1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <stdlib.h>
18 #include <string.h>
19 #include <dirent.h>
20 #include <errno.h>
21 #include <fcntl.h>
22
23 #include <sys/types.h>
24 #include <sys/stat.h>
25 #include <sys/types.h>
26 #include <sys/mman.h>
27 #include <sys/mount.h>
28 #include <sys/param.h>
29
30 #include <linux/kdev_t.h>
31
32 #include <cutils/properties.h>
33
34 #include <diskconfig/diskconfig.h>
35
36 #include <private/android_filesystem_config.h>
37
38 #define LOG_TAG "Vold"
39
40 #include <cutils/fs.h>
41 #include <cutils/log.h>
42
43 #include <string>
44
45 #include "Volume.h"
46 #include "VolumeManager.h"
47 #include "ResponseCode.h"
48 #include "Fat.h"
49 #include "Process.h"
50 #include "cryptfs.h"
51
52 extern "C" void dos_partition_dec(void const *pp, struct dos_partition *d);
53 extern "C" void dos_partition_enc(void *pp, struct dos_partition *d);
54
55
56 /*
57 * Media directory - stuff that only media_rw user can see
58 */
59 const char *Volume::MEDIA_DIR = "/mnt/media_rw";
60
61 /*
62 * Fuse directory - location where fuse wrapped filesystems go
63 */
64 const char *Volume::FUSE_DIR = "/storage";
65
66 /*
67 * Path to external storage where *only* root can access ASEC image files
68 */
69 const char *Volume::SEC_ASECDIR_EXT = "/mnt/secure/asec";
70
71 /*
72 * Path to internal storage where *only* root can access ASEC image files
73 */
74 const char *Volume::SEC_ASECDIR_INT = "/data/app-asec";
75
76 /*
77 * Path to where secure containers are mounted
78 */
79 const char *Volume::ASECDIR = "/mnt/asec";
80
81 /*
82 * Path to where OBBs are mounted
83 */
84 const char *Volume::LOOPDIR = "/mnt/obb";
85
86 const char *Volume::BLKID_PATH = "/system/bin/blkid";
87
stateToStr(int state)88 static const char *stateToStr(int state) {
89 if (state == Volume::State_Init)
90 return "Initializing";
91 else if (state == Volume::State_NoMedia)
92 return "No-Media";
93 else if (state == Volume::State_Idle)
94 return "Idle-Unmounted";
95 else if (state == Volume::State_Pending)
96 return "Pending";
97 else if (state == Volume::State_Mounted)
98 return "Mounted";
99 else if (state == Volume::State_Unmounting)
100 return "Unmounting";
101 else if (state == Volume::State_Checking)
102 return "Checking";
103 else if (state == Volume::State_Formatting)
104 return "Formatting";
105 else if (state == Volume::State_Shared)
106 return "Shared-Unmounted";
107 else if (state == Volume::State_SharedMnt)
108 return "Shared-Mounted";
109 else
110 return "Unknown-Error";
111 }
112
Volume(VolumeManager * vm,const fstab_rec * rec,int flags)113 Volume::Volume(VolumeManager *vm, const fstab_rec* rec, int flags) {
114 mVm = vm;
115 mDebug = false;
116 mLabel = strdup(rec->label);
117 mUuid = NULL;
118 mUserLabel = NULL;
119 mState = Volume::State_Init;
120 mFlags = flags;
121 mCurrentlyMountedKdev = -1;
122 mPartIdx = rec->partnum;
123 mRetryMount = false;
124 }
125
~Volume()126 Volume::~Volume() {
127 free(mLabel);
128 free(mUuid);
129 free(mUserLabel);
130 }
131
setDebug(bool enable)132 void Volume::setDebug(bool enable) {
133 mDebug = enable;
134 }
135
getDiskDevice()136 dev_t Volume::getDiskDevice() {
137 return MKDEV(0, 0);
138 };
139
getShareDevice()140 dev_t Volume::getShareDevice() {
141 return getDiskDevice();
142 }
143
handleVolumeShared()144 void Volume::handleVolumeShared() {
145 }
146
handleVolumeUnshared()147 void Volume::handleVolumeUnshared() {
148 }
149
handleBlockEvent(NetlinkEvent * evt)150 int Volume::handleBlockEvent(NetlinkEvent *evt) {
151 errno = ENOSYS;
152 return -1;
153 }
154
setUuid(const char * uuid)155 void Volume::setUuid(const char* uuid) {
156 char msg[256];
157
158 if (mUuid) {
159 free(mUuid);
160 }
161
162 if (uuid) {
163 mUuid = strdup(uuid);
164 snprintf(msg, sizeof(msg), "%s %s \"%s\"", getLabel(),
165 getFuseMountpoint(), mUuid);
166 } else {
167 mUuid = NULL;
168 snprintf(msg, sizeof(msg), "%s %s", getLabel(), getFuseMountpoint());
169 }
170
171 mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeUuidChange, msg,
172 false);
173 }
174
setUserLabel(const char * userLabel)175 void Volume::setUserLabel(const char* userLabel) {
176 char msg[256];
177
178 if (mUserLabel) {
179 free(mUserLabel);
180 }
181
182 if (userLabel) {
183 mUserLabel = strdup(userLabel);
184 snprintf(msg, sizeof(msg), "%s %s \"%s\"", getLabel(),
185 getFuseMountpoint(), mUserLabel);
186 } else {
187 mUserLabel = NULL;
188 snprintf(msg, sizeof(msg), "%s %s", getLabel(), getFuseMountpoint());
189 }
190
191 mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeUserLabelChange,
192 msg, false);
193 }
194
setState(int state)195 void Volume::setState(int state) {
196 char msg[255];
197 int oldState = mState;
198
199 if (oldState == state) {
200 SLOGW("Duplicate state (%d)\n", state);
201 return;
202 }
203
204 if ((oldState == Volume::State_Pending) && (state != Volume::State_Idle)) {
205 mRetryMount = false;
206 }
207
208 mState = state;
209
210 SLOGD("Volume %s state changing %d (%s) -> %d (%s)", mLabel,
211 oldState, stateToStr(oldState), mState, stateToStr(mState));
212 snprintf(msg, sizeof(msg),
213 "Volume %s %s state changed from %d (%s) to %d (%s)", getLabel(),
214 getFuseMountpoint(), oldState, stateToStr(oldState), mState,
215 stateToStr(mState));
216
217 mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeStateChange,
218 msg, false);
219 }
220
createDeviceNode(const char * path,int major,int minor)221 int Volume::createDeviceNode(const char *path, int major, int minor) {
222 mode_t mode = 0660 | S_IFBLK;
223 dev_t dev = (major << 8) | minor;
224 if (mknod(path, mode, dev) < 0) {
225 if (errno != EEXIST) {
226 return -1;
227 }
228 }
229 return 0;
230 }
231
formatVol(bool wipe)232 int Volume::formatVol(bool wipe) {
233
234 if (getState() == Volume::State_NoMedia) {
235 errno = ENODEV;
236 return -1;
237 } else if (getState() != Volume::State_Idle) {
238 errno = EBUSY;
239 return -1;
240 }
241
242 if (isMountpointMounted(getMountpoint())) {
243 SLOGW("Volume is idle but appears to be mounted - fixing");
244 setState(Volume::State_Mounted);
245 // mCurrentlyMountedKdev = XXX
246 errno = EBUSY;
247 return -1;
248 }
249
250 bool formatEntireDevice = (mPartIdx == -1);
251 char devicePath[255];
252 dev_t diskNode = getDiskDevice();
253 dev_t partNode =
254 MKDEV(MAJOR(diskNode),
255 MINOR(diskNode) + (formatEntireDevice ? 1 : mPartIdx));
256
257 setState(Volume::State_Formatting);
258
259 int ret = -1;
260 // Only initialize the MBR if we are formatting the entire device
261 if (formatEntireDevice) {
262 sprintf(devicePath, "/dev/block/vold/%d:%d",
263 MAJOR(diskNode), MINOR(diskNode));
264
265 if (initializeMbr(devicePath)) {
266 SLOGE("Failed to initialize MBR (%s)", strerror(errno));
267 goto err;
268 }
269 }
270
271 sprintf(devicePath, "/dev/block/vold/%d:%d",
272 MAJOR(partNode), MINOR(partNode));
273
274 if (mDebug) {
275 SLOGI("Formatting volume %s (%s)", getLabel(), devicePath);
276 }
277
278 if (Fat::format(devicePath, 0, wipe)) {
279 SLOGE("Failed to format (%s)", strerror(errno));
280 goto err;
281 }
282
283 ret = 0;
284
285 err:
286 setState(Volume::State_Idle);
287 return ret;
288 }
289
isMountpointMounted(const char * path)290 bool Volume::isMountpointMounted(const char *path) {
291 char device[256];
292 char mount_path[256];
293 char rest[256];
294 FILE *fp;
295 char line[1024];
296
297 if (!(fp = fopen("/proc/mounts", "r"))) {
298 SLOGE("Error opening /proc/mounts (%s)", strerror(errno));
299 return false;
300 }
301
302 while(fgets(line, sizeof(line), fp)) {
303 line[strlen(line)-1] = '\0';
304 sscanf(line, "%255s %255s %255s\n", device, mount_path, rest);
305 if (!strcmp(mount_path, path)) {
306 fclose(fp);
307 return true;
308 }
309 }
310
311 fclose(fp);
312 return false;
313 }
314
mountVol()315 int Volume::mountVol() {
316 dev_t deviceNodes[4];
317 int n, i, rc = 0;
318 char errmsg[255];
319
320 int flags = getFlags();
321 bool providesAsec = (flags & VOL_PROVIDES_ASEC) != 0;
322
323 // TODO: handle "bind" style mounts, for emulated storage
324
325 char decrypt_state[PROPERTY_VALUE_MAX];
326 char crypto_state[PROPERTY_VALUE_MAX];
327 char encrypt_progress[PROPERTY_VALUE_MAX];
328
329 property_get("vold.decrypt", decrypt_state, "");
330 property_get("vold.encrypt_progress", encrypt_progress, "");
331
332 /* Don't try to mount the volumes if we have not yet entered the disk password
333 * or are in the process of encrypting.
334 */
335 if ((getState() == Volume::State_NoMedia) ||
336 ((!strcmp(decrypt_state, "1") || encrypt_progress[0]) && providesAsec)) {
337 snprintf(errmsg, sizeof(errmsg),
338 "Volume %s %s mount failed - no media",
339 getLabel(), getFuseMountpoint());
340 mVm->getBroadcaster()->sendBroadcast(
341 ResponseCode::VolumeMountFailedNoMedia,
342 errmsg, false);
343 errno = ENODEV;
344 return -1;
345 } else if (getState() != Volume::State_Idle) {
346 errno = EBUSY;
347 if (getState() == Volume::State_Pending) {
348 mRetryMount = true;
349 }
350 return -1;
351 }
352
353 if (isMountpointMounted(getMountpoint())) {
354 SLOGW("Volume is idle but appears to be mounted - fixing");
355 setState(Volume::State_Mounted);
356 // mCurrentlyMountedKdev = XXX
357 return 0;
358 }
359
360 n = getDeviceNodes((dev_t *) &deviceNodes, 4);
361 if (!n) {
362 SLOGE("Failed to get device nodes (%s)\n", strerror(errno));
363 return -1;
364 }
365
366 /* If we're running encrypted, and the volume is marked as encryptable and nonremovable,
367 * and also marked as providing Asec storage, then we need to decrypt
368 * that partition, and update the volume object to point to it's new decrypted
369 * block device
370 */
371 property_get("ro.crypto.state", crypto_state, "");
372 if (providesAsec &&
373 ((flags & (VOL_NONREMOVABLE | VOL_ENCRYPTABLE))==(VOL_NONREMOVABLE | VOL_ENCRYPTABLE)) &&
374 !strcmp(crypto_state, "encrypted") && !isDecrypted()) {
375 char new_sys_path[MAXPATHLEN];
376 char nodepath[256];
377 int new_major, new_minor;
378
379 if (n != 1) {
380 /* We only expect one device node returned when mounting encryptable volumes */
381 SLOGE("Too many device nodes returned when mounting %d\n", getMountpoint());
382 return -1;
383 }
384
385 if (cryptfs_setup_volume(getLabel(), MAJOR(deviceNodes[0]), MINOR(deviceNodes[0]),
386 new_sys_path, sizeof(new_sys_path),
387 &new_major, &new_minor)) {
388 SLOGE("Cannot setup encryption mapping for %d\n", getMountpoint());
389 return -1;
390 }
391 /* We now have the new sysfs path for the decrypted block device, and the
392 * majore and minor numbers for it. So, create the device, update the
393 * path to the new sysfs path, and continue.
394 */
395 snprintf(nodepath,
396 sizeof(nodepath), "/dev/block/vold/%d:%d",
397 new_major, new_minor);
398 if (createDeviceNode(nodepath, new_major, new_minor)) {
399 SLOGE("Error making device node '%s' (%s)", nodepath,
400 strerror(errno));
401 }
402
403 // Todo: Either create sys filename from nodepath, or pass in bogus path so
404 // vold ignores state changes on this internal device.
405 updateDeviceInfo(nodepath, new_major, new_minor);
406
407 /* Get the device nodes again, because they just changed */
408 n = getDeviceNodes((dev_t *) &deviceNodes, 4);
409 if (!n) {
410 SLOGE("Failed to get device nodes (%s)\n", strerror(errno));
411 return -1;
412 }
413 }
414
415 for (i = 0; i < n; i++) {
416 char devicePath[255];
417
418 sprintf(devicePath, "/dev/block/vold/%d:%d", MAJOR(deviceNodes[i]),
419 MINOR(deviceNodes[i]));
420
421 SLOGI("%s being considered for volume %s\n", devicePath, getLabel());
422
423 errno = 0;
424 setState(Volume::State_Checking);
425
426 if (Fat::check(devicePath)) {
427 if (errno == ENODATA) {
428 SLOGW("%s does not contain a FAT filesystem\n", devicePath);
429 continue;
430 }
431 errno = EIO;
432 /* Badness - abort the mount */
433 SLOGE("%s failed FS checks (%s)", devicePath, strerror(errno));
434 setState(Volume::State_Idle);
435 return -1;
436 }
437
438 errno = 0;
439 int gid;
440
441 if (Fat::doMount(devicePath, getMountpoint(), false, false, false,
442 AID_MEDIA_RW, AID_MEDIA_RW, 0007, true)) {
443 SLOGE("%s failed to mount via VFAT (%s)\n", devicePath, strerror(errno));
444 continue;
445 }
446
447 extractMetadata(devicePath);
448
449 if (providesAsec && mountAsecExternal() != 0) {
450 SLOGE("Failed to mount secure area (%s)", strerror(errno));
451 umount(getMountpoint());
452 setState(Volume::State_Idle);
453 return -1;
454 }
455
456 char service[64];
457 snprintf(service, 64, "fuse_%s", getLabel());
458 property_set("ctl.start", service);
459
460 setState(Volume::State_Mounted);
461 mCurrentlyMountedKdev = deviceNodes[i];
462 return 0;
463 }
464
465 SLOGE("Volume %s found no suitable devices for mounting :(\n", getLabel());
466 setState(Volume::State_Idle);
467
468 return -1;
469 }
470
mountAsecExternal()471 int Volume::mountAsecExternal() {
472 char legacy_path[PATH_MAX];
473 char secure_path[PATH_MAX];
474
475 snprintf(legacy_path, PATH_MAX, "%s/android_secure", getMountpoint());
476 snprintf(secure_path, PATH_MAX, "%s/.android_secure", getMountpoint());
477
478 // Recover legacy secure path
479 if (!access(legacy_path, R_OK | X_OK) && access(secure_path, R_OK | X_OK)) {
480 if (rename(legacy_path, secure_path)) {
481 SLOGE("Failed to rename legacy asec dir (%s)", strerror(errno));
482 }
483 }
484
485 if (fs_prepare_dir(secure_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW) != 0) {
486 SLOGW("fs_prepare_dir failed: %s", strerror(errno));
487 return -1;
488 }
489
490 if (mount(secure_path, SEC_ASECDIR_EXT, "", MS_BIND, NULL)) {
491 SLOGE("Failed to bind mount points %s -> %s (%s)", secure_path,
492 SEC_ASECDIR_EXT, strerror(errno));
493 return -1;
494 }
495
496 return 0;
497 }
498
doUnmount(const char * path,bool force)499 int Volume::doUnmount(const char *path, bool force) {
500 int retries = 10;
501
502 if (mDebug) {
503 SLOGD("Unmounting {%s}, force = %d", path, force);
504 }
505
506 while (retries--) {
507 if (!umount(path) || errno == EINVAL || errno == ENOENT) {
508 SLOGI("%s sucessfully unmounted", path);
509 return 0;
510 }
511
512 int action = 0;
513
514 if (force) {
515 if (retries == 1) {
516 action = 2; // SIGKILL
517 } else if (retries == 2) {
518 action = 1; // SIGHUP
519 }
520 }
521
522 SLOGW("Failed to unmount %s (%s, retries %d, action %d)",
523 path, strerror(errno), retries, action);
524
525 Process::killProcessesWithOpenFiles(path, action);
526 usleep(1000*1000);
527 }
528 errno = EBUSY;
529 SLOGE("Giving up on unmount %s (%s)", path, strerror(errno));
530 return -1;
531 }
532
unmountVol(bool force,bool revert)533 int Volume::unmountVol(bool force, bool revert) {
534 int i, rc;
535
536 int flags = getFlags();
537 bool providesAsec = (flags & VOL_PROVIDES_ASEC) != 0;
538
539 if (getState() != Volume::State_Mounted) {
540 SLOGE("Volume %s unmount request when not mounted", getLabel());
541 errno = EINVAL;
542 return UNMOUNT_NOT_MOUNTED_ERR;
543 }
544
545 setState(Volume::State_Unmounting);
546 usleep(1000 * 1000); // Give the framework some time to react
547
548 char service[64];
549 snprintf(service, 64, "fuse_%s", getLabel());
550 property_set("ctl.stop", service);
551 /* Give it a chance to stop. I wish we had a synchronous way to determine this... */
552 sleep(1);
553
554 // TODO: determine failure mode if FUSE times out
555
556 if (providesAsec && doUnmount(Volume::SEC_ASECDIR_EXT, force) != 0) {
557 SLOGE("Failed to unmount secure area on %s (%s)", getMountpoint(), strerror(errno));
558 goto out_mounted;
559 }
560
561 /* Now that the fuse daemon is dead, unmount it */
562 if (doUnmount(getFuseMountpoint(), force) != 0) {
563 SLOGE("Failed to unmount %s (%s)", getFuseMountpoint(), strerror(errno));
564 goto fail_remount_secure;
565 }
566
567 /* Unmount the real sd card */
568 if (doUnmount(getMountpoint(), force) != 0) {
569 SLOGE("Failed to unmount %s (%s)", getMountpoint(), strerror(errno));
570 goto fail_remount_secure;
571 }
572
573 SLOGI("%s unmounted successfully", getMountpoint());
574
575 /* If this is an encrypted volume, and we've been asked to undo
576 * the crypto mapping, then revert the dm-crypt mapping, and revert
577 * the device info to the original values.
578 */
579 if (revert && isDecrypted()) {
580 cryptfs_revert_volume(getLabel());
581 revertDeviceInfo();
582 SLOGI("Encrypted volume %s reverted successfully", getMountpoint());
583 }
584
585 setUuid(NULL);
586 setUserLabel(NULL);
587 setState(Volume::State_Idle);
588 mCurrentlyMountedKdev = -1;
589 return 0;
590
591 fail_remount_secure:
592 if (providesAsec && mountAsecExternal() != 0) {
593 SLOGE("Failed to remount secure area (%s)", strerror(errno));
594 goto out_nomedia;
595 }
596
597 out_mounted:
598 setState(Volume::State_Mounted);
599 return -1;
600
601 out_nomedia:
602 setState(Volume::State_NoMedia);
603 return -1;
604 }
605
initializeMbr(const char * deviceNode)606 int Volume::initializeMbr(const char *deviceNode) {
607 struct disk_info dinfo;
608
609 memset(&dinfo, 0, sizeof(dinfo));
610
611 if (!(dinfo.part_lst = (struct part_info *) malloc(MAX_NUM_PARTS * sizeof(struct part_info)))) {
612 SLOGE("Failed to malloc prt_lst");
613 return -1;
614 }
615
616 memset(dinfo.part_lst, 0, MAX_NUM_PARTS * sizeof(struct part_info));
617 dinfo.device = strdup(deviceNode);
618 dinfo.scheme = PART_SCHEME_MBR;
619 dinfo.sect_size = 512;
620 dinfo.skip_lba = 2048;
621 dinfo.num_lba = 0;
622 dinfo.num_parts = 1;
623
624 struct part_info *pinfo = &dinfo.part_lst[0];
625
626 pinfo->name = strdup("android_sdcard");
627 pinfo->flags |= PART_ACTIVE_FLAG;
628 pinfo->type = PC_PART_TYPE_FAT32;
629 pinfo->len_kb = -1;
630
631 int rc = apply_disk_config(&dinfo, 0);
632
633 if (rc) {
634 SLOGE("Failed to apply disk configuration (%d)", rc);
635 goto out;
636 }
637
638 out:
639 free(pinfo->name);
640 free(dinfo.device);
641 free(dinfo.part_lst);
642
643 return rc;
644 }
645
646 /*
647 * Use blkid to extract UUID and label from device, since it handles many
648 * obscure edge cases around partition types and formats. Always broadcasts
649 * updated metadata values.
650 */
extractMetadata(const char * devicePath)651 int Volume::extractMetadata(const char* devicePath) {
652 int res = 0;
653
654 std::string cmd;
655 cmd = BLKID_PATH;
656 cmd += " -c /dev/null ";
657 cmd += devicePath;
658
659 FILE* fp = popen(cmd.c_str(), "r");
660 if (!fp) {
661 ALOGE("Failed to run %s: %s", cmd.c_str(), strerror(errno));
662 res = -1;
663 goto done;
664 }
665
666 char line[1024];
667 char value[128];
668 if (fgets(line, sizeof(line), fp) != NULL) {
669 ALOGD("blkid identified as %s", line);
670
671 char* start = strstr(line, "UUID=");
672 if (start != NULL && sscanf(start + 5, "\"%127[^\"]\"", value) == 1) {
673 setUuid(value);
674 } else {
675 setUuid(NULL);
676 }
677
678 start = strstr(line, "LABEL=");
679 if (start != NULL && sscanf(start + 6, "\"%127[^\"]\"", value) == 1) {
680 setUserLabel(value);
681 } else {
682 setUserLabel(NULL);
683 }
684 } else {
685 ALOGW("blkid failed to identify %s", devicePath);
686 res = -1;
687 }
688
689 pclose(fp);
690
691 done:
692 if (res == -1) {
693 setUuid(NULL);
694 setUserLabel(NULL);
695 }
696 return res;
697 }
698