2 * fs/sdcardfs/packagelist.c
4 * Copyright (c) 2013 Samsung Electronics Co. Ltd
5 * Authors: Daeho Jeong, Woojoong Lee, Seunghwan Hyun,
6 * Sunghwan Yun, Sungjong Seo
8 * This program has been developed as a stackable file system based on
9 * the WrapFS which written by
11 * Copyright (c) 1998-2011 Erez Zadok
12 * Copyright (c) 2009 Shrikar Archak
13 * Copyright (c) 2003-2011 Stony Brook University
14 * Copyright (c) 2003-2011 The Research Foundation of SUNY
16 * This file is dual licensed. It may be redistributed and/or modified
17 * under the terms of the Apache 2.0 License OR version 2 of the GNU
18 * General Public License.
23 #include <linux/hashtable.h>
24 #include <linux/syscalls.h>
25 #include <linux/kthread.h>
26 #include <linux/inotify.h>
27 #include <linux/delay.h>
29 #define STRING_BUF_SIZE (512)
31 struct hashtable_entry {
32 struct hlist_node hlist;
37 struct packagelist_data {
38 DECLARE_HASHTABLE(package_to_appid,8);
39 DECLARE_HASHTABLE(appid_with_rw,7);
40 struct mutex hashtable_lock;
41 struct task_struct *thread_id;
44 char read_buf[STRING_BUF_SIZE];
45 char event_buf[STRING_BUF_SIZE];
46 char app_name_buf[STRING_BUF_SIZE];
47 char gids_buf[STRING_BUF_SIZE];
50 static struct kmem_cache *hashtable_entry_cachep;
52 /* Path to system-provided mapping of package name to appIds */
53 static const char* const kpackageslist_file = "/data/system/packages.list";
54 /* Supplementary groups to execute with */
55 static const gid_t kgroups[1] = { AID_PACKAGE_INFO };
57 static unsigned int str_hash(const char *key) {
59 unsigned int h = strlen(key);
60 char *data = (char *)key;
62 for (i = 0; i < strlen(key); i++) {
69 static int contain_appid_key(struct packagelist_data *pkgl_dat, unsigned int appid) {
70 struct hashtable_entry *hash_cur;
72 hash_for_each_possible(pkgl_dat->appid_with_rw, hash_cur, hlist, appid)
73 if ((void *)(uintptr_t)appid == hash_cur->key)
79 /* Return if the calling UID holds sdcard_rw. */
80 int get_caller_has_rw_locked(void *pkgl_id, derive_t derive) {
81 struct packagelist_data *pkgl_dat = (struct packagelist_data *)pkgl_id;
85 /* No additional permissions enforcement */
86 if (derive == DERIVE_NONE) {
90 appid = multiuser_get_app_id(from_kuid(&init_user_ns, current_fsuid()));
91 mutex_lock(&pkgl_dat->hashtable_lock);
92 ret = contain_appid_key(pkgl_dat, appid);
93 mutex_unlock(&pkgl_dat->hashtable_lock);
97 appid_t get_appid(void *pkgl_id, const char *app_name)
99 struct packagelist_data *pkgl_dat = (struct packagelist_data *)pkgl_id;
100 struct hashtable_entry *hash_cur;
101 unsigned int hash = str_hash(app_name);
104 //printk(KERN_INFO "sdcardfs: %s: %s, %u\n", __func__, (char *)app_name, hash);
105 mutex_lock(&pkgl_dat->hashtable_lock);
106 hash_for_each_possible(pkgl_dat->package_to_appid, hash_cur, hlist, hash) {
107 //printk(KERN_INFO "sdcardfs: %s: %s\n", __func__, (char *)hash_cur->key);
108 if (!strcasecmp(app_name, hash_cur->key)) {
109 ret_id = (appid_t)hash_cur->value;
110 mutex_unlock(&pkgl_dat->hashtable_lock);
111 //printk(KERN_INFO "=> app_id: %d\n", (int)ret_id);
115 mutex_unlock(&pkgl_dat->hashtable_lock);
116 //printk(KERN_INFO "=> app_id: %d\n", 0);
120 /* Kernel has already enforced everything we returned through
121 * derive_permissions_locked(), so this is used to lock down access
122 * even further, such as enforcing that apps hold sdcard_rw. */
123 int check_caller_access_to_name(struct inode *parent_node, const char* name,
124 derive_t derive, int w_ok, int has_rw) {
126 /* Always block security-sensitive files at root */
127 if (parent_node && SDCARDFS_I(parent_node)->perm == PERM_ROOT) {
128 if (!strcasecmp(name, "autorun.inf")
129 || !strcasecmp(name, ".android_secure")
130 || !strcasecmp(name, "android_secure")) {
135 /* No additional permissions enforcement */
136 if (derive == DERIVE_NONE) {
140 /* Root always has access; access for any other UIDs should always
141 * be controlled through packages.list. */
142 if (from_kuid(&init_user_ns, current_fsuid()) == 0) {
146 /* If asking to write, verify that caller either owns the
147 * parent or holds sdcard_rw. */
150 (from_kuid(&init_user_ns, current_fsuid()) ==
151 SDCARDFS_I(parent_node)->d_uid)) {
157 /* No extra permissions to enforce */
161 /* This function is used when file opening. The open flags must be
162 * checked before calling check_caller_access_to_name() */
163 int open_flags_to_access_mode(int open_flags) {
164 if((open_flags & O_ACCMODE) == O_RDONLY) {
166 } else if ((open_flags & O_ACCMODE) == O_WRONLY) {
169 /* Probably O_RDRW, but treat as default to be safe */
170 return 1; /* R_OK | W_OK */
174 static int insert_str_to_int(struct packagelist_data *pkgl_dat, char *key,
177 struct hashtable_entry *hash_cur;
178 struct hashtable_entry *new_entry;
179 unsigned int hash = str_hash(key);
181 //printk(KERN_INFO "sdcardfs: %s: %s: %d, %u\n", __func__, (char *)key, value, hash);
182 hash_for_each_possible(pkgl_dat->package_to_appid, hash_cur, hlist, hash) {
183 if (!strcasecmp(key, hash_cur->key)) {
184 hash_cur->value = value;
188 new_entry = kmem_cache_alloc(hashtable_entry_cachep, GFP_KERNEL);
191 new_entry->key = kstrdup(key, GFP_KERNEL);
192 new_entry->value = value;
193 hash_add(pkgl_dat->package_to_appid, &new_entry->hlist, hash);
197 static void remove_str_to_int(struct hashtable_entry *h_entry) {
198 //printk(KERN_INFO "sdcardfs: %s: %s: %d\n", __func__, (char *)h_entry->key, h_entry->value);
200 kmem_cache_free(hashtable_entry_cachep, h_entry);
203 static int insert_int_to_null(struct packagelist_data *pkgl_dat, unsigned int key,
206 struct hashtable_entry *hash_cur;
207 struct hashtable_entry *new_entry;
209 //printk(KERN_INFO "sdcardfs: %s: %d: %d\n", __func__, (int)key, value);
210 hash_for_each_possible(pkgl_dat->appid_with_rw, hash_cur, hlist, key) {
211 if ((void *)(uintptr_t)key == hash_cur->key) {
212 hash_cur->value = value;
216 new_entry = kmem_cache_alloc(hashtable_entry_cachep, GFP_KERNEL);
219 new_entry->key = (void *)(uintptr_t)key;
220 new_entry->value = value;
221 hash_add(pkgl_dat->appid_with_rw, &new_entry->hlist, key);
225 static void remove_int_to_null(struct hashtable_entry *h_entry) {
226 //printk(KERN_INFO "sdcardfs: %s: %d: %d\n", __func__, (int)h_entry->key, h_entry->value);
227 kmem_cache_free(hashtable_entry_cachep, h_entry);
230 static void remove_all_hashentrys(struct packagelist_data *pkgl_dat)
232 struct hashtable_entry *hash_cur;
233 struct hlist_node *h_t;
236 hash_for_each_safe(pkgl_dat->package_to_appid, i, h_t, hash_cur, hlist)
237 remove_str_to_int(hash_cur);
238 hash_for_each_safe(pkgl_dat->appid_with_rw, i, h_t, hash_cur, hlist)
239 remove_int_to_null(hash_cur);
241 hash_init(pkgl_dat->package_to_appid);
242 hash_init(pkgl_dat->appid_with_rw);
245 static int read_package_list(struct packagelist_data *pkgl_dat) {
250 printk(KERN_INFO "sdcardfs: read_package_list\n");
252 mutex_lock(&pkgl_dat->hashtable_lock);
254 remove_all_hashentrys(pkgl_dat);
256 fd = sys_open(kpackageslist_file, O_RDONLY, 0);
258 printk(KERN_ERR "sdcardfs: failed to open package list\n");
259 mutex_unlock(&pkgl_dat->hashtable_lock);
263 while ((read_amount = sys_read(fd, pkgl_dat->read_buf,
264 sizeof(pkgl_dat->read_buf))) > 0) {
267 int one_line_len = 0;
269 unsigned long ret_gid;
271 while (one_line_len < read_amount) {
272 if (pkgl_dat->read_buf[one_line_len] == '\n') {
278 additional_read = read_amount - one_line_len;
279 if (additional_read > 0)
280 sys_lseek(fd, -additional_read, SEEK_CUR);
282 if (sscanf(pkgl_dat->read_buf, "%s %u %*d %*s %*s %s",
283 pkgl_dat->app_name_buf, &appid,
284 pkgl_dat->gids_buf) == 3) {
285 ret = insert_str_to_int(pkgl_dat, pkgl_dat->app_name_buf, appid);
288 mutex_unlock(&pkgl_dat->hashtable_lock);
292 token = strtok_r(pkgl_dat->gids_buf, ",", &pkgl_dat->strtok_last);
293 while (token != NULL) {
294 if (!kstrtoul(token, 10, &ret_gid) &&
295 (ret_gid == pkgl_dat->write_gid)) {
296 ret = insert_int_to_null(pkgl_dat, appid, 1);
299 mutex_unlock(&pkgl_dat->hashtable_lock);
304 token = strtok_r(NULL, ",", &pkgl_dat->strtok_last);
310 mutex_unlock(&pkgl_dat->hashtable_lock);
314 static int packagelist_reader(void *thread_data)
316 struct packagelist_data *pkgl_dat = (struct packagelist_data *)thread_data;
317 struct inotify_event *event;
324 allow_signal(SIGINT);
326 nfd = sys_inotify_init();
328 printk(KERN_ERR "sdcardfs: inotify_init failed: %d\n", nfd);
332 while (!kthread_should_stop()) {
333 if (signal_pending(current)) {
339 res = sys_inotify_add_watch(nfd, kpackageslist_file, IN_DELETE_SELF);
341 if (res == -ENOENT || res == -EACCES) {
342 /* Framework may not have created yet, sleep and retry */
343 printk(KERN_ERR "sdcardfs: missing packages.list; retrying\n");
345 printk(KERN_ERR "sdcardfs: missing packages.list_end; retrying\n");
348 printk(KERN_ERR "sdcardfs: inotify_add_watch failed: %d\n", res);
349 goto interruptable_sleep;
352 /* Watch above will tell us about any future changes, so
353 * read the current state. */
354 res = read_package_list(pkgl_dat);
356 printk(KERN_ERR "sdcardfs: read_package_list failed: %d\n", res);
357 goto interruptable_sleep;
363 res = sys_read(nfd, pkgl_dat->event_buf, sizeof(pkgl_dat->event_buf));
364 if (res < (int) sizeof(*event)) {
367 printk(KERN_ERR "sdcardfs: failed to read inotify event: %d\n", res);
368 goto interruptable_sleep;
371 while (res >= (int) sizeof(*event)) {
372 event = (struct inotify_event *) (pkgl_dat->event_buf + event_pos);
374 printk(KERN_INFO "sdcardfs: inotify event: %08x\n", event->mask);
375 if ((event->mask & IN_IGNORED) == IN_IGNORED) {
376 /* Previously watched file was deleted, probably due to move
377 * that swapped in new data; re-arm the watch and read. */
381 event_size = sizeof(*event) + event->len;
383 event_pos += event_size;
388 set_current_state(TASK_INTERRUPTIBLE);
391 flush_signals(current);
396 void * packagelist_create(gid_t write_gid)
398 struct packagelist_data *pkgl_dat;
399 struct task_struct *packagelist_thread;
401 pkgl_dat = kmalloc(sizeof(*pkgl_dat), GFP_KERNEL | __GFP_ZERO);
403 printk(KERN_ERR "sdcardfs: creating kthread failed\n");
404 return ERR_PTR(-ENOMEM);
407 mutex_init(&pkgl_dat->hashtable_lock);
408 hash_init(pkgl_dat->package_to_appid);
409 hash_init(pkgl_dat->appid_with_rw);
410 pkgl_dat->write_gid = write_gid;
412 packagelist_thread = kthread_run(packagelist_reader, (void *)pkgl_dat, "pkgld");
413 if (IS_ERR(packagelist_thread)) {
414 printk(KERN_ERR "sdcardfs: creating kthread failed\n");
416 return packagelist_thread;
418 pkgl_dat->thread_id = packagelist_thread;
420 printk(KERN_INFO "sdcardfs: created packagelist pkgld/%d\n",
421 (int)pkgl_dat->thread_id->pid);
423 return (void *)pkgl_dat;
426 void packagelist_destroy(void *pkgl_id)
428 struct packagelist_data *pkgl_dat = (struct packagelist_data *)pkgl_id;
429 pid_t pkgl_pid = pkgl_dat->thread_id->pid;
431 force_sig_info(SIGINT, SEND_SIG_PRIV, pkgl_dat->thread_id);
432 kthread_stop(pkgl_dat->thread_id);
433 remove_all_hashentrys(pkgl_dat);
434 printk(KERN_INFO "sdcardfs: destroyed packagelist pkgld/%d\n", (int)pkgl_pid);
438 int packagelist_init(void)
440 hashtable_entry_cachep =
441 kmem_cache_create("packagelist_hashtable_entry",
442 sizeof(struct hashtable_entry), 0, 0, NULL);
443 if (!hashtable_entry_cachep) {
444 printk(KERN_ERR "sdcardfs: failed creating pkgl_hashtable entry slab cache\n");
451 void packagelist_exit(void)
453 if (hashtable_entry_cachep)
454 kmem_cache_destroy(hashtable_entry_cachep);