【转】Android 文件系统的权限设立
【转】Android 文件系统的权限设置
翻译自:http://blogold.chinaunix.net/u3/103613/showart_2218437.html
在system.img和data.img,我们发现目录和文件有自己的UID/GID及相应的访问权限
但在Android的编译环境中,这些目录和文件目录并没有对此有相应的配置。
事实上,这些修改是有mkyaffs2image工具完成的。
分析mkyaffs2image.c源代码,其过程如下:
1. 预制条件.
当我们使用 mkyaffs2image 工具生成yaffs2文件系统时,这里有两个预制条件:
a. 使用'-f'标志
/external/yaffs2/yaffs2/utils/mkyaffs2image.c.
如果'-f',代码中fixstats标志会被设置,一些特殊操作将会根据标志来操作
if (strcmp(argv[1], "-f") == 0) {
fixstats = 1;
argc--;
argv++;
}
b. 输入的文件夹的名字必须是"data"或者"system"
if (fixstats) {
int len = strlen(argv[1]);
if((len >= 4) && (!strcmp(argv[1] + len - 4, "data"))) {
source_path_len = len - 4;
} else if((len >= 7) && (!strcmp(argv[1] + len - 6, "system"))) {
source_path_len = len - 6;
} else {
fprintf(stderr,"Fixstats (-f) option requested but filesystem is not data or android!\n");
exit(1);
}
fix_stat(argv[1], &stats);
}
2. 正常配置:访问权限、UID/GID.
mkyaffs2image 给所有的目录和文件uid:gid/ROOT:ROOT,使用在编译环境中得到原始的访问权限
3. Android特殊的配置
如果fixstats标志被设置了,mkyaffs2image 将会做一些特殊的配置用于Android操作系统
其配置流程如下:
/external/yaffs2/yaffs2/utils/mkyaffs2image.c.
main() -> process_directory() -> fix_stat() -> fs_config() ->
fs_config() 定义在 sysem/core/include/private/android_filesystem_config.h.
该函数根据android_dirs和android_files数据结构做Android相关的配置
4. android_dirs和android_files数据结构
定义在system/core/include/private/android_filesystem_config.h文件中:
static struct fs_path_config android_dirs[] = {
{ 00770, AID_SYSTEM, AID_CACHE, "cache" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data/app" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data/app-private" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data/dalvik-cache" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data/data" },
{ 00771, AID_SHELL, AID_SHELL, "data/local/tmp" },
{ 00771, AID_SHELL, AID_SHELL, "data/local" },
{ 01771, AID_SYSTEM, AID_MISC, "data/misc" },
{ 00770, AID_DHCP, AID_DHCP, "data/misc/dhcp" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data" },
{ 00750, AID_ROOT, AID_SHELL, "sbin" },
{ 00755, AID_ROOT, AID_SHELL, "system/bin" },
{ 00755, AID_ROOT, AID_SHELL, "system/xbin" },
{ 00755, AID_ROOT, AID_ROOT, "system/etc/ppp" },
{ 00777, AID_ROOT, AID_ROOT, "sdcard" },
{ 00755, AID_SYSTEM, AID_SYSTEM, "system/midletbox" },
{ 00777, AID_SYSTEM, AID_SYSTEM, "system/bin/midletvm" },
{ 00755, AID_ROOT, AID_ROOT, 0 },
};
static struct fs_path_config android_files[] = {
{ 00440, AID_ROOT, AID_SHELL, "system/etc/init.goldfish.rc" },
{ 00550, AID_ROOT, AID_SHELL, "system/etc/init.goldfish.sh" },
{ 00440, AID_ROOT, AID_SHELL, "system/etc/init.trout.rc" },
{ 00550, AID_ROOT, AID_SHELL, "system/etc/init.ril" },
{ 00550, AID_ROOT, AID_SHELL, "system/etc/init.testmenu" },
{ 00550, AID_DHCP, AID_SHELL, "system/etc/dhcpcd/dhcpcd-run-hooks" },
{ 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/dbus.conf" },
{ 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/main.conf" },
{ 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/input.conf" },
{ 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/audio.conf" },
{ 00444, AID_RADIO, AID_AUDIO, "system/etc/AudioPara4.csv" },
{ 00555, AID_ROOT, AID_ROOT, "system/etc/ppp
{ 02755, AID_ROOT, AID_NET_RAW, "system/bin/ping" },
{ 02755, AID_ROOT, AID_INET, "system/bin/netcfg" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/su" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/librank" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/procrank" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/procmem" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/tcpdump" },
{ 04755, AID_ROOT, AID_ROOT, "system/bin/fota" },
{ 00755, AID_ROOT, AID_SHELL, "system/bin/*" },
{ 00755, AID_ROOT, AID_SHELL, "system/xbin/*" },
{ 00750, AID_ROOT, AID_SHELL, "sbin/*" },
{ 00755, AID_ROOT, AID_ROOT, "bin/*" },
{ 00750, AID_ROOT, AID_SHELL, "init*" },
{ 00644, AID_ROOT, AID_ROOT, 0 },
};
翻译自:http://blogold.chinaunix.net/u3/103613/showart_2218437.html
在system.img和data.img,我们发现目录和文件有自己的UID/GID及相应的访问权限
但在Android的编译环境中,这些目录和文件目录并没有对此有相应的配置。
事实上,这些修改是有mkyaffs2image工具完成的。
分析mkyaffs2image.c源代码,其过程如下:
1. 预制条件.
当我们使用 mkyaffs2image 工具生成yaffs2文件系统时,这里有两个预制条件:
a. 使用'-f'标志
/external/yaffs2/yaffs2/utils/mkyaffs2image.c.
如果'-f',代码中fixstats标志会被设置,一些特殊操作将会根据标志来操作
if (strcmp(argv[1], "-f") == 0) {
fixstats = 1;
argc--;
argv++;
}
b. 输入的文件夹的名字必须是"data"或者"system"
if (fixstats) {
int len = strlen(argv[1]);
if((len >= 4) && (!strcmp(argv[1] + len - 4, "data"))) {
source_path_len = len - 4;
} else if((len >= 7) && (!strcmp(argv[1] + len - 6, "system"))) {
source_path_len = len - 6;
} else {
fprintf(stderr,"Fixstats (-f) option requested but filesystem is not data or android!\n");
exit(1);
}
fix_stat(argv[1], &stats);
}
2. 正常配置:访问权限、UID/GID.
mkyaffs2image 给所有的目录和文件uid:gid/ROOT:ROOT,使用在编译环境中得到原始的访问权限
3. Android特殊的配置
如果fixstats标志被设置了,mkyaffs2image 将会做一些特殊的配置用于Android操作系统
其配置流程如下:
/external/yaffs2/yaffs2/utils/mkyaffs2image.c.
main() -> process_directory() -> fix_stat() -> fs_config() ->
fs_config() 定义在 sysem/core/include/private/android_filesystem_config.h.
该函数根据android_dirs和android_files数据结构做Android相关的配置
4. android_dirs和android_files数据结构
定义在system/core/include/private/android_filesystem_config.h文件中:
static struct fs_path_config android_dirs[] = {
{ 00770, AID_SYSTEM, AID_CACHE, "cache" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data/app" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data/app-private" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data/dalvik-cache" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data/data" },
{ 00771, AID_SHELL, AID_SHELL, "data/local/tmp" },
{ 00771, AID_SHELL, AID_SHELL, "data/local" },
{ 01771, AID_SYSTEM, AID_MISC, "data/misc" },
{ 00770, AID_DHCP, AID_DHCP, "data/misc/dhcp" },
{ 00771, AID_SYSTEM, AID_SYSTEM, "data" },
{ 00750, AID_ROOT, AID_SHELL, "sbin" },
{ 00755, AID_ROOT, AID_SHELL, "system/bin" },
{ 00755, AID_ROOT, AID_SHELL, "system/xbin" },
{ 00755, AID_ROOT, AID_ROOT, "system/etc/ppp" },
{ 00777, AID_ROOT, AID_ROOT, "sdcard" },
{ 00755, AID_SYSTEM, AID_SYSTEM, "system/midletbox" },
{ 00777, AID_SYSTEM, AID_SYSTEM, "system/bin/midletvm" },
{ 00755, AID_ROOT, AID_ROOT, 0 },
};
static struct fs_path_config android_files[] = {
{ 00440, AID_ROOT, AID_SHELL, "system/etc/init.goldfish.rc" },
{ 00550, AID_ROOT, AID_SHELL, "system/etc/init.goldfish.sh" },
{ 00440, AID_ROOT, AID_SHELL, "system/etc/init.trout.rc" },
{ 00550, AID_ROOT, AID_SHELL, "system/etc/init.ril" },
{ 00550, AID_ROOT, AID_SHELL, "system/etc/init.testmenu" },
{ 00550, AID_DHCP, AID_SHELL, "system/etc/dhcpcd/dhcpcd-run-hooks" },
{ 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/dbus.conf" },
{ 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/main.conf" },
{ 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/input.conf" },
{ 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/audio.conf" },
{ 00444, AID_RADIO, AID_AUDIO, "system/etc/AudioPara4.csv" },
{ 00555, AID_ROOT, AID_ROOT, "system/etc/ppp
{ 02755, AID_ROOT, AID_NET_RAW, "system/bin/ping" },
{ 02755, AID_ROOT, AID_INET, "system/bin/netcfg" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/su" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/librank" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/procrank" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/procmem" },
{ 06755, AID_ROOT, AID_ROOT, "system/xbin/tcpdump" },
{ 04755, AID_ROOT, AID_ROOT, "system/bin/fota" },
{ 00755, AID_ROOT, AID_SHELL, "system/bin/*" },
{ 00755, AID_ROOT, AID_SHELL, "system/xbin/*" },
{ 00750, AID_ROOT, AID_SHELL, "sbin/*" },
{ 00755, AID_ROOT, AID_ROOT, "bin/*" },
{ 00750, AID_ROOT, AID_SHELL, "init*" },
{ 00644, AID_ROOT, AID_ROOT, 0 },
};