/* * Copyright (C) 2008 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define LOG_TAG "Vold" #include #include #include #include "Volume.h" #include "VolumeManager.h" #include "ResponseCode.h" #include "Fat.h" #include "Process.h" #include "cryptfs.h" #include "sehandle.h" extern "C" void dos_partition_dec(void const *pp, struct dos_partition *d); extern "C" void dos_partition_enc(void *pp, struct dos_partition *d); /* * Media directory - stuff that only media_rw user can see */ const char *Volume::MEDIA_DIR = "/mnt/media_rw"; /* * Fuse directory - location where fuse wrapped filesystems go */ const char *Volume::FUSE_DIR = "/storage"; /* * Path to external storage where *only* root can access ASEC image files */ const char *Volume::SEC_ASECDIR_EXT = "/mnt/secure/asec"; /* * Path to internal storage where *only* root can access ASEC image files */ const char *Volume::SEC_ASECDIR_INT = "/data/app-asec"; /* * Path to where secure containers are mounted */ const char *Volume::ASECDIR = "/mnt/asec"; /* * Path to where OBBs are mounted */ const char *Volume::LOOPDIR = "/mnt/obb"; const char *Volume::BLKID_PATH = "/system/bin/blkid"; static const char *stateToStr(int state) { if (state == Volume::State_Init) return "Initializing"; else if (state == Volume::State_NoMedia) return "No-Media"; else if (state == Volume::State_Idle) return "Idle-Unmounted"; else if (state == Volume::State_Pending) return "Pending"; else if (state == Volume::State_Mounted) return "Mounted"; else if (state == Volume::State_Unmounting) return "Unmounting"; else if (state == Volume::State_Checking) return "Checking"; else if (state == Volume::State_Formatting) return "Formatting"; else if (state == Volume::State_Shared) return "Shared-Unmounted"; else if (state == Volume::State_SharedMnt) return "Shared-Mounted"; else return "Unknown-Error"; } Volume::Volume(VolumeManager *vm, const fstab_rec* rec, int flags) { mVm = vm; mDebug = false; mLabel = strdup(rec->label); mUuid = NULL; mUserLabel = NULL; mState = Volume::State_Init; mFlags = flags; mCurrentlyMountedKdev = -1; mPartIdx = rec->partnum; mRetryMount = false; } Volume::~Volume() { free(mLabel); free(mUuid); free(mUserLabel); } void Volume::setDebug(bool enable) { mDebug = enable; } dev_t Volume::getDiskDevice() { return MKDEV(0, 0); }; dev_t Volume::getShareDevice() { return getDiskDevice(); } void Volume::handleVolumeShared() { } void Volume::handleVolumeUnshared() { } int Volume::handleBlockEvent(NetlinkEvent * /*evt*/) { errno = ENOSYS; return -1; } void Volume::setUuid(const char* uuid) { char msg[256]; if (mUuid) { free(mUuid); } if (uuid) { mUuid = strdup(uuid); snprintf(msg, sizeof(msg), "%s %s \"%s\"", getLabel(), getFuseMountpoint(), mUuid); } else { mUuid = NULL; snprintf(msg, sizeof(msg), "%s %s", getLabel(), getFuseMountpoint()); } mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeUuidChange, msg, false); } void Volume::setUserLabel(const char* userLabel) { char msg[256]; if (mUserLabel) { free(mUserLabel); } if (userLabel) { mUserLabel = strdup(userLabel); snprintf(msg, sizeof(msg), "%s %s \"%s\"", getLabel(), getFuseMountpoint(), mUserLabel); } else { mUserLabel = NULL; snprintf(msg, sizeof(msg), "%s %s", getLabel(), getFuseMountpoint()); } mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeUserLabelChange, msg, false); } void Volume::setState(int state) { char msg[255]; int oldState = mState; if (oldState == state) { SLOGW("Duplicate state (%d)\n", state); return; } if ((oldState == Volume::State_Pending) && (state != Volume::State_Idle)) { mRetryMount = false; } mState = state; SLOGD("Volume %s state changing %d (%s) -> %d (%s)", mLabel, oldState, stateToStr(oldState), mState, stateToStr(mState)); snprintf(msg, sizeof(msg), "Volume %s %s state changed from %d (%s) to %d (%s)", getLabel(), getFuseMountpoint(), oldState, stateToStr(oldState), mState, stateToStr(mState)); mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeStateChange, msg, false); } int Volume::createDeviceNode(const char *path, int major, int minor) { char *secontext = NULL; mode_t mode = 0660 | S_IFBLK; dev_t dev = (major << 8) | minor; int rc; if (sehandle) { rc = selabel_lookup(sehandle, &secontext, path, S_IFBLK); if (rc == 0) setfscreatecon(secontext); } if (mknod(path, mode, dev) < 0) { if (errno != EEXIST) { int sverrno = errno; if (secontext) { freecon(secontext); setfscreatecon(NULL); } errno = sverrno; return -1; } } if (secontext) { setfscreatecon(NULL); freecon(secontext); } return 0; } int Volume::formatVol(bool wipe) { if (getState() == Volume::State_NoMedia) { errno = ENODEV; return -1; } else if (getState() != Volume::State_Idle) { errno = EBUSY; return -1; } if (isMountpointMounted(getMountpoint())) { SLOGW("Volume is idle but appears to be mounted - fixing"); setState(Volume::State_Mounted); // mCurrentlyMountedKdev = XXX errno = EBUSY; return -1; } bool formatEntireDevice = (mPartIdx == -1); char devicePath[255]; dev_t diskNode = getDiskDevice(); dev_t partNode = MKDEV(MAJOR(diskNode), MINOR(diskNode) + (formatEntireDevice ? 0 : mPartIdx)); setState(Volume::State_Formatting); int ret = -1; // Only initialize the MBR if we are formatting the entire device if (formatEntireDevice) { sprintf(devicePath, "/dev/block/vold/%d:%d", major(diskNode), minor(diskNode)); if (initializeMbr(devicePath)) { SLOGE("Failed to initialize MBR (%s)", strerror(errno)); goto err; } } sprintf(devicePath, "/dev/block/vold/%d:%d", major(partNode), minor(partNode)); if (mDebug) { SLOGI("Formatting volume %s (%s)", getLabel(), devicePath); } if (Fat::format(devicePath, 0, wipe)) { SLOGE("Failed to format (%s)", strerror(errno)); goto err; } ret = 0; err: setState(Volume::State_Idle); return ret; } bool Volume::isMountpointMounted(const char *path) { FILE *fp = setmntent("/proc/mounts", "r"); if (fp == NULL) { SLOGE("Error opening /proc/mounts (%s)", strerror(errno)); return false; } bool found_path = false; mntent* mentry; while ((mentry = getmntent(fp)) != NULL) { if (strcmp(mentry->mnt_dir, path) == 0) { found_path = true; break; } } endmntent(fp); return found_path; } int Volume::mountVol() { dev_t deviceNodes[4]; int n, i; char errmsg[255]; int flags = getFlags(); bool providesAsec = (flags & VOL_PROVIDES_ASEC) != 0; // TODO: handle "bind" style mounts, for emulated storage char decrypt_state[PROPERTY_VALUE_MAX]; char crypto_state[PROPERTY_VALUE_MAX]; char encrypt_progress[PROPERTY_VALUE_MAX]; property_get("vold.decrypt", decrypt_state, ""); property_get("vold.encrypt_progress", encrypt_progress, ""); /* Don't try to mount the volumes if we have not yet entered the disk password * or are in the process of encrypting. */ if ((getState() == Volume::State_NoMedia) || ((!strcmp(decrypt_state, "1") || encrypt_progress[0]) && providesAsec)) { snprintf(errmsg, sizeof(errmsg), "Volume %s %s mount failed - no media", getLabel(), getFuseMountpoint()); mVm->getBroadcaster()->sendBroadcast( ResponseCode::VolumeMountFailedNoMedia, errmsg, false); errno = ENODEV; return -1; } else if (getState() != Volume::State_Idle) { errno = EBUSY; if (getState() == Volume::State_Pending) { mRetryMount = true; } return -1; } if (isMountpointMounted(getMountpoint())) { SLOGW("Volume is idle but appears to be mounted - fixing"); setState(Volume::State_Mounted); // mCurrentlyMountedKdev = XXX return 0; } n = getDeviceNodes((dev_t *) &deviceNodes, 4); if (!n) { SLOGE("Failed to get device nodes (%s)\n", strerror(errno)); return -1; } /* If we're running encrypted, and the volume is marked as encryptable and nonremovable, * and also marked as providing Asec storage, then we need to decrypt * that partition, and update the volume object to point to it's new decrypted * block device */ property_get("ro.crypto.state", crypto_state, ""); if (providesAsec && ((flags & (VOL_NONREMOVABLE | VOL_ENCRYPTABLE))==(VOL_NONREMOVABLE | VOL_ENCRYPTABLE)) && !strcmp(crypto_state, "encrypted") && !isDecrypted()) { char new_sys_path[MAXPATHLEN]; char nodepath[256]; int new_major, new_minor; if (n != 1) { /* We only expect one device node returned when mounting encryptable volumes */ SLOGE("Too many device nodes returned when mounting %s\n", getMountpoint()); return -1; } if (cryptfs_setup_volume(getLabel(), MAJOR(deviceNodes[0]), MINOR(deviceNodes[0]), new_sys_path, sizeof(new_sys_path), &new_major, &new_minor)) { SLOGE("Cannot setup encryption mapping for %s\n", getMountpoint()); return -1; } /* We now have the new sysfs path for the decrypted block device, and the * majore and minor numbers for it. So, create the device, update the * path to the new sysfs path, and continue. */ snprintf(nodepath, sizeof(nodepath), "/dev/block/vold/%d:%d", new_major, new_minor); if (createDeviceNode(nodepath, new_major, new_minor)) { SLOGE("Error making device node '%s' (%s)", nodepath, strerror(errno)); } // Todo: Either create sys filename from nodepath, or pass in bogus path so // vold ignores state changes on this internal device. updateDeviceInfo(nodepath, new_major, new_minor); /* Get the device nodes again, because they just changed */ n = getDeviceNodes((dev_t *) &deviceNodes, 4); if (!n) { SLOGE("Failed to get device nodes (%s)\n", strerror(errno)); return -1; } } for (i = 0; i < n; i++) { char devicePath[255]; sprintf(devicePath, "/dev/block/vold/%d:%d", major(deviceNodes[i]), minor(deviceNodes[i])); SLOGI("%s being considered for volume %s\n", devicePath, getLabel()); errno = 0; setState(Volume::State_Checking); if (Fat::check(devicePath)) { if (errno == ENODATA) { SLOGW("%s does not contain a FAT filesystem\n", devicePath); continue; } errno = EIO; /* Badness - abort the mount */ SLOGE("%s failed FS checks (%s)", devicePath, strerror(errno)); setState(Volume::State_Idle); return -1; } errno = 0; if (Fat::doMount(devicePath, getMountpoint(), false, false, false, AID_MEDIA_RW, AID_MEDIA_RW, 0007, true)) { SLOGE("%s failed to mount via VFAT (%s)\n", devicePath, strerror(errno)); continue; } extractMetadata(devicePath); if (providesAsec && mountAsecExternal() != 0) { SLOGE("Failed to mount secure area (%s)", strerror(errno)); umount(getMountpoint()); setState(Volume::State_Idle); return -1; } char service[64]; snprintf(service, 64, "fuse_%s", getLabel()); property_set("ctl.start", service); setState(Volume::State_Mounted); mCurrentlyMountedKdev = deviceNodes[i]; return 0; } SLOGE("Volume %s found no suitable devices for mounting :(\n", getLabel()); setState(Volume::State_Idle); return -1; } int Volume::mountAsecExternal() { char legacy_path[PATH_MAX]; char secure_path[PATH_MAX]; snprintf(legacy_path, PATH_MAX, "%s/android_secure", getMountpoint()); snprintf(secure_path, PATH_MAX, "%s/.android_secure", getMountpoint()); // Recover legacy secure path if (!access(legacy_path, R_OK | X_OK) && access(secure_path, R_OK | X_OK)) { if (rename(legacy_path, secure_path)) { SLOGE("Failed to rename legacy asec dir (%s)", strerror(errno)); } } if (fs_prepare_dir(secure_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW) != 0) { SLOGW("fs_prepare_dir failed: %s", strerror(errno)); return -1; } if (mount(secure_path, SEC_ASECDIR_EXT, "", MS_BIND, NULL)) { SLOGE("Failed to bind mount points %s -> %s (%s)", secure_path, SEC_ASECDIR_EXT, strerror(errno)); return -1; } return 0; } int Volume::doUnmount(const char *path, bool force) { int retries = 10; if (mDebug) { SLOGD("Unmounting {%s}, force = %d", path, force); } while (retries--) { if (!umount(path) || errno == EINVAL || errno == ENOENT) { SLOGI("%s sucessfully unmounted", path); return 0; } int action = 0; if (force) { if (retries == 1) { action = 2; // SIGKILL } else if (retries == 2) { action = 1; // SIGHUP } } SLOGW("Failed to unmount %s (%s, retries %d, action %d)", path, strerror(errno), retries, action); Process::killProcessesWithOpenFiles(path, action); usleep(1000*1000); } errno = EBUSY; SLOGE("Giving up on unmount %s (%s)", path, strerror(errno)); return -1; } int Volume::unmountVol(bool force, bool revert) { int flags = getFlags(); bool providesAsec = (flags & VOL_PROVIDES_ASEC) != 0; if (getState() != Volume::State_Mounted) { SLOGE("Volume %s unmount request when not mounted", getLabel()); errno = EINVAL; return UNMOUNT_NOT_MOUNTED_ERR; } setState(Volume::State_Unmounting); usleep(1000 * 1000); // Give the framework some time to react char service[64]; snprintf(service, 64, "fuse_%s", getLabel()); property_set("ctl.stop", service); /* Give it a chance to stop. I wish we had a synchronous way to determine this... */ sleep(1); // TODO: determine failure mode if FUSE times out if (providesAsec && doUnmount(Volume::SEC_ASECDIR_EXT, force) != 0) { SLOGE("Failed to unmount secure area on %s (%s)", getMountpoint(), strerror(errno)); goto out_mounted; } /* Now that the fuse daemon is dead, unmount it */ if (doUnmount(getFuseMountpoint(), force) != 0) { SLOGE("Failed to unmount %s (%s)", getFuseMountpoint(), strerror(errno)); goto fail_remount_secure; } /* Unmount the real sd card */ if (doUnmount(getMountpoint(), force) != 0) { SLOGE("Failed to unmount %s (%s)", getMountpoint(), strerror(errno)); goto fail_remount_secure; } SLOGI("%s unmounted successfully", getMountpoint()); /* If this is an encrypted volume, and we've been asked to undo * the crypto mapping, then revert the dm-crypt mapping, and revert * the device info to the original values. */ if (revert && isDecrypted()) { cryptfs_revert_volume(getLabel()); revertDeviceInfo(); SLOGI("Encrypted volume %s reverted successfully", getMountpoint()); } setUuid(NULL); setUserLabel(NULL); setState(Volume::State_Idle); mCurrentlyMountedKdev = -1; return 0; fail_remount_secure: if (providesAsec && mountAsecExternal() != 0) { SLOGE("Failed to remount secure area (%s)", strerror(errno)); goto out_nomedia; } out_mounted: setState(Volume::State_Mounted); return -1; out_nomedia: setState(Volume::State_NoMedia); return -1; } int Volume::initializeMbr(const char *deviceNode) { struct disk_info dinfo; memset(&dinfo, 0, sizeof(dinfo)); if (!(dinfo.part_lst = (struct part_info *) malloc(MAX_NUM_PARTS * sizeof(struct part_info)))) { SLOGE("Failed to malloc prt_lst"); return -1; } memset(dinfo.part_lst, 0, MAX_NUM_PARTS * sizeof(struct part_info)); dinfo.device = strdup(deviceNode); dinfo.scheme = PART_SCHEME_MBR; dinfo.sect_size = 512; dinfo.skip_lba = 2048; dinfo.num_lba = 0; dinfo.num_parts = 1; struct part_info *pinfo = &dinfo.part_lst[0]; pinfo->name = strdup("android_sdcard"); pinfo->flags |= PART_ACTIVE_FLAG; pinfo->type = PC_PART_TYPE_FAT32; pinfo->len_kb = -1; int rc = apply_disk_config(&dinfo, 0); if (rc) { SLOGE("Failed to apply disk configuration (%d)", rc); goto out; } out: free(pinfo->name); free(dinfo.device); free(dinfo.part_lst); return rc; } /* * Use blkid to extract UUID and label from device, since it handles many * obscure edge cases around partition types and formats. Always broadcasts * updated metadata values. */ int Volume::extractMetadata(const char* devicePath) { int res = 0; std::string cmd; cmd = BLKID_PATH; cmd += " -c /dev/null "; cmd += devicePath; FILE* fp = popen(cmd.c_str(), "r"); if (!fp) { ALOGE("Failed to run %s: %s", cmd.c_str(), strerror(errno)); res = -1; goto done; } char line[1024]; char value[128]; if (fgets(line, sizeof(line), fp) != NULL) { ALOGD("blkid identified as %s", line); char* start = strstr(line, "UUID="); if (start != NULL && sscanf(start + 5, "\"%127[^\"]\"", value) == 1) { setUuid(value); } else { setUuid(NULL); } start = strstr(line, "LABEL="); if (start != NULL && sscanf(start + 6, "\"%127[^\"]\"", value) == 1) { setUserLabel(value); } else { setUserLabel(NULL); } } else { ALOGW("blkid failed to identify %s", devicePath); res = -1; } pclose(fp); done: if (res == -1) { setUuid(NULL); setUserLabel(NULL); } return res; }