From 03d9d8daf08b2ee6ffae955e2ae2896989ade89c Mon Sep 17 00:00:00 2001
From: Dageking <dage007@126.com>
Date: Wed, 29 Sep 2021 03:25:08 +0000
Subject: [PATCH 1/2] =?UTF-8?q?=E4=BF=AE=E6=94=B9dac=E9=85=8D=E7=BD=AE?=
 =?UTF-8?q?=E8=8E=B7=E5=8F=96=E6=96=B9=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 contrib/android/BUILD.gn       |  16 +++
 contrib/android/dac_config.cpp | 205 +++++++++++++++++++++++++++++++++
 contrib/android/dac_config.h   |  15 +++
 contrib/android/perms.c        |  21 +++-
 contrib/android/perms.h        |   6 +-
 5 files changed, 257 insertions(+), 6 deletions(-)
 create mode 100644 contrib/android/BUILD.gn
 create mode 100644 contrib/android/dac_config.cpp
 create mode 100644 contrib/android/dac_config.h

diff --git a/contrib/android/BUILD.gn b/contrib/android/BUILD.gn
new file mode 100644
index 00000000..653486e4
--- /dev/null
+++ b/contrib/android/BUILD.gn
@@ -0,0 +1,16 @@
+import("//build/ohos.gni")
+import("//build/ohos_var.gni")
+import("//developtools/profiler/build/config.gni")
+
+ohos_shared_library("libfsconfig"){
+   output_name = "libdacconfig"
+   install_enable = true
+
+   sources = [
+       "dac_config.cpp",
+   ]
+
+   part_name = "e2fsprogs"
+   subsystem_name = "distributeddatamgr"
+
+}
\ No newline at end of file
diff --git a/contrib/android/dac_config.cpp b/contrib/android/dac_config.cpp
new file mode 100644
index 00000000..076d37b7
--- /dev/null
+++ b/contrib/android/dac_config.cpp
@@ -0,0 +1,205 @@
+#define __cpluscplus
+#include "dac_config.h"
+#include <iostream>
+#include <string>
+#include <unordered_map>
+#include <fstream>
+#include <sstream>
+#include <vector>
+#include <linux/capability.h>
+
+using namespace std;
+
+struct DacConfig {
+    unsigned int uid;
+    unsigned int gid;
+    unsigned int mode;
+    uint64_t capabilities;
+    string path;
+    DacConfig() : uid(0),gid(0),mode(0),capabilities(0),path("") {}
+    DacConfig(unsigned int m,unsigned int u,unsigned int g,uint64_t c,string p) : uid(u),gid(g),mode(m),capabilities(c),path(p) {}
+
+    void SetDefault(unsigned int m,unsigned int u,unsigned int g,uint64_t c,string p)
+    {
+        this->uid = u;
+        this->gid = g;
+        this->mode = m;
+        this->capabilities = c;
+        this->path = p;
+    }
+};
+
+unordered_map<string,DacConfig> g_configMap;
+
+string Trim(const string& s){
+    if(s.size() == 0){
+        return s;
+    }
+
+    size_t start = 0;
+    size_t end = s.size() - 1;
+
+    while(start < s.size() && isspace(s[start])){
+        start++;
+    }
+
+    while(end >= start && isspace(s[end])){
+        end--;
+    }
+
+    if(end < start){
+        return "";
+    }
+
+    return s.substr(start,end - start + 1);
+}
+
+unordered_map<string,unsigned int> g_capStrCapNum = {
+    {"CAP_CHOWN",CAP_CHOWN},
+    {"CAP_DAC_OVERRIDE",CAP_DAC_OVERRIDE},
+    {"CAP_DAC_READ_SEARCH",CAP_DAC_READ_SEARCH},
+    {"CAP_FOWNER",CAP_FOWNER},
+    {"CAP_FSETID",CAP_FSETID},
+    {"CAP_KILL",CAP_KILL},
+    {"CAP_SETGID",CAP_SETGID},
+    {"CAP_SETUID",CAP_SETUID},
+    {"CAP_LINUX_IMMUTABLE",CAP_LINUX_IMMUTABLE},
+    {"CAP_NET_BIND_SERVICE",CAP_NET_BIND_SERVICE},
+    {"CAP_NET_BROADCAST",CAP_NET_BROADCAST},
+    {"CAP_NET_ADMIN",CAP_NET_ADMIN},
+    {"CAP_NET_RAW",CAP_NET_RAW},
+    {"CAP_IPC_LOCK",CAP_IPC_LOCK},
+    {"CAP_IPC_OWNER",CAP_IPC_OWNER},
+    {"CAP_SYS_MODULE",CAP_SYS_MODULE},
+    {"CAP_SYS_RAWIO",CAP_SYS_RAWIO},
+    {"CAP_SYS_CHROOT",CAP_SYS_CHROOT},
+    {"CAP_SYS_PTRACE",CAP_SYS_PTRACE},
+    {"CAP_SYS_PACCT",CAP_SYS_PACCT},
+    {"CAP_SYS_ADMIN",CAP_SYS_ADMIN},
+    {"CAP_SYS_ROOT",CAP_SYS_BOOT},
+    {"CAP_SYS_NICE",CAP_SYS_NICE},
+    {"CAP_SYS_RESOURCE",CAP_SYS_RESOURCE},
+    {"CAP_SYS_TIME",CAP_SYS_TIME},
+    {"CAP_SYS_TTY_CONFIG",CAP_SYS_TTY_CONFIG},
+    {"CAP_MKNOD",CAP_MKNOD},
+    {"CAP_LEASE",CAP_LEASE},
+    {"CAP_AUDIT_WRITE",CAP_AUDIT_WRITE},
+    {"CAP_AUDIT_CONTROL",CAP_AUDIT_CONTROL},
+    {"CAP_SETFCAP",CAP_SETFCAP},
+    {"CAP_MAC_OVERRIDE",CAP_MAC_OVERRIDE},
+    {"CAP_MAC_ADMIN",CAP_MAC_ADMIN},
+    {"CAP_SYSLOG",CAP_SYSLOG},
+    {"CAP_WAKE_ALARM",CAP_WAKE_ALARM},
+    {"CAP_BLOCK_SUSPEND",CAP_BLOCK_SUSPEND},
+};
+
+uint64_t GetCap(string cap){
+    if(isdigit(cap[0])){
+        return stoll(cap);
+    }
+
+    stringstream ss(cap);
+    string value;
+    uint64_t c = 0;
+    while(getline(ss,value,'|')){
+        value = Trim(value);
+        if(g_capStrCapNum.count(value)){
+            c |= (1ULL << g_CapStrCapNum[value]);
+        }
+    }
+
+    return c;
+}
+
+extern "C" {
+
+    int LoadDacConfig(const char* fn){
+        ifstream readFile(fn);
+        if(readFile.fail()){
+            return -1;
+        }
+
+        string str;
+        vector<string> values(5,"");//path,mode,uid,gid,cap
+        while(getline(readFile,str)){
+            str = Trim(str);
+            if(str.empty() || str[0] == '#'){
+                continue;
+            }
+
+            stringstream ss(str);
+            string value;
+            int i = 0;
+            while(getline(ss,value,',')){
+                if(i >= 5){
+                    break;
+                }
+
+                value = Trim(value);
+                if(value.empty()){
+                    continue;
+                }
+                values[i++] = value;
+            }
+
+            if(i != 5){
+                continue;
+            }
+
+            int uid = 0;
+            if(isdigit(values[2][0])){
+                uid = stoi(values[2]);
+            }
+
+            int gid = 0;
+            if(isdigit(values[3][0])){
+                uid = stoi(values[3]);
+            }
+
+            uint64_t cap = GetCap(values[4]);
+            DacConfig dacConfig(stoi(values[1],0,8),uid,gid,cap,values[0]);
+            g_configMap[dacConfig.path] = dacConfig;
+        }
+
+        return 0;
+    }
+
+    void GetDacConfig(const char* path,int dir,const char* target_out_path,unsigned* uid,unsigned* gid,unsigned* mode,uint64_t capabilities)
+    {
+        if(path && path[0] == '/'){
+            path++;
+        }
+
+        (void)target_out_path;
+        string str = path;
+        string str2;
+        DacConfig dacConfig(00755,0,0,0,"");
+
+        if(dir == 0){
+            dacConfig.SetDefault(00644,0,0,0,"");
+        }
+
+        if(g_configMap.count(str)){
+            dacConfig = g_configMap[str];
+        }
+        else if(dir == 0){
+            for(auto i = str.size() - 1;i >= 0;i--){
+                if(str[i] == '/'){
+                    break;
+                }
+                else {
+                    str2 = str.substr(0,i) + "*";
+                    if(g_configMap.count(str2)){
+                        dacConfig = g_configMap[str2];
+                        break;
+                    }
+                }
+            }
+        }
+
+        *uid = dacConfig.uid;
+        *gid = dacConfig.gid;
+        *mode = dacConfig.mode;
+        capabilities = dacConfig.capabilities;
+    }
+}
\ No newline at end of file
diff --git a/contrib/android/dac_config.h b/contrib/android/dac_config.h
new file mode 100644
index 00000000..7c244a64
--- /dev/null
+++ b/contrib/android/dac_config.h
@@ -0,0 +1,15 @@
+#ifndef __DAC_CONFIG
+#define __DAC_CONFIG
+#include <stdint.h>
+
+#ifdef __cpluscplus
+extern "C" {
+#endif
+
+int LoadDacConfig(const char* fn);
+void GetDacConfig(const char* path,int dir,const char* target_out_path,unsigned* uid,unsigned* gid,unsigned* mode,uint64_t* capabilities);
+
+#ifdef __cpluscplus
+}
+#endif
+#endif
\ No newline at end of file
diff --git a/contrib/android/perms.c b/contrib/android/perms.c
index 9c5ec05b..f3a8161d 100644
--- a/contrib/android/perms.c
+++ b/contrib/android/perms.c
@@ -6,6 +6,8 @@
 #include <time.h>
 #include <sys/stat.h>
 
+#include "dac_config.h"
+
 #ifndef XATTR_SELINUX_SUFFIX
 # define XATTR_SELINUX_SUFFIX  "selinux"
 #endif
@@ -358,18 +360,31 @@ errcode_t android_configure_fs(ext2_filsys fs, char *src_dir, char *target_out,
 
 	/* Load the FS config */
 	if (fs_config_file) {
+		/*
 		retval = load_canned_fs_config(fs_config_file);
+		*/
+		retval = LoadDacConfig(fs_config_file);
 		if (retval < 0) {
 			com_err(__func__, retval,
 				_("while loading fs_config \"%s\""),
 				fs_config_file);
 			return retval;
 		}
+		/*
 		fs_config_func = canned_fs_config;
-	} else if (mountpoint)
+		*/
+		fs_config_fun = GetDacConfig;
+		
+	}
+	/*
+	else if (mountpoint)
 		fs_config_func = fs_config;
-
+	*/
+	else{
+	   com_err(__func__,EXT2_ET_UNSUPP_FEATURE,_("while loading fs_config "));
+	   return EXT2_ET_UNSUPP_FEATURE;
+	}
 	return __android_configure_fs(fs, src_dir, target_out, mountpoint,
 				      fs_config_func, sehnd, fixed_time,
 				      uid_map, gid_map);
-}
+}
\ No newline at end of file
diff --git a/contrib/android/perms.h b/contrib/android/perms.h
index 6d6a2129..a339305c 100644
--- a/contrib/android/perms.h
+++ b/contrib/android/perms.h
@@ -48,10 +48,10 @@ static inline errcode_t android_configure_fs(ext2_filsys fs,
 #  include <selinux/label.h>
 #  if defined(__ANDROID__)
 #   include <selinux/android.h>
-#  endif
+
 #  include <private/android_filesystem_config.h>
 #  include <private/canned_fs_config.h>
-
+#  endif
 errcode_t android_configure_fs(ext2_filsys fs, char *src_dir,
 			       char *target_out,
 			       char *mountpoint,
@@ -62,4 +62,4 @@ errcode_t android_configure_fs(ext2_filsys fs, char *src_dir,
 			       const struct ugid_map* gid_map);
 
 # endif
-#endif /* !ANDROID_PERMS_H */
+#endif /* !ANDROID_PERMS_H */
\ No newline at end of file
-- 
Gitee


From 365dfa5f6602ef4a81dbe7e7ca0a8d9fd8c26a6b Mon Sep 17 00:00:00 2001
From: Dageking <dage007@126.com>
Date: Wed, 29 Sep 2021 03:25:08 +0000
Subject: [PATCH 2/2] =?UTF-8?q?=E4=BF=AE=E6=94=B9dac=E9=85=8D=E7=BD=AE?=
 =?UTF-8?q?=E8=8E=B7=E5=8F=96=E6=96=B9=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Dageking <dage007@126.com>

修改dac配置获取方式
---
 contrib/android/BUILD.gn       |  16 +++
 contrib/android/dac_config.cpp | 205 +++++++++++++++++++++++++++++++++
 contrib/android/dac_config.h   |  15 +++
 contrib/android/perms.c        |  21 +++-
 contrib/android/perms.h        |   6 +-
 5 files changed, 257 insertions(+), 6 deletions(-)
 create mode 100644 contrib/android/BUILD.gn
 create mode 100644 contrib/android/dac_config.cpp
 create mode 100644 contrib/android/dac_config.h

diff --git a/contrib/android/BUILD.gn b/contrib/android/BUILD.gn
new file mode 100644
index 00000000..653486e4
--- /dev/null
+++ b/contrib/android/BUILD.gn
@@ -0,0 +1,16 @@
+import("//build/ohos.gni")
+import("//build/ohos_var.gni")
+import("//developtools/profiler/build/config.gni")
+
+ohos_shared_library("libfsconfig"){
+   output_name = "libdacconfig"
+   install_enable = true
+
+   sources = [
+       "dac_config.cpp",
+   ]
+
+   part_name = "e2fsprogs"
+   subsystem_name = "distributeddatamgr"
+
+}
\ No newline at end of file
diff --git a/contrib/android/dac_config.cpp b/contrib/android/dac_config.cpp
new file mode 100644
index 00000000..076d37b7
--- /dev/null
+++ b/contrib/android/dac_config.cpp
@@ -0,0 +1,205 @@
+#define __cpluscplus
+#include "dac_config.h"
+#include <iostream>
+#include <string>
+#include <unordered_map>
+#include <fstream>
+#include <sstream>
+#include <vector>
+#include <linux/capability.h>
+
+using namespace std;
+
+struct DacConfig {
+    unsigned int uid;
+    unsigned int gid;
+    unsigned int mode;
+    uint64_t capabilities;
+    string path;
+    DacConfig() : uid(0),gid(0),mode(0),capabilities(0),path("") {}
+    DacConfig(unsigned int m,unsigned int u,unsigned int g,uint64_t c,string p) : uid(u),gid(g),mode(m),capabilities(c),path(p) {}
+
+    void SetDefault(unsigned int m,unsigned int u,unsigned int g,uint64_t c,string p)
+    {
+        this->uid = u;
+        this->gid = g;
+        this->mode = m;
+        this->capabilities = c;
+        this->path = p;
+    }
+};
+
+unordered_map<string,DacConfig> g_configMap;
+
+string Trim(const string& s){
+    if(s.size() == 0){
+        return s;
+    }
+
+    size_t start = 0;
+    size_t end = s.size() - 1;
+
+    while(start < s.size() && isspace(s[start])){
+        start++;
+    }
+
+    while(end >= start && isspace(s[end])){
+        end--;
+    }
+
+    if(end < start){
+        return "";
+    }
+
+    return s.substr(start,end - start + 1);
+}
+
+unordered_map<string,unsigned int> g_capStrCapNum = {
+    {"CAP_CHOWN",CAP_CHOWN},
+    {"CAP_DAC_OVERRIDE",CAP_DAC_OVERRIDE},
+    {"CAP_DAC_READ_SEARCH",CAP_DAC_READ_SEARCH},
+    {"CAP_FOWNER",CAP_FOWNER},
+    {"CAP_FSETID",CAP_FSETID},
+    {"CAP_KILL",CAP_KILL},
+    {"CAP_SETGID",CAP_SETGID},
+    {"CAP_SETUID",CAP_SETUID},
+    {"CAP_LINUX_IMMUTABLE",CAP_LINUX_IMMUTABLE},
+    {"CAP_NET_BIND_SERVICE",CAP_NET_BIND_SERVICE},
+    {"CAP_NET_BROADCAST",CAP_NET_BROADCAST},
+    {"CAP_NET_ADMIN",CAP_NET_ADMIN},
+    {"CAP_NET_RAW",CAP_NET_RAW},
+    {"CAP_IPC_LOCK",CAP_IPC_LOCK},
+    {"CAP_IPC_OWNER",CAP_IPC_OWNER},
+    {"CAP_SYS_MODULE",CAP_SYS_MODULE},
+    {"CAP_SYS_RAWIO",CAP_SYS_RAWIO},
+    {"CAP_SYS_CHROOT",CAP_SYS_CHROOT},
+    {"CAP_SYS_PTRACE",CAP_SYS_PTRACE},
+    {"CAP_SYS_PACCT",CAP_SYS_PACCT},
+    {"CAP_SYS_ADMIN",CAP_SYS_ADMIN},
+    {"CAP_SYS_ROOT",CAP_SYS_BOOT},
+    {"CAP_SYS_NICE",CAP_SYS_NICE},
+    {"CAP_SYS_RESOURCE",CAP_SYS_RESOURCE},
+    {"CAP_SYS_TIME",CAP_SYS_TIME},
+    {"CAP_SYS_TTY_CONFIG",CAP_SYS_TTY_CONFIG},
+    {"CAP_MKNOD",CAP_MKNOD},
+    {"CAP_LEASE",CAP_LEASE},
+    {"CAP_AUDIT_WRITE",CAP_AUDIT_WRITE},
+    {"CAP_AUDIT_CONTROL",CAP_AUDIT_CONTROL},
+    {"CAP_SETFCAP",CAP_SETFCAP},
+    {"CAP_MAC_OVERRIDE",CAP_MAC_OVERRIDE},
+    {"CAP_MAC_ADMIN",CAP_MAC_ADMIN},
+    {"CAP_SYSLOG",CAP_SYSLOG},
+    {"CAP_WAKE_ALARM",CAP_WAKE_ALARM},
+    {"CAP_BLOCK_SUSPEND",CAP_BLOCK_SUSPEND},
+};
+
+uint64_t GetCap(string cap){
+    if(isdigit(cap[0])){
+        return stoll(cap);
+    }
+
+    stringstream ss(cap);
+    string value;
+    uint64_t c = 0;
+    while(getline(ss,value,'|')){
+        value = Trim(value);
+        if(g_capStrCapNum.count(value)){
+            c |= (1ULL << g_CapStrCapNum[value]);
+        }
+    }
+
+    return c;
+}
+
+extern "C" {
+
+    int LoadDacConfig(const char* fn){
+        ifstream readFile(fn);
+        if(readFile.fail()){
+            return -1;
+        }
+
+        string str;
+        vector<string> values(5,"");//path,mode,uid,gid,cap
+        while(getline(readFile,str)){
+            str = Trim(str);
+            if(str.empty() || str[0] == '#'){
+                continue;
+            }
+
+            stringstream ss(str);
+            string value;
+            int i = 0;
+            while(getline(ss,value,',')){
+                if(i >= 5){
+                    break;
+                }
+
+                value = Trim(value);
+                if(value.empty()){
+                    continue;
+                }
+                values[i++] = value;
+            }
+
+            if(i != 5){
+                continue;
+            }
+
+            int uid = 0;
+            if(isdigit(values[2][0])){
+                uid = stoi(values[2]);
+            }
+
+            int gid = 0;
+            if(isdigit(values[3][0])){
+                uid = stoi(values[3]);
+            }
+
+            uint64_t cap = GetCap(values[4]);
+            DacConfig dacConfig(stoi(values[1],0,8),uid,gid,cap,values[0]);
+            g_configMap[dacConfig.path] = dacConfig;
+        }
+
+        return 0;
+    }
+
+    void GetDacConfig(const char* path,int dir,const char* target_out_path,unsigned* uid,unsigned* gid,unsigned* mode,uint64_t capabilities)
+    {
+        if(path && path[0] == '/'){
+            path++;
+        }
+
+        (void)target_out_path;
+        string str = path;
+        string str2;
+        DacConfig dacConfig(00755,0,0,0,"");
+
+        if(dir == 0){
+            dacConfig.SetDefault(00644,0,0,0,"");
+        }
+
+        if(g_configMap.count(str)){
+            dacConfig = g_configMap[str];
+        }
+        else if(dir == 0){
+            for(auto i = str.size() - 1;i >= 0;i--){
+                if(str[i] == '/'){
+                    break;
+                }
+                else {
+                    str2 = str.substr(0,i) + "*";
+                    if(g_configMap.count(str2)){
+                        dacConfig = g_configMap[str2];
+                        break;
+                    }
+                }
+            }
+        }
+
+        *uid = dacConfig.uid;
+        *gid = dacConfig.gid;
+        *mode = dacConfig.mode;
+        capabilities = dacConfig.capabilities;
+    }
+}
\ No newline at end of file
diff --git a/contrib/android/dac_config.h b/contrib/android/dac_config.h
new file mode 100644
index 00000000..7c244a64
--- /dev/null
+++ b/contrib/android/dac_config.h
@@ -0,0 +1,15 @@
+#ifndef __DAC_CONFIG
+#define __DAC_CONFIG
+#include <stdint.h>
+
+#ifdef __cpluscplus
+extern "C" {
+#endif
+
+int LoadDacConfig(const char* fn);
+void GetDacConfig(const char* path,int dir,const char* target_out_path,unsigned* uid,unsigned* gid,unsigned* mode,uint64_t* capabilities);
+
+#ifdef __cpluscplus
+}
+#endif
+#endif
\ No newline at end of file
diff --git a/contrib/android/perms.c b/contrib/android/perms.c
index 9c5ec05b..f3a8161d 100644
--- a/contrib/android/perms.c
+++ b/contrib/android/perms.c
@@ -6,6 +6,8 @@
 #include <time.h>
 #include <sys/stat.h>
 
+#include "dac_config.h"
+
 #ifndef XATTR_SELINUX_SUFFIX
 # define XATTR_SELINUX_SUFFIX  "selinux"
 #endif
@@ -358,18 +360,31 @@ errcode_t android_configure_fs(ext2_filsys fs, char *src_dir, char *target_out,
 
 	/* Load the FS config */
 	if (fs_config_file) {
+		/*
 		retval = load_canned_fs_config(fs_config_file);
+		*/
+		retval = LoadDacConfig(fs_config_file);
 		if (retval < 0) {
 			com_err(__func__, retval,
 				_("while loading fs_config \"%s\""),
 				fs_config_file);
 			return retval;
 		}
+		/*
 		fs_config_func = canned_fs_config;
-	} else if (mountpoint)
+		*/
+		fs_config_fun = GetDacConfig;
+		
+	}
+	/*
+	else if (mountpoint)
 		fs_config_func = fs_config;
-
+	*/
+	else{
+	   com_err(__func__,EXT2_ET_UNSUPP_FEATURE,_("while loading fs_config "));
+	   return EXT2_ET_UNSUPP_FEATURE;
+	}
 	return __android_configure_fs(fs, src_dir, target_out, mountpoint,
 				      fs_config_func, sehnd, fixed_time,
 				      uid_map, gid_map);
-}
+}
\ No newline at end of file
diff --git a/contrib/android/perms.h b/contrib/android/perms.h
index 6d6a2129..a339305c 100644
--- a/contrib/android/perms.h
+++ b/contrib/android/perms.h
@@ -48,10 +48,10 @@ static inline errcode_t android_configure_fs(ext2_filsys fs,
 #  include <selinux/label.h>
 #  if defined(__ANDROID__)
 #   include <selinux/android.h>
-#  endif
+
 #  include <private/android_filesystem_config.h>
 #  include <private/canned_fs_config.h>
-
+#  endif
 errcode_t android_configure_fs(ext2_filsys fs, char *src_dir,
 			       char *target_out,
 			       char *mountpoint,
@@ -62,4 +62,4 @@ errcode_t android_configure_fs(ext2_filsys fs, char *src_dir,
 			       const struct ugid_map* gid_map);
 
 # endif
-#endif /* !ANDROID_PERMS_H */
+#endif /* !ANDROID_PERMS_H */
\ No newline at end of file
-- 
Gitee