const char *ima_d_path(struct path *path, char **pathbuf)
{
char *pathname = NULL;
*pathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
if (*pathbuf) {
pathname = d_absolute_path(path, *pathbuf, PATH_MAX);
if (IS_ERR(pathname)) {
kfree(*pathbuf);
*pathbuf = NULL;
pathname = NULL;
}
}
return pathname ?: (const char *)path->dentry->d_name.name;
}
/**
* tomoyo_get_absolute_path - Get the path of a dentry but ignores chroot'ed root.
*
* @path: Pointer to "struct path".
* @buffer: Pointer to buffer to return value in.
* @buflen: Sizeof @buffer.
*
* Returns the buffer on success, an error code otherwise.
*
* If dentry is a directory, trailing '/' is appended.
*/
static char *tomoyo_get_absolute_path(struct path *path, char * const buffer,
const int buflen)
{
char *pos = ERR_PTR(-ENOMEM);
if (buflen >= 256) {
/* go to whatever namespace root we are under */
pos = d_absolute_path(path, buffer, buflen - 1);
if (!IS_ERR(pos) && *pos == '/' && pos[1]) {
struct inode *inode = path->dentry->d_inode;
if (inode && S_ISDIR(inode->i_mode)) {
buffer[buflen - 2] = '/';
buffer[buflen - 1] = '\0';
}
}
}
return pos;
}
/*
* ima_d_path - return a pointer to the full pathname
*
* Attempt to return a pointer to the full pathname for use in the
* IMA measurement list, IMA audit records, and auditing logs.
*
* On failure, return a pointer to a copy of the filename, not dname.
* Returning a pointer to dname, could result in using the pointer
* after the memory has been freed.
*/
const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf)
{
char *pathname = NULL;
*pathbuf = __getname();
if (*pathbuf) {
pathname = d_absolute_path(path, *pathbuf, PATH_MAX);
if (IS_ERR(pathname)) {
__putname(*pathbuf);
*pathbuf = NULL;
pathname = NULL;
}
}
if (!pathname) {
strlcpy(namebuf, path->dentry->d_name.name, NAME_MAX);
pathname = namebuf;
}
return pathname;
}
/**
* d_namespace_path - lookup a name associated with a given path
* @path: path to lookup (NOT NULL)
* @buf: buffer to store path to (NOT NULL)
* @buflen: length of @buf
* @name: Returns - pointer for start of path name with in @buf (NOT NULL)
* @flags: flags controlling path lookup
*
* Handle path name lookup.
*
* Returns: %0 else error code if path lookup fails
* When no error the path name is returned in @name which points to
* to a position in @buf
*/
static int d_namespace_path(struct path *path, char *buf, int buflen,
char **name, int flags)
{
char *res;
int error = 0;
int connected = 1;
if (path->mnt->mnt_flags & MNT_INTERNAL) {
/* it's not mounted anywhere */
res = dentry_path(path->dentry, buf, buflen);
*name = res;
if (IS_ERR(res)) {
*name = buf;
return PTR_ERR(res);
}
if (path->dentry->d_sb->s_magic == PROC_SUPER_MAGIC &&
strncmp(*name, "/sys/", 5) == 0) {
/* TODO: convert over to using a per namespace
* control instead of hard coded /proc
*/
return prepend(name, *name - buf, "/proc", 5);
}
return 0;
}
/* resolve paths relative to chroot?*/
if (flags & PATH_CHROOT_REL) {
struct path root;
get_fs_root(current->fs, &root);
res = __d_path(path, &root, buf, buflen);
path_put(&root);
} else {
res = d_absolute_path(path, buf, buflen);
if (!our_mnt(path->mnt))
connected = 0;
}
/* handle error conditions - and still allow a partial path to
* be returned.
*/
if (!res || IS_ERR(res)) {
connected = 0;
res = dentry_path_raw(path->dentry, buf, buflen);
if (IS_ERR(res)) {
error = PTR_ERR(res);
*name = buf;
goto out;
};
} else if (!our_mnt(path->mnt))
connected = 0;
*name = res;
/* Handle two cases:
* 1. A deleted dentry && profile is not allowing mediation of deleted
* 2. On some filesystems, newly allocated dentries appear to the
* security_path hooks as a deleted dentry except without an inode
* allocated.
*/
if (d_unlinked(path->dentry) && path->dentry->d_inode &&
!(flags & PATH_MEDIATE_DELETED)) {
error = -ENOENT;
goto out;
}
/* If the path is not connected to the expected root,
* check if it is a sysctl and handle specially else remove any
* leading / that __d_path may have returned.
* Unless
* specifically directed to connect the path,
* OR
* if in a chroot and doing chroot relative paths and the path
* resolves to the namespace root (would be connected outside
* of chroot) and specifically directed to connect paths to
* namespace root.
*/
if (!connected) {
if (!(flags & PATH_CONNECT_PATH) &&
!(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
our_mnt(path->mnt))) {
/* disconnected path, don't return pathname starting
* with '/'
*/
error = -ESTALE;
if (*res == '/')
*name = res + 1;
}
}
out:
return error;
}
static int sdcardfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
{
int err = 0;
int make_nomedia_in_obb = 0;
struct dentry *lower_dentry;
struct dentry *lower_parent_dentry = NULL;
struct path lower_path;
const struct cred *saved_cred = NULL;
struct sdcardfs_inode_info *pi = SDCARDFS_I(dir);
char *page_buf;
char *nomedia_dir_name;
char *nomedia_fullpath;
int fullpath_namelen;
int touch_err = 0;
if(!check_caller_access_to_name(dir, dentry->d_name.name)) {
printk(KERN_INFO "%s: need to check the caller's gid in packages.list\n"
" dentry: %s, task:%s\n",
__func__, dentry->d_name.name, current->comm);
err = -EACCES;
goto out_eacces;
}
/* save current_cred and override it */
OVERRIDE_CRED(SDCARDFS_SB(dir->i_sb), saved_cred);
/* check disk space */
if (!check_min_free_space(dentry, 0, 1)) {
printk(KERN_INFO "sdcardfs: No minimum free space.\n");
err = -ENOSPC;
goto out_revert;
}
/* the lower_dentry is negative here */
sdcardfs_get_lower_path(dentry, &lower_path);
lower_dentry = lower_path.dentry;
lower_parent_dentry = lock_parent(lower_dentry);
err = mnt_want_write(lower_path.mnt);
if (err) {
unlock_dir(lower_parent_dentry);
goto out_unlock;
}
/* set last 16bytes of mode field to 0775 */
mode = (mode & S_IFMT) | 00775;
err = vfs_mkdir(lower_parent_dentry->d_inode, lower_dentry, mode);
if (err) {
unlock_dir(lower_parent_dentry);
goto out;
}
/* if it is a local obb dentry, setup it with the base obbpath */
if(need_graft_path(dentry)) {
err = setup_obb_dentry(dentry, &lower_path);
if(err) {
/* if the sbi->obbpath is not available, the lower_path won't be
* changed by setup_obb_dentry() but the lower path is saved to
* its orig_path. this dentry will be revalidated later.
* but now, the lower_path should be NULL */
sdcardfs_put_reset_lower_path(dentry);
/* the newly created lower path which saved to its orig_path or
* the lower_path is the base obbpath.
* therefore, an additional path_get is required */
path_get(&lower_path);
} else
make_nomedia_in_obb = 1;
}
err = sdcardfs_interpose(dentry, dir->i_sb, &lower_path);
if (err) {
unlock_dir(lower_parent_dentry);
goto out;
}
fsstack_copy_attr_times(dir, sdcardfs_lower_inode(dir));
fsstack_copy_inode_size(dir, lower_parent_dentry->d_inode);
/* update number of links on parent directory */
set_nlink(dir, sdcardfs_lower_inode(dir)->i_nlink);
unlock_dir(lower_parent_dentry);
if (!strcasecmp(dentry->d_name.name, "obb") && (pi->perm == PERM_ANDROID))
make_nomedia_in_obb = 1;
/* When creating /Android/data and /Android/obb, mark them as .nomedia */
if (make_nomedia_in_obb ||
((pi->perm == PERM_ANDROID) && (!strcasecmp(dentry->d_name.name, "data")))) {
page_buf = (char *)__get_free_page(GFP_KERNEL);
if (!page_buf) {
printk(KERN_ERR "sdcardfs: failed to allocate page buf\n");
goto out;
}
nomedia_dir_name = d_absolute_path(&lower_path, page_buf, PAGE_SIZE);
if (IS_ERR(nomedia_dir_name)) {
free_page((unsigned long)page_buf);
printk(KERN_ERR "sdcardfs: failed to get .nomedia dir name\n");
goto out;
}
fullpath_namelen = page_buf + PAGE_SIZE - nomedia_dir_name - 1;
fullpath_namelen += strlen("/.nomedia");
nomedia_fullpath = kzalloc(fullpath_namelen + 1, GFP_KERNEL);
if (!nomedia_fullpath) {
free_page((unsigned long)page_buf);
printk(KERN_ERR "sdcardfs: failed to allocate .nomedia fullpath buf\n");
goto out;
}
strcpy(nomedia_fullpath, nomedia_dir_name);
free_page((unsigned long)page_buf);
strcat(nomedia_fullpath, "/.nomedia");
touch_err = touch(nomedia_fullpath, 0664);
if (touch_err) {
printk(KERN_ERR "sdcardfs: failed to touch(%s): %d\n",
nomedia_fullpath, touch_err);
kfree(nomedia_fullpath);
goto out;
}
kfree(nomedia_fullpath);
}
out:
mnt_drop_write(lower_path.mnt);
out_unlock:
sdcardfs_put_lower_path(dentry, &lower_path);
out_revert:
REVERT_CRED(saved_cred);
out_eacces:
return err;
}
