Create device-encrypted directories for apps.
When device has FBE, create device-encrypted storage location when
installing apps.
Also remove "renamepkg" unused command.
Bug: 22358539
Change-Id: Ic56eeecdc64bdaa7429b93426727a243a4e45f47
diff --git a/cmds/installd/commands.cpp b/cmds/installd/commands.cpp
index 46d72fd..b48fbc1 100644
--- a/cmds/installd/commands.cpp
+++ b/cmds/installd/commands.cpp
@@ -43,36 +43,40 @@
static const char* kCpPath = "/system/bin/cp";
-int install(const char *uuid, const char *pkgname, uid_t uid, gid_t gid, const char *seinfo)
-{
+int install(const char *uuid, const char *pkgname, uid_t uid, gid_t gid, const char *seinfo) {
if ((uid < AID_SYSTEM) || (gid < AID_SYSTEM)) {
ALOGE("invalid uid/gid: %d %d\n", uid, gid);
return -1;
}
- std::string _pkgdir(create_data_user_package_path(uuid, 0, pkgname));
- const char* pkgdir = _pkgdir.c_str();
+ std::string ce_package_path(create_data_user_package_path(uuid, 0, pkgname));
+ std::string de_package_path(create_data_user_de_package_path(uuid, 0, pkgname));
- if (mkdir(pkgdir, 0751) < 0) {
- ALOGE("cannot create dir '%s': %s\n", pkgdir, strerror(errno));
+ const char* c_ce_package_path = ce_package_path.c_str();
+ const char* c_de_package_path = de_package_path.c_str();
+
+ if (fs_prepare_dir(c_ce_package_path, 0751, uid, gid) == -1) {
+ PLOG(ERROR) << "Failed to prepare " << ce_package_path;
+ unlink(c_ce_package_path);
return -1;
}
- if (chmod(pkgdir, 0751) < 0) {
- ALOGE("cannot chmod dir '%s': %s\n", pkgdir, strerror(errno));
- unlink(pkgdir);
+ if (selinux_android_setfilecon(c_ce_package_path, pkgname, seinfo, uid) < 0) {
+ PLOG(ERROR) << "Failed to setfilecon " << ce_package_path;
+ unlink(c_ce_package_path);
return -1;
}
- if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) {
- ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
- unlink(pkgdir);
- return -errno;
- }
-
- if (chown(pkgdir, uid, gid) < 0) {
- ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
- unlink(pkgdir);
- return -1;
+ if (property_get_bool("vold.has_fbe", false)) {
+ if (fs_prepare_dir(c_de_package_path, 0751, uid, gid) == -1) {
+ PLOG(ERROR) << "Failed to prepare " << de_package_path;
+ unlink(c_de_package_path);
+ return -1;
+ }
+ if (selinux_android_setfilecon(c_de_package_path, pkgname, seinfo, uid) < 0) {
+ PLOG(ERROR) << "Failed to setfilecon " << de_package_path;
+ unlink(c_de_package_path);
+ return -1;
+ }
}
return 0;
@@ -89,23 +93,6 @@
return delete_dir_contents(pkgdir, 1, NULL);
}
-int renamepkg(const char *oldpkgname, const char *newpkgname)
-{
- char oldpkgdir[PKG_PATH_MAX];
- char newpkgdir[PKG_PATH_MAX];
-
- if (create_pkg_path(oldpkgdir, oldpkgname, PKG_DIR_POSTFIX, 0))
- return -1;
- if (create_pkg_path(newpkgdir, newpkgname, PKG_DIR_POSTFIX, 0))
- return -1;
-
- if (rename(oldpkgdir, newpkgdir) < 0) {
- ALOGE("cannot rename dir '%s' to '%s': %s\n", oldpkgdir, newpkgdir, strerror(errno));
- return -errno;
- }
- return 0;
-}
-
int fix_uid(const char *uuid, const char *pkgname, uid_t uid, gid_t gid)
{
struct stat s;
diff --git a/cmds/installd/installd.cpp b/cmds/installd/installd.cpp
index 7a16150..52f7b9c 100644
--- a/cmds/installd/installd.cpp
+++ b/cmds/installd/installd.cpp
@@ -72,11 +72,6 @@
return uninstall(parse_null(arg[0]), arg[1], atoi(arg[2])); /* uuid, pkgname, userid */
}
-static int do_rename(char **arg, char reply[REPLY_MAX] __unused)
-{
- return renamepkg(arg[0], arg[1]); /* oldpkgname, newpkgname */
-}
-
static int do_fixuid(char **arg, char reply[REPLY_MAX] __unused)
{
return fix_uid(parse_null(arg[0]), arg[1], atoi(arg[2]), atoi(arg[3])); /* uuid, pkgname, uid, gid */
@@ -198,7 +193,6 @@
{ "movedex", 3, do_move_dex },
{ "rmdex", 2, do_rm_dex },
{ "remove", 3, do_remove },
- { "rename", 2, do_rename },
{ "fixuid", 4, do_fixuid },
{ "freecache", 2, do_free_cache },
{ "rmcache", 3, do_rm_cache },
diff --git a/cmds/installd/installd.h b/cmds/installd/installd.h
index df13fe4..6a73457 100644
--- a/cmds/installd/installd.h
+++ b/cmds/installd/installd.h
@@ -171,10 +171,14 @@
std::string create_data_app_package_path(const char* volume_uuid, const char* package_name);
+// TODO: finish refactoring to "_ce"
std::string create_data_user_path(const char* volume_uuid, userid_t userid);
+std::string create_data_user_de_path(const char* volume_uuid, userid_t userid);
std::string create_data_user_package_path(const char* volume_uuid,
userid_t user, const char* package_name);
+std::string create_data_user_de_package_path(const char* volume_uuid,
+ userid_t user, const char* package_name);
std::string create_data_media_path(const char* volume_uuid, userid_t userid);
diff --git a/cmds/installd/utils.cpp b/cmds/installd/utils.cpp
index e58391f..e586caa 100644
--- a/cmds/installd/utils.cpp
+++ b/cmds/installd/utils.cpp
@@ -64,6 +64,15 @@
create_data_user_path(volume_uuid, user).c_str(), package_name);
}
+std::string create_data_user_de_package_path(const char* volume_uuid,
+ userid_t user, const char* package_name) {
+ CHECK(is_valid_filename(package_name));
+ CHECK(is_valid_package_name(package_name) == 0);
+
+ return StringPrintf("%s/%s",
+ create_data_user_de_path(volume_uuid, user).c_str(), package_name);
+}
+
int create_pkg_path(char path[PKG_PATH_MAX], const char *pkgname,
const char *postfix, userid_t userid) {
if (is_valid_package_name(pkgname) != 0) {
@@ -115,6 +124,14 @@
}
/**
+ * Create the path name for device encrypted user data for a certain userid.
+ */
+std::string create_data_user_de_path(const char* volume_uuid, userid_t userid) {
+ std::string data(create_data_path(volume_uuid));
+ return StringPrintf("%s/user_de/%u", data.c_str(), userid);
+}
+
+/**
* Create the path name for media for a certain userid.
*/
std::string create_data_media_path(const char* volume_uuid, userid_t userid) {