path: root/sdcard
AgeCommit message (Collapse)Author
2015-07-28Move sdcard off PAGESIZE and onto PAGE_SIZE.Elliott Hughes
Only sdcard is using PAGESIZE, and glibc doesn't have it. Bug: http://b/22735893 Change-Id: Ib8af14a2e99d98881a79f21ad1a695499c7d74bd
2015-04-24Correct magic number on umount2William Roberts
The umount2 call was using the magic constant 2 which is has a defined and proper macro in mount.h as MNT_DETATCH. Change-Id: I4ca4a6d31cbf5495c545088e3d90a8894a9f912f
2015-04-04Merge "sdcard: Properly handle deleted nodes"Elliott Hughes
2015-04-02Merge "sdcard: Turn on noatime for fuse mounted sdcard"Elliott Hughes
2015-03-16sdcard doesn't need to explicitly ask for libc!Elliott Hughes
Change-Id: I110063f39b02da979f97d29e9cb4f5b295de0311
2015-02-20sdcard: Properly handle deleted nodesKrzysztof Adamski
The sdcard fuse deamon is not properly handling deleted nodes that are still in use (opened by some process). Typically Linux filesystems makes it possible to open a file, unlink it and then still use it. In case of a storage emulated by sdcard deamon this does not work as expected - other process are not able to recreate file/dir with the same name until all references to deleted file are closed. The easiest way to trigger this problem is: process1: mkdir /sdcard/test1; cd /sdcard/test1 process2: rm -r /sdcard/test1 process2: mkdir /sdcard/test1 After that, process2 will get an error: mkdir failed for /sdcard/test1, Device or resource busy There is exactly the same problem with files as directories. This may case issues for example with directories that are automatically recreated when they are missing (like DCIM directory). If some process holds file opened inside of such directory but that directory is removed, process trying to recreate the directory will get EBUSY error and possibly crash. Verified on the Z Ultra GPE. Change-Id: I1cbf0bec135e6aaafba0ce8e5bb594e3639e0007
2015-01-25sdcard: Turn on noatime for fuse mounted sdcardJohan Redestig
This provides symmetry with /data and /cache that are typically mounted with noatime. Change-Id: I6fe1bead368b52632424b03b50d4081852824cdb
2015-01-15sdcard : inode numbers must be fully representable as uint32_t.Narayan Kamath
This works around a bug on on 64 bit kernels + sdcard daemons where we were using memory addresses as inode numbers. bug: 19012244 (cherry picked from commit faa0935ffb772759f795d6b29c6db6f83e8531c4) Change-Id: Idbf9e285e507e702e04e7461a10153df68ef2322
2014-12-10Merge "Allow updates for open file descriptors"Marco Nelissen
2014-12-10Allow updates for open file descriptorsMarco Nelissen
even if the calling process itself would not be able to open the file. Bug: 18688419 Change-Id: I640db19f19c1a677735fd0c14b7e2e38977d0f4d
2014-11-24sdcard: mount sdcard with the noexec optionDaisuke Okitsu
Vold mounts the sdcard with noexec, but the fuse deamon mounts with exec, so it is still possible to execute binaries: /dev/fuse /storage/sdcard1 fuse rw,nosuid,nodev,relatime, user_id=1023,group_id=1023,default_permissions,allow_other 0 0 /dev/block/vold/179:65 /mnt/media_rw/sdcard1 vfat rw,dirsync, nosuid,nodev,noexec,relatime,uid=1023,gid=1023,fmask=0007, dmask=0007,allow_utime=0020,codepage=cp437,iocharset=iso8859-1, shortname=mixed,utf8,errors=remount-ro 0 0 With this change both vold and fuse mounts with noexec. Change-Id: I66cbfc3a3a89a26958f83577f5e7a5e27f99184e
2014-11-13Sdcard: Initialize the padding output valueDaisuke Okitsu
Add initialization of the output value in handle_write. This value is referred to in FUSE so initialization is necessary. See also handle_open and handle_opendir. Change-Id: I6507f113da9f6823fbfa459624d6594fc20afa51
2014-11-10bionic's struct stat is now POSIX-compliant.Elliott Hughes
Right now we still have the kernel names, but they're only there by "virtue" of macro namespace pollution, so I'd like to get rid of them. Bug: 18298106 Change-Id: Ifed0b3a9238c79a99d8a2b62e0f5897c50a725d1
2014-09-16am f37bfb32: am 23aeeff5: Merge "Use the correct fuse_init_out structure size."Christopher Ferris
* commit 'f37bfb32eb82393d14e339684c9f508cea3b0ab4': Use the correct fuse_init_out structure size.
2014-09-15Use the correct fuse_init_out structure size.Christopher Ferris
Kernel 2.6.16 is the first stable kernel with struct fuse_init_out defined (fuse version 7.6). The structure is the same from 7.6 through 7.22. Beginning with 7.23, the structure increased in size and added new parameters. If the kernel only works on minor revs older than or equal to 22, then use the older structure size since this code only uses the 7.22 version of the structure. Change-Id: If2507a02ad674fcf02869a325221339ae1ace64d
2014-07-31am 33a5575a: am 39a8ade7: Merge "Fix sdcard truncates."Elliott Hughes
* commit '33a5575a585bdc4000be06f96554309b5d3471ff': Fix sdcard truncates.
2014-07-31Fix sdcard truncates.Elliott Hughes
Use truncate64 instead of truncate so we don't truncate (ho ho) the offset. (cherrypick of 4568565e85bf2e1ea11b2e09d72e244088c05dbc.) Bug: Change-Id: I63711ccd299e3ebc475563b1999817d1919571ab
2014-07-24Merge "sdcard: ensure installd fs upgrade has completed" into lmp-devNick Kralevich
2014-07-24sdcard: ensure installd fs upgrade has completedNick Kralevich
Before running the sdcard daemon, make sure that installd has completed all upgrades to /data that it needs to complete. This avoids race conditions between installd and the sdcard daemon. Maybe fixes bug 16329437. Bug: 16329437 Change-Id: I5e164f08009c1036469f8734ec07cbae9c5e262b
2014-07-24Correction to TRACE format stringsMarcus Oakland
When built with "#define FUSE_TRACE 1" numerous TRACE statements failed to compile because of mismatches between format strings and types (uint64_t and size_t). These have been corrected by using the format strings from the inttype.h header file, or %zu. Signed-off-by: Marcus Oakland <> (cherry picked from commit d33308752fb7cecac751f20f4651aec05fc889db) Change-Id: I550b422a6b7c92ea903b4dd8f5e4aec5637cdf67
2014-07-25sdcard: ensure installd fs upgrade has completedNick Kralevich
Before running the sdcard daemon, make sure that installd has completed all upgrades to /data that it needs to complete. This avoids race conditions between installd and the sdcard daemon. Maybe fixes bug 16329437. (cherrypicked from commit 8d28fa71fce6a5623488614250970ce78551a924) Bug: 16329437 Change-Id: I5e164f08009c1036469f8734ec07cbae9c5e262b
2014-07-24Correction to TRACE format stringsMarcus Oakland
When built with "#define FUSE_TRACE 1" numerous TRACE statements failed to compile because of mismatches between format strings and types (uint64_t and size_t). These have been corrected by using the format strings from the inttype.h header file, or %zu. Change-Id: I36cd6f8da0790f1218d7dbaaa5b3bbfa4df7fdee Signed-off-by: Marcus Oakland <>
2014-07-09am f043f061: am 060b6ecb: am 6e141aea: Merge "Fix sdcard\'s FUSE_FSYNCDIR ↵Elliott Hughes
handling." * commit 'f043f061295a787aca42186fe9ab87c24d393b92': Fix sdcard's FUSE_FSYNCDIR handling.
2014-07-09am 94645665: am f8acdcbe: am 75b7171f: Merge "Make sdcard log to the log ↵Elliott Hughes
rather than stderr." * commit '9464566580559b7353e6e2c898da79ffbbf993aa': Make sdcard log to the log rather than stderr.
2014-07-08Make sdcard log to the log rather than stderr.Elliott Hughes
Change-Id: I9c78941184c5e364055bfac766e1e542d3c23c87
2014-07-08Fix sdcard's FUSE_FSYNCDIR handling.Elliott Hughes
For a file the FUSE fh is a struct handle containing an int fd; for a directory it's a struct dirhandle containing a DIR*. Fix handle_fsync to extract the file descriptor appropriately in both cases. Bug: 14613980 Change-Id: I45515cff6638e27a99b849e6fc639d355dbb4d27
2014-05-30am 2e7d80d1: Per-app media directories on external storage.Jeff Sharkey
* commit '2e7d80d10acf95076dfb1f2727455432091de65f': Per-app media directories on external storage.
2014-05-30Per-app media directories on external storage.Jeff Sharkey
This change defines per-app directories on external storage that will be scanned and included in MediaStore. This gives apps a way to write content to secondary shared storage in a way that can easily be surfaced to other apps. Bug: 14382377 Change-Id: I6f03d8076a9391d8b9eb8421ec3fc93669b3ba0d
2014-05-21sdcard: Turn on -WerrorMark Salyzyn
Change-Id: I40fce5a69a898e79542aa7688d077ff7bc40ed4f
2014-05-07Use bionic's <linux/fuse.h>.Elliott Hughes
No need for an out-of-date copy of a uapi header. Change-Id: Iec68c6ceb2bceca1ceef0c57e0b45a89a139e292
2014-02-19Handle FUSE_FSYNCDIR as FUSE_FSYNCDaisuke Okitsu
There have been issues with sdcard data corruption even after successfully calling fsync for /sdcard. This is caused by the sdcard daemon doing nothing in this case. Change-Id: I48149ceabdac79ac535b35c2598bb1fbb5410883
2014-02-18sdcard: direct I/O file access write buffer alignmentArpad Horvath
It is not enough to align the read buffer only, because consequent writes might still fail with EINVAL. The write buffer should be also aligned according to the write(2) manual page. Change-Id: I7547dec5208732c56f4466c1b0c88f36dabacf5b
2014-02-14sdcard: direct I/O file access fixArpad Horvath
If a file is opened in direct I/O mode (with O_DIRECT flag), the read buffer addess must be aligned to memory page size boundary. The Direct I/O is not needed for normal files, however, some special hardware access (e.g. smart SD cards) will not work without it. Change-Id: I42babeee86dba1880fd23e2592fddd7060da3e20
2014-02-05system/core LP64 cleanup.Elliott Hughes
Fixes -Wint-to-pointer and -Wpointer-to-int warnings, plus various -Wformat warnings. Change-Id: I6c5eea6b4273d82d28b8e5d2925f3e5457511b17
2013-10-08Set GID required to write, media_rw mount point.Jeff Sharkey
Add sdcard FUSE daemon flag to specify the GID required for a package to have write access. Normally sdcard_rw, but it will be media_rw for secondary external storage devices, so DefaultContainerService can still clean up package directories after uninstall. Create /mnt/media_rw which is where vold will mount raw secondary external storage devices before wrapping them in a FUSE instance. Bug: 10330128, 10330229 Change-Id: I4385c36fd9035cdf56892aaf7b36ef4b81f4418a
2013-09-20Remove mkdir() side effect, add .nomedia, utils.Jeff Sharkey
Before this change, FUSE lookup() would have the side effect of creating the directory on behalf of apps. This resulted in most directories being created just by Settings trying to measure disk space. Instead, we're switching to have vold do directory creation when an app doesn't have enough permissions. Create fs_mkdirs() utility to create all parent directories in a path as needed. Allow traversal (+x) into /storage directories. Fix FUSE derived permissions to be case insensitive. Mark well-known directories as .nomedia when created. Bug: 10577808, 10330221 Change-Id: I53114f2e63ffbe6de4ba6a72d94a232523231cad
2013-08-30Only check caller when deriving permissions.Jeff Sharkey
Bug: 10547597 Change-Id: Ied909f9047c2567e93dde0f4658d6e4b9ff161ab
2013-08-30Fix recursive locking bug.Jeff Sharkey
handle_rename() would end up acquiring the lock twice. Change to always derive has_rw inside earlier locks (instead of acquiring a second time), and pass the value into check_caller_access_to_name(). Bug: 10547597 Change-Id: If5744d6d226a4785676c19d0f7fdf1c05060ed76
2013-08-15Merge "Fix handle_opendir() in the sdcard daemon" into klp-devKen Sumrall
2013-08-14Fix handle_opendir() in the sdcard daemonKen Sumrall
The fuse_open_out structure returned to the kernel by handle_opendir() was not properly initializing all the fields. The symptom was recursive ls (ls -R) failing on the emulated sdcard filesystem, because rewinddir(3) was failing with ESPIPE. Bug: 7168594 Change-Id: I56ddfd3453e6aac34fe6e001e88c4c46fb2eb271
2013-08-14Add legacy layout support to FUSE, enforce write.Jeff Sharkey
The legacy internal layout places users at the top-level of the filesystem, so handle with new PERM_LEGACY_PRE_ROOT when requested. Mirror single OBB directory between all users without requiring fancy bind mounts by letting a nodes graft in another part of the underlying tree. Move to everything having "sdcard_r" GID by default, and verify that calling apps hold "sdcard_rw" when performing mutations. Determines app group membership from new packages.list column. Flag to optionally enable sdcard_pics/sdcard_av permissions splitting. Flag to supply a default GID for all files. Ignore attempts to access security sensitive files. Fix run-as to check for new "package_info" GID. Change-Id: Id5f3680779109141c65fb8fa1daf56597f49ea0d
2013-08-08Richer SD card permissions through FUSE.Jeff Sharkey
Changes the FUSE daemon to synthesize an Android-specific set of filesystem permissions, even when the underlying media storage is permissionless. This is designed to support several features: First, apps can access their own files in /Android/data/com.example/ without requiring any external storage permissions. This is enabled by allowing o+x on parent directories, and assigning the UID owner based on the directory name (package name). The mapping from package to appId is parsed from packages.list, which is updated when apps are added/removed. Changes are observed through inotify. It creates missing package name directories when requested and valid. Second, support for separate permissions for photos and audio/video content on the device through new GIDs which are assigned based on top-level directory names. Finally, support for multi-user separation on the same physical media through new /Android/user/ directory, which will be bind-mounted into place. It recursively applies the above rules to each secondary user. rwxrwx--x root:sdcard_rw / rwxrwx--- root:sdcard_pics /Pictures rwxrwx--- root:sdcard_av /Music rwxrwx--x root:sdcard_rw /Android rwxrwx--x root:sdcard_rw /Android/data rwxrwx--- u0_a12:sdcard_rw /Android/data/com.example rwxrwx--x root:sdcard_rw /Android/obb/ rwxrwx--- u0_a12:sdcard_rw /Android/obb/com.example rwxrwx--- root:sdcard_all /Android/user rwxrwx--x root:sdcard_rw /Android/user/10 rwxrwx--- u10_a12:sdcard_rw /Android/user/10/Android/data/com.example These derived permissions are disabled by default. Switched option parsing to getopt(). Change-Id: I21bf5d79d13f0f07a6a116122b16395f4f97505b
2013-02-11Raise the max file open limit in sdcardKen Sumrall
The default is 1024 files, and in some testing, the limit has been hit. This raises the limit to 8192. Going higher starts to cause performance issues (I started to notice that around 16K open files in my testing) as sdcard does linear searches. If a higher max is needed, then the sdcard daemon will need some optimizations. Bug: 7442187 Change-Id: I7aba7f4556ed70651f36244294a6756f3d6b8963
2012-08-15resolved conflicts for merge of 2237ca4c to jb-mr1-devJean-Baptiste Queru
Change-Id: I04982ff2b092274b940a621b238c2246349aa85e
2012-08-14Fixing signed/unsigned comparison warningsEdwin Vane
Clang turned up some signed/unsigned comparison warnings. These warnings have been fixed by cleaning up sdcard slightly: - Don't use negative numbers for invalid gid/uid. - sdcard takes a fixed number of arguments now so assert on that instead of using a for loop. - Also fixed usage string to reflect this fact. Change-Id: Iee58a8e9aaedb3d40ad7dfeef63d8cd1fe1cd248 Author: Edwin Vane <> Reviewed-by: Kevin P Schoedel <>
2012-08-13Source and destination paths for sdcard.Jeff Sharkey
Enables init.rc to provide both paths, instead of hard-coding the destination. Bug: 6925012 Change-Id: I666cde710baad965b98619b68fcbcbb104973da3
2012-06-04Make sdcard daemon multi-threaded.Jeff Brown
The essential idea here is that a handler thread only needs to hold a lock on the global node table while it is manipulating nodes. The actual I/O operation is then performed without holding any locks. By default, we use 2 threads but this can be configured on the command-line. Work is sheduled somewhat arbitrarily by the handler threads. Whichever thread happens to read() the next request first wins the right process it. This policy is very simple but potentially wastes threads when there isn't much work to be done. We can always improve this later if needed. Change-Id: Id27a27c2c9b40d4f8e35a6bef9dd84f0dfacf337
2012-06-04Refactor request opcode handlers.Jeff Brown
This is mostly a structural change. The handlers have been moved into individual functions, which will help with upcoming changes. Change-Id: I774739d859e177d6b5d4186d2771444166b734fa
2012-06-04Move buffers into a handler structure.Jeff Brown
Also use PATH_MAX instead of PATH_BUFFER to determine the maximum path length. Change-Id: Ic78f731d339a2a97766d29d222dd27cac4e620ce
2012-06-04Implement FUSE_FSYNC request.Jeff Brown
This request is needed for application correctness, without which data corruption may result. Bug: 6488845 Change-Id: I3d676c2e40f6e6b37d5d270c7cb40f1bf8c1fa47