Skip to content

Commit 8d82c0f

Browse files
drosen-googlealainv
drosen-google
authored and
alainv
committed
ANDROID: sdcardfs: add support for user permission isolation
This allows you to hide the existence of a package from a user by adding them to an exclude list. If a user creates that package's folder and is on the exclude list, they will not see that package's id. Bug: 34542611 Change-Id: I9eb82e0bf2457d7eb81ee56153b9c7d2f6646323 Signed-off-by: Daniel Rosenberg <drosen@google.com>
1 parent d6f4e74 commit 8d82c0f

File tree

3 files changed

+284
-40
lines changed

3 files changed

+284
-40
lines changed

fs/sdcardfs/derived_perm.c

Lines changed: 17 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,7 @@ void get_derived_permission_new(struct dentry *parent, struct dentry *dentry, st
103103
case PERM_ANDROID_OBB:
104104
case PERM_ANDROID_MEDIA:
105105
appid = get_appid(newdentry->d_name.name);
106-
if (appid != 0) {
106+
if (appid != 0 && !is_excluded(newdentry->d_name.name, parent_info->userid)) {
107107
info->d_uid = multiuser_get_uid(parent_info->userid, appid);
108108
}
109109
set_top(info, &info->vfs_inode);
@@ -116,8 +116,10 @@ void get_derived_permission(struct dentry *parent, struct dentry *dentry)
116116
get_derived_permission_new(parent, dentry, dentry);
117117
}
118118

119-
static int descendant_may_need_fixup(perm_t perm) {
120-
if (perm == PERM_PRE_ROOT || perm == PERM_ROOT || perm == PERM_ANDROID)
119+
static int descendant_may_need_fixup(struct sdcardfs_inode_info *info, struct limit_search *limit) {
120+
if (info->perm == PERM_ROOT)
121+
return (limit->flags & BY_USERID)?info->userid == limit->userid:1;
122+
if (info->perm == PERM_PRE_ROOT || info->perm == PERM_ANDROID)
121123
return 1;
122124
return 0;
123125
}
@@ -129,7 +131,7 @@ static int needs_fixup(perm_t perm) {
129131
return 0;
130132
}
131133

132-
void fixup_perms_recursive(struct dentry *dentry, const char* name, size_t len) {
134+
void fixup_perms_recursive(struct dentry *dentry, struct limit_search *limit) {
133135
struct dentry *child;
134136
struct sdcardfs_inode_info *info;
135137
if (!dget(dentry))
@@ -143,22 +145,22 @@ void fixup_perms_recursive(struct dentry *dentry, const char* name, size_t len)
143145
if (needs_fixup(info->perm)) {
144146
spin_lock(&dentry->d_lock);
145147
list_for_each_entry(child, &dentry->d_subdirs, d_child) {
146-
dget(child);
147-
if (!strncasecmp(child->d_name.name, name, len)) {
148-
if (child->d_inode) {
149-
get_derived_permission(dentry, child);
150-
fixup_tmp_permissions(child->d_inode);
151-
dput(child);
152-
break;
153-
}
148+
dget(child);
149+
if (!(limit->flags & BY_NAME) || !strncasecmp(child->d_name.name, limit->name, limit->length)) {
150+
if (child->d_inode) {
151+
get_derived_permission(dentry, child);
152+
fixup_tmp_permissions(child->d_inode);
153+
dput(child);
154+
break;
154155
}
155-
dput(child);
156+
}
157+
dput(child);
156158
}
157159
spin_unlock(&dentry->d_lock);
158-
} else if (descendant_may_need_fixup(info->perm)) {
160+
} else if (descendant_may_need_fixup(info, limit)) {
159161
spin_lock(&dentry->d_lock);
160162
list_for_each_entry(child, &dentry->d_subdirs, d_child) {
161-
fixup_perms_recursive(child, name, len);
163+
fixup_perms_recursive(child, limit);
162164
}
163165
spin_unlock(&dentry->d_lock);
164166
}

0 commit comments

Comments
 (0)