1 /*
2 * fs/sdcardfs/derived_perm.c
3 *
4 * Copyright (c) 2013 Samsung Electronics Co. Ltd
5 * Authors: Daeho Jeong, Woojoong Lee, Seunghwan Hyun,
6 * Sunghwan Yun, Sungjong Seo
7 *
8 * This program has been developed as a stackable file system based on
9 * the WrapFS which written by
10 *
11 * Copyright (c) 1998-2011 Erez Zadok
12 * Copyright (c) 2009 Shrikar Archak
13 * Copyright (c) 2003-2011 Stony Brook University
14 * Copyright (c) 2003-2011 The Research Foundation of SUNY
15 *
16 * This file is dual licensed. It may be redistributed and/or modified
17 * under the terms of the Apache 2.0 License OR version 2 of the GNU
18 * General Public License.
19 */
20
21 #include "sdcardfs.h"
22
23 /* copy derived state from parent inode */
inherit_derived_state(struct inode * parent,struct inode * child)24 static void inherit_derived_state(struct inode *parent, struct inode *child)
25 {
26 struct sdcardfs_inode_info *pi = SDCARDFS_I(parent);
27 struct sdcardfs_inode_info *ci = SDCARDFS_I(child);
28
29 ci->data->perm = PERM_INHERIT;
30 ci->data->userid = pi->data->userid;
31 ci->data->d_uid = pi->data->d_uid;
32 ci->data->under_android = pi->data->under_android;
33 ci->data->under_cache = pi->data->under_cache;
34 ci->data->under_obb = pi->data->under_obb;
35 set_top(ci, pi->top_data);
36 }
37
38 /* helper function for derived state */
setup_derived_state(struct inode * inode,perm_t perm,userid_t userid,uid_t uid,bool under_android,struct sdcardfs_inode_data * top)39 void setup_derived_state(struct inode *inode, perm_t perm, userid_t userid,
40 uid_t uid, bool under_android,
41 struct sdcardfs_inode_data *top)
42 {
43 struct sdcardfs_inode_info *info = SDCARDFS_I(inode);
44
45 info->data->perm = perm;
46 info->data->userid = userid;
47 info->data->d_uid = uid;
48 info->data->under_android = under_android;
49 info->data->under_cache = false;
50 info->data->under_obb = false;
51 set_top(info, top);
52 }
53
54 /* While renaming, there is a point where we want the path from dentry,
55 * but the name from newdentry
56 */
get_derived_permission_new(struct dentry * parent,struct dentry * dentry,const struct qstr * name)57 void get_derived_permission_new(struct dentry *parent, struct dentry *dentry,
58 const struct qstr *name)
59 {
60 struct sdcardfs_inode_info *info = SDCARDFS_I(dentry->d_inode);
61 struct sdcardfs_inode_data *parent_data =
62 SDCARDFS_I(parent->d_inode)->data;
63 appid_t appid;
64 unsigned long user_num;
65 int err;
66 struct qstr q_Android = QSTR_LITERAL("Android");
67 struct qstr q_data = QSTR_LITERAL("data");
68 struct qstr q_obb = QSTR_LITERAL("obb");
69 struct qstr q_media = QSTR_LITERAL("media");
70 struct qstr q_cache = QSTR_LITERAL("cache");
71
72 /* By default, each inode inherits from its parent.
73 * the properties are maintained on its private fields
74 * because the inode attributes will be modified with that of
75 * its lower inode.
76 * These values are used by our custom permission call instead
77 * of using the inode permissions.
78 */
79
80 inherit_derived_state(parent->d_inode, dentry->d_inode);
81
82 /* Files don't get special labels */
83 if (!S_ISDIR(dentry->d_inode->i_mode))
84 return;
85 /* Derive custom permissions based on parent and current node */
86 switch (parent_data->perm) {
87 case PERM_INHERIT:
88 case PERM_ANDROID_PACKAGE_CACHE:
89 /* Already inherited above */
90 break;
91 case PERM_PRE_ROOT:
92 /* Legacy internal layout places users at top level */
93 info->data->perm = PERM_ROOT;
94 err = kstrtoul(name->name, 10, &user_num);
95 if (err)
96 info->data->userid = 0;
97 else
98 info->data->userid = user_num;
99 set_top(info, info->data);
100 break;
101 case PERM_ROOT:
102 /* Assume masked off by default. */
103 if (qstr_case_eq(name, &q_Android)) {
104 /* App-specific directories inside; let anyone traverse */
105 info->data->perm = PERM_ANDROID;
106 info->data->under_android = true;
107 set_top(info, info->data);
108 }
109 break;
110 case PERM_ANDROID:
111 if (qstr_case_eq(name, &q_data)) {
112 /* App-specific directories inside; let anyone traverse */
113 info->data->perm = PERM_ANDROID_DATA;
114 set_top(info, info->data);
115 } else if (qstr_case_eq(name, &q_obb)) {
116 /* App-specific directories inside; let anyone traverse */
117 info->data->perm = PERM_ANDROID_OBB;
118 info->data->under_obb = true;
119 set_top(info, info->data);
120 /* Single OBB directory is always shared */
121 } else if (qstr_case_eq(name, &q_media)) {
122 /* App-specific directories inside; let anyone traverse */
123 info->data->perm = PERM_ANDROID_MEDIA;
124 set_top(info, info->data);
125 }
126 break;
127 case PERM_ANDROID_OBB:
128 case PERM_ANDROID_DATA:
129 case PERM_ANDROID_MEDIA:
130 info->data->perm = PERM_ANDROID_PACKAGE;
131 appid = get_appid(name->name);
132 if (appid != 0 && !is_excluded(name->name, parent_data->userid))
133 info->data->d_uid =
134 multiuser_get_uid(parent_data->userid, appid);
135 set_top(info, info->data);
136 break;
137 case PERM_ANDROID_PACKAGE:
138 if (qstr_case_eq(name, &q_cache)) {
139 info->data->perm = PERM_ANDROID_PACKAGE_CACHE;
140 info->data->under_cache = true;
141 }
142 break;
143 }
144 }
145
get_derived_permission(struct dentry * parent,struct dentry * dentry)146 void get_derived_permission(struct dentry *parent, struct dentry *dentry)
147 {
148 get_derived_permission_new(parent, dentry, &dentry->d_name);
149 }
150
get_type(const char * name)151 static appid_t get_type(const char *name)
152 {
153 const char *ext = strrchr(name, '.');
154 appid_t id;
155
156 if (ext && ext[0]) {
157 ext = &ext[1];
158 id = get_ext_gid(ext);
159 return id?:AID_MEDIA_RW;
160 }
161 return AID_MEDIA_RW;
162 }
163
fixup_lower_ownership(struct dentry * dentry,const char * name)164 void fixup_lower_ownership(struct dentry *dentry, const char *name)
165 {
166 struct path path;
167 struct inode *inode;
168 int error;
169 struct sdcardfs_inode_info *info;
170 struct sdcardfs_inode_data *info_d;
171 struct sdcardfs_inode_data *info_top;
172 perm_t perm;
173 struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
174 uid_t uid = sbi->options.fs_low_uid;
175 gid_t gid = sbi->options.fs_low_gid;
176 struct iattr newattrs;
177
178 if (!sbi->options.gid_derivation)
179 return;
180
181 info = SDCARDFS_I(dentry->d_inode);
182 info_d = info->data;
183 perm = info_d->perm;
184 if (info_d->under_obb) {
185 perm = PERM_ANDROID_OBB;
186 } else if (info_d->under_cache) {
187 perm = PERM_ANDROID_PACKAGE_CACHE;
188 } else if (perm == PERM_INHERIT) {
189 info_top = top_data_get(info);
190 perm = info_top->perm;
191 data_put(info_top);
192 }
193
194 switch (perm) {
195 case PERM_ROOT:
196 case PERM_ANDROID:
197 case PERM_ANDROID_DATA:
198 case PERM_ANDROID_MEDIA:
199 case PERM_ANDROID_PACKAGE:
200 case PERM_ANDROID_PACKAGE_CACHE:
201 uid = multiuser_get_uid(info_d->userid, uid);
202 break;
203 case PERM_ANDROID_OBB:
204 uid = AID_MEDIA_OBB;
205 break;
206 case PERM_PRE_ROOT:
207 default:
208 break;
209 }
210 switch (perm) {
211 case PERM_ROOT:
212 case PERM_ANDROID:
213 case PERM_ANDROID_DATA:
214 case PERM_ANDROID_MEDIA:
215 if (S_ISDIR(dentry->d_inode->i_mode))
216 gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
217 else
218 gid = multiuser_get_uid(info_d->userid, get_type(name));
219 break;
220 case PERM_ANDROID_OBB:
221 gid = AID_MEDIA_OBB;
222 break;
223 case PERM_ANDROID_PACKAGE:
224 if (uid_is_app(info_d->d_uid))
225 gid = multiuser_get_ext_gid(info_d->d_uid);
226 else
227 gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
228 break;
229 case PERM_ANDROID_PACKAGE_CACHE:
230 if (uid_is_app(info_d->d_uid))
231 gid = multiuser_get_ext_cache_gid(info_d->d_uid);
232 else
233 gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
234 break;
235 case PERM_PRE_ROOT:
236 default:
237 break;
238 }
239
240 sdcardfs_get_lower_path(dentry, &path);
241 inode = path.dentry->d_inode;
242 if (path.dentry->d_inode->i_gid != gid || path.dentry->d_inode->i_uid != uid) {
243 newattrs.ia_valid = ATTR_GID | ATTR_UID | ATTR_FORCE;
244 newattrs.ia_uid = make_kuid(current_user_ns(), uid);
245 newattrs.ia_gid = make_kgid(current_user_ns(), gid);
246 if (!S_ISDIR(inode->i_mode))
247 newattrs.ia_valid |=
248 ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
249 mutex_lock(&inode->i_mutex);
250 error = security_path_chown(&path, newattrs.ia_uid, newattrs.ia_gid);
251 if (!error)
252 error = notify_change2(path.mnt, path.dentry, &newattrs);
253 mutex_unlock(&inode->i_mutex);
254 if (error)
255 pr_debug("sdcardfs: Failed to touch up lower fs gid/uid for %s\n", name);
256 }
257 sdcardfs_put_lower_path(dentry, &path);
258 }
259
descendant_may_need_fixup(struct sdcardfs_inode_data * data,struct limit_search * limit)260 static int descendant_may_need_fixup(struct sdcardfs_inode_data *data,
261 struct limit_search *limit)
262 {
263 if (data->perm == PERM_ROOT)
264 return (limit->flags & BY_USERID) ?
265 data->userid == limit->userid : 1;
266 if (data->perm == PERM_PRE_ROOT || data->perm == PERM_ANDROID)
267 return 1;
268 return 0;
269 }
270
needs_fixup(perm_t perm)271 static int needs_fixup(perm_t perm)
272 {
273 if (perm == PERM_ANDROID_DATA || perm == PERM_ANDROID_OBB
274 || perm == PERM_ANDROID_MEDIA)
275 return 1;
276 return 0;
277 }
278
__fixup_perms_recursive(struct dentry * dentry,struct limit_search * limit,int depth)279 static void __fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit, int depth)
280 {
281 struct dentry *child;
282 struct sdcardfs_inode_info *info;
283
284 /*
285 * All paths will terminate their recursion on hitting PERM_ANDROID_OBB,
286 * PERM_ANDROID_MEDIA, or PERM_ANDROID_DATA. This happens at a depth of
287 * at most 3.
288 */
289 WARN(depth > 3, "%s: Max expected depth exceeded!\n", __func__);
290 spin_lock_nested(&dentry->d_lock, depth);
291 if (!dentry->d_inode) {
292 spin_unlock(&dentry->d_lock);
293 return;
294 }
295 info = SDCARDFS_I(dentry->d_inode);
296
297 if (needs_fixup(info->data->perm)) {
298 list_for_each_entry(child, &dentry->d_subdirs, d_u.d_child) {
299 spin_lock_nested(&child->d_lock, depth + 1);
300 if (!(limit->flags & BY_NAME) || qstr_case_eq(&child->d_name, &limit->name)) {
301 if (child->d_inode) {
302 get_derived_permission(dentry, child);
303 fixup_tmp_permissions(child->d_inode);
304 spin_unlock(&child->d_lock);
305 break;
306 }
307 }
308 spin_unlock(&child->d_lock);
309 }
310 } else if (descendant_may_need_fixup(info->data, limit)) {
311 list_for_each_entry(child, &dentry->d_subdirs, d_u.d_child) {
312 __fixup_perms_recursive(child, limit, depth + 1);
313 }
314 }
315 spin_unlock(&dentry->d_lock);
316 }
317
fixup_perms_recursive(struct dentry * dentry,struct limit_search * limit)318 void fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit)
319 {
320 __fixup_perms_recursive(dentry, limit, 0);
321 }
322
323 /* main function for updating derived permission */
update_derived_permission_lock(struct dentry * dentry)324 inline void update_derived_permission_lock(struct dentry *dentry)
325 {
326 struct dentry *parent;
327
328 if (!dentry || !dentry->d_inode) {
329 pr_err("sdcardfs: %s: invalid dentry\n", __func__);
330 return;
331 }
332 /* FIXME:
333 * 1. need to check whether the dentry is updated or not
334 * 2. remove the root dentry update
335 */
336 if (!IS_ROOT(dentry)) {
337 parent = dget_parent(dentry);
338 if (parent) {
339 get_derived_permission(parent, dentry);
340 dput(parent);
341 }
342 }
343 fixup_tmp_permissions(dentry->d_inode);
344 }
345
need_graft_path(struct dentry * dentry)346 int need_graft_path(struct dentry *dentry)
347 {
348 int ret = 0;
349 struct dentry *parent = dget_parent(dentry);
350 struct sdcardfs_inode_info *parent_info = SDCARDFS_I(parent->d_inode);
351 struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
352 struct qstr obb = QSTR_LITERAL("obb");
353
354 if (parent_info->data->perm == PERM_ANDROID &&
355 qstr_case_eq(&dentry->d_name, &obb)) {
356
357 /* /Android/obb is the base obbpath of DERIVED_UNIFIED */
358 if (!(sbi->options.multiuser == false
359 && parent_info->data->userid == 0)) {
360 ret = 1;
361 }
362 }
363 dput(parent);
364 return ret;
365 }
366
is_obbpath_invalid(struct dentry * dent)367 int is_obbpath_invalid(struct dentry *dent)
368 {
369 int ret = 0;
370 struct sdcardfs_dentry_info *di = SDCARDFS_D(dent);
371 struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dent->d_sb);
372 char *path_buf, *obbpath_s;
373 int need_put = 0;
374 struct path lower_path;
375
376 /* check the base obbpath has been changed.
377 * this routine can check an uninitialized obb dentry as well.
378 * regarding the uninitialized obb, refer to the sdcardfs_mkdir()
379 */
380 spin_lock(&di->lock);
381 if (di->orig_path.dentry) {
382 if (!di->lower_path.dentry) {
383 ret = 1;
384 } else {
385 path_get(&di->lower_path);
386
387 path_buf = kmalloc(PATH_MAX, GFP_ATOMIC);
388 if (!path_buf) {
389 ret = 1;
390 pr_err("sdcardfs: fail to allocate path_buf in %s.\n", __func__);
391 } else {
392 obbpath_s = d_path(&di->lower_path, path_buf, PATH_MAX);
393 if (d_unhashed(di->lower_path.dentry) ||
394 !str_case_eq(sbi->obbpath_s, obbpath_s)) {
395 ret = 1;
396 }
397 kfree(path_buf);
398 }
399
400 pathcpy(&lower_path, &di->lower_path);
401 need_put = 1;
402 }
403 }
404 spin_unlock(&di->lock);
405 if (need_put)
406 path_put(&lower_path);
407 return ret;
408 }
409
is_base_obbpath(struct dentry * dentry)410 int is_base_obbpath(struct dentry *dentry)
411 {
412 int ret = 0;
413 struct dentry *parent = dget_parent(dentry);
414 struct sdcardfs_inode_info *parent_info = SDCARDFS_I(parent->d_inode);
415 struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
416 struct qstr q_obb = QSTR_LITERAL("obb");
417
418 spin_lock(&SDCARDFS_D(dentry)->lock);
419 if (sbi->options.multiuser) {
420 if (parent_info->data->perm == PERM_PRE_ROOT &&
421 qstr_case_eq(&dentry->d_name, &q_obb)) {
422 ret = 1;
423 }
424 } else if (parent_info->data->perm == PERM_ANDROID &&
425 qstr_case_eq(&dentry->d_name, &q_obb)) {
426 ret = 1;
427 }
428 spin_unlock(&SDCARDFS_D(dentry)->lock);
429 return ret;
430 }
431
432 /* The lower_path will be stored to the dentry's orig_path
433 * and the base obbpath will be copyed to the lower_path variable.
434 * if an error returned, there's no change in the lower_path
435 * returns: -ERRNO if error (0: no error)
436 */
setup_obb_dentry(struct dentry * dentry,struct path * lower_path)437 int setup_obb_dentry(struct dentry *dentry, struct path *lower_path)
438 {
439 int err = 0;
440 struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
441 struct path obbpath;
442
443 /* A local obb dentry must have its own orig_path to support rmdir
444 * and mkdir of itself. Usually, we expect that the sbi->obbpath
445 * is avaiable on this stage.
446 */
447 sdcardfs_set_orig_path(dentry, lower_path);
448
449 err = kern_path(sbi->obbpath_s,
450 LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &obbpath);
451
452 if (!err) {
453 /* the obbpath base has been found */
454 pathcpy(lower_path, &obbpath);
455 } else {
456 /* if the sbi->obbpath is not available, we can optionally
457 * setup the lower_path with its orig_path.
458 * but, the current implementation just returns an error
459 * because the sdcard daemon also regards this case as
460 * a lookup fail.
461 */
462 pr_info("sdcardfs: the sbi->obbpath is not available\n");
463 }
464 return err;
465 }
466
467
468