2 * fs/sdcardfs/packagelist.c
4 * Copyright (c) 2013 Samsung Electronics Co. Ltd
5 * Authors: Daeho Jeong, Woojoong Lee, Seunghwan Hyun,
6 * Sunghwan Yun, Sungjong Seo
8 * This program has been developed as a stackable file system based on
9 * the WrapFS which written by
11 * Copyright (c) 1998-2011 Erez Zadok
12 * Copyright (c) 2009 Shrikar Archak
13 * Copyright (c) 2003-2011 Stony Brook University
14 * Copyright (c) 2003-2011 The Research Foundation of SUNY
16 * This file is dual licensed. It may be redistributed and/or modified
17 * under the terms of the Apache 2.0 License OR version 2 of the GNU
18 * General Public License.
22 #include <linux/hashtable.h>
23 #include <linux/delay.h>
24 #include <linux/radix-tree.h>
25 #include <linux/dcache.h>
27 #include <linux/init.h>
28 #include <linux/module.h>
29 #include <linux/slab.h>
31 #include <linux/configfs.h>
33 struct hashtable_entry {
34 struct hlist_node hlist;
35 struct hlist_node dlist; /* for deletion cleanup */
40 static DEFINE_HASHTABLE(package_to_appid, 8);
41 static DEFINE_HASHTABLE(package_to_userid, 8);
42 static DEFINE_HASHTABLE(ext_to_groupid, 8);
45 static struct kmem_cache *hashtable_entry_cachep;
47 static void inline qstr_init(struct qstr *q, const char *name) {
49 q->len = strlen(q->name);
50 q->hash = full_name_hash(q->name, q->len);
53 static inline int qstr_copy(const struct qstr *src, struct qstr *dest) {
54 dest->name = kstrdup(src->name, GFP_KERNEL);
55 dest->hash_len = src->hash_len;
60 static appid_t __get_appid(const struct qstr *key)
62 struct hashtable_entry *hash_cur;
63 unsigned int hash = key->hash;
67 hash_for_each_possible_rcu(package_to_appid, hash_cur, hlist, hash) {
68 if (qstr_case_eq(key, &hash_cur->key)) {
69 ret_id = atomic_read(&hash_cur->value);
78 appid_t get_appid(const char *key)
82 return __get_appid(&q);
85 static appid_t __get_ext_gid(const struct qstr *key)
87 struct hashtable_entry *hash_cur;
88 unsigned int hash = key->hash;
92 hash_for_each_possible_rcu(ext_to_groupid, hash_cur, hlist, hash) {
93 if (qstr_case_eq(key, &hash_cur->key)) {
94 ret_id = atomic_read(&hash_cur->value);
103 appid_t get_ext_gid(const char *key)
107 return __get_ext_gid(&q);
110 static appid_t __is_excluded(const struct qstr *app_name, userid_t user)
112 struct hashtable_entry *hash_cur;
113 unsigned int hash = app_name->hash;
116 hash_for_each_possible_rcu(package_to_userid, hash_cur, hlist, hash) {
117 if (atomic_read(&hash_cur->value) == user &&
118 qstr_case_eq(app_name, &hash_cur->key)) {
127 appid_t is_excluded(const char *key, userid_t user)
131 return __is_excluded(&q, user);
134 /* Kernel has already enforced everything we returned through
135 * derive_permissions_locked(), so this is used to lock down access
136 * even further, such as enforcing that apps hold sdcard_rw. */
137 int check_caller_access_to_name(struct inode *parent_node, const struct qstr *name) {
138 struct qstr q_autorun = QSTR_LITERAL("autorun.inf");
139 struct qstr q__android_secure = QSTR_LITERAL(".android_secure");
140 struct qstr q_android_secure = QSTR_LITERAL("android_secure");
142 /* Always block security-sensitive files at root */
143 if (parent_node && SDCARDFS_I(parent_node)->perm == PERM_ROOT) {
144 if (qstr_case_eq(name, &q_autorun)
145 || qstr_case_eq(name, &q__android_secure)
146 || qstr_case_eq(name, &q_android_secure)) {
151 /* Root always has access; access for any other UIDs should always
152 * be controlled through packages.list. */
153 if (from_kuid(&init_user_ns, current_fsuid()) == 0) {
157 /* No extra permissions to enforce */
161 /* This function is used when file opening. The open flags must be
162 * checked before calling check_caller_access_to_name() */
163 int open_flags_to_access_mode(int open_flags) {
164 if((open_flags & O_ACCMODE) == O_RDONLY) {
166 } else if ((open_flags & O_ACCMODE) == O_WRONLY) {
169 /* Probably O_RDRW, but treat as default to be safe */
170 return 1; /* R_OK | W_OK */
174 static struct hashtable_entry *alloc_hashtable_entry(const struct qstr *key,
177 struct hashtable_entry *ret = kmem_cache_alloc(hashtable_entry_cachep,
182 if (!qstr_copy(key, &ret->key)) {
183 kmem_cache_free(hashtable_entry_cachep, ret);
187 atomic_set(&ret->value, value);
191 static int insert_packagelist_appid_entry_locked(const struct qstr *key, appid_t value)
193 struct hashtable_entry *hash_cur;
194 struct hashtable_entry *new_entry;
195 unsigned int hash = key->hash;
197 hash_for_each_possible_rcu(package_to_appid, hash_cur, hlist, hash) {
198 if (qstr_case_eq(key, &hash_cur->key)) {
199 atomic_set(&hash_cur->value, value);
203 new_entry = alloc_hashtable_entry(key, value);
206 hash_add_rcu(package_to_appid, &new_entry->hlist, hash);
210 static int insert_ext_gid_entry_locked(const struct qstr *key, appid_t value)
212 struct hashtable_entry *hash_cur;
213 struct hashtable_entry *new_entry;
214 unsigned int hash = key->hash;
216 /* An extension can only belong to one gid */
217 hash_for_each_possible_rcu(ext_to_groupid, hash_cur, hlist, hash) {
218 if (qstr_case_eq(key, &hash_cur->key))
221 new_entry = alloc_hashtable_entry(key, value);
224 hash_add_rcu(ext_to_groupid, &new_entry->hlist, hash);
228 static int insert_userid_exclude_entry_locked(const struct qstr *key, userid_t value)
230 struct hashtable_entry *hash_cur;
231 struct hashtable_entry *new_entry;
232 unsigned int hash = key->hash;
234 /* Only insert if not already present */
235 hash_for_each_possible_rcu(package_to_userid, hash_cur, hlist, hash) {
236 if (atomic_read(&hash_cur->value) == value &&
237 qstr_case_eq(key, &hash_cur->key))
240 new_entry = alloc_hashtable_entry(key, value);
243 hash_add_rcu(package_to_userid, &new_entry->hlist, hash);
247 static void fixup_all_perms_name(const struct qstr *key)
249 struct sdcardfs_sb_info *sbinfo;
250 struct limit_search limit = {
255 list_for_each_entry(sbinfo, &sdcardfs_super_list, list) {
256 if (sbinfo_has_sdcard_magic(sbinfo))
257 fixup_perms_recursive(sbinfo->sb->s_root, &limit);
261 static void fixup_all_perms_name_userid(const struct qstr *key, userid_t userid)
263 struct sdcardfs_sb_info *sbinfo;
264 struct limit_search limit = {
265 .flags = BY_NAME | BY_USERID,
270 list_for_each_entry(sbinfo, &sdcardfs_super_list, list) {
271 if (sbinfo_has_sdcard_magic(sbinfo))
272 fixup_perms_recursive(sbinfo->sb->s_root, &limit);
276 static void fixup_all_perms_userid(userid_t userid)
278 struct sdcardfs_sb_info *sbinfo;
279 struct limit_search limit = {
283 list_for_each_entry(sbinfo, &sdcardfs_super_list, list) {
284 if (sbinfo_has_sdcard_magic(sbinfo))
285 fixup_perms_recursive(sbinfo->sb->s_root, &limit);
289 static int insert_packagelist_entry(const struct qstr *key, appid_t value)
293 mutex_lock(&sdcardfs_super_list_lock);
294 err = insert_packagelist_appid_entry_locked(key, value);
296 fixup_all_perms_name(key);
297 mutex_unlock(&sdcardfs_super_list_lock);
302 static int insert_ext_gid_entry(const struct qstr *key, appid_t value)
306 mutex_lock(&sdcardfs_super_list_lock);
307 err = insert_ext_gid_entry_locked(key, value);
308 mutex_unlock(&sdcardfs_super_list_lock);
313 static int insert_userid_exclude_entry(const struct qstr *key, userid_t value)
317 mutex_lock(&sdcardfs_super_list_lock);
318 err = insert_userid_exclude_entry_locked(key, value);
320 fixup_all_perms_name_userid(key, value);
321 mutex_unlock(&sdcardfs_super_list_lock);
326 static void free_hashtable_entry(struct hashtable_entry *entry)
328 kfree(entry->key.name);
329 hash_del_rcu(&entry->dlist);
330 kmem_cache_free(hashtable_entry_cachep, entry);
333 static void remove_packagelist_entry_locked(const struct qstr *key)
335 struct hashtable_entry *hash_cur;
336 unsigned int hash = key->hash;
337 struct hlist_node *h_t;
338 HLIST_HEAD(free_list);
340 hash_for_each_possible_rcu(package_to_userid, hash_cur, hlist, hash) {
341 if (qstr_case_eq(key, &hash_cur->key)) {
342 hash_del_rcu(&hash_cur->hlist);
343 hlist_add_head(&hash_cur->dlist, &free_list);
346 hash_for_each_possible_rcu(package_to_appid, hash_cur, hlist, hash) {
347 if (qstr_case_eq(key, &hash_cur->key)) {
348 hash_del_rcu(&hash_cur->hlist);
349 hlist_add_head(&hash_cur->dlist, &free_list);
354 hlist_for_each_entry_safe(hash_cur, h_t, &free_list, dlist)
355 free_hashtable_entry(hash_cur);
358 static void remove_packagelist_entry(const struct qstr *key)
360 mutex_lock(&sdcardfs_super_list_lock);
361 remove_packagelist_entry_locked(key);
362 fixup_all_perms_name(key);
363 mutex_unlock(&sdcardfs_super_list_lock);
367 static void remove_ext_gid_entry_locked(const struct qstr *key, gid_t group)
369 struct hashtable_entry *hash_cur;
370 unsigned int hash = key->hash;
372 hash_for_each_possible_rcu(ext_to_groupid, hash_cur, hlist, hash) {
373 if (qstr_case_eq(key, &hash_cur->key) && atomic_read(&hash_cur->value) == group) {
374 hash_del_rcu(&hash_cur->hlist);
376 free_hashtable_entry(hash_cur);
382 static void remove_ext_gid_entry(const struct qstr *key, gid_t group)
384 mutex_lock(&sdcardfs_super_list_lock);
385 remove_ext_gid_entry_locked(key, group);
386 mutex_unlock(&sdcardfs_super_list_lock);
390 static void remove_userid_all_entry_locked(userid_t userid)
392 struct hashtable_entry *hash_cur;
393 struct hlist_node *h_t;
394 HLIST_HEAD(free_list);
397 hash_for_each_rcu(package_to_userid, i, hash_cur, hlist) {
398 if (atomic_read(&hash_cur->value) == userid) {
399 hash_del_rcu(&hash_cur->hlist);
400 hlist_add_head(&hash_cur->dlist, &free_list);
404 hlist_for_each_entry_safe(hash_cur, h_t, &free_list, dlist) {
405 free_hashtable_entry(hash_cur);
409 static void remove_userid_all_entry(userid_t userid)
411 mutex_lock(&sdcardfs_super_list_lock);
412 remove_userid_all_entry_locked(userid);
413 fixup_all_perms_userid(userid);
414 mutex_unlock(&sdcardfs_super_list_lock);
418 static void remove_userid_exclude_entry_locked(const struct qstr *key, userid_t userid)
420 struct hashtable_entry *hash_cur;
421 unsigned int hash = key->hash;
423 hash_for_each_possible_rcu(package_to_userid, hash_cur, hlist, hash) {
424 if (qstr_case_eq(key, &hash_cur->key) &&
425 atomic_read(&hash_cur->value) == userid) {
426 hash_del_rcu(&hash_cur->hlist);
428 free_hashtable_entry(hash_cur);
434 static void remove_userid_exclude_entry(const struct qstr *key, userid_t userid)
436 mutex_lock(&sdcardfs_super_list_lock);
437 remove_userid_exclude_entry_locked(key, userid);
438 fixup_all_perms_name_userid(key, userid);
439 mutex_unlock(&sdcardfs_super_list_lock);
443 static void packagelist_destroy(void)
445 struct hashtable_entry *hash_cur;
446 struct hlist_node *h_t;
447 HLIST_HEAD(free_list);
449 mutex_lock(&sdcardfs_super_list_lock);
450 hash_for_each_rcu(package_to_appid, i, hash_cur, hlist) {
451 hash_del_rcu(&hash_cur->hlist);
452 hlist_add_head(&hash_cur->dlist, &free_list);
454 hash_for_each_rcu(package_to_userid, i, hash_cur, hlist) {
455 hash_del_rcu(&hash_cur->hlist);
456 hlist_add_head(&hash_cur->dlist, &free_list);
459 hlist_for_each_entry_safe(hash_cur, h_t, &free_list, dlist)
460 free_hashtable_entry(hash_cur);
461 mutex_unlock(&sdcardfs_super_list_lock);
462 printk(KERN_INFO "sdcardfs: destroyed packagelist pkgld\n");
465 #define SDCARDFS_CONFIGFS_ATTR(_pfx, _name) \
466 static struct configfs_attribute _pfx##attr_##_name = { \
467 .ca_name = __stringify(_name), \
468 .ca_mode = S_IRUGO | S_IWUGO, \
469 .ca_owner = THIS_MODULE, \
470 .show = _pfx##_name##_show, \
471 .store = _pfx##_name##_store, \
474 #define SDCARDFS_CONFIGFS_ATTR_RO(_pfx, _name) \
475 static struct configfs_attribute _pfx##attr_##_name = { \
476 .ca_name = __stringify(_name), \
477 .ca_mode = S_IRUGO, \
478 .ca_owner = THIS_MODULE, \
479 .show = _pfx##_name##_show, \
482 #define SDCARDFS_CONFIGFS_ATTR_WO(_pfx, _name) \
483 static struct configfs_attribute _pfx##attr_##_name = { \
484 .ca_name = __stringify(_name), \
485 .ca_mode = S_IWUGO, \
486 .ca_owner = THIS_MODULE, \
487 .store = _pfx##_name##_store, \
490 struct package_details {
491 struct config_item item;
495 static inline struct package_details *to_package_details(struct config_item *item)
497 return item ? container_of(item, struct package_details, item) : NULL;
500 static ssize_t package_details_appid_show(struct config_item *item, char *page)
502 return scnprintf(page, PAGE_SIZE, "%u\n", __get_appid(&to_package_details(item)->name));
505 static ssize_t package_details_appid_store(struct config_item *item,
506 const char *page, size_t count)
511 ret = kstrtouint(page, 10, &tmp);
515 ret = insert_packagelist_entry(&to_package_details(item)->name, tmp);
523 static ssize_t package_details_excluded_userids_show(struct config_item *item,
526 struct package_details *package_details = to_package_details(item);
527 struct hashtable_entry *hash_cur;
528 unsigned int hash = package_details->name.hash;
532 hash_for_each_possible_rcu(package_to_userid, hash_cur, hlist, hash) {
533 if (qstr_case_eq(&package_details->name, &hash_cur->key))
534 count += scnprintf(page + count, PAGE_SIZE - count,
535 "%d ", atomic_read(&hash_cur->value));
540 count += scnprintf(page + count, PAGE_SIZE - count, "\n");
544 static ssize_t package_details_excluded_userids_store(struct config_item *item,
545 const char *page, size_t count)
550 ret = kstrtouint(page, 10, &tmp);
554 ret = insert_userid_exclude_entry(&to_package_details(item)->name, tmp);
562 static ssize_t package_details_clear_userid_store(struct config_item *item,
563 const char *page, size_t count)
568 ret = kstrtouint(page, 10, &tmp);
571 remove_userid_exclude_entry(&to_package_details(item)->name, tmp);
575 static void package_details_release(struct config_item *item)
577 struct package_details *package_details = to_package_details(item);
578 printk(KERN_INFO "sdcardfs: removing %s\n", package_details->name.name);
579 remove_packagelist_entry(&package_details->name);
580 kfree(package_details->name.name);
581 kfree(package_details);
584 SDCARDFS_CONFIGFS_ATTR(package_details_, appid);
585 SDCARDFS_CONFIGFS_ATTR(package_details_, excluded_userids);
586 SDCARDFS_CONFIGFS_ATTR_WO(package_details_, clear_userid);
588 static struct configfs_attribute *package_details_attrs[] = {
589 &package_details_attr_appid,
590 &package_details_attr_excluded_userids,
591 &package_details_attr_clear_userid,
595 static struct configfs_item_operations package_details_item_ops = {
596 .release = package_details_release,
599 static struct config_item_type package_appid_type = {
600 .ct_item_ops = &package_details_item_ops,
601 .ct_attrs = package_details_attrs,
602 .ct_owner = THIS_MODULE,
605 struct extensions_value {
606 struct config_group group;
610 struct extension_details {
611 struct config_item item;
616 static inline struct extensions_value *to_extensions_value(struct config_item *item)
618 return item ? container_of(to_config_group(item), struct extensions_value, group) : NULL;
621 static inline struct extension_details *to_extension_details(struct config_item *item)
623 return item ? container_of(item, struct extension_details, item) : NULL;
626 static void extension_details_release(struct config_item *item)
628 struct extension_details *extension_details = to_extension_details(item);
630 printk(KERN_INFO "sdcardfs: No longer mapping %s files to gid %d\n",
631 extension_details->name.name, extension_details->num);
632 remove_ext_gid_entry(&extension_details->name, extension_details->num);
633 kfree(extension_details->name.name);
634 kfree(extension_details);
637 static struct configfs_item_operations extension_details_item_ops = {
638 .release = extension_details_release,
641 static struct config_item_type extension_details_type = {
642 .ct_item_ops = &extension_details_item_ops,
643 .ct_owner = THIS_MODULE,
646 static struct config_item *extension_details_make_item(struct config_group *group, const char *name)
648 struct extensions_value *extensions_value = to_extensions_value(&group->cg_item);
649 struct extension_details *extension_details = kzalloc(sizeof(struct extension_details), GFP_KERNEL);
652 if (!extension_details)
653 return ERR_PTR(-ENOMEM);
655 tmp = kstrdup(name, GFP_KERNEL);
657 kfree(extension_details);
658 return ERR_PTR(-ENOMEM);
660 qstr_init(&extension_details->name, tmp);
661 ret = insert_ext_gid_entry(&extension_details->name, extensions_value->num);
664 kfree(extension_details->name.name);
665 kfree(extension_details);
668 config_item_init_type_name(&extension_details->item, name, &extension_details_type);
670 return &extension_details->item;
673 static struct configfs_group_operations extensions_value_group_ops = {
674 .make_item = extension_details_make_item,
677 static struct config_item_type extensions_name_type = {
678 .ct_group_ops = &extensions_value_group_ops,
679 .ct_owner = THIS_MODULE,
682 static struct config_group *extensions_make_group(struct config_group *group, const char *name)
684 struct extensions_value *extensions_value;
688 extensions_value = kzalloc(sizeof(struct extensions_value), GFP_KERNEL);
689 if (!extensions_value)
690 return ERR_PTR(-ENOMEM);
691 ret = kstrtouint(name, 10, &tmp);
693 kfree(extensions_value);
697 extensions_value->num = tmp;
698 config_group_init_type_name(&extensions_value->group, name,
699 &extensions_name_type);
700 return &extensions_value->group;
703 static void extensions_drop_group(struct config_group *group, struct config_item *item)
705 struct extensions_value *value = to_extensions_value(item);
706 printk(KERN_INFO "sdcardfs: No longer mapping any files to gid %d\n", value->num);
710 static struct configfs_group_operations extensions_group_ops = {
711 .make_group = extensions_make_group,
712 .drop_item = extensions_drop_group,
715 static struct config_item_type extensions_type = {
716 .ct_group_ops = &extensions_group_ops,
717 .ct_owner = THIS_MODULE,
720 struct config_group extension_group = {
722 .ci_namebuf = "extensions",
723 .ci_type = &extensions_type,
727 static struct config_item *packages_make_item(struct config_group *group, const char *name)
729 struct package_details *package_details;
732 package_details = kzalloc(sizeof(struct package_details), GFP_KERNEL);
733 if (!package_details)
734 return ERR_PTR(-ENOMEM);
735 tmp = kstrdup(name, GFP_KERNEL);
737 kfree(package_details);
738 return ERR_PTR(-ENOMEM);
740 qstr_init(&package_details->name, tmp);
741 config_item_init_type_name(&package_details->item, name,
742 &package_appid_type);
744 return &package_details->item;
747 static ssize_t packages_list_show(struct config_item *item, char *page)
749 struct hashtable_entry *hash_cur_app;
750 struct hashtable_entry *hash_cur_user;
752 int count = 0, written = 0;
753 const char errormsg[] = "<truncated>\n";
757 hash_for_each_rcu(package_to_appid, i, hash_cur_app, hlist) {
758 written = scnprintf(page + count, PAGE_SIZE - sizeof(errormsg) - count, "%s %d\n",
759 hash_cur_app->key.name, atomic_read(&hash_cur_app->value));
760 hash = hash_cur_app->key.hash;
761 hash_for_each_possible_rcu(package_to_userid, hash_cur_user, hlist, hash) {
762 if (qstr_case_eq(&hash_cur_app->key, &hash_cur_user->key)) {
763 written += scnprintf(page + count + written - 1,
764 PAGE_SIZE - sizeof(errormsg) - count - written + 1,
765 " %d\n", atomic_read(&hash_cur_user->value)) - 1;
768 if (count + written == PAGE_SIZE - sizeof(errormsg) - 1) {
769 count += scnprintf(page + count, PAGE_SIZE - count, errormsg);
779 static ssize_t packages_remove_userid_store(struct config_item *item,
780 const char *page, size_t count)
785 ret = kstrtouint(page, 10, &tmp);
788 remove_userid_all_entry(tmp);
792 static struct configfs_attribute packages_attr_packages_gid_list = {
793 .ca_name = "packages_gid.list",
795 .ca_owner = THIS_MODULE,
796 .show = packages_list_show,
799 SDCARDFS_CONFIGFS_ATTR_WO(packages_, remove_userid);
801 static struct configfs_attribute *packages_attrs[] = {
802 &packages_attr_packages_gid_list,
803 &packages_attr_remove_userid,
808 * Note that, since no extra work is required on ->drop_item(),
809 * no ->drop_item() is provided.
811 static struct configfs_group_operations packages_group_ops = {
812 .make_item = packages_make_item,
815 static struct config_item_type packages_type = {
816 .ct_group_ops = &packages_group_ops,
817 .ct_attrs = packages_attrs,
818 .ct_owner = THIS_MODULE,
821 struct config_group *sd_default_groups[] = {
826 static struct configfs_subsystem sdcardfs_packages = {
829 .ci_namebuf = "sdcardfs",
830 .ci_type = &packages_type,
832 .default_groups = sd_default_groups,
836 static int configfs_sdcardfs_init(void)
839 struct configfs_subsystem *subsys = &sdcardfs_packages;
840 for (i = 0; sd_default_groups[i]; i++) {
841 config_group_init(sd_default_groups[i]);
843 config_group_init(&subsys->su_group);
844 mutex_init(&subsys->su_mutex);
845 ret = configfs_register_subsystem(subsys);
847 printk(KERN_ERR "Error %d while registering subsystem %s\n",
849 subsys->su_group.cg_item.ci_namebuf);
854 static void configfs_sdcardfs_exit(void)
856 configfs_unregister_subsystem(&sdcardfs_packages);
859 int packagelist_init(void)
861 hashtable_entry_cachep =
862 kmem_cache_create("packagelist_hashtable_entry",
863 sizeof(struct hashtable_entry), 0, 0, NULL);
864 if (!hashtable_entry_cachep) {
865 printk(KERN_ERR "sdcardfs: failed creating pkgl_hashtable entry slab cache\n");
869 configfs_sdcardfs_init();
873 void packagelist_exit(void)
875 configfs_sdcardfs_exit();
876 packagelist_destroy();
877 if (hashtable_entry_cachep)
878 kmem_cache_destroy(hashtable_entry_cachep);