Replace fix permissions with fix contexts for emulated storage

LOCAL_SRC_FILES := \

LOCAL_SRC_FILES := \

    twrp.cpp \

    twrp.cpp \

    fixPermissions.cpp \

    fixContexts.cpp \

    twrpTar.cpp \

    twrpTar.cpp \

    twrpDU.cpp \

    twrpDU.cpp \

    twrpDigest.cpp \

    twrpDigest.cpp \

    dump_image \

    dump_image \

    erase_image \

    erase_image \

    flash_image \

    flash_image \

    fix_permissions.sh \

    mke2fs.conf \

    mke2fs.conf \

    pigz \

    pigz \

    teamwin \

    teamwin \

/*

	Copyright 2012-2016 bigbiff/Dees_Troy TeamWin

	This file is part of TWRP/TeamWin Recovery Project.

	TWRP is free software: you can redistribute it and/or modify

	it under the terms of the GNU General Public License as published by

	the Free Software Foundation, either version 3 of the License, or

	(at your option) any later version.

	TWRP is distributed in the hope that it will be useful,

	but WITHOUT ANY WARRANTY; without even the implied warranty of

	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License

	along with TWRP.  If not, see <http://www.gnu.org/licenses/>.

*/

#include <string>

#include <unistd.h>

#include <sys/stat.h>

#include <dirent.h>

#include <errno.h>

#include <cctype>

#include "fixContexts.hpp"

#include "twrp-functions.hpp"

#include "twcommon.h"

#ifdef HAVE_SELINUX

#include "selinux/selinux.h"

#include "selinux/label.h"

#include "selinux/android.h"

#include "selinux/label.h"

#endif

using namespace std;

#ifdef HAVE_SELINUX

struct selabel_handle *sehandle;

struct selinux_opt selinux_options[] = {

	{ SELABEL_OPT_PATH, "/file_contexts" }

};

int fixContexts::restorecon(string entry, struct stat *sb) {

	char *oldcontext, *newcontext;

	if (lgetfilecon(entry.c_str(), &oldcontext) < 0) {

		LOGINFO("Couldn't get selinux context for %s\n", entry.c_str());

		return -1;

	}

	if (selabel_lookup(sehandle, &newcontext, entry.c_str(), sb->st_mode) < 0) {

		LOGINFO("Couldn't lookup selinux context for %s\n", entry.c_str());

		return -1;

	}

	if (strcmp(oldcontext, newcontext) != 0) {

		LOGINFO("Relabeling %s from %s to %s\n", entry.c_str(), oldcontext, newcontext);

		if (lsetfilecon(entry.c_str(), newcontext) < 0) {

			LOGINFO("Couldn't label %s with %s: %s\n", entry.c_str(), newcontext, strerror(errno));

		}

	}

	freecon(oldcontext);

	freecon(newcontext);

	return 0;

}

int fixContexts::fixContextsRecursively(string name, int level) {

	DIR *d;

	struct dirent *de;

	struct stat sb;

	string path;

	if (!(d = opendir(name.c_str())))

		return -1;

	if (!(de = readdir(d)))

		return -1;

	do {

		if (de->d_type ==  DT_DIR) {

			if (strcmp(de->d_name, ".") == 0 || strcmp(de->d_name, "..") == 0)

				continue;

			path = name + "/" + de->d_name;

			restorecon(path, &sb);

			fixContextsRecursively(path, level + 1);

		}

		else {

			path = name + "/" + de->d_name;

			restorecon(path, &sb);

		}

	} while ((de = readdir(d)));

	closedir(d);

	return 0;

}

int fixContexts::fixDataMediaContexts(string Mount_Point) {

	DIR *d;

	struct dirent *de;

	struct stat sb;

	LOGINFO("Fixing media contexts on '%s'\n", Mount_Point.c_str());

	sehandle = selabel_open(SELABEL_CTX_FILE, selinux_options, 1);

	if (!sehandle) {

		LOGINFO("Unable to open /file_contexts\n");

		return 0;

	}

	if (TWFunc::Path_Exists(Mount_Point + "/media/0")) {

		string dir = Mount_Point + "/media";

		if (!(d = opendir(dir.c_str()))) {

			LOGINFO("opendir failed (%s)\n", strerror(errno));

			return -1;

		}

		if (!(de = readdir(d))) {

			LOGINFO("readdir failed (%s)\n", strerror(errno));

			closedir(d);

			return -1;

		}

		do {

			if (strcmp(de->d_name, ".") == 0 || strcmp(de->d_name, "..") == 0 || de->d_type != DT_DIR)

				continue;

			size_t len = strlen(de->d_name);

			bool is_numeric = true;

			char* folder_name = de->d_name;

			for (size_t i = 0; i < len; i++) {

				if (!isdigit(*folder_name)) {

					is_numeric = false;

					break;

				}

				folder_name++;

			}

			if (is_numeric) {

				dir = Mount_Point + "/media/";

				dir += de->d_name;

				restorecon(dir, &sb);

				fixContextsRecursively(dir, 0);

			}

		} while ((de = readdir(d)));

		closedir(d);

	} else if (TWFunc::Path_Exists(Mount_Point + "/media")) {

		restorecon(Mount_Point + "/media", &sb);

		fixContextsRecursively(Mount_Point + "/media", 0);

	} else {

		LOGINFO("fixDataMediaContexts: %s/media does not exist!\n", Mount_Point.c_str());

		return 0;

	}

	selabel_close(sehandle);

	return 0;

}

#else

int fixContexts::restorecon(string entry __unused, struct stat *sb __unused) {

	return -1;

}

int fixContexts::fixContextsRecursively(string name __unused, int level __unused) {

	return -1;

}

int fixContexts::fixDataMediaContexts(string Mount_Point __unused) {

	return -1;

}

#endif

/*

	Copyright 2012-2016 bigbiff/Dees_Troy TeamWin

	This file is part of TWRP/TeamWin Recovery Project.

	TWRP is free software: you can redistribute it and/or modify

	it under the terms of the GNU General Public License as published by

	the Free Software Foundation, either version 3 of the License, or

	(at your option) any later version.

	TWRP is distributed in the hope that it will be useful,

	but WITHOUT ANY WARRANTY; without even the implied warranty of

	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License

	along with TWRP.  If not, see <http://www.gnu.org/licenses/>.

*/

#ifndef __FIXCONTEXTS_HPP

#define __FIXCONTEXTS_HPP

#include <string>

using namespace std;

class fixContexts {

	public:

		static int fixDataMediaContexts(string Mount_Point);

	private:

		static int restorecon(string entry, struct stat *sb);

		static int fixContextsRecursively(string path, int level);

};

#endif

/*

	Copyright 2012 bigbiff/Dees_Troy TeamWin

	This file is part of TWRP/TeamWin Recovery Project.

	TWRP is free software: you can redistribute it and/or modify

	it under the terms of the GNU General Public License as published by

	the Free Software Foundation, either version 3 of the License, or

	(at your option) any later version.

	TWRP is distributed in the hope that it will be useful,

	but WITHOUT ANY WARRANTY; without even the implied warranty of

	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License

	along with TWRP.  If not, see <http://www.gnu.org/licenses/>.

*/

#include <iostream>

#include <fstream>

#include <sstream>

#include <string>

#include <vector>

#include <string.h>

#include <libgen.h>

#include <unistd.h>

#include <sys/stat.h>

#include <dirent.h>

#include <errno.h>

#include "gui/rapidxml.hpp"

#include "fixPermissions.hpp"

#include "twrp-functions.hpp"

#include "twcommon.h"

#ifdef HAVE_SELINUX

#include "selinux/selinux.h"

#include "selinux/label.h"

#include "selinux/android.h"

#include "selinux/label.h"

#endif

using namespace std;

using namespace rapidxml;

static const mode_t kMode_0600 = 0600; // S_IRUSR | S_IWUSR

static const mode_t kMode_0640 = 0640; // S_IRUSR | S_IWUSR | S_IRGRP

static const mode_t kMode_0644 = 0644; // S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH

static const mode_t kMode_0660 = 0660; // S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP

static const mode_t kMode_0755 = 0755; // S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH

static const mode_t kMode_0771 = 0771; // S_IRWXU | S_IRWXG | S_IXOTH

fixPermissions::fixPermissions() : head(NULL) {

}

fixPermissions::~fixPermissions() {

	deletePackages();

}

#ifdef HAVE_SELINUX

struct selabel_handle *sehandle;

struct selinux_opt selinux_options[] = {

	{ SELABEL_OPT_PATH, "/file_contexts" }

};

int fixPermissions::restorecon(string entry, struct stat *sb) {

	char *oldcontext, *newcontext;

	if (lgetfilecon(entry.c_str(), &oldcontext) < 0) {

		LOGINFO("Couldn't get selinux context for %s\n", entry.c_str());

		return -1;

	}

	if (selabel_lookup(sehandle, &newcontext, entry.c_str(), sb->st_mode) < 0) {

		LOGINFO("Couldn't lookup selinux context for %s\n", entry.c_str());

		return -1;

	}

	if (strcmp(oldcontext, newcontext) != 0) {

		LOGINFO("Relabeling %s from %s to %s\n", entry.c_str(), oldcontext, newcontext);

		if (lsetfilecon(entry.c_str(), newcontext) < 0) {

			LOGINFO("Couldn't label %s with %s: %s\n", entry.c_str(), newcontext, strerror(errno));

		}

	}

	freecon(oldcontext);

	freecon(newcontext);

	return 0;

}

int fixPermissions::fixDataDataContexts(void) {

	string dir = "/data/data/";

	sehandle = selabel_open(SELABEL_CTX_FILE, selinux_options, 1);

	if (!sehandle) {

		LOGINFO("Unable to open /file_contexts\n");

		return 0;

	}

	if (TWFunc::Path_Exists(dir)) {

		fixContextsRecursively(dir, 0);

	}

	selabel_close(sehandle);

	return 0;

}

int fixPermissions::fixContextsRecursively(string name, int level) {

	DIR *d;

	struct dirent *de;

	struct stat sb;

	string path;

	if (!(d = opendir(name.c_str())))

		return -1;

	if (!(de = readdir(d)))

		return -1;

	do {

		if (de->d_type ==  DT_DIR) {

			if (strcmp(de->d_name, ".") == 0 || strcmp(de->d_name, "..") == 0)

				continue;

			path = name + "/" + de->d_name;

			restorecon(path, &sb);

			fixContextsRecursively(path, level + 1);

		}

		else {

			path = name + "/" + de->d_name;

			restorecon(path, &sb);

		}

	} while ((de = readdir(d)));

	closedir(d);

	return 0;

}

int fixPermissions::fixDataInternalContexts(void) {

	DIR *d;

	struct dirent *de;

	struct stat sb;

	string dir, androiddir;

	sehandle = selabel_open(SELABEL_CTX_FILE, selinux_options, 1);

	if (!sehandle) {

		LOGINFO("Unable to open /file_contexts\n");

		return 0;

	}

	// TODO: what about /data/media/1 etc.?

	if (TWFunc::Path_Exists("/data/media/0"))

		dir = "/data/media/0";

	else

		dir = "/data/media";

	if (!TWFunc::Path_Exists(dir)) {

		LOGINFO("fixDataInternalContexts: '%s' does not exist!\n", dir.c_str());

		return 0;

	}

	LOGINFO("Fixing %s contexts\n", dir.c_str());

	restorecon(dir, &sb);

	d = opendir(dir.c_str());

	while (( de = readdir(d)) != NULL) {

		stat(de->d_name, &sb);

		string f;

		f = dir + "/" + de->d_name;

		restorecon(f, &sb);

	}

	closedir(d);

	androiddir = dir + "/Android/";

	if (TWFunc::Path_Exists(androiddir)) {

		fixContextsRecursively(androiddir, 0);

	}

	selabel_close(sehandle);

	return 0;

}

#endif

int fixPermissions::fixPerms(bool enable_debug, bool remove_data_for_missing_apps) {

	string packageFile = "/data/system/packages.xml";

	debug = enable_debug;

	remove_data = remove_data_for_missing_apps;

	bool multi_user = TWFunc::Path_Exists("/data/user");

	if (!(TWFunc::Path_Exists(packageFile))) {

		gui_print("Can't check permissions\n");

		gui_print("after Factory Reset.\n");

		gui_print("Please boot rom and try\n");

		gui_print("again after you reboot into\n");

		gui_print("recovery.\n");

		return -1;

	}

	gui_print("Fixing permissions...\nLoading packages...\n");

	if ((getPackages(packageFile)) != 0) {

		return -1;

	}

	gui_print("Fixing app permissions...\n");

	if (fixApps() != 0) {

		return -1;

	}

	if (multi_user) {

		DIR *d = opendir("/data/user");

		string new_path, user_id;

		if (d == NULL) {

			LOGERR("Error opening '/data/user'\n");

			return -1;

		}

		if (d) {

			struct dirent *p;

			while ((p = readdir(d))) {

				if (!strcmp(p->d_name, ".") || !strcmp(p->d_name, ".."))

					continue;

				new_path = "/data/user/";

				new_path.append(p->d_name);

				user_id = "u";

				user_id += p->d_name;

				user_id += "_";

				if (p->d_type == DT_LNK) {

					char link[512], realPath[512];

					strcpy(link, new_path.c_str());

					memset(realPath, 0, sizeof(realPath));

					while (readlink(link, realPath, sizeof(realPath)) > 0) {

						strcpy(link, realPath);

						memset(realPath, 0, sizeof(realPath));

					}

					new_path = link;

				} else if (p->d_type != DT_DIR) {

					continue;

				} else {

					new_path.append("/");

					// We're probably going to need to fix permissions on multi user but

					// it will have to wait for another time. Need to figure out where

					// the uid and gid is stored for other users.

					continue;

				}

				gui_print("Fixing %s permissions...\n", new_path.c_str());

				if ((fixDataData(new_path)) != 0) {

					closedir(d);

					return -1;

				}

			}

			closedir(d);

		}

	} else {

		gui_print("Fixing /data/data permissions...\n");

		if ((fixDataData("/data/data/")) != 0) {

			return -1;

		}

	}

	gui_print("Done fixing permissions.\n");

	return 0;

}

int fixPermissions::fixContexts()

{

#ifdef HAVE_SELINUX

	gui_print("Fixing /data/data/ contexts.\n");

	fixDataDataContexts();

	fixDataInternalContexts();

	gui_print("Done fixing contexts.\n");

	return 0;

#endif

	gui_print("Not fixing SELinux contexts; support not compiled in.\n");

	return -1;

}

int fixPermissions::pchown(string fn, int puid, int pgid) {

	LOGINFO("Fixing %s, uid: %d, gid: %d\n", fn.c_str(), puid, pgid);

	if (chown(fn.c_str(), puid, pgid) != 0) {

		LOGERR("Unable to chown '%s' %i %i\n", fn.c_str(), puid, pgid);

		return -1;

	}

	return 0;

}

int fixPermissions::pchmod(string fn, mode_t mode) {

	LOGINFO("Fixing %s, mode: %o\n", fn.c_str(), mode);

	if (chmod(fn.c_str(), mode) != 0) {

		LOGERR("Unable to chmod '%s' %o\n", fn.c_str(), mode);

		return -1;

	}

	return 0;

}

int fixPermissions::fixApps() {

	package* temp = head;

	while (temp != NULL) {

		struct stat st;

		if (stat(temp->codePath.c_str(), &st) == 0) {

			int new_uid = 0;

			int new_gid = 0;

			mode_t perms = 0;

			bool fix = false;

			if (temp->appDir.compare("/system/app") == 0 || temp->appDir.compare("/system/priv-app") == 0) {

				fix = true;

				new_uid = 0;

				new_gid = 0;

				perms = kMode_0644;

			} else if (temp->appDir.compare("/data/app") == 0 || temp->appDir.compare("/sd-ext/app") == 0) {

				fix = true;

				new_uid = 1000;

				new_gid = 1000;

				perms = kMode_0644;

			} else if (temp->appDir.compare("/data/app-private") == 0 || temp->appDir.compare("/sd-ext/app-private") == 0) {

				fix = true;

				new_uid = 1000;

				new_gid = temp->gid;

				perms = kMode_0640;

			} else

				fix = false;

			if (fix) {

				if (debug) {

					LOGINFO("Looking at '%s'\n", temp->codePath.c_str());

					LOGINFO("Fixing permissions on '%s'\n", temp->pkgName.c_str());

					LOGINFO("Directory: '%s'\n", temp->appDir.c_str());

					LOGINFO("Original package owner: %d, group: %d\n", temp->uid, temp->gid);

				}

				if (S_ISDIR(st.st_mode)) {

					// Android 5.0 introduced codePath pointing to a directory instead of the apk itself

					// TODO: check what this should do

					if (fixDir(temp->codePath, new_uid, new_gid, kMode_0755, new_uid, new_gid, perms) != 0)

						return -1;

				} else {

					if (pchown(temp->codePath, new_uid, new_gid) != 0)

						return -1;

					if (pchmod(temp->codePath, perms) != 0)

						return -1;

				}

			}

		} else if (remove_data) {

			//Remove data directory since app isn't installed

			string datapath = "/data/data/" + temp->dDir;

			if (TWFunc::Path_Exists(datapath) && temp->appDir.size() >= 9 && temp->appDir.substr(0, 9) != "/mnt/asec") {

				if (debug)

					LOGINFO("Looking at '%s', removing data dir: '%s', appDir: '%s'", temp->codePath.c_str(), datapath.c_str(), temp->appDir.c_str());

				if (TWFunc::removeDir(datapath, false) != 0) {

					LOGINFO("Unable to removeDir '%s'\n", datapath.c_str());

					return -1;

				}

			}

		}

		temp = temp->next;

	}

	return 0;

}

int fixPermissions::fixAllFiles(string directory, int uid, int gid, mode_t file_perms) {

	vector <string> files;

	string file;

	files = listAllFiles(directory);

	for (unsigned i = 0; i < files.size(); ++i) {

		file = directory + "/";

		file.append(files.at(i));

		if (debug)

			LOGINFO("Looking at file '%s'\n", file.c_str());

		if (pchmod(file, file_perms) != 0)

			return -1;

		if (pchown(file, uid, gid) != 0)

			return -1;

	}

	return 0;

}

int fixPermissions::fixDir(const string& dir, int diruid, int dirgid, mode_t dirmode, int fileuid, int filegid, mode_t filemode)

{

	if (pchmod(dir.c_str(), dirmode) != 0)

		return -1;

	if (pchown(dir.c_str(), diruid, dirgid) != 0)

		return -1;

	if (fixAllFiles(dir, fileuid, filegid, filemode) != 0)

		return -1;

	return 0;

}

int fixPermissions::fixDataData(string dataDir) {

	package* temp = head;

	while (temp != NULL) {

		string dir = dataDir + temp->dDir;

		if (TWFunc::Path_Exists(dir)) {

			vector <string> dataDataDirs = listAllDirectories(dir);

			for (unsigned n = 0; n < dataDataDirs.size(); ++n) {

				string directory = dir + "/";

				directory.append(dataDataDirs.at(n));

				if (debug)

					LOGINFO("Looking at data directory: '%s'\n", directory.c_str());

				if (dataDataDirs.at(n) == ".") {

					if (fixDir(directory, temp->uid, temp->gid, kMode_0755, temp->uid, temp->gid, kMode_0755) != 0)