Add app2sd-mount-helper tool

When launching an application which is installed at external storage,
app2sd-server mounts application's image at internal storage.
Since process label of app2sd-server is "System", the directory which is
mount point for application's image has same label as app2sd-server.
This can cause smack denial in some cases.

This app2sd-mount-helper tool does mount instead of app2sd-server, and its
process label is "User::Home" which is same as other directories or
files at package root. Using this tool, the smack denial will not
happened.

Change-Id: Ic89bc960372d0a2595cd21aa6d9372473aafc2c8
Signed-off-by: Sangyoon Jang <jeremy.jang@samsung.com>

diff --git a/packaging/app2sd-plugin.manifest b/packaging/app2sd-plugin.manifest
index e5b4de8..46657d7 100644 (file)
--- a/packaging/app2sd-plugin.manifest
+++ b/packaging/app2sd-plugin.manifest
@@ -4,5 +4,6 @@
        </request>
        <assign>
                <filesystem path="/usr/bin/app2sd-server" label="System"/>
+               <filesystem path="/usr/bin/app2sd-mount-helper" label="System" exec_label="User::Home"/>
        </assign>
 </manifest>

diff --git a/packaging/app2sd.spec b/packaging/app2sd.spec
index 6624de0..b0f4142 100644 (file)
--- a/packaging/app2sd.spec
+++ b/packaging/app2sd.spec
@@ -93,3 +93,4 @@ rm -rf %{buildroot}
 %{_unitdir}/app2sd-server.service
 %{_datadir}/dbus-1/system-services/org.tizen.app2sd.service
 %config %{_sysconfdir}/dbus-1/system.d/org.tizen.app2sd.conf
+%{_bindir}/app2sd-mount-helper

diff --git a/plugin/app2sd/CMakeLists.txt b/plugin/app2sd/CMakeLists.txt
index 4ae4172..47c4de8 100644 (file)
--- a/plugin/app2sd/CMakeLists.txt
+++ b/plugin/app2sd/CMakeLists.txt
@@ -48,3 +48,11 @@ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/org.tizen.app2sd.service DESTINATION
 INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/org.tizen.app2sd.conf DESTINATION
        ${SYSCONF_INSTALL_DIR}/dbus-1/system.d/)
 INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/app2sd-server.service DESTINATION ${UNITDIR})
+
+# build app2sd-mount-helper binary
+SET(APP2SD_MOUNT_HELPER "app2sd-mount-helper")
+AUX_SOURCE_DIRECTORY(${CMAKE_CURRENT_SOURCE_DIR}/mount_helper APP2SD_MOUNT_HELPER_SRCS)
+ADD_EXECUTABLE(${APP2SD_MOUNT_HELPER} ${APP2SD_MOUNT_HELPER_SRCS})
+SET_TARGET_PROPERTIES(${APP2SD_MOUNT_HELPER} PROPERTIES COMPILE_FLAGS ${CFLAGS} "-fPIE -fstack-protector-strong")
+SET_TARGET_PROPERTIES(${APP2SD_MOUNT_HELPER} PROPERTIES LINK_FLAGS "-pie -Wl,--as-needed,-z,relro")
+INSTALL(TARGETS ${APP2SD_MOUNT_HELPER} DESTINATION bin)

diff --git a/plugin/app2sd/mount_helper/mount_helper.c b/plugin/app2sd/mount_helper/mount_helper.c
new file mode 100644 (file)
index 0000000..4b83525
--- /dev/null
+++ b/plugin/app2sd/mount_helper/mount_helper.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/mount.h>
+
+int main(int argc, char *argv[])
+{
+       char *source;
+       char *target;
+       char *filesystemtype;
+       unsigned long mountflags;
+
+       if (argc < 5)
+               return -EINVAL;
+
+       source = argv[1];
+       target = argv[2];
+       filesystemtype = argv[3];
+       mountflags = strtoul(argv[4], NULL, 0);
+
+       return mount(source, target, filesystemtype, mountflags, NULL);
+}

diff --git a/plugin/app2sd/server/app2sd_internals.c b/plugin/app2sd/server/app2sd_internals.c
index 4133c9f..81a2015 100644 (file)
--- a/plugin/app2sd/server/app2sd_internals.c
+++ b/plugin/app2sd/server/app2sd_internals.c
@@ -435,6 +435,9 @@ int _app2sd_mount_app_content(const char *application_path, const char *pkgid,
                .tv_sec = 0,
                .tv_nsec = 1000 * 1000 * 200
        };
+       char mountflags_str[BUF_SIZE];
+       const char *argv_mount[] = { "/bin/app2sd-mount-helper", dev,
+               app_mmc_path, FS_TYPE, mountflags_str, NULL };
 
        if (dev == NULL) {
                _E("input param is NULL (%s)", dev);
@@ -463,8 +466,9 @@ int _app2sd_mount_app_content(const char *application_path, const char *pkgid,
 
        switch (mount_type) {
        case MOUNT_TYPE_RD:
-               ret = mount(dev, app_mmc_path, FS_TYPE,
-                               MS_MGC_VAL | MS_RDONLY | MS_NOSUID, NULL);
+               snprintf(mountflags_str, sizeof(mountflags_str), "%u",
+                               MS_MGC_VAL | MS_RDONLY | MS_NOSUID);
+               ret = _xsystem(argv_mount);
                if (ret < 0) {
                        _E("read only mount failed, errono is (%d), "
                                        "dev is (%s) path is (%s)",
@@ -473,33 +477,37 @@ int _app2sd_mount_app_content(const char *application_path, const char *pkgid,
                }
                break;
        case MOUNT_TYPE_RW:
-               ret = mount(dev, app_mmc_path, FS_TYPE, MS_MGC_VAL | MS_NOSUID,
-                               NULL);
+               snprintf(mountflags_str, sizeof(mountflags_str), "%u",
+                               MS_MGC_VAL | MS_NOSUID);
+               ret = _xsystem(argv_mount);
                if (ret < 0) {
                        _E("read write mount failed, errono is (%d)", errno);
                        ret = APP2EXT_ERROR_MOUNT;
                }
                break;
        case MOUNT_TYPE_RW_NOEXEC:
-               ret = mount(dev, app_mmc_path, FS_TYPE,
-                               MS_MGC_VAL | MS_NOEXEC | MS_NOSUID, NULL);
+               snprintf(mountflags_str, sizeof(mountflags_str), "%u",
+                               MS_MGC_VAL | MS_NOEXEC | MS_NOSUID);
+               ret = _xsystem(argv_mount);
                if (ret < 0) {
                        _E("rwnx mount failed errono is (%d)", errno);
                        ret = APP2EXT_ERROR_MOUNT;
                }
                break;
        case MOUNT_TYPE_RD_REMOUNT:
-               ret = mount(dev, app_mmc_path, FS_TYPE,
-                               MS_MGC_VAL | MS_RDONLY | MS_REMOUNT | MS_NOSUID,
-                               NULL);
+               snprintf(mountflags_str, sizeof(mountflags_str), "%u",
+                               MS_MGC_VAL | MS_RDONLY | MS_REMOUNT |
+                               MS_NOSUID);
+               ret = _xsystem(argv_mount);
                if (ret < 0) {
                        _E("read remount failed errono is (%d)", errno);
                        ret = APP2EXT_ERROR_MOUNT;
                }
                break;
        case MOUNT_TYPE_RW_REMOUNT:
-               ret = mount(dev, app_mmc_path, FS_TYPE,
-                               MS_MGC_VAL | MS_REMOUNT | MS_NOSUID, NULL);
+               snprintf(mountflags_str, sizeof(mountflags_str), "%u",
+                               MS_MGC_VAL | MS_REMOUNT | MS_NOSUID);
+               ret = _xsystem(argv_mount);
                strerror_r(errno, err_buf, sizeof(err_buf));
                if (ret < 0) {
                        _E("read write remount failed errono(%d), errstr(%s)",