1 /*
2 * fs/sdcardfs/derived_perm.c
3 *
4 * Copyright (c) 2013 Samsung Electronics Co. Ltd
5 * Authors: Daeho Jeong, Woojoong Lee, Seunghwan Hyun,
6 * Sunghwan Yun, Sungjong Seo
7 *
8 * This program has been developed as a stackable file system based on
9 * the WrapFS which written by
10 *
11 * Copyright (c) 1998-2011 Erez Zadok
12 * Copyright (c) 2009 Shrikar Archak
13 * Copyright (c) 2003-2011 Stony Brook University
14 * Copyright (c) 2003-2011 The Research Foundation of SUNY
15 *
16 * This file is dual licensed. It may be redistributed and/or modified
17 * under the terms of the Apache 2.0 License OR version 2 of the GNU
18 * General Public License.
19 */
20
21 #include "sdcardfs.h"
22
23 /* copy derived state from parent inode */
inherit_derived_state(struct inode * parent,struct inode * child)24 static void inherit_derived_state(struct inode *parent, struct inode *child)
25 {
26 struct sdcardfs_inode_info *pi = SDCARDFS_I(parent);
27 struct sdcardfs_inode_info *ci = SDCARDFS_I(child);
28
29 ci->data->perm = PERM_INHERIT;
30 ci->data->userid = pi->data->userid;
31 ci->data->d_uid = pi->data->d_uid;
32 ci->data->under_android = pi->data->under_android;
33 ci->data->under_cache = pi->data->under_cache;
34 ci->data->under_obb = pi->data->under_obb;
35 }
36
37 /* helper function for derived state */
setup_derived_state(struct inode * inode,perm_t perm,userid_t userid,uid_t uid)38 void setup_derived_state(struct inode *inode, perm_t perm, userid_t userid,
39 uid_t uid)
40 {
41 struct sdcardfs_inode_info *info = SDCARDFS_I(inode);
42
43 info->data->perm = perm;
44 info->data->userid = userid;
45 info->data->d_uid = uid;
46 info->data->under_android = false;
47 info->data->under_cache = false;
48 info->data->under_obb = false;
49 }
50
51 /* While renaming, there is a point where we want the path from dentry,
52 * but the name from newdentry
53 */
get_derived_permission_new(struct dentry * parent,struct dentry * dentry,const struct qstr * name)54 void get_derived_permission_new(struct dentry *parent, struct dentry *dentry,
55 const struct qstr *name)
56 {
57 struct sdcardfs_inode_info *info = SDCARDFS_I(d_inode(dentry));
58 struct sdcardfs_inode_info *parent_info = SDCARDFS_I(d_inode(parent));
59 struct sdcardfs_inode_data *parent_data = parent_info->data;
60 appid_t appid;
61 unsigned long user_num;
62 int err;
63 struct qstr q_Android = QSTR_LITERAL("Android");
64 struct qstr q_data = QSTR_LITERAL("data");
65 struct qstr q_sandbox = QSTR_LITERAL("sandbox");
66 struct qstr q_obb = QSTR_LITERAL("obb");
67 struct qstr q_media = QSTR_LITERAL("media");
68 struct qstr q_cache = QSTR_LITERAL("cache");
69
70 /* By default, each inode inherits from its parent.
71 * the properties are maintained on its private fields
72 * because the inode attributes will be modified with that of
73 * its lower inode.
74 * These values are used by our custom permission call instead
75 * of using the inode permissions.
76 */
77
78 inherit_derived_state(d_inode(parent), d_inode(dentry));
79
80 /* Files don't get special labels */
81 if (!S_ISDIR(d_inode(dentry)->i_mode)) {
82 set_top(info, parent_info);
83 return;
84 }
85 /* Derive custom permissions based on parent and current node */
86 switch (parent_data->perm) {
87 case PERM_INHERIT:
88 case PERM_ANDROID_PACKAGE_CACHE:
89 set_top(info, parent_info);
90 break;
91 case PERM_PRE_ROOT:
92 /* Legacy internal layout places users at top level */
93 info->data->perm = PERM_ROOT;
94 err = kstrtoul(name->name, 10, &user_num);
95 if (err)
96 info->data->userid = 0;
97 else
98 info->data->userid = user_num;
99 break;
100 case PERM_ROOT:
101 /* Assume masked off by default. */
102 if (qstr_case_eq(name, &q_Android)) {
103 /* App-specific directories inside; let anyone traverse */
104 info->data->perm = PERM_ANDROID;
105 info->data->under_android = true;
106 } else {
107 set_top(info, parent_info);
108 }
109 break;
110 case PERM_ANDROID:
111 if (qstr_case_eq(name, &q_data)) {
112 /* App-specific directories inside; let anyone traverse */
113 info->data->perm = PERM_ANDROID_DATA;
114 } else if (qstr_case_eq(name, &q_sandbox)) {
115 /* App-specific directories inside; let anyone traverse */
116 info->data->perm = PERM_ANDROID_DATA;
117 } else if (qstr_case_eq(name, &q_obb)) {
118 /* App-specific directories inside; let anyone traverse */
119 info->data->perm = PERM_ANDROID_OBB;
120 info->data->under_obb = true;
121 /* Single OBB directory is always shared */
122 } else if (qstr_case_eq(name, &q_media)) {
123 /* App-specific directories inside; let anyone traverse */
124 info->data->perm = PERM_ANDROID_MEDIA;
125 } else {
126 set_top(info, parent_info);
127 }
128 break;
129 case PERM_ANDROID_OBB:
130 case PERM_ANDROID_DATA:
131 case PERM_ANDROID_MEDIA:
132 info->data->perm = PERM_ANDROID_PACKAGE;
133 appid = get_appid(name->name);
134 if (appid != 0 && !is_excluded(name->name, parent_data->userid))
135 info->data->d_uid =
136 multiuser_get_uid(parent_data->userid, appid);
137 break;
138 case PERM_ANDROID_PACKAGE:
139 if (qstr_case_eq(name, &q_cache)) {
140 info->data->perm = PERM_ANDROID_PACKAGE_CACHE;
141 info->data->under_cache = true;
142 }
143 set_top(info, parent_info);
144 break;
145 }
146 }
147
get_derived_permission(struct dentry * parent,struct dentry * dentry)148 void get_derived_permission(struct dentry *parent, struct dentry *dentry)
149 {
150 get_derived_permission_new(parent, dentry, &dentry->d_name);
151 }
152
get_type(const char * name)153 static appid_t get_type(const char *name)
154 {
155 const char *ext = strrchr(name, '.');
156 appid_t id;
157
158 if (ext && ext[0]) {
159 ext = &ext[1];
160 id = get_ext_gid(ext);
161 return id?:AID_MEDIA_RW;
162 }
163 return AID_MEDIA_RW;
164 }
165
fixup_lower_ownership(struct dentry * dentry,const char * name)166 void fixup_lower_ownership(struct dentry *dentry, const char *name)
167 {
168 struct path path;
169 struct inode *inode;
170 struct inode *delegated_inode = NULL;
171 int error;
172 struct sdcardfs_inode_info *info;
173 struct sdcardfs_inode_data *info_d;
174 struct sdcardfs_inode_data *info_top;
175 perm_t perm;
176 struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
177 uid_t uid = sbi->options.fs_low_uid;
178 gid_t gid = sbi->options.fs_low_gid;
179 struct iattr newattrs;
180
181 if (!sbi->options.gid_derivation)
182 return;
183
184 info = SDCARDFS_I(d_inode(dentry));
185 info_d = info->data;
186 perm = info_d->perm;
187 if (info_d->under_obb) {
188 perm = PERM_ANDROID_OBB;
189 } else if (info_d->under_cache) {
190 perm = PERM_ANDROID_PACKAGE_CACHE;
191 } else if (perm == PERM_INHERIT) {
192 info_top = top_data_get(info);
193 perm = info_top->perm;
194 data_put(info_top);
195 }
196
197 switch (perm) {
198 case PERM_ROOT:
199 case PERM_ANDROID:
200 case PERM_ANDROID_DATA:
201 case PERM_ANDROID_MEDIA:
202 case PERM_ANDROID_PACKAGE:
203 case PERM_ANDROID_PACKAGE_CACHE:
204 uid = multiuser_get_uid(info_d->userid, uid);
205 break;
206 case PERM_ANDROID_OBB:
207 uid = AID_MEDIA_OBB;
208 break;
209 case PERM_PRE_ROOT:
210 default:
211 break;
212 }
213 switch (perm) {
214 case PERM_ROOT:
215 case PERM_ANDROID:
216 case PERM_ANDROID_DATA:
217 case PERM_ANDROID_MEDIA:
218 if (S_ISDIR(d_inode(dentry)->i_mode))
219 gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
220 else
221 gid = multiuser_get_uid(info_d->userid, get_type(name));
222 break;
223 case PERM_ANDROID_OBB:
224 gid = AID_MEDIA_OBB;
225 break;
226 case PERM_ANDROID_PACKAGE:
227 if (uid_is_app(info_d->d_uid))
228 gid = multiuser_get_ext_gid(info_d->d_uid);
229 else
230 gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
231 break;
232 case PERM_ANDROID_PACKAGE_CACHE:
233 if (uid_is_app(info_d->d_uid))
234 gid = multiuser_get_ext_cache_gid(info_d->d_uid);
235 else
236 gid = multiuser_get_uid(info_d->userid, AID_MEDIA_RW);
237 break;
238 case PERM_PRE_ROOT:
239 default:
240 break;
241 }
242
243 sdcardfs_get_lower_path(dentry, &path);
244 inode = d_inode(path.dentry);
245 if (d_inode(path.dentry)->i_gid.val != gid || d_inode(path.dentry)->i_uid.val != uid) {
246 retry_deleg:
247 newattrs.ia_valid = ATTR_GID | ATTR_UID | ATTR_FORCE;
248 newattrs.ia_uid = make_kuid(current_user_ns(), uid);
249 newattrs.ia_gid = make_kgid(current_user_ns(), gid);
250 if (!S_ISDIR(inode->i_mode))
251 newattrs.ia_valid |=
252 ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
253 inode_lock(inode);
254 error = security_path_chown(&path, newattrs.ia_uid, newattrs.ia_gid);
255 if (!error)
256 error = notify_change2(path.mnt, path.dentry, &newattrs, &delegated_inode);
257 inode_unlock(inode);
258 if (delegated_inode) {
259 error = break_deleg_wait(&delegated_inode);
260 if (!error)
261 goto retry_deleg;
262 }
263 if (error)
264 pr_debug("sdcardfs: Failed to touch up lower fs gid/uid for %s\n", name);
265 }
266 sdcardfs_put_lower_path(dentry, &path);
267 }
268
descendant_may_need_fixup(struct sdcardfs_inode_data * data,struct limit_search * limit)269 static int descendant_may_need_fixup(struct sdcardfs_inode_data *data,
270 struct limit_search *limit)
271 {
272 if (data->perm == PERM_ROOT)
273 return (limit->flags & BY_USERID) ?
274 data->userid == limit->userid : 1;
275 if (data->perm == PERM_PRE_ROOT || data->perm == PERM_ANDROID)
276 return 1;
277 return 0;
278 }
279
needs_fixup(perm_t perm)280 static int needs_fixup(perm_t perm)
281 {
282 if (perm == PERM_ANDROID_DATA || perm == PERM_ANDROID_OBB
283 || perm == PERM_ANDROID_MEDIA)
284 return 1;
285 return 0;
286 }
287
__fixup_perms_recursive(struct dentry * dentry,struct limit_search * limit,int depth)288 static void __fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit, int depth)
289 {
290 struct dentry *child;
291 struct sdcardfs_inode_info *info;
292
293 /*
294 * All paths will terminate their recursion on hitting PERM_ANDROID_OBB,
295 * PERM_ANDROID_MEDIA, or PERM_ANDROID_DATA. This happens at a depth of
296 * at most 3.
297 */
298 WARN(depth > 3, "%s: Max expected depth exceeded!\n", __func__);
299 spin_lock_nested(&dentry->d_lock, depth);
300 if (!d_inode(dentry)) {
301 spin_unlock(&dentry->d_lock);
302 return;
303 }
304 info = SDCARDFS_I(d_inode(dentry));
305
306 if (needs_fixup(info->data->perm)) {
307 list_for_each_entry(child, &dentry->d_subdirs, d_child) {
308 spin_lock_nested(&child->d_lock, depth + 1);
309 if (!(limit->flags & BY_NAME) || qstr_case_eq(&child->d_name, &limit->name)) {
310 if (d_inode(child)) {
311 get_derived_permission(dentry, child);
312 fixup_tmp_permissions(d_inode(child));
313 spin_unlock(&child->d_lock);
314 break;
315 }
316 }
317 spin_unlock(&child->d_lock);
318 }
319 } else if (descendant_may_need_fixup(info->data, limit)) {
320 list_for_each_entry(child, &dentry->d_subdirs, d_child) {
321 __fixup_perms_recursive(child, limit, depth + 1);
322 }
323 }
324 spin_unlock(&dentry->d_lock);
325 }
326
fixup_perms_recursive(struct dentry * dentry,struct limit_search * limit)327 void fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit)
328 {
329 __fixup_perms_recursive(dentry, limit, 0);
330 }
331
332 /* main function for updating derived permission */
update_derived_permission_lock(struct dentry * dentry)333 inline void update_derived_permission_lock(struct dentry *dentry)
334 {
335 struct dentry *parent;
336
337 if (!dentry || !d_inode(dentry)) {
338 pr_err("sdcardfs: %s: invalid dentry\n", __func__);
339 return;
340 }
341 /* FIXME:
342 * 1. need to check whether the dentry is updated or not
343 * 2. remove the root dentry update
344 */
345 if (!IS_ROOT(dentry)) {
346 parent = dget_parent(dentry);
347 if (parent) {
348 get_derived_permission(parent, dentry);
349 dput(parent);
350 }
351 }
352 fixup_tmp_permissions(d_inode(dentry));
353 }
354
need_graft_path(struct dentry * dentry)355 int need_graft_path(struct dentry *dentry)
356 {
357 int ret = 0;
358 struct dentry *parent = dget_parent(dentry);
359 struct sdcardfs_inode_info *parent_info = SDCARDFS_I(d_inode(parent));
360 struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
361 struct qstr obb = QSTR_LITERAL("obb");
362
363 if (!sbi->options.unshared_obb &&
364 parent_info->data->perm == PERM_ANDROID &&
365 qstr_case_eq(&dentry->d_name, &obb)) {
366
367 /* /Android/obb is the base obbpath of DERIVED_UNIFIED */
368 if (!(sbi->options.multiuser == false
369 && parent_info->data->userid == 0)) {
370 ret = 1;
371 }
372 }
373 dput(parent);
374 return ret;
375 }
376
is_obbpath_invalid(struct dentry * dent)377 int is_obbpath_invalid(struct dentry *dent)
378 {
379 int ret = 0;
380 struct sdcardfs_dentry_info *di = SDCARDFS_D(dent);
381 struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dent->d_sb);
382 char *path_buf, *obbpath_s;
383 int need_put = 0;
384 struct path lower_path;
385
386 /* check the base obbpath has been changed.
387 * this routine can check an uninitialized obb dentry as well.
388 * regarding the uninitialized obb, refer to the sdcardfs_mkdir()
389 */
390 spin_lock(&di->lock);
391 if (di->orig_path.dentry) {
392 if (!di->lower_path.dentry) {
393 ret = 1;
394 } else {
395 path_get(&di->lower_path);
396
397 path_buf = kmalloc(PATH_MAX, GFP_ATOMIC);
398 if (!path_buf) {
399 ret = 1;
400 pr_err("sdcardfs: fail to allocate path_buf in %s.\n", __func__);
401 } else {
402 obbpath_s = d_path(&di->lower_path, path_buf, PATH_MAX);
403 if (d_unhashed(di->lower_path.dentry) ||
404 !str_case_eq(sbi->obbpath_s, obbpath_s)) {
405 ret = 1;
406 }
407 kfree(path_buf);
408 }
409
410 pathcpy(&lower_path, &di->lower_path);
411 need_put = 1;
412 }
413 }
414 spin_unlock(&di->lock);
415 if (need_put)
416 path_put(&lower_path);
417 return ret;
418 }
419
is_base_obbpath(struct dentry * dentry)420 int is_base_obbpath(struct dentry *dentry)
421 {
422 int ret = 0;
423 struct dentry *parent = dget_parent(dentry);
424 struct sdcardfs_inode_info *parent_info = SDCARDFS_I(d_inode(parent));
425 struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
426 struct qstr q_obb = QSTR_LITERAL("obb");
427
428 spin_lock(&SDCARDFS_D(dentry)->lock);
429 if (sbi->options.multiuser) {
430 if (parent_info->data->perm == PERM_PRE_ROOT &&
431 qstr_case_eq(&dentry->d_name, &q_obb)) {
432 ret = 1;
433 }
434 } else if (parent_info->data->perm == PERM_ANDROID &&
435 qstr_case_eq(&dentry->d_name, &q_obb)) {
436 ret = 1;
437 }
438 spin_unlock(&SDCARDFS_D(dentry)->lock);
439 return ret;
440 }
441
442 /* The lower_path will be stored to the dentry's orig_path
443 * and the base obbpath will be copyed to the lower_path variable.
444 * if an error returned, there's no change in the lower_path
445 * returns: -ERRNO if error (0: no error)
446 */
setup_obb_dentry(struct dentry * dentry,struct path * lower_path)447 int setup_obb_dentry(struct dentry *dentry, struct path *lower_path)
448 {
449 int err = 0;
450 struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
451 struct path obbpath;
452
453 /* A local obb dentry must have its own orig_path to support rmdir
454 * and mkdir of itself. Usually, we expect that the sbi->obbpath
455 * is avaiable on this stage.
456 */
457 sdcardfs_set_orig_path(dentry, lower_path);
458
459 err = kern_path(sbi->obbpath_s,
460 LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &obbpath);
461
462 if (!err) {
463 /* the obbpath base has been found */
464 pathcpy(lower_path, &obbpath);
465 } else {
466 /* if the sbi->obbpath is not available, we can optionally
467 * setup the lower_path with its orig_path.
468 * but, the current implementation just returns an error
469 * because the sdcard daemon also regards this case as
470 * a lookup fail.
471 */
472 pr_info("sdcardfs: the sbi->obbpath is not available\n");
473 }
474 return err;
475 }
476
477
478