Volume.cpp revision 1206e872ce74aab253c39c3547bfaadc5e1f6011
1/* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <stdlib.h> 18#include <string.h> 19#include <dirent.h> 20#include <errno.h> 21#include <fcntl.h> 22 23#include <sys/types.h> 24#include <sys/stat.h> 25#include <sys/types.h> 26#include <sys/mman.h> 27#include <sys/mount.h> 28 29#include <linux/kdev_t.h> 30 31#include <cutils/properties.h> 32 33#include <diskconfig/diskconfig.h> 34 35#define LOG_TAG "Vold" 36 37#include <cutils/log.h> 38 39#include "Volume.h" 40#include "VolumeManager.h" 41#include "ResponseCode.h" 42#include "Fat.h" 43#include "Process.h" 44 45extern "C" void dos_partition_dec(void const *pp, struct dos_partition *d); 46extern "C" void dos_partition_enc(void *pp, struct dos_partition *d); 47 48 49/* 50 * Secure directory - stuff that only root can see 51 */ 52const char *Volume::SECDIR = "/mnt/secure"; 53 54/* 55 * Secure staging directory - where media is mounted for preparation 56 */ 57const char *Volume::SEC_STGDIR = "/mnt/secure/staging"; 58 59/* 60 * Path to the directory on the media which contains publicly accessable 61 * asec imagefiles. This path will be obscured before the mount is 62 * exposed to non priviledged users. 63 */ 64const char *Volume::SEC_STG_SECIMGDIR = "/mnt/secure/staging/.android_secure"; 65 66/* 67 * Path to where *only* root can access asec imagefiles 68 */ 69const char *Volume::SEC_ASECDIR = "/mnt/secure/asec"; 70 71/* 72 * Path to where secure containers are mounted 73 */ 74const char *Volume::ASECDIR = "/mnt/asec"; 75 76/* 77 * Path to where OBBs are mounted 78 */ 79const char *Volume::LOOPDIR = "/mnt/obb"; 80 81static const char *stateToStr(int state) { 82 if (state == Volume::State_Init) 83 return "Initializing"; 84 else if (state == Volume::State_NoMedia) 85 return "No-Media"; 86 else if (state == Volume::State_Idle) 87 return "Idle-Unmounted"; 88 else if (state == Volume::State_Pending) 89 return "Pending"; 90 else if (state == Volume::State_Mounted) 91 return "Mounted"; 92 else if (state == Volume::State_Unmounting) 93 return "Unmounting"; 94 else if (state == Volume::State_Checking) 95 return "Checking"; 96 else if (state == Volume::State_Formatting) 97 return "Formatting"; 98 else if (state == Volume::State_Shared) 99 return "Shared-Unmounted"; 100 else if (state == Volume::State_SharedMnt) 101 return "Shared-Mounted"; 102 else 103 return "Unknown-Error"; 104} 105 106Volume::Volume(VolumeManager *vm, const char *label, const char *mount_point) { 107 mVm = vm; 108 mDebug = false; 109 mLabel = strdup(label); 110 mMountpoint = strdup(mount_point); 111 mState = Volume::State_Init; 112 mCurrentlyMountedKdev = -1; 113 mPartIdx = -1; 114} 115 116Volume::~Volume() { 117 free(mLabel); 118 free(mMountpoint); 119} 120 121void Volume::protectFromAutorunStupidity() { 122 char filename[255]; 123 124 snprintf(filename, sizeof(filename), "%s/autorun.inf", SEC_STGDIR); 125 if (!access(filename, F_OK)) { 126 SLOGW("Volume contains an autorun.inf! - removing"); 127 /* 128 * Ensure the filename is all lower-case so 129 * the process killer can find the inode. 130 * Probably being paranoid here but meh. 131 */ 132 rename(filename, filename); 133 Process::killProcessesWithOpenFiles(filename, 2); 134 if (unlink(filename)) { 135 SLOGE("Failed to remove %s (%s)", filename, strerror(errno)); 136 } 137 } 138} 139 140void Volume::setDebug(bool enable) { 141 mDebug = enable; 142} 143 144dev_t Volume::getDiskDevice() { 145 return MKDEV(0, 0); 146}; 147 148dev_t Volume::getShareDevice() { 149 return getDiskDevice(); 150} 151 152void Volume::handleVolumeShared() { 153} 154 155void Volume::handleVolumeUnshared() { 156} 157 158int Volume::handleBlockEvent(NetlinkEvent *evt) { 159 errno = ENOSYS; 160 return -1; 161} 162 163void Volume::setState(int state) { 164 char msg[255]; 165 int oldState = mState; 166 167 if (oldState == state) { 168 SLOGW("Duplicate state (%d)\n", state); 169 return; 170 } 171 172 mState = state; 173 174 SLOGD("Volume %s state changing %d (%s) -> %d (%s)", mLabel, 175 oldState, stateToStr(oldState), mState, stateToStr(mState)); 176 snprintf(msg, sizeof(msg), 177 "Volume %s %s state changed from %d (%s) to %d (%s)", getLabel(), 178 getMountpoint(), oldState, stateToStr(oldState), mState, 179 stateToStr(mState)); 180 181 mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeStateChange, 182 msg, false); 183} 184 185int Volume::createDeviceNode(const char *path, int major, int minor) { 186 mode_t mode = 0660 | S_IFBLK; 187 dev_t dev = (major << 8) | minor; 188 if (mknod(path, mode, dev) < 0) { 189 if (errno != EEXIST) { 190 return -1; 191 } 192 } 193 return 0; 194} 195 196int Volume::formatVol() { 197 198 if (getState() == Volume::State_NoMedia) { 199 errno = ENODEV; 200 return -1; 201 } else if (getState() != Volume::State_Idle) { 202 errno = EBUSY; 203 return -1; 204 } 205 206 if (isMountpointMounted(getMountpoint())) { 207 SLOGW("Volume is idle but appears to be mounted - fixing"); 208 setState(Volume::State_Mounted); 209 // mCurrentlyMountedKdev = XXX 210 errno = EBUSY; 211 return -1; 212 } 213 214 bool formatEntireDevice = (mPartIdx == -1); 215 char devicePath[255]; 216 dev_t diskNode = getDiskDevice(); 217 dev_t partNode = MKDEV(MAJOR(diskNode), (formatEntireDevice ? 1 : mPartIdx)); 218 219 setState(Volume::State_Formatting); 220 221 int ret = -1; 222 // Only initialize the MBR if we are formatting the entire device 223 if (formatEntireDevice) { 224 sprintf(devicePath, "/dev/block/vold/%d:%d", 225 MAJOR(diskNode), MINOR(diskNode)); 226 227 if (initializeMbr(devicePath)) { 228 SLOGE("Failed to initialize MBR (%s)", strerror(errno)); 229 goto err; 230 } 231 } 232 233 sprintf(devicePath, "/dev/block/vold/%d:%d", 234 MAJOR(partNode), MINOR(partNode)); 235 236 if (mDebug) { 237 SLOGI("Formatting volume %s (%s)", getLabel(), devicePath); 238 } 239 240 if (Fat::format(devicePath, 0)) { 241 SLOGE("Failed to format (%s)", strerror(errno)); 242 goto err; 243 } 244 245 ret = 0; 246 247err: 248 setState(Volume::State_Idle); 249 return ret; 250} 251 252bool Volume::isMountpointMounted(const char *path) { 253 char device[256]; 254 char mount_path[256]; 255 char rest[256]; 256 FILE *fp; 257 char line[1024]; 258 259 if (!(fp = fopen("/proc/mounts", "r"))) { 260 SLOGE("Error opening /proc/mounts (%s)", strerror(errno)); 261 return false; 262 } 263 264 while(fgets(line, sizeof(line), fp)) { 265 line[strlen(line)-1] = '\0'; 266 sscanf(line, "%255s %255s %255s\n", device, mount_path, rest); 267 if (!strcmp(mount_path, path)) { 268 fclose(fp); 269 return true; 270 } 271 272 } 273 274 fclose(fp); 275 return false; 276} 277 278int Volume::mountVol() { 279 dev_t deviceNodes[4]; 280 int n, i, rc = 0; 281 char errmsg[255]; 282 283 if (getState() == Volume::State_NoMedia) { 284 snprintf(errmsg, sizeof(errmsg), 285 "Volume %s %s mount failed - no media", 286 getLabel(), getMountpoint()); 287 mVm->getBroadcaster()->sendBroadcast( 288 ResponseCode::VolumeMountFailedNoMedia, 289 errmsg, false); 290 errno = ENODEV; 291 return -1; 292 } else if (getState() != Volume::State_Idle) { 293 errno = EBUSY; 294 return -1; 295 } 296 297 if (isMountpointMounted(getMountpoint())) { 298 SLOGW("Volume is idle but appears to be mounted - fixing"); 299 setState(Volume::State_Mounted); 300 // mCurrentlyMountedKdev = XXX 301 return 0; 302 } 303 304 n = getDeviceNodes((dev_t *) &deviceNodes, 4); 305 if (!n) { 306 SLOGE("Failed to get device nodes (%s)\n", strerror(errno)); 307 return -1; 308 } 309 310 for (i = 0; i < n; i++) { 311 char devicePath[255]; 312 313 sprintf(devicePath, "/dev/block/vold/%d:%d", MAJOR(deviceNodes[i]), 314 MINOR(deviceNodes[i])); 315 316 SLOGI("%s being considered for volume %s\n", devicePath, getLabel()); 317 318 errno = 0; 319 setState(Volume::State_Checking); 320 321 if (Fat::check(devicePath)) { 322 if (errno == ENODATA) { 323 SLOGW("%s does not contain a FAT filesystem\n", devicePath); 324 continue; 325 } 326 errno = EIO; 327 /* Badness - abort the mount */ 328 SLOGE("%s failed FS checks (%s)", devicePath, strerror(errno)); 329 setState(Volume::State_Idle); 330 return -1; 331 } 332 333 /* 334 * Mount the device on our internal staging mountpoint so we can 335 * muck with it before exposing it to non priviledged users. 336 */ 337 errno = 0; 338 if (Fat::doMount(devicePath, "/mnt/secure/staging", false, false, false, 339 1000, 1015, 0702, true)) { 340 SLOGE("%s failed to mount via VFAT (%s)\n", devicePath, strerror(errno)); 341 continue; 342 } 343 344 SLOGI("Device %s, target %s mounted @ /mnt/secure/staging", devicePath, getMountpoint()); 345 346 protectFromAutorunStupidity(); 347 348 if (createBindMounts()) { 349 SLOGE("Failed to create bindmounts (%s)", strerror(errno)); 350 umount("/mnt/secure/staging"); 351 setState(Volume::State_Idle); 352 return -1; 353 } 354 355 /* 356 * Now that the bindmount trickery is done, atomically move the 357 * whole subtree to expose it to non priviledged users. 358 */ 359 if (doMoveMount("/mnt/secure/staging", getMountpoint(), false)) { 360 SLOGE("Failed to move mount (%s)", strerror(errno)); 361 umount("/mnt/secure/staging"); 362 setState(Volume::State_Idle); 363 return -1; 364 } 365 setState(Volume::State_Mounted); 366 mCurrentlyMountedKdev = deviceNodes[i]; 367 return 0; 368 } 369 370 SLOGE("Volume %s found no suitable devices for mounting :(\n", getLabel()); 371 setState(Volume::State_Idle); 372 373 return -1; 374} 375 376int Volume::createBindMounts() { 377 unsigned long flags; 378 379 /* 380 * Rename old /android_secure -> /.android_secure 381 */ 382 if (!access("/mnt/secure/staging/android_secure", R_OK | X_OK) && 383 access(SEC_STG_SECIMGDIR, R_OK | X_OK)) { 384 if (rename("/mnt/secure/staging/android_secure", SEC_STG_SECIMGDIR)) { 385 SLOGE("Failed to rename legacy asec dir (%s)", strerror(errno)); 386 } 387 } 388 389 /* 390 * Ensure that /android_secure exists and is a directory 391 */ 392 if (access(SEC_STG_SECIMGDIR, R_OK | X_OK)) { 393 if (errno == ENOENT) { 394 if (mkdir(SEC_STG_SECIMGDIR, 0777)) { 395 SLOGE("Failed to create %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 396 return -1; 397 } 398 } else { 399 SLOGE("Failed to access %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 400 return -1; 401 } 402 } else { 403 struct stat sbuf; 404 405 if (stat(SEC_STG_SECIMGDIR, &sbuf)) { 406 SLOGE("Failed to stat %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 407 return -1; 408 } 409 if (!S_ISDIR(sbuf.st_mode)) { 410 SLOGE("%s is not a directory", SEC_STG_SECIMGDIR); 411 errno = ENOTDIR; 412 return -1; 413 } 414 } 415 416 /* 417 * Bind mount /mnt/secure/staging/android_secure -> /mnt/secure/asec so we'll 418 * have a root only accessable mountpoint for it. 419 */ 420 if (mount(SEC_STG_SECIMGDIR, SEC_ASECDIR, "", MS_BIND, NULL)) { 421 SLOGE("Failed to bind mount points %s -> %s (%s)", 422 SEC_STG_SECIMGDIR, SEC_ASECDIR, strerror(errno)); 423 return -1; 424 } 425 426 /* 427 * Mount a read-only, zero-sized tmpfs on <mountpoint>/android_secure to 428 * obscure the underlying directory from everybody - sneaky eh? ;) 429 */ 430 if (mount("tmpfs", SEC_STG_SECIMGDIR, "tmpfs", MS_RDONLY, "size=0,mode=000,uid=0,gid=0")) { 431 SLOGE("Failed to obscure %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 432 umount("/mnt/asec_secure"); 433 return -1; 434 } 435 436 return 0; 437} 438 439int Volume::doMoveMount(const char *src, const char *dst, bool force) { 440 unsigned int flags = MS_MOVE; 441 int retries = 5; 442 443 while(retries--) { 444 if (!mount(src, dst, "", flags, NULL)) { 445 if (mDebug) { 446 SLOGD("Moved mount %s -> %s sucessfully", src, dst); 447 } 448 return 0; 449 } else if (errno != EBUSY) { 450 SLOGE("Failed to move mount %s -> %s (%s)", src, dst, strerror(errno)); 451 return -1; 452 } 453 int action = 0; 454 455 if (force) { 456 if (retries == 1) { 457 action = 2; // SIGKILL 458 } else if (retries == 2) { 459 action = 1; // SIGHUP 460 } 461 } 462 SLOGW("Failed to move %s -> %s (%s, retries %d, action %d)", 463 src, dst, strerror(errno), retries, action); 464 Process::killProcessesWithOpenFiles(src, action); 465 usleep(1000*250); 466 } 467 468 errno = EBUSY; 469 SLOGE("Giving up on move %s -> %s (%s)", src, dst, strerror(errno)); 470 return -1; 471} 472 473int Volume::doUnmount(const char *path, bool force) { 474 int retries = 10; 475 476 if (mDebug) { 477 SLOGD("Unmounting {%s}, force = %d", path, force); 478 } 479 480 while (retries--) { 481 if (!umount(path) || errno == EINVAL || errno == ENOENT) { 482 SLOGI("%s sucessfully unmounted", path); 483 return 0; 484 } 485 486 int action = 0; 487 488 if (force) { 489 if (retries == 1) { 490 action = 2; // SIGKILL 491 } else if (retries == 2) { 492 action = 1; // SIGHUP 493 } 494 } 495 496 SLOGW("Failed to unmount %s (%s, retries %d, action %d)", 497 path, strerror(errno), retries, action); 498 499 Process::killProcessesWithOpenFiles(path, action); 500 usleep(1000*1000); 501 } 502 errno = EBUSY; 503 SLOGE("Giving up on unmount %s (%s)", path, strerror(errno)); 504 return -1; 505} 506 507int Volume::unmountVol(bool force) { 508 int i, rc; 509 510 if (getState() != Volume::State_Mounted) { 511 SLOGE("Volume %s unmount request when not mounted", getLabel()); 512 errno = EINVAL; 513 return -1; 514 } 515 516 setState(Volume::State_Unmounting); 517 usleep(1000 * 1000); // Give the framework some time to react 518 519 /* 520 * First move the mountpoint back to our internal staging point 521 * so nobody else can muck with it while we work. 522 */ 523 if (doMoveMount(getMountpoint(), SEC_STGDIR, force)) { 524 SLOGE("Failed to move mount %s => %s (%s)", getMountpoint(), SEC_STGDIR, strerror(errno)); 525 setState(Volume::State_Mounted); 526 return -1; 527 } 528 529 protectFromAutorunStupidity(); 530 531 /* 532 * Unmount the tmpfs which was obscuring the asec image directory 533 * from non root users 534 */ 535 536 if (doUnmount(Volume::SEC_STG_SECIMGDIR, force)) { 537 SLOGE("Failed to unmount tmpfs on %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 538 goto fail_republish; 539 } 540 541 /* 542 * Remove the bindmount we were using to keep a reference to 543 * the previously obscured directory. 544 */ 545 546 if (doUnmount(Volume::SEC_ASECDIR, force)) { 547 SLOGE("Failed to remove bindmount on %s (%s)", SEC_ASECDIR, strerror(errno)); 548 goto fail_remount_tmpfs; 549 } 550 551 /* 552 * Finally, unmount the actual block device from the staging dir 553 */ 554 if (doUnmount(Volume::SEC_STGDIR, force)) { 555 SLOGE("Failed to unmount %s (%s)", SEC_STGDIR, strerror(errno)); 556 goto fail_recreate_bindmount; 557 } 558 559 SLOGI("%s unmounted sucessfully", getMountpoint()); 560 561 setState(Volume::State_Idle); 562 mCurrentlyMountedKdev = -1; 563 return 0; 564 565 /* 566 * Failure handling - try to restore everything back the way it was 567 */ 568fail_recreate_bindmount: 569 if (mount(SEC_STG_SECIMGDIR, SEC_ASECDIR, "", MS_BIND, NULL)) { 570 SLOGE("Failed to restore bindmount after failure! - Storage will appear offline!"); 571 goto out_nomedia; 572 } 573fail_remount_tmpfs: 574 if (mount("tmpfs", SEC_STG_SECIMGDIR, "tmpfs", MS_RDONLY, "size=0,mode=0,uid=0,gid=0")) { 575 SLOGE("Failed to restore tmpfs after failure! - Storage will appear offline!"); 576 goto out_nomedia; 577 } 578fail_republish: 579 if (doMoveMount(SEC_STGDIR, getMountpoint(), force)) { 580 SLOGE("Failed to republish mount after failure! - Storage will appear offline!"); 581 goto out_nomedia; 582 } 583 584 setState(Volume::State_Mounted); 585 return -1; 586 587out_nomedia: 588 setState(Volume::State_NoMedia); 589 return -1; 590} 591int Volume::initializeMbr(const char *deviceNode) { 592 struct disk_info dinfo; 593 594 memset(&dinfo, 0, sizeof(dinfo)); 595 596 if (!(dinfo.part_lst = (struct part_info *) malloc(MAX_NUM_PARTS * sizeof(struct part_info)))) { 597 SLOGE("Failed to malloc prt_lst"); 598 return -1; 599 } 600 601 memset(dinfo.part_lst, 0, MAX_NUM_PARTS * sizeof(struct part_info)); 602 dinfo.device = strdup(deviceNode); 603 dinfo.scheme = PART_SCHEME_MBR; 604 dinfo.sect_size = 512; 605 dinfo.skip_lba = 2048; 606 dinfo.num_lba = 0; 607 dinfo.num_parts = 1; 608 609 struct part_info *pinfo = &dinfo.part_lst[0]; 610 611 pinfo->name = strdup("android_sdcard"); 612 pinfo->flags |= PART_ACTIVE_FLAG; 613 pinfo->type = PC_PART_TYPE_FAT32; 614 pinfo->len_kb = -1; 615 616 int rc = apply_disk_config(&dinfo, 0); 617 618 if (rc) { 619 SLOGE("Failed to apply disk configuration (%d)", rc); 620 goto out; 621 } 622 623 out: 624 free(pinfo->name); 625 free(dinfo.device); 626 free(dinfo.part_lst); 627 628 return rc; 629} 630