1 /*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "EmulatedVolume.h"
18
19 #include "AppFuseUtil.h"
20 #include "Utils.h"
21 #include "VolumeManager.h"
22
23 #include <android-base/logging.h>
24 #include <android-base/properties.h>
25 #include <android-base/scopeguard.h>
26 #include <android-base/stringprintf.h>
27 #include <cutils/fs.h>
28 #include <private/android_filesystem_config.h>
29 #include <utils/Timers.h>
30
31 #include <fcntl.h>
32 #include <stdlib.h>
33 #include <sys/mount.h>
34 #include <sys/stat.h>
35 #include <sys/sysmacros.h>
36 #include <sys/types.h>
37 #include <sys/wait.h>
38
39 using android::base::StringPrintf;
40
41 namespace android {
42 namespace vold {
43
44 static const char* kSdcardFsPath = "/system/bin/sdcard";
45
EmulatedVolume(const std::string & rawPath,int userId)46 EmulatedVolume::EmulatedVolume(const std::string& rawPath, int userId)
47 : VolumeBase(Type::kEmulated) {
48 setId(StringPrintf("emulated;%u", userId));
49 mRawPath = rawPath;
50 mLabel = "emulated";
51 mFuseMounted = false;
52 mFuseBpfEnabled = IsFuseBpfEnabled();
53 mUseSdcardFs = IsSdcardfsUsed();
54 mAppDataIsolationEnabled = base::GetBoolProperty(kVoldAppDataIsolationEnabled, false);
55 }
56
EmulatedVolume(const std::string & rawPath,dev_t device,const std::string & fsUuid,int userId)57 EmulatedVolume::EmulatedVolume(const std::string& rawPath, dev_t device, const std::string& fsUuid,
58 int userId)
59 : VolumeBase(Type::kEmulated) {
60 setId(StringPrintf("emulated:%u,%u;%u", major(device), minor(device), userId));
61 mRawPath = rawPath;
62 mLabel = fsUuid;
63 mFuseMounted = false;
64 mFuseBpfEnabled = IsFuseBpfEnabled();
65 mUseSdcardFs = IsSdcardfsUsed();
66 mAppDataIsolationEnabled = base::GetBoolProperty(kVoldAppDataIsolationEnabled, false);
67 }
68
~EmulatedVolume()69 EmulatedVolume::~EmulatedVolume() {}
70
getLabel()71 std::string EmulatedVolume::getLabel() {
72 // We could have migrated storage to an adopted private volume, so always
73 // call primary storage "emulated" to avoid media rescans.
74 if (getMountFlags() & MountFlags::kPrimary) {
75 return "emulated";
76 } else {
77 return mLabel;
78 }
79 }
80
81 // Creates a bind mount from source to target
doFuseBindMount(const std::string & source,const std::string & target,std::list<std::string> & pathsToUnmount)82 static status_t doFuseBindMount(const std::string& source, const std::string& target,
83 std::list<std::string>& pathsToUnmount) {
84 LOG(INFO) << "Bind mounting " << source << " on " << target;
85 auto status = BindMount(source, target);
86 if (status != OK) {
87 return status;
88 }
89 LOG(INFO) << "Bind mounted " << source << " on " << target;
90 pathsToUnmount.push_front(target);
91 return OK;
92 }
93
mountFuseBindMounts()94 status_t EmulatedVolume::mountFuseBindMounts() {
95 std::string androidSource;
96 std::string label = getLabel();
97 int userId = getMountUserId();
98 std::list<std::string> pathsToUnmount;
99
100 auto unmounter = [&]() {
101 LOG(INFO) << "mountFuseBindMounts() unmount scope_guard running";
102 for (const auto& path : pathsToUnmount) {
103 LOG(INFO) << "Unmounting " << path;
104 auto status = UnmountTree(path);
105 if (status != OK) {
106 LOG(INFO) << "Failed to unmount " << path;
107 } else {
108 LOG(INFO) << "Unmounted " << path;
109 }
110 }
111 };
112 auto unmount_guard = android::base::make_scope_guard(unmounter);
113
114 if (mUseSdcardFs) {
115 androidSource = StringPrintf("/mnt/runtime/default/%s/%d/Android", label.c_str(), userId);
116 } else {
117 androidSource = StringPrintf("/%s/%d/Android", mRawPath.c_str(), userId);
118 }
119
120 status_t status = OK;
121 // Zygote will unmount these dirs if app data isolation is enabled, so apps
122 // cannot access these dirs directly.
123 std::string androidDataSource = StringPrintf("%s/data", androidSource.c_str());
124 std::string androidDataTarget(
125 StringPrintf("/mnt/user/%d/%s/%d/Android/data", userId, label.c_str(), userId));
126 status = doFuseBindMount(androidDataSource, androidDataTarget, pathsToUnmount);
127 if (status != OK) {
128 return status;
129 }
130
131 std::string androidObbSource = StringPrintf("%s/obb", androidSource.c_str());
132 std::string androidObbTarget(
133 StringPrintf("/mnt/user/%d/%s/%d/Android/obb", userId, label.c_str(), userId));
134 status = doFuseBindMount(androidObbSource, androidObbTarget, pathsToUnmount);
135 if (status != OK) {
136 return status;
137 }
138
139 // Installers get the same view as all other apps, with the sole exception that the
140 // OBB dirs (Android/obb) are writable to them. On sdcardfs devices, this requires
141 // a special bind mount, since app-private and OBB dirs share the same GID, but we
142 // only want to give access to the latter.
143 if (mUseSdcardFs) {
144 std::string obbSource(StringPrintf("/mnt/runtime/write/%s/%d/Android/obb",
145 label.c_str(), userId));
146 std::string obbInstallerTarget(StringPrintf("/mnt/installer/%d/%s/%d/Android/obb",
147 userId, label.c_str(), userId));
148
149 status = doFuseBindMount(obbSource, obbInstallerTarget, pathsToUnmount);
150 if (status != OK) {
151 return status;
152 }
153 }
154
155 unmount_guard.Disable();
156 return OK;
157 }
158
unmountFuseBindMounts()159 status_t EmulatedVolume::unmountFuseBindMounts() {
160 std::string label = getLabel();
161 int userId = getMountUserId();
162
163 if (mUseSdcardFs || mAppDataIsolationEnabled) {
164 std::string installerTarget(
165 StringPrintf("/mnt/installer/%d/%s/%d/Android/obb", userId, label.c_str(), userId));
166 LOG(INFO) << "Unmounting " << installerTarget;
167 auto status = UnmountTree(installerTarget);
168 if (status != OK) {
169 LOG(ERROR) << "Failed to unmount " << installerTarget;
170 // Intentional continue to try to unmount the other bind mount
171 }
172 }
173 if (mAppDataIsolationEnabled) {
174 std::string obbTarget( StringPrintf("/mnt/androidwritable/%d/%s/%d/Android/obb",
175 userId, label.c_str(), userId));
176 LOG(INFO) << "Unmounting " << obbTarget;
177 auto status = UnmountTree(obbTarget);
178 if (status != OK) {
179 LOG(ERROR) << "Failed to unmount " << obbTarget;
180 // Intentional continue to try to unmount the other bind mount
181 }
182 std::string dataTarget(StringPrintf("/mnt/androidwritable/%d/%s/%d/Android/data",
183 userId, label.c_str(), userId));
184 LOG(INFO) << "Unmounting " << dataTarget;
185 status = UnmountTree(dataTarget);
186 if (status != OK) {
187 LOG(ERROR) << "Failed to unmount " << dataTarget;
188 // Intentional continue to try to unmount the other bind mount
189 }
190 }
191
192 // When app data isolation is enabled, kill all apps that obb/ is mounted, otherwise we should
193 // umount the whole Android/ dir.
194 if (mAppDataIsolationEnabled) {
195 std::string appObbDir(StringPrintf("%s/%d/Android/obb", getPath().c_str(), userId));
196 // Here we assume obb/data dirs is mounted as tmpfs, then it must be caused by
197 // app data isolation.
198 KillProcessesWithTmpfsMountPrefix(appObbDir);
199 }
200
201 // Always unmount data and obb dirs as they are mounted to lowerfs for speeding up access.
202 std::string androidDataTarget(
203 StringPrintf("/mnt/user/%d/%s/%d/Android/data", userId, label.c_str(), userId));
204
205 LOG(INFO) << "Unmounting " << androidDataTarget;
206 auto status = UnmountTree(androidDataTarget);
207 if (status != OK) {
208 return status;
209 }
210 LOG(INFO) << "Unmounted " << androidDataTarget;
211
212 std::string androidObbTarget(
213 StringPrintf("/mnt/user/%d/%s/%d/Android/obb", userId, label.c_str(), userId));
214
215 LOG(INFO) << "Unmounting " << androidObbTarget;
216 status = UnmountTree(androidObbTarget);
217 if (status != OK) {
218 return status;
219 }
220 LOG(INFO) << "Unmounted " << androidObbTarget;
221 return OK;
222 }
223
unmountSdcardFs()224 status_t EmulatedVolume::unmountSdcardFs() {
225 if (!mUseSdcardFs || getMountUserId() != 0) {
226 // For sdcardfs, only unmount for user 0, since user 0 will always be running
227 // and the paths don't change for different users.
228 return OK;
229 }
230
231 ForceUnmount(mSdcardFsDefault);
232 ForceUnmount(mSdcardFsRead);
233 ForceUnmount(mSdcardFsWrite);
234 ForceUnmount(mSdcardFsFull);
235
236 rmdir(mSdcardFsDefault.c_str());
237 rmdir(mSdcardFsRead.c_str());
238 rmdir(mSdcardFsWrite.c_str());
239 rmdir(mSdcardFsFull.c_str());
240
241 mSdcardFsDefault.clear();
242 mSdcardFsRead.clear();
243 mSdcardFsWrite.clear();
244 mSdcardFsFull.clear();
245
246 return OK;
247 }
248
doMount()249 status_t EmulatedVolume::doMount() {
250 std::string label = getLabel();
251 bool isVisible = isVisibleForWrite();
252
253 mSdcardFsDefault = StringPrintf("/mnt/runtime/default/%s", label.c_str());
254 mSdcardFsRead = StringPrintf("/mnt/runtime/read/%s", label.c_str());
255 mSdcardFsWrite = StringPrintf("/mnt/runtime/write/%s", label.c_str());
256 mSdcardFsFull = StringPrintf("/mnt/runtime/full/%s", label.c_str());
257
258 setInternalPath(mRawPath);
259 setPath(StringPrintf("/storage/%s", label.c_str()));
260
261 if (fs_prepare_dir(mSdcardFsDefault.c_str(), 0700, AID_ROOT, AID_ROOT) ||
262 fs_prepare_dir(mSdcardFsRead.c_str(), 0700, AID_ROOT, AID_ROOT) ||
263 fs_prepare_dir(mSdcardFsWrite.c_str(), 0700, AID_ROOT, AID_ROOT) ||
264 fs_prepare_dir(mSdcardFsFull.c_str(), 0700, AID_ROOT, AID_ROOT)) {
265 PLOG(ERROR) << getId() << " failed to create mount points";
266 return -errno;
267 }
268
269 dev_t before = GetDevice(mSdcardFsFull);
270
271 // Mount sdcardfs regardless of FUSE, since we need it to bind-mount on top of the
272 // FUSE volume for various reasons.
273 if (mUseSdcardFs && getMountUserId() == 0) {
274 LOG(INFO) << "Executing sdcardfs";
275 int sdcardFsPid;
276 if (!(sdcardFsPid = fork())) {
277 // clang-format off
278 if (execl(kSdcardFsPath, kSdcardFsPath,
279 "-u", "1023", // AID_MEDIA_RW
280 "-g", "1023", // AID_MEDIA_RW
281 "-m",
282 "-w",
283 "-G",
284 "-i",
285 "-o",
286 mRawPath.c_str(),
287 label.c_str(),
288 NULL)) {
289 // clang-format on
290 PLOG(ERROR) << "Failed to exec";
291 }
292
293 LOG(ERROR) << "sdcardfs exiting";
294 _exit(1);
295 }
296
297 if (sdcardFsPid == -1) {
298 PLOG(ERROR) << getId() << " failed to fork";
299 return -errno;
300 }
301
302 nsecs_t start = systemTime(SYSTEM_TIME_BOOTTIME);
303 while (before == GetDevice(mSdcardFsFull)) {
304 LOG(DEBUG) << "Waiting for sdcardfs to spin up...";
305 usleep(50000); // 50ms
306
307 nsecs_t now = systemTime(SYSTEM_TIME_BOOTTIME);
308 if (nanoseconds_to_milliseconds(now - start) > 5000) {
309 LOG(WARNING) << "Timed out while waiting for sdcardfs to spin up";
310 return -ETIMEDOUT;
311 }
312 }
313 /* sdcardfs will have exited already. The filesystem will still be running */
314 TEMP_FAILURE_RETRY(waitpid(sdcardFsPid, nullptr, 0));
315 sdcardFsPid = 0;
316 }
317
318 if (isVisible) {
319 // Make sure we unmount sdcardfs if we bail out with an error below
320 auto sdcardfs_unmounter = [&]() {
321 LOG(INFO) << "sdcardfs_unmounter scope_guard running";
322 unmountSdcardFs();
323 };
324 auto sdcardfs_guard = android::base::make_scope_guard(sdcardfs_unmounter);
325
326 LOG(INFO) << "Mounting emulated fuse volume";
327 android::base::unique_fd fd;
328 int user_id = getMountUserId();
329 auto volumeRoot = getRootPath();
330
331 // Make sure Android/ dirs exist for bind mounting
332 status_t res = PrepareAndroidDirs(volumeRoot);
333 if (res != OK) {
334 LOG(ERROR) << "Failed to prepare Android/ directories";
335 return res;
336 }
337
338 res = MountUserFuse(user_id, getInternalPath(), label, &fd);
339 if (res != 0) {
340 PLOG(ERROR) << "Failed to mount emulated fuse volume";
341 return res;
342 }
343
344 mFuseMounted = true;
345 auto fuse_unmounter = [&]() {
346 LOG(INFO) << "fuse_unmounter scope_guard running";
347 fd.reset();
348 if (UnmountUserFuse(user_id, getInternalPath(), label) != OK) {
349 PLOG(INFO) << "UnmountUserFuse failed on emulated fuse volume";
350 }
351 mFuseMounted = false;
352 };
353 auto fuse_guard = android::base::make_scope_guard(fuse_unmounter);
354
355 auto callback = getMountCallback();
356 if (callback) {
357 bool is_ready = false;
358 callback->onVolumeChecking(std::move(fd), getPath(), getInternalPath(), &is_ready);
359 if (!is_ready) {
360 return -EIO;
361 }
362 }
363
364 if (!mFuseBpfEnabled) {
365 // Only do the bind-mounts when we know for sure the FUSE daemon can resolve the path.
366 res = mountFuseBindMounts();
367 if (res != OK) {
368 return res;
369 }
370 }
371
372 ConfigureReadAheadForFuse(GetFuseMountPathForUser(user_id, label), 256u);
373
374 // By default, FUSE has a max_dirty ratio of 1%. This means that out of
375 // all dirty pages in the system, only 1% is allowed to belong to any
376 // FUSE filesystem. The reason this is in place is that FUSE
377 // filesystems shouldn't be trusted by default; a FUSE filesystem could
378 // take up say 100% of dirty pages, and subsequently refuse to write
379 // them back to storage. The kernel will then apply rate-limiting, and
380 // block other tasks from writing. For this particular FUSE filesystem
381 // however, we trust the implementation, because it is a part of the
382 // Android platform. So use the default ratio of 100%.
383 //
384 // The reason we're setting this is that there's a suspicion that the
385 // kernel starts rate-limiting the FUSE filesystem under extreme
386 // memory pressure scenarios. While the kernel will only rate limit if
387 // the writeback can't keep up with the write rate, under extreme
388 // memory pressure the write rate may dip as well, in which case FUSE
389 // writes to a 1% max_ratio filesystem are throttled to an extreme amount.
390 //
391 // To prevent this, just give FUSE 40% max_ratio, meaning it can take
392 // up to 40% of all dirty pages in the system.
393 ConfigureMaxDirtyRatioForFuse(GetFuseMountPathForUser(user_id, label), 40u);
394
395 // All mounts where successful, disable scope guards
396 sdcardfs_guard.Disable();
397 fuse_guard.Disable();
398 }
399
400 return OK;
401 }
402
doUnmount()403 status_t EmulatedVolume::doUnmount() {
404 int userId = getMountUserId();
405
406 // Kill all processes using the filesystem before we unmount it. If we
407 // unmount the filesystem first, most file system operations will return
408 // ENOTCONN until the unmount completes. This is an exotic and unusual
409 // error code and might cause broken behaviour in applications.
410 if (mFuseMounted) {
411 // For FUSE specifically, we have an emulated volume per user, so only kill
412 // processes using files from this particular user.
413 std::string user_path(StringPrintf("%s/%d", getPath().c_str(), getMountUserId()));
414 LOG(INFO) << "Killing all processes referencing " << user_path;
415 KillProcessesUsingPath(user_path);
416 } else {
417 KillProcessesUsingPath(getPath());
418 }
419
420 if (mFuseMounted) {
421 std::string label = getLabel();
422
423 if (!mFuseBpfEnabled) {
424 // Ignoring unmount return status because we do want to try to
425 // unmount the rest cleanly.
426 unmountFuseBindMounts();
427 }
428
429 if (UnmountUserFuse(userId, getInternalPath(), label) != OK) {
430 PLOG(INFO) << "UnmountUserFuse failed on emulated fuse volume";
431 return -errno;
432 }
433
434 mFuseMounted = false;
435 }
436
437 return unmountSdcardFs();
438 }
439
getRootPath() const440 std::string EmulatedVolume::getRootPath() const {
441 int user_id = getMountUserId();
442 std::string volumeRoot = StringPrintf("%s/%d", getInternalPath().c_str(), user_id);
443
444 return volumeRoot;
445 }
446
447 } // namespace vold
448 } // namespace android
449