strerror(errno));
- result |= -1;
- }
- close(dirfd);
- } else {
- result |= -1;
- }
-
- result |= android::vold::ext4::Mount(loopDevice, mountPoint,
- true /* read-only */,
- true /* remount */,
- true /* execute */);
-
- if (result) {
- SLOGE("ASEC fix permissions failed (%s)", strerror(errno));
- return -1;
- }
-
- if (mDebug) {
- SLOGD("ASEC %s permissions fixed", id);
- }
- return 0;
-}
-
-int VolumeManager::renameAsec(const char *id1, const char *id2) {
- char asecFilename1[255];
- char *asecFilename2;
- char mountPoint[255];
-
- const char *dir;
-
- if (!isLegalAsecId(id1)) {
- SLOGE("renameAsec: Invalid asec id1 \"%s\"", id1);
- errno = EINVAL;
- return -1;
- }
-
- if (!isLegalAsecId(id2)) {
- SLOGE("renameAsec: Invalid asec id2 \"%s\"", id2);
- errno = EINVAL;
- return -1;
- }
-
- if (findAsec(id1, asecFilename1, sizeof(asecFilename1), &dir)) {
- SLOGE("Couldn't find ASEC %s", id1);
- return -1;
- }
-
- asprintf(&asecFilename2, "%s/%s.asec", dir, id2);
-
- int written = snprintf(mountPoint, sizeof(mountPoint), "%s/%s", VolumeManager::ASECDIR, id1);
- if ((written < 0) || (size_t(written) >= sizeof(mountPoint))) {
- SLOGE("Rename failed: couldn't construct mountpoint");
- goto out_err;
- }
-
- if (isMountpointMounted(mountPoint)) {
- SLOGW("Rename attempt when src mounted");
- errno = EBUSY;
- goto out_err;
- }
-
- written = snprintf(mountPoint, sizeof(mountPoint), "%s/%s", VolumeManager::ASECDIR, id2);
- if ((written < 0) || (size_t(written) >= sizeof(mountPoint))) {
- SLOGE("Rename failed: couldn't construct mountpoint2");
- goto out_err;
- }
-
- if (isMountpointMounted(mountPoint)) {
- SLOGW("Rename attempt when dst mounted");
- errno = EBUSY;
- goto out_err;
- }
-
- if (!access(asecFilename2, F_OK)) {
- SLOGE("Rename attempt when dst exists");
- errno = EADDRINUSE;
- goto out_err;
- }
-
- if (rename(asecFilename1, asecFilename2)) {
- SLOGE("Rename of '%s' to '%s' failed (%s)", asecFilename1, asecFilename2, strerror(errno));
- goto out_err;
- }
-
- free(asecFilename2);
- return 0;
-
-out_err:
- free(asecFilename2);
- return -1;
-}
-
-#define UNMOUNT_RETRIES 5
-#define UNMOUNT_SLEEP_BETWEEN_RETRY_MS (1000 * 1000)
-int VolumeManager::unmountAsec(const char *id, bool force) {
- char asecFileName[255];
- char mountPoint[255];
-
- if (!isLegalAsecId(id)) {
- SLOGE("unmountAsec: Invalid asec id \"%s\"", id);
- errno = EINVAL;
- return -1;
- }
-
- if (findAsec(id, asecFileName, sizeof(asecFileName))) {
- SLOGE("Couldn't find ASEC %s", id);
- return -1;
- }
-
- int written = snprintf(mountPoint, sizeof(mountPoint), "%s/%s", VolumeManager::ASECDIR, id);
- if ((written < 0) || (size_t(written) >= sizeof(mountPoint))) {
- SLOGE("ASEC unmount failed for %s: couldn't construct mountpoint", id);
- return -1;
- }
-
- char idHash[33];
- if (!asecHash(id, idHash, sizeof(idHash))) {
- SLOGE("Hash of '%s' failed (%s)", id, strerror(errno));
- return -1;
- }
-
- return unmountLoopImage(id, idHash, asecFileName, mountPoint, force);
-}
-
-int VolumeManager::unmountObb(const char *fileName, bool force) {
- char mountPoint[255];
-
- char idHash[33];
- if (!asecHash(fileName, idHash, sizeof(idHash))) {
- SLOGE("Hash of '%s' failed (%s)", fileName, strerror(errno));
- return -1;
- }
-
- int written = snprintf(mountPoint, sizeof(mountPoint), "%s/%s", VolumeManager::LOOPDIR, idHash);
- if ((written < 0) || (size_t(written) >= sizeof(mountPoint))) {
- SLOGE("OBB unmount failed for %s: couldn't construct mountpoint", fileName);
- return -1;
- }
-
- return unmountLoopImage(fileName, idHash, fileName, mountPoint, force);
-}
-
-int VolumeManager::unmountLoopImage(const char *id, const char *idHash,
- const char *fileName, const char *mountPoint, bool force) {
- if (!isMountpointMounted(mountPoint)) {
- SLOGE("Unmount request for %s when not mounted", id);
- errno = ENOENT;
- return -1;
- }
-
- int i, rc;
- for (i = 1; i <= UNMOUNT_RETRIES; i++) {
- rc = umount(mountPoint);
- if (!rc) {
- break;
- }
- if (rc && (errno == EINVAL || errno == ENOENT)) {
- SLOGI("Container %s unmounted OK", id);
- rc = 0;
- break;
- }
- SLOGW("%s unmount attempt %d failed (%s)",
- id, i, strerror(errno));
-
- int signal = 0; // default is to just complain
-
- if (force) {
- if (i > (UNMOUNT_RETRIES - 2))
- signal = SIGKILL;
- else if (i > (UNMOUNT_RETRIES - 3))
- signal = SIGTERM;
- }
-
- Process::killProcessesWithOpenFiles(mountPoint, signal);
- usleep(UNMOUNT_SLEEP_BETWEEN_RETRY_MS);
- }
-
- if (rc) {
- errno = EBUSY;
- SLOGE("Failed to unmount container %s (%s)", id, strerror(errno));
- return -1;
- }
-
- int retries = 10;
-
- while(retries--) {
- if (!rmdir(mountPoint)) {
- break;
- }
-
- SLOGW("Failed to rmdir %s (%s)", mountPoint, strerror(errno));
- usleep(UNMOUNT_SLEEP_BETWEEN_RETRY_MS);
- }
-
- if (!retries) {
- SLOGE("Timed out trying to rmdir %s (%s)", mountPoint, strerror(errno));
- }
-
- for (i=1; i <= UNMOUNT_RETRIES; i++) {
- if (Devmapper::destroy(idHash) && errno != ENXIO) {
- SLOGE("Failed to destroy devmapper instance (%s)", strerror(errno));
- usleep(UNMOUNT_SLEEP_BETWEEN_RETRY_MS);
- continue;
- } else {
- break;
- }
- }
-
- char loopDevice[255];
- if (!Loop::lookupActive(idHash, loopDevice, sizeof(loopDevice))) {
- Loop::destroyByDevice(loopDevice);
- } else {
- SLOGW("Failed to find loop device for {%s} (%s)", fileName, strerror(errno));
- }
-
- AsecIdCollection::iterator it;
- for (it = mActiveContainers->begin(); it != mActiveContainers->end(); ++it) {
- ContainerData* cd = *it;
- if (!strcmp(cd->id, id)) {
- free(*it);
- mActiveContainers->erase(it);
- break;
- }
- }
- if (it == mActiveContainers->end()) {
- SLOGW("mActiveContainers is inconsistent!");
- }
- return 0;
-}
-
-int VolumeManager::destroyAsec(const char *id, bool force) {
- char asecFileName[255];
- char mountPoint[255];
-
- if (!isLegalAsecId(id)) {
- SLOGE("destroyAsec: Invalid asec id \"%s\"", id);
- errno = EINVAL;
- return -1;
- }
-
- if (findAsec(id, asecFileName, sizeof(asecFileName))) {
- SLOGE("Couldn't find ASEC %s", id);
- return -1;
- }
-
- int written = snprintf(mountPoint, sizeof(mountPoint), "%s/%s", VolumeManager::ASECDIR, id);
- if ((written < 0) || (size_t(written) >= sizeof(mountPoint))) {
- SLOGE("ASEC destroy failed for %s: couldn't construct mountpoint", id);
- return -1;
- }
-
- if (isMountpointMounted(mountPoint)) {
- if (mDebug) {
- SLOGD("Unmounting container before destroy");
- }
- if (unmountAsec(id, force)) {
- SLOGE("Failed to unmount asec %s for destroy (%s)", id, strerror(errno));
- return -1;
- }
- }
-
- if (unlink(asecFileName)) {
- SLOGE("Failed to unlink asec '%s' (%s)", asecFileName, strerror(errno));
- return -1;
- }
-
- if (mDebug) {
- SLOGD("ASEC %s destroyed", id);
- }
- return 0;
-}
-
-/*
- * Legal ASEC ids consist of alphanumeric characters, '-',
- * '_', or '.'. ".." is not allowed. The first or last character
- * of the ASEC id cannot be '.' (dot).
- */
-bool VolumeManager::isLegalAsecId(const char *id) const {
- size_t i;
- size_t len = strlen(id);
-
- if (len == 0) {
- return false;
- }
- if ((id[0] == '.') || (id[len - 1] == '.')) {
- return false;
- }
-
- for (i = 0; i < len; i++) {
- if (id[i] == '.') {
- // i=0 is guaranteed never to have a dot. See above.
- if (id[i-1] == '.') return false;
- continue;
- }
- if (id[i] == '_' || id[i] == '-') continue;
- if (id[i] >= 'a' && id[i] <= 'z') continue;
- if (id[i] >= 'A' && id[i] <= 'Z') continue;
- if (id[i] >= '0' && id[i] <= '9') continue;
- return false;
- }
-
- return true;
-}
-
-bool VolumeManager::isAsecInDirectory(const char *dir, const char *asecName) const {
- int dirfd = open(dir, O_DIRECTORY | O_CLOEXEC);
- if (dirfd < 0) {
- SLOGE("Couldn't open internal ASEC dir (%s)", strerror(errno));
- return false;
- }
-
- struct stat sb;
- bool ret = (fstatat(dirfd, asecName, &sb, AT_SYMLINK_NOFOLLOW) == 0)
- && S_ISREG(sb.st_mode);
-
- close(dirfd);
-
- return ret;
-}
-
-int VolumeManager::findAsec(const char *id, char *asecPath, size_t asecPathLen,
- const char **directory) const {
- char *asecName;
-
- if (!isLegalAsecId(id)) {
- SLOGE("findAsec: Invalid asec id \"%s\"", id);
- errno = EINVAL;
- return -1;
- }
-
- if (asprintf(&asecName, "%s.asec", id) < 0) {
- SLOGE("Couldn't allocate string to write ASEC name");
- return -1;
- }
-
- const char *dir;
- if (isAsecInDirectory(VolumeManager::SEC_ASECDIR_INT, asecName)) {
- dir = VolumeManager::SEC_ASECDIR_INT;
- } else if (isAsecInDirectory(VolumeManager::SEC_ASECDIR_EXT, asecName)) {
- dir = VolumeManager::SEC_ASECDIR_EXT;
- } else {
- free(asecName);
- return -1;
- }
-
- if (directory != NULL) {
- *directory = dir;
- }
-
- if (asecPath != NULL) {
- int written = snprintf(asecPath, asecPathLen, "%s/%s", dir, asecName);
- if ((written < 0) || (size_t(written) >= asecPathLen)) {
- SLOGE("findAsec failed for %s: couldn't construct ASEC path", id);
- free(asecName);
- return -1;
- }
- }
-
- free(asecName);
- return 0;
-}
-
-int VolumeManager::mountAsec(const char *id, const char *key, int ownerUid, bool readOnly) {
- char asecFileName[255];
- char mountPoint[255];
-
- if (!isLegalAsecId(id)) {
- SLOGE("mountAsec: Invalid asec id \"%s\"", id);
- errno = EINVAL;
- return -1;
- }
-
- if (findAsec(id, asecFileName, sizeof(asecFileName))) {
- SLOGE("Couldn't find ASEC %s", id);
- return -1;
- }
-
- int written = snprintf(mountPoint, sizeof(mountPoint), "%s/%s", VolumeManager::ASECDIR, id);
- if ((written < 0) || (size_t(written) >= sizeof(mountPoint))) {
- SLOGE("ASEC mount failed for %s: couldn't construct mountpoint", id);
- return -1;
- }
-
- if (isMountpointMounted(mountPoint)) {
- SLOGE("ASEC %s already mounted", id);
- errno = EBUSY;
- return -1;
- }
-
- char idHash[33];
- if (!asecHash(id, idHash, sizeof(idHash))) {
- SLOGE("Hash of '%s' failed (%s)", id, strerror(errno));
- return -1;
- }
-
- char loopDevice[255];
- if (setupLoopDevice(loopDevice, sizeof(loopDevice), asecFileName, idHash, mDebug))
- return -1;
-
- char dmDevice[255];
- bool cleanupDm = false;
-
- unsigned long nr_sec = 0;
- struct asec_superblock sb;
-
- if (Loop::lookupInfo(loopDevice, &sb, &nr_sec)) {
- return -1;
- }
-
- if (mDebug) {
- SLOGD("Container sb magic/ver (%.8x/%.2x)", sb.magic, sb.ver);
- }
- if (sb.magic != ASEC_SB_MAGIC || sb.ver != ASEC_SB_VER) {
- SLOGE("Bad container magic/version (%.8x/%.2x)", sb.magic, sb.ver);
- Loop::destroyByDevice(loopDevice);
- errno = EMEDIUMTYPE;
- return -1;
- }
- nr_sec--; // We don't want the devmapping to extend onto our superblock
-
- if (setupDevMapperDevice(dmDevice, sizeof(dmDevice), loopDevice, asecFileName, key, idHash , nr_sec, &cleanupDm, mDebug)) {
- Loop::destroyByDevice(loopDevice);
- return -1;
- }
-
- if (mkdir(mountPoint, 0000)) {
- if (errno != EEXIST) {
- SLOGE("Mountpoint creation failed (%s)", strerror(errno));
- if (cleanupDm) {
- Devmapper::destroy(idHash);
- }
- Loop::destroyByDevice(loopDevice);
- return -1;
- }
- }
-
- /*
- * Wait for the device mapper node to be created.
- */
- waitForDevMapper(dmDevice);
-
- int result;
- if (sb.c_opts & ASEC_SB_C_OPTS_EXT4) {
- result = android::vold::ext4::Mount(dmDevice, mountPoint,
- readOnly, false, readOnly);
- } else {
- result = android::vold::vfat::Mount(dmDevice, mountPoint,
- readOnly, false, readOnly, ownerUid, 0, 0222, false);
- }
-
- if (result) {
- SLOGE("ASEC mount failed (%s)", strerror(errno));
- if (cleanupDm) {
- Devmapper::destroy(idHash);
- }
- Loop::destroyByDevice(loopDevice);
- return -1;
- }
-
- mActiveContainers->push_back(new ContainerData(strdup(id), ASEC));
- if (mDebug) {
- SLOGD("ASEC %s mounted", id);
- }
- return 0;
-}
-
-/**
- * Mounts an image file <code>img</code>.
- */
-int VolumeManager::mountObb(const char *img, const char *key, int ownerGid) {
- char mountPoint[255];
-
- char idHash[33];
- if (!asecHash(img, idHash, sizeof(idHash))) {
- SLOGE("Hash of '%s' failed (%s)", img, strerror(errno));
- return -1;
- }
-
- int written = snprintf(mountPoint, sizeof(mountPoint), "%s/%s", VolumeManager::LOOPDIR, idHash);
- if ((written < 0) || (size_t(written) >= sizeof(mountPoint))) {
- SLOGE("OBB mount failed for %s: couldn't construct mountpoint", img);
- return -1;
- }
-
- if (isMountpointMounted(mountPoint)) {
- SLOGE("Image %s already mounted", img);
- errno = EBUSY;
- return -1;
- }
-
- char loopDevice[255];
- if (setupLoopDevice(loopDevice, sizeof(loopDevice), img, idHash, mDebug))
- return -1;
-
- char dmDevice[255];
- bool cleanupDm = false;
- int fd;
- unsigned long nr_sec = 0;
-
- if ((fd = open(loopDevice, O_RDWR | O_CLOEXEC)) < 0) {
- SLOGE("Failed to open loopdevice (%s)", strerror(errno));
- Loop::destroyByDevice(loopDevice);
- return -1;
- }
-
- get_blkdev_size(fd, &nr_sec);
- if (nr_sec == 0) {
- SLOGE("Failed to get loop size (%s)", strerror(errno));
- Loop::destroyByDevice(loopDevice);
- close(fd);
- return -1;
- }
-
- close(fd);
-
- if (setupDevMapperDevice(dmDevice, sizeof(loopDevice), loopDevice, img,key, idHash, nr_sec, &cleanupDm, mDebug)) {
- Loop::destroyByDevice(loopDevice);
- return -1;
- }
-
- if (mkdir(mountPoint, 0755)) {
- if (errno != EEXIST) {
- SLOGE("Mountpoint creation failed (%s)", strerror(errno));
- if (cleanupDm) {
- Devmapper::destroy(idHash);
- }
- Loop::destroyByDevice(loopDevice);
- return -1;
- }
- }
-
- /*
- * Wait for the device mapper node to be created.
- */
- waitForDevMapper(dmDevice);
-
- if (android::vold::vfat::Mount(dmDevice, mountPoint,
- true, false, true, 0, ownerGid, 0227, false)) {
- SLOGE("Image mount failed (%s)", strerror(errno));
- if (cleanupDm) {
- Devmapper::destroy(idHash);
- }
- Loop::destroyByDevice(loopDevice);
- return -1;
- }
-
- mActiveContainers->push_back(new ContainerData(strdup(img), OBB));
- if (mDebug) {
- SLOGD("Image %s mounted", img);
- }
- return 0;
-}
-
-int VolumeManager::listMountedObbs(SocketClient* cli) {
- FILE *fp = setmntent("/proc/mounts", "r");
- if (fp == NULL) {
- SLOGE("Error opening /proc/mounts (%s)", strerror(errno));
- return -1;
- }
-
- // Create a string to compare against that has a trailing slash
- int loopDirLen = strlen(VolumeManager::LOOPDIR);
- char loopDir[loopDirLen + 2];
- strlcpy(loopDir, VolumeManager::LOOPDIR, sizeof(loopDir));
- loopDir[loopDirLen++] = '/';
- loopDir[loopDirLen] = '\0';
-
- mntent* mentry;
- while ((mentry = getmntent(fp)) != NULL) {
- if (!strncmp(mentry->mnt_dir, loopDir, loopDirLen)) {
- int fd = open(mentry->mnt_fsname, O_RDONLY | O_CLOEXEC);
- if (fd >= 0) {
- struct loop_info64 li;
- if (ioctl(fd, LOOP_GET_STATUS64, &li) >= 0) {
- cli->sendMsg(ResponseCode::AsecListResult,
- (const char*) li.lo_file_name, false);
- }
- close(fd);
- }
- }
- }
- endmntent(fp);
- return 0;
-}
-
extern "C" int vold_unmountAll(void) {
VolumeManager *vm = VolumeManager::Instance();
return vm->unmountAll();
}
-bool VolumeManager::isMountpointMounted(const char *mp)
-{
- FILE *fp = setmntent("/proc/mounts", "r");
- if (fp == NULL) {
- SLOGE("Error opening /proc/mounts (%s)", strerror(errno));
- return false;
- }
-
- bool found_mp = false;
- mntent* mentry;
- while ((mentry = getmntent(fp)) != NULL) {
- if (strcmp(mentry->mnt_dir, mp) == 0) {
- found_mp = true;
- break;
- }
- }
- endmntent(fp);
- return found_mp;
-}
-
-int VolumeManager::mkdirs(char* path) {
+int VolumeManager::mkdirs(const char* path) {
// Only offer to create directories for paths managed by vold
if (strncmp(path, "/storage/", 9) == 0) {
// fs_mkdirs() does symlink checking and relative path enforcement
@@ -1962,3 +607,223 @@
return -EINVAL;
}
}
+
+static size_t kAppFuseMaxMountPointName = 32;
+
+static android::status_t getMountPath(uid_t uid, const std::string& name, std::string* path) {
+ if (name.size() > kAppFuseMaxMountPointName) {
+ LOG(ERROR) << "AppFuse mount name is too long.";
+ return -EINVAL;
+ }
+ for (size_t i = 0; i < name.size(); i++) {
+ if (!isalnum(name[i])) {
+ LOG(ERROR) << "AppFuse mount name contains invalid character.";
+ return -EINVAL;
+ }
+ }
+ *path = android::base::StringPrintf("/mnt/appfuse/%d_%s", uid, name.c_str());
+ return android::OK;
+}
+
+static android::status_t mountInNamespace(uid_t uid, int device_fd, const std::string& path) {
+ // Remove existing mount.
+ android::vold::ForceUnmount(path);
+
+ const auto opts = android::base::StringPrintf(
+ "fd=%i,"
+ "rootmode=40000,"
+ "default_permissions,"
+ "allow_other,"
+ "user_id=%d,group_id=%d,"
+ "context=\"u:object_r:app_fuse_file:s0\","
+ "fscontext=u:object_r:app_fusefs:s0",
+ device_fd,
+ uid,
+ uid);
+
+ const int result = TEMP_FAILURE_RETRY(mount(
+ "/dev/fuse", path.c_str(), "fuse",
+ MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_NOATIME, opts.c_str()));
+ if (result != 0) {
+ PLOG(ERROR) << "Failed to mount " << path;
+ return -errno;
+ }
+
+ return android::OK;
+}
+
+static android::status_t runCommandInNamespace(const std::string& command,
+ uid_t uid,
+ pid_t pid,
+ const std::string& path,
+ int device_fd) {
+ if (DEBUG_APPFUSE) {
+ LOG(DEBUG) << "Run app fuse command " << command << " for the path " << path
+ << " in namespace " << uid;
+ }
+
+ unique_fd dir(open("/proc", O_RDONLY | O_DIRECTORY | O_CLOEXEC));
+ if (dir.get() == -1) {
+ PLOG(ERROR) << "Failed to open /proc";
+ return -errno;
+ }
+
+ // Obtains process file descriptor.
+ const std::string pid_str = android::base::StringPrintf("%d", pid);
+ const unique_fd pid_fd(
+ openat(dir.get(), pid_str.c_str(), O_RDONLY | O_DIRECTORY | O_CLOEXEC));
+ if (pid_fd.get() == -1) {
+ PLOG(ERROR) << "Failed to open /proc/" << pid;
+ return -errno;
+ }
+
+ // Check UID of process.
+ {
+ struct stat sb;
+ const int result = fstat(pid_fd.get(), &sb);
+ if (result == -1) {
+ PLOG(ERROR) << "Failed to stat /proc/" << pid;
+ return -errno;
+ }
+ if (sb.st_uid != AID_SYSTEM) {
+ LOG(ERROR) << "Only system can mount appfuse. UID expected=" << AID_SYSTEM
+ << ", actual=" << sb.st_uid;
+ return -EPERM;
+ }
+ }
+
+ // Matches so far, but refuse to touch if in root namespace
+ {
+ char rootName[PATH_MAX];
+ char pidName[PATH_MAX];
+ const int root_result =
+ android::vold::SaneReadLinkAt(dir.get(), "1/ns/mnt", rootName, PATH_MAX);
+ const int pid_result =
+ android::vold::SaneReadLinkAt(pid_fd.get(), "ns/mnt", pidName, PATH_MAX);
+ if (root_result == -1) {
+ LOG(ERROR) << "Failed to readlink for /proc/1/ns/mnt";
+ return -EPERM;
+ }
+ if (pid_result == -1) {
+ LOG(ERROR) << "Failed to readlink for /proc/" << pid << "/ns/mnt";
+ return -EPERM;
+ }
+ if (!strcmp(rootName, pidName)) {
+ LOG(ERROR) << "Don't mount appfuse in root namespace";
+ return -EPERM;
+ }
+ }
+
+ // We purposefully leave the namespace open across the fork
+ unique_fd ns_fd(openat(pid_fd.get(), "ns/mnt", O_RDONLY)); // not O_CLOEXEC
+ if (ns_fd.get() < 0) {
+ PLOG(ERROR) << "Failed to open namespace for /proc/" << pid << "/ns/mnt";
+ return -errno;
+ }
+
+ int child = fork();
+ if (child == 0) {
+ if (setns(ns_fd.get(), CLONE_NEWNS) != 0) {
+ PLOG(ERROR) << "Failed to setns";
+ _exit(-errno);
+ }
+
+ if (command == "mount") {
+ _exit(mountInNamespace(uid, device_fd, path));
+ } else if (command == "unmount") {
+ // If it's just after all FD opened on mount point are closed, umount2 can fail with
+ // EBUSY. To avoid the case, specify MNT_DETACH.
+ if (umount2(path.c_str(), UMOUNT_NOFOLLOW | MNT_DETACH) != 0 &&
+ errno != EINVAL && errno != ENOENT) {
+ PLOG(ERROR) << "Failed to unmount directory.";
+ _exit(-errno);
+ }
+ if (rmdir(path.c_str()) != 0) {
+ PLOG(ERROR) << "Failed to remove the mount directory.";
+ _exit(-errno);
+ }
+ _exit(android::OK);
+ } else {
+ LOG(ERROR) << "Unknown appfuse command " << command;
+ _exit(-EPERM);
+ }
+ }
+
+ if (child == -1) {
+ PLOG(ERROR) << "Failed to folk child process";
+ return -errno;
+ }
+
+ android::status_t status;
+ TEMP_FAILURE_RETRY(waitpid(child, &status, 0));
+
+ return status;
+}
+
+int VolumeManager::createObb(const std::string& sourcePath, const std::string& sourceKey,
+ int32_t ownerGid, std::string* outVolId) {
+ int id = mNextObbId++;
+
+ auto vol = std::shared_ptr<android::vold::VolumeBase>(
+ new android::vold::ObbVolume(id, sourcePath, sourceKey, ownerGid));
+ vol->create();
+
+ mObbVolumes.push_back(vol);
+ *outVolId = vol->getId();
+ return android::OK;
+}
+
+int VolumeManager::destroyObb(const std::string& volId) {
+ auto i = mObbVolumes.begin();
+ while (i != mObbVolumes.end()) {
+ if ((*i)->getId() == volId) {
+ (*i)->destroy();
+ i = mObbVolumes.erase(i);
+ } else {
+ ++i;
+ }
+ }
+ return android::OK;
+}
+
+int VolumeManager::mountAppFuse(uid_t uid, pid_t pid, int mountId,
+ android::base::unique_fd* device_fd) {
+ std::string name = std::to_string(mountId);
+
+ // Check mount point name.
+ std::string path;
+ if (getMountPath(uid, name, &path) != android::OK) {
+ LOG(ERROR) << "Invalid mount point name";
+ return -1;
+ }
+
+ // Create directories.
+ const android::status_t result = android::vold::PrepareDir(path, 0700, 0, 0);
+ if (result != android::OK) {
+ PLOG(ERROR) << "Failed to prepare directory " << path;
+ return -1;
+ }
+
+ // Open device FD.
+ device_fd->reset(open("/dev/fuse", O_RDWR)); // not O_CLOEXEC
+ if (device_fd->get() == -1) {
+ PLOG(ERROR) << "Failed to open /dev/fuse";
+ return -1;
+ }
+
+ // Mount.
+ return runCommandInNamespace("mount", uid, pid, path, device_fd->get());
+}
+
+int VolumeManager::unmountAppFuse(uid_t uid, pid_t pid, int mountId) {
+ std::string name = std::to_string(mountId);
+
+ // Check mount point name.
+ std::string path;
+ if (getMountPath(uid, name, &path) != android::OK) {
+ LOG(ERROR) << "Invalid mount point name";
+ return -1;
+ }
+
+ return runCommandInNamespace("unmount", uid, pid, path, -1 /* device_fd */);
+}
diff --git a/VolumeManager.h b/VolumeManager.h
index 537aebe..dcfbdad 100644
--- a/VolumeManager.h
+++ b/VolumeManager.h
@@ -29,68 +29,38 @@
#include <unordered_map>
#include <unordered_set>
+#include <android-base/unique_fd.h>
#include <cutils/multiuser.h>
#include <utils/List.h>
#include <utils/Timers.h>
-#include <sysutils/SocketListener.h>
#include <sysutils/NetlinkEvent.h>
-#include "Disk.h"
-#include "VolumeBase.h"
+#include "android/os/IVoldListener.h"
-/* The length of an MD5 hash when encoded into ASCII hex characters */
-#define MD5_ASCII_LENGTH_PLUS_NULL ((MD5_DIGEST_LENGTH*2)+1)
+#include "model/Disk.h"
+#include "model/VolumeBase.h"
-typedef enum { ASEC, OBB } container_type_t;
-
-class ContainerData {
-public:
- ContainerData(char* _id, container_type_t _type)
- : id(_id)
- , type(_type)
- {}
-
- ~ContainerData() {
- if (id != NULL) {
- free(id);
- id = NULL;
- }
- }
-
- char *id;
- container_type_t type;
-};
-
-typedef android::List<ContainerData*> AsecIdCollection;
+#define DEBUG_APPFUSE 0
class VolumeManager {
public:
- static const char *SEC_ASECDIR_EXT;
- static const char *SEC_ASECDIR_INT;
- static const char *ASECDIR;
- static const char *LOOPDIR;
-
//TODO remove this with better solution, b/64143519
static bool shutting_down;
private:
static VolumeManager *sInstance;
- SocketListener *mBroadcaster;
-
- AsecIdCollection *mActiveContainers;
bool mDebug;
- // for adjusting /proc/sys/vm/dirty_ratio when UMS is active
- int mUmsSharingCount;
- int mSavedDirtyRatio;
- int mUmsDirtyRatio;
-
public:
virtual ~VolumeManager();
// TODO: pipe all requests through VM to avoid exposing this lock
std::mutex& getLock() { return mLock; }
+ std::mutex& getCryptLock() { return mCryptLock; }
+
+ void setListener(android::sp<android::os::IVoldListener> listener) { mListener = listener; }
+ android::sp<android::os::IVoldListener> getListener() { return mListener; }
int start();
int stop();
@@ -123,8 +93,6 @@
void listVolumes(android::vold::VolumeBase::Type type, std::list<std::string>& list);
- nsecs_t benchmarkPrivate(const std::string& id);
-
int forgetPartition(const std::string& partGuid);
int onUserAdded(userid_t userId, int userSerialNumber);
@@ -143,52 +111,11 @@
/* Unmount all volumes, usually for encryption */
int unmountAll();
- /* ASEC */
- int findAsec(const char *id, char *asecPath = NULL, size_t asecPathLen = 0,
- const char **directory = NULL) const;
- int createAsec(const char *id, unsigned long numSectors, const char *fstype,
- const char *key, const int ownerUid, bool isExternal);
- int resizeAsec(const char *id, unsigned long numSectors, const char *key);
- int finalizeAsec(const char *id);
-
- /**
- * Fixes ASEC permissions on a filesystem that has owners and permissions.
- * This currently means EXT4-based ASEC containers.
- *
- * There is a single file that can be marked as "private" and will not have
- * world-readable permission. The group for that file will be set to the gid
- * supplied.
- *
- * Returns 0 on success.
- */
- int fixupAsecPermissions(const char *id, gid_t gid, const char* privateFilename);
- int destroyAsec(const char *id, bool force);
- int mountAsec(const char *id, const char *key, int ownerUid, bool readOnly);
- int unmountAsec(const char *id, bool force);
- int renameAsec(const char *id1, const char *id2);
- int getAsecMountPath(const char *id, char *buffer, int maxlen);
- int getAsecFilesystemPath(const char *id, char *buffer, int maxlen);
-
- /* Loopback images */
- int listMountedObbs(SocketClient* cli);
- int mountObb(const char *fileName, const char *key, int ownerUid);
- int unmountObb(const char *fileName, bool force);
- int getObbMountPath(const char *id, char *buffer, int maxlen);
-
- /* Shared between ASEC and Loopback images */
- int unmountLoopImage(const char *containerId, const char *loopId,
- const char *fileName, const char *mountPoint, bool force);
-
int updateVirtualDisk();
int setDebug(bool enable);
- void setBroadcaster(SocketListener *sl) { mBroadcaster = sl; }
- SocketListener *getBroadcaster() { return mBroadcaster; }
-
static VolumeManager *Instance();
- static char *asecHash(const char *id, char *buffer, size_t len);
-
/*
* Ensure that all directories along given path exist, creating parent
* directories as needed. Validates that given path is absolute and that
@@ -196,21 +123,29 @@
* is treated as filename and ignored, unless the path ends with "/". Also
* ensures that path belongs to a volume managed by vold.
*/
- int mkdirs(char* path);
+ int mkdirs(const char* path);
+
+ int createObb(const std::string& path, const std::string& key, int32_t ownerGid,
+ std::string* outVolId);
+ int destroyObb(const std::string& volId);
+
+ int mountAppFuse(uid_t uid, pid_t pid, int mountId, android::base::unique_fd* device_fd);
+ int unmountAppFuse(uid_t uid, pid_t pid, int mountId);
private:
VolumeManager();
void readInitialState();
- bool isMountpointMounted(const char *mp);
- bool isAsecInDirectory(const char *dir, const char *asec) const;
- bool isLegalAsecId(const char *id) const;
int linkPrimary(userid_t userId);
std::mutex mLock;
+ std::mutex mCryptLock;
+
+ android::sp<android::os::IVoldListener> mListener;
std::list<std::shared_ptr<DiskSource>> mDiskSources;
std::list<std::shared_ptr<android::vold::Disk>> mDisks;
+ std::list<std::shared_ptr<android::vold::VolumeBase>> mObbVolumes;
std::unordered_map<userid_t, int> mAddedUsers;
std::unordered_set<userid_t> mStartedUsers;
@@ -219,6 +154,8 @@
std::shared_ptr<android::vold::Disk> mVirtualDisk;
std::shared_ptr<android::vold::VolumeBase> mInternalEmulated;
std::shared_ptr<android::vold::VolumeBase> mPrimary;
+
+ int mNextObbId;
};
extern "C" {
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
new file mode 100644
index 0000000..d47f113
--- /dev/null
+++ b/binder/android/os/IVold.aidl
@@ -0,0 +1,140 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.os;
+
+import android.os.IVoldListener;
+import android.os.IVoldTaskListener;
+
+/** {@hide} */
+interface IVold {
+ void setListener(IVoldListener listener);
+
+ void monitor();
+ void reset();
+ void shutdown();
+ void mountAll();
+
+ void onUserAdded(int userId, int userSerial);
+ void onUserRemoved(int userId);
+ void onUserStarted(int userId);
+ void onUserStopped(int userId);
+
+ void partition(@utf8InCpp String diskId, int partitionType, int ratio);
+ void forgetPartition(@utf8InCpp String partGuid);
+
+ void mount(@utf8InCpp String volId, int mountFlags, int mountUserId);
+ void unmount(@utf8InCpp String volId);
+ void format(@utf8InCpp String volId, @utf8InCpp String fsType);
+ void benchmark(@utf8InCpp String volId, IVoldTaskListener listener);
+
+ void moveStorage(@utf8InCpp String fromVolId, @utf8InCpp String toVolId,
+ IVoldTaskListener listener);
+
+ void remountUid(int uid, int remountMode);
+
+ void mkdirs(@utf8InCpp String path);
+
+ @utf8InCpp String createObb(@utf8InCpp String sourcePath,
+ @utf8InCpp String sourceKey, int ownerGid);
+ void destroyObb(@utf8InCpp String volId);
+
+ void fstrim(int fstrimFlags, IVoldTaskListener listener);
+
+ FileDescriptor mountAppFuse(int uid, int pid, int mountId);
+ void unmountAppFuse(int uid, int pid, int mountId);
+
+ void fdeCheckPassword(@utf8InCpp String password);
+ void fdeRestart();
+ int fdeComplete();
+ void fdeEnable(int passwordType, @utf8InCpp String password, int encryptionFlags);
+ void fdeChangePassword(int passwordType, @utf8InCpp String password);
+ void fdeVerifyPassword(@utf8InCpp String password);
+ @utf8InCpp String fdeGetField(@utf8InCpp String key);
+ void fdeSetField(@utf8InCpp String key, @utf8InCpp String value);
+ int fdeGetPasswordType();
+ @utf8InCpp String fdeGetPassword();
+ void fdeClearPassword();
+
+ void fbeEnable();
+
+ void mountDefaultEncrypted();
+ void initUser0();
+ boolean isConvertibleToFbe();
+
+ void createUserKey(int userId, int userSerial, boolean ephemeral);
+ void destroyUserKey(int userId);
+
+ void addUserKeyAuth(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
+ void fixateNewestUserKeyAuth(int userId);
+
+ void unlockUserKey(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
+ void lockUserKey(int userId);
+
+ void prepareUserStorage(@nullable @utf8InCpp String uuid, int userId, int userSerial, int storageFlags);
+ void destroyUserStorage(@nullable @utf8InCpp String uuid, int userId, int storageFlags);
+
+ void secdiscard(@utf8InCpp String path);
+
+ const int ENCRYPTION_FLAG_WIPE = 1;
+ const int ENCRYPTION_FLAG_IN_PLACE = 2;
+ const int ENCRYPTION_FLAG_NO_UI = 4;
+
+ const int ENCRYPTION_STATE_NONE = 1;
+ const int ENCRYPTION_STATE_OK = 0;
+ const int ENCRYPTION_STATE_ERROR_UNKNOWN = -1;
+ const int ENCRYPTION_STATE_ERROR_INCOMPLETE = -2;
+ const int ENCRYPTION_STATE_ERROR_INCONSISTENT = -3;
+ const int ENCRYPTION_STATE_ERROR_CORRUPT = -4;
+
+ const int FSTRIM_FLAG_DEEP_TRIM = 1;
+
+ const int MOUNT_FLAG_PRIMARY = 1;
+ const int MOUNT_FLAG_VISIBLE = 2;
+
+ const int PARTITION_TYPE_PUBLIC = 0;
+ const int PARTITION_TYPE_PRIVATE = 1;
+ const int PARTITION_TYPE_MIXED = 2;
+
+ const int PASSWORD_TYPE_PASSWORD = 0;
+ const int PASSWORD_TYPE_DEFAULT = 1;
+ const int PASSWORD_TYPE_PIN = 2;
+ const int PASSWORD_TYPE_PATTERN = 3;
+
+ const int STORAGE_FLAG_DE = 1;
+ const int STORAGE_FLAG_CE = 2;
+
+ const int REMOUNT_MODE_NONE = 0;
+ const int REMOUNT_MODE_DEFAULT = 1;
+ const int REMOUNT_MODE_READ = 2;
+ const int REMOUNT_MODE_WRITE = 3;
+
+ const int VOLUME_STATE_UNMOUNTED = 0;
+ const int VOLUME_STATE_CHECKING = 1;
+ const int VOLUME_STATE_MOUNTED = 2;
+ const int VOLUME_STATE_MOUNTED_READ_ONLY = 3;
+ const int VOLUME_STATE_FORMATTING = 4;
+ const int VOLUME_STATE_EJECTING = 5;
+ const int VOLUME_STATE_UNMOUNTABLE = 6;
+ const int VOLUME_STATE_REMOVED = 7;
+ const int VOLUME_STATE_BAD_REMOVAL = 8;
+
+ const int VOLUME_TYPE_PUBLIC = 0;
+ const int VOLUME_TYPE_PRIVATE = 1;
+ const int VOLUME_TYPE_EMULATED = 2;
+ const int VOLUME_TYPE_ASEC = 3;
+ const int VOLUME_TYPE_OBB = 4;
+}
diff --git a/binder/android/os/IVoldListener.aidl b/binder/android/os/IVoldListener.aidl
new file mode 100644
index 0000000..0dcfc04
--- /dev/null
+++ b/binder/android/os/IVoldListener.aidl
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.os;
+
+/** {@hide} */
+oneway interface IVoldListener {
+ void onDiskCreated(@utf8InCpp String diskId, int flags);
+ void onDiskScanned(@utf8InCpp String diskId);
+ void onDiskMetadataChanged(@utf8InCpp String diskId,
+ long sizeBytes, @utf8InCpp String label, @utf8InCpp String sysPath);
+ void onDiskDestroyed(@utf8InCpp String diskId);
+
+ void onVolumeCreated(@utf8InCpp String volId,
+ int type, @utf8InCpp String diskId, @utf8InCpp String partGuid);
+ void onVolumeStateChanged(@utf8InCpp String volId, int state);
+ void onVolumeMetadataChanged(@utf8InCpp String volId,
+ @utf8InCpp String fsType, @utf8InCpp String fsUuid, @utf8InCpp String fsLabel);
+ void onVolumePathChanged(@utf8InCpp String volId,
+ @utf8InCpp String path);
+ void onVolumeInternalPathChanged(@utf8InCpp String volId,
+ @utf8InCpp String internalPath);
+ void onVolumeDestroyed(@utf8InCpp String volId);
+}
diff --git a/VoldCommand.h b/binder/android/os/IVoldTaskListener.aidl
similarity index 65%
rename from VoldCommand.h
rename to binder/android/os/IVoldTaskListener.aidl
index e435159..e2bac04 100644
--- a/VoldCommand.h
+++ b/binder/android/os/IVoldTaskListener.aidl
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008 The Android Open Source Project
+ * Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,15 +14,12 @@
* limitations under the License.
*/
-#ifndef _VOLD_COMMAND_H
-#define _VOLD_COMMAND_H
+package android.os;
-#include <sysutils/FrameworkCommand.h>
+import android.os.PersistableBundle;
-class VoldCommand : public FrameworkCommand {
-public:
- explicit VoldCommand(const char *cmd);
- virtual ~VoldCommand() {}
-};
-
-#endif
+/** {@hide} */
+oneway interface IVoldTaskListener {
+ void onStatus(int status, in PersistableBundle extras);
+ void onFinished(int status, in PersistableBundle extras);
+}
diff --git a/cryptfs.cpp b/cryptfs.cpp
index a79909a..132b31f 100644
--- a/cryptfs.cpp
+++ b/cryptfs.cpp
@@ -38,7 +38,6 @@
#include <openssl/evp.h>
#include <openssl/sha.h>
#include <errno.h>
-#include <ext4_utils/ext4.h>
#include <ext4_utils/ext4_utils.h>
#include <linux/kdev_t.h>
#include <fs_mgr.h>
@@ -1420,7 +1419,7 @@
*/
char ro_prop[PROPERTY_VALUE_MAX];
property_get("ro.crypto.readonly", ro_prop, "");
- if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
+ if (strlen(ro_prop) > 0 && std::stoi(ro_prop)) {
struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
rec->flags |= MS_RDONLY;
}
@@ -1814,7 +1813,7 @@
return rc;
}
-int cryptfs_verify_passwd(char *passwd)
+int cryptfs_verify_passwd(const char *passwd)
{
struct crypt_mnt_ftr crypt_ftr;
/* Allocate enough space for a 256 bit key, but we may use less */
@@ -1913,7 +1912,6 @@
int rc = -1;
if (type == EXT4_FS) {
-#ifdef TARGET_USES_MKE2FS
args[0] = "/system/bin/mke2fs";
args[1] = "-M";
args[2] = "/data";
@@ -1925,16 +1923,6 @@
snprintf(size_str, sizeof(size_str), "%" PRId64, size / (4096 / 512));
args[8] = size_str;
num_args = 9;
-#else
- args[0] = "/system/bin/make_ext4fs";
- args[1] = "-a";
- args[2] = "/data";
- args[3] = "-l";
- snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
- args[4] = size_str;
- args[5] = crypto_blkdev;
- num_args = 6;
-#endif
SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
args[0], args[1], args[2], args[3], args[4], args[5]);
} else if (type == F2FS_FS) {
@@ -2070,7 +2058,7 @@
return rc;
}
-int cryptfs_enable_internal(char *howarg, int crypt_type, const char *passwd,
+int cryptfs_enable_internal(const char *howarg, int crypt_type, const char *passwd,
int no_ui)
{
int how = 0;
@@ -2429,12 +2417,12 @@
return -1;
}
-int cryptfs_enable(char *howarg, int type, char *passwd, int no_ui)
+int cryptfs_enable(const char *howarg, int type, const char *passwd, int no_ui)
{
return cryptfs_enable_internal(howarg, type, passwd, no_ui);
}
-int cryptfs_enable_default(char *howarg, int no_ui)
+int cryptfs_enable_default(const char *howarg, int no_ui)
{
return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
DEFAULT_PASSWORD, no_ui);
@@ -2565,30 +2553,23 @@
* Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
* sequence and its index is greater than or equal to index. Return 0 otherwise.
*/
-static int match_multi_entry(const char *key, const char *field, unsigned index) {
- unsigned int field_len;
- unsigned int key_index;
- field_len = strlen(field);
+int match_multi_entry(const char *key, const char *field, unsigned index) {
+ std::string key_ = key;
+ std::string field_ = field;
- if (index == 0) {
- // The first key in a multi-entry field is just the filedname itself.
- if (!strcmp(key, field)) {
- return 1;
- }
+ std::string parsed_field;
+ unsigned parsed_index;
+
+ std::string::size_type split = key_.find_last_of('_');
+ if (split == std::string::npos) {
+ parsed_field = key_;
+ parsed_index = 0;
+ } else {
+ parsed_field = key_.substr(0, split);
+ parsed_index = std::stoi(key_.substr(split + 1));
}
- // Match key against "%s_%d" % (field, index)
- if (strlen(key) < field_len + 1 + 1) {
- // Need at least a '_' and a digit.
- return 0;
- }
- if (strncmp(key, field, field_len)) {
- // If the key does not begin with field, it's not a match.
- return 0;
- }
- if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
- return 0;
- }
- return key_index >= index;
+
+ return parsed_field == field_ && parsed_index >= index;
}
/*
diff --git a/cryptfs.h b/cryptfs.h
index d20d96d..2169f54 100644
--- a/cryptfs.h
+++ b/cryptfs.h
@@ -222,6 +222,7 @@
extern "C" {
#endif
+ int match_multi_entry(const char *key, const char *field, unsigned index);
int wait_and_unmount(const char *mountpoint, bool kill);
typedef int (*kdf_func)(const char *passwd, const unsigned char *salt,
@@ -229,11 +230,11 @@
int cryptfs_crypto_complete(void);
int cryptfs_check_passwd(const char *pw);
- int cryptfs_verify_passwd(char *newpw);
+ int cryptfs_verify_passwd(const char *pw);
int cryptfs_restart(void);
- int cryptfs_enable(char *flag, int type, char *passwd, int no_ui);
+ int cryptfs_enable(const char *flag, int type, const char *passwd, int no_ui);
int cryptfs_changepw(int type, const char *newpw);
- int cryptfs_enable_default(char *flag, int no_ui);
+ int cryptfs_enable_default(const char *flag, int no_ui);
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
const unsigned char* key, int keysize, char* out_crypto_blkdev);
int cryptfs_revert_ext_volume(const char* label);
diff --git a/main.cpp b/main.cpp
index 30c839e..f317f3d 100644
--- a/main.cpp
+++ b/main.cpp
@@ -14,11 +14,12 @@
* limitations under the License.
*/
-#include "Disk.h"
+#define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
+
+#include "model/Disk.h"
#include "VolumeManager.h"
-#include "CommandListener.h"
-#include "CryptCommandListener.h"
#include "NetlinkManager.h"
+#include "VoldNativeService.h"
#include "cryptfs.h"
#include "sehandle.h"
@@ -26,7 +27,7 @@
#include <android-base/stringprintf.h>
#include <cutils/klog.h>
#include <cutils/properties.h>
-#include <cutils/sockets.h>
+#include <utils/Trace.h>
#include <stdio.h>
#include <stdlib.h>
@@ -53,6 +54,8 @@
setenv("ANDROID_LOG_TAGS", "*:v", 1);
android::base::InitLogging(argv, android::base::LogdLogger(android::base::SYSTEM));
+ ATRACE_BEGIN("main");
+
LOG(INFO) << "Vold 3.0 (the awakening) firing up";
LOG(VERBOSE) << "Detected support for:"
@@ -61,8 +64,6 @@
<< (android::vold::IsFilesystemSupported("vfat") ? " vfat" : "");
VolumeManager *vm;
- CommandListener *cl;
- CryptCommandListener *ccl;
NetlinkManager *nm;
parse_args(argc, argv);
@@ -72,10 +73,6 @@
selinux_android_set_sehandle(sehandle);
}
- // Quickly throw a CLOEXEC on the socket we just inherited from init
- fcntl(android_get_control_socket("vold"), F_SETFD, FD_CLOEXEC);
- fcntl(android_get_control_socket("cryptd"), F_SETFD, FD_CLOEXEC);
-
mkdir("/dev/block/vold", 0755);
/* For when cryptfs checks and mounts an encrypted filesystem */
@@ -96,16 +93,18 @@
vm->setDebug(true);
}
- cl = new CommandListener();
- ccl = new CryptCommandListener();
- vm->setBroadcaster((SocketListener *) cl);
- nm->setBroadcaster((SocketListener *) cl);
-
if (vm->start()) {
PLOG(ERROR) << "Unable to start VolumeManager";
exit(1);
}
+ ATRACE_BEGIN("VoldNativeService::start");
+ if (android::vold::VoldNativeService::start() != android::OK) {
+ LOG(ERROR) << "Unable to start VoldNativeService";
+ exit(1);
+ }
+ ATRACE_END();
+
bool has_adoptable;
bool has_quota;
@@ -113,23 +112,12 @@
PLOG(ERROR) << "Error reading configuration... continuing anyways";
}
+ ATRACE_BEGIN("NetlinkManager::start");
if (nm->start()) {
PLOG(ERROR) << "Unable to start NetlinkManager";
exit(1);
}
-
- /*
- * Now that we're up, we can respond to commands
- */
- if (cl->startListener()) {
- PLOG(ERROR) << "Unable to start CommandListener";
- exit(1);
- }
-
- if (ccl->startListener()) {
- PLOG(ERROR) << "Unable to start CryptCommandListener";
- exit(1);
- }
+ ATRACE_END();
// This call should go after listeners are started to avoid
// a deadlock between vold and init (see b/34278978 for details)
@@ -140,6 +128,9 @@
// also the cold boot is needed in case we have flash drive
// connected before Vold launched
coldboot("/sys/block");
+
+ ATRACE_END();
+
// Eventually we'll become the monitoring thread
while(1) {
pause();
@@ -209,6 +200,7 @@
}
static void coldboot(const char *path) {
+ ATRACE_NAME("coldboot");
DIR *d = opendir(path);
if(d) {
do_coldboot(d, 0);
@@ -217,6 +209,8 @@
}
static int process_config(VolumeManager *vm, bool* has_adoptable, bool* has_quota) {
+ ATRACE_NAME("process_config");
+
fstab = fs_mgr_read_fstab_default();
if (!fstab) {
PLOG(ERROR) << "Failed to open default fstab";
diff --git a/Disk.cpp b/model/Disk.cpp
similarity index 95%
rename from Disk.cpp
rename to model/Disk.cpp
index 9c22400..c889a35 100644
--- a/Disk.cpp
+++ b/model/Disk.cpp
@@ -20,7 +20,6 @@
#include "Utils.h"
#include "VolumeBase.h"
#include "VolumeManager.h"
-#include "ResponseCode.h"
#include "Ext4Crypt.h"
#include <android-base/file.h>
@@ -151,7 +150,10 @@
status_t Disk::create() {
CHECK(!mCreated);
mCreated = true;
- notifyEvent(ResponseCode::DiskCreated, StringPrintf("%d", mFlags));
+
+ auto listener = VolumeManager::Instance()->getListener();
+ if (listener) listener->onDiskCreated(getId(), mFlags);
+
readMetadata();
readPartitions();
return OK;
@@ -161,7 +163,10 @@
CHECK(mCreated);
destroyAllVolumes();
mCreated = false;
- notifyEvent(ResponseCode::DiskDestroyed);
+
+ auto listener = VolumeManager::Instance()->getListener();
+ if (listener) listener->onDiskDestroyed(getId());
+
return OK;
}
@@ -281,9 +286,10 @@
}
}
- notifyEvent(ResponseCode::DiskSizeChanged, StringPrintf("%" PRIu64, mSize));
- notifyEvent(ResponseCode::DiskLabelChanged, mLabel);
- notifyEvent(ResponseCode::DiskSysPathChanged, mSysPath);
+ auto listener = VolumeManager::Instance()->getListener();
+ if (listener) listener->onDiskMetadataChanged(getId(),
+ mSize, mLabel, mSysPath);
+
return OK;
}
@@ -306,7 +312,10 @@
status_t res = ForkExecvp(cmd, output);
if (res != OK) {
LOG(WARNING) << "sgdisk failed to scan " << mDevPath;
- notifyEvent(ResponseCode::DiskScanned);
+
+ auto listener = VolumeManager::Instance()->getListener();
+ if (listener) listener->onDiskScanned(getId());
+
mJustPartitioned = false;
return res;
}
@@ -372,7 +381,9 @@
}
}
- notifyEvent(ResponseCode::DiskScanned);
+ auto listener = VolumeManager::Instance()->getListener();
+ if (listener) listener->onDiskScanned(getId());
+
mJustPartitioned = false;
return OK;
}
@@ -534,16 +545,6 @@
return OK;
}
-void Disk::notifyEvent(int event) {
- VolumeManager::Instance()->getBroadcaster()->sendBroadcast(event,
- getId().c_str(), false);
-}
-
-void Disk::notifyEvent(int event, const std::string& value) {
- VolumeManager::Instance()->getBroadcaster()->sendBroadcast(event,
- StringPrintf("%s %s", getId().c_str(), value.c_str()).c_str(), false);
-}
-
int Disk::getMaxMinors() {
// Figure out maximum partition devices supported
unsigned int majorId = major(mDevice);
@@ -554,7 +555,7 @@
LOG(ERROR) << "Failed to read max minors";
return -errno;
}
- return atoi(tmp.c_str());
+ return std::stoi(tmp);
}
case kMajorBlockScsiA: case kMajorBlockScsiB: case kMajorBlockScsiC: case kMajorBlockScsiD:
case kMajorBlockScsiE: case kMajorBlockScsiF: case kMajorBlockScsiG: case kMajorBlockScsiH:
@@ -570,7 +571,7 @@
LOG(ERROR) << "Failed to read max minors";
return -errno;
}
- return atoi(tmp.c_str());
+ return std::stoi(tmp);
}
default: {
if (isVirtioBlkDevice(majorId)) {
diff --git a/Disk.h b/model/Disk.h
similarity index 97%
rename from Disk.h
rename to model/Disk.h
index 77ec7df..63acf6a 100644
--- a/Disk.h
+++ b/model/Disk.h
@@ -79,9 +79,6 @@
status_t partitionPrivate();
status_t partitionMixed(int8_t ratio);
- void notifyEvent(int msg);
- void notifyEvent(int msg, const std::string& value);
-
private:
/* ID that uniquely references this disk */
std::string mId;
diff --git a/EmulatedVolume.cpp b/model/EmulatedVolume.cpp
similarity index 92%
rename from EmulatedVolume.cpp
rename to model/EmulatedVolume.cpp
index 21b290a..d40cf3f 100644
--- a/EmulatedVolume.cpp
+++ b/model/EmulatedVolume.cpp
@@ -21,6 +21,7 @@
#include <android-base/logging.h>
#include <cutils/fs.h>
#include <private/android_filesystem_config.h>
+#include <utils/Timers.h>
#include <fcntl.h>
#include <stdlib.h>
@@ -100,9 +101,16 @@
return -errno;
}
+ nsecs_t start = systemTime(SYSTEM_TIME_BOOTTIME);
while (before == GetDevice(mFuseWrite)) {
LOG(VERBOSE) << "Waiting for FUSE to spin up...";
usleep(50000); // 50ms
+
+ nsecs_t now = systemTime(SYSTEM_TIME_BOOTTIME);
+ if (nanoseconds_to_milliseconds(now - start) > 5000) {
+ LOG(WARNING) << "Timed out while waiting for FUSE to spin up";
+ return -ETIMEDOUT;
+ }
}
/* sdcardfs will have exited already. FUSE will still be running */
TEMP_FAILURE_RETRY(waitpid(mFusePid, nullptr, WNOHANG));
diff --git a/EmulatedVolume.h b/model/EmulatedVolume.h
similarity index 100%
rename from EmulatedVolume.h
rename to model/EmulatedVolume.h
diff --git a/model/ObbVolume.cpp b/model/ObbVolume.cpp
new file mode 100644
index 0000000..709c7a3
--- /dev/null
+++ b/model/ObbVolume.cpp
@@ -0,0 +1,130 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "fs/Vfat.h"
+#include "Devmapper.h"
+#include "Loop.h"
+#include "ObbVolume.h"
+#include "Utils.h"
+#include "VoldUtil.h"
+
+#include <android-base/logging.h>
+#include <android-base/stringprintf.h>
+#include <android-base/unique_fd.h>
+#include <cutils/fs.h>
+#include <private/android_filesystem_config.h>
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/sysmacros.h>
+#include <sys/wait.h>
+
+using android::base::StringPrintf;
+using android::base::unique_fd;
+
+namespace android {
+namespace vold {
+
+ObbVolume::ObbVolume(int id, const std::string& sourcePath, const std::string& sourceKey,
+ gid_t ownerGid) : VolumeBase(Type::kObb) {
+ setId(StringPrintf("obb:%d", id));
+ mSourcePath = sourcePath;
+ mSourceKey = sourceKey;
+ mOwnerGid = ownerGid;
+}
+
+ObbVolume::~ObbVolume() {
+}
+
+status_t ObbVolume::doCreate() {
+ if (Loop::create(mSourcePath, mLoopPath)) {
+ PLOG(ERROR) << getId() << " failed to create loop";
+ return -1;
+ }
+
+ if (!mSourceKey.empty()) {
+ unsigned long nr_sec = 0;
+ {
+ unique_fd loop_fd(open(mLoopPath.c_str(), O_RDWR | O_CLOEXEC));
+ if (loop_fd.get() == -1) {
+ PLOG(ERROR) << getId() << " failed to open loop";
+ return -1;
+ }
+
+ get_blkdev_size(loop_fd.get(), &nr_sec);
+ if (nr_sec == 0) {
+ PLOG(ERROR) << getId() << " failed to get loop size";
+ return -1;
+ }
+ }
+
+ char tmp[PATH_MAX];
+ if (Devmapper::create(getId().c_str(), mLoopPath.c_str(), mSourceKey.c_str(), nr_sec,
+ tmp, PATH_MAX)) {
+ PLOG(ERROR) << getId() << " failed to create dm";
+ return -1;
+ }
+ mDmPath = tmp;
+ mMountPath = mDmPath;
+ } else {
+ mMountPath = mLoopPath;
+ }
+ return OK;
+}
+
+status_t ObbVolume::doDestroy() {
+ if (!mDmPath.empty() && Devmapper::destroy(getId().c_str())) {
+ PLOG(WARNING) << getId() << " failed to destroy dm";
+ }
+ if (!mLoopPath.empty() && Loop::destroyByDevice(mLoopPath.c_str())) {
+ PLOG(WARNING) << getId() << " failed to destroy loop";
+ }
+ mDmPath.clear();
+ mLoopPath.clear();
+ return OK;
+}
+
+status_t ObbVolume::doMount() {
+ auto path = StringPrintf("/mnt/obb/%s", getId().c_str());
+ setPath(path);
+
+ if (fs_prepare_dir(path.c_str(), 0700, AID_ROOT, AID_ROOT)) {
+ PLOG(ERROR) << getId() << " failed to create mount point";
+ return -1;
+ }
+ if (android::vold::vfat::Mount(mMountPath, path,
+ true, false, true, 0, mOwnerGid, 0227, false)) {
+ PLOG(ERROR) << getId() << " failed to mount";
+ return -1;
+ }
+ return OK;
+}
+
+status_t ObbVolume::doUnmount() {
+ auto path = getPath();
+
+ KillProcessesUsingPath(path);
+ ForceUnmount(path);
+ rmdir(path.c_str());
+
+ return OK;
+}
+
+} // namespace vold
+} // namespace android
diff --git a/model/ObbVolume.h b/model/ObbVolume.h
new file mode 100644
index 0000000..5ec0cde
--- /dev/null
+++ b/model/ObbVolume.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ANDROID_VOLD_OBB_VOLUME_H
+#define ANDROID_VOLD_OBB_VOLUME_H
+
+#include "VolumeBase.h"
+
+#include <cutils/multiuser.h>
+
+namespace android {
+namespace vold {
+
+/*
+ * OBB container.
+ */
+class ObbVolume : public VolumeBase {
+public:
+ ObbVolume(int id, const std::string& sourcePath, const std::string& sourceKey,
+ gid_t ownerGid);
+ virtual ~ObbVolume();
+
+protected:
+ status_t doCreate() override;
+ status_t doDestroy() override;
+ status_t doMount() override;
+ status_t doUnmount() override;
+
+private:
+ std::string mSourcePath;
+ std::string mSourceKey;
+ gid_t mOwnerGid;
+
+ std::string mLoopPath;
+ std::string mDmPath;
+ std::string mMountPath;
+
+ DISALLOW_COPY_AND_ASSIGN(ObbVolume);
+};
+
+} // namespace vold
+} // namespace android
+
+#endif
diff --git a/PrivateVolume.cpp b/model/PrivateVolume.cpp
similarity index 96%
rename from PrivateVolume.cpp
rename to model/PrivateVolume.cpp
index e66e04d..3152313 100644
--- a/PrivateVolume.cpp
+++ b/model/PrivateVolume.cpp
@@ -20,7 +20,6 @@
#include "EmulatedVolume.h"
#include "Utils.h"
#include "VolumeManager.h"
-#include "ResponseCode.h"
#include "cryptfs.h"
#include <android-base/stringprintf.h>
@@ -55,9 +54,10 @@
status_t PrivateVolume::readMetadata() {
status_t res = ReadMetadata(mDmDevPath, mFsType, mFsUuid, mFsLabel);
- notifyEvent(ResponseCode::VolumeFsTypeChanged, mFsType);
- notifyEvent(ResponseCode::VolumeFsUuidChanged, mFsUuid);
- notifyEvent(ResponseCode::VolumeFsLabelChanged, mFsLabel);
+
+ auto listener = getListener();
+ if (listener) listener->onVolumeMetadataChanged(getId(), mFsType, mFsUuid, mFsLabel);
+
return res;
}
diff --git a/PrivateVolume.h b/model/PrivateVolume.h
similarity index 100%
rename from PrivateVolume.h
rename to model/PrivateVolume.h
diff --git a/PublicVolume.cpp b/model/PublicVolume.cpp
similarity index 93%
rename from PublicVolume.cpp
rename to model/PublicVolume.cpp
index f976c4a..f80f59e 100644
--- a/PublicVolume.cpp
+++ b/model/PublicVolume.cpp
@@ -18,12 +18,12 @@
#include "PublicVolume.h"
#include "Utils.h"
#include "VolumeManager.h"
-#include "ResponseCode.h"
#include <android-base/stringprintf.h>
#include <android-base/logging.h>
#include <cutils/fs.h>
#include <private/android_filesystem_config.h>
+#include <utils/Timers.h>
#include <fcntl.h>
#include <stdlib.h>
@@ -53,9 +53,10 @@
status_t PublicVolume::readMetadata() {
status_t res = ReadMetadataUntrusted(mDevPath, mFsType, mFsUuid, mFsLabel);
- notifyEvent(ResponseCode::VolumeFsTypeChanged, mFsType);
- notifyEvent(ResponseCode::VolumeFsUuidChanged, mFsUuid);
- notifyEvent(ResponseCode::VolumeFsLabelChanged, mFsLabel);
+
+ auto listener = getListener();
+ if (listener) listener->onVolumeMetadataChanged(getId(), mFsType, mFsUuid, mFsLabel);
+
return res;
}
@@ -186,9 +187,16 @@
return -errno;
}
+ nsecs_t start = systemTime(SYSTEM_TIME_BOOTTIME);
while (before == GetDevice(mFuseWrite)) {
LOG(VERBOSE) << "Waiting for FUSE to spin up...";
usleep(50000); // 50ms
+
+ nsecs_t now = systemTime(SYSTEM_TIME_BOOTTIME);
+ if (nanoseconds_to_milliseconds(now - start) > 5000) {
+ LOG(WARNING) << "Timed out while waiting for FUSE to spin up";
+ return -ETIMEDOUT;
+ }
}
/* sdcardfs will have exited already. FUSE will still be running */
TEMP_FAILURE_RETRY(waitpid(mFusePid, nullptr, WNOHANG));
diff --git a/PublicVolume.h b/model/PublicVolume.h
similarity index 100%
rename from PublicVolume.h
rename to model/PublicVolume.h
diff --git a/VolumeBase.cpp b/model/VolumeBase.cpp
similarity index 86%
rename from VolumeBase.cpp
rename to model/VolumeBase.cpp
index 3f27d87..429f134 100644
--- a/VolumeBase.cpp
+++ b/model/VolumeBase.cpp
@@ -17,7 +17,6 @@
#include "Utils.h"
#include "VolumeBase.h"
#include "VolumeManager.h"
-#include "ResponseCode.h"
#include <android-base/stringprintf.h>
#include <android-base/logging.h>
@@ -44,7 +43,9 @@
void VolumeBase::setState(State state) {
mState = state;
- notifyEvent(ResponseCode::VolumeStateChanged, StringPrintf("%d", mState));
+
+ auto listener = getListener();
+ if (listener) listener->onVolumeStateChanged(getId(), static_cast<int32_t>(mState));
}
status_t VolumeBase::setDiskId(const std::string& diskId) {
@@ -114,7 +115,10 @@
}
mPath = path;
- notifyEvent(ResponseCode::VolumePathChanged, mPath);
+
+ auto listener = getListener();
+ if (listener) listener->onVolumePathChanged(getId(), mPath);
+
return OK;
}
@@ -125,20 +129,19 @@
}
mInternalPath = internalPath;
- notifyEvent(ResponseCode::VolumeInternalPathChanged, mInternalPath);
+
+ auto listener = getListener();
+ if (listener) listener->onVolumeInternalPathChanged(getId(), mInternalPath);
+
return OK;
}
-void VolumeBase::notifyEvent(int event) {
- if (mSilent) return;
- VolumeManager::Instance()->getBroadcaster()->sendBroadcast(event,
- getId().c_str(), false);
-}
-
-void VolumeBase::notifyEvent(int event, const std::string& value) {
- if (mSilent) return;
- VolumeManager::Instance()->getBroadcaster()->sendBroadcast(event,
- StringPrintf("%s %s", getId().c_str(), value.c_str()).c_str(), false);
+android::sp<android::os::IVoldListener> VolumeBase::getListener() {
+ if (mSilent) {
+ return nullptr;
+ } else {
+ return VolumeManager::Instance()->getListener();
+ }
}
void VolumeBase::addVolume(const std::shared_ptr<VolumeBase>& volume) {
@@ -163,8 +166,11 @@
mCreated = true;
status_t res = doCreate();
- notifyEvent(ResponseCode::VolumeCreated,
- StringPrintf("%d \"%s\" \"%s\"", mType, mDiskId.c_str(), mPartGuid.c_str()));
+
+ auto listener = getListener();
+ if (listener) listener->onVolumeCreated(getId(),
+ static_cast<int32_t>(mType), mDiskId, mPartGuid);
+
setState(State::kUnmounted);
return res;
}
@@ -183,7 +189,10 @@
setState(State::kRemoved);
}
- notifyEvent(ResponseCode::VolumeDestroyed);
+
+ auto listener = getListener();
+ if (listener) listener->onVolumeDestroyed(getId());
+
status_t res = doDestroy();
mCreated = false;
return res;
diff --git a/VolumeBase.h b/model/VolumeBase.h
similarity index 97%
rename from VolumeBase.h
rename to model/VolumeBase.h
index d417019..4aa8b02 100644
--- a/VolumeBase.h
+++ b/model/VolumeBase.h
@@ -17,6 +17,7 @@
#ifndef ANDROID_VOLD_VOLUME_BASE_H
#define ANDROID_VOLD_VOLUME_BASE_H
+#include "android/os/IVoldListener.h"
#include "Utils.h"
#include <cutils/multiuser.h>
@@ -114,8 +115,7 @@
status_t setPath(const std::string& path);
status_t setInternalPath(const std::string& internalPath);
- void notifyEvent(int msg);
- void notifyEvent(int msg, const std::string& value);
+ android::sp<android::os::IVoldListener> getListener();
private:
/* ID that uniquely references volume while alive */
diff --git a/tests/Android.mk b/tests/Android.mk
index 4b6573e..3127352 100644
--- a/tests/Android.mk
+++ b/tests/Android.mk
@@ -5,11 +5,15 @@
LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
LOCAL_C_INCLUDES := \
- system/core/fs_mgr/include
+ system/core/fs_mgr/include \
+ system/vold/
-LOCAL_STATIC_LIBRARIES := libselinux libvold liblog libcrypto
+LOCAL_STATIC_LIBRARIES := libbase libselinux libvold liblog libcrypto
-LOCAL_SRC_FILES := VolumeManager_test.cpp
+LOCAL_SRC_FILES := \
+ cryptfs_test.cpp \
+ VolumeManager_test.cpp \
+
LOCAL_MODULE := vold_tests
LOCAL_MODULE_TAGS := eng tests
diff --git a/tests/VolumeManager_test.cpp b/tests/VolumeManager_test.cpp
index c0c1fa5..f661d49 100644
--- a/tests/VolumeManager_test.cpp
+++ b/tests/VolumeManager_test.cpp
@@ -34,31 +34,4 @@
}
};
-TEST_F(VolumeManagerTest, AsecHashTests) {
- char buffer[MD5_ASCII_LENGTH_PLUS_NULL];
- char* dst = reinterpret_cast<char*>(&buffer);
-
- const char* src1 = "";
- const char* exp1 = "d41d8cd98f00b204e9800998ecf8427e";
-
- EXPECT_TRUE(VolumeManager::asecHash(exp1, (char*)NULL, sizeof(buffer)) == NULL && errno == ESPIPE)
- << "Should return NULL and set errno to ESPIPE when destination buffer is NULL";
- EXPECT_TRUE(VolumeManager::asecHash(exp1, dst, 0) == NULL && errno == ESPIPE)
- << "Should return NULL and set errno to ESPIPE when destination buffer length is 0";
- EXPECT_TRUE(VolumeManager::asecHash((const char*)NULL, dst, sizeof(buffer)) == NULL && errno == ESPIPE)
- << "Should return NULL and set errno to ESPIPE when source buffer is NULL";
-
- EXPECT_FALSE(VolumeManager::asecHash(src1, dst, sizeof(buffer)) == NULL)
- << "Should not return NULL on valid source, destination, and destination size";
- EXPECT_STREQ(exp1, dst)
- << "MD5 summed output should match";
-
- const char* src2 = "android";
- const char* exp2 = "c31b32364ce19ca8fcd150a417ecce58";
- EXPECT_FALSE(VolumeManager::asecHash(src2, dst, sizeof(buffer)) == NULL)
- << "Should not return NULL on valid source, destination, and destination size";
- EXPECT_STREQ(exp2, dst)
- << "MD5 summed output should match";
-}
-
}
diff --git a/tests/cryptfs_test.cpp b/tests/cryptfs_test.cpp
new file mode 100644
index 0000000..6875c0f
--- /dev/null
+++ b/tests/cryptfs_test.cpp
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <gtest/gtest.h>
+
+#include "../cryptfs.h"
+
+namespace android {
+
+class CryptfsTest : public testing::Test {
+protected:
+ virtual void SetUp() {
+ }
+
+ virtual void TearDown() {
+ }
+};
+
+TEST_F(CryptfsTest, MatchMultiEntryTest) {
+ ASSERT_NE(0, match_multi_entry("foo", "foo", 0));
+ ASSERT_NE(0, match_multi_entry("foo_0", "foo", 0));
+ ASSERT_NE(0, match_multi_entry("foo_1", "foo", 0));
+ ASSERT_NE(0, match_multi_entry("foo_2", "foo", 0));
+
+ ASSERT_EQ(0, match_multi_entry("foo", "foo", 1));
+ ASSERT_EQ(0, match_multi_entry("foo_0", "foo", 1));
+ ASSERT_NE(0, match_multi_entry("foo_1", "foo", 1));
+ ASSERT_NE(0, match_multi_entry("foo_2", "foo", 1));
+
+ ASSERT_EQ(0, match_multi_entry("foo", "foo", 2));
+ ASSERT_EQ(0, match_multi_entry("foo_0", "foo", 2));
+ ASSERT_EQ(0, match_multi_entry("foo_1", "foo", 2));
+ ASSERT_NE(0, match_multi_entry("foo_2", "foo", 2));
+
+ ASSERT_EQ(0, match_multi_entry("food", "foo", 0));
+ ASSERT_EQ(0, match_multi_entry("foo", "food", 0));
+ ASSERT_EQ(0, match_multi_entry("foo", "bar", 0));
+ ASSERT_EQ(0, match_multi_entry("foo_2", "bar", 0));
+}
+
+}
diff --git a/vdc.cpp b/vdc.cpp
index 7ab5fcc..4e0c3a9 100644
--- a/vdc.cpp
+++ b/vdc.cpp
@@ -24,31 +24,44 @@
#include <stdlib.h>
#include <poll.h>
-#include <sys/socket.h>
#include <sys/select.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/un.h>
+#include "android/os/IVold.h"
+
#include <android-base/logging.h>
#include <android-base/stringprintf.h>
+#include <binder/IServiceManager.h>
-#include <cutils/sockets.h>
#include <private/android_filesystem_config.h>
static void usage(char *progname);
-static int do_monitor(int sock, int stop_after_cmd);
-static int do_cmd(int sock, int argc, char **argv);
-static constexpr int kCommandTimeoutMs = 20 * 1000;
+static android::sp<android::IBinder> getServiceAggressive() {
+ android::sp<android::IBinder> res;
+ auto sm = android::defaultServiceManager();
+ auto name = android::String16("vold");
+ for (int i = 0; i < 500; i++) {
+ res = sm->checkService(name);
+ if (res) {
+ LOG(VERBOSE) << "Waited " << (i * 10) << "ms for vold";
+ break;
+ }
+ usleep(10000); // 10ms
+ }
+ return res;
+}
int main(int argc, char **argv) {
int sock;
- int wait_for_socket;
+ int wait;
char *progname;
progname = argv[0];
+ setenv("ANDROID_LOG_TAGS", "*:v", 1);
if (getppid() == 1) {
// If init is calling us then it's during boot and we should log to kmsg
android::base::InitLogging(argv, &android::base::KernelLogger);
@@ -56,126 +69,46 @@
android::base::InitLogging(argv, &android::base::StderrLogger);
}
- wait_for_socket = argc > 1 && strcmp(argv[1], "--wait") == 0;
- if (wait_for_socket) {
+ wait = argc > 1 && strcmp(argv[1], "--wait") == 0;
+ if (wait) {
argv++;
argc--;
}
- if (argc < 2) {
+ if (argc < 3) {
usage(progname);
exit(5);
}
- const char* sockname = "vold";
- if (!strcmp(argv[1], "cryptfs")) {
- sockname = "cryptd";
- }
+ std::string arg1 = argv[1];
+ std::string arg2 = argv[2];
- while ((sock = socket_local_client(sockname,
- ANDROID_SOCKET_NAMESPACE_RESERVED,
- SOCK_STREAM)) < 0) {
- if (!wait_for_socket) {
- PLOG(ERROR) << "Error connecting to " << sockname;
- exit(4);
- } else {
- usleep(10000);
- }
+ android::sp<android::IBinder> binder = getServiceAggressive();
+ if (!binder) {
+ LOG(ERROR) << "Failed to obtain vold Binder";
+ exit(EINVAL);
}
+ auto vold = android::interface_cast<android::os::IVold>(binder);
- if (!strcmp(argv[1], "monitor")) {
- exit(do_monitor(sock, 0));
+ if (arg1 == "cryptfs" && arg2 == "enablefilecrypto") {
+ exit(vold->fbeEnable().isOk() ? 0 : ENOTTY);
+ } else if (arg1 == "cryptfs" && arg2 == "init_user0") {
+ exit(vold->initUser0().isOk() ? 0 : ENOTTY);
+ } else if (arg1 == "cryptfs" && arg2 == "enablecrypto") {
+ int passwordType = android::os::IVold::PASSWORD_TYPE_DEFAULT;
+ int encryptionFlags = android::os::IVold::ENCRYPTION_FLAG_IN_PLACE
+ | android::os::IVold::ENCRYPTION_FLAG_NO_UI;
+ exit(vold->fdeEnable(passwordType, "", encryptionFlags).isOk() ? 0 : ENOTTY);
+ } else if (arg1 == "cryptfs" && arg2 == "mountdefaultencrypted") {
+ exit(vold->mountDefaultEncrypted().isOk() ? 0 : ENOTTY);
+ } else if (arg1 == "volume" && arg2 == "shutdown") {
+ exit(vold->shutdown().isOk() ? 0 : ENOTTY);
} else {
- exit(do_cmd(sock, argc, argv));
+ LOG(ERROR) << "Raw commands are no longer supported";
+ exit(EINVAL);
}
}
-static int do_cmd(int sock, int argc, char **argv) {
- int seq = getpid();
-
- std::string cmd(android::base::StringPrintf("%d ", seq));
- for (int i = 1; i < argc; i++) {
- if (!strchr(argv[i], ' ')) {
- cmd.append(argv[i]);
- } else {
- cmd.push_back('\"');
- cmd.append(argv[i]);
- cmd.push_back('\"');
- }
-
- if (i < argc - 1) {
- cmd.push_back(' ');
- }
- }
-
- if (TEMP_FAILURE_RETRY(write(sock, cmd.c_str(), cmd.length() + 1)) < 0) {
- PLOG(ERROR) << "Failed to write command";
- return errno;
- }
-
- return do_monitor(sock, seq);
-}
-
-static int do_monitor(int sock, int stop_after_seq) {
- char buffer[4096];
- int timeout = kCommandTimeoutMs;
-
- if (stop_after_seq == 0) {
- LOG(INFO) << "Connected to vold";
- timeout = -1;
- }
-
- while (1) {
- struct pollfd poll_sock = { sock, POLLIN, 0 };
- int rc = TEMP_FAILURE_RETRY(poll(&poll_sock, 1, timeout));
- if (rc == 0) {
- LOG(ERROR) << "Timeout waiting for " << stop_after_seq;
- return ETIMEDOUT;
- } else if (rc < 0) {
- PLOG(ERROR) << "Failed during poll";
- return errno;
- }
-
- if (!(poll_sock.revents & POLLIN)) {
- LOG(INFO) << "No data; trying again";
- continue;
- }
-
- memset(buffer, 0, sizeof(buffer));
- rc = TEMP_FAILURE_RETRY(read(sock, buffer, sizeof(buffer)));
- if (rc == 0) {
- LOG(ERROR) << "Lost connection, did vold crash?";
- return ECONNRESET;
- } else if (rc < 0) {
- PLOG(ERROR) << "Error reading data";
- return errno;
- }
-
- int offset = 0;
- for (int i = 0; i < rc; i++) {
- if (buffer[i] == '\0') {
- char* res = buffer + offset;
- fprintf(stdout, "%s\n", res);
-
- int code = atoi(strtok(res, " "));
- if (code >= 200 && code < 600) {
- int seq = atoi(strtok(nullptr, " "));
- if (seq == stop_after_seq) {
- if (code == 200) {
- return 0;
- } else {
- return code;
- }
- }
- }
-
- offset = i + 1;
- }
- }
- }
- return EIO;
-}
-
static void usage(char *progname) {
LOG(INFO) << "Usage: " << progname << " [--wait] <monitor>|<cmd> [arg1] [arg2...]";
}
diff --git a/vold.rc b/vold.rc
index 87e2fd8..c27aeda 100644
--- a/vold.rc
+++ b/vold.rc
@@ -2,9 +2,6 @@
--blkid_context=u:r:blkid:s0 --blkid_untrusted_context=u:r:blkid_untrusted:s0 \
--fsck_context=u:r:fsck:s0 --fsck_untrusted_context=u:r:fsck_untrusted:s0
class core
- socket vold stream 0660 root mount
- socket cryptd stream 0660 root mount
ioprio be 2
writepid /dev/cpuset/foreground/tasks
shutdown critical
-