• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * fs/sdcardfs/derived_perm.c
3  *
4  * Copyright (c) 2013 Samsung Electronics Co. Ltd
5  *   Authors: Daeho Jeong, Woojoong Lee, Seunghwan Hyun,
6  *               Sunghwan Yun, Sungjong Seo
7  *
8  * This program has been developed as a stackable file system based on
9  * the WrapFS which written by
10  *
11  * Copyright (c) 1998-2011 Erez Zadok
12  * Copyright (c) 2009     Shrikar Archak
13  * Copyright (c) 2003-2011 Stony Brook University
14  * Copyright (c) 2003-2011 The Research Foundation of SUNY
15  *
16  * This file is dual licensed.  It may be redistributed and/or modified
17  * under the terms of the Apache 2.0 License OR version 2 of the GNU
18  * General Public License.
19  */
20 
21 #include "sdcardfs.h"
22 
23 /* copy derived state from parent inode */
inherit_derived_state(struct inode * parent,struct inode * child)24 static void inherit_derived_state(struct inode *parent, struct inode *child)
25 {
26 	struct sdcardfs_inode_info *pi = SDCARDFS_I(parent);
27 	struct sdcardfs_inode_info *ci = SDCARDFS_I(child);
28 
29 	ci->data->perm = PERM_INHERIT;
30 	ci->data->userid = pi->data->userid;
31 	ci->data->d_uid = pi->data->d_uid;
32 	ci->data->under_android = pi->data->under_android;
33 	ci->data->under_cache = pi->data->under_cache;
34 	ci->data->under_obb = pi->data->under_obb;
35 }
36 
37 /* helper function for derived state */
setup_derived_state(struct inode * inode,perm_t perm,userid_t userid,uid_t uid)38 void setup_derived_state(struct inode *inode, perm_t perm, userid_t userid,
39 					uid_t uid)
40 {
41 	struct sdcardfs_inode_info *info = SDCARDFS_I(inode);
42 
43 	info->data->perm = perm;
44 	info->data->userid = userid;
45 	info->data->d_uid = uid;
46 	info->data->under_android = false;
47 	info->data->under_cache = false;
48 	info->data->under_obb = false;
49 }
50 
51 /* While renaming, there is a point where we want the path from dentry,
52  * but the name from newdentry
53  */
get_derived_permission_new(struct dentry * parent,struct dentry * dentry,const struct qstr * name)54 void get_derived_permission_new(struct dentry *parent, struct dentry *dentry,
55 				const struct qstr *name)
56 {
57 	struct sdcardfs_inode_info *info = SDCARDFS_I(d_inode(dentry));
58 	struct sdcardfs_inode_info *parent_info = SDCARDFS_I(d_inode(parent));
59 	struct sdcardfs_inode_data *parent_data = parent_info->data;
60 	appid_t appid;
61 	unsigned long user_num;
62 	int err;
63 	struct qstr q_Android = QSTR_LITERAL("Android");
64 	struct qstr q_data = QSTR_LITERAL("data");
65 	struct qstr q_obb = QSTR_LITERAL("obb");
66 	struct qstr q_media = QSTR_LITERAL("media");
67 	struct qstr q_cache = QSTR_LITERAL("cache");
68 
69 	/* By default, each inode inherits from its parent.
70 	 * the properties are maintained on its private fields
71 	 * because the inode attributes will be modified with that of
72 	 * its lower inode.
73 	 * These values are used by our custom permission call instead
74 	 * of using the inode permissions.
75 	 */
76 
77 	inherit_derived_state(d_inode(parent), d_inode(dentry));
78 
79 	/* Files don't get special labels */
80 	if (!S_ISDIR(d_inode(dentry)->i_mode)) {
81 		set_top(info, parent_info);
82 		return;
83 	}
84 	/* Derive custom permissions based on parent and current node */
85 	switch (parent_data->perm) {
86 	case PERM_INHERIT:
87 	case PERM_ANDROID_PACKAGE_CACHE:
88 		set_top(info, parent_info);
89 		break;
90 	case PERM_PRE_ROOT:
91 		/* Legacy internal layout places users at top level */
92 		info->data->perm = PERM_ROOT;
93 		err = kstrtoul(name->name, 10, &user_num);
94 		if (err)
95 			info->data->userid = 0;
96 		else
97 			info->data->userid = user_num;
98 		break;
99 	case PERM_ROOT:
100 		/* Assume masked off by default. */
101 		if (qstr_case_eq(name, &q_Android)) {
102 			/* App-specific directories inside; let anyone traverse */
103 			info->data->perm = PERM_ANDROID;
104 			info->data->under_android = true;
105 		} else {
106 			set_top(info, parent_info);
107 		}
108 		break;
109 	case PERM_ANDROID:
110 		if (qstr_case_eq(name, &q_data)) {
111 			/* App-specific directories inside; let anyone traverse */
112 			info->data->perm = PERM_ANDROID_DATA;
113 		} else if (qstr_case_eq(name, &q_obb)) {
114 			/* App-specific directories inside; let anyone traverse */
115 			info->data->perm = PERM_ANDROID_OBB;
116 			info->data->under_obb = true;
117 			/* Single OBB directory is always shared */
118 		} else if (qstr_case_eq(name, &q_media)) {
119 			/* App-specific directories inside; let anyone traverse */
120 			info->data->perm = PERM_ANDROID_MEDIA;
121 		} else {
122 			set_top(info, parent_info);
123 		}
124 		break;
125 	case PERM_ANDROID_OBB:
126 	case PERM_ANDROID_DATA:
127 	case PERM_ANDROID_MEDIA:
128 		info->data->perm = PERM_ANDROID_PACKAGE;
129 		appid = get_appid(name->name);
130 		if (appid != 0 && !is_excluded(name->name, parent_data->userid))
131 			info->data->d_uid =
132 				multiuser_get_uid(parent_data->userid, appid);
133 		break;
134 	case PERM_ANDROID_PACKAGE:
135 		if (qstr_case_eq(name, &q_cache)) {
136 			info->data->perm = PERM_ANDROID_PACKAGE_CACHE;
137 			info->data->under_cache = true;
138 		}
139 		set_top(info, parent_info);
140 		break;
141 	}
142 }
143 
get_derived_permission(struct dentry * parent,struct dentry * dentry)144 void get_derived_permission(struct dentry *parent, struct dentry *dentry)
145 {
146 	get_derived_permission_new(parent, dentry, &dentry->d_name);
147 }
148 
get_type(const char * name)149 static appid_t get_type(const char *name)
150 {
151 	const char *ext = strrchr(name, '.');
152 	appid_t id;
153 
154 	if (ext && ext[0]) {
155 		ext = &ext[1];
156 		id = get_ext_gid(ext);
157 		return id?:AID_MEDIA_RW;
158 	}
159 	return AID_MEDIA_RW;
160 }
161 
fixup_lower_ownership(struct dentry * dentry,const char * name)162 void fixup_lower_ownership(struct dentry *dentry, const char *name)
163 {
164 	struct path path;
165 	struct inode *inode;
166 	struct inode *delegated_inode = NULL;
167 	int error;
168 	struct sdcardfs_inode_info *info;
169 	struct sdcardfs_inode_data *info_d;
170 	struct sdcardfs_inode_data *info_top;
171 	perm_t perm;
172 	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
173 	uid_t uid = sbi->options.fs_low_uid;
174 	gid_t gid = sbi->options.fs_low_gid;
175 	struct iattr newattrs;
176 
177 	if (!sbi->options.gid_derivation)
178 		return;
179 
180 	info = SDCARDFS_I(d_inode(dentry));
181 	info_d = info->data;
182 	perm = info_d->perm;
183 	if (info_d->under_obb) {
184 		perm = PERM_ANDROID_OBB;
185 	} else if (info_d->under_cache) {
186 		perm = PERM_ANDROID_PACKAGE_CACHE;
187 	} else if (perm == PERM_INHERIT) {
188 		info_top = top_data_get(info);
189 		perm = info_top->perm;
190 		data_put(info_top);
191 	}
192 
193 	switch (perm) {
194 	case PERM_ROOT:
195 	case PERM_ANDROID:
196 	case PERM_ANDROID_DATA:
197 	case PERM_ANDROID_MEDIA:
198 	case PERM_ANDROID_PACKAGE:
199 	case PERM_ANDROID_PACKAGE_CACHE:
200 		uid = multiuser_get_uid(info_d->userid, uid);
201 		break;
202 	case PERM_ANDROID_OBB:
203 		uid = AID_MEDIA_OBB;
204 		break;
205 	case PERM_PRE_ROOT:
206 	default:
207 		break;
208 	}
209 	switch (perm) {
210 	case PERM_ROOT:
211 	case PERM_ANDROID:
212 	case PERM_ANDROID_DATA:
213 	case PERM_ANDROID_MEDIA:
214 		if (S_ISDIR(d_inode(dentry)->i_mode))
215 			gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
216 		else
217 			gid = multiuser_get_uid(info_d->userid, get_type(name));
218 		break;
219 	case PERM_ANDROID_OBB:
220 		gid = AID_MEDIA_OBB;
221 		break;
222 	case PERM_ANDROID_PACKAGE:
223 		if (uid_is_app(info_d->d_uid))
224 			gid = multiuser_get_ext_gid(info_d->d_uid);
225 		else
226 			gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
227 		break;
228 	case PERM_ANDROID_PACKAGE_CACHE:
229 		if (uid_is_app(info_d->d_uid))
230 			gid = multiuser_get_ext_cache_gid(info_d->d_uid);
231 		else
232 			gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
233 		break;
234 	case PERM_PRE_ROOT:
235 	default:
236 		break;
237 	}
238 
239 	sdcardfs_get_lower_path(dentry, &path);
240 	inode = d_inode(path.dentry);
241 	if (d_inode(path.dentry)->i_gid.val != gid || d_inode(path.dentry)->i_uid.val != uid) {
242 retry_deleg:
243 		newattrs.ia_valid = ATTR_GID | ATTR_UID | ATTR_FORCE;
244 		newattrs.ia_uid = make_kuid(current_user_ns(), uid);
245 		newattrs.ia_gid = make_kgid(current_user_ns(), gid);
246 		if (!S_ISDIR(inode->i_mode))
247 			newattrs.ia_valid |=
248 				ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
249 		inode_lock(inode);
250 		error = security_path_chown(&path, newattrs.ia_uid, newattrs.ia_gid);
251 		if (!error)
252 			error = notify_change2(path.mnt, path.dentry, &newattrs, &delegated_inode);
253 		inode_unlock(inode);
254 		if (delegated_inode) {
255 			error = break_deleg_wait(&delegated_inode);
256 			if (!error)
257 				goto retry_deleg;
258 		}
259 		if (error)
260 			pr_debug("sdcardfs: Failed to touch up lower fs gid/uid for %s\n", name);
261 	}
262 	sdcardfs_put_lower_path(dentry, &path);
263 }
264 
descendant_may_need_fixup(struct sdcardfs_inode_data * data,struct limit_search * limit)265 static int descendant_may_need_fixup(struct sdcardfs_inode_data *data,
266 		struct limit_search *limit)
267 {
268 	if (data->perm == PERM_ROOT)
269 		return (limit->flags & BY_USERID) ?
270 				data->userid == limit->userid : 1;
271 	if (data->perm == PERM_PRE_ROOT || data->perm == PERM_ANDROID)
272 		return 1;
273 	return 0;
274 }
275 
needs_fixup(perm_t perm)276 static int needs_fixup(perm_t perm)
277 {
278 	if (perm == PERM_ANDROID_DATA || perm == PERM_ANDROID_OBB
279 			|| perm == PERM_ANDROID_MEDIA)
280 		return 1;
281 	return 0;
282 }
283 
__fixup_perms_recursive(struct dentry * dentry,struct limit_search * limit,int depth)284 static void __fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit, int depth)
285 {
286 	struct dentry *child;
287 	struct sdcardfs_inode_info *info;
288 
289 	/*
290 	 * All paths will terminate their recursion on hitting PERM_ANDROID_OBB,
291 	 * PERM_ANDROID_MEDIA, or PERM_ANDROID_DATA. This happens at a depth of
292 	 * at most 3.
293 	 */
294 	WARN(depth > 3, "%s: Max expected depth exceeded!\n", __func__);
295 	spin_lock_nested(&dentry->d_lock, depth);
296 	if (!d_inode(dentry)) {
297 		spin_unlock(&dentry->d_lock);
298 		return;
299 	}
300 	info = SDCARDFS_I(d_inode(dentry));
301 
302 	if (needs_fixup(info->data->perm)) {
303 		list_for_each_entry(child, &dentry->d_subdirs, d_child) {
304 			spin_lock_nested(&child->d_lock, depth + 1);
305 			if (!(limit->flags & BY_NAME) || qstr_case_eq(&child->d_name, &limit->name)) {
306 				if (d_inode(child)) {
307 					get_derived_permission(dentry, child);
308 					fixup_tmp_permissions(d_inode(child));
309 					spin_unlock(&child->d_lock);
310 					break;
311 				}
312 			}
313 			spin_unlock(&child->d_lock);
314 		}
315 	} else if (descendant_may_need_fixup(info->data, limit)) {
316 		list_for_each_entry(child, &dentry->d_subdirs, d_child) {
317 			__fixup_perms_recursive(child, limit, depth + 1);
318 		}
319 	}
320 	spin_unlock(&dentry->d_lock);
321 }
322 
fixup_perms_recursive(struct dentry * dentry,struct limit_search * limit)323 void fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit)
324 {
325 	__fixup_perms_recursive(dentry, limit, 0);
326 }
327 
328 /* main function for updating derived permission */
update_derived_permission_lock(struct dentry * dentry)329 inline void update_derived_permission_lock(struct dentry *dentry)
330 {
331 	struct dentry *parent;
332 
333 	if (!dentry || !d_inode(dentry)) {
334 		pr_err("sdcardfs: %s: invalid dentry\n", __func__);
335 		return;
336 	}
337 	/* FIXME:
338 	 * 1. need to check whether the dentry is updated or not
339 	 * 2. remove the root dentry update
340 	 */
341 	if (!IS_ROOT(dentry)) {
342 		parent = dget_parent(dentry);
343 		if (parent) {
344 			get_derived_permission(parent, dentry);
345 			dput(parent);
346 		}
347 	}
348 	fixup_tmp_permissions(d_inode(dentry));
349 }
350 
need_graft_path(struct dentry * dentry)351 int need_graft_path(struct dentry *dentry)
352 {
353 	int ret = 0;
354 	struct dentry *parent = dget_parent(dentry);
355 	struct sdcardfs_inode_info *parent_info = SDCARDFS_I(d_inode(parent));
356 	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
357 	struct qstr obb = QSTR_LITERAL("obb");
358 
359 	if (parent_info->data->perm == PERM_ANDROID &&
360 			qstr_case_eq(&dentry->d_name, &obb)) {
361 
362 		/* /Android/obb is the base obbpath of DERIVED_UNIFIED */
363 		if (!(sbi->options.multiuser == false
364 				&& parent_info->data->userid == 0)) {
365 			ret = 1;
366 		}
367 	}
368 	dput(parent);
369 	return ret;
370 }
371 
is_obbpath_invalid(struct dentry * dent)372 int is_obbpath_invalid(struct dentry *dent)
373 {
374 	int ret = 0;
375 	struct sdcardfs_dentry_info *di = SDCARDFS_D(dent);
376 	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dent->d_sb);
377 	char *path_buf, *obbpath_s;
378 	int need_put = 0;
379 	struct path lower_path;
380 
381 	/* check the base obbpath has been changed.
382 	 * this routine can check an uninitialized obb dentry as well.
383 	 * regarding the uninitialized obb, refer to the sdcardfs_mkdir()
384 	 */
385 	spin_lock(&di->lock);
386 	if (di->orig_path.dentry) {
387 		if (!di->lower_path.dentry) {
388 			ret = 1;
389 		} else {
390 			path_get(&di->lower_path);
391 
392 			path_buf = kmalloc(PATH_MAX, GFP_ATOMIC);
393 			if (!path_buf) {
394 				ret = 1;
395 				pr_err("sdcardfs: fail to allocate path_buf in %s.\n", __func__);
396 			} else {
397 				obbpath_s = d_path(&di->lower_path, path_buf, PATH_MAX);
398 				if (d_unhashed(di->lower_path.dentry) ||
399 					!str_case_eq(sbi->obbpath_s, obbpath_s)) {
400 					ret = 1;
401 				}
402 				kfree(path_buf);
403 			}
404 
405 			pathcpy(&lower_path, &di->lower_path);
406 			need_put = 1;
407 		}
408 	}
409 	spin_unlock(&di->lock);
410 	if (need_put)
411 		path_put(&lower_path);
412 	return ret;
413 }
414 
is_base_obbpath(struct dentry * dentry)415 int is_base_obbpath(struct dentry *dentry)
416 {
417 	int ret = 0;
418 	struct dentry *parent = dget_parent(dentry);
419 	struct sdcardfs_inode_info *parent_info = SDCARDFS_I(d_inode(parent));
420 	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
421 	struct qstr q_obb = QSTR_LITERAL("obb");
422 
423 	spin_lock(&SDCARDFS_D(dentry)->lock);
424 	if (sbi->options.multiuser) {
425 		if (parent_info->data->perm == PERM_PRE_ROOT &&
426 				qstr_case_eq(&dentry->d_name, &q_obb)) {
427 			ret = 1;
428 		}
429 	} else  if (parent_info->data->perm == PERM_ANDROID &&
430 			qstr_case_eq(&dentry->d_name, &q_obb)) {
431 		ret = 1;
432 	}
433 	spin_unlock(&SDCARDFS_D(dentry)->lock);
434 	return ret;
435 }
436 
437 /* The lower_path will be stored to the dentry's orig_path
438  * and the base obbpath will be copyed to the lower_path variable.
439  * if an error returned, there's no change in the lower_path
440  * returns: -ERRNO if error (0: no error)
441  */
setup_obb_dentry(struct dentry * dentry,struct path * lower_path)442 int setup_obb_dentry(struct dentry *dentry, struct path *lower_path)
443 {
444 	int err = 0;
445 	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
446 	struct path obbpath;
447 
448 	/* A local obb dentry must have its own orig_path to support rmdir
449 	 * and mkdir of itself. Usually, we expect that the sbi->obbpath
450 	 * is avaiable on this stage.
451 	 */
452 	sdcardfs_set_orig_path(dentry, lower_path);
453 
454 	err = kern_path(sbi->obbpath_s,
455 			LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &obbpath);
456 
457 	if (!err) {
458 		/* the obbpath base has been found */
459 		pathcpy(lower_path, &obbpath);
460 	} else {
461 		/* if the sbi->obbpath is not available, we can optionally
462 		 * setup the lower_path with its orig_path.
463 		 * but, the current implementation just returns an error
464 		 * because the sdcard daemon also regards this case as
465 		 * a lookup fail.
466 		 */
467 		pr_info("sdcardfs: the sbi->obbpath is not available\n");
468 	}
469 	return err;
470 }
471 
472 
473