Loading fs_mgr/fs_mgr.cpp +78 −0 Original line number Diff line number Diff line Loading @@ -2265,3 +2265,81 @@ std::string fs_mgr_get_super_partition_name(int slot) { } return LP_METADATA_DEFAULT_PARTITION_NAME; } bool fs_mgr_create_canonical_mount_point(const std::string& mount_point) { auto saved_errno = errno; auto ok = true; auto created_mount_point = !mkdir(mount_point.c_str(), 0755); std::string real_mount_point; if (!Realpath(mount_point, &real_mount_point)) { ok = false; PERROR << "failed to realpath(" << mount_point << ")"; } else if (mount_point != real_mount_point) { ok = false; LERROR << "mount point is not canonical: realpath(" << mount_point << ") -> " << real_mount_point; } if (!ok && created_mount_point) { rmdir(mount_point.c_str()); } errno = saved_errno; return ok; } bool fs_mgr_mount_overlayfs_fstab_entry(const FstabEntry& entry) { auto overlayfs_valid_result = fs_mgr_overlayfs_valid(); if (overlayfs_valid_result == OverlayfsValidResult::kNotSupported) { LERROR << __FUNCTION__ << "(): kernel does not support overlayfs"; return false; } #if ALLOW_ADBD_DISABLE_VERITY == 0 // Allowlist the mount point if user build. static const std::vector<const std::string> kAllowedPaths = { "/odm", "/odm_dlkm", "/oem", "/product", "/system_ext", "/vendor", "/vendor_dlkm", }; static const std::vector<const std::string> kAllowedPrefixes = { "/mnt/product/", "/mnt/vendor/", }; if (std::none_of(kAllowedPaths.begin(), kAllowedPaths.end(), [&entry](const auto& path) -> bool { return entry.mount_point == path || StartsWith(entry.mount_point, path + "/"); }) && std::none_of(kAllowedPrefixes.begin(), kAllowedPrefixes.end(), [&entry](const auto& prefix) -> bool { return entry.mount_point != prefix && StartsWith(entry.mount_point, prefix); })) { LERROR << __FUNCTION__ << "(): mount point is forbidden on user build: " << entry.mount_point; return false; } #endif // ALLOW_ADBD_DISABLE_VERITY == 0 if (!fs_mgr_create_canonical_mount_point(entry.mount_point)) { return false; } auto options = "lowerdir=" + entry.lowerdir; if (overlayfs_valid_result == OverlayfsValidResult::kOverrideCredsRequired) { options += ",override_creds=off"; } // Use "overlay-" + entry.blk_device as the mount() source, so that adb-remout-test don't // confuse this with adb remount overlay, whose device name is "overlay". // Overlayfs is a pseudo filesystem, so the source device is a symbolic value and isn't used to // back the filesystem. However the device name would be shown in /proc/mounts. auto source = "overlay-" + entry.blk_device; auto report = "__mount(source=" + source + ",target=" + entry.mount_point + ",type=overlay," + options + ")="; auto ret = mount(source.c_str(), entry.mount_point.c_str(), "overlay", MS_RDONLY | MS_NOATIME, options.c_str()); if (ret) { PERROR << report << ret; return false; } LINFO << report << ret; return true; } fs_mgr/fs_mgr_fstab.cpp +10 −11 Original line number Diff line number Diff line Loading @@ -127,16 +127,17 @@ void ParseMountFlags(const std::string& flags, FstabEntry* entry) { } fs_options.append(flag); if (entry->fs_type == "f2fs" && StartsWith(flag, "reserve_root=")) { std::string arg; if (auto equal_sign = flag.find('='); equal_sign != std::string::npos) { arg = flag.substr(equal_sign + 1); } const auto arg = flag.substr(equal_sign + 1); if (entry->fs_type == "f2fs" && StartsWith(flag, "reserve_root=")) { if (!ParseInt(arg, &entry->reserved_size)) { LWARNING << "Warning: reserve_root= flag malformed: " << arg; } else { entry->reserved_size <<= 12; } } else if (StartsWith(flag, "lowerdir=")) { entry->lowerdir = std::move(arg); } } } } Loading Loading @@ -298,8 +299,6 @@ void ParseFsMgrFlags(const std::string& flags, FstabEntry* entry) { if (!ParseByteCount(arg, &entry->zram_backingdev_size)) { LWARNING << "Warning: zram_backingdev_size= flag malformed: " << arg; } } else if (StartsWith(flag, "lowerdir=")) { entry->lowerdir = arg; } else { LWARNING << "Warning: unknown flag: " << flag; } Loading fs_mgr/fs_mgr_overlayfs.cpp +0 −20 Original line number Diff line number Diff line Loading @@ -92,14 +92,6 @@ bool fs_mgr_overlayfs_mount_all(Fstab*) { return false; } bool fs_mgr_overlayfs_mount_fstab_entry(const std::string&, const std::string&) { return false; } std::vector<std::string> fs_mgr_overlayfs_required_devices(Fstab*) { return {}; } bool fs_mgr_overlayfs_setup(const char*, const char*, bool* change, bool) { if (change) *change = false; return false; Loading Loading @@ -1299,18 +1291,6 @@ static void TryMountScratch() { } } bool fs_mgr_overlayfs_mount_fstab_entry(const std::string& lowers, const std::string& mount_point) { if (fs_mgr_overlayfs_invalid()) return false; std::string aux = "lowerdir=" + lowers + ",override_creds=off"; auto rc = mount("overlay", mount_point.c_str(), "overlay", MS_RDONLY | MS_NOATIME, aux.c_str()); if (rc == 0) return true; return false; } bool fs_mgr_overlayfs_mount_all(Fstab* fstab) { auto ret = false; if (fs_mgr_overlayfs_invalid()) return ret; Loading fs_mgr/fs_mgr_vendor_overlay.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -92,7 +92,7 @@ bool fs_mgr_vendor_overlay_mount(const std::pair<std::string, std::string>& moun } auto report = "__mount(source=overlay,target="s + vendor_mount_point + ",type=overlay," + options + ")="; auto ret = mount("overlay", vendor_mount_point.c_str(), "overlay", MS_RDONLY | MS_RELATIME, auto ret = mount("overlay", vendor_mount_point.c_str(), "overlay", MS_RDONLY | MS_NOATIME, options.c_str()); if (ret) { PERROR << report << ret; Loading fs_mgr/include/fs_mgr.h +9 −0 Original line number Diff line number Diff line Loading @@ -131,3 +131,12 @@ int fs_mgr_remount_userdata_into_checkpointing(android::fs_mgr::Fstab* fstab); // Finds the dm_bow device on which this block device is stacked, or returns // empty string std::string fs_mgr_find_bow_device(const std::string& block_device); // Creates mount point if not already existed, and checks that mount point is a // canonical path that doesn't contain any symbolic link or /../. bool fs_mgr_create_canonical_mount_point(const std::string& mount_point); // Like fs_mgr_do_mount_one() but for overlayfs fstab entries. // Unlike fs_mgr_overlayfs, mount overlayfs without upperdir and workdir, so the // filesystem cannot be remount read-write. bool fs_mgr_mount_overlayfs_fstab_entry(const android::fs_mgr::FstabEntry& entry); Loading
fs_mgr/fs_mgr.cpp +78 −0 Original line number Diff line number Diff line Loading @@ -2265,3 +2265,81 @@ std::string fs_mgr_get_super_partition_name(int slot) { } return LP_METADATA_DEFAULT_PARTITION_NAME; } bool fs_mgr_create_canonical_mount_point(const std::string& mount_point) { auto saved_errno = errno; auto ok = true; auto created_mount_point = !mkdir(mount_point.c_str(), 0755); std::string real_mount_point; if (!Realpath(mount_point, &real_mount_point)) { ok = false; PERROR << "failed to realpath(" << mount_point << ")"; } else if (mount_point != real_mount_point) { ok = false; LERROR << "mount point is not canonical: realpath(" << mount_point << ") -> " << real_mount_point; } if (!ok && created_mount_point) { rmdir(mount_point.c_str()); } errno = saved_errno; return ok; } bool fs_mgr_mount_overlayfs_fstab_entry(const FstabEntry& entry) { auto overlayfs_valid_result = fs_mgr_overlayfs_valid(); if (overlayfs_valid_result == OverlayfsValidResult::kNotSupported) { LERROR << __FUNCTION__ << "(): kernel does not support overlayfs"; return false; } #if ALLOW_ADBD_DISABLE_VERITY == 0 // Allowlist the mount point if user build. static const std::vector<const std::string> kAllowedPaths = { "/odm", "/odm_dlkm", "/oem", "/product", "/system_ext", "/vendor", "/vendor_dlkm", }; static const std::vector<const std::string> kAllowedPrefixes = { "/mnt/product/", "/mnt/vendor/", }; if (std::none_of(kAllowedPaths.begin(), kAllowedPaths.end(), [&entry](const auto& path) -> bool { return entry.mount_point == path || StartsWith(entry.mount_point, path + "/"); }) && std::none_of(kAllowedPrefixes.begin(), kAllowedPrefixes.end(), [&entry](const auto& prefix) -> bool { return entry.mount_point != prefix && StartsWith(entry.mount_point, prefix); })) { LERROR << __FUNCTION__ << "(): mount point is forbidden on user build: " << entry.mount_point; return false; } #endif // ALLOW_ADBD_DISABLE_VERITY == 0 if (!fs_mgr_create_canonical_mount_point(entry.mount_point)) { return false; } auto options = "lowerdir=" + entry.lowerdir; if (overlayfs_valid_result == OverlayfsValidResult::kOverrideCredsRequired) { options += ",override_creds=off"; } // Use "overlay-" + entry.blk_device as the mount() source, so that adb-remout-test don't // confuse this with adb remount overlay, whose device name is "overlay". // Overlayfs is a pseudo filesystem, so the source device is a symbolic value and isn't used to // back the filesystem. However the device name would be shown in /proc/mounts. auto source = "overlay-" + entry.blk_device; auto report = "__mount(source=" + source + ",target=" + entry.mount_point + ",type=overlay," + options + ")="; auto ret = mount(source.c_str(), entry.mount_point.c_str(), "overlay", MS_RDONLY | MS_NOATIME, options.c_str()); if (ret) { PERROR << report << ret; return false; } LINFO << report << ret; return true; }
fs_mgr/fs_mgr_fstab.cpp +10 −11 Original line number Diff line number Diff line Loading @@ -127,16 +127,17 @@ void ParseMountFlags(const std::string& flags, FstabEntry* entry) { } fs_options.append(flag); if (entry->fs_type == "f2fs" && StartsWith(flag, "reserve_root=")) { std::string arg; if (auto equal_sign = flag.find('='); equal_sign != std::string::npos) { arg = flag.substr(equal_sign + 1); } const auto arg = flag.substr(equal_sign + 1); if (entry->fs_type == "f2fs" && StartsWith(flag, "reserve_root=")) { if (!ParseInt(arg, &entry->reserved_size)) { LWARNING << "Warning: reserve_root= flag malformed: " << arg; } else { entry->reserved_size <<= 12; } } else if (StartsWith(flag, "lowerdir=")) { entry->lowerdir = std::move(arg); } } } } Loading Loading @@ -298,8 +299,6 @@ void ParseFsMgrFlags(const std::string& flags, FstabEntry* entry) { if (!ParseByteCount(arg, &entry->zram_backingdev_size)) { LWARNING << "Warning: zram_backingdev_size= flag malformed: " << arg; } } else if (StartsWith(flag, "lowerdir=")) { entry->lowerdir = arg; } else { LWARNING << "Warning: unknown flag: " << flag; } Loading
fs_mgr/fs_mgr_overlayfs.cpp +0 −20 Original line number Diff line number Diff line Loading @@ -92,14 +92,6 @@ bool fs_mgr_overlayfs_mount_all(Fstab*) { return false; } bool fs_mgr_overlayfs_mount_fstab_entry(const std::string&, const std::string&) { return false; } std::vector<std::string> fs_mgr_overlayfs_required_devices(Fstab*) { return {}; } bool fs_mgr_overlayfs_setup(const char*, const char*, bool* change, bool) { if (change) *change = false; return false; Loading Loading @@ -1299,18 +1291,6 @@ static void TryMountScratch() { } } bool fs_mgr_overlayfs_mount_fstab_entry(const std::string& lowers, const std::string& mount_point) { if (fs_mgr_overlayfs_invalid()) return false; std::string aux = "lowerdir=" + lowers + ",override_creds=off"; auto rc = mount("overlay", mount_point.c_str(), "overlay", MS_RDONLY | MS_NOATIME, aux.c_str()); if (rc == 0) return true; return false; } bool fs_mgr_overlayfs_mount_all(Fstab* fstab) { auto ret = false; if (fs_mgr_overlayfs_invalid()) return ret; Loading
fs_mgr/fs_mgr_vendor_overlay.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -92,7 +92,7 @@ bool fs_mgr_vendor_overlay_mount(const std::pair<std::string, std::string>& moun } auto report = "__mount(source=overlay,target="s + vendor_mount_point + ",type=overlay," + options + ")="; auto ret = mount("overlay", vendor_mount_point.c_str(), "overlay", MS_RDONLY | MS_RELATIME, auto ret = mount("overlay", vendor_mount_point.c_str(), "overlay", MS_RDONLY | MS_NOATIME, options.c_str()); if (ret) { PERROR << report << ret; Loading
fs_mgr/include/fs_mgr.h +9 −0 Original line number Diff line number Diff line Loading @@ -131,3 +131,12 @@ int fs_mgr_remount_userdata_into_checkpointing(android::fs_mgr::Fstab* fstab); // Finds the dm_bow device on which this block device is stacked, or returns // empty string std::string fs_mgr_find_bow_device(const std::string& block_device); // Creates mount point if not already existed, and checks that mount point is a // canonical path that doesn't contain any symbolic link or /../. bool fs_mgr_create_canonical_mount_point(const std::string& mount_point); // Like fs_mgr_do_mount_one() but for overlayfs fstab entries. // Unlike fs_mgr_overlayfs, mount overlayfs without upperdir and workdir, so the // filesystem cannot be remount read-write. bool fs_mgr_mount_overlayfs_fstab_entry(const android::fs_mgr::FstabEntry& entry);
