Volume.cpp revision 850949485b390c0928ea2f4a7db47be73bebb718
1/* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <stdlib.h> 18#include <string.h> 19#include <dirent.h> 20#include <errno.h> 21#include <fcntl.h> 22 23#include <sys/types.h> 24#include <sys/stat.h> 25#include <sys/types.h> 26#include <sys/mman.h> 27#include <sys/mount.h> 28 29#include <linux/kdev_t.h> 30#include <linux/fs.h> 31 32#include <cutils/properties.h> 33 34#include <diskconfig/diskconfig.h> 35 36#include <private/android_filesystem_config.h> 37 38#define LOG_TAG "Vold" 39 40#include <cutils/log.h> 41 42#include "Volume.h" 43#include "VolumeManager.h" 44#include "ResponseCode.h" 45#include "Fat.h" 46#include "Process.h" 47 48extern "C" void dos_partition_dec(void const *pp, struct dos_partition *d); 49extern "C" void dos_partition_enc(void *pp, struct dos_partition *d); 50 51 52/* 53 * Secure directory - stuff that only root can see 54 */ 55const char *Volume::SECDIR = "/mnt/secure"; 56 57/* 58 * Secure staging directory - where media is mounted for preparation 59 */ 60const char *Volume::SEC_STGDIR = "/mnt/secure/staging"; 61 62/* 63 * Path to the directory on the media which contains publicly accessable 64 * asec imagefiles. This path will be obscured before the mount is 65 * exposed to non priviledged users. 66 */ 67const char *Volume::SEC_STG_SECIMGDIR = "/mnt/secure/staging/.android_secure"; 68 69/* 70 * Path to where *only* root can access asec imagefiles 71 */ 72const char *Volume::SEC_ASECDIR = "/mnt/secure/asec"; 73 74/* 75 * Path to where secure containers are mounted 76 */ 77const char *Volume::ASECDIR = "/mnt/asec"; 78 79/* 80 * Path to where OBBs are mounted 81 */ 82const char *Volume::LOOPDIR = "/mnt/obb"; 83 84static const char *stateToStr(int state) { 85 if (state == Volume::State_Init) 86 return "Initializing"; 87 else if (state == Volume::State_NoMedia) 88 return "No-Media"; 89 else if (state == Volume::State_Idle) 90 return "Idle-Unmounted"; 91 else if (state == Volume::State_Pending) 92 return "Pending"; 93 else if (state == Volume::State_Mounted) 94 return "Mounted"; 95 else if (state == Volume::State_Unmounting) 96 return "Unmounting"; 97 else if (state == Volume::State_Checking) 98 return "Checking"; 99 else if (state == Volume::State_Formatting) 100 return "Formatting"; 101 else if (state == Volume::State_Shared) 102 return "Shared-Unmounted"; 103 else if (state == Volume::State_SharedMnt) 104 return "Shared-Mounted"; 105 else 106 return "Unknown-Error"; 107} 108 109Volume::Volume(VolumeManager *vm, const char *label, const char *mount_point) { 110 mVm = vm; 111 mDebug = false; 112 mLabel = strdup(label); 113 mMountpoint = strdup(mount_point); 114 mState = Volume::State_Init; 115 mCurrentlyMountedKdev = -1; 116 mPartIdx = -1; 117} 118 119Volume::~Volume() { 120 free(mLabel); 121 free(mMountpoint); 122} 123 124void Volume::protectFromAutorunStupidity() { 125 char filename[255]; 126 127 snprintf(filename, sizeof(filename), "%s/autorun.inf", SEC_STGDIR); 128 if (!access(filename, F_OK)) { 129 SLOGW("Volume contains an autorun.inf! - removing"); 130 /* 131 * Ensure the filename is all lower-case so 132 * the process killer can find the inode. 133 * Probably being paranoid here but meh. 134 */ 135 rename(filename, filename); 136 Process::killProcessesWithOpenFiles(filename, 2); 137 if (unlink(filename)) { 138 SLOGE("Failed to remove %s (%s)", filename, strerror(errno)); 139 } 140 } 141} 142 143void Volume::setDebug(bool enable) { 144 mDebug = enable; 145} 146 147dev_t Volume::getDiskDevice() { 148 return MKDEV(0, 0); 149}; 150 151dev_t Volume::getShareDevice() { 152 return getDiskDevice(); 153} 154 155void Volume::handleVolumeShared() { 156} 157 158void Volume::handleVolumeUnshared() { 159} 160 161int Volume::handleBlockEvent(NetlinkEvent *evt) { 162 errno = ENOSYS; 163 return -1; 164} 165 166void Volume::setState(int state) { 167 char msg[255]; 168 int oldState = mState; 169 170 if (oldState == state) { 171 SLOGW("Duplicate state (%d)\n", state); 172 return; 173 } 174 175 mState = state; 176 177 SLOGD("Volume %s state changing %d (%s) -> %d (%s)", mLabel, 178 oldState, stateToStr(oldState), mState, stateToStr(mState)); 179 snprintf(msg, sizeof(msg), 180 "Volume %s %s state changed from %d (%s) to %d (%s)", getLabel(), 181 getMountpoint(), oldState, stateToStr(oldState), mState, 182 stateToStr(mState)); 183 184 mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeStateChange, 185 msg, false); 186} 187 188int Volume::createDeviceNode(const char *path, int major, int minor) { 189 mode_t mode = 0660 | S_IFBLK; 190 dev_t dev = (major << 8) | minor; 191 if (mknod(path, mode, dev) < 0) { 192 if (errno != EEXIST) { 193 return -1; 194 } 195 } 196 return 0; 197} 198 199int Volume::formatVol() { 200 201 if (getState() == Volume::State_NoMedia) { 202 errno = ENODEV; 203 return -1; 204 } else if (getState() != Volume::State_Idle) { 205 errno = EBUSY; 206 return -1; 207 } 208 209 if (isMountpointMounted(getMountpoint())) { 210 SLOGW("Volume is idle but appears to be mounted - fixing"); 211 setState(Volume::State_Mounted); 212 // mCurrentlyMountedKdev = XXX 213 errno = EBUSY; 214 return -1; 215 } 216 217 bool formatEntireDevice = (mPartIdx == -1); 218 char devicePath[255]; 219 dev_t diskNode = getDiskDevice(); 220 dev_t partNode = MKDEV(MAJOR(diskNode), (formatEntireDevice ? 1 : mPartIdx)); 221 222 setState(Volume::State_Formatting); 223 224 int ret = -1; 225 // Only initialize the MBR if we are formatting the entire device 226 if (formatEntireDevice) { 227 sprintf(devicePath, "/dev/block/vold/%d:%d", 228 MAJOR(diskNode), MINOR(diskNode)); 229 230 if (initializeMbr(devicePath)) { 231 SLOGE("Failed to initialize MBR (%s)", strerror(errno)); 232 goto err; 233 } 234 } 235 236 sprintf(devicePath, "/dev/block/vold/%d:%d", 237 MAJOR(partNode), MINOR(partNode)); 238 239 if (mDebug) { 240 SLOGI("Formatting volume %s (%s)", getLabel(), devicePath); 241 } 242 243 if (Fat::format(devicePath, 0)) { 244 SLOGE("Failed to format (%s)", strerror(errno)); 245 goto err; 246 } 247 248 ret = 0; 249 250err: 251 setState(Volume::State_Idle); 252 return ret; 253} 254 255bool Volume::isMountpointMounted(const char *path) { 256 char device[256]; 257 char mount_path[256]; 258 char rest[256]; 259 FILE *fp; 260 char line[1024]; 261 262 if (!(fp = fopen("/proc/mounts", "r"))) { 263 SLOGE("Error opening /proc/mounts (%s)", strerror(errno)); 264 return false; 265 } 266 267 while(fgets(line, sizeof(line), fp)) { 268 line[strlen(line)-1] = '\0'; 269 sscanf(line, "%255s %255s %255s\n", device, mount_path, rest); 270 if (!strcmp(mount_path, path)) { 271 fclose(fp); 272 return true; 273 } 274 275 } 276 277 fclose(fp); 278 return false; 279} 280 281int Volume::mountVol() { 282 dev_t deviceNodes[4]; 283 int n, i, rc = 0; 284 char errmsg[255]; 285 const char* externalStorage = getenv("EXTERNAL_STORAGE"); 286 bool primaryStorage = externalStorage && !strcmp(getMountpoint(), externalStorage); 287 288 if (getState() == Volume::State_NoMedia) { 289 snprintf(errmsg, sizeof(errmsg), 290 "Volume %s %s mount failed - no media", 291 getLabel(), getMountpoint()); 292 mVm->getBroadcaster()->sendBroadcast( 293 ResponseCode::VolumeMountFailedNoMedia, 294 errmsg, false); 295 errno = ENODEV; 296 return -1; 297 } else if (getState() != Volume::State_Idle) { 298 errno = EBUSY; 299 return -1; 300 } 301 302 if (isMountpointMounted(getMountpoint())) { 303 SLOGW("Volume is idle but appears to be mounted - fixing"); 304 setState(Volume::State_Mounted); 305 // mCurrentlyMountedKdev = XXX 306 return 0; 307 } 308 309 n = getDeviceNodes((dev_t *) &deviceNodes, 4); 310 if (!n) { 311 SLOGE("Failed to get device nodes (%s)\n", strerror(errno)); 312 return -1; 313 } 314 315 for (i = 0; i < n; i++) { 316 char devicePath[255]; 317 318 sprintf(devicePath, "/dev/block/vold/%d:%d", MAJOR(deviceNodes[i]), 319 MINOR(deviceNodes[i])); 320 321 SLOGI("%s being considered for volume %s\n", devicePath, getLabel()); 322 323 errno = 0; 324 setState(Volume::State_Checking); 325 326 if (Fat::check(devicePath)) { 327 if (errno == ENODATA) { 328 SLOGW("%s does not contain a FAT filesystem\n", devicePath); 329 continue; 330 } 331 errno = EIO; 332 /* Badness - abort the mount */ 333 SLOGE("%s failed FS checks (%s)", devicePath, strerror(errno)); 334 setState(Volume::State_Idle); 335 return -1; 336 } 337 338 /* 339 * Mount the device on our internal staging mountpoint so we can 340 * muck with it before exposing it to non priviledged users. 341 */ 342 errno = 0; 343 int gid; 344 345 if (primaryStorage) { 346 // Special case the primary SD card. 347 // For this we grant write access to the SDCARD_RW group. 348 gid = AID_SDCARD_RW; 349 } else { 350 // For secondary external storage we keep things locked up. 351 gid = AID_MEDIA_RW; 352 } 353 if (Fat::doMount(devicePath, "/mnt/secure/staging", false, false, false, 354 AID_SYSTEM, gid, 0702, true)) { 355 SLOGE("%s failed to mount via VFAT (%s)\n", devicePath, strerror(errno)); 356 continue; 357 } 358 359 SLOGI("Device %s, target %s mounted @ /mnt/secure/staging", devicePath, getMountpoint()); 360 361 protectFromAutorunStupidity(); 362 363 // only create android_secure on primary storage 364 if (primaryStorage && createBindMounts()) { 365 SLOGE("Failed to create bindmounts (%s)", strerror(errno)); 366 umount("/mnt/secure/staging"); 367 setState(Volume::State_Idle); 368 return -1; 369 } 370 371 /* 372 * Now that the bindmount trickery is done, atomically move the 373 * whole subtree to expose it to non priviledged users. 374 */ 375 if (doMoveMount("/mnt/secure/staging", getMountpoint(), false)) { 376 SLOGE("Failed to move mount (%s)", strerror(errno)); 377 umount("/mnt/secure/staging"); 378 setState(Volume::State_Idle); 379 return -1; 380 } 381 setState(Volume::State_Mounted); 382 mCurrentlyMountedKdev = deviceNodes[i]; 383 return 0; 384 } 385 386 SLOGE("Volume %s found no suitable devices for mounting :(\n", getLabel()); 387 setState(Volume::State_Idle); 388 389 return -1; 390} 391 392int Volume::createBindMounts() { 393 unsigned long flags; 394 395 /* 396 * Rename old /android_secure -> /.android_secure 397 */ 398 if (!access("/mnt/secure/staging/android_secure", R_OK | X_OK) && 399 access(SEC_STG_SECIMGDIR, R_OK | X_OK)) { 400 if (rename("/mnt/secure/staging/android_secure", SEC_STG_SECIMGDIR)) { 401 SLOGE("Failed to rename legacy asec dir (%s)", strerror(errno)); 402 } 403 } 404 405 /* 406 * Ensure that /android_secure exists and is a directory 407 */ 408 if (access(SEC_STG_SECIMGDIR, R_OK | X_OK)) { 409 if (errno == ENOENT) { 410 if (mkdir(SEC_STG_SECIMGDIR, 0777)) { 411 SLOGE("Failed to create %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 412 return -1; 413 } 414 } else { 415 SLOGE("Failed to access %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 416 return -1; 417 } 418 } else { 419 struct stat sbuf; 420 421 if (stat(SEC_STG_SECIMGDIR, &sbuf)) { 422 SLOGE("Failed to stat %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 423 return -1; 424 } 425 if (!S_ISDIR(sbuf.st_mode)) { 426 SLOGE("%s is not a directory", SEC_STG_SECIMGDIR); 427 errno = ENOTDIR; 428 return -1; 429 } 430 } 431 432 /* 433 * Bind mount /mnt/secure/staging/android_secure -> /mnt/secure/asec so we'll 434 * have a root only accessable mountpoint for it. 435 */ 436 if (mount(SEC_STG_SECIMGDIR, SEC_ASECDIR, "", MS_BIND, NULL)) { 437 SLOGE("Failed to bind mount points %s -> %s (%s)", 438 SEC_STG_SECIMGDIR, SEC_ASECDIR, strerror(errno)); 439 return -1; 440 } 441 442 /* 443 * Mount a read-only, zero-sized tmpfs on <mountpoint>/android_secure to 444 * obscure the underlying directory from everybody - sneaky eh? ;) 445 */ 446 if (mount("tmpfs", SEC_STG_SECIMGDIR, "tmpfs", MS_RDONLY, "size=0,mode=000,uid=0,gid=0")) { 447 SLOGE("Failed to obscure %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 448 umount("/mnt/asec_secure"); 449 return -1; 450 } 451 452 return 0; 453} 454 455int Volume::doMoveMount(const char *src, const char *dst, bool force) { 456 unsigned int flags = MS_MOVE; 457 int retries = 5; 458 459 while(retries--) { 460 if (!mount(src, dst, "", flags, NULL)) { 461 if (mDebug) { 462 SLOGD("Moved mount %s -> %s sucessfully", src, dst); 463 } 464 return 0; 465 } else if (errno != EBUSY) { 466 SLOGE("Failed to move mount %s -> %s (%s)", src, dst, strerror(errno)); 467 return -1; 468 } 469 int action = 0; 470 471 if (force) { 472 if (retries == 1) { 473 action = 2; // SIGKILL 474 } else if (retries == 2) { 475 action = 1; // SIGHUP 476 } 477 } 478 SLOGW("Failed to move %s -> %s (%s, retries %d, action %d)", 479 src, dst, strerror(errno), retries, action); 480 Process::killProcessesWithOpenFiles(src, action); 481 usleep(1000*250); 482 } 483 484 errno = EBUSY; 485 SLOGE("Giving up on move %s -> %s (%s)", src, dst, strerror(errno)); 486 return -1; 487} 488 489int Volume::doUnmount(const char *path, bool force) { 490 int retries = 10; 491 492 if (mDebug) { 493 SLOGD("Unmounting {%s}, force = %d", path, force); 494 } 495 496 while (retries--) { 497 if (!umount(path) || errno == EINVAL || errno == ENOENT) { 498 SLOGI("%s sucessfully unmounted", path); 499 return 0; 500 } 501 502 int action = 0; 503 504 if (force) { 505 if (retries == 1) { 506 action = 2; // SIGKILL 507 } else if (retries == 2) { 508 action = 1; // SIGHUP 509 } 510 } 511 512 SLOGW("Failed to unmount %s (%s, retries %d, action %d)", 513 path, strerror(errno), retries, action); 514 515 Process::killProcessesWithOpenFiles(path, action); 516 usleep(1000*1000); 517 } 518 errno = EBUSY; 519 SLOGE("Giving up on unmount %s (%s)", path, strerror(errno)); 520 return -1; 521} 522 523int Volume::unmountVol(bool force) { 524 int i, rc; 525 526 if (getState() != Volume::State_Mounted) { 527 SLOGE("Volume %s unmount request when not mounted", getLabel()); 528 errno = EINVAL; 529 return -1; 530 } 531 532 setState(Volume::State_Unmounting); 533 usleep(1000 * 1000); // Give the framework some time to react 534 535 /* 536 * First move the mountpoint back to our internal staging point 537 * so nobody else can muck with it while we work. 538 */ 539 if (doMoveMount(getMountpoint(), SEC_STGDIR, force)) { 540 SLOGE("Failed to move mount %s => %s (%s)", getMountpoint(), SEC_STGDIR, strerror(errno)); 541 setState(Volume::State_Mounted); 542 return -1; 543 } 544 545 protectFromAutorunStupidity(); 546 547 /* 548 * Unmount the tmpfs which was obscuring the asec image directory 549 * from non root users 550 */ 551 552 if (doUnmount(Volume::SEC_STG_SECIMGDIR, force)) { 553 SLOGE("Failed to unmount tmpfs on %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 554 goto fail_republish; 555 } 556 557 /* 558 * Remove the bindmount we were using to keep a reference to 559 * the previously obscured directory. 560 */ 561 562 if (doUnmount(Volume::SEC_ASECDIR, force)) { 563 SLOGE("Failed to remove bindmount on %s (%s)", SEC_ASECDIR, strerror(errno)); 564 goto fail_remount_tmpfs; 565 } 566 567 /* 568 * Finally, unmount the actual block device from the staging dir 569 */ 570 if (doUnmount(Volume::SEC_STGDIR, force)) { 571 SLOGE("Failed to unmount %s (%s)", SEC_STGDIR, strerror(errno)); 572 goto fail_recreate_bindmount; 573 } 574 575 SLOGI("%s unmounted sucessfully", getMountpoint()); 576 577 setState(Volume::State_Idle); 578 mCurrentlyMountedKdev = -1; 579 return 0; 580 581 /* 582 * Failure handling - try to restore everything back the way it was 583 */ 584fail_recreate_bindmount: 585 if (mount(SEC_STG_SECIMGDIR, SEC_ASECDIR, "", MS_BIND, NULL)) { 586 SLOGE("Failed to restore bindmount after failure! - Storage will appear offline!"); 587 goto out_nomedia; 588 } 589fail_remount_tmpfs: 590 if (mount("tmpfs", SEC_STG_SECIMGDIR, "tmpfs", MS_RDONLY, "size=0,mode=0,uid=0,gid=0")) { 591 SLOGE("Failed to restore tmpfs after failure! - Storage will appear offline!"); 592 goto out_nomedia; 593 } 594fail_republish: 595 if (doMoveMount(SEC_STGDIR, getMountpoint(), force)) { 596 SLOGE("Failed to republish mount after failure! - Storage will appear offline!"); 597 goto out_nomedia; 598 } 599 600 setState(Volume::State_Mounted); 601 return -1; 602 603out_nomedia: 604 setState(Volume::State_NoMedia); 605 return -1; 606} 607int Volume::initializeMbr(const char *deviceNode) { 608 struct disk_info dinfo; 609 610 memset(&dinfo, 0, sizeof(dinfo)); 611 612 if (!(dinfo.part_lst = (struct part_info *) malloc(MAX_NUM_PARTS * sizeof(struct part_info)))) { 613 SLOGE("Failed to malloc prt_lst"); 614 return -1; 615 } 616 617 memset(dinfo.part_lst, 0, MAX_NUM_PARTS * sizeof(struct part_info)); 618 dinfo.device = strdup(deviceNode); 619 dinfo.scheme = PART_SCHEME_MBR; 620 dinfo.sect_size = 512; 621 dinfo.skip_lba = 2048; 622 dinfo.num_lba = 0; 623 dinfo.num_parts = 1; 624 625 struct part_info *pinfo = &dinfo.part_lst[0]; 626 627 pinfo->name = strdup("android_sdcard"); 628 pinfo->flags |= PART_ACTIVE_FLAG; 629 pinfo->type = PC_PART_TYPE_FAT32; 630 pinfo->len_kb = -1; 631 632 int rc = apply_disk_config(&dinfo, 0); 633 634 if (rc) { 635 SLOGE("Failed to apply disk configuration (%d)", rc); 636 goto out; 637 } 638 639 out: 640 free(pinfo->name); 641 free(dinfo.device); 642 free(dinfo.part_lst); 643 644 return rc; 645} 646