Android系统文件系统的权限设置
in system.img and data.img, we can find directory and files have their own UID/GID, and also access permission.
but in Android build environment, they have not been given the configuration.
in fact, these modification are done by mkyaffs2image tool.
in yaffs source code, we can get the real process.
1. Pre-condition.
while we use mkyaffs2image tool to generate yaffs2 file system, there are two pre-condition.
a. we need use '-f' flags as mkyaffs2image boot option.
In /external/yaffs2/yaffs2/utils/mkyaffs2image.c.
if we use '-f' option, it will set fixstats flag and do some special process according to this flag.
if (strcmp(argv[1], "-f") == 0) {
fixstats = 1;
argc--;
argv++;
}
b. for the folder which will be transfered to yaffs file system, the folder name should be "system" or "data".
if (fixstats) {
int len = strlen(argv[1]);
if((len >= 4) && (!strcmp(argv[1] + len - 4, "data"))) {
source_path_len = len - 4;
} else if((len >= 7) && (!strcmp(argv[1] + len - 6, "system"))) {
source_path_len = len - 6;
} else {
fprintf(stderr,"Fixstats (-f) option requested but filesystem is not data or android!\n");
exit(1);
}
fix_stat(argv[1], &stats);
}
2. normal configuration for permission and uid/gid.
for all directory and files, mkyaffs2image tool give them ROOT:ROOT uid and gid. and also re-use access permission according to directory and file's original permission in build environment.
3. special configuration for Android.
if fixstats is set, mkyaffs2image tool will do special configuration for Android.
the process is as below:
In /external/yaffs2/yaffs2/utils/mkyaffs2image.c.
main() -> process_directory() -> fix_stat() -> fs_config() ->
fs_config() function is defined in sysem/core/include/private/android_filesystem_config.h. This function will do special configuration according to android_dirs and android_files data stuctures.
4. about android_dirs and android_files data stuctures.
the defination is in system/core/include/private/android_filesystem_config.h file.
static struct fs_path_config android_dirs[] = {
{ 00770, AID_SYSTEM, AID_CACHE, "cache" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data/app" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data/app-private" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data/dalvik-cache" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data/data" },
{ 00771, AID_SHELL, AID_SHELL, "data/local/tmp" },
{ 00771, AID_SHELL, AID_SHELL, "data/local" },
{ 01771, AID_SYSTEM, AID_MISC, "data/misc" },
{ 00770, AID_DHCP, AID_DHCP, "data/misc/dhcp" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data" },
{ 00750, AID_ROOT, AID_SHELL, "sbin" },
{ 00755, AID_ROOT, AID_SHELL, "system/bin" },
{ 00755, AID_ROOT, AID_SHELL, "system/xbin" },
{ 00755, AID_ROOT, AID_ROOT, "system/etc/ppp" },
{ 00777, AID_ROOT, AID_ROOT, "sdcard" },
{ 00755, AID_SYSTEM, AID_SYSTEM, "system/midletbox" },
{ 00777, AID_SYSTEM, AID_SYSTEM, "system/bin/midletvm" },
{ 00755, AID_ROOT, AID_ROOT, 0 },
};
/* Rules for files.
** These rules are applied based on "first match", so they
** should start with the most specific path and work their
** way up to the root. Prefixes ending in * denotes wildcard
** and will allow partial matches.
*/
static struct fs_path_config android_files[] = {
{ 00440, AID_ROOT, AID_SHELL, "system/etc/init.goldfish.rc" },
{ 00550, AID_ROOT, AID_SHELL, "system/etc/init.goldfish.sh" },
{ 00440, AID_ROOT, AID_SHELL, "system/etc/init.trout.rc" },
{ 00550, AID_ROOT, AID_SHELL, "system/etc/init.ril" },
{ 00550, AID_ROOT, AID_SHELL, "system/etc/init.testmenu" },
{ 00550, AID_DHCP, AID_SHELL, "system/etc/dhcpcd/dhcpcd-run-hooks" },
{ 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/dbus.conf" },
{ 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/main.conf" },
{ 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/input.conf" },
{ 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/audio.conf" },
{ 00444, AID_RADIO, AID_AUDIO, "system/etc/AudioPara4.csv" },
{ 00555, AID_ROOT, AID_ROOT, "system/etc/ppp/*" },
{ 00644, AID_SYSTEM, AID_SYSTEM, "data/app/*" },
{ 00644, AID_SYSTEM, AID_SYSTEM, "data/app-private/*" },
{ 00644, AID_APP, AID_APP, "data/data/*" },
/* the following two files are INTENTIONALLY set-gid and not set-uid.
* Do not change. */
{ 02755, AID_ROOT, AID_NET_RAW, "system/bin/ping" },
{ 02755, AID_ROOT, AID_INET, "system/bin/netcfg" },
/* the following four files are INTENTIONALLY set-uid, but they
* are NOT included on user builds. */
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/su" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/librank" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/procrank" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/procmem" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/tcpdump" },
{ 04755, AID_ROOT, AID_ROOT, "system/bin/fota" },
{ 00755, AID_ROOT, AID_SHELL, "system/bin/*" },
{ 00755, AID_ROOT, AID_SHELL, "system/xbin/*" },
{ 00750, AID_ROOT, AID_SHELL, "sbin/*" },
{ 00755, AID_ROOT, AID_ROOT, "bin/*" },
{ 00750, AID_ROOT, AID_SHELL, "init*" },
{ 00644, AID_ROOT, AID_ROOT, 0 },
};
