cros-disks/smbfs_helper.cc - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2019 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "cros-disks/smbfs_helper.h"

 #include <utility>

 #include <base/files/file_path.h>
 #include <base/logging.h>
 #include <base/strings/string_number_conversions.h>
 #include <base/strings/string_util.h>

 #include "cros-disks/fuse_mounter.h"
 #include "cros-disks/mount_options.h"
 #include "cros-disks/mount_point.h"
 #include "cros-disks/platform.h"
 #include "cros-disks/uri.h"

 namespace cros_disks {
 namespace {

 const char kUserName[] = "fuse-smbfs";
 const char kHelperTool[] = "/usr/sbin/smbfs";
 const char kType[] = "smbfs";
 const char kSeccompPolicyFile[] = "/usr/share/policy/smbfs-seccomp.policy";

 const char kMojoIdOptionPrefix[] = "mojo_id=";
 const char kDbusSocketPath[] = "/run/dbus";
 const char kDaemonStorePath[] = "/run/daemon-store/smbfs";

 class SmbfsMounter : public FUSEMounter {
  public:
   SmbfsMounter(std::string filesystem_type,
                MountOptions mount_options,
                const Platform* platform,
                brillo::ProcessReaper* process_reaper,
                std::string mount_program,
                std::string mount_user,
                std::string seccomp_policy,
                BindPaths bind_paths)
       : FUSEMounter({.bind_paths = std::move(bind_paths),
                      .filesystem_type = std::move(filesystem_type),
                      .mount_options = std::move(mount_options),
                      .mount_program = std::move(mount_program),
                      .mount_user = std::move(mount_user),
                      .network_access = true,
                      .platform = platform,
                      .process_reaper = process_reaper,
                      .seccomp_policy = seccomp_policy}) {}

   // FUSEMounter overrides:
   std::unique_ptr<MountPoint> Mount(const std::string& source,
                                     const base::FilePath& target_path,
                                     std::vector<std::string> options,
                                     MountErrorType* error) const override {
     return FUSEMounter::Mount("", target_path, options, error);
   }
 };

 }  // namespace

 SmbfsHelper::SmbfsHelper(const Platform* platform,
                          brillo::ProcessReaper* process_reaper)
     : FUSEHelper(kType,
                  platform,
                  process_reaper,
                  base::FilePath(kHelperTool),
                  kUserName) {}

 SmbfsHelper::~SmbfsHelper() = default;

 std::unique_ptr<FUSEMounter> SmbfsHelper::CreateMounter(
     const base::FilePath& working_dir,
     const Uri& source,
     const base::FilePath& target_path,
     const std::vector<std::string>& options) const {
   const std::string& mojo_id = source.path();

   // Enforced by FUSEHelper::CanMount().
   DCHECK(!mojo_id.empty());

   uid_t files_uid;
   gid_t files_gid;
   if (!platform()->GetUserAndGroupId(kFilesUser, &files_uid, nullptr) ||
       !platform()->GetGroupId(kFilesGroup, &files_gid)) {
     return nullptr;
   }

   MountOptions mount_options;
   mount_options.EnforceOption(kMojoIdOptionPrefix + mojo_id);
   mount_options.Initialize(options, true, base::NumberToString(files_uid),
                            base::NumberToString(files_gid));

   // Bind DBus communication socket and daemon-store into the sandbox.
   FUSEMounter::BindPaths paths = {
       {kDbusSocketPath, true},
       // Need to use recursive binding because the daemon-store directory in
       // their cryptohome is bind mounted inside |kDaemonStorePath|.
       // TODO(crbug.com/1054705): Pass the user account hash as a mount option
       // and restrict binding to that specific directory.
       {kDaemonStorePath, true /* writable */, true /* recursive */},
   };

   return std::make_unique<SmbfsMounter>(
       type(), mount_options, platform(), process_reaper(),
       program_path().value(), user(), kSeccompPolicyFile, paths);
 }

 }  // namespace cros_disks
	// Copyright 2019 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "cros-disks/smbfs_helper.h"

	#include <utility>

	#include <base/files/file_path.h>
	#include <base/logging.h>
	#include <base/strings/string_number_conversions.h>
	#include <base/strings/string_util.h>

	#include "cros-disks/fuse_mounter.h"
	#include "cros-disks/mount_options.h"
	#include "cros-disks/mount_point.h"
	#include "cros-disks/platform.h"
	#include "cros-disks/uri.h"

	namespace cros_disks {
	namespace {

	const char kUserName[] = "fuse-smbfs";
	const char kHelperTool[] = "/usr/sbin/smbfs";
	const char kType[] = "smbfs";
	const char kSeccompPolicyFile[] = "/usr/share/policy/smbfs-seccomp.policy";

	const char kMojoIdOptionPrefix[] = "mojo_id=";
	const char kDbusSocketPath[] = "/run/dbus";
	const char kDaemonStorePath[] = "/run/daemon-store/smbfs";

	class SmbfsMounter : public FUSEMounter {
	public:
	SmbfsMounter(std::string filesystem_type,
	MountOptions mount_options,
	const Platform* platform,
	brillo::ProcessReaper* process_reaper,
	std::string mount_program,
	std::string mount_user,
	std::string seccomp_policy,
	BindPaths bind_paths)
	: FUSEMounter({.bind_paths = std::move(bind_paths),
	.filesystem_type = std::move(filesystem_type),
	.mount_options = std::move(mount_options),
	.mount_program = std::move(mount_program),
	.mount_user = std::move(mount_user),
	.network_access = true,
	.platform = platform,
	.process_reaper = process_reaper,
	.seccomp_policy = seccomp_policy}) {}

	// FUSEMounter overrides:
	std::unique_ptr<MountPoint> Mount(const std::string& source,
	const base::FilePath& target_path,
	std::vector<std::string> options,
	MountErrorType* error) const override {
	return FUSEMounter::Mount("", target_path, options, error);
	}
	};

	} // namespace

	SmbfsHelper::SmbfsHelper(const Platform* platform,
	brillo::ProcessReaper* process_reaper)
	: FUSEHelper(kType,
	platform,
	process_reaper,
	base::FilePath(kHelperTool),
	kUserName) {}

	SmbfsHelper::~SmbfsHelper() = default;

	std::unique_ptr<FUSEMounter> SmbfsHelper::CreateMounter(
	const base::FilePath& working_dir,
	const Uri& source,
	const base::FilePath& target_path,
	const std::vector<std::string>& options) const {
	const std::string& mojo_id = source.path();

	// Enforced by FUSEHelper::CanMount().
	DCHECK(!mojo_id.empty());

	uid_t files_uid;
	gid_t files_gid;
	if (!platform()->GetUserAndGroupId(kFilesUser, &files_uid, nullptr) \|\|
	!platform()->GetGroupId(kFilesGroup, &files_gid)) {
	return nullptr;
	}

	MountOptions mount_options;
	mount_options.EnforceOption(kMojoIdOptionPrefix + mojo_id);
	mount_options.Initialize(options, true, base::NumberToString(files_uid),
	base::NumberToString(files_gid));

	// Bind DBus communication socket and daemon-store into the sandbox.
	FUSEMounter::BindPaths paths = {
	{kDbusSocketPath, true},
	// Need to use recursive binding because the daemon-store directory in
	// their cryptohome is bind mounted inside \|kDaemonStorePath\|.
	// TODO(crbug.com/1054705): Pass the user account hash as a mount option
	// and restrict binding to that specific directory.
	{kDaemonStorePath, true /* writable /, true / recursive */},
	};

	return std::make_unique<SmbfsMounter>(
	type(), mount_options, platform(), process_reaper(),
	program_path().value(), user(), kSeccompPolicyFile, paths);
	}

	} // namespace cros_disks