Skip to content

Commit 6dceb88

Browse files
committed
Allow forward locked apps to be in ASECs
We couldn't put forward-locked apps in ASEC containers before since we didn't have any permissioned filesystems. This adds the ability for forward-locked applications to be in ASEC containers. This means that forward locked applications will be able to be on the SD card now. This change also removes the old type of forward-locking that placed parts of apps in /data/app-private. Now all forward-locked applications will be in ASEC containers. Change-Id: I17ae0b0d65a4a965ef33c0ac2c47e990e55707ad
1 parent 7725180 commit 6dceb88

File tree

9 files changed

+783
-461
lines changed

9 files changed

+783
-461
lines changed

core/java/android/os/storage/IMountService.java

Lines changed: 55 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -252,7 +252,7 @@ public String getVolumeState(String mountPoint) throws RemoteException {
252252
* an int consistent with MountServiceResultCode
253253
*/
254254
public int createSecureContainer(String id, int sizeMb, String fstype, String key,
255-
int ownerUid) throws RemoteException {
255+
int ownerUid, boolean external) throws RemoteException {
256256
Parcel _data = Parcel.obtain();
257257
Parcel _reply = Parcel.obtain();
258258
int _result;
@@ -263,6 +263,7 @@ public int createSecureContainer(String id, int sizeMb, String fstype, String ke
263263
_data.writeString(fstype);
264264
_data.writeString(key);
265265
_data.writeInt(ownerUid);
266+
_data.writeInt(external ? 1 : 0);
266267
mRemote.transact(Stub.TRANSACTION_createSecureContainer, _data, _reply, 0);
267268
_reply.readException();
268269
_result = _reply.readInt();
@@ -711,6 +712,31 @@ public String getSecureContainerFilesystemPath(String id) throws RemoteException
711712
}
712713
return _result;
713714
}
715+
716+
/**
717+
* Fix permissions in a container which has just been created and
718+
* populated. Returns an int consistent with MountServiceResultCode
719+
*/
720+
public int fixPermissionsSecureContainer(String id, int gid, String filename)
721+
throws RemoteException {
722+
Parcel _data = Parcel.obtain();
723+
Parcel _reply = Parcel.obtain();
724+
int _result;
725+
try {
726+
_data.writeInterfaceToken(DESCRIPTOR);
727+
_data.writeString(id);
728+
_data.writeInt(gid);
729+
_data.writeString(filename);
730+
mRemote.transact(Stub.TRANSACTION_fixPermissionsSecureContainer, _data, _reply, 0);
731+
_reply.readException();
732+
_result = _reply.readInt();
733+
} finally {
734+
_reply.recycle();
735+
_data.recycle();
736+
}
737+
return _result;
738+
739+
}
714740
}
715741

716742
private static final String DESCRIPTOR = "IMountService";
@@ -781,6 +807,8 @@ public String getSecureContainerFilesystemPath(String id) throws RemoteException
781807

782808
static final int TRANSACTION_verifyEncryptionPassword = IBinder.FIRST_CALL_TRANSACTION + 32;
783809

810+
static final int TRANSACTION_fixPermissionsSecureContainer = IBinder.FIRST_CALL_TRANSACTION + 33;
811+
784812
/**
785813
* Cast an IBinder object into an IMountService interface, generating a
786814
* proxy if needed.
@@ -909,7 +937,10 @@ public boolean onTransact(int code, Parcel data, Parcel reply,
909937
key = data.readString();
910938
int ownerUid;
911939
ownerUid = data.readInt();
912-
int resultCode = createSecureContainer(id, sizeMb, fstype, key, ownerUid);
940+
boolean external;
941+
external = 0 != data.readInt();
942+
int resultCode = createSecureContainer(id, sizeMb, fstype, key, ownerUid,
943+
external);
913944
reply.writeNoException();
914945
reply.writeInt(resultCode);
915946
return true;
@@ -1109,6 +1140,19 @@ public boolean onTransact(int code, Parcel data, Parcel reply,
11091140
reply.writeInt(result);
11101141
return true;
11111142
}
1143+
case TRANSACTION_fixPermissionsSecureContainer: {
1144+
data.enforceInterface(DESCRIPTOR);
1145+
String id;
1146+
id = data.readString();
1147+
int gid;
1148+
gid = data.readInt();
1149+
String filename;
1150+
filename = data.readString();
1151+
int resultCode = fixPermissionsSecureContainer(id, gid, filename);
1152+
reply.writeNoException();
1153+
reply.writeInt(resultCode);
1154+
return true;
1155+
}
11121156
}
11131157
return super.onTransact(code, data, reply, flags);
11141158
}
@@ -1118,8 +1162,8 @@ public boolean onTransact(int code, Parcel data, Parcel reply,
11181162
* Creates a secure container with the specified parameters. Returns an int
11191163
* consistent with MountServiceResultCode
11201164
*/
1121-
public int createSecureContainer(String id, int sizeMb, String fstype, String key, int ownerUid)
1122-
throws RemoteException;
1165+
public int createSecureContainer(String id, int sizeMb, String fstype, String key,
1166+
int ownerUid, boolean external) throws RemoteException;
11231167

11241168
/*
11251169
* Destroy a secure container, and free up all resources associated with it.
@@ -1317,4 +1361,11 @@ public void unmountVolume(String mountPoint, boolean force, boolean removeEncryp
13171361
public Parcelable[] getVolumeList() throws RemoteException;
13181362

13191363
public String getSecureContainerFilesystemPath(String id) throws RemoteException;
1364+
1365+
/*
1366+
* Fix permissions in a container which has just been created and populated.
1367+
* Returns an int consistent with MountServiceResultCode
1368+
*/
1369+
public int fixPermissionsSecureContainer(String id, int gid, String filename)
1370+
throws RemoteException;
13201371
}

core/java/com/android/internal/app/IMediaContainerService.aidl

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -22,14 +22,14 @@ import android.content.pm.PackageInfoLite;
2222
import android.content.res.ObbInfo;
2323

2424
interface IMediaContainerService {
25-
String copyResourceToContainer(in Uri packageURI,
26-
String containerId,
27-
String key, String resFileName);
25+
String copyResourceToContainer(in Uri packageURI, String containerId, String key,
26+
String resFileName, String publicResFileName, boolean isExternal,
27+
boolean isForwardLocked);
2828
int copyResource(in Uri packageURI,
2929
in ParcelFileDescriptor outStream);
3030
PackageInfoLite getMinimalPackageInfo(in Uri fileUri, in int flags, in long threshold);
31-
boolean checkInternalFreeStorage(in Uri fileUri, in long threshold);
32-
boolean checkExternalFreeStorage(in Uri fileUri);
31+
boolean checkInternalFreeStorage(in Uri fileUri, boolean isForwardLocked, in long threshold);
32+
boolean checkExternalFreeStorage(in Uri fileUri, boolean isForwardLocked);
3333
ObbInfo getObbInfo(in String filename);
3434
long calculateDirectorySize(in String directory);
3535
/** Return file system stats: [0] is total bytes, [1] is available bytes */

core/java/com/android/internal/content/PackageHelper.java

Lines changed: 47 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -67,17 +67,17 @@ public static IMountService getMountService() {
6767
return null;
6868
}
6969

70-
public static String createSdDir(int sizeMb, String cid,
71-
String sdEncKey, int uid) {
70+
public static String createSdDir(int sizeMb, String cid, String sdEncKey, int uid,
71+
boolean isExternal) {
7272
// Create mount point via MountService
7373
IMountService mountService = getMountService();
7474

7575
if (localLOGV)
7676
Log.i(TAG, "Size of container " + sizeMb + " MB");
7777

7878
try {
79-
int rc = mountService.createSecureContainer(
80-
cid, sizeMb, "fat", sdEncKey, uid);
79+
int rc = mountService.createSecureContainer(cid, sizeMb, "ext4", sdEncKey, uid,
80+
isExternal);
8181
if (rc != StorageResultCode.OperationSucceeded) {
8282
Log.e(TAG, "Failed to create secure container " + cid);
8383
return null;
@@ -206,10 +206,21 @@ public static boolean isContainerMounted(String cid) {
206206
return false;
207207
}
208208

209-
public static void extractPublicFiles(String packagePath, File publicZipFile)
209+
public static int extractPublicFiles(String packagePath, File publicZipFile)
210210
throws IOException {
211-
final FileOutputStream fstr = new FileOutputStream(publicZipFile);
212-
final ZipOutputStream publicZipOutStream = new ZipOutputStream(fstr);
211+
final FileOutputStream fstr;
212+
final ZipOutputStream publicZipOutStream;
213+
214+
if (publicZipFile == null) {
215+
fstr = null;
216+
publicZipOutStream = null;
217+
} else {
218+
fstr = new FileOutputStream(publicZipFile);
219+
publicZipOutStream = new ZipOutputStream(fstr);
220+
}
221+
222+
int size = 0;
223+
213224
try {
214225
final ZipFile privateZip = new ZipFile(packagePath);
215226
try {
@@ -219,25 +230,29 @@ public static void extractPublicFiles(String packagePath, File publicZipFile)
219230
if ("AndroidManifest.xml".equals(zipEntryName)
220231
|| "resources.arsc".equals(zipEntryName)
221232
|| zipEntryName.startsWith("res/")) {
222-
copyZipEntry(zipEntry, privateZip, publicZipOutStream);
233+
size += zipEntry.getSize();
234+
if (publicZipFile != null) {
235+
copyZipEntry(zipEntry, privateZip, publicZipOutStream);
236+
}
223237
}
224238
}
225239
} finally {
226-
try {
227-
privateZip.close();
228-
} catch (IOException e) {
229-
}
240+
try { privateZip.close(); } catch (IOException e) {}
230241
}
231242

232-
publicZipOutStream.finish();
233-
publicZipOutStream.flush();
234-
FileUtils.sync(fstr);
235-
publicZipOutStream.close();
236-
FileUtils.setPermissions(publicZipFile.getAbsolutePath(), FileUtils.S_IRUSR
237-
| FileUtils.S_IWUSR | FileUtils.S_IRGRP | FileUtils.S_IROTH, -1, -1);
243+
if (publicZipFile != null) {
244+
publicZipOutStream.finish();
245+
publicZipOutStream.flush();
246+
FileUtils.sync(fstr);
247+
publicZipOutStream.close();
248+
FileUtils.setPermissions(publicZipFile.getAbsolutePath(), FileUtils.S_IRUSR
249+
| FileUtils.S_IWUSR | FileUtils.S_IRGRP | FileUtils.S_IROTH, -1, -1);
250+
}
238251
} finally {
239252
IoUtils.closeQuietly(publicZipOutStream);
240253
}
254+
255+
return size;
241256
}
242257

243258
private static void copyZipEntry(ZipEntry zipEntry, ZipFile inZipFile,
@@ -265,4 +280,18 @@ private static void copyZipEntry(ZipEntry zipEntry, ZipFile inZipFile,
265280
IoUtils.closeQuietly(data);
266281
}
267282
}
283+
284+
public static boolean fixSdPermissions(String cid, int gid, String filename) {
285+
try {
286+
int rc = getMountService().fixPermissionsSecureContainer(cid, gid, filename);
287+
if (rc != StorageResultCode.OperationSucceeded) {
288+
Log.i(TAG, "Failed to fixperms container " + cid);
289+
return false;
290+
}
291+
return true;
292+
} catch (RemoteException e) {
293+
Log.e(TAG, "Failed to fixperms container " + cid + " with exception " + e);
294+
}
295+
return false;
296+
}
268297
}

core/tests/coretests/src/android/content/pm/PackageHelperTests.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,8 @@ protected void tearDown() throws Exception {
8181
public void testMountAndPullSdCard() {
8282
try {
8383
fullId = PREFIX;
84-
fullId2 = PackageHelper.createSdDir(1024, fullId, "none", android.os.Process.myUid());
84+
fullId2 = PackageHelper.createSdDir(1024, fullId, "none", android.os.Process.myUid(),
85+
true);
8586

8687
Log.d(TAG,PackageHelper.getSdDir(fullId));
8788
PackageHelper.unMountSdDir(fullId);

0 commit comments

Comments
 (0)