/* Copyright 2012 bigbiff/Dees_Troy TeamWin This file is part of TWRP/TeamWin Recovery Project. TWRP is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. TWRP is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with TWRP. If not, see . */ #include #include #include #include #include #include #include #include #include #include #include #include "gui/rapidxml.hpp" #include "fixPermissions.hpp" #include "twrp-functions.hpp" #include "twcommon.h" #ifdef HAVE_SELINUX #include "selinux/selinux.h" #include "selinux/label.h" #include "selinux/android.h" #include "selinux/label.h" #endif using namespace std; using namespace rapidxml; #ifdef HAVE_SELINUX struct selabel_handle *sehandle; struct selinux_opt selinux_options[] = { { SELABEL_OPT_PATH, "/file_contexts" } }; int fixPermissions::restorecon(string entry, struct stat *sb) { char *oldcontext, *newcontext; if (lgetfilecon(entry.c_str(), &oldcontext) < 0) { LOGINFO("Couldn't get selinux context for %s\n", entry.c_str()); return -1; } if (selabel_lookup(sehandle, &newcontext, entry.c_str(), sb->st_mode) < 0) { LOGINFO("Couldn't lookup selinux context for %s\n", entry.c_str()); return -1; } if (strcmp(oldcontext, newcontext) != 0) { LOGINFO("Relabeling %s from %s to %s\n", entry.c_str(), oldcontext, newcontext); if (lsetfilecon(entry.c_str(), newcontext) < 0) { LOGINFO("Couldn't label %s with %s: %s\n", entry.c_str(), newcontext, strerror(errno)); } } freecon(oldcontext); freecon(newcontext); return 0; } int fixPermissions::fixDataDataContexts(void) { string dir = "/data/data/"; sehandle = selabel_open(SELABEL_CTX_FILE, selinux_options, 1); if (!sehandle) { LOGINFO("Unable to open /file_contexts\n"); return 0; } if (TWFunc::Path_Exists(dir)) { fixContextsRecursively(dir, 0); } selabel_close(sehandle); return 0; } int fixPermissions::fixContextsRecursively(string name, int level) { DIR *d; struct dirent *de; struct stat sb; string path; if (!(d = opendir(name.c_str()))) return -1; if (!(de = readdir(d))) return -1; do { if (de->d_type == DT_DIR) { if (strcmp(de->d_name, ".") == 0 || strcmp(de->d_name, "..") == 0) continue; path = name + "/" + de->d_name; restorecon(path, &sb); fixContextsRecursively(path, level + 1); } else { path = name + "/" + de->d_name; restorecon(path, &sb); } } while (de = readdir(d)); closedir(d); return 0; } int fixPermissions::fixDataInternalContexts(void) { DIR *d; struct dirent *de; struct stat sb; string dir, androiddir; sehandle = selabel_open(SELABEL_CTX_FILE, selinux_options, 1); if (!sehandle) { LOGINFO("Unable to open /file_contexts\n"); return 0; } if (TWFunc::Path_Exists("/data/media/0")) dir = "/data/media/0"; else dir = "/data/media"; if (!TWFunc::Path_Exists(dir)) { LOGINFO("fixDataInternalContexts: '%s' does not exist!\n", dir.c_str()); return 0; } LOGINFO("Fixing %s contexts\n", dir.c_str()); restorecon(dir, &sb); d = opendir(dir.c_str()); while (( de = readdir(d)) != NULL) { stat(de->d_name, &sb); string f; f = dir + "/" + de->d_name; restorecon(f, &sb); } closedir(d); androiddir = dir + "/Android/"; if (TWFunc::Path_Exists(androiddir)) { fixContextsRecursively(androiddir, 0); } selabel_close(sehandle); return 0; } #endif int fixPermissions::fixPerms(bool enable_debug, bool remove_data_for_missing_apps) { packageFile = "/data/system/packages.xml"; debug = enable_debug; remove_data = remove_data_for_missing_apps; multi_user = TWFunc::Path_Exists("/data/user"); if (!(TWFunc::Path_Exists(packageFile))) { gui_print("Can't check permissions\n"); gui_print("after Factory Reset.\n"); gui_print("Please boot rom and try\n"); gui_print("again after you reboot into\n"); gui_print("recovery.\n"); return -1; } gui_print("Fixing permissions...\nLoading packages...\n"); if ((getPackages()) != 0) { return -1; } gui_print("Fixing /system/app permissions...\n"); if ((fixSystemApps()) != 0) { return -1; } gui_print("Fixing /data/app permissions...\n"); if ((fixDataApps()) != 0) { return -1; } if (multi_user) { DIR *d = opendir("/data/user"); string new_path, user_id; if (d == NULL) { LOGERR("Error opening '/data/user'\n"); return -1; } if (d) { struct dirent *p; while ((p = readdir(d))) { if (!strcmp(p->d_name, ".") || !strcmp(p->d_name, "..")) continue; new_path = "/data/user/"; new_path.append(p->d_name); user_id = "u"; user_id += p->d_name; user_id += "_"; if (p->d_type == DT_LNK) { char link[512], realPath[512]; strcpy(link, new_path.c_str()); memset(realPath, 0, sizeof(realPath)); while (readlink(link, realPath, sizeof(realPath)) > 0) { strcpy(link, realPath); memset(realPath, 0, sizeof(realPath)); } new_path = link; } else if (p->d_type != DT_DIR) { continue; } else { new_path.append("/"); // We're probably going to need to fix permissions on multi user but // it will have to wait for another time. Need to figure out where // the uid and gid is stored for other users. continue; } gui_print("Fixing %s permissions...\n", new_path.c_str()); if ((fixDataData(new_path)) != 0) { closedir(d); return -1; } } closedir(d); } } else { gui_print("Fixing /data/data permissions...\n"); if ((fixDataData("/data/data/")) != 0) { return -1; } } #ifdef HAVE_SELINUX gui_print("Fixing /data/data/ contexts.\n"); fixDataDataContexts(); fixDataInternalContexts(); #endif gui_print("Done fixing permissions.\n"); return 0; } int fixPermissions::pchown(string fn, int puid, int pgid) { LOGINFO("Fixing %s, uid: %d, gid: %d\n", fn.c_str(), puid, pgid); if (chown(fn.c_str(), puid, pgid) != 0) { LOGERR("Unable to chown '%s' %i %i\n", fn.c_str(), puid, pgid); return -1; } return 0; } int fixPermissions::pchmod(string fn, string mode) { long mask = 0; LOGINFO("Fixing %s, mode: %s\n", fn.c_str(), mode.c_str()); for ( std::string::size_type n = 0; n < mode.length(); ++n) { if (n == 0) { if (mode[n] == '0') continue; else if (mode[n] == '1') mask = S_ISVTX; else if (mode[n] == '2') mask = S_ISGID; } else if (n == 1) { if (mode[n] == '7') { mask |= S_IRWXU; } if (mode[n] == '6') { mask |= S_IRUSR; mask |= S_IWUSR; } if (mode[n] == '5') { mask |= S_IRUSR; mask |= S_IXUSR; } if (mode[n] == '4') mask |= S_IRUSR; if (mode[n] == '3') { mask |= S_IWUSR; mask |= S_IRUSR; } if (mode[n] == '2') mask |= S_IWUSR; if (mode[n] == '1') mask |= S_IXUSR; } else if (n == 2) { if (mode[n] == '7') { mask |= S_IRWXG; } if (mode[n] == '6') { mask |= S_IRGRP; mask |= S_IWGRP; } if (mode[n] == '5') { mask |= S_IRGRP; mask |= S_IXGRP; } if (mode[n] == '4') mask |= S_IRGRP; if (mode[n] == '3') { mask |= S_IWGRP; mask |= S_IXGRP; } if (mode[n] == '2') mask |= S_IWGRP; if (mode[n] == '1') mask |= S_IXGRP; } else if (n == 3) { if (mode[n] == '7') { mask |= S_IRWXO; } if (mode[n] == '6') { mask |= S_IROTH; mask |= S_IWOTH; } if (mode[n] == '5') { mask |= S_IROTH; mask |= S_IXOTH; } if (mode[n] == '4') mask |= S_IROTH; if (mode[n] == '3') { mask |= S_IWOTH; mask |= S_IXOTH; } if (mode[n] == '2') mask |= S_IWOTH; if (mode[n] == '1') mask |= S_IXOTH; } } if (chmod(fn.c_str(), mask) != 0) { LOGERR("Unable to chmod '%s' %l\n", fn.c_str(), mask); return -1; } return 0; } int fixPermissions::fixSystemApps() { temp = head; while (temp != NULL) { if (TWFunc::Path_Exists(temp->codePath)) { if (temp->appDir.compare("/system/app") == 0 || temp->appDir.compare("/system/priv-app") == 0) { if (debug) { LOGINFO("Looking at '%s'\n", temp->codePath.c_str()); LOGINFO("Fixing permissions on '%s'\n", temp->pkgName.c_str()); LOGINFO("Directory: '%s'\n", temp->appDir.c_str()); LOGINFO("Original package owner: %d, group: %d\n", temp->uid, temp->gid); } if (pchown(temp->codePath, 0, 0) != 0) return -1; if (pchmod(temp->codePath, "0644") != 0) return -1; } } else { //Remove data directory since app isn't installed if (remove_data && TWFunc::Path_Exists(temp->dDir) && temp->appDir.size() >= 9 && temp->appDir.substr(0, 9) != "/mnt/asec") { if (debug) LOGINFO("Looking at '%s', removing data dir: '%s', appDir: '%s'", temp->codePath.c_str(), temp->dDir.c_str(), temp->appDir.c_str()); if (TWFunc::removeDir(temp->dDir, false) != 0) { LOGINFO("Unable to removeDir '%s'\n", temp->dDir.c_str()); return -1; } } } temp = temp->next; } return 0; } int fixPermissions::fixDataApps() { bool fix = false; int new_gid = 0; string perms = "0000"; temp = head; while (temp != NULL) { if (TWFunc::Path_Exists(temp->codePath)) { if (temp->appDir.compare("/data/app") == 0 || temp->appDir.compare("/sd-ext/app") == 0) { fix = true; new_gid = 1000; perms = "0644"; } else if (temp->appDir.compare("/data/app-private") == 0 || temp->appDir.compare("/sd-ext/app-private") == 0) { fix = true; new_gid = temp->gid; perms = "0640"; } else fix = false; if (fix) { if (debug) { LOGINFO("Looking at '%s'\n", temp->codePath.c_str()); LOGINFO("Fixing permissions on '%s'\n", temp->pkgName.c_str()); LOGINFO("Directory: '%s'\n", temp->appDir.c_str()); LOGINFO("Original package owner: %d, group: %d\n", temp->uid, temp->gid); } if (pchown(temp->codePath, 1000, new_gid) != 0) return -1; if (pchmod(temp->codePath, perms) != 0) return -1; } } else { //Remove data directory since app isn't installed if (remove_data && TWFunc::Path_Exists(temp->dDir) && temp->appDir.size() >= 9 && temp->appDir.substr(0, 9) != "/mnt/asec") { if (debug) LOGINFO("Looking at '%s', removing data dir: '%s', appDir: '%s'", temp->codePath.c_str(), temp->dDir.c_str(), temp->appDir.c_str()); if (TWFunc::removeDir(temp->dDir, false) != 0) { LOGINFO("Unable to removeDir '%s'\n", temp->dDir.c_str()); return -1; } } } temp = temp->next; } return 0; } int fixPermissions::fixAllFiles(string directory, int gid, int uid, string file_perms) { vector files; string file; files = listAllFiles(directory); for (unsigned i = 0; i < files.size(); ++i) { file = directory + "/"; file.append(files.at(i)); if (debug) LOGINFO("Looking at file '%s'\n", file.c_str()); if (pchmod(file, file_perms) != 0) return -1; if (pchown(file, uid, gid) != 0) return -1; } return 0; } int fixPermissions::fixDataData(string dataDir) { string directory, dir; temp = head; while (temp != NULL) { dir = dataDir + temp->dDir; if (TWFunc::Path_Exists(dir)) { vector dataDataDirs = listAllDirectories(dir); for (unsigned n = 0; n < dataDataDirs.size(); ++n) { directory = dir + "/"; directory.append(dataDataDirs.at(n)); if (debug) LOGINFO("Looking at data directory: '%s'\n", directory.c_str()); if (dataDataDirs.at(n) == ".") { if (pchmod(directory, "0755") != 0) return -1; if (pchown(directory.c_str(), temp->uid, temp->gid) != 0) return -1; if (fixAllFiles(directory, temp->uid, temp->gid, "0755") != 0) return -1; } else if (dataDataDirs.at(n) == "..") { if (debug) LOGINFO("Skipping ..\n"); continue; } else if (dataDataDirs.at(n) == "lib") { if (pchmod(directory.c_str(), "0755") != 0) return -1; if (pchown(directory.c_str(), 1000, 1000) != 0) return -1; if (fixAllFiles(directory, temp->uid, temp->gid, "0755") != 0) return -1; } else if (dataDataDirs.at(n) == "shared_prefs") { if (pchmod(directory.c_str(), "0771") != 0) return -1; if (pchown(directory.c_str(), temp->uid, temp->gid) != 0) return -1; if (fixAllFiles(directory, temp->uid, temp->gid, "0660") != 0) return -1; } else if (dataDataDirs.at(n) == "databases") { if (pchmod(directory.c_str(), "0771") != 0) return -1; if (pchown(directory.c_str(), temp->uid, temp->gid) != 0) return -1; if (fixAllFiles(directory, temp->uid, temp->gid, "0660") != 0) return -1; } else if (dataDataDirs.at(n) == "cache") { if (pchmod(directory.c_str(), "0771") != 0) return -1; if (pchown(directory.c_str(), temp->uid, temp->gid) != 0) return -1; if (fixAllFiles(directory, temp->uid, temp->gid, "0600") != 0) return -1; } else { if (pchmod(directory.c_str(), "0771") != 0) return -1; if (pchown(directory.c_str(), temp->uid, temp->gid) != 0) return -1; if (fixAllFiles(directory, temp->uid, temp->gid, "0755") != 0) return -1; } } } temp = temp->next; } return 0; } vector fixPermissions::listAllDirectories(string path) { DIR *dir = opendir(path.c_str()); vector dirs; if (dir == NULL) { LOGERR("Error opening '%s'\n", path.c_str()); return dirs; } struct dirent *entry = readdir(dir); while (entry != NULL) { if (entry->d_type == DT_DIR) dirs.push_back(entry->d_name); entry = readdir(dir); } closedir(dir); return dirs; } vector fixPermissions::listAllFiles(string path) { DIR *dir = opendir(path.c_str()); vector files; if (dir == NULL) { LOGERR("Error opening '%s'\n", path.c_str()); return files; } struct dirent *entry = readdir(dir); while (entry != NULL) { if (entry->d_type == DT_REG) files.push_back(entry->d_name); entry = readdir(dir); } closedir(dir); return files; } int fixPermissions::getPackages() { int len = 0; bool skiploop = false; vector skip; string name; head = NULL; skip.push_back("/system/framework/framework-res.apk"); skip.push_back("/system/framework/com.htc.resources.apk"); ifstream xmlFile(packageFile.c_str()); xmlFile.seekg(0, ios::end); len = (int) xmlFile.tellg(); xmlFile.seekg(0, ios::beg); char xmlBuf[len + 1]; xmlFile.read(&xmlBuf[0], len); xmlBuf[len] = '\0'; xml_document<> pkgDoc; LOGINFO("parsing package, %i...\n", len); pkgDoc.parse(&xmlBuf[0]); xml_node<> * pkgNode = pkgDoc.first_node("packages"); if (pkgNode == NULL) { LOGERR("No packages found to fix.\n"); return -1; } xml_node <> * next = pkgNode->first_node("package"); if (next == NULL) { LOGERR("No package found to fix.\n"); return -1; } //Get packages while (next->first_attribute("name") != NULL) { package* temp = new package; for (unsigned n = 0; n < skip.size(); ++n) { if (skip.at(n).compare(next->first_attribute("codePath")->value()) == 0) { skiploop = true; break; } } if (skiploop == true) { if (debug) LOGINFO("Skipping package %s\n", next->first_attribute("codePath")->value()); free(temp); next = next->next_sibling(); skiploop = false; continue; } name.append((next->first_attribute("name")->value())); temp->pkgName = next->first_attribute("name")->value(); if (debug) LOGINFO("Loading pkg: %s\n", next->first_attribute("name")->value()); if (next->first_attribute("codePath") == NULL) { LOGINFO("Problem with codePath on %s\n", next->first_attribute("name")->value()); } else { temp->codePath = next->first_attribute("codePath")->value(); temp->app = basename(next->first_attribute("codePath")->value()); temp->appDir = dirname(next->first_attribute("codePath")->value()); } temp->dDir = name; if ( next->first_attribute("sharedUserId") != NULL) { temp->uid = atoi(next->first_attribute("sharedUserId")->value()); temp->gid = atoi(next->first_attribute("sharedUserId")->value()); } else { if (next->first_attribute("userId") == NULL) { LOGINFO("Problem with userID on %s\n", next->first_attribute("name")->value()); } else { temp->uid = atoi(next->first_attribute("userId")->value()); temp->gid = atoi(next->first_attribute("userId")->value()); } } temp->next = head; head = temp; if (next->next_sibling("package") == NULL) break; name.clear(); next = next->next_sibling("package"); } //Get updated packages next = pkgNode->first_node("updated-package"); if (next != NULL) { while (next->first_attribute("name") != NULL) { package* temp = new package; for (unsigned n = 0; n < skip.size(); ++n) { if (skip.at(n).compare(next->first_attribute("codePath")->value()) == 0) { skiploop = true; break; } } if (skiploop == true) { if (debug) LOGINFO("Skipping package %s\n", next->first_attribute("codePath")->value()); free(temp); next = next->next_sibling(); skiploop = false; continue; } name.append((next->first_attribute("name")->value())); temp->pkgName = next->first_attribute("name")->value(); if (debug) LOGINFO("Loading pkg: %s\n", next->first_attribute("name")->value()); if (next->first_attribute("codePath") == NULL) { LOGINFO("Problem with codePath on %s\n", next->first_attribute("name")->value()); } else { temp->codePath = next->first_attribute("codePath")->value(); temp->app = basename(next->first_attribute("codePath")->value()); temp->appDir = dirname(next->first_attribute("codePath")->value()); } temp->dDir = name; if ( next->first_attribute("sharedUserId") != NULL) { temp->uid = atoi(next->first_attribute("sharedUserId")->value()); temp->gid = atoi(next->first_attribute("sharedUserId")->value()); } else { if (next->first_attribute("userId") == NULL) { LOGINFO("Problem with userID on %s\n", next->first_attribute("name")->value()); } else { temp->uid = atoi(next->first_attribute("userId")->value()); temp->gid = atoi(next->first_attribute("userId")->value()); } } temp->next = head; head = temp; if (next->next_sibling("package") == NULL) break; name.clear(); next = next->next_sibling("package"); } } return 0; }