From 448b6875649927b25f86933f953e1f8986db5cf2 Mon Sep 17 00:00:00 2001 From: waterwin Date: Sat, 12 Feb 2022 14:57:21 +0800 Subject: [PATCH] hmdfs: multi user support ohos inclusion category: feature issue: #I4TF6Y CVE: NA ---------------------------------------------- hmdfs support multi user mount, with different user id, hap access file with different uid. Signed-off-by: qianjiaxing --- fs/hmdfs/authority/authentication.c | 12 ++++++++---- fs/hmdfs/authority/authentication.h | 14 +++++--------- fs/hmdfs/hmdfs.h | 3 +++ fs/hmdfs/inode_local.c | 8 -------- fs/hmdfs/main.c | 1 + fs/hmdfs/super.c | 18 ++++++++++++++++-- 6 files changed, 33 insertions(+), 23 deletions(-) diff --git a/fs/hmdfs/authority/authentication.c b/fs/hmdfs/authority/authentication.c index 85ac3c96c5b1..d56ac1490bb3 100644 --- a/fs/hmdfs/authority/authentication.c +++ b/fs/hmdfs/authority/authentication.c @@ -99,7 +99,8 @@ const struct cred *hmdfs_override_dir_fsids(struct inode *dir, * local uninstall. * Set appid + media_rw for local install. */ - int bid = get_bid(dentry->d_name.name); + int bid = get_bundle_uid(hmdfs_sb(dentry->d_sb), + dentry->d_name.name); if (bid != 0) { cred->fsuid = KUIDT_INIT(bid); @@ -359,13 +360,15 @@ void check_and_fixup_ownership(struct inode *parent_inode, struct inode *child, switch (info->perm & HMDFS_DIR_TYPE_MASK) { case HMDFS_DIR_PKG: - bid = get_bid(name); + bid = get_bundle_uid(hmdfs_sb(parent_inode->i_sb), name); if (bid != child->i_uid.val || bid != child->i_gid.val) - fixup_ownership_user_group(child, lower_dentry, bid, bid); + fixup_ownership_user_group(child, lower_dentry, bid, + bid); break; case HMDFS_DIR_DATA: case HMDFS_FILE_PKG_SUB: + case HMDFS_DIR_PKG_SUB: case HMDFS_DIR_DEFAULT: case HMDFS_FILE_DEFAULT: case HMDFS_DIR_PUBLIC: @@ -420,7 +423,8 @@ void check_and_fixup_ownership_remote(struct inode *dir, * local uninstall. * Set appid + media_rw for local install. */ - int bid = get_bid(dentry->d_name.name); + int bid = get_bundle_uid(hmdfs_sb(dentry->d_sb), + dentry->d_name.name); if (bid != 0) { dinode->i_uid = KUIDT_INIT(bid); dinode->i_gid = KGIDT_INIT(bid); diff --git a/fs/hmdfs/authority/authentication.h b/fs/hmdfs/authority/authentication.h index 26838e2e8128..af6eec9a4897 100644 --- a/fs/hmdfs/authority/authentication.h +++ b/fs/hmdfs/authority/authentication.h @@ -174,14 +174,6 @@ static inline bool is_system_auth(__u16 perm) #define HMDFS_ALL_MASK (HMDFS_MOUNT_POINT_MASK | AUTH_MASK | HMDFS_DIR_TYPE_MASK | HMDFS_PERM_MASK) -static inline kuid_t get_bid_from_uid(kuid_t uid) -{ - kuid_t bid; - - bid.val = uid.val % BASE_USER_RANGE; - return bid; -} - static inline void set_inode_gid(struct inode *inode, kgid_t gid) { inode->i_gid = gid; @@ -259,6 +251,11 @@ extern int get_bid(const char *bname); extern int __init hmdfs_init_configfs(void); extern void hmdfs_exit_configfs(void); +static inline int get_bundle_uid(struct hmdfs_sb_info *sbi, const char *bname) +{ + return sbi->user_id * BASE_USER_RANGE + get_bid(bname); +} + #else static inline @@ -331,7 +328,6 @@ void hmdfs_check_cred(const struct cred *cred) { } -static inline int get_bid(const char *bname) { return 0; } static inline int __init hmdfs_init_configfs(void) { return 0; } static inline void hmdfs_exit_configfs(void) {} diff --git a/fs/hmdfs/hmdfs.h b/fs/hmdfs/hmdfs.h index d0a24db08f62..9b5d456e1217 100644 --- a/fs/hmdfs/hmdfs.h +++ b/fs/hmdfs/hmdfs.h @@ -190,6 +190,9 @@ struct hmdfs_sb_info { wait_queue_head_t async_readdir_wq; /* don't allow async readdir */ bool async_readdir_prohibit; + + /* multi user */ + unsigned int user_id; }; static inline struct hmdfs_sb_info *hmdfs_sb(struct super_block *sb) diff --git a/fs/hmdfs/inode_local.c b/fs/hmdfs/inode_local.c index 7afab9d98ada..c302d320de48 100644 --- a/fs/hmdfs/inode_local.c +++ b/fs/hmdfs/inode_local.c @@ -893,14 +893,6 @@ int hmdfs_permission(struct inode *inode, int mask) mode >>= 6; } else if (in_group_p(inode->i_gid)) { mode >>= 3; - } else if (is_pkg_auth(hii->perm)) { - kuid_t bid = get_bid_from_uid(cur_uid); - - if (uid_eq(bid, inode->i_uid)) - return 0; - } else if (is_system_auth(hii->perm)) { - if (in_group_p(USER_DATA_RW_GID)) - return 0; } if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0) diff --git a/fs/hmdfs/main.c b/fs/hmdfs/main.c index 0456a247caf6..efc952a36afd 100644 --- a/fs/hmdfs/main.c +++ b/fs/hmdfs/main.c @@ -373,6 +373,7 @@ static int hmdfs_show_options(struct seq_file *m, struct dentry *root) seq_puts(m, ",merge_disable"); seq_printf(m, ",ra_pages=%lu", root->d_sb->s_bdi->ra_pages); + seq_printf(m, ",user_id=%u", sbi->user_id); if (sbi->cache_dir) seq_printf(m, ",cache_dir=%s", sbi->cache_dir); diff --git a/fs/hmdfs/super.c b/fs/hmdfs/super.c index 92012f80ab37..52cc857f5e45 100644 --- a/fs/hmdfs/super.c +++ b/fs/hmdfs/super.c @@ -20,6 +20,7 @@ enum { OPT_VIEW_TYPE, OPT_NO_OFFLINE_STASH, OPT_NO_DENTRY_CACHE, + OPT_USER_ID, OPT_ERR, }; @@ -31,6 +32,7 @@ static match_table_t hmdfs_tokens = { { OPT_VIEW_TYPE, "merge" }, { OPT_NO_OFFLINE_STASH, "no_offline_stash" }, { OPT_NO_DENTRY_CACHE, "no_dentry_cache" }, + { OPT_USER_ID, "user_id=%s"}, { OPT_ERR, NULL }, }; @@ -74,6 +76,7 @@ int hmdfs_parse_options(struct hmdfs_sb_info *sbi, const char *data) char *options_src = NULL; substring_t args[MAX_OPT_ARGS]; unsigned long value = DEAULT_RA_PAGES; + unsigned int user_id = 0; struct super_block *sb = sbi->sb; int err = 0; @@ -100,10 +103,10 @@ int hmdfs_parse_options(struct hmdfs_sb_info *sbi, const char *data) name = match_strdup(&args[0]); if (name) { err = kstrtoul(name, 10, &value); - if (err) - goto out; kfree(name); name = NULL; + if (err) + goto out; } break; case OPT_LOCAL_DST: @@ -128,6 +131,17 @@ int hmdfs_parse_options(struct hmdfs_sb_info *sbi, const char *data) case OPT_NO_DENTRY_CACHE: sbi->s_dentry_cache = false; break; + case OPT_USER_ID: + name = match_strdup(&args[0]); + if (name) { + err = kstrtouint(name, 10, &user_id); + kfree(name); + name = NULL; + if (err) + goto out; + sbi->user_id = user_id; + } + break; default: err = -EINVAL; goto out; -- Gitee