2 # define _GNU_SOURCE //asprintf
6 #include "support/nls-enable.h"
10 #ifndef XATTR_SELINUX_SUFFIX
11 # define XATTR_SELINUX_SUFFIX "selinux"
13 #ifndef XATTR_CAPS_SUFFIX
14 # define XATTR_CAPS_SUFFIX "capability"
24 fs_config_f fs_config_func;
25 struct selabel_handle *sehnd;
27 const struct ugid_map* uid_map;
28 const struct ugid_map* gid_map;
32 static errcode_t ino_add_xattr(ext2_filsys fs, ext2_ino_t ino, const char *name,
33 const void *value, int value_len)
35 errcode_t retval, close_retval;
36 struct ext2_xattr_handle *xhandle;
38 retval = ext2fs_xattrs_open(fs, ino, &xhandle);
40 com_err(__func__, retval, _("while opening inode %u"), ino);
43 retval = ext2fs_xattrs_read(xhandle);
45 com_err(__func__, retval,
46 _("while reading xattrs of inode %u"), ino);
49 retval = ext2fs_xattr_set(xhandle, name, value, value_len);
51 com_err(__func__, retval,
52 _("while setting xattrs of inode %u"), ino);
56 close_retval = ext2fs_xattrs_close(&xhandle);
58 com_err(__func__, close_retval,
59 _("while closing xattrs of inode %u"), ino);
60 return retval ? retval : close_retval;
65 static errcode_t set_selinux_xattr(ext2_filsys fs, ext2_ino_t ino,
66 struct inode_params *params)
69 char *secontext = NULL;
70 struct ext2_inode inode;
72 if (params->sehnd == NULL)
75 retval = ext2fs_read_inode(fs, ino, &inode);
77 com_err(__func__, retval,
78 _("while reading inode %u"), ino);
82 retval = selabel_lookup(params->sehnd, &secontext, params->filename,
85 int saved_errno = errno;
86 com_err(__func__, errno,
87 _("searching for label \"%s\""), params->filename);
91 retval = ino_add_xattr(fs, ino, "security." XATTR_SELINUX_SUFFIX,
92 secontext, strlen(secontext) + 1);
99 * Returns mapped UID/GID if there is a corresponding entry in |mapping|.
100 * Otherwise |id| as is.
102 static unsigned int resolve_ugid(const struct ugid_map* mapping,
106 for (i = 0; i < mapping->size; ++i) {
107 const struct ugid_map_entry* entry = &mapping->entries[i];
108 if (entry->parent_id <= id &&
109 id < entry->parent_id + entry->length) {
110 return id + entry->child_id - entry->parent_id;
114 /* No entry is found. */
118 static errcode_t set_perms_and_caps(ext2_filsys fs, ext2_ino_t ino,
119 struct inode_params *params)
122 uint64_t capabilities = 0;
123 struct ext2_inode inode;
124 struct vfs_cap_data cap_data;
125 unsigned int uid = 0, gid = 0, imode = 0;
127 retval = ext2fs_read_inode(fs, ino, &inode);
129 com_err(__func__, retval, _("while reading inode %u"), ino);
134 if (params->fs_config_func != NULL) {
135 const char *filename = params->filename;
136 if (strcmp(filename, params->mountpoint) == 0) {
137 /* The root of the filesystem needs to be an empty string. */
140 params->fs_config_func(filename, S_ISDIR(inode.i_mode),
141 params->target_out, &uid, &gid, &imode,
143 uid = resolve_ugid(params->uid_map, uid);
144 gid = resolve_ugid(params->gid_map, gid);
145 inode.i_uid = (__u16) uid;
146 inode.i_gid = (__u16) gid;
147 ext2fs_set_i_uid_high(inode, (__u16) (uid >> 16));
148 ext2fs_set_i_gid_high(inode, (__u16) (gid >> 16));
149 inode.i_mode = (inode.i_mode & S_IFMT) | (imode & 0xffff);
150 retval = ext2fs_write_inode(fs, ino, &inode);
152 com_err(__func__, retval,
153 _("while writing inode %u"), ino);
161 memset(&cap_data, 0, sizeof(cap_data));
162 cap_data.magic_etc = VFS_CAP_REVISION_2 | VFS_CAP_FLAGS_EFFECTIVE;
163 cap_data.data[0].permitted = (uint32_t) (capabilities & 0xffffffff);
164 cap_data.data[1].permitted = (uint32_t) (capabilities >> 32);
165 return ino_add_xattr(fs, ino, "security." XATTR_CAPS_SUFFIX,
166 &cap_data, sizeof(cap_data));
169 static errcode_t set_timestamp(ext2_filsys fs, ext2_ino_t ino,
170 struct inode_params *params)
173 struct ext2_inode inode;
175 char *src_filename = NULL;
177 retval = ext2fs_read_inode(fs, ino, &inode);
179 com_err(__func__, retval,
180 _("while reading inode %u"), ino);
184 if (params->fixed_time == -1 && params->src_dir) {
185 /* replace mountpoint from filename with src_dir */
186 if (asprintf(&src_filename, "%s/%s", params->src_dir,
187 params->filename + strlen(params->mountpoint)) < 0) {
190 retval = lstat(src_filename, &stat);
192 com_err(__func__, errno,
193 _("while lstat file %s"), src_filename);
196 inode.i_atime = inode.i_ctime = inode.i_mtime = stat.st_mtime;
198 inode.i_atime = inode.i_ctime = inode.i_mtime = params->fixed_time;
201 retval = ext2fs_write_inode(fs, ino, &inode);
203 com_err(__func__, retval,
204 _("while writing inode %u"), ino);
213 static int is_dir(ext2_filsys fs, ext2_ino_t ino)
215 struct ext2_inode inode;
217 if (ext2fs_read_inode(fs, ino, &inode))
219 return S_ISDIR(inode.i_mode);
222 static errcode_t androidify_inode(ext2_filsys fs, ext2_ino_t ino,
223 struct inode_params *params)
227 retval = set_timestamp(fs, ino, params);
231 retval = set_selinux_xattr(fs, ino, params);
235 return set_perms_and_caps(fs, ino, params);
238 static int walk_dir(ext2_ino_t dir EXT2FS_ATTR((unused)),
239 int flags EXT2FS_ATTR((unused)),
240 struct ext2_dir_entry *de,
241 int offset EXT2FS_ATTR((unused)),
242 int blocksize EXT2FS_ATTR((unused)),
243 char *buf EXT2FS_ATTR((unused)), void *priv_data)
247 struct inode_params *params = (struct inode_params *)priv_data;
249 name_len = de->name_len & 0xff;
250 if (!strncmp(de->name, ".", name_len)
251 || (!strncmp(de->name, "..", name_len)))
254 if (asprintf(¶ms->filename, "%s/%.*s", params->path, name_len,
256 params->error = ENOMEM;
260 if (!strncmp(de->name, "lost+found", 10)) {
261 retval = set_selinux_xattr(params->fs, de->inode, params);
265 retval = androidify_inode(params->fs, de->inode, params);
268 if (is_dir(params->fs, de->inode)) {
269 char *cur_path = params->path;
270 char *cur_filename = params->filename;
271 params->path = params->filename;
272 retval = ext2fs_dir_iterate2(params->fs, de->inode, 0, NULL,
276 params->path = cur_path;
277 params->filename = cur_filename;
282 free(params->filename);
283 params->error |= retval;
287 errcode_t __android_configure_fs(ext2_filsys fs, char *src_dir,
290 fs_config_f fs_config_func,
291 struct selabel_handle *sehnd,
293 const struct ugid_map* uid_map,
294 const struct ugid_map* gid_map)
297 struct inode_params params = {
300 .target_out = target_out,
301 .fs_config_func = fs_config_func,
303 .fixed_time = fixed_time,
305 .filename = mountpoint,
306 .mountpoint = mountpoint,
312 /* walk_dir will add the "/". Don't add it twice. */
313 if (strlen(mountpoint) == 1 && mountpoint[0] == '/')
316 retval = androidify_inode(fs, EXT2_ROOT_INO, ¶ms);
320 retval = ext2fs_dir_iterate2(fs, EXT2_ROOT_INO, 0, NULL, walk_dir,
327 errcode_t android_configure_fs(ext2_filsys fs, char *src_dir, char *target_out,
329 struct selinux_opt *seopts EXT2FS_ATTR((unused)),
330 unsigned int nopt EXT2FS_ATTR((unused)),
331 char *fs_config_file, time_t fixed_time,
332 const struct ugid_map* uid_map,
333 const struct ugid_map* gid_map)
336 fs_config_f fs_config_func = NULL;
337 struct selabel_handle *sehnd = NULL;
339 /* Retrieve file contexts */
340 #if !defined(__ANDROID__)
342 sehnd = selabel_open(SELABEL_CTX_FILE, seopts, nopt);
344 int saved_errno = errno;
345 com_err(__func__, errno,
346 _("while opening file contexts \"%s\""),
352 sehnd = selinux_android_file_context_handle();
354 com_err(__func__, EINVAL,
355 _("while opening android file_contexts"));
360 /* Load the FS config */
361 if (fs_config_file) {
362 retval = load_canned_fs_config(fs_config_file);
364 com_err(__func__, retval,
365 _("while loading fs_config \"%s\""),
369 fs_config_func = canned_fs_config;
370 } else if (mountpoint)
371 fs_config_func = fs_config;
373 return __android_configure_fs(fs, src_dir, target_out, mountpoint,
374 fs_config_func, sehnd, fixed_time,