diff options
Diffstat (limited to 'fixPermissions.cpp')
-rw-r--r-- | fixPermissions.cpp | 683 |
1 files changed, 683 insertions, 0 deletions
diff --git a/fixPermissions.cpp b/fixPermissions.cpp new file mode 100644 index 000000000..5d57b47a4 --- /dev/null +++ b/fixPermissions.cpp @@ -0,0 +1,683 @@ +/* + Copyright 2012 bigbiff/Dees_Troy TeamWin + This file is part of TWRP/TeamWin Recovery Project. + + TWRP is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + TWRP is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with TWRP. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <iostream> +#include <fstream> +#include <sstream> +#include <string> +#include <vector> +#include <string.h> +#include <libgen.h> +#include <unistd.h> +#include <sys/stat.h> +#include <dirent.h> +#include <errno.h> +#include "gui/rapidxml.hpp" +#include "fixPermissions.hpp" +#include "twrp-functions.hpp" +#include "twcommon.h" +#ifdef HAVE_SELINUX +#include "selinux/selinux.h" +#include "selinux/label.h" +#include "selinux/android.h" +#include "selinux/label.h" +#endif + +using namespace std; +using namespace rapidxml; + +#ifdef HAVE_SELINUX +struct selabel_handle *sehandle; +struct selinux_opt selinux_options[] = { + { SELABEL_OPT_PATH, "/file_contexts" } +}; + +int fixPermissions::restorecon(string entry, struct stat *sb) { + char *oldcontext, *newcontext; + if (lgetfilecon(entry.c_str(), &oldcontext) < 0) { + LOGINFO("Couldn't get selinux context for %s\n", entry.c_str()); + return -1; + } + if (selabel_lookup(sehandle, &newcontext, entry.c_str(), sb->st_mode) < 0) { + LOGINFO("Couldn't lookup selinux context for %s\n", entry.c_str()); + return -1; + } + if (strcmp(oldcontext, newcontext) != 0) { + LOGINFO("Relabeling %s from %s to %s\n", entry.c_str(), oldcontext, newcontext); + if (lsetfilecon(entry.c_str(), newcontext) < 0) { + LOGINFO("Couldn't label %s with %s: %s\n", entry.c_str(), newcontext, strerror(errno)); + } + } + freecon(oldcontext); + freecon(newcontext); + return 0; +} + +int fixPermissions::fixDataDataContexts(void) { + string dir = "/data/data/"; + sehandle = selabel_open(SELABEL_CTX_FILE, selinux_options, 1); + if (!sehandle) { + LOGINFO("Unable to open /file_contexts\n"); + return 0; + } + if (TWFunc::Path_Exists(dir)) { + fixContextsRecursively(dir, 0); + } + selabel_close(sehandle); + return 0; +} + +int fixPermissions::fixContextsRecursively(string name, int level) { + DIR *d; + struct dirent *de; + struct stat sb; + string path; + + if (!(d = opendir(name.c_str()))) + return -1; + if (!(de = readdir(d))) + return -1; + + do { + if (de->d_type == DT_DIR) { + if (strcmp(de->d_name, ".") == 0 || strcmp(de->d_name, "..") == 0) + continue; + path = name + "/" + de->d_name; + restorecon(path, &sb); + fixContextsRecursively(path, level + 1); + } + else { + path = name + "/" + de->d_name; + restorecon(path, &sb); + } + } while (de = readdir(d)); + closedir(d); + return 0; +} + +int fixPermissions::fixDataInternalContexts(void) { + DIR *d; + struct dirent *de; + struct stat sb; + string dir, androiddir; + sehandle = selabel_open(SELABEL_CTX_FILE, selinux_options, 1); + if (!sehandle) { + LOGINFO("Unable to open /file_contexts\n"); + return 0; + } + if (TWFunc::Path_Exists("/data/media/0")) + dir = "/data/media/0"; + else + dir = "/data/media"; + if (!TWFunc::Path_Exists(dir)) { + LOGINFO("fixDataInternalContexts: '%s' does not exist!\n", dir.c_str()); + return 0; + } + LOGINFO("Fixing %s contexts\n", dir.c_str()); + restorecon(dir, &sb); + d = opendir(dir.c_str()); + + while (( de = readdir(d)) != NULL) { + stat(de->d_name, &sb); + string f; + f = dir + "/" + de->d_name; + restorecon(f, &sb); + } + closedir(d); + + androiddir = dir + "/Android/"; + if (TWFunc::Path_Exists(androiddir)) { + fixContextsRecursively(androiddir, 0); + } + selabel_close(sehandle); + return 0; +} +#endif + +int fixPermissions::fixPerms(bool enable_debug, bool remove_data_for_missing_apps) { + packageFile = "/data/system/packages.xml"; + debug = enable_debug; + remove_data = remove_data_for_missing_apps; + multi_user = TWFunc::Path_Exists("/data/user"); + + if (!(TWFunc::Path_Exists(packageFile))) { + gui_print("Can't check permissions\n"); + gui_print("after Factory Reset.\n"); + gui_print("Please boot rom and try\n"); + gui_print("again after you reboot into\n"); + gui_print("recovery.\n"); + return -1; + } + + gui_print("Fixing permissions...\nLoading packages...\n"); + if ((getPackages()) != 0) { + return -1; + } + + gui_print("Fixing /system/app permissions...\n"); + if ((fixSystemApps()) != 0) { + return -1; + } + + gui_print("Fixing /data/app permissions...\n"); + if ((fixDataApps()) != 0) { + return -1; + } + + if (multi_user) { + DIR *d = opendir("/data/user"); + string new_path, user_id; + + if (d == NULL) { + LOGERR("Error opening '/data/user'\n"); + return -1; + } + + if (d) { + struct dirent *p; + while ((p = readdir(d))) { + if (!strcmp(p->d_name, ".") || !strcmp(p->d_name, "..")) + continue; + + new_path = "/data/user/"; + new_path.append(p->d_name); + user_id = "u"; + user_id += p->d_name; + user_id += "_"; + if (p->d_type == DT_LNK) { + char link[512], realPath[512]; + strcpy(link, new_path.c_str()); + memset(realPath, 0, sizeof(realPath)); + while (readlink(link, realPath, sizeof(realPath)) > 0) { + strcpy(link, realPath); + memset(realPath, 0, sizeof(realPath)); + } + new_path = link; + } else if (p->d_type != DT_DIR) { + continue; + } else { + new_path.append("/"); + // We're probably going to need to fix permissions on multi user but + // it will have to wait for another time. Need to figure out where + // the uid and gid is stored for other users. + continue; + } + gui_print("Fixing %s permissions...\n", new_path.c_str()); + if ((fixDataData(new_path)) != 0) { + closedir(d); + return -1; + } + } + closedir(d); + } + } else { + gui_print("Fixing /data/data permissions...\n"); + if ((fixDataData("/data/data/")) != 0) { + return -1; + } + } + #ifdef HAVE_SELINUX + gui_print("Fixing /data/data/ contexts.\n"); + fixDataDataContexts(); + fixDataInternalContexts(); + #endif + gui_print("Done fixing permissions.\n"); + return 0; +} + +int fixPermissions::pchown(string fn, int puid, int pgid) { + LOGINFO("Fixing %s, uid: %d, gid: %d\n", fn.c_str(), puid, pgid); + if (chown(fn.c_str(), puid, pgid) != 0) { + LOGERR("Unable to chown '%s' %i %i\n", fn.c_str(), puid, pgid); + return -1; + } + return 0; +} + +int fixPermissions::pchmod(string fn, string mode) { + long mask = 0; + LOGINFO("Fixing %s, mode: %s\n", fn.c_str(), mode.c_str()); + for ( std::string::size_type n = 0; n < mode.length(); ++n) { + if (n == 0) { + if (mode[n] == '0') + continue; + else if (mode[n] == '1') + mask = S_ISVTX; + else if (mode[n] == '2') + mask = S_ISGID; + } + else if (n == 1) { + if (mode[n] == '7') { + mask |= S_IRWXU; + } + if (mode[n] == '6') { + mask |= S_IRUSR; + mask |= S_IWUSR; + } + if (mode[n] == '5') { + mask |= S_IRUSR; + mask |= S_IXUSR; + } + if (mode[n] == '4') + mask |= S_IRUSR; + if (mode[n] == '3') { + mask |= S_IWUSR; + mask |= S_IRUSR; + } + if (mode[n] == '2') + mask |= S_IWUSR; + if (mode[n] == '1') + mask |= S_IXUSR; + } + else if (n == 2) { + if (mode[n] == '7') { + mask |= S_IRWXG; + } + if (mode[n] == '6') { + mask |= S_IRGRP; + mask |= S_IWGRP; + } + if (mode[n] == '5') { + mask |= S_IRGRP; + mask |= S_IXGRP; + } + if (mode[n] == '4') + mask |= S_IRGRP; + if (mode[n] == '3') { + mask |= S_IWGRP; + mask |= S_IXGRP; + } + if (mode[n] == '2') + mask |= S_IWGRP; + if (mode[n] == '1') + mask |= S_IXGRP; + } + else if (n == 3) { + if (mode[n] == '7') { + mask |= S_IRWXO; + } + if (mode[n] == '6') { + mask |= S_IROTH; + mask |= S_IWOTH; + } + if (mode[n] == '5') { + mask |= S_IROTH; + mask |= S_IXOTH; + } + if (mode[n] == '4') + mask |= S_IROTH; + if (mode[n] == '3') { + mask |= S_IWOTH; + mask |= S_IXOTH; + } + if (mode[n] == '2') + mask |= S_IWOTH; + if (mode[n] == '1') + mask |= S_IXOTH; + } + } + + if (chmod(fn.c_str(), mask) != 0) { + LOGERR("Unable to chmod '%s' %l\n", fn.c_str(), mask); + return -1; + } + + return 0; +} + +int fixPermissions::fixSystemApps() { + temp = head; + while (temp != NULL) { + if (TWFunc::Path_Exists(temp->codePath)) { + if (temp->appDir.compare("/system/app") == 0 || temp->appDir.compare("/system/priv-app") == 0) { + if (debug) { + LOGINFO("Looking at '%s'\n", temp->codePath.c_str()); + LOGINFO("Fixing permissions on '%s'\n", temp->pkgName.c_str()); + LOGINFO("Directory: '%s'\n", temp->appDir.c_str()); + LOGINFO("Original package owner: %d, group: %d\n", temp->uid, temp->gid); + } + if (pchown(temp->codePath, 0, 0) != 0) + return -1; + if (pchmod(temp->codePath, "0644") != 0) + return -1; + } + } else { + //Remove data directory since app isn't installed + if (remove_data && TWFunc::Path_Exists(temp->dDir) && temp->appDir.size() >= 9 && temp->appDir.substr(0, 9) != "/mnt/asec") { + if (debug) + LOGINFO("Looking at '%s', removing data dir: '%s', appDir: '%s'", temp->codePath.c_str(), temp->dDir.c_str(), temp->appDir.c_str()); + if (TWFunc::removeDir(temp->dDir, false) != 0) { + LOGINFO("Unable to removeDir '%s'\n", temp->dDir.c_str()); + return -1; + } + } + } + temp = temp->next; + } + return 0; +} + +int fixPermissions::fixDataApps() { + bool fix = false; + int new_gid = 0; + string perms = "0000"; + + temp = head; + while (temp != NULL) { + if (TWFunc::Path_Exists(temp->codePath)) { + if (temp->appDir.compare("/data/app") == 0 || temp->appDir.compare("/sd-ext/app") == 0) { + fix = true; + new_gid = 1000; + perms = "0644"; + } else if (temp->appDir.compare("/data/app-private") == 0 || temp->appDir.compare("/sd-ext/app-private") == 0) { + fix = true; + new_gid = temp->gid; + perms = "0640"; + } else + fix = false; + if (fix) { + if (debug) { + LOGINFO("Looking at '%s'\n", temp->codePath.c_str()); + LOGINFO("Fixing permissions on '%s'\n", temp->pkgName.c_str()); + LOGINFO("Directory: '%s'\n", temp->appDir.c_str()); + LOGINFO("Original package owner: %d, group: %d\n", temp->uid, temp->gid); + } + if (pchown(temp->codePath, 1000, new_gid) != 0) + return -1; + if (pchmod(temp->codePath, perms) != 0) + return -1; + } + } else { + //Remove data directory since app isn't installed + if (remove_data && TWFunc::Path_Exists(temp->dDir) && temp->appDir.size() >= 9 && temp->appDir.substr(0, 9) != "/mnt/asec") { + if (debug) + LOGINFO("Looking at '%s', removing data dir: '%s', appDir: '%s'", temp->codePath.c_str(), temp->dDir.c_str(), temp->appDir.c_str()); + if (TWFunc::removeDir(temp->dDir, false) != 0) { + LOGINFO("Unable to removeDir '%s'\n", temp->dDir.c_str()); + return -1; + } + } + } + temp = temp->next; + } + return 0; +} + +int fixPermissions::fixAllFiles(string directory, int gid, int uid, string file_perms) { + vector <string> files; + string file; + + files = listAllFiles(directory); + for (unsigned i = 0; i < files.size(); ++i) { + file = directory + "/"; + file.append(files.at(i)); + if (debug) + LOGINFO("Looking at file '%s'\n", file.c_str()); + if (pchmod(file, file_perms) != 0) + return -1; + if (pchown(file, uid, gid) != 0) + return -1; + } + return 0; +} + +int fixPermissions::fixDataData(string dataDir) { + string directory, dir; + + temp = head; + while (temp != NULL) { + dir = dataDir + temp->dDir; + if (TWFunc::Path_Exists(dir)) { + vector <string> dataDataDirs = listAllDirectories(dir); + for (unsigned n = 0; n < dataDataDirs.size(); ++n) { + directory = dir + "/"; + directory.append(dataDataDirs.at(n)); + if (debug) + LOGINFO("Looking at data directory: '%s'\n", directory.c_str()); + if (dataDataDirs.at(n) == ".") { + if (pchmod(directory, "0755") != 0) + return -1; + if (pchown(directory.c_str(), temp->uid, temp->gid) != 0) + return -1; + if (fixAllFiles(directory, temp->uid, temp->gid, "0755") != 0) + return -1; + } + else if (dataDataDirs.at(n) == "..") { + if (debug) + LOGINFO("Skipping ..\n"); + continue; + } + else if (dataDataDirs.at(n) == "lib") { + if (pchmod(directory.c_str(), "0755") != 0) + return -1; + if (pchown(directory.c_str(), 1000, 1000) != 0) + return -1; + if (fixAllFiles(directory, temp->uid, temp->gid, "0755") != 0) + return -1; + } + else if (dataDataDirs.at(n) == "shared_prefs") { + if (pchmod(directory.c_str(), "0771") != 0) + return -1; + if (pchown(directory.c_str(), temp->uid, temp->gid) != 0) + return -1; + if (fixAllFiles(directory, temp->uid, temp->gid, "0660") != 0) + return -1; + } + else if (dataDataDirs.at(n) == "databases") { + if (pchmod(directory.c_str(), "0771") != 0) + return -1; + if (pchown(directory.c_str(), temp->uid, temp->gid) != 0) + return -1; + if (fixAllFiles(directory, temp->uid, temp->gid, "0660") != 0) + return -1; + } + else if (dataDataDirs.at(n) == "cache") { + if (pchmod(directory.c_str(), "0771") != 0) + return -1; + if (pchown(directory.c_str(), temp->uid, temp->gid) != 0) + return -1; + if (fixAllFiles(directory, temp->uid, temp->gid, "0600") != 0) + return -1; + } + else { + if (pchmod(directory.c_str(), "0771") != 0) + return -1; + if (pchown(directory.c_str(), temp->uid, temp->gid) != 0) + return -1; + if (fixAllFiles(directory, temp->uid, temp->gid, "0755") != 0) + return -1; + } + } + } + temp = temp->next; + } + return 0; +} + +vector <string> fixPermissions::listAllDirectories(string path) { + DIR *dir = opendir(path.c_str()); + vector <string> dirs; + + if (dir == NULL) { + LOGERR("Error opening '%s'\n", path.c_str()); + return dirs; + } + struct dirent *entry = readdir(dir); + while (entry != NULL) { + if (entry->d_type == DT_DIR) + dirs.push_back(entry->d_name); + entry = readdir(dir); + } + closedir(dir); + return dirs; +} + +vector <string> fixPermissions::listAllFiles(string path) { + DIR *dir = opendir(path.c_str()); + vector <string> files; + + if (dir == NULL) { + LOGERR("Error opening '%s'\n", path.c_str()); + return files; + } + struct dirent *entry = readdir(dir); + while (entry != NULL) { + if (entry->d_type == DT_REG) + files.push_back(entry->d_name); + entry = readdir(dir); + } + closedir(dir); + return files; +} + +int fixPermissions::getPackages() { + int len = 0; + bool skiploop = false; + vector <string> skip; + string name; + head = NULL; + + skip.push_back("/system/framework/framework-res.apk"); + skip.push_back("/system/framework/com.htc.resources.apk"); + + ifstream xmlFile(packageFile.c_str()); + xmlFile.seekg(0, ios::end); + len = (int) xmlFile.tellg(); + xmlFile.seekg(0, ios::beg); + char xmlBuf[len + 1]; + xmlFile.read(&xmlBuf[0], len); + xmlBuf[len] = '\0'; + xml_document<> pkgDoc; + LOGINFO("parsing package, %i...\n", len); + pkgDoc.parse<parse_full>(&xmlBuf[0]); + + xml_node<> * pkgNode = pkgDoc.first_node("packages"); + if (pkgNode == NULL) { + LOGERR("No packages found to fix.\n"); + return -1; + } + xml_node <> * next = pkgNode->first_node("package"); + if (next == NULL) { + LOGERR("No package found to fix.\n"); + return -1; + } + + //Get packages + while (next->first_attribute("name") != NULL) { + package* temp = new package; + for (unsigned n = 0; n < skip.size(); ++n) { + if (skip.at(n).compare(next->first_attribute("codePath")->value()) == 0) { + skiploop = true; + break; + } + } + + if (skiploop == true) { + if (debug) + LOGINFO("Skipping package %s\n", next->first_attribute("codePath")->value()); + free(temp); + next = next->next_sibling(); + skiploop = false; + continue; + } + name.append((next->first_attribute("name")->value())); + temp->pkgName = next->first_attribute("name")->value(); + if (debug) + LOGINFO("Loading pkg: %s\n", next->first_attribute("name")->value()); + if (next->first_attribute("codePath") == NULL) { + LOGINFO("Problem with codePath on %s\n", next->first_attribute("name")->value()); + } else { + temp->codePath = next->first_attribute("codePath")->value(); + temp->app = basename(next->first_attribute("codePath")->value()); + temp->appDir = dirname(next->first_attribute("codePath")->value()); + } + temp->dDir = name; + if ( next->first_attribute("sharedUserId") != NULL) { + temp->uid = atoi(next->first_attribute("sharedUserId")->value()); + temp->gid = atoi(next->first_attribute("sharedUserId")->value()); + } + else { + if (next->first_attribute("userId") == NULL) { + LOGINFO("Problem with userID on %s\n", next->first_attribute("name")->value()); + } else { + temp->uid = atoi(next->first_attribute("userId")->value()); + temp->gid = atoi(next->first_attribute("userId")->value()); + } + } + temp->next = head; + head = temp; + if (next->next_sibling("package") == NULL) + break; + name.clear(); + next = next->next_sibling("package"); + } + //Get updated packages + next = pkgNode->first_node("updated-package"); + if (next != NULL) { + while (next->first_attribute("name") != NULL) { + package* temp = new package; + for (unsigned n = 0; n < skip.size(); ++n) { + if (skip.at(n).compare(next->first_attribute("codePath")->value()) == 0) { + skiploop = true; + break; + } + } + + if (skiploop == true) { + if (debug) + LOGINFO("Skipping package %s\n", next->first_attribute("codePath")->value()); + free(temp); + next = next->next_sibling(); + skiploop = false; + continue; + } + name.append((next->first_attribute("name")->value())); + temp->pkgName = next->first_attribute("name")->value(); + if (debug) + LOGINFO("Loading pkg: %s\n", next->first_attribute("name")->value()); + if (next->first_attribute("codePath") == NULL) { + LOGINFO("Problem with codePath on %s\n", next->first_attribute("name")->value()); + } else { + temp->codePath = next->first_attribute("codePath")->value(); + temp->app = basename(next->first_attribute("codePath")->value()); + temp->appDir = dirname(next->first_attribute("codePath")->value()); + } + + temp->dDir = name; + if ( next->first_attribute("sharedUserId") != NULL) { + temp->uid = atoi(next->first_attribute("sharedUserId")->value()); + temp->gid = atoi(next->first_attribute("sharedUserId")->value()); + } + else { + if (next->first_attribute("userId") == NULL) { + LOGINFO("Problem with userID on %s\n", next->first_attribute("name")->value()); + } else { + temp->uid = atoi(next->first_attribute("userId")->value()); + temp->gid = atoi(next->first_attribute("userId")->value()); + } + } + temp->next = head; + head = temp; + if (next->next_sibling("package") == NULL) + break; + name.clear(); + next = next->next_sibling("package"); + } + } + return 0; +} |