九鼎创展论坛中文版English
登录 | 立即注册 设为首页收藏本站 切换到宽版
查看: 4944|回复: 0
打印 上一主题 下一主题

关于Android系统中system.img和data.img中文件系统的权限设置

[复制链接]
跳转到指定楼层
楼主
发表于 2012-1-6 17:23:14 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式

http://blogold.chinaunix.net/u3/103613/showart_2218437.html

    In system.img and data.img, we can find directory and files have their own UID/GID, and also access permission.
but in Android build environment, they have not been given the configuration.

    In fact, these modification are done by mkyaffs2image tool. In yaffs source code, we can get the real process.

1. Pre-condition.
while we use mkyaffs2image tool to generate yaffs2 file system, there are two pre-condition.
a. we need use '-f' flags as mkyaffs2image boot option.
In /external/yaffs2/yaffs2/utils/mkyaffs2image.c.
if we use '-f' option, it will set fixstats flag and do some special process according to this flag.

    if (strcmp(argv[1], "-f") == 0) {
        fixstats = 1;
        argc--;
        argv++;
    }

b. for the folder which will be transfered to yaffs file system, the folder name should be "system" or "data".

    if (fixstats) {
        int len = strlen(argv[1]);
      
        if((len >= 4) && (!strcmp(argv[1] + len - 4, "data"))) {
            source_path_len = len - 4;
        } else if((len >= 7) && (!strcmp(argv[1] + len - 6, "system"))) {
            source_path_len = len - 6;
        } else {           
            fprintf(stderr,"Fixstats (-f) option requested but filesystem is not data or android!/n");
            exit(1);
        }
        fix_stat(argv[1], &stats);
    }

2. normal configuration for permission and uid/gid.
for all directory and files, mkyaffs2image tool give them ROOT:ROOT uid and gid. and also re-use access permission according to directory and file's original permission in build environment.

3. special configuration for Android.
if fixstats is set, mkyaffs2image tool will do special configuration for Android.
the process is as below:

In /external/yaffs2/yaffs2/utils/mkyaffs2image.c.
main() -> process_directory() -> fix_stat() -> fs_config() ->

fs_config() function is defined in sysem/core/include/private/android_filesystem_config.h. This function will do special configuration according to android_dirs and android_files data stuctures.

4. about android_dirs and android_files data stuctures.
the defination is in system/core/include/private/android_filesystem_config.h file.

static struct fs_path_config android_dirs[] = {
    { 00770, AID_SYSTEM, AID_CACHE,  "cache" },
    { 00771, AID_SYSTEM, AID_SYSTEM, "data/app" },
    { 00771, AID_SYSTEM, AID_SYSTEM, "data/app-private" },
    { 00771, AID_SYSTEM, AID_SYSTEM, "data/dalvik-cache" },
    { 00771, AID_SYSTEM, AID_SYSTEM, "data/data" },
    { 00771, AID_SHELL,  AID_SHELL,  "data/local/tmp" },
    { 00771, AID_SHELL,  AID_SHELL,  "data/local" },
    { 01771, AID_SYSTEM, AID_MISC,   "data/misc" },
    { 00770, AID_DHCP,   AID_DHCP,   "data/misc/dhcp" },
    { 00771, AID_SYSTEM, AID_SYSTEM, "data" },
    { 00750, AID_ROOT,   AID_SHELL,  "sbin" },
    { 00755, AID_ROOT,   AID_SHELL,  "system/bin" },
    { 00755, AID_ROOT,   AID_SHELL,  "system/xbin" },
    { 00755, AID_ROOT,   AID_ROOT,   "system/etc/ppp" },
    { 00777, AID_ROOT,   AID_ROOT,   "sdcard" },
    { 00755, AID_SYSTEM, AID_SYSTEM, "system/midletbox" },
    { 00777, AID_SYSTEM, AID_SYSTEM, "system/bin/midletvm" },
    { 00755, AID_ROOT,   AID_ROOT,   0 },
};

/* Rules for files.
** These rules are applied based on "first match", so they
** should start with the most specific path and work their
** way up to the root. Prefixes ending in * denotes wildcard
** and will allow partial matches.
*/
static struct fs_path_config android_files[] = {
    { 00440, AID_ROOT,      AID_SHELL,     "system/etc/init.goldfish.rc" },
    { 00550, AID_ROOT,      AID_SHELL,     "system/etc/init.goldfish.sh" },
    { 00440, AID_ROOT,      AID_SHELL,     "system/etc/init.trout.rc" },
    { 00550, AID_ROOT,      AID_SHELL,     "system/etc/init.ril" },
    { 00550, AID_ROOT,      AID_SHELL,     "system/etc/init.testmenu" },
    { 00550, AID_DHCP,      AID_SHELL,     "system/etc/dhcpcd/dhcpcd-run-hooks" },
    { 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/dbus.conf" },
    { 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/main.conf" },
    { 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/input.conf" },
    { 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/audio.conf" },
    { 00444, AID_RADIO,     AID_AUDIO,     "system/etc/AudioPara4.csv" },
    { 00555, AID_ROOT,      AID_ROOT,      "system/etc/ppp/*" },
    { 00644, AID_SYSTEM,    AID_SYSTEM,    "data/app/*" },
    { 00644, AID_SYSTEM,    AID_SYSTEM,    "data/app-private/*" },
    { 00644, AID_APP,       AID_APP,       "data/data/*" },
    /* the following two files are INTENTIONALLY set-gid and not set-uid.
     * Do not change. */
    { 02755, AID_ROOT,      AID_NET_RAW,   "system/bin/ping" },
    { 02755, AID_ROOT,      AID_INET,      "system/bin/netcfg" },
    /* the following four files are INTENTIONALLY set-uid, but they
     * are NOT included on user builds. */
    { 06755, AID_ROOT,      AID_ROOT,      "system/xbin/su" },
    { 06755, AID_ROOT,      AID_ROOT,      "system/xbin/librank" },
    { 06755, AID_ROOT,      AID_ROOT,      "system/xbin/procrank" },
    { 06755, AID_ROOT,      AID_ROOT,      "system/xbin/procmem" },
    { 06755, AID_ROOT,      AID_ROOT,      "system/xbin/tcpdump" },
    { 04755, AID_ROOT,      AID_ROOT,      "system/bin/fota" },
    { 00755, AID_ROOT,      AID_SHELL,     "system/bin/*" },
    { 00755, AID_ROOT,      AID_SHELL,     "system/xbin/*" },
    { 00750, AID_ROOT,      AID_SHELL,     "sbin/*" },
    { 00755, AID_ROOT,      AID_ROOT,      "bin/*" },
    { 00750, AID_ROOT,      AID_SHELL,     "init*" },
    { 00644, AID_ROOT,      AID_ROOT,       0 },
};

[]
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|手机版|小黑屋|深圳市九鼎创展科技官方论坛 ( 粤ICP备11028681号-2  

GMT+8, 2025-10-25 09:50 , Processed in 0.017590 second(s), 20 queries .

Powered by Discuz! X3.2

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表