arc/mount-passthrough/mount-passthrough-jailed-utils.sh - mirrors/cros/chromiumos/platform2 - Git at Google

 #!/bin/bash
 # Copyright 2021 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 # Defines a wrapper function to run mount-passthrough with minijail0.

 # TODO(b/123669632): Remove the argument |force_group_permission| and related
 # logic once we start to run the daemon as MediaProvider UID and GID from
 # mount-passthrough-jailed-play.
 run_mount_passthrough_with_minijail0() {
   if [ $# -ne 12 ]; then
     echo "Usage: $0 source dest fuse_umask fuse_uid fuse_gid"\
       "android_app_access_type daemon_uid daemon_gid"\
       "inherit_supplementary_groups grant_cap_dac_override"\
       "force_group_permission" "enter_concierge_namespace"
     exit 1
   fi

   local source="${1}"
   local dest="${2}"
   local fuse_umask="${3}"
   local fuse_uid="${4}"
   local fuse_gid="${5}"
   local android_app_access_type="${6}"
   local daemon_uid="${7}"
   local daemon_gid="${8}"
   local inherit_supplementary_groups="${9}"
   local grant_cap_dac_override="${10}"
   local force_group_permission="${11}"
   local enter_concierge_namespace="${12}"

   # Set large enough open file limit since this process handles many open files.
   ulimit -n 8192

   # Start constructing minijail0 args...
   set --

   if [ "${enter_concierge_namespace}" = "true" ]; then
     # Enter the concierge namespace.
     set -- "$@" -V /run/namespaces/mnt_concierge
   else
     # Use minimalistic-mountns profile.
     set -- "$@" --profile=minimalistic-mountns
   fi

   # Enter a new UTS namespace.
   set -- "$@" --uts

   # Enter a new VFS namespace and remount /proc read-only.
   set -- "$@" -v -r

   # Enter a new network namespace.
   set -- "$@" -e

   # Enter a new IPC namespace.
   set -- "$@" -l

   # Grant CAP_SYS_ADMIN needed to mount FUSE filesystem.
   # Also, additionally grant CAP_DAC_OVERRIDE when specified so in order to
   # access all files in the source regardless of the daemon's UID and GID.
   if [ "${grant_cap_dac_override}" = "true" ]; then
     set -- "$@" -c 'cap_dac_override,cap_sys_admin+eip'
   else
     set -- "$@" -c 'cap_sys_admin+eip'
   fi

   # Set uid and gid of the daemon.
   set -- "$@" -u "${daemon_uid}" -g "${daemon_gid}"

   # Inherit supplementary groups if specified so.
   if [ "${inherit_supplementary_groups}" = "true" ]; then
     set -- "$@" -G
   fi

   # Allow sharing mounts between CrOS and Android.
   # WARNING: BE CAREFUL not to unexpectedly expose shared mounts in following
   # bind mounts! Always remount them with MS_REC|MS_PRIVATE unless you want to
   # share those mounts explicitly.
   set -- "$@" -K

   local source_in_minijail="${source}"
   local dest_in_minijail="${dest}"

   if [ "${enter_concierge_namespace}" != "true" ]; then
     # Set up the source and destination under /mnt inside the new namespace.
     source_in_minijail=/mnt/source
     dest_in_minijail=/mnt/dest

     # Mount tmpfs on /mnt.
     set -- "$@" -k "tmpfs,/mnt,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC"

     # Bind /dev/fuse to mount FUSE file systems.
     set -- "$@" -b /dev/fuse

     # Mark PRIVATE recursively under (pivot) root, in order not to expose shared
     # mount points accidentally.
     set -- "$@" -k "none,/,none,0x44000"  # private,rec

     # Mount source/dest directories.
     # Note that those directories might be shared mountpoints and we allow them.
     # 0x5000 = bind,rec
     set -- "$@" -k "${source},${source_in_minijail},none,0x5000"
     # 0x84000 = slave,rec
     set -- "$@" -k "${source},${source_in_minijail},none,0x84000"
     # 0x102e = bind,remount,noexec,nodev,nosuid
     set -- "$@" -k "${source},${source_in_minijail},none,0x102e"

     # 0x1000 = bind
     set -- "$@" -k "${dest},${dest_in_minijail},none,0x1000"
     # 0x102e = bind,remount,noexec,nodev,nosuid
     set -- "$@" -k "${dest},${dest_in_minijail},none,0x102e"
   fi

   # Finally, specify command line arguments.
   set -- "$@" -- /usr/bin/mount-passthrough
   set -- "$@" "--source=${source_in_minijail}" "--dest=${dest_in_minijail}" \
       "--fuse_umask=${fuse_umask}" \
       "--fuse_uid=${fuse_uid}" "--fuse_gid=${fuse_gid}" \
       "--android_app_access_type=${android_app_access_type}"

   if [ "${force_group_permission}" = "true" ]; then
     set -- "$@" "--force_group_permission"
   fi

   exec minijail0 "$@"
 }
	#!/bin/bash
	# Copyright 2021 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	# Defines a wrapper function to run mount-passthrough with minijail0.

	# TODO(b/123669632): Remove the argument \|force_group_permission\| and related
	# logic once we start to run the daemon as MediaProvider UID and GID from
	# mount-passthrough-jailed-play.
	run_mount_passthrough_with_minijail0() {
	if [ $# -ne 12 ]; then
	echo "Usage: $0 source dest fuse_umask fuse_uid fuse_gid"\
	"android_app_access_type daemon_uid daemon_gid"\
	"inherit_supplementary_groups grant_cap_dac_override"\
	"force_group_permission" "enter_concierge_namespace"
	exit 1
	fi

	local source="${1}"
	local dest="${2}"
	local fuse_umask="${3}"
	local fuse_uid="${4}"
	local fuse_gid="${5}"
	local android_app_access_type="${6}"
	local daemon_uid="${7}"
	local daemon_gid="${8}"
	local inherit_supplementary_groups="${9}"
	local grant_cap_dac_override="${10}"
	local force_group_permission="${11}"
	local enter_concierge_namespace="${12}"

	# Set large enough open file limit since this process handles many open files.
	ulimit -n 8192

	# Start constructing minijail0 args...
	set --

	if [ "${enter_concierge_namespace}" = "true" ]; then
	# Enter the concierge namespace.
	set -- "$@" -V /run/namespaces/mnt_concierge
	else
	# Use minimalistic-mountns profile.
	set -- "$@" --profile=minimalistic-mountns
	fi

	# Enter a new UTS namespace.
	set -- "$@" --uts

	# Enter a new VFS namespace and remount /proc read-only.
	set -- "$@" -v -r

	# Enter a new network namespace.
	set -- "$@" -e

	# Enter a new IPC namespace.
	set -- "$@" -l

	# Grant CAP_SYS_ADMIN needed to mount FUSE filesystem.
	# Also, additionally grant CAP_DAC_OVERRIDE when specified so in order to
	# access all files in the source regardless of the daemon's UID and GID.
	if [ "${grant_cap_dac_override}" = "true" ]; then
	set -- "$@" -c 'cap_dac_override,cap_sys_admin+eip'
	else
	set -- "$@" -c 'cap_sys_admin+eip'
	fi

	# Set uid and gid of the daemon.
	set -- "$@" -u "${daemon_uid}" -g "${daemon_gid}"

	# Inherit supplementary groups if specified so.
	if [ "${inherit_supplementary_groups}" = "true" ]; then
	set -- "$@" -G
	fi

	# Allow sharing mounts between CrOS and Android.
	# WARNING: BE CAREFUL not to unexpectedly expose shared mounts in following
	# bind mounts! Always remount them with MS_REC\|MS_PRIVATE unless you want to
	# share those mounts explicitly.
	set -- "$@" -K

	local source_in_minijail="${source}"
	local dest_in_minijail="${dest}"

	if [ "${enter_concierge_namespace}" != "true" ]; then
	# Set up the source and destination under /mnt inside the new namespace.
	source_in_minijail=/mnt/source
	dest_in_minijail=/mnt/dest

	# Mount tmpfs on /mnt.
	set -- "$@" -k "tmpfs,/mnt,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC"

	# Bind /dev/fuse to mount FUSE file systems.
	set -- "$@" -b /dev/fuse

	# Mark PRIVATE recursively under (pivot) root, in order not to expose shared
	# mount points accidentally.
	set -- "$@" -k "none,/,none,0x44000" # private,rec

	# Mount source/dest directories.
	# Note that those directories might be shared mountpoints and we allow them.
	# 0x5000 = bind,rec
	set -- "$@" -k "${source},${source_in_minijail},none,0x5000"
	# 0x84000 = slave,rec
	set -- "$@" -k "${source},${source_in_minijail},none,0x84000"
	# 0x102e = bind,remount,noexec,nodev,nosuid
	set -- "$@" -k "${source},${source_in_minijail},none,0x102e"

	# 0x1000 = bind
	set -- "$@" -k "${dest},${dest_in_minijail},none,0x1000"
	# 0x102e = bind,remount,noexec,nodev,nosuid
	set -- "$@" -k "${dest},${dest_in_minijail},none,0x102e"
	fi

	# Finally, specify command line arguments.
	set -- "$@" -- /usr/bin/mount-passthrough
	set -- "$@" "--source=${source_in_minijail}" "--dest=${dest_in_minijail}" \
	"--fuse_umask=${fuse_umask}" \
	"--fuse_uid=${fuse_uid}" "--fuse_gid=${fuse_gid}" \
	"--android_app_access_type=${android_app_access_type}"

	if [ "${force_group_permission}" = "true" ]; then
	set -- "$@" "--force_group_permission"
	fi

	exec minijail0 "$@"
	}