bigbiff | 1f9e484 | 2020-10-31 11:33:15 -0400 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2014 The Team Win Recovery Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | /* |
| 18 | * The purpose of these functions is to try to get and set the proper |
| 19 | * file permissions, SELinux contexts, owner, and group so that these |
| 20 | * files are accessible when we boot up to normal Android via MTP and to |
| 21 | * file manager apps. During early boot we try to read the contexts and |
| 22 | * owner / group info from /data/media or from /data/media/0 and store |
| 23 | * them in static variables. From there, we'll try to set the same |
| 24 | * contexts, owner, and group information on most files we create during |
| 25 | * operations like backups, copying the log, and MTP operations. |
| 26 | */ |
| 27 | |
| 28 | #include <sys/stat.h> |
| 29 | #include <stdio.h> |
| 30 | #include <unistd.h> |
| 31 | #include "selinux/selinux.h" |
| 32 | |
| 33 | static security_context_t selinux_context; |
| 34 | struct stat s; |
| 35 | static int has_stat = 0; |
| 36 | |
| 37 | int tw_get_context(const char* filename) { |
| 38 | if (lgetfilecon(filename, &selinux_context) >= 0) { |
| 39 | printf("tw_get_context got selinux context: %s\n", selinux_context); |
| 40 | return 0; |
| 41 | } else { |
| 42 | printf("tw_get_context failed to get selinux context\n"); |
| 43 | selinux_context = NULL; |
| 44 | } |
| 45 | return -1; |
| 46 | } |
| 47 | |
| 48 | int tw_get_stat(const char* filename) { |
| 49 | if (lstat(filename, &s) == 0) { |
| 50 | has_stat = 1; |
| 51 | return 0; |
| 52 | } |
| 53 | printf("tw_get_stat failed to lstat '%s'\n", filename); |
| 54 | return -1; |
| 55 | } |
| 56 | |
| 57 | int tw_get_default_metadata(const char* filename) { |
| 58 | if (tw_get_context(filename) == 0 && tw_get_stat(filename) == 0) |
| 59 | return 0; |
| 60 | return -1; |
| 61 | } |
| 62 | |
| 63 | // Most of this logging is disabled to prevent log spam if we are trying |
| 64 | // to set contexts and permissions on file systems that do not support |
| 65 | // these types of things (e.g. vfat / FAT / FAT32). |
| 66 | int tw_set_default_metadata(const char* filename) { |
| 67 | int ret = 0; |
| 68 | struct stat st; |
| 69 | |
| 70 | if (selinux_context == NULL) { |
| 71 | //printf("selinux_context was null, '%s'\n", filename); |
| 72 | ret = -1; |
| 73 | } else if (lsetfilecon(filename, selinux_context) < 0) { |
| 74 | //printf("Failed to set default contexts on '%s'.\n", filename); |
| 75 | ret = -1; |
| 76 | } |
| 77 | |
| 78 | if (lstat(filename, &st) == 0 && st.st_mode & S_IFREG && chmod(filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH) < 0) { |
| 79 | //printf("Failed to chmod '%s'\n", filename); |
| 80 | ret = -1; |
| 81 | } |
| 82 | |
| 83 | if (has_stat && chown(filename, s.st_uid, s.st_gid) < 0) { |
| 84 | //printf("Failed to lchown '%s'.\n", filename); |
| 85 | ret = -1; |
| 86 | } |
| 87 | //printf("Done trying to set defaults on '%s'\n"); |
| 88 | return ret; |
| 89 | } |