mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2024-10-23 04:46:29 +00:00
4775054dbd
The virtio-fs usually does mapping of UIDs/GIDs between host and guest with user namespace. In Android, however, user namespace isn't available for non-root users. This CL allows mapping UIDs and GIDs without user namespace by intercepting FUSE requests and translating UID/GID in virito-fs's process at runtime. This leverages pretty much ARCVM usage of FS_IOC_SETPERMISSION ioctl; however, in this case, host sets up the permission and the UID-GID mapping. The format to set the mapping: "guest-uid,guest-gid,host-uid,host-gid,umask,path;<repeat for other paths>" guest-uid: UID to be set for all the files in the path inside guest. guest-gid: GID to be set for all the files in the path inside guest. host-uid: UID to be set for all the files in the path in the host. host-gid: GID to be set for all the files in the path in the host. umask: umask to be set at runtime for the files in the path. path: This is the relative path from the root of the shared directory. Current this is supported only for vhost-user-fs. Start the device: $/apex/com.android.virt/bin/crosvm device fs --socket=/tmp/virtiofs --tag=android \ --shared-dir=/data/media/0 \ --cfg=cache_policy=always,uid_gid_map="1000 1000 10286 1023 0007 /DCIM;1000 1000 1023 1023 0007 /Android" \ --disable-sandbox CrosVM will pass "--vhost-user-fs=/tmp/virtiofs,tag=android" when ferrochrome app is started. In the guest (in CrOS) for "chronos" user: $mount -t virtiofs android Downloads/ Verify DCIM/ and Android/ directories have "chronos" UID and GID. Create files inside DCIM/ and verify UID and GID's are correctly set on the host. Bug=b:340940950 Test: Launch ferrochrome app passing /storage/emulated/0 and mount virtiofs inside CrOS (guest VM). Change-Id: I637ad11eaaf8da58df7d1b04bf2fef05856a95a5 Signed-off-by: Akilesh Kailash <akailash@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5852617 Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
130 lines
4 KiB
TOML
130 lines
4 KiB
TOML
[package]
|
|
name = "devices"
|
|
version = "0.1.0"
|
|
authors = ["The ChromiumOS Authors"]
|
|
edition = "2021"
|
|
|
|
[features]
|
|
android_display = ["gpu_display/android_display"]
|
|
android_display_stub = ["gpu_display/android_display_stub"]
|
|
arc_quota = ["dbus", "protobuf", "system_api", "fs_permission_translation"]
|
|
fs_runtime_ugid_map = ["fs_permission_translation"]
|
|
# Allow intercepting incoming virtio-fs requests to modify its permission, UID or GID.
|
|
#
|
|
# This feature is not supposed to be specified directly. Instead, this will be automatically
|
|
# enabled when either `arc_quota` or `fs_runtime_ugid_map` is enabled.
|
|
fs_permission_translation = []
|
|
audio = []
|
|
audio_aaudio = []
|
|
audio_cras = ["libcras"]
|
|
balloon = []
|
|
gpu = ["gpu_display"]
|
|
gunyah = []
|
|
libvda-stub = ["libvda/libvda-stub"]
|
|
net = []
|
|
pvclock = []
|
|
geniezone = []
|
|
usb = []
|
|
vaapi = ["cros-codecs/vaapi", "crc32fast"]
|
|
video-decoder = []
|
|
video-encoder = []
|
|
minigbm = ["rutabaga_gfx/minigbm"]
|
|
x = ["gpu_display/x", "rutabaga_gfx/x"]
|
|
virgl_renderer = ["gpu", "rutabaga_gfx/virgl_renderer"]
|
|
vtpm = ["system_api", "protobuf", "dbus"]
|
|
gfxstream = ["gpu", "rutabaga_gfx/gfxstream"]
|
|
registered_events = []
|
|
slirp = ["net_util/slirp"]
|
|
stats = []
|
|
seccomp_trace = []
|
|
swap = ["swap/enable"]
|
|
whpx = []
|
|
pci-hotplug = []
|
|
noncoherent-dma = []
|
|
|
|
[dependencies]
|
|
argh = "0.1.7"
|
|
async-task = "4"
|
|
acpi_tables = {path = "../acpi_tables" }
|
|
anyhow = "1"
|
|
async-trait = "0.1.36"
|
|
audio_streams = "*"
|
|
audio_util = { path = "../audio_util" }
|
|
balloon_control = { path = "../common/balloon_control" }
|
|
base = { path = "../base" }
|
|
bit_field = { path = "../bit_field" }
|
|
cfg-if = "1.0.0"
|
|
chrono = { version = "0.4.34", features = [ "serde", "now" ], default-features = false }
|
|
crc32fast = { version = "1.2.1", optional = true }
|
|
cros_async = { path = "../cros_async" }
|
|
cros-codecs = { version = "0.0.4", optional = true }
|
|
crosvm_cli = { path = "../crosvm_cli" }
|
|
data_model = { path = "../common/data_model" }
|
|
dbus = { version = "0.9.7", features = ["stdfd"], optional = true }
|
|
disk = { path = "../disk" }
|
|
downcast-rs = "1.2.0"
|
|
enumn = "0.1.0"
|
|
ffmpeg = { path = "../media/ffmpeg", optional = true }
|
|
gpu_display = { path = "../gpu_display", optional = true }
|
|
rutabaga_gfx = { path = "../rutabaga_gfx" }
|
|
hypervisor = { path = "../hypervisor" }
|
|
kvm_sys = { path = "../kvm_sys" }
|
|
libc = "0.2"
|
|
libvda = { path = "../media/libvda", optional = true }
|
|
linux_input_sys = { path = "../linux_input_sys" }
|
|
metrics = { path = "../metrics" }
|
|
net_util = { path = "../net_util" }
|
|
num-traits = "0.2"
|
|
once_cell = "1.7.2"
|
|
power_monitor = { path = "../power_monitor" }
|
|
protobuf = { version = "3.2", optional = true }
|
|
protos = { path = "../protos", optional = true }
|
|
rand = "0.8"
|
|
remain = "0.2"
|
|
resources = { path = "../resources" }
|
|
serde = { version = "1", features = [ "derive", "rc" ] }
|
|
serde_json = "1"
|
|
serde_keyvalue = { path = "../serde_keyvalue", features = ["argh_derive"] }
|
|
smallvec = "1.6.1"
|
|
sync = { path = "../common/sync" }
|
|
system_api = { path = "../system_api", optional = true }
|
|
thiserror = "1.0.20"
|
|
cros_tracing = { path = "../cros_tracing" }
|
|
swap = { path = "../swap" }
|
|
vmm_vhost = { path = "../third_party/vmm_vhost" }
|
|
virtio_sys = { path = "../virtio_sys" }
|
|
vm_control = { path = "../vm_control" }
|
|
vm_memory = { path = "../vm_memory" }
|
|
zerocopy = { version = "0.7", features = ["derive"] }
|
|
|
|
[target.'cfg(any(target_os = "android", target_os = "linux"))'.dependencies]
|
|
android_audio = { path = "../android_audio" }
|
|
fuse = {path = "../fuse" }
|
|
jail = { path = "../jail" }
|
|
libcras = { version = "*", optional = true }
|
|
minijail = "*"
|
|
net_sys = { path = "../net_sys" }
|
|
p9 = "0.2"
|
|
usb_util = { path = "../usb_util" }
|
|
vfio_sys = { path = "../vfio_sys" }
|
|
vhost = { path = "../vhost" }
|
|
|
|
[target.'cfg(windows)'.dependencies]
|
|
broker_ipc = { path = "../broker_ipc" }
|
|
tube_transporter = { path = "../tube_transporter" }
|
|
win_audio = { path = "../win_audio"}
|
|
win_util = { path = "../win_util"}
|
|
winapi = "0.3"
|
|
|
|
[dependencies.futures]
|
|
version = "0.3"
|
|
features = ["async-await", "std"]
|
|
default-features = false
|
|
|
|
[dev-dependencies]
|
|
bytes = "1.1.0"
|
|
crc32fast = "1"
|
|
libtest-mimic = "0.6"
|
|
named-lock = "0.3"
|
|
tempfile = "3"
|