sdcardfs: Bring up to date with Android M permissions:

config SDCARD_FS

	tristate "sdcard file system"

	depends on CONFIGFS_FS

	default n

	help

	  Sdcardfs is based on Wrapfs file system.

	ci->perm = PERM_INHERIT;

	ci->userid = pi->userid;

	ci->d_uid = pi->d_uid;

	ci->d_gid = pi->d_gid;

	ci->d_mode = pi->d_mode;

	ci->under_android = pi->under_android;

}

/* helper function for derived state */

void setup_derived_state(struct inode *inode, perm_t perm,

                        userid_t userid, uid_t uid, gid_t gid, mode_t mode)

                        userid_t userid, uid_t uid, bool under_android)

{

	struct sdcardfs_inode_info *info = SDCARDFS_I(inode);

	info->perm = perm;

	info->userid = userid;

	info->d_uid = uid;

	info->d_gid = gid;

	info->d_mode = mode;

	info->under_android = under_android;

}

void get_derived_permission(struct dentry *parent, struct dentry *dentry)

/* While renaming, there is a point where we want the path from dentry, but the name from newdentry */

void get_derived_permission_new(struct dentry *parent, struct dentry *dentry, struct dentry *newdentry)

{

	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);

	struct sdcardfs_inode_info *info = SDCARDFS_I(dentry->d_inode);

	inherit_derived_state(parent->d_inode, dentry->d_inode);

	//printk(KERN_INFO "sdcardfs: derived: %s, %s, %d\n", parent->d_name.name,

	//				dentry->d_name.name, parent_info->perm);

	if (sbi->options.derive == DERIVE_NONE) {

		return;

	}

	/* Derive custom permissions based on parent and current node */

	switch (parent_info->perm) {

		case PERM_INHERIT:

			/* Already inherited above */

			break;

		case PERM_LEGACY_PRE_ROOT:

		case PERM_PRE_ROOT:

			/* Legacy internal layout places users at top level */

			info->perm = PERM_ROOT;

			info->userid = simple_strtoul(dentry->d_name.name, NULL, 10);

			info->userid = simple_strtoul(newdentry->d_name.name, NULL, 10);

			break;

		case PERM_ROOT:

			/* Assume masked off by default. */

			info->d_mode = 00770;

			if (!strcasecmp(dentry->d_name.name, "Android")) {

			if (!strcasecmp(newdentry->d_name.name, "Android")) {

				/* App-specific directories inside; let anyone traverse */

				info->perm = PERM_ANDROID;

				info->d_mode = 00771;

			} else if (sbi->options.split_perms) {

				if (!strcasecmp(dentry->d_name.name, "DCIM")

					|| !strcasecmp(dentry->d_name.name, "Pictures")) {

					info->d_gid = AID_SDCARD_PICS;

				} else if (!strcasecmp(dentry->d_name.name, "Alarms")

						|| !strcasecmp(dentry->d_name.name, "Movies")

						|| !strcasecmp(dentry->d_name.name, "Music")

						|| !strcasecmp(dentry->d_name.name, "Notifications")

						|| !strcasecmp(dentry->d_name.name, "Podcasts")

						|| !strcasecmp(dentry->d_name.name, "Ringtones")) {

					info->d_gid = AID_SDCARD_AV;

				}

				info->under_android = true;

			}

			break;

		case PERM_ANDROID:

			if (!strcasecmp(dentry->d_name.name, "data")) {

			if (!strcasecmp(newdentry->d_name.name, "data")) {

				/* App-specific directories inside; let anyone traverse */

				info->perm = PERM_ANDROID_DATA;

				info->d_mode = 00771;

			} else if (!strcasecmp(dentry->d_name.name, "obb")) {

			} else if (!strcasecmp(newdentry->d_name.name, "obb")) {

				/* App-specific directories inside; let anyone traverse */

				info->perm = PERM_ANDROID_OBB;

				info->d_mode = 00771;

				// FIXME : this feature will be implemented later.

				/* Single OBB directory is always shared */

			} else if (!strcasecmp(dentry->d_name.name, "user")) {

				/* User directories must only be accessible to system, protected

				 * by sdcard_all. Zygote will bind mount the appropriate user-

				 * specific path. */

				info->perm = PERM_ANDROID_USER;

				info->d_gid = AID_SDCARD_ALL;

				info->d_mode = 00770;

			} else if (!strcasecmp(newdentry->d_name.name, "media")) {

				/* App-specific directories inside; let anyone traverse */

				info->perm = PERM_ANDROID_MEDIA;

			}

			break;

		/* same policy will be applied on PERM_ANDROID_DATA

		 * and PERM_ANDROID_OBB */

		case PERM_ANDROID_DATA:

		case PERM_ANDROID_OBB:

			appid = get_appid(sbi->pkgl_id, dentry->d_name.name);

		case PERM_ANDROID_MEDIA:

			appid = get_appid(sbi->pkgl_id, newdentry->d_name.name);

			if (appid != 0) {

				info->d_uid = multiuser_get_uid(parent_info->userid, appid);

			}

			info->d_mode = 00770;

			break;

		case PERM_ANDROID_USER:

			/* Root of a secondary user */

			info->perm = PERM_ROOT;

			info->userid = simple_strtoul(dentry->d_name.name, NULL, 10);

			info->d_gid = AID_SDCARD_R;

			info->d_mode = 00771;

			break;

	}

}

void get_derived_permission(struct dentry *parent, struct dentry *dentry)

{

	get_derived_permission_new(parent, dentry, dentry);

}

void get_derive_permissions_recursive(struct dentry *parent) {

	struct dentry *dentry;

	list_for_each_entry(dentry, &parent->d_subdirs, d_child) {

		if (dentry && dentry->d_inode) {

			mutex_lock(&dentry->d_inode->i_mutex);

			get_derived_permission(parent, dentry);

			fix_derived_permission(dentry->d_inode);

			get_derive_permissions_recursive(dentry);

			mutex_unlock(&dentry->d_inode->i_mutex);

		}

	}

}

/* main function for updating derived permission */

inline void update_derived_permission(struct dentry *dentry)

inline void update_derived_permission_lock(struct dentry *dentry)

{

	struct dentry *parent;

	 * 1. need to check whether the dentry is updated or not

	 * 2. remove the root dentry update

	 */

	mutex_lock(&dentry->d_inode->i_mutex);

	if(IS_ROOT(dentry)) {

		//setup_default_pre_root_state(dentry->d_inode);

	} else {

		}

	}

	fix_derived_permission(dentry->d_inode);

	mutex_unlock(&dentry->d_inode->i_mutex);

}

int need_graft_path(struct dentry *dentry)

			!strcasecmp(dentry->d_name.name, "obb")) {

		/* /Android/obb is the base obbpath of DERIVED_UNIFIED */

		if(!(sbi->options.derive == DERIVE_UNIFIED

		if(!(sbi->options.multiuser == false

				&& parent_info->userid == 0)) {

			ret = 1;

		}

			path_buf = kmalloc(PATH_MAX, GFP_ATOMIC);

			if(!path_buf) {

				ret = 1;

				printk(KERN_ERR "sdcardfs: "

					"fail to allocate path_buf in %s.\n", __func__);

				printk(KERN_ERR "sdcardfs: fail to allocate path_buf in %s.\n", __func__);

			} else {

				obbpath_s = d_path(&di->lower_path, path_buf, PATH_MAX);

				if (d_unhashed(di->lower_path.dentry) ||

	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);

	spin_lock(&SDCARDFS_D(dentry)->lock);

	/* DERIVED_LEGACY */

	if(parent_info->perm == PERM_LEGACY_PRE_ROOT &&

	if (sbi->options.multiuser) {

		if(parent_info->perm == PERM_PRE_ROOT &&

				!strcasecmp(dentry->d_name.name, "obb")) {

			ret = 1;

		}

	/* DERIVED_UNIFIED :/Android/obb is the base obbpath */

	else if (parent_info->perm == PERM_ANDROID &&

	} else  if (parent_info->perm == PERM_ANDROID &&

			!strcasecmp(dentry->d_name.name, "obb")) {

		if((sbi->options.derive == DERIVE_UNIFIED

				&& parent_info->userid == 0)) {

		ret = 1;

	}

	}

	spin_unlock(&SDCARDFS_D(dentry)->lock);

	dput(parent);

	return ret;

}

	if(!err) {

		/* the obbpath base has been found */

		printk(KERN_INFO "sdcardfs: "

				"the sbi->obbpath is found\n");

		printk(KERN_INFO "sdcardfs: the sbi->obbpath is found\n");

		pathcpy(lower_path, &obbpath);

	} else {

		/* if the sbi->obbpath is not available, we can optionally

		 * but, the current implementation just returns an error

		 * because the sdcard daemon also regards this case as

		 * a lookup fail. */

		printk(KERN_INFO "sdcardfs: "

				"the sbi->obbpath is not available\n");

		printk(KERN_INFO "sdcardfs: the sbi->obbpath is not available\n");

	}

	return err;

}

	struct dentry *parent = dget_parent(dentry);

	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);

	const struct cred *saved_cred = NULL;

	int has_rw;

	/* don't open unhashed/deleted files */

	if (d_unhashed(dentry)) {

		goto out_err;

	}

	has_rw = get_caller_has_rw_locked(sbi->pkgl_id, sbi->options.derive);

	if(!check_caller_access_to_name(parent->d_inode, dentry->d_name.name,

				sbi->options.derive,

				open_flags_to_access_mode(file->f_flags), has_rw)) {

	if(!check_caller_access_to_name(parent->d_inode, dentry->d_name.name)) {

		printk(KERN_INFO "%s: need to check the caller's gid in packages.list\n"

                         "	dentry: %s, task:%s\n",

						 __func__, dentry->d_name.name, current->comm);

	if (err)

		kfree(SDCARDFS_F(file));

	else {

		fsstack_copy_attr_all(inode, sdcardfs_lower_inode(inode));

		fix_derived_permission(inode);

		sdcardfs_copy_and_fix_attrs(inode, sdcardfs_lower_inode(inode));

	}

out_revert_cred:

	struct dentry *lower_dentry;

	struct dentry *lower_parent_dentry = NULL;

	struct path lower_path;

	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);

	const struct cred *saved_cred = NULL;

	int has_rw = get_caller_has_rw_locked(sbi->pkgl_id, sbi->options.derive);

	if(!check_caller_access_to_name(dir, dentry->d_name.name, sbi->options.derive, 1, has_rw)) {

	if(!check_caller_access_to_name(dir, dentry->d_name.name)) {

		printk(KERN_INFO "%s: need to check the caller's gid in packages.list\n"

						 "  dentry: %s, task:%s\n",

						 __func__, dentry->d_name.name, current->comm);

	if (err)

		goto out;

	err = sdcardfs_interpose(dentry, dir->i_sb, &lower_path);

	err = sdcardfs_interpose(dentry, dir->i_sb, &lower_path, SDCARDFS_I(dir)->userid);

	if (err)

		goto out;

	fsstack_copy_attr_times(dir, sdcardfs_lower_inode(dir));

	struct inode *lower_dir_inode = sdcardfs_lower_inode(dir);

	struct dentry *lower_dir_dentry;

	struct path lower_path;

	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);

	const struct cred *saved_cred = NULL;

	int has_rw = get_caller_has_rw_locked(sbi->pkgl_id, sbi->options.derive);

	if(!check_caller_access_to_name(dir, dentry->d_name.name, sbi->options.derive, 1, has_rw)) {

	if(!check_caller_access_to_name(dir, dentry->d_name.name)) {

		printk(KERN_INFO "%s: need to check the caller's gid in packages.list\n"

						 "  dentry: %s, task:%s\n",

						 __func__, dentry->d_name.name, current->comm);

	int fullpath_namelen;

	int touch_err = 0;

	int has_rw = get_caller_has_rw_locked(sbi->pkgl_id, sbi->options.derive);

	if(!check_caller_access_to_name(dir, dentry->d_name.name, sbi->options.derive, 1, has_rw)) {

	if(!check_caller_access_to_name(dir, dentry->d_name.name)) {

		printk(KERN_INFO "%s: need to check the caller's gid in packages.list\n"

						 "  dentry: %s, task:%s\n",

						 __func__, dentry->d_name.name, current->comm);

			make_nomedia_in_obb = 1;

	}

	err = sdcardfs_interpose(dentry, dir->i_sb, &lower_path);

	err = sdcardfs_interpose(dentry, dir->i_sb, &lower_path, pi->userid);

	if (err)

		goto out;

	/* update number of links on parent directory */

	set_nlink(dir, sdcardfs_lower_inode(dir)->i_nlink);

	if ((sbi->options.derive == DERIVE_UNIFIED) && (!strcasecmp(dentry->d_name.name, "obb"))

	if ((!sbi->options.multiuser) && (!strcasecmp(dentry->d_name.name, "obb"))

		&& (pi->perm == PERM_ANDROID) && (pi->userid == 0))

		make_nomedia_in_obb = 1;

	struct dentry *lower_dir_dentry;

	int err;

	struct path lower_path;

	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);

	const struct cred *saved_cred = NULL;

	//char *path_s = NULL;

	int has_rw = get_caller_has_rw_locked(sbi->pkgl_id, sbi->options.derive);

	if(!check_caller_access_to_name(dir, dentry->d_name.name, sbi->options.derive, 1, has_rw)) {

	if(!check_caller_access_to_name(dir, dentry->d_name.name)) {

		printk(KERN_INFO "%s: need to check the caller's gid in packages.list\n"

						 "  dentry: %s, task:%s\n",

						 __func__, dentry->d_name.name, current->comm);

	struct dentry *trap = NULL;

	struct dentry *new_parent = NULL;

	struct path lower_old_path, lower_new_path;

	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(old_dentry->d_sb);

	const struct cred *saved_cred = NULL;

	int has_rw = get_caller_has_rw_locked(sbi->pkgl_id, sbi->options.derive);

	if(!check_caller_access_to_name(old_dir, old_dentry->d_name.name,

			sbi->options.derive, 1, has_rw) ||

		!check_caller_access_to_name(new_dir, new_dentry->d_name.name,

			sbi->options.derive, 1, has_rw)) {

	if(!check_caller_access_to_name(old_dir, old_dentry->d_name.name) ||

		!check_caller_access_to_name(new_dir, new_dentry->d_name.name)) {

		printk(KERN_INFO "%s: need to check the caller's gid in packages.list\n"

						 "  new_dentry: %s, task:%s\n",

						 __func__, new_dentry->d_name.name, current->comm);

		goto out;

	/* Copy attrs from lower dir, but i_uid/i_gid */

	fsstack_copy_attr_all(new_dir, d_inode(lower_new_dir_dentry));

	sdcardfs_copy_and_fix_attrs(new_dir, d_inode(lower_new_dir_dentry));

	fsstack_copy_inode_size(new_dir, d_inode(lower_new_dir_dentry));

	fix_derived_permission(new_dir);

	if (new_dir != old_dir) {

		fsstack_copy_attr_all(old_dir, d_inode(lower_old_dir_dentry));

		sdcardfs_copy_and_fix_attrs(old_dir, d_inode(lower_old_dir_dentry));

		fsstack_copy_inode_size(old_dir, d_inode(lower_old_dir_dentry));

		fix_derived_permission(old_dir);

		/* update the derived permission of the old_dentry

		 * with its new parent

		 */

		new_parent = dget_parent(new_dentry);

		if(new_parent) {

			if(d_inode(old_dentry)) {

				get_derived_permission(new_parent, old_dentry);

				fix_derived_permission(d_inode(old_dentry));

				update_derived_permission_lock(old_dentry);

			}

			dput(new_parent);

		}

	}

	/* At this point, not all dentry information has been moved, so

	 * we pass along new_dentry for the name.*/

	mutex_lock(&d_inode(old_dentry)->i_mutex);

	get_derived_permission_new(new_dentry->d_parent, old_dentry, new_dentry);

	fix_derived_permission(d_inode(old_dentry));

	get_derive_permissions_recursive(old_dentry);

	mutex_unlock(&d_inode(old_dentry)->i_mutex);

out:

	unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry);

	dput(lower_old_dir_dentry);

	struct inode *lower_inode;

	struct path lower_path;

	struct iattr lower_ia;

	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);

	struct dentry *parent;

	int has_rw;

	inode = d_inode(dentry);

	/* no vfs_XXX operations required, cred overriding will be skipped. wj*/

	if (!err) {

		/* check the Android group ID */

		has_rw = get_caller_has_rw_locked(sbi->pkgl_id, sbi->options.derive);

		parent = dget_parent(dentry);

		if(!check_caller_access_to_name(d_inode(parent), dentry->d_name.name,

						sbi->options.derive, 1, has_rw)) {

		if(!check_caller_access_to_name(d_inode(parent), dentry->d_name.name)) {

			printk(KERN_INFO "%s: need to check the caller's gid in packages.list\n"

							 "  dentry: %s, task:%s\n",

							 __func__, dentry->d_name.name, current->comm);

	if (err)

		goto out;

	/* get attributes from the lower inode */

	fsstack_copy_attr_all(inode, lower_inode);

	/* update derived permission of the upper inode */

	fix_derived_permission(inode);

	/* get attributes from the lower inode and update derived permissions */

	sdcardfs_copy_and_fix_attrs(inode, lower_inode);

	/*

	 * Not running fsstack_copy_inode_size(inode, lower_inode), because

	struct inode *lower_inode;

	struct path lower_path;

	struct dentry *parent;

	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);

	parent = dget_parent(dentry);

	if(!check_caller_access_to_name(d_inode(parent), dentry->d_name.name,

						sbi->options.derive, 0, 0)) {

	if(!check_caller_access_to_name(d_inode(parent), dentry->d_name.name)) {

		printk(KERN_INFO "%s: need to check the caller's gid in packages.list\n"

						 "  dentry: %s, task:%s\n",

						 __func__, dentry->d_name.name, current->comm);

	lower_dentry = lower_path.dentry;

	lower_inode = sdcardfs_lower_inode(inode);

	fsstack_copy_attr_all(inode, lower_inode);

	sdcardfs_copy_and_fix_attrs(inode, lower_inode);

	fsstack_copy_inode_size(inode, lower_inode);

	/* if the dentry has been moved from other location

	 * so, on this stage, its derived permission must be

	 * rechecked from its private field.

	 */

	fix_derived_permission(inode);

	generic_fillattr(inode, stat);

	sdcardfs_put_lower_path(dentry, &lower_path);

	return 0;

}

static int sdcardfs_inode_test(struct inode *inode, void *candidate_lower_inode)

struct inode_data {

	struct inode *lower_inode;

	userid_t id;

};

static int sdcardfs_inode_test(struct inode *inode, void *candidate_data/*void *candidate_lower_inode*/)

{

	struct inode *current_lower_inode = sdcardfs_lower_inode(inode);

	if (current_lower_inode == (struct inode *)candidate_lower_inode)

	userid_t current_userid = SDCARDFS_I(inode)->userid;

	if (current_lower_inode == ((struct inode_data *)candidate_data)->lower_inode &&

			current_userid == ((struct inode_data *)candidate_data)->id)

		return 1; /* found a match */

	else

		return 0; /* no match */

	return 0;

}

struct inode *sdcardfs_iget(struct super_block *sb, struct inode *lower_inode)

struct inode *sdcardfs_iget(struct super_block *sb, struct inode *lower_inode, userid_t id)

{

	struct sdcardfs_inode_info *info;

	struct inode_data data;

	struct inode *inode; /* the new inode to return */

	int err;

	data.id = id;

	data.lower_inode = lower_inode;

	inode = iget5_locked(sb, /* our superblock */

			     /*

			      * hashval: we use inode number, but we can

			     lower_inode->i_ino, /* hashval */

			     sdcardfs_inode_test,	/* inode comparison function */

			     sdcardfs_inode_set, /* inode init function */

			     lower_inode); /* data passed to test+set fxns */

			     &data); /* data passed to test+set fxns */

	if (!inode) {

		err = -EACCES;

		iput(lower_inode);

				   lower_inode->i_rdev);

	/* all well, copy inode attributes */

	fsstack_copy_attr_all(inode, lower_inode);

	sdcardfs_copy_and_fix_attrs(inode, lower_inode);

	fsstack_copy_inode_size(inode, lower_inode);

	fix_derived_permission(inode);

	unlock_new_inode(inode);

	return inode;

}

 * @lower_path: the lower path (caller does path_get/put)

 */

int sdcardfs_interpose(struct dentry *dentry, struct super_block *sb,

		     struct path *lower_path)

		     struct path *lower_path, userid_t id)

{

	int err = 0;

	struct inode *inode;

	 */

	/* inherit lower inode number for sdcardfs's inode */

	inode = sdcardfs_iget(sb, lower_inode);

	inode = sdcardfs_iget(sb, lower_inode, id);

	if (IS_ERR(inode)) {

		err = PTR_ERR(inode);

		goto out;

	}

	d_add(dentry, inode);

	update_derived_permission(dentry);

	update_derived_permission_lock(dentry);

out:

	return err;

}

 * Fills in lower_parent_path with <dentry,mnt> on success.

 */

static struct dentry *__sdcardfs_lookup(struct dentry *dentry,

		unsigned int flags, struct path *lower_parent_path)

		unsigned int flags, struct path *lower_parent_path, userid_t id)

{

	int err = 0;

	struct vfsmount *lower_dir_mnt;

		}

		sdcardfs_set_lower_path(dentry, &lower_path);

		err = sdcardfs_interpose(dentry, dentry->d_sb, &lower_path);

		err = sdcardfs_interpose(dentry, dentry->d_sb, &lower_path, id);

		if (err) /* path_put underlying path on error */

			sdcardfs_put_reset_lower_path(dentry);

		goto out;

	struct dentry *ret = NULL, *parent;

	struct path lower_parent_path;

	int err = 0;

	struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);

	const struct cred *saved_cred = NULL;