blob: 84df23ac0d5f9b547317fdabf8e11097388794f5
1 | /* |
2 | * fs/sdcardfs/inode.c |
3 | * |
4 | * Copyright (c) 2013 Samsung Electronics Co. Ltd |
5 | * Authors: Daeho Jeong, Woojoong Lee, Seunghwan Hyun, |
6 | * Sunghwan Yun, Sungjong Seo |
7 | * |
8 | * This program has been developed as a stackable file system based on |
9 | * the WrapFS which written by |
10 | * |
11 | * Copyright (c) 1998-2011 Erez Zadok |
12 | * Copyright (c) 2009 Shrikar Archak |
13 | * Copyright (c) 2003-2011 Stony Brook University |
14 | * Copyright (c) 2003-2011 The Research Foundation of SUNY |
15 | * |
16 | * This file is dual licensed. It may be redistributed and/or modified |
17 | * under the terms of the Apache 2.0 License OR version 2 of the GNU |
18 | * General Public License. |
19 | */ |
20 | |
21 | #include "sdcardfs.h" |
22 | #include <linux/fs_struct.h> |
23 | #include <linux/ratelimit.h> |
24 | |
25 | /* Do not directly use this function. Use OVERRIDE_CRED() instead. */ |
26 | const struct cred *override_fsids(struct sdcardfs_sb_info *sbi, |
27 | struct sdcardfs_inode_data *data) |
28 | { |
29 | struct cred *cred; |
30 | const struct cred *old_cred; |
31 | uid_t uid; |
32 | |
33 | cred = prepare_creds(); |
34 | if (!cred) |
35 | return NULL; |
36 | |
37 | if (sbi->options.gid_derivation) { |
38 | if (data->under_obb) |
39 | uid = AID_MEDIA_OBB; |
40 | else |
41 | uid = multiuser_get_uid(data->userid, sbi->options.fs_low_uid); |
42 | } else { |
43 | uid = sbi->options.fs_low_uid; |
44 | } |
45 | cred->fsuid = make_kuid(&init_user_ns, uid); |
46 | cred->fsgid = make_kgid(&init_user_ns, sbi->options.fs_low_gid); |
47 | |
48 | old_cred = override_creds(cred); |
49 | |
50 | return old_cred; |
51 | } |
52 | |
53 | /* Do not directly use this function, use REVERT_CRED() instead. */ |
54 | void revert_fsids(const struct cred *old_cred) |
55 | { |
56 | const struct cred *cur_cred; |
57 | |
58 | cur_cred = current->cred; |
59 | revert_creds(old_cred); |
60 | put_cred(cur_cred); |
61 | } |
62 | |
63 | static int sdcardfs_create(struct inode *dir, struct dentry *dentry, |
64 | umode_t mode, bool want_excl) |
65 | { |
66 | int err; |
67 | struct dentry *lower_dentry; |
68 | struct vfsmount *lower_dentry_mnt; |
69 | struct dentry *lower_parent_dentry = NULL; |
70 | struct path lower_path; |
71 | const struct cred *saved_cred = NULL; |
72 | struct fs_struct *saved_fs; |
73 | struct fs_struct *copied_fs; |
74 | |
75 | if (!check_caller_access_to_name(dir, &dentry->d_name)) { |
76 | err = -EACCES; |
77 | goto out_eacces; |
78 | } |
79 | |
80 | /* save current_cred and override it */ |
81 | OVERRIDE_CRED(SDCARDFS_SB(dir->i_sb), saved_cred, SDCARDFS_I(dir)); |
82 | |
83 | sdcardfs_get_lower_path(dentry, &lower_path); |
84 | lower_dentry = lower_path.dentry; |
85 | lower_dentry_mnt = lower_path.mnt; |
86 | lower_parent_dentry = lock_parent(lower_dentry); |
87 | |
88 | /* set last 16bytes of mode field to 0664 */ |
89 | mode = (mode & S_IFMT) | 00664; |
90 | |
91 | /* temporarily change umask for lower fs write */ |
92 | saved_fs = current->fs; |
93 | copied_fs = copy_fs_struct(current->fs); |
94 | if (!copied_fs) { |
95 | err = -ENOMEM; |
96 | goto out_unlock; |
97 | } |
98 | current->fs = copied_fs; |
99 | current->fs->umask = 0; |
100 | err = vfs_create2(lower_dentry_mnt, d_inode(lower_parent_dentry), lower_dentry, mode, want_excl); |
101 | if (err) |
102 | goto out; |
103 | |
104 | err = sdcardfs_interpose(dentry, dir->i_sb, &lower_path, |
105 | SDCARDFS_I(dir)->data->userid); |
106 | if (err) |
107 | goto out; |
108 | fsstack_copy_attr_times(dir, sdcardfs_lower_inode(dir)); |
109 | fsstack_copy_inode_size(dir, d_inode(lower_parent_dentry)); |
110 | fixup_lower_ownership(dentry, dentry->d_name.name); |
111 | |
112 | out: |
113 | current->fs = saved_fs; |
114 | free_fs_struct(copied_fs); |
115 | out_unlock: |
116 | unlock_dir(lower_parent_dentry); |
117 | sdcardfs_put_lower_path(dentry, &lower_path); |
118 | REVERT_CRED(saved_cred); |
119 | out_eacces: |
120 | return err; |
121 | } |
122 | |
123 | #if 0 |
124 | static int sdcardfs_link(struct dentry *old_dentry, struct inode *dir, |
125 | struct dentry *new_dentry) |
126 | { |
127 | struct dentry *lower_old_dentry; |
128 | struct dentry *lower_new_dentry; |
129 | struct dentry *lower_dir_dentry; |
130 | u64 file_size_save; |
131 | int err; |
132 | struct path lower_old_path, lower_new_path; |
133 | |
134 | OVERRIDE_CRED(SDCARDFS_SB(dir->i_sb)); |
135 | |
136 | file_size_save = i_size_read(d_inode(old_dentry)); |
137 | sdcardfs_get_lower_path(old_dentry, &lower_old_path); |
138 | sdcardfs_get_lower_path(new_dentry, &lower_new_path); |
139 | lower_old_dentry = lower_old_path.dentry; |
140 | lower_new_dentry = lower_new_path.dentry; |
141 | lower_dir_dentry = lock_parent(lower_new_dentry); |
142 | |
143 | err = vfs_link(lower_old_dentry, d_inode(lower_dir_dentry), |
144 | lower_new_dentry, NULL); |
145 | if (err || !d_inode(lower_new_dentry)) |
146 | goto out; |
147 | |
148 | err = sdcardfs_interpose(new_dentry, dir->i_sb, &lower_new_path); |
149 | if (err) |
150 | goto out; |
151 | fsstack_copy_attr_times(dir, d_inode(lower_new_dentry)); |
152 | fsstack_copy_inode_size(dir, d_inode(lower_new_dentry)); |
153 | set_nlink(d_inode(old_dentry), |
154 | sdcardfs_lower_inode(d_inode(old_dentry))->i_nlink); |
155 | i_size_write(d_inode(new_dentry), file_size_save); |
156 | out: |
157 | unlock_dir(lower_dir_dentry); |
158 | sdcardfs_put_lower_path(old_dentry, &lower_old_path); |
159 | sdcardfs_put_lower_path(new_dentry, &lower_new_path); |
160 | REVERT_CRED(); |
161 | return err; |
162 | } |
163 | #endif |
164 | |
165 | static int sdcardfs_unlink(struct inode *dir, struct dentry *dentry) |
166 | { |
167 | int err; |
168 | struct dentry *lower_dentry; |
169 | struct vfsmount *lower_mnt; |
170 | struct inode *lower_dir_inode = sdcardfs_lower_inode(dir); |
171 | struct dentry *lower_dir_dentry; |
172 | struct path lower_path; |
173 | const struct cred *saved_cred = NULL; |
174 | |
175 | if (!check_caller_access_to_name(dir, &dentry->d_name)) { |
176 | err = -EACCES; |
177 | goto out_eacces; |
178 | } |
179 | |
180 | /* save current_cred and override it */ |
181 | OVERRIDE_CRED(SDCARDFS_SB(dir->i_sb), saved_cred, SDCARDFS_I(dir)); |
182 | |
183 | sdcardfs_get_lower_path(dentry, &lower_path); |
184 | lower_dentry = lower_path.dentry; |
185 | lower_mnt = lower_path.mnt; |
186 | dget(lower_dentry); |
187 | lower_dir_dentry = lock_parent(lower_dentry); |
188 | |
189 | err = vfs_unlink2(lower_mnt, lower_dir_inode, lower_dentry, NULL); |
190 | |
191 | /* |
192 | * Note: unlinking on top of NFS can cause silly-renamed files. |
193 | * Trying to delete such files results in EBUSY from NFS |
194 | * below. Silly-renamed files will get deleted by NFS later on, so |
195 | * we just need to detect them here and treat such EBUSY errors as |
196 | * if the upper file was successfully deleted. |
197 | */ |
198 | if (err == -EBUSY && lower_dentry->d_flags & DCACHE_NFSFS_RENAMED) |
199 | err = 0; |
200 | if (err) |
201 | goto out; |
202 | fsstack_copy_attr_times(dir, lower_dir_inode); |
203 | fsstack_copy_inode_size(dir, lower_dir_inode); |
204 | set_nlink(d_inode(dentry), |
205 | sdcardfs_lower_inode(d_inode(dentry))->i_nlink); |
206 | d_inode(dentry)->i_ctime = dir->i_ctime; |
207 | d_drop(dentry); /* this is needed, else LTP fails (VFS won't do it) */ |
208 | out: |
209 | unlock_dir(lower_dir_dentry); |
210 | dput(lower_dentry); |
211 | sdcardfs_put_lower_path(dentry, &lower_path); |
212 | REVERT_CRED(saved_cred); |
213 | out_eacces: |
214 | return err; |
215 | } |
216 | |
217 | #if 0 |
218 | static int sdcardfs_symlink(struct inode *dir, struct dentry *dentry, |
219 | const char *symname) |
220 | { |
221 | int err; |
222 | struct dentry *lower_dentry; |
223 | struct dentry *lower_parent_dentry = NULL; |
224 | struct path lower_path; |
225 | |
226 | OVERRIDE_CRED(SDCARDFS_SB(dir->i_sb)); |
227 | |
228 | sdcardfs_get_lower_path(dentry, &lower_path); |
229 | lower_dentry = lower_path.dentry; |
230 | lower_parent_dentry = lock_parent(lower_dentry); |
231 | |
232 | err = vfs_symlink(d_inode(lower_parent_dentry), lower_dentry, symname); |
233 | if (err) |
234 | goto out; |
235 | err = sdcardfs_interpose(dentry, dir->i_sb, &lower_path); |
236 | if (err) |
237 | goto out; |
238 | fsstack_copy_attr_times(dir, sdcardfs_lower_inode(dir)); |
239 | fsstack_copy_inode_size(dir, d_inode(lower_parent_dentry)); |
240 | |
241 | out: |
242 | unlock_dir(lower_parent_dentry); |
243 | sdcardfs_put_lower_path(dentry, &lower_path); |
244 | REVERT_CRED(); |
245 | return err; |
246 | } |
247 | #endif |
248 | |
249 | static int touch(char *abs_path, mode_t mode) |
250 | { |
251 | struct file *filp = filp_open(abs_path, O_RDWR|O_CREAT|O_EXCL|O_NOFOLLOW, mode); |
252 | |
253 | if (IS_ERR(filp)) { |
254 | if (PTR_ERR(filp) == -EEXIST) { |
255 | return 0; |
256 | } else { |
257 | pr_err("sdcardfs: failed to open(%s): %ld\n", |
258 | abs_path, PTR_ERR(filp)); |
259 | return PTR_ERR(filp); |
260 | } |
261 | } |
262 | filp_close(filp, current->files); |
263 | return 0; |
264 | } |
265 | |
266 | static int sdcardfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) |
267 | { |
268 | int err; |
269 | int make_nomedia_in_obb = 0; |
270 | struct dentry *lower_dentry; |
271 | struct vfsmount *lower_mnt; |
272 | struct dentry *lower_parent_dentry = NULL; |
273 | struct dentry *parent_dentry = NULL; |
274 | struct path lower_path; |
275 | struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb); |
276 | const struct cred *saved_cred = NULL; |
277 | struct sdcardfs_inode_data *pd = SDCARDFS_I(dir)->data; |
278 | int touch_err = 0; |
279 | struct fs_struct *saved_fs; |
280 | struct fs_struct *copied_fs; |
281 | struct qstr q_obb = QSTR_LITERAL("obb"); |
282 | struct qstr q_data = QSTR_LITERAL("data"); |
283 | |
284 | if (!check_caller_access_to_name(dir, &dentry->d_name)) { |
285 | err = -EACCES; |
286 | goto out_eacces; |
287 | } |
288 | |
289 | /* save current_cred and override it */ |
290 | OVERRIDE_CRED(SDCARDFS_SB(dir->i_sb), saved_cred, SDCARDFS_I(dir)); |
291 | |
292 | /* check disk space */ |
293 | parent_dentry = dget_parent(dentry); |
294 | if (!check_min_free_space(parent_dentry, 0, 1)) { |
295 | pr_err("sdcardfs: No minimum free space.\n"); |
296 | err = -ENOSPC; |
297 | dput(parent_dentry); |
298 | goto out_revert; |
299 | } |
300 | dput(parent_dentry); |
301 | |
302 | /* the lower_dentry is negative here */ |
303 | sdcardfs_get_lower_path(dentry, &lower_path); |
304 | lower_dentry = lower_path.dentry; |
305 | lower_mnt = lower_path.mnt; |
306 | lower_parent_dentry = lock_parent(lower_dentry); |
307 | |
308 | /* set last 16bytes of mode field to 0775 */ |
309 | mode = (mode & S_IFMT) | 00775; |
310 | |
311 | /* temporarily change umask for lower fs write */ |
312 | saved_fs = current->fs; |
313 | copied_fs = copy_fs_struct(current->fs); |
314 | if (!copied_fs) { |
315 | err = -ENOMEM; |
316 | unlock_dir(lower_parent_dentry); |
317 | goto out_unlock; |
318 | } |
319 | current->fs = copied_fs; |
320 | current->fs->umask = 0; |
321 | err = vfs_mkdir2(lower_mnt, d_inode(lower_parent_dentry), lower_dentry, mode); |
322 | |
323 | if (err) { |
324 | unlock_dir(lower_parent_dentry); |
325 | goto out; |
326 | } |
327 | |
328 | /* if it is a local obb dentry, setup it with the base obbpath */ |
329 | if (need_graft_path(dentry)) { |
330 | |
331 | err = setup_obb_dentry(dentry, &lower_path); |
332 | if (err) { |
333 | /* if the sbi->obbpath is not available, the lower_path won't be |
334 | * changed by setup_obb_dentry() but the lower path is saved to |
335 | * its orig_path. this dentry will be revalidated later. |
336 | * but now, the lower_path should be NULL |
337 | */ |
338 | sdcardfs_put_reset_lower_path(dentry); |
339 | |
340 | /* the newly created lower path which saved to its orig_path or |
341 | * the lower_path is the base obbpath. |
342 | * therefore, an additional path_get is required |
343 | */ |
344 | path_get(&lower_path); |
345 | } else |
346 | make_nomedia_in_obb = 1; |
347 | } |
348 | |
349 | err = sdcardfs_interpose(dentry, dir->i_sb, &lower_path, pd->userid); |
350 | if (err) { |
351 | unlock_dir(lower_parent_dentry); |
352 | goto out; |
353 | } |
354 | |
355 | fsstack_copy_attr_times(dir, sdcardfs_lower_inode(dir)); |
356 | fsstack_copy_inode_size(dir, d_inode(lower_parent_dentry)); |
357 | /* update number of links on parent directory */ |
358 | set_nlink(dir, sdcardfs_lower_inode(dir)->i_nlink); |
359 | fixup_lower_ownership(dentry, dentry->d_name.name); |
360 | unlock_dir(lower_parent_dentry); |
361 | if ((!sbi->options.multiuser) && (qstr_case_eq(&dentry->d_name, &q_obb)) |
362 | && (pd->perm == PERM_ANDROID) && (pd->userid == 0)) |
363 | make_nomedia_in_obb = 1; |
364 | |
365 | /* When creating /Android/data and /Android/obb, mark them as .nomedia */ |
366 | if (make_nomedia_in_obb || |
367 | ((pd->perm == PERM_ANDROID) |
368 | && (qstr_case_eq(&dentry->d_name, &q_data)))) { |
369 | REVERT_CRED(saved_cred); |
370 | OVERRIDE_CRED(SDCARDFS_SB(dir->i_sb), saved_cred, SDCARDFS_I(d_inode(dentry))); |
371 | set_fs_pwd(current->fs, &lower_path); |
372 | touch_err = touch(".nomedia", 0664); |
373 | if (touch_err) { |
374 | pr_err("sdcardfs: failed to create .nomedia in %s: %d\n", |
375 | lower_path.dentry->d_name.name, touch_err); |
376 | goto out; |
377 | } |
378 | } |
379 | out: |
380 | current->fs = saved_fs; |
381 | free_fs_struct(copied_fs); |
382 | out_unlock: |
383 | sdcardfs_put_lower_path(dentry, &lower_path); |
384 | out_revert: |
385 | REVERT_CRED(saved_cred); |
386 | out_eacces: |
387 | return err; |
388 | } |
389 | |
390 | static int sdcardfs_rmdir(struct inode *dir, struct dentry *dentry) |
391 | { |
392 | struct dentry *lower_dentry; |
393 | struct dentry *lower_dir_dentry; |
394 | struct vfsmount *lower_mnt; |
395 | int err; |
396 | struct path lower_path; |
397 | const struct cred *saved_cred = NULL; |
398 | |
399 | if (!check_caller_access_to_name(dir, &dentry->d_name)) { |
400 | err = -EACCES; |
401 | goto out_eacces; |
402 | } |
403 | |
404 | /* save current_cred and override it */ |
405 | OVERRIDE_CRED(SDCARDFS_SB(dir->i_sb), saved_cred, SDCARDFS_I(dir)); |
406 | |
407 | /* sdcardfs_get_real_lower(): in case of remove an user's obb dentry |
408 | * the dentry on the original path should be deleted. |
409 | */ |
410 | sdcardfs_get_real_lower(dentry, &lower_path); |
411 | |
412 | lower_dentry = lower_path.dentry; |
413 | lower_mnt = lower_path.mnt; |
414 | lower_dir_dentry = lock_parent(lower_dentry); |
415 | |
416 | err = vfs_rmdir2(lower_mnt, d_inode(lower_dir_dentry), lower_dentry); |
417 | if (err) |
418 | goto out; |
419 | |
420 | d_drop(dentry); /* drop our dentry on success (why not VFS's job?) */ |
421 | if (d_inode(dentry)) |
422 | clear_nlink(d_inode(dentry)); |
423 | fsstack_copy_attr_times(dir, d_inode(lower_dir_dentry)); |
424 | fsstack_copy_inode_size(dir, d_inode(lower_dir_dentry)); |
425 | set_nlink(dir, d_inode(lower_dir_dentry)->i_nlink); |
426 | |
427 | out: |
428 | unlock_dir(lower_dir_dentry); |
429 | sdcardfs_put_real_lower(dentry, &lower_path); |
430 | REVERT_CRED(saved_cred); |
431 | out_eacces: |
432 | return err; |
433 | } |
434 | |
435 | #if 0 |
436 | static int sdcardfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, |
437 | dev_t dev) |
438 | { |
439 | int err; |
440 | struct dentry *lower_dentry; |
441 | struct dentry *lower_parent_dentry = NULL; |
442 | struct path lower_path; |
443 | |
444 | OVERRIDE_CRED(SDCARDFS_SB(dir->i_sb)); |
445 | |
446 | sdcardfs_get_lower_path(dentry, &lower_path); |
447 | lower_dentry = lower_path.dentry; |
448 | lower_parent_dentry = lock_parent(lower_dentry); |
449 | |
450 | err = vfs_mknod(d_inode(lower_parent_dentry), lower_dentry, mode, dev); |
451 | if (err) |
452 | goto out; |
453 | |
454 | err = sdcardfs_interpose(dentry, dir->i_sb, &lower_path); |
455 | if (err) |
456 | goto out; |
457 | fsstack_copy_attr_times(dir, sdcardfs_lower_inode(dir)); |
458 | fsstack_copy_inode_size(dir, d_inode(lower_parent_dentry)); |
459 | |
460 | out: |
461 | unlock_dir(lower_parent_dentry); |
462 | sdcardfs_put_lower_path(dentry, &lower_path); |
463 | REVERT_CRED(); |
464 | return err; |
465 | } |
466 | #endif |
467 | |
468 | /* |
469 | * The locking rules in sdcardfs_rename are complex. We could use a simpler |
470 | * superblock-level name-space lock for renames and copy-ups. |
471 | */ |
472 | static int sdcardfs_rename(struct inode *old_dir, struct dentry *old_dentry, |
473 | struct inode *new_dir, struct dentry *new_dentry, |
474 | unsigned int flags) |
475 | { |
476 | int err = 0; |
477 | struct dentry *lower_old_dentry = NULL; |
478 | struct dentry *lower_new_dentry = NULL; |
479 | struct dentry *lower_old_dir_dentry = NULL; |
480 | struct dentry *lower_new_dir_dentry = NULL; |
481 | struct vfsmount *lower_mnt = NULL; |
482 | struct dentry *trap = NULL; |
483 | struct path lower_old_path, lower_new_path; |
484 | const struct cred *saved_cred = NULL; |
485 | |
486 | if (flags) |
487 | return -EINVAL; |
488 | |
489 | if (!check_caller_access_to_name(old_dir, &old_dentry->d_name) || |
490 | !check_caller_access_to_name(new_dir, &new_dentry->d_name)) { |
491 | err = -EACCES; |
492 | goto out_eacces; |
493 | } |
494 | |
495 | /* save current_cred and override it */ |
496 | OVERRIDE_CRED(SDCARDFS_SB(old_dir->i_sb), saved_cred, SDCARDFS_I(new_dir)); |
497 | |
498 | sdcardfs_get_real_lower(old_dentry, &lower_old_path); |
499 | sdcardfs_get_lower_path(new_dentry, &lower_new_path); |
500 | lower_old_dentry = lower_old_path.dentry; |
501 | lower_new_dentry = lower_new_path.dentry; |
502 | lower_mnt = lower_old_path.mnt; |
503 | lower_old_dir_dentry = dget_parent(lower_old_dentry); |
504 | lower_new_dir_dentry = dget_parent(lower_new_dentry); |
505 | |
506 | trap = lock_rename(lower_old_dir_dentry, lower_new_dir_dentry); |
507 | /* source should not be ancestor of target */ |
508 | if (trap == lower_old_dentry) { |
509 | err = -EINVAL; |
510 | goto out; |
511 | } |
512 | /* target should not be ancestor of source */ |
513 | if (trap == lower_new_dentry) { |
514 | err = -ENOTEMPTY; |
515 | goto out; |
516 | } |
517 | |
518 | err = vfs_rename2(lower_mnt, |
519 | d_inode(lower_old_dir_dentry), lower_old_dentry, |
520 | d_inode(lower_new_dir_dentry), lower_new_dentry, |
521 | NULL, 0); |
522 | if (err) |
523 | goto out; |
524 | |
525 | /* Copy attrs from lower dir, but i_uid/i_gid */ |
526 | sdcardfs_copy_and_fix_attrs(new_dir, d_inode(lower_new_dir_dentry)); |
527 | fsstack_copy_inode_size(new_dir, d_inode(lower_new_dir_dentry)); |
528 | |
529 | if (new_dir != old_dir) { |
530 | sdcardfs_copy_and_fix_attrs(old_dir, d_inode(lower_old_dir_dentry)); |
531 | fsstack_copy_inode_size(old_dir, d_inode(lower_old_dir_dentry)); |
532 | } |
533 | get_derived_permission_new(new_dentry->d_parent, old_dentry, &new_dentry->d_name); |
534 | fixup_tmp_permissions(d_inode(old_dentry)); |
535 | fixup_lower_ownership(old_dentry, new_dentry->d_name.name); |
536 | d_invalidate(old_dentry); /* Can't fixup ownership recursively :( */ |
537 | out: |
538 | unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry); |
539 | dput(lower_old_dir_dentry); |
540 | dput(lower_new_dir_dentry); |
541 | sdcardfs_put_real_lower(old_dentry, &lower_old_path); |
542 | sdcardfs_put_lower_path(new_dentry, &lower_new_path); |
543 | REVERT_CRED(saved_cred); |
544 | out_eacces: |
545 | return err; |
546 | } |
547 | |
548 | #if 0 |
549 | static int sdcardfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz) |
550 | { |
551 | int err; |
552 | struct dentry *lower_dentry; |
553 | struct path lower_path; |
554 | /* XXX readlink does not requires overriding credential */ |
555 | |
556 | sdcardfs_get_lower_path(dentry, &lower_path); |
557 | lower_dentry = lower_path.dentry; |
558 | if (!d_inode(lower_dentry)->i_op || |
559 | !d_inode(lower_dentry)->i_op->readlink) { |
560 | err = -EINVAL; |
561 | goto out; |
562 | } |
563 | |
564 | err = d_inode(lower_dentry)->i_op->readlink(lower_dentry, |
565 | buf, bufsiz); |
566 | if (err < 0) |
567 | goto out; |
568 | fsstack_copy_attr_atime(d_inode(dentry), d_inode(lower_dentry)); |
569 | |
570 | out: |
571 | sdcardfs_put_lower_path(dentry, &lower_path); |
572 | return err; |
573 | } |
574 | #endif |
575 | |
576 | #if 0 |
577 | static const char *sdcardfs_follow_link(struct dentry *dentry, void **cookie) |
578 | { |
579 | char *buf; |
580 | int len = PAGE_SIZE, err; |
581 | mm_segment_t old_fs; |
582 | |
583 | /* This is freed by the put_link method assuming a successful call. */ |
584 | buf = kmalloc(len, GFP_KERNEL); |
585 | if (!buf) { |
586 | buf = ERR_PTR(-ENOMEM); |
587 | return buf; |
588 | } |
589 | |
590 | /* read the symlink, and then we will follow it */ |
591 | old_fs = get_fs(); |
592 | set_fs(KERNEL_DS); |
593 | err = sdcardfs_readlink(dentry, buf, len); |
594 | set_fs(old_fs); |
595 | if (err < 0) { |
596 | kfree(buf); |
597 | buf = ERR_PTR(err); |
598 | } else { |
599 | buf[err] = '\0'; |
600 | } |
601 | return *cookie = buf; |
602 | } |
603 | #endif |
604 | |
605 | static int sdcardfs_permission_wrn(struct inode *inode, int mask) |
606 | { |
607 | WARN_RATELIMIT(1, "sdcardfs does not support permission. Use permission2.\n"); |
608 | return -EINVAL; |
609 | } |
610 | |
611 | void copy_attrs(struct inode *dest, const struct inode *src) |
612 | { |
613 | dest->i_mode = src->i_mode; |
614 | dest->i_uid = src->i_uid; |
615 | dest->i_gid = src->i_gid; |
616 | dest->i_rdev = src->i_rdev; |
617 | dest->i_atime = src->i_atime; |
618 | dest->i_mtime = src->i_mtime; |
619 | dest->i_ctime = src->i_ctime; |
620 | dest->i_blkbits = src->i_blkbits; |
621 | dest->i_flags = src->i_flags; |
622 | #ifdef CONFIG_FS_POSIX_ACL |
623 | dest->i_acl = src->i_acl; |
624 | #endif |
625 | #ifdef CONFIG_SECURITY |
626 | dest->i_security = src->i_security; |
627 | #endif |
628 | } |
629 | |
630 | static int sdcardfs_permission(struct vfsmount *mnt, struct inode *inode, int mask) |
631 | { |
632 | int err; |
633 | struct inode tmp; |
634 | struct sdcardfs_inode_data *top = top_data_get(SDCARDFS_I(inode)); |
635 | |
636 | if (IS_ERR(mnt)) |
637 | return PTR_ERR(mnt); |
638 | if (!top) |
639 | return -EINVAL; |
640 | |
641 | /* |
642 | * Permission check on sdcardfs inode. |
643 | * Calling process should have AID_SDCARD_RW permission |
644 | * Since generic_permission only needs i_mode, i_uid, |
645 | * i_gid, and i_sb, we can create a fake inode to pass |
646 | * this information down in. |
647 | * |
648 | * The underlying code may attempt to take locks in some |
649 | * cases for features we're not using, but if that changes, |
650 | * locks must be dealt with to avoid undefined behavior. |
651 | */ |
652 | copy_attrs(&tmp, inode); |
653 | tmp.i_uid = make_kuid(&init_user_ns, top->d_uid); |
654 | tmp.i_gid = make_kgid(&init_user_ns, get_gid(mnt, inode->i_sb, top)); |
655 | tmp.i_mode = (inode->i_mode & S_IFMT) |
656 | | get_mode(mnt, SDCARDFS_I(inode), top); |
657 | data_put(top); |
658 | tmp.i_sb = inode->i_sb; |
659 | if (IS_POSIXACL(inode)) |
660 | pr_warn("%s: This may be undefined behavior...\n", __func__); |
661 | err = generic_permission(&tmp, mask); |
662 | /* XXX |
663 | * Original sdcardfs code calls inode_permission(lower_inode,.. ) |
664 | * for checking inode permission. But doing such things here seems |
665 | * duplicated work, because the functions called after this func, |
666 | * such as vfs_create, vfs_unlink, vfs_rename, and etc, |
667 | * does exactly same thing, i.e., they calls inode_permission(). |
668 | * So we just let they do the things. |
669 | * If there are any security hole, just uncomment following if block. |
670 | */ |
671 | #if 0 |
672 | if (!err) { |
673 | /* |
674 | * Permission check on lower_inode(=EXT4). |
675 | * we check it with AID_MEDIA_RW permission |
676 | */ |
677 | struct inode *lower_inode; |
678 | |
679 | OVERRIDE_CRED(SDCARDFS_SB(inode->sb)); |
680 | |
681 | lower_inode = sdcardfs_lower_inode(inode); |
682 | err = inode_permission(lower_inode, mask); |
683 | |
684 | REVERT_CRED(); |
685 | } |
686 | #endif |
687 | return err; |
688 | |
689 | } |
690 | |
691 | static int sdcardfs_setattr_wrn(struct dentry *dentry, struct iattr *ia) |
692 | { |
693 | WARN_RATELIMIT(1, "sdcardfs does not support setattr. User setattr2.\n"); |
694 | return -EINVAL; |
695 | } |
696 | |
697 | #ifdef CONFIG_AMLOGIC_VMAP |
698 | /* a save stack version */ |
699 | static int sdcardfs_setattr(struct vfsmount *mnt, struct dentry *dentry, |
700 | struct iattr *ia) |
701 | { |
702 | int err; |
703 | struct dentry *lower_dentry; |
704 | struct vfsmount *lower_mnt; |
705 | struct inode *inode; |
706 | struct inode *lower_inode; |
707 | struct path lower_path; |
708 | struct iattr lower_ia; |
709 | struct dentry *parent; |
710 | struct inode *tmp; |
711 | struct dentry *tmp_d; |
712 | struct sdcardfs_inode_data *top; |
713 | |
714 | const struct cred *saved_cred = NULL; |
715 | |
716 | inode = d_inode(dentry); |
717 | top = top_data_get(SDCARDFS_I(inode)); |
718 | |
719 | if (!top) |
720 | return -EINVAL; |
721 | |
722 | tmp = kzalloc(sizeof(*tmp), GFP_KERNEL); |
723 | if (!tmp) |
724 | return -ENOMEM; |
725 | |
726 | tmp_d = kzalloc(sizeof(*tmp_d), GFP_KERNEL); |
727 | if (!tmp_d) { |
728 | kfree(tmp); |
729 | return -ENOMEM; |
730 | } |
731 | /* |
732 | * Permission check on sdcardfs inode. |
733 | * Calling process should have AID_SDCARD_RW permission |
734 | * Since generic_permission only needs i_mode, i_uid, |
735 | * i_gid, and i_sb, we can create a fake inode to pass |
736 | * this information down in. |
737 | * |
738 | * The underlying code may attempt to take locks in some |
739 | * cases for features we're not using, but if that changes, |
740 | * locks must be dealt with to avoid undefined behavior. |
741 | * |
742 | */ |
743 | copy_attrs(tmp, inode); |
744 | tmp->i_uid = make_kuid(&init_user_ns, top->d_uid); |
745 | tmp->i_gid = make_kgid(&init_user_ns, get_gid(mnt, dentry->d_sb, top)); |
746 | tmp->i_mode = (inode->i_mode & S_IFMT) |
747 | | get_mode(mnt, SDCARDFS_I(inode), top); |
748 | tmp->i_size = i_size_read(inode); |
749 | data_put(top); |
750 | tmp->i_sb = inode->i_sb; |
751 | tmp_d->d_inode = tmp; |
752 | |
753 | /* |
754 | * Check if user has permission to change dentry. We don't check if |
755 | * this user can change the lower inode: that should happen when |
756 | * calling notify_change on the lower inode. |
757 | */ |
758 | /* prepare our own lower struct iattr (with the lower file) */ |
759 | memcpy(&lower_ia, ia, sizeof(lower_ia)); |
760 | /* Allow touch updating timestamps. A previous permission check ensures |
761 | * we have write access. Changes to mode, owner, and group are ignored |
762 | */ |
763 | ia->ia_valid |= ATTR_FORCE; |
764 | err = setattr_prepare(tmp_d, ia); |
765 | |
766 | if (!err) { |
767 | /* check the Android group ID */ |
768 | parent = dget_parent(dentry); |
769 | if (!check_caller_access_to_name(d_inode(parent), |
770 | &dentry->d_name)) |
771 | err = -EACCES; |
772 | dput(parent); |
773 | } |
774 | |
775 | if (err) |
776 | goto out_err; |
777 | |
778 | /* save current_cred and override it */ |
779 | OVERRIDE_CRED(SDCARDFS_SB(dentry->d_sb), saved_cred, SDCARDFS_I(inode)); |
780 | |
781 | sdcardfs_get_lower_path(dentry, &lower_path); |
782 | lower_dentry = lower_path.dentry; |
783 | lower_mnt = lower_path.mnt; |
784 | lower_inode = sdcardfs_lower_inode(inode); |
785 | |
786 | if (ia->ia_valid & ATTR_FILE) |
787 | lower_ia.ia_file = sdcardfs_lower_file(ia->ia_file); |
788 | |
789 | lower_ia.ia_valid &= ~(ATTR_UID | ATTR_GID | ATTR_MODE); |
790 | |
791 | /* |
792 | * If shrinking, first truncate upper level to cancel writing dirty |
793 | * pages beyond the new eof; and also if its' maxbytes is more |
794 | * limiting (fail with -EFBIG before making any change to the lower |
795 | * level). There is no need to vmtruncate the upper level |
796 | * afterwards in the other cases: we fsstack_copy_inode_size from |
797 | * the lower level. |
798 | */ |
799 | if (ia->ia_valid & ATTR_SIZE) { |
800 | err = inode_newsize_ok(tmp, ia->ia_size); |
801 | if (err) |
802 | goto out; |
803 | truncate_setsize(inode, ia->ia_size); |
804 | } |
805 | |
806 | /* |
807 | * mode change is for clearing setuid/setgid bits. Allow lower fs |
808 | * to interpret this in its own way. |
809 | */ |
810 | if (lower_ia.ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) |
811 | lower_ia.ia_valid &= ~ATTR_MODE; |
812 | |
813 | /* notify the (possibly copied-up) lower inode */ |
814 | /* |
815 | * Note: we use d_inode(lower_dentry), because lower_inode may be |
816 | * unlinked (no inode->i_sb and i_ino==0. This happens if someone |
817 | * tries to open(), unlink(), then ftruncate() a file. |
818 | */ |
819 | inode_lock(d_inode(lower_dentry)); |
820 | err = notify_change2(lower_mnt, lower_dentry, &lower_ia, |
821 | NULL); |
822 | inode_unlock(d_inode(lower_dentry)); |
823 | if (err) |
824 | goto out; |
825 | |
826 | /* get attributes from the lower inode and update derived permissions */ |
827 | sdcardfs_copy_and_fix_attrs(inode, lower_inode); |
828 | |
829 | /* |
830 | * Not running fsstack_copy_inode_size(inode, lower_inode), because |
831 | * VFS should update our inode size, and notify_change on |
832 | * lower_inode should update its size. |
833 | */ |
834 | |
835 | out: |
836 | sdcardfs_put_lower_path(dentry, &lower_path); |
837 | REVERT_CRED(saved_cred); |
838 | out_err: |
839 | kfree(tmp); |
840 | kfree(tmp_d); |
841 | return err; |
842 | } |
843 | #else |
844 | static int sdcardfs_setattr(struct vfsmount *mnt, struct dentry *dentry, struct iattr *ia) |
845 | { |
846 | int err; |
847 | struct dentry *lower_dentry; |
848 | struct vfsmount *lower_mnt; |
849 | struct inode *inode; |
850 | struct inode *lower_inode; |
851 | struct path lower_path; |
852 | struct iattr lower_ia; |
853 | struct dentry *parent; |
854 | struct inode tmp; |
855 | struct dentry tmp_d; |
856 | struct sdcardfs_inode_data *top; |
857 | |
858 | const struct cred *saved_cred = NULL; |
859 | |
860 | inode = d_inode(dentry); |
861 | top = top_data_get(SDCARDFS_I(inode)); |
862 | |
863 | if (!top) |
864 | return -EINVAL; |
865 | |
866 | /* |
867 | * Permission check on sdcardfs inode. |
868 | * Calling process should have AID_SDCARD_RW permission |
869 | * Since generic_permission only needs i_mode, i_uid, |
870 | * i_gid, and i_sb, we can create a fake inode to pass |
871 | * this information down in. |
872 | * |
873 | * The underlying code may attempt to take locks in some |
874 | * cases for features we're not using, but if that changes, |
875 | * locks must be dealt with to avoid undefined behavior. |
876 | * |
877 | */ |
878 | copy_attrs(&tmp, inode); |
879 | tmp.i_uid = make_kuid(&init_user_ns, top->d_uid); |
880 | tmp.i_gid = make_kgid(&init_user_ns, get_gid(mnt, dentry->d_sb, top)); |
881 | tmp.i_mode = (inode->i_mode & S_IFMT) |
882 | | get_mode(mnt, SDCARDFS_I(inode), top); |
883 | tmp.i_size = i_size_read(inode); |
884 | data_put(top); |
885 | tmp.i_sb = inode->i_sb; |
886 | tmp_d.d_inode = &tmp; |
887 | |
888 | /* |
889 | * Check if user has permission to change dentry. We don't check if |
890 | * this user can change the lower inode: that should happen when |
891 | * calling notify_change on the lower inode. |
892 | */ |
893 | /* prepare our own lower struct iattr (with the lower file) */ |
894 | memcpy(&lower_ia, ia, sizeof(lower_ia)); |
895 | /* Allow touch updating timestamps. A previous permission check ensures |
896 | * we have write access. Changes to mode, owner, and group are ignored |
897 | */ |
898 | ia->ia_valid |= ATTR_FORCE; |
899 | err = setattr_prepare(&tmp_d, ia); |
900 | |
901 | if (!err) { |
902 | /* check the Android group ID */ |
903 | parent = dget_parent(dentry); |
904 | if (!check_caller_access_to_name(d_inode(parent), &dentry->d_name)) |
905 | err = -EACCES; |
906 | dput(parent); |
907 | } |
908 | |
909 | if (err) |
910 | goto out_err; |
911 | |
912 | /* save current_cred and override it */ |
913 | OVERRIDE_CRED(SDCARDFS_SB(dentry->d_sb), saved_cred, SDCARDFS_I(inode)); |
914 | |
915 | sdcardfs_get_lower_path(dentry, &lower_path); |
916 | lower_dentry = lower_path.dentry; |
917 | lower_mnt = lower_path.mnt; |
918 | lower_inode = sdcardfs_lower_inode(inode); |
919 | |
920 | if (ia->ia_valid & ATTR_FILE) |
921 | lower_ia.ia_file = sdcardfs_lower_file(ia->ia_file); |
922 | |
923 | lower_ia.ia_valid &= ~(ATTR_UID | ATTR_GID | ATTR_MODE); |
924 | |
925 | /* |
926 | * If shrinking, first truncate upper level to cancel writing dirty |
927 | * pages beyond the new eof; and also if its' maxbytes is more |
928 | * limiting (fail with -EFBIG before making any change to the lower |
929 | * level). There is no need to vmtruncate the upper level |
930 | * afterwards in the other cases: we fsstack_copy_inode_size from |
931 | * the lower level. |
932 | */ |
933 | if (ia->ia_valid & ATTR_SIZE) { |
934 | err = inode_newsize_ok(&tmp, ia->ia_size); |
935 | if (err) { |
936 | goto out; |
937 | } |
938 | truncate_setsize(inode, ia->ia_size); |
939 | } |
940 | |
941 | /* |
942 | * mode change is for clearing setuid/setgid bits. Allow lower fs |
943 | * to interpret this in its own way. |
944 | */ |
945 | if (lower_ia.ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) |
946 | lower_ia.ia_valid &= ~ATTR_MODE; |
947 | |
948 | /* notify the (possibly copied-up) lower inode */ |
949 | /* |
950 | * Note: we use d_inode(lower_dentry), because lower_inode may be |
951 | * unlinked (no inode->i_sb and i_ino==0. This happens if someone |
952 | * tries to open(), unlink(), then ftruncate() a file. |
953 | */ |
954 | inode_lock(d_inode(lower_dentry)); |
955 | err = notify_change2(lower_mnt, lower_dentry, &lower_ia, /* note: lower_ia */ |
956 | NULL); |
957 | inode_unlock(d_inode(lower_dentry)); |
958 | if (err) |
959 | goto out; |
960 | |
961 | /* get attributes from the lower inode and update derived permissions */ |
962 | sdcardfs_copy_and_fix_attrs(inode, lower_inode); |
963 | |
964 | /* |
965 | * Not running fsstack_copy_inode_size(inode, lower_inode), because |
966 | * VFS should update our inode size, and notify_change on |
967 | * lower_inode should update its size. |
968 | */ |
969 | |
970 | out: |
971 | sdcardfs_put_lower_path(dentry, &lower_path); |
972 | REVERT_CRED(saved_cred); |
973 | out_err: |
974 | return err; |
975 | } |
976 | #endif |
977 | |
978 | static int sdcardfs_fillattr(struct vfsmount *mnt, struct inode *inode, |
979 | struct kstat *lower_stat, struct kstat *stat) |
980 | { |
981 | struct sdcardfs_inode_info *info = SDCARDFS_I(inode); |
982 | struct sdcardfs_inode_data *top = top_data_get(info); |
983 | struct super_block *sb = inode->i_sb; |
984 | |
985 | if (!top) |
986 | return -EINVAL; |
987 | |
988 | stat->dev = inode->i_sb->s_dev; |
989 | stat->ino = inode->i_ino; |
990 | stat->mode = (inode->i_mode & S_IFMT) | get_mode(mnt, info, top); |
991 | stat->nlink = inode->i_nlink; |
992 | stat->uid = make_kuid(&init_user_ns, top->d_uid); |
993 | stat->gid = make_kgid(&init_user_ns, get_gid(mnt, sb, top)); |
994 | stat->rdev = inode->i_rdev; |
995 | stat->size = lower_stat->size; |
996 | stat->atime = lower_stat->atime; |
997 | stat->mtime = lower_stat->mtime; |
998 | stat->ctime = lower_stat->ctime; |
999 | stat->blksize = lower_stat->blksize; |
1000 | stat->blocks = lower_stat->blocks; |
1001 | data_put(top); |
1002 | return 0; |
1003 | } |
1004 | |
1005 | static int sdcardfs_getattr(struct vfsmount *mnt, struct dentry *dentry, |
1006 | struct kstat *stat) |
1007 | { |
1008 | struct kstat lower_stat; |
1009 | struct path lower_path; |
1010 | struct dentry *parent; |
1011 | int err; |
1012 | |
1013 | parent = dget_parent(dentry); |
1014 | if (!check_caller_access_to_name(d_inode(parent), &dentry->d_name)) { |
1015 | dput(parent); |
1016 | return -EACCES; |
1017 | } |
1018 | dput(parent); |
1019 | |
1020 | sdcardfs_get_lower_path(dentry, &lower_path); |
1021 | err = vfs_getattr(&lower_path, &lower_stat); |
1022 | if (err) |
1023 | goto out; |
1024 | sdcardfs_copy_and_fix_attrs(d_inode(dentry), |
1025 | d_inode(lower_path.dentry)); |
1026 | err = sdcardfs_fillattr(mnt, d_inode(dentry), &lower_stat, stat); |
1027 | out: |
1028 | sdcardfs_put_lower_path(dentry, &lower_path); |
1029 | return err; |
1030 | } |
1031 | |
1032 | const struct inode_operations sdcardfs_symlink_iops = { |
1033 | .permission2 = sdcardfs_permission, |
1034 | .setattr2 = sdcardfs_setattr, |
1035 | /* XXX Following operations are implemented, |
1036 | * but FUSE(sdcard) or FAT does not support them |
1037 | * These methods are *NOT* perfectly tested. |
1038 | .readlink = sdcardfs_readlink, |
1039 | .follow_link = sdcardfs_follow_link, |
1040 | .put_link = kfree_put_link, |
1041 | */ |
1042 | }; |
1043 | |
1044 | const struct inode_operations sdcardfs_dir_iops = { |
1045 | .create = sdcardfs_create, |
1046 | .lookup = sdcardfs_lookup, |
1047 | .permission = sdcardfs_permission_wrn, |
1048 | .permission2 = sdcardfs_permission, |
1049 | .unlink = sdcardfs_unlink, |
1050 | .mkdir = sdcardfs_mkdir, |
1051 | .rmdir = sdcardfs_rmdir, |
1052 | .rename = sdcardfs_rename, |
1053 | .setattr = sdcardfs_setattr_wrn, |
1054 | .setattr2 = sdcardfs_setattr, |
1055 | .getattr = sdcardfs_getattr, |
1056 | /* XXX Following operations are implemented, |
1057 | * but FUSE(sdcard) or FAT does not support them |
1058 | * These methods are *NOT* perfectly tested. |
1059 | .symlink = sdcardfs_symlink, |
1060 | .link = sdcardfs_link, |
1061 | .mknod = sdcardfs_mknod, |
1062 | */ |
1063 | }; |
1064 | |
1065 | const struct inode_operations sdcardfs_main_iops = { |
1066 | .permission = sdcardfs_permission_wrn, |
1067 | .permission2 = sdcardfs_permission, |
1068 | .setattr = sdcardfs_setattr_wrn, |
1069 | .setattr2 = sdcardfs_setattr, |
1070 | .getattr = sdcardfs_getattr, |
1071 | }; |
1072 |