2 * fs/sdcardfs/sdcardfs.h
5 * This file system replaces the sdcard daemon on Android
6 * On version 2.0, some of the daemon functions have been ported
7 * to support the multi-user concepts of Android 4.4
9 * Copyright (c) 2013 Samsung Electronics Co. Ltd
10 * Authors: Daeho Jeong, Woojoong Lee, Seunghwan Hyun,
11 * Sunghwan Yun, Sungjong Seo
13 * This program has been developed as a stackable file system based on
14 * the WrapFS which written by
16 * Copyright (c) 1998-2011 Erez Zadok
17 * Copyright (c) 2009 Shrikar Archak
18 * Copyright (c) 2003-2011 Stony Brook University
19 * Copyright (c) 2003-2011 The Research Foundation of SUNY
21 * This file is dual licensed. It may be redistributed and/or modified
22 * under the terms of the Apache 2.0 License OR version 2 of the GNU
23 * General Public License.
29 #include <linux/dcache.h>
30 #include <linux/file.h>
32 #include <linux/aio.h>
33 #include <linux/kref.h>
35 #include <linux/mount.h>
36 #include <linux/namei.h>
37 #include <linux/seq_file.h>
38 #include <linux/statfs.h>
39 #include <linux/fs_stack.h>
40 #include <linux/magic.h>
41 #include <linux/uaccess.h>
42 #include <linux/slab.h>
43 #include <linux/sched.h>
44 #include <linux/types.h>
45 #include <linux/security.h>
46 #include <linux/string.h>
47 #include <linux/list.h>
48 #include "multiuser.h"
50 /* the file system name */
51 #define SDCARDFS_NAME "sdcardfs"
53 /* sdcardfs root inode number */
54 #define SDCARDFS_ROOT_INO 1
56 /* useful for tracking code reachability */
57 #define UDBG pr_default("DBG:%s:%s:%d\n", __FILE__, __func__, __LINE__)
59 #define SDCARDFS_DIRENT_SIZE 256
61 /* temporary static uid settings for development */
62 #define AID_ROOT 0 /* uid for accessing /mnt/sdcard & extSdcard */
63 #define AID_MEDIA_RW 1023 /* internal media storage write access */
65 #define AID_SDCARD_RW 1015 /* external storage write access */
66 #define AID_SDCARD_R 1028 /* external storage read access */
67 #define AID_SDCARD_PICS 1033 /* external storage photos access */
68 #define AID_SDCARD_AV 1034 /* external storage audio/video access */
69 #define AID_SDCARD_ALL 1035 /* access all users external storage */
70 #define AID_MEDIA_OBB 1059 /* obb files */
72 #define AID_SDCARD_IMAGE 1057
74 #define AID_PACKAGE_INFO 1027
78 * Permissions are handled by our permission function.
79 * We don't want anyone who happens to look at our inode value to prematurely
80 * block access, so store more permissive values. These are probably never
83 #define fixup_tmp_permissions(x) \
85 (x)->i_uid = make_kuid(&init_user_ns, \
86 SDCARDFS_I(x)->data->d_uid); \
87 (x)->i_gid = make_kgid(&init_user_ns, AID_SDCARD_RW); \
88 (x)->i_mode = ((x)->i_mode & S_IFMT) | 0775;\
91 /* OVERRIDE_CRED() and REVERT_CRED()
93 * backup original task->cred
94 * and modifies task->cred->fsuid/fsgid to specified value.
96 * restore original task->cred->fsuid/fsgid.
97 * These two macro should be used in pair, and OVERRIDE_CRED() should be
98 * placed at the beginning of a function, right after variable declaration.
100 #define OVERRIDE_CRED(sdcardfs_sbi, saved_cred, info) \
102 saved_cred = override_fsids(sdcardfs_sbi, info->data); \
107 #define OVERRIDE_CRED_PTR(sdcardfs_sbi, saved_cred, info) \
109 saved_cred = override_fsids(sdcardfs_sbi, info->data); \
111 return ERR_PTR(-ENOMEM); \
114 #define REVERT_CRED(saved_cred) revert_fsids(saved_cred)
116 /* Android 5.0 support */
118 /* Permission mode for a specific node. Controls how file permissions
119 * are derived for children nodes.
122 /* Nothing special; this node should just inherit from its parent. */
124 /* This node is one level above a normal root; used for legacy layouts
125 * which use the first level to represent user_id.
128 /* This node is "/" */
130 /* This node is "/Android" */
132 /* This node is "/Android/data" */
134 /* This node is "/Android/obb" */
136 /* This node is "/Android/media" */
138 /* This node is "/Android/[data|media|obb]/[package]" */
139 PERM_ANDROID_PACKAGE,
140 /* This node is "/Android/[data|media|obb]/[package]/cache" */
141 PERM_ANDROID_PACKAGE_CACHE,
144 struct sdcardfs_sb_info;
145 struct sdcardfs_mount_options;
146 struct sdcardfs_inode_info;
147 struct sdcardfs_inode_data;
149 /* Do not directly use this function. Use OVERRIDE_CRED() instead. */
150 const struct cred *override_fsids(struct sdcardfs_sb_info *sbi,
151 struct sdcardfs_inode_data *data);
152 /* Do not directly use this function, use REVERT_CRED() instead. */
153 void revert_fsids(const struct cred *old_cred);
155 /* operations vectors defined in specific files */
156 extern const struct file_operations sdcardfs_main_fops;
157 extern const struct file_operations sdcardfs_dir_fops;
158 extern const struct inode_operations sdcardfs_main_iops;
159 extern const struct inode_operations sdcardfs_dir_iops;
160 extern const struct inode_operations sdcardfs_symlink_iops;
161 extern const struct super_operations sdcardfs_sops;
162 extern const struct dentry_operations sdcardfs_ci_dops;
163 extern const struct address_space_operations sdcardfs_aops, sdcardfs_dummy_aops;
164 extern const struct vm_operations_struct sdcardfs_vm_ops;
166 extern int sdcardfs_init_inode_cache(void);
167 extern void sdcardfs_destroy_inode_cache(void);
168 extern int sdcardfs_init_dentry_cache(void);
169 extern void sdcardfs_destroy_dentry_cache(void);
170 extern int new_dentry_private_data(struct dentry *dentry);
171 extern void free_dentry_private_data(struct dentry *dentry);
172 extern struct dentry *sdcardfs_lookup(struct inode *dir, struct dentry *dentry,
174 extern struct inode *sdcardfs_iget(struct super_block *sb,
175 struct inode *lower_inode, userid_t id);
176 extern int sdcardfs_interpose(struct dentry *dentry, struct super_block *sb,
177 struct path *lower_path, userid_t id);
179 /* file private data */
180 struct sdcardfs_file_info {
181 struct file *lower_file;
182 const struct vm_operations_struct *lower_vm_ops;
185 struct sdcardfs_inode_data {
186 struct kref refcount;
197 /* sdcardfs inode data in memory */
198 struct sdcardfs_inode_info {
199 struct inode *lower_inode;
200 /* state derived based on current position in hierarchy */
201 struct sdcardfs_inode_data *data;
203 /* top folder for ownership */
204 struct sdcardfs_inode_data *top_data;
206 struct inode vfs_inode;
210 /* sdcardfs dentry data in memory */
211 struct sdcardfs_dentry_info {
212 spinlock_t lock; /* protects lower_path */
213 struct path lower_path;
214 struct path orig_path;
217 struct sdcardfs_mount_options {
222 unsigned int reserved_mb;
225 struct sdcardfs_vfsmount_options {
230 extern int parse_options_remount(struct super_block *sb, char *options, int silent,
231 struct sdcardfs_vfsmount_options *vfsopts);
233 /* sdcardfs super-block data in memory */
234 struct sdcardfs_sb_info {
235 struct super_block *sb;
236 struct super_block *lower_sb;
237 /* derived perm policy : some of options have been added
238 * to sdcardfs_mount_options (Android 4.4 support)
240 struct sdcardfs_mount_options options;
241 spinlock_t lock; /* protects obbpath */
245 struct list_head list;
249 * inode to private data
251 * Since we use containers and the struct inode is _inside_ the
252 * sdcardfs_inode_info structure, SDCARDFS_I will always (given a non-NULL
253 * inode pointer), return a valid non-NULL pointer.
255 static inline struct sdcardfs_inode_info *SDCARDFS_I(const struct inode *inode)
257 return container_of(inode, struct sdcardfs_inode_info, vfs_inode);
260 /* dentry to private data */
261 #define SDCARDFS_D(dent) ((struct sdcardfs_dentry_info *)(dent)->d_fsdata)
263 /* superblock to private data */
264 #define SDCARDFS_SB(super) ((struct sdcardfs_sb_info *)(super)->s_fs_info)
266 /* file to private Data */
267 #define SDCARDFS_F(file) ((struct sdcardfs_file_info *)((file)->private_data))
269 /* file to lower file */
270 static inline struct file *sdcardfs_lower_file(const struct file *f)
272 return SDCARDFS_F(f)->lower_file;
275 static inline void sdcardfs_set_lower_file(struct file *f, struct file *val)
277 SDCARDFS_F(f)->lower_file = val;
280 /* inode to lower inode. */
281 static inline struct inode *sdcardfs_lower_inode(const struct inode *i)
283 return SDCARDFS_I(i)->lower_inode;
286 static inline void sdcardfs_set_lower_inode(struct inode *i, struct inode *val)
288 SDCARDFS_I(i)->lower_inode = val;
291 /* superblock to lower superblock */
292 static inline struct super_block *sdcardfs_lower_super(
293 const struct super_block *sb)
295 return SDCARDFS_SB(sb)->lower_sb;
298 static inline void sdcardfs_set_lower_super(struct super_block *sb,
299 struct super_block *val)
301 SDCARDFS_SB(sb)->lower_sb = val;
304 /* path based (dentry/mnt) macros */
305 static inline void pathcpy(struct path *dst, const struct path *src)
307 dst->dentry = src->dentry;
311 /* sdcardfs_get_pname functions calls path_get()
312 * therefore, the caller must call "proper" path_put functions
314 #define SDCARDFS_DENT_FUNC(pname) \
315 static inline void sdcardfs_get_##pname(const struct dentry *dent, \
316 struct path *pname) \
318 spin_lock(&SDCARDFS_D(dent)->lock); \
319 pathcpy(pname, &SDCARDFS_D(dent)->pname); \
321 spin_unlock(&SDCARDFS_D(dent)->lock); \
324 static inline void sdcardfs_put_##pname(const struct dentry *dent, \
325 struct path *pname) \
330 static inline void sdcardfs_set_##pname(const struct dentry *dent, \
331 struct path *pname) \
333 spin_lock(&SDCARDFS_D(dent)->lock); \
334 pathcpy(&SDCARDFS_D(dent)->pname, pname); \
335 spin_unlock(&SDCARDFS_D(dent)->lock); \
338 static inline void sdcardfs_reset_##pname(const struct dentry *dent) \
340 spin_lock(&SDCARDFS_D(dent)->lock); \
341 SDCARDFS_D(dent)->pname.dentry = NULL; \
342 SDCARDFS_D(dent)->pname.mnt = NULL; \
343 spin_unlock(&SDCARDFS_D(dent)->lock); \
346 static inline void sdcardfs_put_reset_##pname(const struct dentry *dent) \
349 spin_lock(&SDCARDFS_D(dent)->lock); \
350 if (SDCARDFS_D(dent)->pname.dentry) { \
351 pathcpy(&pname, &SDCARDFS_D(dent)->pname); \
352 SDCARDFS_D(dent)->pname.dentry = NULL; \
353 SDCARDFS_D(dent)->pname.mnt = NULL; \
354 spin_unlock(&SDCARDFS_D(dent)->lock); \
357 spin_unlock(&SDCARDFS_D(dent)->lock); \
361 SDCARDFS_DENT_FUNC(lower_path)
362 SDCARDFS_DENT_FUNC(orig_path)
364 static inline bool sbinfo_has_sdcard_magic(struct sdcardfs_sb_info *sbinfo)
366 return sbinfo && sbinfo->sb
367 && sbinfo->sb->s_magic == SDCARDFS_SUPER_MAGIC;
370 static inline struct sdcardfs_inode_data *data_get(
371 struct sdcardfs_inode_data *data)
374 kref_get(&data->refcount);
378 static inline struct sdcardfs_inode_data *top_data_get(
379 struct sdcardfs_inode_info *info)
381 return data_get(info->top_data);
384 extern void data_release(struct kref *ref);
386 static inline void data_put(struct sdcardfs_inode_data *data)
388 kref_put(&data->refcount, data_release);
391 static inline void release_own_data(struct sdcardfs_inode_info *info)
394 * This happens exactly once per inode. At this point, the inode that
395 * originally held this data is about to be freed, and all references
396 * to it are held as a top value, and will likely be released soon.
398 info->data->abandoned = true;
399 data_put(info->data);
402 static inline void set_top(struct sdcardfs_inode_info *info,
403 struct sdcardfs_inode_data *top)
405 struct sdcardfs_inode_data *old_top = info->top_data;
409 info->top_data = top;
414 static inline int get_gid(struct vfsmount *mnt,
415 struct sdcardfs_inode_data *data)
417 struct sdcardfs_vfsmount_options *opts = mnt->data;
419 if (opts->gid == AID_SDCARD_RW)
420 /* As an optimization, certain trusted system components only run
421 * as owner but operate across all users. Since we're now handing
422 * out the sdcard_rw GID only to trusted apps, we're okay relaxing
423 * the user boundary enforcement for the default view. The UIDs
424 * assigned to app directories are still multiuser aware.
426 return AID_SDCARD_RW;
428 return multiuser_get_uid(data->userid, opts->gid);
431 static inline int get_mode(struct vfsmount *mnt,
432 struct sdcardfs_inode_info *info,
433 struct sdcardfs_inode_data *data)
437 struct sdcardfs_vfsmount_options *opts = mnt->data;
438 int visible_mode = 0775 & ~opts->mask;
441 if (data->perm == PERM_PRE_ROOT) {
442 /* Top of multi-user view should always be visible to ensure
443 * secondary users can traverse inside.
446 } else if (data->under_android) {
447 /* Block "other" access to Android directories, since only apps
448 * belonging to a specific user should be in there; we still
449 * leave +x open for the default view.
451 if (opts->gid == AID_SDCARD_RW)
452 visible_mode = visible_mode & ~0006;
454 visible_mode = visible_mode & ~0007;
456 owner_mode = info->lower_inode->i_mode & 0700;
457 filtered_mode = visible_mode & (owner_mode | (owner_mode >> 3) | (owner_mode >> 6));
458 return filtered_mode;
461 static inline int has_graft_path(const struct dentry *dent)
465 spin_lock(&SDCARDFS_D(dent)->lock);
466 if (SDCARDFS_D(dent)->orig_path.dentry != NULL)
468 spin_unlock(&SDCARDFS_D(dent)->lock);
473 static inline void sdcardfs_get_real_lower(const struct dentry *dent,
474 struct path *real_lower)
476 /* in case of a local obb dentry
477 * the orig_path should be returned
479 if (has_graft_path(dent))
480 sdcardfs_get_orig_path(dent, real_lower);
482 sdcardfs_get_lower_path(dent, real_lower);
485 static inline void sdcardfs_put_real_lower(const struct dentry *dent,
486 struct path *real_lower)
488 if (has_graft_path(dent))
489 sdcardfs_put_orig_path(dent, real_lower);
491 sdcardfs_put_lower_path(dent, real_lower);
494 extern struct mutex sdcardfs_super_list_lock;
495 extern struct list_head sdcardfs_super_list;
497 /* for packagelist.c */
498 extern appid_t get_appid(const char *app_name);
499 extern appid_t get_ext_gid(const char *app_name);
500 extern appid_t is_excluded(const char *app_name, userid_t userid);
501 extern int check_caller_access_to_name(struct inode *parent_node, const struct qstr *name);
502 extern int open_flags_to_access_mode(int open_flags);
503 extern int packagelist_init(void);
504 extern void packagelist_exit(void);
506 /* for derived_perm.c */
507 #define BY_NAME (1 << 0)
508 #define BY_USERID (1 << 1)
509 struct limit_search {
515 extern void setup_derived_state(struct inode *inode, perm_t perm,
516 userid_t userid, uid_t uid, bool under_android,
517 struct sdcardfs_inode_data *top);
518 extern void get_derived_permission(struct dentry *parent, struct dentry *dentry);
519 extern void get_derived_permission_new(struct dentry *parent, struct dentry *dentry, const struct qstr *name);
520 extern void fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit);
522 extern void update_derived_permission_lock(struct dentry *dentry);
523 void fixup_lower_ownership(struct dentry *dentry, const char *name);
524 extern int need_graft_path(struct dentry *dentry);
525 extern int is_base_obbpath(struct dentry *dentry);
526 extern int is_obbpath_invalid(struct dentry *dentry);
527 extern int setup_obb_dentry(struct dentry *dentry, struct path *lower_path);
529 /* locking helpers */
530 static inline struct dentry *lock_parent(struct dentry *dentry)
532 struct dentry *dir = dget_parent(dentry);
534 mutex_lock_nested(&d_inode(dir)->i_mutex, I_MUTEX_PARENT);
538 static inline void unlock_dir(struct dentry *dir)
540 mutex_unlock(&d_inode(dir)->i_mutex);
544 static inline int prepare_dir(const char *path_s, uid_t uid, gid_t gid, mode_t mode)
551 dent = kern_path_locked(path_s, &parent);
559 err = vfs_mkdir2(parent.mnt, d_inode(parent.dentry), dent, mode);
566 attrs.ia_uid = make_kuid(&init_user_ns, uid);
567 attrs.ia_gid = make_kgid(&init_user_ns, gid);
568 attrs.ia_valid = ATTR_UID | ATTR_GID;
569 mutex_lock(&d_inode(dent)->i_mutex);
570 notify_change2(parent.mnt, dent, &attrs, NULL);
571 mutex_unlock(&d_inode(dent)->i_mutex);
577 /* parent dentry locked by lookup_create */
578 mutex_unlock(&d_inode(parent.dentry)->i_mutex);
584 * Return 1, if a disk has enough free space, otherwise 0.
585 * We assume that any files can not be overwritten.
587 static inline int check_min_free_space(struct dentry *dentry, size_t size, int dir)
590 struct path lower_path;
591 struct kstatfs statfs;
593 struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
595 if (sbi->options.reserved_mb) {
596 /* Get fs stat of lower filesystem. */
597 sdcardfs_get_lower_path(dentry, &lower_path);
598 err = vfs_statfs(&lower_path, &statfs);
599 sdcardfs_put_lower_path(dentry, &lower_path);
604 /* Invalid statfs informations. */
605 if (unlikely(statfs.f_bsize == 0))
608 /* if you are checking directory, set size to f_bsize. */
610 size = statfs.f_bsize;
613 avail = statfs.f_bavail * statfs.f_bsize;
615 /* not enough space */
616 if ((u64)size > avail)
620 if ((avail - size) > (sbi->options.reserved_mb * 1024 * 1024))
629 * Copies attrs and maintains sdcardfs managed attrs
630 * Since our permission check handles all special permissions, set those to be open
632 static inline void sdcardfs_copy_and_fix_attrs(struct inode *dest, const struct inode *src)
634 dest->i_mode = (src->i_mode & S_IFMT) | S_IRWXU | S_IRWXG |
635 S_IROTH | S_IXOTH; /* 0775 */
636 dest->i_uid = make_kuid(&init_user_ns, SDCARDFS_I(dest)->data->d_uid);
637 dest->i_gid = make_kgid(&init_user_ns, AID_SDCARD_RW);
638 dest->i_rdev = src->i_rdev;
639 dest->i_atime = src->i_atime;
640 dest->i_mtime = src->i_mtime;
641 dest->i_ctime = src->i_ctime;
642 dest->i_blkbits = src->i_blkbits;
643 dest->i_flags = src->i_flags;
644 set_nlink(dest, src->i_nlink);
647 static inline bool str_case_eq(const char *s1, const char *s2)
649 return !strcasecmp(s1, s2);
652 static inline bool str_n_case_eq(const char *s1, const char *s2, size_t len)
654 return !strncasecmp(s1, s2, len);
657 static inline bool qstr_case_eq(const struct qstr *q1, const struct qstr *q2)
659 return q1->len == q2->len && str_case_eq(q1->name, q2->name);
662 #define QSTR_LITERAL(string) QSTR_INIT(string, sizeof(string)-1)
664 #endif /* not _SDCARDFS_H_ */