gugelfrei
/
android_system_vold
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Recursively delete subdirs when deleting

Browse Source 
Use vold_prepare_subdirs since only it has the privilege needed.

Bug: 25861755
Test: Boot device, create user, create files, remove user, observe logs
Change-Id: I90fb2517ccd177c9b009001e7a2b00f537152f8c
gugelfrei
Paul Crowley 7 years ago
parent 1a9652613a
commit 8e55066845
2 changed files with 72 additions and 43 deletions
Show Stats Download Patch File Download Diff File

68
Ext4Crypt.cpp
Unescape View File

@ -594,6 +594,18 @@ bool e4crypt_lock_user_key(userid_t user_id) {
return true; return true;
} }
static bool prepare_subdirs(const std::string& action, const std::string& dirtype,
const std::string& volume_uuid, userid_t user_id,
const std::string& path) {
if (0 != android::vold::ForkExecvp(std::vector<std::string>{"/system/bin/vold_prepare_subdirs",
action, dirtype, volume_uuid,
std::to_string(user_id), path})) {
LOG(ERROR) << "vold_prepare_subdirs failed on: " << path;
return false;
}
return true;
}
bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial, bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial,
int flags) { int flags) {
LOG(DEBUG) << "e4crypt_prepare_user_storage for volume " << escape_empty(volume_uuid) LOG(DEBUG) << "e4crypt_prepare_user_storage for volume " << escape_empty(volume_uuid)
@ -634,12 +646,8 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
} }
if (volume_uuid.empty()) { if (volume_uuid.empty()) {
if (0 != android::vold::ForkExecvp( if (!prepare_subdirs("prepare", "misc_de", volume_uuid, user_id, misc_de_path))
std::vector<std::string>{"/system/bin/vold_prepare_subdirs", "misc_de",
misc_de_path, std::to_string(user_id), ""})) {
LOG(ERROR) << "vold_prepare_subdirs failed on: " << misc_de_path;
return false; return false;
}
} }
} }
@ -664,23 +672,19 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
if (!ensure_policy(ce_raw_ref, system_ce_path)) return false; if (!ensure_policy(ce_raw_ref, system_ce_path)) return false;
if (!ensure_policy(ce_raw_ref, misc_ce_path)) return false; if (!ensure_policy(ce_raw_ref, misc_ce_path)) return false;
// Now that credentials have been installed, we can run restorecon
// over these paths
// NOTE: these paths need to be kept in sync with libselinux
android::vold::RestoreconRecursive(system_ce_path);
android::vold::RestoreconRecursive(misc_ce_path);
} }
if (!ensure_policy(ce_raw_ref, media_ce_path)) return false; if (!ensure_policy(ce_raw_ref, media_ce_path)) return false;
if (!ensure_policy(ce_raw_ref, user_ce_path)) return false; if (!ensure_policy(ce_raw_ref, user_ce_path)) return false;
} }
if (volume_uuid.empty()) { if (volume_uuid.empty()) {
if (0 != android::vold::ForkExecvp( if (!prepare_subdirs("prepare", "misc_ce", volume_uuid, user_id, misc_ce_path))
std::vector<std::string>{"/system/bin/vold_prepare_subdirs", "misc_ce",
misc_ce_path, std::to_string(user_id), ""})) {
LOG(ERROR) << "vold_prepare_subdirs failed on: " << misc_ce_path;
return false; return false;
} // Now that credentials have been installed, we can run restorecon
// over these paths
// NOTE: these paths need to be kept in sync with libselinux
android::vold::RestoreconRecursive(system_ce_path);
android::vold::RestoreconRecursive(misc_ce_path);
} }
} }
@ -692,6 +696,22 @@ bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_
<< ", user " << user_id << ", flags " << flags; << ", user " << user_id << ", flags " << flags;
bool res = true; bool res = true;
if (flags & FLAG_STORAGE_CE) {
// CE_n key
auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
res &= destroy_dir(media_ce_path);
res &= destroy_dir(user_ce_path);
if (volume_uuid.empty()) {
res &= prepare_subdirs("destroy", "misc_ce", volume_uuid, user_id, misc_ce_path);
res &= destroy_dir(system_ce_path);
res &= destroy_dir(misc_ce_path);
}
}
if (flags & FLAG_STORAGE_DE) { if (flags & FLAG_STORAGE_DE) {
// DE_sys key // DE_sys key
auto system_legacy_path = android::vold::BuildDataSystemLegacyPath(user_id); auto system_legacy_path = android::vold::BuildDataSystemLegacyPath(user_id);
@ -703,7 +723,9 @@ bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_
auto misc_de_path = android::vold::BuildDataMiscDePath(user_id); auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id); auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
res &= destroy_dir(user_de_path);
if (volume_uuid.empty()) { if (volume_uuid.empty()) {
res &= prepare_subdirs("destroy", "misc_de", volume_uuid, user_id, misc_de_path);
res &= destroy_dir(system_legacy_path); res &= destroy_dir(system_legacy_path);
#if MANAGE_MISC_DIRS #if MANAGE_MISC_DIRS
res &= destroy_dir(misc_legacy_path); res &= destroy_dir(misc_legacy_path);
@ -712,22 +734,6 @@ bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_
res &= destroy_dir(system_de_path); res &= destroy_dir(system_de_path);
res &= destroy_dir(misc_de_path); res &= destroy_dir(misc_de_path);
} }
res &= destroy_dir(user_de_path);
}
if (flags & FLAG_STORAGE_CE) {
// CE_n key
auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
if (volume_uuid.empty()) {
res &= destroy_dir(system_ce_path);
res &= destroy_dir(misc_ce_path);
}
res &= destroy_dir(media_ce_path);
res &= destroy_dir(user_ce_path);
} }
return res; return res;

47
vold_prepare_subdirs
Unescape View File

@ -14,31 +14,54 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
# Set up or tear down subdirectories of vold-created directories.
#
# This is kept separate from vold because under the SELinux rules, it has privileges vold doesn't
# have. In particular, prepare_dir sets SELinux labels on subdirectories based on file_contexts,
# so this script has some relabelling privileges.
set -e set -e
action="$1"
dirtype="$2"
volume_uuid="$3"
user_id="$4"
path="$5"
case "$3" in case "$user_id" in
*[!0-9]* | '') *[!0-9]* | '')
echo "Invalid user id" echo "Invalid user id"
exit -1 exit -1
;; ;;
esac esac
if [ x"$4" != x ] ; then if [ x"$volume_uuid" != x ] ; then
echo "Volume must be root volume" echo "Volume must be root volume"
exit -1; exit -1;
fi fi
case "$1" in case "$dirtype" in
misc_de|misc_ce) misc_de|misc_ce)
computed_path="/data/$1/$3" computed_path="/data/$dirtype/$user_id"
if [ x"$computed_path" != x"$2" ] ; then if [ x"$computed_path" != x"$path" ] ; then
echo "Parameter path didn't match computed path: " $computed_path echo "Parameter path didn't match computed path: " $computed_path
exit -1; exit -1;
fi fi
/system/bin/prepare_dir --mode 700 --uid 0 --gid 0 -- "$computed_path"/vold case "$action" in
prepare)
/system/bin/prepare_dir --mode 700 --uid 0 --gid 0 -- "$computed_path"/vold
;;
destroy)
rm -rf "$computed_path"/*
;;
*)
echo "Unknown action: $action"
exit -1
;;
esac
;; ;;
*) *)
echo "Unknown type: $1" echo "Unknown type: $dirtype"
exit -1; exit -1
;; ;;
esac esac

Write Preview
Loading…
Cancel
Save