Volume.cpp revision 319b1043bbbd410aa2d572d88b5936f26072d026
1/* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <stdlib.h> 18#include <string.h> 19#include <dirent.h> 20#include <errno.h> 21#include <fcntl.h> 22 23#include <sys/types.h> 24#include <sys/stat.h> 25#include <sys/types.h> 26#include <sys/mman.h> 27#include <sys/mount.h> 28#include <sys/param.h> 29 30#include <linux/kdev_t.h> 31#include <linux/fs.h> 32 33#include <cutils/properties.h> 34 35#include <diskconfig/diskconfig.h> 36 37#include <private/android_filesystem_config.h> 38 39#define LOG_TAG "Vold" 40 41#include <cutils/log.h> 42 43#include "Volume.h" 44#include "VolumeManager.h" 45#include "ResponseCode.h" 46#include "Fat.h" 47#include "Process.h" 48#include "cryptfs.h" 49 50extern "C" void dos_partition_dec(void const *pp, struct dos_partition *d); 51extern "C" void dos_partition_enc(void *pp, struct dos_partition *d); 52 53 54/* 55 * Secure directory - stuff that only root can see 56 */ 57const char *Volume::SECDIR = "/mnt/secure"; 58 59/* 60 * Secure staging directory - where media is mounted for preparation 61 */ 62const char *Volume::SEC_STGDIR = "/mnt/secure/staging"; 63 64/* 65 * Path to the directory on the media which contains publicly accessable 66 * asec imagefiles. This path will be obscured before the mount is 67 * exposed to non priviledged users. 68 */ 69const char *Volume::SEC_STG_SECIMGDIR = "/mnt/secure/staging/.android_secure"; 70 71/* 72 * Path to where *only* root can access asec imagefiles 73 */ 74const char *Volume::SEC_ASECDIR = "/mnt/secure/asec"; 75 76/* 77 * Path to where secure containers are mounted 78 */ 79const char *Volume::ASECDIR = "/mnt/asec"; 80 81/* 82 * Path to where OBBs are mounted 83 */ 84const char *Volume::LOOPDIR = "/mnt/obb"; 85 86static const char *stateToStr(int state) { 87 if (state == Volume::State_Init) 88 return "Initializing"; 89 else if (state == Volume::State_NoMedia) 90 return "No-Media"; 91 else if (state == Volume::State_Idle) 92 return "Idle-Unmounted"; 93 else if (state == Volume::State_Pending) 94 return "Pending"; 95 else if (state == Volume::State_Mounted) 96 return "Mounted"; 97 else if (state == Volume::State_Unmounting) 98 return "Unmounting"; 99 else if (state == Volume::State_Checking) 100 return "Checking"; 101 else if (state == Volume::State_Formatting) 102 return "Formatting"; 103 else if (state == Volume::State_Shared) 104 return "Shared-Unmounted"; 105 else if (state == Volume::State_SharedMnt) 106 return "Shared-Mounted"; 107 else 108 return "Unknown-Error"; 109} 110 111Volume::Volume(VolumeManager *vm, const char *label, const char *mount_point) { 112 mVm = vm; 113 mDebug = false; 114 mLabel = strdup(label); 115 mMountpoint = strdup(mount_point); 116 mState = Volume::State_Init; 117 mCurrentlyMountedKdev = -1; 118 mPartIdx = -1; 119} 120 121Volume::~Volume() { 122 free(mLabel); 123 free(mMountpoint); 124} 125 126void Volume::protectFromAutorunStupidity() { 127 char filename[255]; 128 129 snprintf(filename, sizeof(filename), "%s/autorun.inf", SEC_STGDIR); 130 if (!access(filename, F_OK)) { 131 SLOGW("Volume contains an autorun.inf! - removing"); 132 /* 133 * Ensure the filename is all lower-case so 134 * the process killer can find the inode. 135 * Probably being paranoid here but meh. 136 */ 137 rename(filename, filename); 138 Process::killProcessesWithOpenFiles(filename, 2); 139 if (unlink(filename)) { 140 SLOGE("Failed to remove %s (%s)", filename, strerror(errno)); 141 } 142 } 143} 144 145void Volume::setDebug(bool enable) { 146 mDebug = enable; 147} 148 149dev_t Volume::getDiskDevice() { 150 return MKDEV(0, 0); 151}; 152 153dev_t Volume::getShareDevice() { 154 return getDiskDevice(); 155} 156 157void Volume::handleVolumeShared() { 158} 159 160void Volume::handleVolumeUnshared() { 161} 162 163int Volume::handleBlockEvent(NetlinkEvent *evt) { 164 errno = ENOSYS; 165 return -1; 166} 167 168void Volume::setState(int state) { 169 char msg[255]; 170 int oldState = mState; 171 172 if (oldState == state) { 173 SLOGW("Duplicate state (%d)\n", state); 174 return; 175 } 176 177 mState = state; 178 179 SLOGD("Volume %s state changing %d (%s) -> %d (%s)", mLabel, 180 oldState, stateToStr(oldState), mState, stateToStr(mState)); 181 snprintf(msg, sizeof(msg), 182 "Volume %s %s state changed from %d (%s) to %d (%s)", getLabel(), 183 getMountpoint(), oldState, stateToStr(oldState), mState, 184 stateToStr(mState)); 185 186 mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeStateChange, 187 msg, false); 188} 189 190int Volume::createDeviceNode(const char *path, int major, int minor) { 191 mode_t mode = 0660 | S_IFBLK; 192 dev_t dev = (major << 8) | minor; 193 if (mknod(path, mode, dev) < 0) { 194 if (errno != EEXIST) { 195 return -1; 196 } 197 } 198 return 0; 199} 200 201int Volume::formatVol() { 202 203 if (getState() == Volume::State_NoMedia) { 204 errno = ENODEV; 205 return -1; 206 } else if (getState() != Volume::State_Idle) { 207 errno = EBUSY; 208 return -1; 209 } 210 211 if (isMountpointMounted(getMountpoint())) { 212 SLOGW("Volume is idle but appears to be mounted - fixing"); 213 setState(Volume::State_Mounted); 214 // mCurrentlyMountedKdev = XXX 215 errno = EBUSY; 216 return -1; 217 } 218 219 bool formatEntireDevice = (mPartIdx == -1); 220 char devicePath[255]; 221 dev_t diskNode = getDiskDevice(); 222 dev_t partNode = MKDEV(MAJOR(diskNode), (formatEntireDevice ? 1 : mPartIdx)); 223 224 setState(Volume::State_Formatting); 225 226 int ret = -1; 227 // Only initialize the MBR if we are formatting the entire device 228 if (formatEntireDevice) { 229 sprintf(devicePath, "/dev/block/vold/%d:%d", 230 MAJOR(diskNode), MINOR(diskNode)); 231 232 if (initializeMbr(devicePath)) { 233 SLOGE("Failed to initialize MBR (%s)", strerror(errno)); 234 goto err; 235 } 236 } 237 238 sprintf(devicePath, "/dev/block/vold/%d:%d", 239 MAJOR(partNode), MINOR(partNode)); 240 241 if (mDebug) { 242 SLOGI("Formatting volume %s (%s)", getLabel(), devicePath); 243 } 244 245 if (Fat::format(devicePath, 0)) { 246 SLOGE("Failed to format (%s)", strerror(errno)); 247 goto err; 248 } 249 250 ret = 0; 251 252err: 253 setState(Volume::State_Idle); 254 return ret; 255} 256 257bool Volume::isMountpointMounted(const char *path) { 258 char device[256]; 259 char mount_path[256]; 260 char rest[256]; 261 FILE *fp; 262 char line[1024]; 263 264 if (!(fp = fopen("/proc/mounts", "r"))) { 265 SLOGE("Error opening /proc/mounts (%s)", strerror(errno)); 266 return false; 267 } 268 269 while(fgets(line, sizeof(line), fp)) { 270 line[strlen(line)-1] = '\0'; 271 sscanf(line, "%255s %255s %255s\n", device, mount_path, rest); 272 if (!strcmp(mount_path, path)) { 273 fclose(fp); 274 return true; 275 } 276 277 } 278 279 fclose(fp); 280 return false; 281} 282 283int Volume::mountVol() { 284 dev_t deviceNodes[4]; 285 int n, i, rc = 0; 286 char errmsg[255]; 287 const char* externalStorage = getenv("EXTERNAL_STORAGE"); 288 bool primaryStorage = externalStorage && !strcmp(getMountpoint(), externalStorage); 289 char decrypt_state[PROPERTY_VALUE_MAX]; 290 char crypto_state[PROPERTY_VALUE_MAX]; 291 char encrypt_progress[PROPERTY_VALUE_MAX]; 292 int flags; 293 294 property_get("vold.decrypt", decrypt_state, ""); 295 property_get("vold.encrypt_progress", encrypt_progress, ""); 296 297 /* Don't try to mount the volumes if we have not yet entered the disk password 298 * or are in the process of encrypting. 299 */ 300 if ((getState() == Volume::State_NoMedia) || 301 ((!strcmp(decrypt_state, "1") || encrypt_progress[0]) && primaryStorage)) { 302 snprintf(errmsg, sizeof(errmsg), 303 "Volume %s %s mount failed - no media", 304 getLabel(), getMountpoint()); 305 mVm->getBroadcaster()->sendBroadcast( 306 ResponseCode::VolumeMountFailedNoMedia, 307 errmsg, false); 308 errno = ENODEV; 309 return -1; 310 } else if (getState() != Volume::State_Idle) { 311 errno = EBUSY; 312 return -1; 313 } 314 315 if (isMountpointMounted(getMountpoint())) { 316 SLOGW("Volume is idle but appears to be mounted - fixing"); 317 setState(Volume::State_Mounted); 318 // mCurrentlyMountedKdev = XXX 319 return 0; 320 } 321 322 n = getDeviceNodes((dev_t *) &deviceNodes, 4); 323 if (!n) { 324 SLOGE("Failed to get device nodes (%s)\n", strerror(errno)); 325 return -1; 326 } 327 328 /* If we're running encrypted, and the volume is marked as encryptable and nonremovable, 329 * and vold is asking to mount the primaryStorage device, then we need to decrypt 330 * that partition, and update the volume object to point to it's new decrypted 331 * block device 332 */ 333 property_get("ro.crypto.state", crypto_state, ""); 334 flags = getFlags(); 335 if (primaryStorage && 336 ((flags & (VOL_NONREMOVABLE | VOL_ENCRYPTABLE))==(VOL_NONREMOVABLE | VOL_ENCRYPTABLE)) && 337 !strcmp(crypto_state, "encrypted") && !isDecrypted()) { 338 char new_sys_path[MAXPATHLEN]; 339 char nodepath[256]; 340 int new_major, new_minor; 341 342 if (n != 1) { 343 /* We only expect one device node returned when mounting encryptable volumes */ 344 SLOGE("Too many device nodes returned when mounting %d\n", getMountpoint()); 345 return -1; 346 } 347 348 if (cryptfs_setup_volume(getLabel(), MAJOR(deviceNodes[0]), MINOR(deviceNodes[0]), 349 new_sys_path, sizeof(new_sys_path), 350 &new_major, &new_minor)) { 351 SLOGE("Cannot setup encryption mapping for %d\n", getMountpoint()); 352 return -1; 353 } 354 /* We now have the new sysfs path for the decrypted block device, and the 355 * majore and minor numbers for it. So, create the device, update the 356 * path to the new sysfs path, and continue. 357 */ 358 snprintf(nodepath, 359 sizeof(nodepath), "/dev/block/vold/%d:%d", 360 new_major, new_minor); 361 if (createDeviceNode(nodepath, new_major, new_minor)) { 362 SLOGE("Error making device node '%s' (%s)", nodepath, 363 strerror(errno)); 364 } 365 366 // Todo: Either create sys filename from nodepath, or pass in bogus path so 367 // vold ignores state changes on this internal device. 368 updateDeviceInfo(nodepath, new_major, new_minor); 369 370 /* Get the device nodes again, because they just changed */ 371 n = getDeviceNodes((dev_t *) &deviceNodes, 4); 372 if (!n) { 373 SLOGE("Failed to get device nodes (%s)\n", strerror(errno)); 374 return -1; 375 } 376 } 377 378 for (i = 0; i < n; i++) { 379 char devicePath[255]; 380 381 sprintf(devicePath, "/dev/block/vold/%d:%d", MAJOR(deviceNodes[i]), 382 MINOR(deviceNodes[i])); 383 384 SLOGI("%s being considered for volume %s\n", devicePath, getLabel()); 385 386 errno = 0; 387 setState(Volume::State_Checking); 388 389 if (Fat::check(devicePath)) { 390 if (errno == ENODATA) { 391 SLOGW("%s does not contain a FAT filesystem\n", devicePath); 392 continue; 393 } 394 errno = EIO; 395 /* Badness - abort the mount */ 396 SLOGE("%s failed FS checks (%s)", devicePath, strerror(errno)); 397 setState(Volume::State_Idle); 398 return -1; 399 } 400 401 /* 402 * Mount the device on our internal staging mountpoint so we can 403 * muck with it before exposing it to non priviledged users. 404 */ 405 errno = 0; 406 int gid; 407 408 if (primaryStorage) { 409 // Special case the primary SD card. 410 // For this we grant write access to the SDCARD_RW group. 411 gid = AID_SDCARD_RW; 412 } else { 413 // For secondary external storage we keep things locked up. 414 gid = AID_MEDIA_RW; 415 } 416 if (Fat::doMount(devicePath, "/mnt/secure/staging", false, false, false, 417 AID_SYSTEM, gid, 0702, true)) { 418 SLOGE("%s failed to mount via VFAT (%s)\n", devicePath, strerror(errno)); 419 continue; 420 } 421 422 SLOGI("Device %s, target %s mounted @ /mnt/secure/staging", devicePath, getMountpoint()); 423 424 protectFromAutorunStupidity(); 425 426 // only create android_secure on primary storage 427 if (primaryStorage && createBindMounts()) { 428 SLOGE("Failed to create bindmounts (%s)", strerror(errno)); 429 umount("/mnt/secure/staging"); 430 setState(Volume::State_Idle); 431 return -1; 432 } 433 434 /* 435 * Now that the bindmount trickery is done, atomically move the 436 * whole subtree to expose it to non priviledged users. 437 */ 438 if (doMoveMount("/mnt/secure/staging", getMountpoint(), false)) { 439 SLOGE("Failed to move mount (%s)", strerror(errno)); 440 umount("/mnt/secure/staging"); 441 setState(Volume::State_Idle); 442 return -1; 443 } 444 setState(Volume::State_Mounted); 445 mCurrentlyMountedKdev = deviceNodes[i]; 446 return 0; 447 } 448 449 SLOGE("Volume %s found no suitable devices for mounting :(\n", getLabel()); 450 setState(Volume::State_Idle); 451 452 return -1; 453} 454 455int Volume::createBindMounts() { 456 unsigned long flags; 457 458 /* 459 * Rename old /android_secure -> /.android_secure 460 */ 461 if (!access("/mnt/secure/staging/android_secure", R_OK | X_OK) && 462 access(SEC_STG_SECIMGDIR, R_OK | X_OK)) { 463 if (rename("/mnt/secure/staging/android_secure", SEC_STG_SECIMGDIR)) { 464 SLOGE("Failed to rename legacy asec dir (%s)", strerror(errno)); 465 } 466 } 467 468 /* 469 * Ensure that /android_secure exists and is a directory 470 */ 471 if (access(SEC_STG_SECIMGDIR, R_OK | X_OK)) { 472 if (errno == ENOENT) { 473 if (mkdir(SEC_STG_SECIMGDIR, 0777)) { 474 SLOGE("Failed to create %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 475 return -1; 476 } 477 } else { 478 SLOGE("Failed to access %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 479 return -1; 480 } 481 } else { 482 struct stat sbuf; 483 484 if (stat(SEC_STG_SECIMGDIR, &sbuf)) { 485 SLOGE("Failed to stat %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 486 return -1; 487 } 488 if (!S_ISDIR(sbuf.st_mode)) { 489 SLOGE("%s is not a directory", SEC_STG_SECIMGDIR); 490 errno = ENOTDIR; 491 return -1; 492 } 493 } 494 495 /* 496 * Bind mount /mnt/secure/staging/android_secure -> /mnt/secure/asec so we'll 497 * have a root only accessable mountpoint for it. 498 */ 499 if (mount(SEC_STG_SECIMGDIR, SEC_ASECDIR, "", MS_BIND, NULL)) { 500 SLOGE("Failed to bind mount points %s -> %s (%s)", 501 SEC_STG_SECIMGDIR, SEC_ASECDIR, strerror(errno)); 502 return -1; 503 } 504 505 /* 506 * Mount a read-only, zero-sized tmpfs on <mountpoint>/android_secure to 507 * obscure the underlying directory from everybody - sneaky eh? ;) 508 */ 509 if (mount("tmpfs", SEC_STG_SECIMGDIR, "tmpfs", MS_RDONLY, "size=0,mode=000,uid=0,gid=0")) { 510 SLOGE("Failed to obscure %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 511 umount("/mnt/asec_secure"); 512 return -1; 513 } 514 515 return 0; 516} 517 518int Volume::doMoveMount(const char *src, const char *dst, bool force) { 519 unsigned int flags = MS_MOVE; 520 int retries = 5; 521 522 while(retries--) { 523 if (!mount(src, dst, "", flags, NULL)) { 524 if (mDebug) { 525 SLOGD("Moved mount %s -> %s sucessfully", src, dst); 526 } 527 return 0; 528 } else if (errno != EBUSY) { 529 SLOGE("Failed to move mount %s -> %s (%s)", src, dst, strerror(errno)); 530 return -1; 531 } 532 int action = 0; 533 534 if (force) { 535 if (retries == 1) { 536 action = 2; // SIGKILL 537 } else if (retries == 2) { 538 action = 1; // SIGHUP 539 } 540 } 541 SLOGW("Failed to move %s -> %s (%s, retries %d, action %d)", 542 src, dst, strerror(errno), retries, action); 543 Process::killProcessesWithOpenFiles(src, action); 544 usleep(1000*250); 545 } 546 547 errno = EBUSY; 548 SLOGE("Giving up on move %s -> %s (%s)", src, dst, strerror(errno)); 549 return -1; 550} 551 552int Volume::doUnmount(const char *path, bool force) { 553 int retries = 10; 554 555 if (mDebug) { 556 SLOGD("Unmounting {%s}, force = %d", path, force); 557 } 558 559 while (retries--) { 560 if (!umount(path) || errno == EINVAL || errno == ENOENT) { 561 SLOGI("%s sucessfully unmounted", path); 562 return 0; 563 } 564 565 int action = 0; 566 567 if (force) { 568 if (retries == 1) { 569 action = 2; // SIGKILL 570 } else if (retries == 2) { 571 action = 1; // SIGHUP 572 } 573 } 574 575 SLOGW("Failed to unmount %s (%s, retries %d, action %d)", 576 path, strerror(errno), retries, action); 577 578 Process::killProcessesWithOpenFiles(path, action); 579 usleep(1000*1000); 580 } 581 errno = EBUSY; 582 SLOGE("Giving up on unmount %s (%s)", path, strerror(errno)); 583 return -1; 584} 585 586int Volume::unmountVol(bool force) { 587 int i, rc; 588 589 if (getState() != Volume::State_Mounted) { 590 SLOGE("Volume %s unmount request when not mounted", getLabel()); 591 errno = EINVAL; 592 return UNMOUNT_NOT_MOUNTED_ERR; 593 } 594 595 setState(Volume::State_Unmounting); 596 usleep(1000 * 1000); // Give the framework some time to react 597 598 /* 599 * First move the mountpoint back to our internal staging point 600 * so nobody else can muck with it while we work. 601 */ 602 if (doMoveMount(getMountpoint(), SEC_STGDIR, force)) { 603 SLOGE("Failed to move mount %s => %s (%s)", getMountpoint(), SEC_STGDIR, strerror(errno)); 604 setState(Volume::State_Mounted); 605 return -1; 606 } 607 608 protectFromAutorunStupidity(); 609 610 /* 611 * Unmount the tmpfs which was obscuring the asec image directory 612 * from non root users 613 */ 614 615 if (doUnmount(Volume::SEC_STG_SECIMGDIR, force)) { 616 SLOGE("Failed to unmount tmpfs on %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 617 goto fail_republish; 618 } 619 620 /* 621 * Remove the bindmount we were using to keep a reference to 622 * the previously obscured directory. 623 */ 624 625 if (doUnmount(Volume::SEC_ASECDIR, force)) { 626 SLOGE("Failed to remove bindmount on %s (%s)", SEC_ASECDIR, strerror(errno)); 627 goto fail_remount_tmpfs; 628 } 629 630 /* 631 * Finally, unmount the actual block device from the staging dir 632 */ 633 if (doUnmount(Volume::SEC_STGDIR, force)) { 634 SLOGE("Failed to unmount %s (%s)", SEC_STGDIR, strerror(errno)); 635 goto fail_recreate_bindmount; 636 } 637 638 SLOGI("%s unmounted sucessfully", getMountpoint()); 639 640 setState(Volume::State_Idle); 641 mCurrentlyMountedKdev = -1; 642 return 0; 643 644 /* 645 * Failure handling - try to restore everything back the way it was 646 */ 647fail_recreate_bindmount: 648 if (mount(SEC_STG_SECIMGDIR, SEC_ASECDIR, "", MS_BIND, NULL)) { 649 SLOGE("Failed to restore bindmount after failure! - Storage will appear offline!"); 650 goto out_nomedia; 651 } 652fail_remount_tmpfs: 653 if (mount("tmpfs", SEC_STG_SECIMGDIR, "tmpfs", MS_RDONLY, "size=0,mode=0,uid=0,gid=0")) { 654 SLOGE("Failed to restore tmpfs after failure! - Storage will appear offline!"); 655 goto out_nomedia; 656 } 657fail_republish: 658 if (doMoveMount(SEC_STGDIR, getMountpoint(), force)) { 659 SLOGE("Failed to republish mount after failure! - Storage will appear offline!"); 660 goto out_nomedia; 661 } 662 663 setState(Volume::State_Mounted); 664 return -1; 665 666out_nomedia: 667 setState(Volume::State_NoMedia); 668 return -1; 669} 670int Volume::initializeMbr(const char *deviceNode) { 671 struct disk_info dinfo; 672 673 memset(&dinfo, 0, sizeof(dinfo)); 674 675 if (!(dinfo.part_lst = (struct part_info *) malloc(MAX_NUM_PARTS * sizeof(struct part_info)))) { 676 SLOGE("Failed to malloc prt_lst"); 677 return -1; 678 } 679 680 memset(dinfo.part_lst, 0, MAX_NUM_PARTS * sizeof(struct part_info)); 681 dinfo.device = strdup(deviceNode); 682 dinfo.scheme = PART_SCHEME_MBR; 683 dinfo.sect_size = 512; 684 dinfo.skip_lba = 2048; 685 dinfo.num_lba = 0; 686 dinfo.num_parts = 1; 687 688 struct part_info *pinfo = &dinfo.part_lst[0]; 689 690 pinfo->name = strdup("android_sdcard"); 691 pinfo->flags |= PART_ACTIVE_FLAG; 692 pinfo->type = PC_PART_TYPE_FAT32; 693 pinfo->len_kb = -1; 694 695 int rc = apply_disk_config(&dinfo, 0); 696 697 if (rc) { 698 SLOGE("Failed to apply disk configuration (%d)", rc); 699 goto out; 700 } 701 702 out: 703 free(pinfo->name); 704 free(dinfo.device); 705 free(dinfo.part_lst); 706 707 return rc; 708} 709