1/* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#ifndef FUSE_H_ 18#define FUSE_H_ 19 20#include <dirent.h> 21#include <fcntl.h> 22#include <linux/fuse.h> 23#include <pthread.h> 24#include <stdbool.h> 25#include <stdlib.h> 26#include <sys/param.h> 27#include <sys/stat.h> 28#include <sys/statfs.h> 29#include <sys/types.h> 30#include <sys/uio.h> 31#include <unistd.h> 32 33#include <map> 34#include <string> 35 36#include <android-base/logging.h> 37#include <cutils/fs.h> 38#include <cutils/multiuser.h> 39#include <packagelistparser/packagelistparser.h> 40 41#include <private/android_filesystem_config.h> 42 43#define FUSE_TRACE 0 44 45#if FUSE_TRACE 46static constexpr bool kEnableDLog = true; 47#else // FUSE_TRACE == 0 48static constexpr bool kEnableDLog = false; 49#endif 50 51// Use same strategy as DCHECK(). 52#define DLOG(x) \ 53 if (kEnableDLog) LOG(x) 54 55/* Maximum number of bytes to write in one request. */ 56#define MAX_WRITE (256 * 1024) 57 58/* Maximum number of bytes to read in one request. */ 59#define MAX_READ (128 * 1024) 60 61/* Largest possible request. 62 * The request size is bounded by the maximum size of a FUSE_WRITE request because it has 63 * the largest possible data payload. */ 64#define MAX_REQUEST_SIZE (sizeof(struct fuse_in_header) + sizeof(struct fuse_write_in) + MAX_WRITE) 65 66namespace { 67struct CaseInsensitiveCompare { 68 bool operator()(const std::string& lhs, const std::string& rhs) const { 69 return strcasecmp(lhs.c_str(), rhs.c_str()) < 0; 70 } 71}; 72} 73 74using AppIdMap = std::map<std::string, appid_t, CaseInsensitiveCompare>; 75 76/* Permission mode for a specific node. Controls how file permissions 77 * are derived for children nodes. */ 78typedef enum { 79 /* Nothing special; this node should just inherit from its parent. */ 80 PERM_INHERIT, 81 /* This node is one level above a normal root; used for legacy layouts 82 * which use the first level to represent user_id. */ 83 PERM_PRE_ROOT, 84 /* This node is "/" */ 85 PERM_ROOT, 86 /* This node is "/Android" */ 87 PERM_ANDROID, 88 /* This node is "/Android/data" */ 89 PERM_ANDROID_DATA, 90 /* This node is "/Android/obb" */ 91 PERM_ANDROID_OBB, 92 /* This node is "/Android/media" */ 93 PERM_ANDROID_MEDIA, 94} perm_t; 95 96struct handle { 97 int fd; 98}; 99 100struct dirhandle { 101 DIR *d; 102}; 103 104struct node { 105 __u32 refcount; 106 __u64 nid; 107 __u64 gen; 108 /* 109 * The inode number for this FUSE node. Note that this isn't stable across 110 * multiple invocations of the FUSE daemon. 111 */ 112 __u32 ino; 113 114 /* State derived based on current position in hierarchy. */ 115 perm_t perm; 116 userid_t userid; 117 uid_t uid; 118 bool under_android; 119 120 struct node *next; /* per-dir sibling list */ 121 struct node *child; /* first contained file by this dir */ 122 struct node *parent; /* containing directory */ 123 124 size_t namelen; 125 char *name; 126 /* If non-null, this is the real name of the file in the underlying storage. 127 * This may differ from the field "name" only by case. 128 * strlen(actual_name) will always equal strlen(name), so it is safe to use 129 * namelen for both fields. 130 */ 131 char *actual_name; 132 133 /* If non-null, an exact underlying path that should be grafted into this 134 * position. Used to support things like OBB. */ 135 char* graft_path; 136 size_t graft_pathlen; 137 138 bool deleted; 139}; 140 141/* Global data for all FUSE mounts */ 142struct fuse_global { 143 pthread_mutex_t lock; 144 145 uid_t uid; 146 gid_t gid; 147 bool multi_user; 148 149 char source_path[PATH_MAX]; 150 char obb_path[PATH_MAX]; 151 152 AppIdMap* package_to_appid; 153 154 __u64 next_generation; 155 struct node root; 156 157 /* Used to allocate unique inode numbers for fuse nodes. We use 158 * a simple counter based scheme where inode numbers from deleted 159 * nodes aren't reused. Note that inode allocations are not stable 160 * across multiple invocation of the sdcard daemon, but that shouldn't 161 * be a huge problem in practice. 162 * 163 * Note that we restrict inodes to 32 bit unsigned integers to prevent 164 * truncation on 32 bit processes when unsigned long long stat.st_ino is 165 * assigned to an unsigned long ino_t type in an LP32 process. 166 * 167 * Also note that fuse_attr and fuse_dirent inode values are 64 bits wide 168 * on both LP32 and LP64, but the fuse kernel code doesn't squash 64 bit 169 * inode numbers into 32 bit values on 64 bit kernels (see fuse_squash_ino 170 * in fs/fuse/inode.c). 171 * 172 * Accesses must be guarded by |lock|. 173 */ 174 __u32 inode_ctr; 175 176 struct fuse* fuse_default; 177 struct fuse* fuse_read; 178 struct fuse* fuse_write; 179}; 180 181/* Single FUSE mount */ 182struct fuse { 183 struct fuse_global* global; 184 185 char dest_path[PATH_MAX]; 186 187 int fd; 188 189 gid_t gid; 190 mode_t mask; 191}; 192 193/* Private data used by a single FUSE handler */ 194struct fuse_handler { 195 struct fuse* fuse; 196 int token; 197 198 /* To save memory, we never use the contents of the request buffer and the read 199 * buffer at the same time. This allows us to share the underlying storage. */ 200 union { 201 __u8 request_buffer[MAX_REQUEST_SIZE]; 202 __u8 read_buffer[MAX_READ + PAGE_SIZE]; 203 }; 204}; 205 206void handle_fuse_requests(struct fuse_handler* handler); 207void derive_permissions_recursive_locked(struct fuse* fuse, struct node *parent); 208 209#endif /* FUSE_H_ */ 210