| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| | |
uint32_t." into lmp-mr1-dev
* commit '0f86444b3912cadb4227755f3b80d2ff74841575':
sdcard : inode numbers must be fully representable as uint32_t.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This works around a bug on on 64 bit kernels + sdcard daemons
where we were using memory addresses as inode numbers.
bug: 19012244
Change-Id: Ia63c5b33b4212bf03ff92fa2faff0bb76e48791c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Vold mounts the sdcard with noexec, but the fuse deamon
mounts with exec, so it is still possible to execute
binaries:
/dev/fuse /storage/sdcard1 fuse rw,nosuid,nodev,relatime,
user_id=1023,group_id=1023,default_permissions,allow_other 0 0
/dev/block/vold/179:65 /mnt/media_rw/sdcard1 vfat rw,dirsync,
nosuid,nodev,noexec,relatime,uid=1023,gid=1023,fmask=0007,
dmask=0007,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,
shortname=mixed,utf8,errors=remount-ro 0 0
With this change both vold and fuse mounts with noexec.
(cherry picked from commit f777d6694eecf6e61d9859df2090199863050017)
Change-Id: I66cbfc3a3a89a26958f83577f5e7a5e27f99184e
|
| | |
| |
| |
| |
| |
| |
| | |
Use truncate64 instead of truncate so we don't truncate (ho ho) the offset.
Bug: https://code.google.com/p/android/issues/detail?id=74039
Change-Id: I63711ccd299e3ebc475563b1999817d1919571ab
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
even if the calling process itself would not be able to open the file.
Bug: 18688419
Change-Id: I640db19f19c1a677735fd0c14b7e2e38977d0f4d
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Vold mounts the sdcard with noexec, but the fuse deamon
mounts with exec, so it is still possible to execute
binaries:
/dev/fuse /storage/sdcard1 fuse rw,nosuid,nodev,relatime,
user_id=1023,group_id=1023,default_permissions,allow_other 0 0
/dev/block/vold/179:65 /mnt/media_rw/sdcard1 vfat rw,dirsync,
nosuid,nodev,noexec,relatime,uid=1023,gid=1023,fmask=0007,
dmask=0007,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,
shortname=mixed,utf8,errors=remount-ro 0 0
With this change both vold and fuse mounts with noexec.
Change-Id: I66cbfc3a3a89a26958f83577f5e7a5e27f99184e
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add initialization of the output value in handle_write.
This value is referred to in FUSE so initialization is
necessary.
See also handle_open and handle_opendir.
Change-Id: I6507f113da9f6823fbfa459624d6594fc20afa51
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Right now we still have the kernel names, but they're only there by
"virtue" of macro namespace pollution, so I'd like to get rid of them.
Bug: 18298106
Change-Id: Ifed0b3a9238c79a99d8a2b62e0f5897c50a725d1
|
| |\ \
| | |
| | |
| | |
| | | |
* commit 'f37bfb32eb82393d14e339684c9f508cea3b0ab4':
Use the correct fuse_init_out structure size.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Kernel 2.6.16 is the first stable kernel with struct fuse_init_out
defined (fuse version 7.6). The structure is the same from 7.6 through
7.22. Beginning with 7.23, the structure increased in size and added
new parameters.
If the kernel only works on minor revs older than or equal to 22,
then use the older structure size since this code only uses the 7.22
version of the structure.
Change-Id: If2507a02ad674fcf02869a325221339ae1ace64d
|
| |\ \ \
| |/ /
| | /
| |/
|/| |
* commit '33a5575a585bdc4000be06f96554309b5d3471ff':
Fix sdcard truncates.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Use truncate64 instead of truncate so we don't truncate (ho ho) the offset.
(cherrypick of 4568565e85bf2e1ea11b2e09d72e244088c05dbc.)
Bug: https://code.google.com/p/android/issues/detail?id=74039
Change-Id: I63711ccd299e3ebc475563b1999817d1919571ab
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Before running the sdcard daemon, make sure that installd has
completed all upgrades to /data that it needs to complete.
This avoids race conditions between installd and the sdcard daemon.
Maybe fixes bug 16329437.
(cherrypicked from commit 8d28fa71fce6a5623488614250970ce78551a924)
Bug: 16329437
Change-Id: I5e164f08009c1036469f8734ec07cbae9c5e262b
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When built with "#define FUSE_TRACE 1" numerous TRACE statements
failed to compile because of mismatches between format strings and
types (uint64_t and size_t). These have been corrected by using the
format strings from the inttype.h header file, or %zu.
Change-Id: I36cd6f8da0790f1218d7dbaaa5b3bbfa4df7fdee
Signed-off-by: Marcus Oakland <marcus.oakland@arm.com>
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Before running the sdcard daemon, make sure that installd has
completed all upgrades to /data that it needs to complete.
This avoids race conditions between installd and the sdcard daemon.
Maybe fixes bug 16329437.
Bug: 16329437
Change-Id: I5e164f08009c1036469f8734ec07cbae9c5e262b
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When built with "#define FUSE_TRACE 1" numerous TRACE statements
failed to compile because of mismatches between format strings and
types (uint64_t and size_t). These have been corrected by using the
format strings from the inttype.h header file, or %zu.
Signed-off-by: Marcus Oakland <marcus.oakland@arm.com>
(cherry picked from commit d33308752fb7cecac751f20f4651aec05fc889db)
Change-Id: I550b422a6b7c92ea903b4dd8f5e4aec5637cdf67
|
| |\ \
| |/
| |
| |
| |
| |
| | |
handling."
* commit 'f043f061295a787aca42186fe9ab87c24d393b92':
Fix sdcard's FUSE_FSYNCDIR handling.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For a file the FUSE fh is a struct handle containing an int fd;
for a directory it's a struct dirhandle containing a DIR*. Fix
handle_fsync to extract the file descriptor appropriately in
both cases.
Bug: 14613980
Change-Id: I45515cff6638e27a99b849e6fc639d355dbb4d27
|
| |\ \
| |/
| |
| |
| |
| |
| | |
rather than stderr."
* commit '9464566580559b7353e6e2c898da79ffbbf993aa':
Make sdcard log to the log rather than stderr.
|
| | |
| |
| |
| | |
Change-Id: I9c78941184c5e364055bfac766e1e542d3c23c87
|
| |\ \
| |/
|/|
| |
| | |
* commit '2e7d80d10acf95076dfb1f2727455432091de65f':
Per-app media directories on external storage.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change defines per-app directories on external storage that
will be scanned and included in MediaStore. This gives apps a way
to write content to secondary shared storage in a way that can
easily be surfaced to other apps.
Bug: 14382377
Change-Id: I6f03d8076a9391d8b9eb8421ec3fc93669b3ba0d
|
| |/
|
|
| |
Change-Id: I40fce5a69a898e79542aa7688d077ff7bc40ed4f
|
| |
|
|
|
|
| |
No need for an out-of-date copy of a uapi header.
Change-Id: Iec68c6ceb2bceca1ceef0c57e0b45a89a139e292
|
| |
|
|
|
|
|
|
| |
There have been issues with sdcard data corruption even after
successfully calling fsync for /sdcard. This is caused by
the sdcard daemon doing nothing in this case.
Change-Id: I48149ceabdac79ac535b35c2598bb1fbb5410883
|
| |
|
|
|
|
|
|
|
| |
It is not enough to align the read buffer only, because
consequent writes might still fail with EINVAL. The write
buffer should be also aligned according to the write(2)
manual page.
Change-Id: I7547dec5208732c56f4466c1b0c88f36dabacf5b
|
| |
|
|
|
|
|
|
|
|
| |
If a file is opened in direct I/O mode (with O_DIRECT flag),
the read buffer addess must be aligned to memory page size
boundary. The Direct I/O is not needed for normal files,
however, some special hardware access (e.g. smart SD cards)
will not work without it.
Change-Id: I42babeee86dba1880fd23e2592fddd7060da3e20
|
| |
|
|
|
|
|
| |
Fixes -Wint-to-pointer and -Wpointer-to-int warnings, plus various -Wformat
warnings.
Change-Id: I6c5eea6b4273d82d28b8e5d2925f3e5457511b17
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add sdcard FUSE daemon flag to specify the GID required for a package
to have write access. Normally sdcard_rw, but it will be media_rw
for secondary external storage devices, so DefaultContainerService
can still clean up package directories after uninstall.
Create /mnt/media_rw which is where vold will mount raw secondary
external storage devices before wrapping them in a FUSE instance.
Bug: 10330128, 10330229
Change-Id: I4385c36fd9035cdf56892aaf7b36ef4b81f4418a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this change, FUSE lookup() would have the side effect of
creating the directory on behalf of apps. This resulted in most
directories being created just by Settings trying to measure disk
space. Instead, we're switching to have vold do directory creation
when an app doesn't have enough permissions.
Create fs_mkdirs() utility to create all parent directories in a
path as needed. Allow traversal (+x) into /storage directories.
Fix FUSE derived permissions to be case insensitive. Mark well-known
directories as .nomedia when created.
Bug: 10577808, 10330221
Change-Id: I53114f2e63ffbe6de4ba6a72d94a232523231cad
|
| |
|
|
|
| |
Bug: 10547597
Change-Id: Ied909f9047c2567e93dde0f4658d6e4b9ff161ab
|
| |
|
|
|
|
|
|
|
| |
handle_rename() would end up acquiring the lock twice. Change to
always derive has_rw inside earlier locks (instead of acquiring a
second time), and pass the value into check_caller_access_to_name().
Bug: 10547597
Change-Id: If5744d6d226a4785676c19d0f7fdf1c05060ed76
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The fuse_open_out structure returned to the kernel by handle_opendir()
was not properly initializing all the fields. The symptom was recursive
ls (ls -R) failing on the emulated sdcard filesystem, because rewinddir(3)
was failing with ESPIPE.
Bug: 7168594
Change-Id: I56ddfd3453e6aac34fe6e001e88c4c46fb2eb271
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The legacy internal layout places users at the top-level of the
filesystem, so handle with new PERM_LEGACY_PRE_ROOT when requested.
Mirror single OBB directory between all users without requiring fancy
bind mounts by letting a nodes graft in another part of the
underlying tree.
Move to everything having "sdcard_r" GID by default, and verify that
calling apps hold "sdcard_rw" when performing mutations. Determines
app group membership from new packages.list column.
Flag to optionally enable sdcard_pics/sdcard_av permissions
splitting. Flag to supply a default GID for all files. Ignore
attempts to access security sensitive files. Fix run-as to check for
new "package_info" GID.
Change-Id: Id5f3680779109141c65fb8fa1daf56597f49ea0d
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes the FUSE daemon to synthesize an Android-specific set of
filesystem permissions, even when the underlying media storage is
permissionless. This is designed to support several features:
First, apps can access their own files in /Android/data/com.example/
without requiring any external storage permissions. This is enabled
by allowing o+x on parent directories, and assigning the UID owner
based on the directory name (package name). The mapping from package
to appId is parsed from packages.list, which is updated when apps are
added/removed. Changes are observed through inotify. It creates
missing package name directories when requested and valid.
Second, support for separate permissions for photos and audio/video
content on the device through new GIDs which are assigned based on
top-level directory names.
Finally, support for multi-user separation on the same physical media
through new /Android/user/ directory, which will be bind-mounted
into place. It recursively applies the above rules to each secondary
user.
rwxrwx--x root:sdcard_rw /
rwxrwx--- root:sdcard_pics /Pictures
rwxrwx--- root:sdcard_av /Music
rwxrwx--x root:sdcard_rw /Android
rwxrwx--x root:sdcard_rw /Android/data
rwxrwx--- u0_a12:sdcard_rw /Android/data/com.example
rwxrwx--x root:sdcard_rw /Android/obb/
rwxrwx--- u0_a12:sdcard_rw /Android/obb/com.example
rwxrwx--- root:sdcard_all /Android/user
rwxrwx--x root:sdcard_rw /Android/user/10
rwxrwx--- u10_a12:sdcard_rw /Android/user/10/Android/data/com.example
These derived permissions are disabled by default. Switched option
parsing to getopt().
Change-Id: I21bf5d79d13f0f07a6a116122b16395f4f97505b
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The default is 1024 files, and in some testing, the limit has been
hit. This raises the limit to 8192. Going higher starts to cause
performance issues (I started to notice that around 16K open files
in my testing) as sdcard does linear searches. If a higher max
is needed, then the sdcard daemon will need some optimizations.
Bug: 7442187
Change-Id: I7aba7f4556ed70651f36244294a6756f3d6b8963
|
| |\
| |
| |
| | |
Change-Id: I04982ff2b092274b940a621b238c2246349aa85e
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Clang turned up some signed/unsigned comparison warnings. These warnings
have been fixed by cleaning up sdcard slightly:
- Don't use negative numbers for invalid gid/uid.
- sdcard takes a fixed number of arguments now so assert on that instead
of using a for loop.
- Also fixed usage string to reflect this fact.
Change-Id: Iee58a8e9aaedb3d40ad7dfeef63d8cd1fe1cd248
Author: Edwin Vane <edwin.vane@intel.com>
Reviewed-by: Kevin P Schoedel <kevin.p.schoedel@intel.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Enables init.rc to provide both paths, instead of hard-coding the
destination.
Bug: 6925012
Change-Id: I666cde710baad965b98619b68fcbcbb104973da3
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The essential idea here is that a handler thread only needs to
hold a lock on the global node table while it is manipulating
nodes. The actual I/O operation is then performed without
holding any locks.
By default, we use 2 threads but this can be configured on the
command-line. Work is sheduled somewhat arbitrarily by the
handler threads. Whichever thread happens to read() the next
request first wins the right process it. This policy is very
simple but potentially wastes threads when there isn't much
work to be done. We can always improve this later if needed.
Change-Id: Id27a27c2c9b40d4f8e35a6bef9dd84f0dfacf337
|
| | |
| |
| |
| |
| |
| |
| | |
This is mostly a structural change. The handlers have been moved
into individual functions, which will help with upcoming changes.
Change-Id: I774739d859e177d6b5d4186d2771444166b734fa
|
| | |
| |
| |
| |
| |
| |
| | |
Also use PATH_MAX instead of PATH_BUFFER to determine the
maximum path length.
Change-Id: Ic78f731d339a2a97766d29d222dd27cac4e620ce
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This request is needed for application correctness, without which
data corruption may result.
Bug: 6488845
Change-Id: I3d676c2e40f6e6b37d5d270c7cb40f1bf8c1fa47
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use constants to specify MAX_READ and MAX_WRITE buffer sizes and
use that to determine the size of the buffers that we need.
Be more careful about how the request header and data payload are
extracted. For example, the old code did len -= hdr->len, but
since len == hdr->len, this value was always 0. It turns out we
didn't use len thereafter, but we might want to for sanity checking
incoming requests.
Use const to make it clearer what data is coming out of the request.
Removed spurious error reply from FUSE_WRITE. It serves no purpose
and is ignored by the kernel.
Bug: 6488845
Change-Id: Ia328532979868f0aaea43744a49662f2f4511bfe
|
| |/
|
|
|
|
|
|
|
| |
Removed references to unsupported command-line arguments.
Fixed compiler warnings.
Bug: 6488845
Change-Id: I50cb865609ea0fa5824ae2741b831cd886033055
|
| |
|
|
|
|
|
|
|
|
| |
Slightly optimizes the writes used by sdcard to increase
throughput and decrease cpu load. Update the read
size to 256 x 1024 + 128 from current 8192 bytes since
writes can go as high as that.
Change-Id: I3bad425f31d4aa6f44f546e3d31439fd5bdca9ea
Signed-off-by: Sundar Raman <sunds@ti.com>
|
| |
|
|
|
| |
Bug: 6131916
Change-Id: Iab4d2a36b1dd979f7a9a0583d51dca3c5e38e681
|
