diff --git a/appdata-sandbox64.json b/appdata-sandbox64.json index aaacee3a5f867e077165ae5d8102b913cdbbf16e..445be4b5f9a3d040c1ecd4ad46d101c2fc4452dc 100644 --- a/appdata-sandbox64.json +++ b/appdata-sandbox64.json @@ -1,163 +1,141 @@ { - "common" : [{ - "top-sandbox-switch": "ON", - "app-base" : [{ - "sandbox-root" : "/mnt/sandbox/", - "sandbox-ns-flags" : [ "net" ], - "mount-paths" : [{ - "src-path" : "/system/lib", - "sandbox-path" : "/system/lib", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/platformsdk", - "sandbox-path" : "/system/lib64/platformsdk", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/ndk", - "sandbox-path" : "/system/lib64/ndk", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/module", - "sandbox-path" : "/system/lib64/module", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/chipset-pub-sdk", - "sandbox-path" : "/system/lib64/chipset-pub-sdk", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/chipset-sdk", - "sandbox-path" : "/system/lib64/chipset-sdk", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/seccomp", - "sandbox-path" : "/system/lib64/seccomp", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/extensionability", - "sandbox-path" : "/system/lib64/extensionability", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/media", - "sandbox-path" : "/system/lib64/media", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib/ld-musl-aarch64.so.1", - "sandbox-path" : "/system/lib/ld-musl-aarch64.so.1", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/asan/lib64", - "sandbox-path" : "/system/asan/lib64", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/vendor/lib64", - "sandbox-path" : "/vendor/lib64", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/vendor/asan/lib64", - "sandbox-path" : "/vendor/asan/lib64", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - } - ], - "symbol-links" : [{ - "target-name" : "/system/lib64", - "link-name" : "/lib64", - "check-action-status": "false" - } - ] - }], - "app-resources" : [{ - "sandbox-root" : "/mnt/sandbox/", - "mount-paths" : [], - "flags-point" : [], - "symbol-links" : [] - }] + "sandbox-root" : "/mnt/sandbox/system", + "mount-bind-paths" : [{ + "src-path" : "/system/bin", + "sandbox-path" : "/system/bin", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/system/etc", + "sandbox-path" : "/system/etc", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/system/lib64", + "sandbox-path" : "/system/lib64", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/system/lib", + "sandbox-path" : "/system/lib", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/system/profile", + "sandbox-path" : "/system/profile", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/system/app", + "sandbox-path" : "/system/app", + "sandbox-flags" : [ "bind", "rec", "private" ], + "ignore": 1 + }, { + "src-path" : "/system/fonts", + "sandbox-path" : "/system/fonts", + "sandbox-flags" : [ "bind", "rec", "private" ], + "ignore": 1 + }, { + "src-path" : "/system/usr", + "sandbox-path" : "/system/usr", + "sandbox-flags" : [ "bind", "rec", "private" ], + "ignore": 1 + }, { + "src-path" : "/system/resource", + "sandbox-path" : "/system/resource", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/vendor/lib64/chipsetsdk", + "sandbox-path" : "/vendor/lib64/chipsetsdk", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/vendor/firmware", + "sandbox-path" : "/vendor/firmware", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/dev", + "sandbox-path" : "/dev", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/proc", + "sandbox-path" : "/proc", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/data", + "sandbox-path" : "/data", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/log", + "sandbox-path" : "/log", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/sys/kernel/debug/tracing", + "sandbox-path" : "/sys/kernel/debug/tracing", + "sandbox-flags" : [ "bind", "private" ], + "ignore": 1 + }, { + "src-path" : "/sys/kernel/debug/tracing", + "sandbox-path" : "/sys/kernel/debug/tracing", + "sandbox-flags" : [ "bind", "private" ] + }, { + "src-path" : "/sys/kernel/debug", + "sandbox-path" : "/sys/kernel/debug", + "sandbox-flags" : [ "bind", "private" ] + }, { + "src-path" : "/sys", + "sandbox-path" : "/sys", + "sandbox-flags" : [ "bind", "private" ] + }, { + "src-path" : "/config", + "sandbox-path" : "/config", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/mnt", + "sandbox-path" : "/mnt", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/sys_prod", + "sandbox-path" : "/sys_prod", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/vendor/etc", + "sandbox-path" : "/vendor/etc", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/vendor", + "sandbox-path" : "/chipset", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/chip_prod", + "sandbox-path" : "/chip_prod", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/module_update", + "sandbox-path" : "/module_update", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/vendor/lib64", + "sandbox-path" : "/vendor/lib64", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/chipset/etc", + "sandbox-path" : "/chipset/etc", + "sandbox-flags" : [ "bind", "rec", "private" ] + }, { + "src-path" : "/chip_prod/etc", + "sandbox-path" : "/chip_prod/etc", + "sandbox-flags" : [ "bind", "rec", "private" ] + } + ], + "mount-bind-files" : [{ }], - "individual" : [{ - "__internal__.com.ohos.render" : [{ - "sandbox-root" : "/mnt/sandbox/com.ohos.render/", - "sandbox-ns-flags" : [ "pid", "net" ], - "mount-paths" : [{ - "src-path" : "/system/lib", - "sandbox-path" : "/system/lib", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - },{ - "src-path" : "/system/lib64/platformsdk", - "sandbox-path" : "/system/lib64/platformsdk", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/ndk", - "sandbox-path" : "/system/lib64/ndk", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/module", - "sandbox-path" : "/system/lib64/module", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/chipset-pub-sdk", - "sandbox-path" : "/system/lib64/chipset-pub-sdk", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/chipset-sdk", - "sandbox-path" : "/system/lib64/chipset-sdk", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/seccomp", - "sandbox-path" : "/system/lib64/seccomp", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/extensionability", - "sandbox-path" : "/system/lib64/extensionability", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib64/media", - "sandbox-path" : "/system/lib64/media", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/system/lib/ld-musl-aarch64.so.1", - "sandbox-path" : "/system/lib/ld-musl-aarch64.so.1", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - }, { - "src-path" : "/vendor/lib64", - "sandbox-path" : "/vendor/lib64", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "false" - } - ], - "symbol-links" : [{ - "target-name" : "/system/lib64", - "link-name" : "/lib64", - "check-action-status": "false" - } - ], - "flags-point" : [{ - "flags": "DLP_MANAGER", - "sandbox-root" : "/mnt/sandbox/com.ohos.render/", - "mount-paths" : [], - "symbol-links" : [{}] - }] - }] - }] + "symbol-links" : [{ + "target-name" : "/system/lib64", + "link-name" : "/lib64" + }, { + "target-name" : "/system/lib", + "link-name" : "/lib" + }, { + "target-name" : "/system/bin", + "link-name" : "/bin" + }, { + "target-name" : "/system/etc", + "link-name" : "/etc" + } + ] }