1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <stdlib.h> 18 #include <string.h> 19 #include <dirent.h> 20 #include <errno.h> 21 #include <fcntl.h> 22 23 #include <sys/types.h> 24 #include <sys/stat.h> 25 #include <sys/types.h> 26 #include <sys/mman.h> 27 #include <sys/mount.h> 28 29 #include <linux/kdev_t.h> 30 31 #include <cutils/properties.h> 32 33 #include <diskconfig/diskconfig.h> 34 35 #define LOG_TAG "Vold" 36 37 #include <cutils/log.h> 38 39 #include "Volume.h" 40 #include "VolumeManager.h" 41 #include "ResponseCode.h" 42 #include "Fat.h" 43 #include "Process.h" 44 45 extern "C" void dos_partition_dec(void const *pp, struct dos_partition *d); 46 extern "C" void dos_partition_enc(void *pp, struct dos_partition *d); 47 48 49 /* 50 * Secure directory - stuff that only root can see 51 */ 52 const char *Volume::SECDIR = "/mnt/secure"; 53 54 /* 55 * Secure staging directory - where media is mounted for preparation 56 */ 57 const char *Volume::SEC_STGDIR = "/mnt/secure/staging"; 58 59 /* 60 * Path to the directory on the media which contains publicly accessable 61 * asec imagefiles. This path will be obscured before the mount is 62 * exposed to non priviledged users. 63 */ 64 const char *Volume::SEC_STG_SECIMGDIR = "/mnt/secure/staging/.android_secure"; 65 66 /* 67 * Path to where *only* root can access asec imagefiles 68 */ 69 const char *Volume::SEC_ASECDIR = "/mnt/secure/asec"; 70 71 /* 72 * Path to where secure containers are mounted 73 */ 74 const char *Volume::ASECDIR = "/mnt/asec"; 75 76 /* 77 * Path to where OBBs are mounted 78 */ 79 const char *Volume::LOOPDIR = "/mnt/obb"; 80 81 static const char *stateToStr(int state) { 82 if (state == Volume::State_Init) 83 return "Initializing"; 84 else if (state == Volume::State_NoMedia) 85 return "No-Media"; 86 else if (state == Volume::State_Idle) 87 return "Idle-Unmounted"; 88 else if (state == Volume::State_Pending) 89 return "Pending"; 90 else if (state == Volume::State_Mounted) 91 return "Mounted"; 92 else if (state == Volume::State_Unmounting) 93 return "Unmounting"; 94 else if (state == Volume::State_Checking) 95 return "Checking"; 96 else if (state == Volume::State_Formatting) 97 return "Formatting"; 98 else if (state == Volume::State_Shared) 99 return "Shared-Unmounted"; 100 else if (state == Volume::State_SharedMnt) 101 return "Shared-Mounted"; 102 else 103 return "Unknown-Error"; 104 } 105 106 Volume::Volume(VolumeManager *vm, const char *label, const char *mount_point) { 107 mVm = vm; 108 mDebug = false; 109 mLabel = strdup(label); 110 mMountpoint = strdup(mount_point); 111 mState = Volume::State_Init; 112 mCurrentlyMountedKdev = -1; 113 mPartIdx = -1; 114 } 115 116 Volume::~Volume() { 117 free(mLabel); 118 free(mMountpoint); 119 } 120 121 void Volume::protectFromAutorunStupidity() { 122 char filename[255]; 123 124 snprintf(filename, sizeof(filename), "%s/autorun.inf", SEC_STGDIR); 125 if (!access(filename, F_OK)) { 126 SLOGW("Volume contains an autorun.inf! - removing"); 127 /* 128 * Ensure the filename is all lower-case so 129 * the process killer can find the inode. 130 * Probably being paranoid here but meh. 131 */ 132 rename(filename, filename); 133 Process::killProcessesWithOpenFiles(filename, 2); 134 if (unlink(filename)) { 135 SLOGE("Failed to remove %s (%s)", filename, strerror(errno)); 136 } 137 } 138 } 139 140 void Volume::setDebug(bool enable) { 141 mDebug = enable; 142 } 143 144 dev_t Volume::getDiskDevice() { 145 return MKDEV(0, 0); 146 }; 147 148 dev_t Volume::getShareDevice() { 149 return getDiskDevice(); 150 } 151 152 void Volume::handleVolumeShared() { 153 } 154 155 void Volume::handleVolumeUnshared() { 156 } 157 158 int Volume::handleBlockEvent(NetlinkEvent *evt) { 159 errno = ENOSYS; 160 return -1; 161 } 162 163 void Volume::setState(int state) { 164 char msg[255]; 165 int oldState = mState; 166 167 if (oldState == state) { 168 SLOGW("Duplicate state (%d)\n", state); 169 return; 170 } 171 172 mState = state; 173 174 SLOGD("Volume %s state changing %d (%s) -> %d (%s)", mLabel, 175 oldState, stateToStr(oldState), mState, stateToStr(mState)); 176 snprintf(msg, sizeof(msg), 177 "Volume %s %s state changed from %d (%s) to %d (%s)", getLabel(), 178 getMountpoint(), oldState, stateToStr(oldState), mState, 179 stateToStr(mState)); 180 181 mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeStateChange, 182 msg, false); 183 } 184 185 int Volume::createDeviceNode(const char *path, int major, int minor) { 186 mode_t mode = 0660 | S_IFBLK; 187 dev_t dev = (major << 8) | minor; 188 if (mknod(path, mode, dev) < 0) { 189 if (errno != EEXIST) { 190 return -1; 191 } 192 } 193 return 0; 194 } 195 196 int Volume::formatVol() { 197 198 if (getState() == Volume::State_NoMedia) { 199 errno = ENODEV; 200 return -1; 201 } else if (getState() != Volume::State_Idle) { 202 errno = EBUSY; 203 return -1; 204 } 205 206 if (isMountpointMounted(getMountpoint())) { 207 SLOGW("Volume is idle but appears to be mounted - fixing"); 208 setState(Volume::State_Mounted); 209 // mCurrentlyMountedKdev = XXX 210 errno = EBUSY; 211 return -1; 212 } 213 214 bool formatEntireDevice = (mPartIdx == -1); 215 char devicePath[255]; 216 dev_t diskNode = getDiskDevice(); 217 dev_t partNode = MKDEV(MAJOR(diskNode), (formatEntireDevice ? 1 : mPartIdx)); 218 219 setState(Volume::State_Formatting); 220 221 // Only initialize the MBR if we are formatting the entire device 222 if (formatEntireDevice) { 223 sprintf(devicePath, "/dev/block/vold/%d:%d", 224 MAJOR(diskNode), MINOR(diskNode)); 225 226 if (initializeMbr(devicePath)) { 227 SLOGE("Failed to initialize MBR (%s)", strerror(errno)); 228 goto err; 229 } 230 } 231 232 sprintf(devicePath, "/dev/block/vold/%d:%d", 233 MAJOR(partNode), MINOR(partNode)); 234 235 if (mDebug) { 236 SLOGI("Formatting volume %s (%s)", getLabel(), devicePath); 237 } 238 239 if (Fat::format(devicePath, 0)) { 240 SLOGE("Failed to format (%s)", strerror(errno)); 241 goto err; 242 } 243 244 setState(Volume::State_Idle); 245 return 0; 246 err: 247 return -1; 248 } 249 250 bool Volume::isMountpointMounted(const char *path) { 251 char device[256]; 252 char mount_path[256]; 253 char rest[256]; 254 FILE *fp; 255 char line[1024]; 256 257 if (!(fp = fopen("/proc/mounts", "r"))) { 258 SLOGE("Error opening /proc/mounts (%s)", strerror(errno)); 259 return false; 260 } 261 262 while(fgets(line, sizeof(line), fp)) { 263 line[strlen(line)-1] = '\0'; 264 sscanf(line, "%255s %255s %255s\n", device, mount_path, rest); 265 if (!strcmp(mount_path, path)) { 266 fclose(fp); 267 return true; 268 } 269 270 } 271 272 fclose(fp); 273 return false; 274 } 275 276 int Volume::mountVol() { 277 dev_t deviceNodes[4]; 278 int n, i, rc = 0; 279 char errmsg[255]; 280 281 if (getState() == Volume::State_NoMedia) { 282 snprintf(errmsg, sizeof(errmsg), 283 "Volume %s %s mount failed - no media", 284 getLabel(), getMountpoint()); 285 mVm->getBroadcaster()->sendBroadcast( 286 ResponseCode::VolumeMountFailedNoMedia, 287 errmsg, false); 288 errno = ENODEV; 289 return -1; 290 } else if (getState() != Volume::State_Idle) { 291 errno = EBUSY; 292 return -1; 293 } 294 295 if (isMountpointMounted(getMountpoint())) { 296 SLOGW("Volume is idle but appears to be mounted - fixing"); 297 setState(Volume::State_Mounted); 298 // mCurrentlyMountedKdev = XXX 299 return 0; 300 } 301 302 n = getDeviceNodes((dev_t *) &deviceNodes, 4); 303 if (!n) { 304 SLOGE("Failed to get device nodes (%s)\n", strerror(errno)); 305 return -1; 306 } 307 308 for (i = 0; i < n; i++) { 309 char devicePath[255]; 310 311 sprintf(devicePath, "/dev/block/vold/%d:%d", MAJOR(deviceNodes[i]), 312 MINOR(deviceNodes[i])); 313 314 SLOGI("%s being considered for volume %s\n", devicePath, getLabel()); 315 316 errno = 0; 317 setState(Volume::State_Checking); 318 319 if (Fat::check(devicePath)) { 320 if (errno == ENODATA) { 321 SLOGW("%s does not contain a FAT filesystem\n", devicePath); 322 continue; 323 } 324 errno = EIO; 325 /* Badness - abort the mount */ 326 SLOGE("%s failed FS checks (%s)", devicePath, strerror(errno)); 327 setState(Volume::State_Idle); 328 return -1; 329 } 330 331 /* 332 * Mount the device on our internal staging mountpoint so we can 333 * muck with it before exposing it to non priviledged users. 334 */ 335 errno = 0; 336 if (Fat::doMount(devicePath, "/mnt/secure/staging", false, false, false, 337 1000, 1015, 0702, true)) { 338 SLOGE("%s failed to mount via VFAT (%s)\n", devicePath, strerror(errno)); 339 continue; 340 } 341 342 SLOGI("Device %s, target %s mounted @ /mnt/secure/staging", devicePath, getMountpoint()); 343 344 protectFromAutorunStupidity(); 345 346 if (createBindMounts()) { 347 SLOGE("Failed to create bindmounts (%s)", strerror(errno)); 348 umount("/mnt/secure/staging"); 349 setState(Volume::State_Idle); 350 return -1; 351 } 352 353 /* 354 * Now that the bindmount trickery is done, atomically move the 355 * whole subtree to expose it to non priviledged users. 356 */ 357 if (doMoveMount("/mnt/secure/staging", getMountpoint(), false)) { 358 SLOGE("Failed to move mount (%s)", strerror(errno)); 359 umount("/mnt/secure/staging"); 360 setState(Volume::State_Idle); 361 return -1; 362 } 363 setState(Volume::State_Mounted); 364 mCurrentlyMountedKdev = deviceNodes[i]; 365 return 0; 366 } 367 368 SLOGE("Volume %s found no suitable devices for mounting :(\n", getLabel()); 369 setState(Volume::State_Idle); 370 371 return -1; 372 } 373 374 int Volume::createBindMounts() { 375 unsigned long flags; 376 377 /* 378 * Rename old /android_secure -> /.android_secure 379 */ 380 if (!access("/mnt/secure/staging/android_secure", R_OK | X_OK) && 381 access(SEC_STG_SECIMGDIR, R_OK | X_OK)) { 382 if (rename("/mnt/secure/staging/android_secure", SEC_STG_SECIMGDIR)) { 383 SLOGE("Failed to rename legacy asec dir (%s)", strerror(errno)); 384 } 385 } 386 387 /* 388 * Ensure that /android_secure exists and is a directory 389 */ 390 if (access(SEC_STG_SECIMGDIR, R_OK | X_OK)) { 391 if (errno == ENOENT) { 392 if (mkdir(SEC_STG_SECIMGDIR, 0777)) { 393 SLOGE("Failed to create %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 394 return -1; 395 } 396 } else { 397 SLOGE("Failed to access %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 398 return -1; 399 } 400 } else { 401 struct stat sbuf; 402 403 if (stat(SEC_STG_SECIMGDIR, &sbuf)) { 404 SLOGE("Failed to stat %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 405 return -1; 406 } 407 if (!S_ISDIR(sbuf.st_mode)) { 408 SLOGE("%s is not a directory", SEC_STG_SECIMGDIR); 409 errno = ENOTDIR; 410 return -1; 411 } 412 } 413 414 /* 415 * Bind mount /mnt/secure/staging/android_secure -> /mnt/secure/asec so we'll 416 * have a root only accessable mountpoint for it. 417 */ 418 if (mount(SEC_STG_SECIMGDIR, SEC_ASECDIR, "", MS_BIND, NULL)) { 419 SLOGE("Failed to bind mount points %s -> %s (%s)", 420 SEC_STG_SECIMGDIR, SEC_ASECDIR, strerror(errno)); 421 return -1; 422 } 423 424 /* 425 * Mount a read-only, zero-sized tmpfs on <mountpoint>/android_secure to 426 * obscure the underlying directory from everybody - sneaky eh? ;) 427 */ 428 if (mount("tmpfs", SEC_STG_SECIMGDIR, "tmpfs", MS_RDONLY, "size=0,mode=000,uid=0,gid=0")) { 429 SLOGE("Failed to obscure %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 430 umount("/mnt/asec_secure"); 431 return -1; 432 } 433 434 return 0; 435 } 436 437 int Volume::doMoveMount(const char *src, const char *dst, bool force) { 438 unsigned int flags = MS_MOVE; 439 int retries = 5; 440 441 while(retries--) { 442 if (!mount(src, dst, "", flags, NULL)) { 443 if (mDebug) { 444 SLOGD("Moved mount %s -> %s sucessfully", src, dst); 445 } 446 return 0; 447 } else if (errno != EBUSY) { 448 SLOGE("Failed to move mount %s -> %s (%s)", src, dst, strerror(errno)); 449 return -1; 450 } 451 int action = 0; 452 453 if (force) { 454 if (retries == 1) { 455 action = 2; // SIGKILL 456 } else if (retries == 2) { 457 action = 1; // SIGHUP 458 } 459 } 460 SLOGW("Failed to move %s -> %s (%s, retries %d, action %d)", 461 src, dst, strerror(errno), retries, action); 462 Process::killProcessesWithOpenFiles(src, action); 463 usleep(1000*250); 464 } 465 466 errno = EBUSY; 467 SLOGE("Giving up on move %s -> %s (%s)", src, dst, strerror(errno)); 468 return -1; 469 } 470 471 int Volume::doUnmount(const char *path, bool force) { 472 int retries = 10; 473 474 if (mDebug) { 475 SLOGD("Unmounting {%s}, force = %d", path, force); 476 } 477 478 while (retries--) { 479 if (!umount(path) || errno == EINVAL || errno == ENOENT) { 480 SLOGI("%s sucessfully unmounted", path); 481 return 0; 482 } 483 484 int action = 0; 485 486 if (force) { 487 if (retries == 1) { 488 action = 2; // SIGKILL 489 } else if (retries == 2) { 490 action = 1; // SIGHUP 491 } 492 } 493 494 SLOGW("Failed to unmount %s (%s, retries %d, action %d)", 495 path, strerror(errno), retries, action); 496 497 Process::killProcessesWithOpenFiles(path, action); 498 usleep(1000*1000); 499 } 500 errno = EBUSY; 501 SLOGE("Giving up on unmount %s (%s)", path, strerror(errno)); 502 return -1; 503 } 504 505 int Volume::unmountVol(bool force) { 506 int i, rc; 507 508 if (getState() != Volume::State_Mounted) { 509 SLOGE("Volume %s unmount request when not mounted", getLabel()); 510 errno = EINVAL; 511 return -1; 512 } 513 514 setState(Volume::State_Unmounting); 515 usleep(1000 * 1000); // Give the framework some time to react 516 517 /* 518 * First move the mountpoint back to our internal staging point 519 * so nobody else can muck with it while we work. 520 */ 521 if (doMoveMount(getMountpoint(), SEC_STGDIR, force)) { 522 SLOGE("Failed to move mount %s => %s (%s)", getMountpoint(), SEC_STGDIR, strerror(errno)); 523 setState(Volume::State_Mounted); 524 return -1; 525 } 526 527 protectFromAutorunStupidity(); 528 529 /* 530 * Unmount the tmpfs which was obscuring the asec image directory 531 * from non root users 532 */ 533 534 if (doUnmount(Volume::SEC_STG_SECIMGDIR, force)) { 535 SLOGE("Failed to unmount tmpfs on %s (%s)", SEC_STG_SECIMGDIR, strerror(errno)); 536 goto fail_republish; 537 } 538 539 /* 540 * Remove the bindmount we were using to keep a reference to 541 * the previously obscured directory. 542 */ 543 544 if (doUnmount(Volume::SEC_ASECDIR, force)) { 545 SLOGE("Failed to remove bindmount on %s (%s)", SEC_ASECDIR, strerror(errno)); 546 goto fail_remount_tmpfs; 547 } 548 549 /* 550 * Finally, unmount the actual block device from the staging dir 551 */ 552 if (doUnmount(Volume::SEC_STGDIR, force)) { 553 SLOGE("Failed to unmount %s (%s)", SEC_STGDIR, strerror(errno)); 554 goto fail_recreate_bindmount; 555 } 556 557 SLOGI("%s unmounted sucessfully", getMountpoint()); 558 559 setState(Volume::State_Idle); 560 mCurrentlyMountedKdev = -1; 561 return 0; 562 563 /* 564 * Failure handling - try to restore everything back the way it was 565 */ 566 fail_recreate_bindmount: 567 if (mount(SEC_STG_SECIMGDIR, SEC_ASECDIR, "", MS_BIND, NULL)) { 568 SLOGE("Failed to restore bindmount after failure! - Storage will appear offline!"); 569 goto out_nomedia; 570 } 571 fail_remount_tmpfs: 572 if (mount("tmpfs", SEC_STG_SECIMGDIR, "tmpfs", MS_RDONLY, "size=0,mode=0,uid=0,gid=0")) { 573 SLOGE("Failed to restore tmpfs after failure! - Storage will appear offline!"); 574 goto out_nomedia; 575 } 576 fail_republish: 577 if (doMoveMount(SEC_STGDIR, getMountpoint(), force)) { 578 SLOGE("Failed to republish mount after failure! - Storage will appear offline!"); 579 goto out_nomedia; 580 } 581 582 setState(Volume::State_Mounted); 583 return -1; 584 585 out_nomedia: 586 setState(Volume::State_NoMedia); 587 return -1; 588 } 589 int Volume::initializeMbr(const char *deviceNode) { 590 struct disk_info dinfo; 591 592 memset(&dinfo, 0, sizeof(dinfo)); 593 594 if (!(dinfo.part_lst = (struct part_info *) malloc(MAX_NUM_PARTS * sizeof(struct part_info)))) { 595 SLOGE("Failed to malloc prt_lst"); 596 return -1; 597 } 598 599 memset(dinfo.part_lst, 0, MAX_NUM_PARTS * sizeof(struct part_info)); 600 dinfo.device = strdup(deviceNode); 601 dinfo.scheme = PART_SCHEME_MBR; 602 dinfo.sect_size = 512; 603 dinfo.skip_lba = 2048; 604 dinfo.num_lba = 0; 605 dinfo.num_parts = 1; 606 607 struct part_info *pinfo = &dinfo.part_lst[0]; 608 609 pinfo->name = strdup("android_sdcard"); 610 pinfo->flags |= PART_ACTIVE_FLAG; 611 pinfo->type = PC_PART_TYPE_FAT32; 612 pinfo->len_kb = -1; 613 614 int rc = apply_disk_config(&dinfo, 0); 615 616 if (rc) { 617 SLOGE("Failed to apply disk configuration (%d)", rc); 618 goto out; 619 } 620 621 out: 622 free(pinfo->name); 623 free(dinfo.device); 624 free(dinfo.part_lst); 625 626 return rc; 627 } 628
