Detailed discussion on mounting and unloading of android 6.0 fuse file system
- 2021-10-11 19:31:00
- OfStack
In android4.4, vold is also achieved by using fuse file system, and the directory of sd card (storage directory) is obtained from the actual mount directory of sd (mnt/media_rw). However, in android 4.4, vold only writes the attribute, and then init monitors this attribute. When the attribute changes, it will start the sdcard process.
Then android6.0 is directly in vold, and fork1 processes directly start sdcard process to mount fuse file system. And when you uninstall sd, you uninstall the fuse file system in vold.
1. Mount the sd card
Below is parsing android6. 0vold, mounting sd card is a piece of code, let's take a look. Shows mounting the sd card and then performing the fuse operation.
if (vfat::Mount(mDevPath, mRawPath, false, false, false,// Mount sd Card
AID_MEDIA_RW, AID_MEDIA_RW, 0007, true)) {
PLOG(ERROR) << getId() << " failed to mount " << mDevPath;
return -EIO;
}
if (getMountFlags() & MountFlags::kPrimary) {
initAsecStage();
}
if (!(getMountFlags() & MountFlags::kVisible)) {
// Not visible to apps, so no need to spin up FUSE
return OK;
}
//creat dir by fuse before fuse action.
if (fs_prepare_dir(mFuseDefault.c_str(), 0700, AID_ROOT, AID_ROOT) ||
fs_prepare_dir(mFuseRead.c_str(), 0700, AID_ROOT, AID_ROOT) ||
fs_prepare_dir(mFuseWrite.c_str(), 0700, AID_ROOT, AID_ROOT)) {
PLOG(ERROR) << getId() << " failed to create fuse points";
return -errno;
}
dev_t before = GetDevice(mFuseWrite);
if (!(mFusePid = fork())) {
if (getMountFlags() & MountFlags::kPrimary) {
if (execl(kFusePath, kFusePath,//fuse Operation
"-u", "1023", // AID_MEDIA_RW
"-g", "1023", // AID_MEDIA_RW
"-U", std::to_string(getMountUserId()).c_str(),
"-w",
mRawPath.c_str(),
stableName.c_str(),
NULL)) {
PLOG(ERROR) << "Failed to exec";
}
} else {
if (execl(kFusePath, kFusePath,
"-u", "1023", // AID_MEDIA_RW
"-g", "1023", // AID_MEDIA_RW
"-U", std::to_string(getMountUserId()).c_str(),
mRawPath.c_str(),
stableName.c_str(),
NULL)) {
PLOG(ERROR) << "Failed to exec";
}
}
Let's look at the code of fuse again, that is, in sdcard. Get the data in the main function first,
int main(int argc, char **argv) {
const char *source_path = NULL;
const char *label = NULL;
uid_t uid = 0;
gid_t gid = 0;
userid_t userid = 0;
bool multi_user = false;
bool full_write = false;
int i;
struct rlimit rlim;
int fs_version;
int opt;
while ((opt = getopt(argc, argv, "u:g:U:mw")) != -1) {
switch (opt) {
case 'u':
uid = strtoul(optarg, NULL, 10);
break;
case 'g':
gid = strtoul(optarg, NULL, 10);
break;
case 'U':
userid = strtoul(optarg, NULL, 10);
break;
case 'm':
multi_user = true;
break;
case 'w':
full_write = true;
break;
case '?':
default:
return usage();
}
}
for (i = optind; i < argc; i++) {
char* arg = argv[i];
if (!source_path) {
source_path = arg;
} else if (!label) {
label = arg;
} else {
ERROR("too many arguments\n");
return usage();
}
}
if (!source_path) {
ERROR("no source path specified\n");
return usage();
}
if (!label) {
ERROR("no label specified\n");
return usage();
}
if (!uid || !gid) {
ERROR("uid and gid must be nonzero\n");
return usage();
}
rlim.rlim_cur = 8192;
rlim.rlim_max = 8192;
if (setrlimit(RLIMIT_NOFILE, &rlim)) {
ERROR("Error setting RLIMIT_NOFILE, errno = %d\n", errno);
}
while ((fs_read_atomic_int("/data/.layout_version", &fs_version) == -1) || (fs_version < 3)) {
ERROR("installd fs upgrade not yet complete. Waiting...\n");
sleep(1);
}
ERROR("kangchen sdcard path:%s label:%s\n", source_path, label);
run(source_path, label, uid, gid, userid, multi_user, full_write);
return 1;
}
source_path is the actual mounting address of sd card, and then the run function is called. Some initialization is carried out in the run function, and then three fuse file systems, default, read and write, are mounted, and then three threads are opened to handle read, write and open of these three file systems.
static void run(const char* source_path, const char* label, uid_t uid,
gid_t gid, userid_t userid, bool multi_user, bool full_write) {
struct fuse_global global;
struct fuse fuse_default;
struct fuse fuse_read;
struct fuse fuse_write;
struct fuse_handler handler_default;
struct fuse_handler handler_read;
struct fuse_handler handler_write;
pthread_t thread_default;
pthread_t thread_read;
pthread_t thread_write;
memset(&global, 0, sizeof(global));
memset(&fuse_default, 0, sizeof(fuse_default));
memset(&fuse_read, 0, sizeof(fuse_read));
memset(&fuse_write, 0, sizeof(fuse_write));
memset(&handler_default, 0, sizeof(handler_default));
memset(&handler_read, 0, sizeof(handler_read));
memset(&handler_write, 0, sizeof(handler_write));
pthread_mutex_init(&global.lock, NULL);
global.package_to_appid = hashmapCreate(256, str_hash, str_icase_equals);
global.uid = uid;
global.gid = gid;
global.multi_user = multi_user;
global.next_generation = 0;
global.inode_ctr = 1;
memset(&global.root, 0, sizeof(global.root));
global.root.nid = FUSE_ROOT_ID; /* 1 */
global.root.refcount = 2;
global.root.namelen = strlen(source_path);
global.root.name = strdup(source_path);
global.root.userid = userid;
global.root.uid = AID_ROOT;
global.root.under_android = false;
strcpy(global.source_path, source_path);
if (multi_user) {
global.root.perm = PERM_PRE_ROOT;
snprintf(global.obb_path, sizeof(global.obb_path), "%s/obb", source_path);
} else {
global.root.perm = PERM_ROOT;
snprintf(global.obb_path, sizeof(global.obb_path), "%s/Android/obb", source_path);
}
fuse_default.global = &global;
fuse_read.global = &global;
fuse_write.global = &global;
global.fuse_default = &fuse_default;
global.fuse_read = &fuse_read;
global.fuse_write = &fuse_write;
snprintf(fuse_default.dest_path, PATH_MAX, "/mnt/runtime/default/%s", label);
snprintf(fuse_read.dest_path, PATH_MAX, "/mnt/runtime/read/%s", label);
snprintf(fuse_write.dest_path, PATH_MAX, "/mnt/runtime/write/%s", label);
handler_default.fuse = &fuse_default;
handler_read.fuse = &fuse_read;
handler_write.fuse = &fuse_write;
handler_default.token = 0;
handler_read.token = 1;
handler_write.token = 2;
umask(0);
if (multi_user) {
/* Multi-user storage is fully isolated per user, so "other"
* permissions are completely masked off. */
if (fuse_setup(&fuse_default, AID_SDCARD_RW, 0006)
|| fuse_setup(&fuse_read, AID_EVERYBODY, 0027)
|| fuse_setup(&fuse_write, AID_EVERYBODY, full_write ? 0007 : 0027)) {
ERROR("failed to fuse_setup\n");
exit(1);
}
} else {
/* Physical storage is readable by all users on device, but
* the Android directories are masked off to a single user
* deep inside attr_from_stat(). */
if (fuse_setup(&fuse_default, AID_SDCARD_RW, 0006)
|| fuse_setup(&fuse_read, AID_EVERYBODY, full_write ? 0027 : 0022)
|| fuse_setup(&fuse_write, AID_EVERYBODY, full_write ? 0007 : 0022)) {
ERROR("failed to fuse_setup\n");
exit(1);
}
}
/* Drop privs */
if (setgroups(sizeof(kGroups) / sizeof(kGroups[0]), kGroups) < 0) {
ERROR("cannot setgroups: %s\n", strerror(errno));
exit(1);
}
if (setgid(gid) < 0) {
ERROR("cannot setgid: %s\n", strerror(errno));
exit(1);
}
if (setuid(uid) < 0) {
ERROR("cannot setuid: %s\n", strerror(errno));
exit(1);
}
if (multi_user) {
fs_prepare_dir(global.obb_path, 0775, uid, gid);
}
if (pthread_create(&thread_default, NULL, start_handler, &handler_default)
|| pthread_create(&thread_read, NULL, start_handler, &handler_read)
|| pthread_create(&thread_write, NULL, start_handler, &handler_write)) {
ERROR("failed to pthread_create\n");
exit(1);
}
watch_package_list(&global);
ERROR("terminated prematurely\n");
exit(1);
}
Where the fuse file system is mounted in fuse_setup
static int fuse_setup(struct fuse* fuse, gid_t gid, mode_t mask) {
char opts[256];
fuse->fd = open("/dev/fuse", O_RDWR);
if (fuse->fd == -1) {
ERROR("failed to open fuse device: %s\n", strerror(errno));
return -1;
}
umount2(fuse->dest_path, MNT_DETACH);
snprintf(opts, sizeof(opts),
"fd=%i,rootmode=40000,default_permissions,allow_other,user_id=%d,group_id=%d",
fuse->fd, fuse->global->uid, fuse->global->gid);
if (mount("/dev/fuse", fuse->dest_path, "fuse", MS_NOSUID | MS_NODEV | MS_NOEXEC |
MS_NOATIME, opts) != 0) {
ERROR("failed to mount fuse filesystem: %s\n", strerror(errno));
return -1;
}
fuse->gid = gid;
fuse->mask = mask;
return 0;
}
However, although three fuse file systems, default, read and write, are mounted.
However, it seems that only default is useful, because the default directory is directly mounted to storage in init. rc, and the application can only get the storage directory, so only fuse of default is actually useful.
on post-fs
start logd
#add for amt
chmod 0755 /amt
# once everything is setup, no need to modify /
mount rootfs rootfs / ro remount
# Mount shared so changes propagate into child namespaces
mount rootfs rootfs / shared rec
# Mount default storage into root namespace
mount none /mnt/runtime/default /storage slave bind rec
2. sd card unloading process
Then let's take a look at the process of uninstalling sd card by android. When uninstalling sd card, we first uninstall fuse file system, and then uninstall mount address of sd card.
status_t PublicVolume::doUnmount() {
if (mFusePid > 0) {
kill(mFusePid, SIGTERM);
TEMP_FAILURE_RETRY(waitpid(mFusePid, nullptr, 0));
mFusePid = 0;
}
ForceUnmount(kAsecPath);
ForceUnmount(mFuseDefault);
ForceUnmount(mFuseRead);
ForceUnmount(mFuseWrite);
ForceUnmount(mRawPath);
rmdir(mFuseDefault.c_str());
rmdir(mFuseRead.c_str());
rmdir(mFuseWrite.c_str());
rmdir(mRawPath.c_str());
mFuseDefault.clear();
mFuseRead.clear();
mFuseWrite.clear();
mRawPath.clear();
return OK;
}
As we all know, when uninstalling the mount address of the sd card, we will check which processes are using the files in the sd card.
How to check it? Is through proc/pid below each file soft link, and then through readlink to find the real file address, to determine whether you are occupying sd card files.
However, when uninstalling the fuse file system, for example, you have a process operating the files in the sd card. At this time, operating the storage directory of the sd card will bring fuse to the real mount address of the sd card. In fact, the fuse file system is working, which leads to the failure to uninstall.
However, it is impossible to find out who occupies fuse files at this time, because the process is operating sd card files, which will lead to the operation of fuse file system, and will not uninstall fuse file system. However, the files that can be found and occupied can only be those of sd card.
In fact, we also encounter such problems, so I think that kill should first use the process of sd card, and then uninstall fuse file system. In this way, there will be no process to operate the files in the sd card, which will lead to the fuse file system being busy and unable to uninstall. The problem I encountered is: 1 sd card file occupied by the following process
root@lte26007:/proc/2365/fd # ls -l
lrwx------ root radio 2016-05-25 13:42 0 -> /dev/null
lrwx------ root radio 2016-05-25 13:42 1 -> /dev/null
lrwx------ root radio 2016-05-25 13:42 10 -> /storage/2C10-0CCC/elog/elog_20160525_134206/PHY0/test_20160525_134208_00.bin_last_0
lrwx------ root radio 2016-05-25 13:42 11 -> /storage/2C10-0CCC/elog/elog_20160525_134206/PHY0/log_up_data.dat
lrwx------ root radio 2016-05-25 13:42 12 -> /storage/2C10-0CCC/elog/elog_20160525_134206/PHY1/test_20160525_134209_head.bin
lrwx------ root radio 2016-05-25 13:42 13 -> /storage/2C10-0CCC/elog/elog_20160525_134206/PHY1/test_20160525_134209_00.bin_last_0
lrwx------ root radio 2016-05-25 13:42 14 -> /storage/2C10-0CCC/elog/elog_20160525_134206/PHY1/log_up_data.dat
lrwx------ root radio 2016-05-25 13:42 15 -> /storage/2C10-0CCC/elog/elog_20160525_134206/PFM/test_20160525_134209_head.bin
lrwx------ root radio 2016-05-25 13:42 16 -> /storage/2C10-0CCC/elog/elog_20160525_134206/PFM/test_20160525_134209_00.bin_last_0
lrwx------ root radio 2016-05-25 13:42 17 -> /storage/2C10-0CCC/elog/elog_20160525_134206/PFM/log_up_data.dat
lrwx------ root radio 2016-05-25 13:42 18 -> /dev/lmi10
lrwx------ root radio 2016-05-25 13:42 19 -> /dev/TPC0
lrwx------ root radio 2016-05-25 13:42 2 -> /dev/null
lrwx------ root radio 2016-05-25 13:42 20 -> /dev/modem
lrwx------ root radio 2016-05-25 13:42 21 -> /dev/TPC1
lrwx------ root radio 2016-05-25 13:42 22 -> /dev/modem
lrwx------ root radio 2016-05-25 13:42 23 -> /dev/lmi9
lrwx------ root radio 2016-05-25 13:42 24 -> socket:[14761]
lrwx------ root radio 2016-05-25 13:42 26 -> socket:[14764]
lrwx------ root radio 2016-05-25 13:42 3 -> socket:[15482]
lrwx------ root radio 2016-05-25 13:42 4 -> /tmp/lc-elog.pid
lrwx------ root radio 2016-05-25 13:42 5 -> /storage/2C10-0CCC/elog/elog_20160525_134206/HLS/test_20160525_134208_head.bin
lrwx------ root radio 2016-05-25 13:42 6 -> /storage/2C10-0CCC/elog/elog_20160525_134206/HLS/test_20160525_134208_00.bin_last_0
lrwx------ root radio 2016-05-25 13:42 7 -> /storage/2C10-0CCC/elog/elog_20160525_134206/HLS/log_up_data.dat
lrwx------ root radio 2016-05-25 13:42 8 -> /storage/2C10-0CCC/elog/elog_20160525_134206/PHY0/test_20160525_134208_head.bin
lr-x------ root radio 2016-05-25 13:42 9 -> /dev/__properties__
root@lte26007:/proc/2365/fd
As for how kill is using the sd card process:
status_t PublicVolume::doUnmount() {
if (mFusePid > 0) {
kill(mFusePid, SIGTERM);
TEMP_FAILURE_RETRY(waitpid(mFusePid, nullptr, 0));
mFusePid = 0;
}
ForceUnmount(kAsecPath);
LOG(VERBOSE) << "start";
KillProcessesUsingPath(getPath());
LOG(VERBOSE) << "end";
ForceUnmount(mFuseDefault);
ForceUnmount(mFuseRead);
ForceUnmount(mFuseWrite);
ForceUnmount(mRawPath);
rmdir(mFuseDefault.c_str());
rmdir(mFuseRead.c_str());
rmdir(mFuseWrite.c_str());
rmdir(mRawPath.c_str());
mFuseDefault.clear();
mFuseRead.clear();
mFuseWrite.clear();
mRawPath.clear();
return OK;
}
You can call KillProcessesUsingPath to kill processes that are using the sd card directory before uninstalling the fuse file system. This mPath path, if it is an sd card, is the directory under storage, not the mount address of the sd card. If it is an sd card inserted by otg, it is the mount address of sd card, because otg has no directory under storage directory, only one mount address accesses it, and there is no fuse. In this way, the problem is solved.