1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef FUSE_H_ 18 #define FUSE_H_ 19 20 #include <dirent.h> 21 #include <fcntl.h> 22 #include <linux/fuse.h> 23 #include <pthread.h> 24 #include <stdbool.h> 25 #include <stdlib.h> 26 #include <sys/param.h> 27 #include <sys/stat.h> 28 #include <sys/statfs.h> 29 #include <sys/types.h> 30 #include <sys/uio.h> 31 #include <unistd.h> 32 33 #include <map> 34 #include <string> 35 36 #include <android-base/logging.h> 37 #include <cutils/fs.h> 38 #include <cutils/multiuser.h> 39 #include <packagelistparser/packagelistparser.h> 40 41 #include <private/android_filesystem_config.h> 42 43 #define FUSE_TRACE 0 44 45 #if FUSE_TRACE 46 static constexpr bool kEnableDLog = true; 47 #else // FUSE_TRACE == 0 48 static constexpr bool kEnableDLog = false; 49 #endif 50 51 // Use same strategy as DCHECK(). 52 #define DLOG(x) \ 53 if (kEnableDLog) LOG(x) 54 55 /* Maximum number of bytes to write in one request. */ 56 #define MAX_WRITE (256 * 1024) 57 58 /* Maximum number of bytes to read in one request. */ 59 #define MAX_READ (128 * 1024) 60 61 /* Largest possible request. 62 * The request size is bounded by the maximum size of a FUSE_WRITE request because it has 63 * the largest possible data payload. */ 64 #define MAX_REQUEST_SIZE (sizeof(struct fuse_in_header) + sizeof(struct fuse_write_in) + MAX_WRITE) 65 66 namespace { 67 struct CaseInsensitiveCompare { operatorCaseInsensitiveCompare68 bool operator()(const std::string& lhs, const std::string& rhs) const { 69 return strcasecmp(lhs.c_str(), rhs.c_str()) < 0; 70 } 71 }; 72 } 73 74 using AppIdMap = std::map<std::string, appid_t, CaseInsensitiveCompare>; 75 76 /* Permission mode for a specific node. Controls how file permissions 77 * are derived for children nodes. */ 78 typedef enum { 79 /* Nothing special; this node should just inherit from its parent. */ 80 PERM_INHERIT, 81 /* This node is one level above a normal root; used for legacy layouts 82 * which use the first level to represent user_id. */ 83 PERM_PRE_ROOT, 84 /* This node is "/" */ 85 PERM_ROOT, 86 /* This node is "/Android" */ 87 PERM_ANDROID, 88 /* This node is "/Android/data" */ 89 PERM_ANDROID_DATA, 90 /* This node is "/Android/obb" */ 91 PERM_ANDROID_OBB, 92 /* This node is "/Android/media" */ 93 PERM_ANDROID_MEDIA, 94 } perm_t; 95 96 struct handle { 97 int fd; 98 }; 99 100 struct dirhandle { 101 DIR *d; 102 }; 103 104 struct node { 105 __u32 refcount; 106 __u64 nid; 107 __u64 gen; 108 /* 109 * The inode number for this FUSE node. Note that this isn't stable across 110 * multiple invocations of the FUSE daemon. 111 */ 112 __u32 ino; 113 114 /* State derived based on current position in hierarchy. */ 115 perm_t perm; 116 userid_t userid; 117 uid_t uid; 118 bool under_android; 119 120 struct node *next; /* per-dir sibling list */ 121 struct node *child; /* first contained file by this dir */ 122 struct node *parent; /* containing directory */ 123 124 size_t namelen; 125 char *name; 126 /* If non-null, this is the real name of the file in the underlying storage. 127 * This may differ from the field "name" only by case. 128 * strlen(actual_name) will always equal strlen(name), so it is safe to use 129 * namelen for both fields. 130 */ 131 char *actual_name; 132 133 /* If non-null, an exact underlying path that should be grafted into this 134 * position. Used to support things like OBB. */ 135 char* graft_path; 136 size_t graft_pathlen; 137 138 bool deleted; 139 }; 140 141 /* Global data for all FUSE mounts */ 142 struct fuse_global { 143 pthread_mutex_t lock; 144 145 uid_t uid; 146 gid_t gid; 147 bool multi_user; 148 149 char source_path[PATH_MAX]; 150 char obb_path[PATH_MAX]; 151 152 AppIdMap* package_to_appid; 153 154 __u64 next_generation; 155 struct node root; 156 157 /* Used to allocate unique inode numbers for fuse nodes. We use 158 * a simple counter based scheme where inode numbers from deleted 159 * nodes aren't reused. Note that inode allocations are not stable 160 * across multiple invocation of the sdcard daemon, but that shouldn't 161 * be a huge problem in practice. 162 * 163 * Note that we restrict inodes to 32 bit unsigned integers to prevent 164 * truncation on 32 bit processes when unsigned long long stat.st_ino is 165 * assigned to an unsigned long ino_t type in an LP32 process. 166 * 167 * Also note that fuse_attr and fuse_dirent inode values are 64 bits wide 168 * on both LP32 and LP64, but the fuse kernel code doesn't squash 64 bit 169 * inode numbers into 32 bit values on 64 bit kernels (see fuse_squash_ino 170 * in fs/fuse/inode.c). 171 * 172 * Accesses must be guarded by |lock|. 173 */ 174 __u32 inode_ctr; 175 176 struct fuse* fuse_default; 177 struct fuse* fuse_read; 178 struct fuse* fuse_write; 179 }; 180 181 /* Single FUSE mount */ 182 struct fuse { 183 struct fuse_global* global; 184 185 char dest_path[PATH_MAX]; 186 187 int fd; 188 189 gid_t gid; 190 mode_t mask; 191 }; 192 193 /* Private data used by a single FUSE handler */ 194 struct fuse_handler { 195 struct fuse* fuse; 196 int token; 197 198 /* To save memory, we never use the contents of the request buffer and the read 199 * buffer at the same time. This allows us to share the underlying storage. */ 200 union { 201 __u8 request_buffer[MAX_REQUEST_SIZE]; 202 __u8 read_buffer[MAX_READ + PAGE_SIZE]; 203 }; 204 }; 205 206 void handle_fuse_requests(struct fuse_handler* handler); 207 void derive_permissions_recursive_locked(struct fuse* fuse, struct node *parent); 208 209 #endif /* FUSE_H_ */ 210