From 4267318c748bcaa05240db4aa8adf60fbbf7eef7 Mon Sep 17 00:00:00 2001 From: zhangkaixiang Date: Tue, 23 Aug 2022 20:37:05 +0800 Subject: [PATCH] modify the permissions of services dir in hmdfs Signed-off-by: zhangkaixiang --- fs/hmdfs/authority/authentication.c | 45 ++++++++++++++++++++++++++++- fs/hmdfs/authority/authentication.h | 30 ++++++++++++++----- fs/hmdfs/hmdfs_share.c | 2 +- fs/hmdfs/hmdfs_share.h | 3 +- 4 files changed, 70 insertions(+), 10 deletions(-) diff --git a/fs/hmdfs/authority/authentication.c b/fs/hmdfs/authority/authentication.c index 4a18580cb646..3e2de2c5b8da 100644 --- a/fs/hmdfs/authority/authentication.c +++ b/fs/hmdfs/authority/authentication.c @@ -80,8 +80,15 @@ const struct cred *hmdfs_override_dir_fsids(struct inode *dir, /* * data : system : media_rw * system: system : media_rw, need authority + * services: dfs_share : dfs_share * other : media_rw : media_rw **/ + if (!strcmp(dentry->d_name.name, DFS_SHARE_NAME)) { + perm = HMDFS_DIR_SERVICES | level; + cred->fsuid = DFS_SHARE_UID; + cred->fsgid = DFS_SHARE_GID; + break; + } if (!strcmp(dentry->d_name.name, PKG_ROOT_NAME)) { perm = HMDFS_DIR_DATA | level; } else { @@ -91,6 +98,12 @@ const struct cred *hmdfs_override_dir_fsids(struct inode *dir, cred->fsgid = USER_DATA_RW_GID; break; case HMDFS_PERM_PKG: + if (is_service_dir(hii->perm)) { + cred->fsuid = hii->lower_inode->i_uid; + cred->fsgid = hii->lower_inode->i_gid; + perm = AUTH_SERVICES | HMDFS_DIR_PKG | level; + break; + } if (is_data_dir(hii->perm)) { /* * Mkdir for app pkg. @@ -257,9 +270,13 @@ static __u16 __inherit_perm_dir(struct inode *parent, struct inode *inode) /* * data : system : media_rw * system: system : media_rw, need authority + * services: dfs_share : dfs_share * other : media_rw : media_rw **/ - if (!strcmp(dentry->d_name.name, PKG_ROOT_NAME)) { + if (!strcmp(dentry->d_name.name, DFS_SHARE_NAME)) { + // "services" + perm = HMDFS_DIR_SERVICES | level; + } else if (!strcmp(dentry->d_name.name, PKG_ROOT_NAME)) { // "data" perm = HMDFS_DIR_DATA | level; } else if (!strcmp(dentry->d_name.name, SYSTEM_NAME)) { @@ -270,6 +287,10 @@ static __u16 __inherit_perm_dir(struct inode *parent, struct inode *inode) } break; case HMDFS_PERM_PKG: + if (is_service_dir(info->perm)) { + perm = AUTH_SERVICES | HMDFS_DIR_PKG | level; + break; + } if (is_data_dir(info->perm)) { /* * Mkdir for app pkg. @@ -328,9 +349,12 @@ __u16 hmdfs_perm_inherit(struct inode *parent_inode, struct inode *child) void check_and_fixup_ownership(struct inode *parent_inode, struct inode *child) { struct hmdfs_inode_info *info = hmdfs_i(child); + struct hmdfs_inode_info *dir = hmdfs_i(parent_inode); if (info->perm == HMDFS_ALL_MASK) info->perm = hmdfs_perm_inherit(parent_inode, child); + if (is_service_dir(dir->perm)) + child->i_mode = (child->i_mode & S_IFMT) | S_IRWXU; } void check_and_fixup_ownership_remote(struct inode *dir, @@ -356,6 +380,13 @@ void check_and_fixup_ownership_remote(struct inode *dir, * system: system : media_rw, need authority * other : media_rw : media_rw **/ + if (!strcmp(dentry->d_name.name, DFS_SHARE_NAME)) { + perm = HMDFS_DIR_SERVICES | level; + dinode->i_uid = DFS_SHARE_UID; + dinode->i_gid = DFS_SHARE_GID; + dinode->i_mode = (dinode->i_mode & S_IFMT) | S_IRWXU | S_IRGRP | S_IXGRP; + break; + } if (!strcmp(dentry->d_name.name, PKG_ROOT_NAME)) { perm = HMDFS_DIR_DATA | level; } else { @@ -365,6 +396,13 @@ void check_and_fixup_ownership_remote(struct inode *dir, dinode->i_gid = USER_DATA_RW_GID; break; case HMDFS_PERM_PKG: + if (is_service_dir(hii->perm)) { + dinode->i_uid = dinfo->lower_inode->i_uid; + dinode->i_gid = dinfo->lower_inode->i_gid; + dinode->i_mode = (dinfo->lower_inode->i_mode & S_IFMT) | S_IRWXU; + perm = AUTH_SERVICES | HMDFS_DIR_PKG | level; + break; + } if (is_data_dir(hii->perm)) { /* * Mkdir for app pkg. @@ -392,6 +430,11 @@ void check_and_fixup_ownership_remote(struct inode *dir, case HMDFS_PERM_OTHER: dinode->i_uid = dir->i_uid; dinode->i_gid = dir->i_gid; + if (is_service_auth(hii->perm)) { + dinode->i_mode = (dir->i_mode & S_IFMT) | S_IRWXU; + perm = AUTH_PKG | HMDFS_DIR_PKG_SUB | level; + break; + } if (is_pkg_auth(hii->perm)) perm = AUTH_PKG | HMDFS_DIR_PKG_SUB | level; else diff --git a/fs/hmdfs/authority/authentication.h b/fs/hmdfs/authority/authentication.h index 402a063429e5..a36636a78286 100644 --- a/fs/hmdfs/authority/authentication.h +++ b/fs/hmdfs/authority/authentication.h @@ -8,6 +8,7 @@ #ifndef AUTHENTICATION_H #define AUTHENTICATION_H +#include #include #include #include @@ -26,6 +27,7 @@ struct cache_fs_override { #define OID_ROOT 0 #define OID_SYSTEM 1000 #define OID_USER_DATA_RW 1008 +#define OID_DFS_SHARE 3822 /* copied from sdcardfs/multiuser.h */ #define BASE_USER_RANGE 200000 /* offset for uid ranges for each user */ @@ -35,12 +37,15 @@ struct cache_fs_override { #define ROOT_UID KUIDT_INIT(OID_ROOT) #define SYSTEM_UID KUIDT_INIT(OID_SYSTEM) #define USER_DATA_RW_UID KUIDT_INIT(OID_USER_DATA_RW) +#define DFS_SHARE_UID KUIDT_INIT(OID_DFS_SHARE) #define ROOT_GID KGIDT_INIT(OID_ROOT) #define SYSTEM_GID KGIDT_INIT(OID_SYSTEM) #define USER_DATA_RW_GID KGIDT_INIT(OID_USER_DATA_RW) +#define DFS_SHARE_GID KGIDT_INIT(OID_DFS_SHARE) #define PKG_ROOT_NAME "data" +#define DFS_SHARE_NAME "services" #define SYSTEM_NAME "system" /* @@ -107,20 +112,21 @@ static inline void hmdfs_check_cred(const struct cred *cred) #define HMDFS_DIR_PKG 0x0050 /* LEVEL 2~n HMDFS_PERM_OTHER */ -#define PUBLIC_FILE 0x0060 -#define PUBLIC_SUB_DIR 0x0070 -#define SYSTEM_SUB_DIR 0x0080 +#define PUBLIC_FILE 0x0060 +#define PUBLIC_SUB_DIR 0x0070 +#define SYSTEM_SUB_DIR 0x0080 #define SYSTEM_SUB_FILE 0x0090 -#define HMDFS_DIR_PKG_SUB 0x00A0 +#define HMDFS_DIR_PKG_SUB 0x00A0 #define HMDFS_FILE_PKG_SUB 0x00B0 /* access right is derived * PUBLIC_SUB_DIR SYSTEM_SUB_DIR HMDFS_DIR_PKG_SUB * PUBLIC_FILE SYSTEM_SUB_FILE HMDFS_FILE_PKG_SUB */ -#define HMDFS_DIR_DEFAULT 0x00C0 +#define HMDFS_DIR_DEFAULT 0x00C0 #define HMDFS_FILE_DEFAULT 0x00D0 +#define HMDFS_DIR_SERVICES 0x00E0 #define HMDFS_TYPE_DEFAULT 0x0000 static inline bool is_data_dir(__u16 perm) @@ -128,6 +134,11 @@ static inline bool is_data_dir(__u16 perm) return (perm & HMDFS_DIR_TYPE_MASK) == HMDFS_DIR_DATA; } +static inline bool is_service_dir(__u16 perm) +{ + return (perm & HMDFS_DIR_TYPE_MASK) == HMDFS_DIR_SERVICES; +} + static inline bool is_pkg_dir(__u16 perm) { return (perm & HMDFS_DIR_TYPE_MASK) == HMDFS_DIR_PKG; @@ -154,8 +165,9 @@ static inline bool is_default_file(__u16 perm) } #define AUTH_MASK 0x0F00 -#define AUTH_PKG 0x0100 -#define AUTH_SYSTEM 0x0200 +#define AUTH_PKG 0x0100 +#define AUTH_SYSTEM 0x0200 +#define AUTH_SERVICES 0x0400 static inline bool is_pkg_auth(__u16 perm) { @@ -167,6 +179,10 @@ static inline bool is_system_auth(__u16 perm) return (perm & AUTH_MASK) == AUTH_SYSTEM; } +static inline bool is_service_auth(__u16 perm) +{ + return (perm & AUTH_MASK) == AUTH_SERVICES; +} #define HMDFS_MOUNT_POINT_MASK 0xF000 #define HMDFS_MNT_COMMON 0x0000 // sdcard #define HMDFS_MNT_SDCARD 0x1000 // sdcard diff --git a/fs/hmdfs/hmdfs_share.c b/fs/hmdfs/hmdfs_share.c index 03f6c8898948..760afcbcec11 100644 --- a/fs/hmdfs/hmdfs_share.c +++ b/fs/hmdfs/hmdfs_share.c @@ -278,7 +278,7 @@ int hmdfs_check_share_access_permission(struct hmdfs_sb_info *sbi, * its delayed work to ensure that the open process can get * the correct path */ - if (item && is_dst_device(item->cid, cid)) { + if (item && (is_dst_device(item->cid, cid) || !strcmp(item->cid, SHARE_ALL_DEVICE))) { item->opened = true; if (!cancel_delayed_work_sync(&item->d_work)) { item->timeout = false; diff --git a/fs/hmdfs/hmdfs_share.h b/fs/hmdfs/hmdfs_share.h index c5d708d50bfc..8b1ecb29c6b8 100644 --- a/fs/hmdfs/hmdfs_share.h +++ b/fs/hmdfs/hmdfs_share.h @@ -15,7 +15,7 @@ #include "hmdfs_device_view.h" #include "comm/connection.h" -#define HMDFS_SHARE_ITEM_TIMEOUT_S 60 +#define HMDFS_SHARE_ITEM_TIMEOUT_S 120 #define HMDFS_SHARE_ITEMS_MAX 4 #define HMDFS_IOC 0xf2 @@ -23,6 +23,7 @@ struct hmdfs_share_control) #define SHARE_RESERVED_DIR ".share" +#define SHARE_ALL_DEVICE "0" struct hmdfs_share_control { __u32 src_fd; -- Gitee