Merge "Add description of 'namespace' option."
diff --git a/base/file.cpp b/base/file.cpp
index 4e7ac82..3963081 100644
--- a/base/file.cpp
+++ b/base/file.cpp
@@ -20,8 +20,10 @@
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
+#include <unistd.h>
#include <string>
+#include <vector>
#include "android-base/macros.h" // For TEMP_FAILURE_RETRY on Darwin.
#include "android-base/logging.h"
@@ -171,5 +173,29 @@
return true;
}
+#if !defined(_WIN32)
+bool Readlink(const std::string& path, std::string* result) {
+ result->clear();
+
+ // Most Linux file systems (ext2 and ext4, say) limit symbolic links to
+ // 4095 bytes. Since we'll copy out into the string anyway, it doesn't
+ // waste memory to just start there. We add 1 so that we can recognize
+ // whether it actually fit (rather than being truncated to 4095).
+ std::vector<char> buf(4095 + 1);
+ while (true) {
+ ssize_t size = readlink(path.c_str(), &buf[0], buf.size());
+ // Unrecoverable error?
+ if (size == -1) return false;
+ // It fit! (If size == buf.size(), it may have been truncated.)
+ if (static_cast<size_t>(size) < buf.size()) {
+ result->assign(&buf[0], size);
+ return true;
+ }
+ // Double our buffer and try again.
+ buf.resize(buf.size() * 2);
+ }
+}
+#endif
+
} // namespace base
} // namespace android
diff --git a/base/file_test.cpp b/base/file_test.cpp
index 17755bf..ca01ee8 100644
--- a/base/file_test.cpp
+++ b/base/file_test.cpp
@@ -110,3 +110,29 @@
ASSERT_FALSE(android::base::RemoveFileIfExists(td.path, &err));
ASSERT_EQ("is not a regular or symbol link file", err);
}
+
+TEST(file, Readlink) {
+#if !defined(_WIN32)
+ // Linux doesn't allow empty symbolic links.
+ std::string min("x");
+ // ext2 and ext4 both have PAGE_SIZE limits.
+ std::string max(static_cast<size_t>(4096 - 1), 'x');
+
+ TemporaryDir td;
+ std::string min_path{std::string(td.path) + "/" + "min"};
+ std::string max_path{std::string(td.path) + "/" + "max"};
+
+ ASSERT_EQ(0, symlink(min.c_str(), min_path.c_str()));
+ ASSERT_EQ(0, symlink(max.c_str(), max_path.c_str()));
+
+ std::string result;
+
+ result = "wrong";
+ ASSERT_TRUE(android::base::Readlink(min_path, &result));
+ ASSERT_EQ(min, result);
+
+ result = "wrong";
+ ASSERT_TRUE(android::base::Readlink(max_path, &result));
+ ASSERT_EQ(max, result);
+#endif
+}
diff --git a/base/include/android-base/file.h b/base/include/android-base/file.h
index aa18ea7..2726a62 100644
--- a/base/include/android-base/file.h
+++ b/base/include/android-base/file.h
@@ -43,6 +43,10 @@
bool RemoveFileIfExists(const std::string& path, std::string* err = nullptr);
+#if !defined(_WIN32)
+bool Readlink(const std::string& path, std::string* result);
+#endif
+
} // namespace base
} // namespace android
diff --git a/base/include/android-base/unique_fd.h b/base/include/android-base/unique_fd.h
index 869e60f..c323311 100644
--- a/base/include/android-base/unique_fd.h
+++ b/base/include/android-base/unique_fd.h
@@ -95,4 +95,14 @@
} // namespace base
} // namespace android
+template <typename T>
+int close(const android::base::unique_fd_impl<T>&)
+#if defined(__clang__)
+ __attribute__((__unavailable__(
+#else
+ __attribute__((__error__(
+#endif
+ "close called on unique_fd"
+ )));
+
#endif // ANDROID_BASE_UNIQUE_FD_H
diff --git a/sdcard/fuse.cpp b/sdcard/fuse.cpp
index 6a972ea..f549606 100644
--- a/sdcard/fuse.cpp
+++ b/sdcard/fuse.cpp
@@ -23,9 +23,6 @@
/* FUSE_CANONICAL_PATH is not currently upstreamed */
#define FUSE_CANONICAL_PATH 2016
-#define PROP_SDCARDFS_DEVICE "ro.sys.sdcardfs"
-#define PROP_SDCARDFS_USER "persist.sys.sdcardfs"
-
#define FUSE_UNKNOWN_INO 0xffffffff
/* Pseudo-error constant used to indicate that no fuse status is needed
diff --git a/sdcard/sdcard.cpp b/sdcard/sdcard.cpp
index 3481ec3..70bbf26 100644
--- a/sdcard/sdcard.cpp
+++ b/sdcard/sdcard.cpp
@@ -28,11 +28,16 @@
#include <sys/types.h>
#include <unistd.h>
+#include <android-base/file.h>
#include <android-base/logging.h>
#include <android-base/macros.h>
+#include <android-base/stringprintf.h>
+#include <android-base/strings.h>
#include <cutils/fs.h>
#include <cutils/multiuser.h>
+#include <cutils/properties.h>
+
#include <packagelistparser/packagelistparser.h>
#include <libminijail.h>
@@ -73,6 +78,9 @@
#include "fuse.h"
+#define PROP_SDCARDFS_DEVICE "ro.sys.sdcardfs"
+#define PROP_SDCARDFS_USER "persist.sys.sdcardfs"
+
/* Supplementary groups to execute with. */
static const gid_t kGroups[1] = { AID_PACKAGE_INFO };
@@ -307,6 +315,98 @@
LOG(FATAL) << "terminated prematurely";
}
+static bool sdcardfs_setup(const std::string& source_path, const std::string& dest_path, uid_t fsuid,
+ gid_t fsgid, bool multi_user, userid_t userid, gid_t gid, mode_t mask) {
+ std::string opts = android::base::StringPrintf("fsuid=%d,fsgid=%d,%smask=%d,userid=%d,gid=%d",
+ fsuid, fsgid, multi_user?"multiuser,":"", mask, userid, gid);
+
+ if (mount(source_path.c_str(), dest_path.c_str(), "sdcardfs",
+ MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_NOATIME, opts.c_str()) != 0) {
+ PLOG(ERROR) << "failed to mount sdcardfs filesystem";
+ return false;
+ }
+
+ return true;
+}
+
+static void run_sdcardfs(const std::string& source_path, const std::string& label, uid_t uid,
+ gid_t gid, userid_t userid, bool multi_user, bool full_write) {
+ std::string dest_path_default = "/mnt/runtime/default/" + label;
+ std::string dest_path_read = "/mnt/runtime/read/" + label;
+ std::string dest_path_write = "/mnt/runtime/write/" + label;
+
+ umask(0);
+ if (multi_user) {
+ // Multi-user storage is fully isolated per user, so "other"
+ // permissions are completely masked off.
+ if (!sdcardfs_setup(source_path, dest_path_default, uid, gid, multi_user, userid,
+ AID_SDCARD_RW, 0006)
+ || !sdcardfs_setup(source_path, dest_path_read, uid, gid, multi_user, userid,
+ AID_EVERYBODY, 0027)
+ || !sdcardfs_setup(source_path, dest_path_write, uid, gid, multi_user, userid,
+ AID_EVERYBODY, full_write ? 0007 : 0027)) {
+ LOG(FATAL) << "failed to sdcardfs_setup";
+ }
+ } else {
+ // Physical storage is readable by all users on device, but
+ // the Android directories are masked off to a single user
+ // deep inside attr_from_stat().
+ if (!sdcardfs_setup(source_path, dest_path_default, uid, gid, multi_user, userid,
+ AID_SDCARD_RW, 0006)
+ || !sdcardfs_setup(source_path, dest_path_read, uid, gid, multi_user, userid,
+ AID_EVERYBODY, full_write ? 0027 : 0022)
+ || !sdcardfs_setup(source_path, dest_path_write, uid, gid, multi_user, userid,
+ AID_EVERYBODY, full_write ? 0007 : 0022)) {
+ LOG(FATAL) << "failed to sdcardfs_setup";
+ }
+ }
+
+ // Will abort if priv-dropping fails.
+ drop_privs(uid, gid);
+
+ if (multi_user) {
+ std::string obb_path = source_path + "/obb";
+ fs_prepare_dir(obb_path.c_str(), 0775, uid, gid);
+ }
+
+ exit(0);
+}
+
+static bool supports_sdcardfs(void) {
+ std::string filesystems;
+ if (!android::base::ReadFileToString("/proc/filesystems", &filesystems)) {
+ PLOG(ERROR) << "Could not read /proc/filesystems";
+ return false;
+ }
+ for (const auto& fs : android::base::Split(filesystems, "\n")) {
+ if (fs.find("sdcardfs") != std::string::npos) return true;
+ }
+ return false;
+}
+
+static bool should_use_sdcardfs(void) {
+ char property[PROPERTY_VALUE_MAX];
+
+ // Allow user to have a strong opinion about state
+ property_get(PROP_SDCARDFS_USER, property, "");
+ if (!strcmp(property, "force_on")) {
+ LOG(WARNING) << "User explicitly enabled sdcardfs";
+ return supports_sdcardfs();
+ } else if (!strcmp(property, "force_off")) {
+ LOG(WARNING) << "User explicitly disabled sdcardfs";
+ return false;
+ }
+
+ // Fall back to device opinion about state
+ if (property_get_bool(PROP_SDCARDFS_DEVICE, false)) {
+ LOG(WARNING) << "Device explicitly enabled sdcardfs";
+ return supports_sdcardfs();
+ } else {
+ LOG(WARNING) << "Device explicitly disabled sdcardfs";
+ return false;
+ }
+}
+
static int usage() {
LOG(ERROR) << "usage: sdcard [OPTIONS] <source_path> <label>"
<< " -u: specify UID to run as"
@@ -389,6 +489,10 @@
sleep(1);
}
- run(source_path, label, uid, gid, userid, multi_user, full_write);
+ if (should_use_sdcardfs()) {
+ run_sdcardfs(source_path, label, uid, gid, userid, multi_user, full_write);
+ } else {
+ run(source_path, label, uid, gid, userid, multi_user, full_write);
+ }
return 1;
}