diff --git a/modules/nweb_adapter/nwebspawn_adapter.cpp b/modules/nweb_adapter/nwebspawn_adapter.cpp index f3af3945cc18f43a16dd9e2f9d7151cafec7e834..6a54d3d087bc925d181ae3237ec31a5299b5f51d 100644 --- a/modules/nweb_adapter/nwebspawn_adapter.cpp +++ b/modules/nweb_adapter/nwebspawn_adapter.cpp @@ -34,12 +34,6 @@ #include "seccomp_policy.h" #endif -#ifndef APPSPAWN_TEST -#define APPSPAWN_STATIC static -#else -#define APPSPAWN_STATIC -#endif - namespace { #if defined(webview_arm64) const std::string ARK_WEB_CORE_HAP_LIB_PATH = @@ -57,7 +51,7 @@ namespace { const std::string WEB_RENDER_LIB_NAME = "libnweb_render.so"; } // namespace -APPSPAWN_STATIC bool SetSeccompPolicyForRenderer(void *nwebRenderHandle) +static bool SetSeccompPolicyForRenderer(void *nwebRenderHandle) { #ifdef WITH_SECCOMP if (IsEnableSeccomp()) { diff --git a/modules/sandbox/appspawn_sandbox.c b/modules/sandbox/appspawn_sandbox.c index beb7edc51be7e06417a3866b6d3707ebe733f171..c417492d625c5da95f8050f28a32df08339b76d4 100644 --- a/modules/sandbox/appspawn_sandbox.c +++ b/modules/sandbox/appspawn_sandbox.c @@ -226,7 +226,6 @@ static int InitSandboxContext(SandboxContext *context, context->sandboxShared = packageNode->section.sandboxShared; } context->message = property->message; - context->sandboxNsFlags = CLONE_NEWNS; if (NeedNetworkIsolated(context, property)) { @@ -591,24 +590,23 @@ static void MountDir(AppSpawnMsgDacInfo *info, const char *bundleName, const cha } const int userIdBase = UID_BASE; - size_t allPathSize = strlen(rootPath) + strlen(targetPath) + strlen(bundleName) + 2; - allPathSize += USER_ID_SIZE; - char *path = (char *)malloc(sizeof(char) * (allPathSize)); - (void)memset_s(path, allPathSize, 0, allPathSize); - APPSPAWN_CHECK(path != NULL, return, "Failed to malloc path"); - int len = sprintf_s(path, allPathSize, "%s%u/%s%s", rootPath, info->uid / userIdBase, bundleName, targetPath); - APPSPAWN_CHECK(len > 0 && ((size_t)len < allPathSize), free(path); - return, "Failed to get sandbox path"); + char path[MAX_SANDBOX_BUFFER] = {0}; + int ret = snprintf_s(path, MAX_SANDBOX_BUFFER, MAX_SANDBOX_BUFFER - 1, "%s%u/%s%s", rootPath, + info->uid / userIdBase, bundleName, targetPath); + if (ret <= 0) { + APPSPAWN_LOGE("snprintf_s path failed, errno %{public}d", errno); + return; + } if (access(path, F_OK) == 0) { - free(path); return; } - MakeDirRec(path, DIR_MODE, 1); + ret = MakeDirRec(path, DIR_MODE, 1); + APPSPAWN_CHECK(ret == 0, return, "mkdir %{public}s failed, ret %{public}d", path, ret); + if (mount(path, path, NULL, MS_BIND | MS_REC, NULL) != 0) { APPSPAWN_LOGI("bind mount %{public}s failed, error %{public}d", path, errno); - free(path); return; } if (mount(NULL, path, NULL, MS_SHARED, NULL) != 0) { @@ -616,8 +614,6 @@ static void MountDir(AppSpawnMsgDacInfo *info, const char *bundleName, const cha } else { APPSPAWN_LOGI("mount path %{public}s to shared success", path); } - - free(path); } static const MountSharedTemplate MOUNT_SHARED_MAP[] = { @@ -637,12 +633,14 @@ static int MountInShared(const AppSpawnMsgDacInfo *info, const char *rootPath, c int ret = snprintf_s(path, MAX_SANDBOX_BUFFER, MAX_SANDBOX_BUFFER - 1, "%s/%u/app-root/%s", rootPath, info->uid / UID_BASE, target); if (ret <= 0) { + APPSPAWN_LOGI("snprintf_s path failed, errno %{public}d", errno); return APPSPAWN_ERROR_UTILS_MEM_FAIL; } char currentUserPath[MAX_SANDBOX_BUFFER] = {0}; ret = snprintf_s(currentUserPath, MAX_SANDBOX_BUFFER, MAX_SANDBOX_BUFFER - 1, "%s/currentUser", path); if (ret <= 0) { + APPSPAWN_LOGI("snprintf_s currentUserPath failed, errno %{public}d", errno); return APPSPAWN_ERROR_UTILS_MEM_FAIL; } @@ -652,6 +650,7 @@ static int MountInShared(const AppSpawnMsgDacInfo *info, const char *rootPath, c ret = MakeDirRec(path, DIR_MODE, 1); if (ret != 0) { + APPSPAWN_LOGE("mkdir %{public}s failed, ret %{public}d", path, ret); return APPSPAWN_SANDBOX_ERROR_MKDIR_FAIL; } @@ -683,6 +682,7 @@ static int SharedMountInSharefs(const AppSpawnMsgDacInfo *info, const char *root ret = MakeDirRec(target, DIR_MODE, 1); if (ret != 0) { + APPSPAWN_LOGE("mkdir %{public}s failed, ret %{public}d", target, ret); return APPSPAWN_SANDBOX_ERROR_MKDIR_FAIL; } @@ -766,6 +766,8 @@ static void MountDirToShared(const SandboxContext *context, AppSpawnSandboxCfg * return; } + UpdateStorageDir(context, sandbox, info); + MountDir(info, appRootName, rootPath, nwebPath); MountDir(info, appRootName, rootPath, nwebTmpPath); @@ -773,8 +775,6 @@ static void MountDirToShared(const SandboxContext *context, AppSpawnSandboxCfg * return; } - UpdateStorageDir(context, sandbox, info); - int length = sizeof(MOUNT_SHARED_MAP) / sizeof(MOUNT_SHARED_MAP[0]); for (int i = 0; i < length; i++) { if (MOUNT_SHARED_MAP[i].permission == NULL) { diff --git a/modules/sandbox/sandbox_shared_mount.cpp b/modules/sandbox/sandbox_shared_mount.cpp index dd30935a8f1e693f9cb10651f8e6cb6794e7e126..56d52446ff9cccdf55976405c5182a1ab85e3d5e 100644 --- a/modules/sandbox/sandbox_shared_mount.cpp +++ b/modules/sandbox/sandbox_shared_mount.cpp @@ -152,7 +152,6 @@ static int DoSharedMount(const SharedMountArgs *arg) static void GetMountInfo(std::vector &sharedMounts, AppDacInfo *info, const std::string &bundleName) { - APPSPAWN_LOGI("Get mountinfo %{public}s start", bundleName.c_str()); std::ifstream file("/proc/self/mountinfo"); if (!file.is_open()) { APPSPAWN_LOGE("Failed to open mountinfo, errno: %{public}d", errno); @@ -167,7 +166,7 @@ static void GetMountInfo(std::vector &sharedMounts, AppDacInfo *inf } } file.close(); - APPSPAWN_LOGW("Get mountinfo %{public}s end", bundleName.c_str()); + APPSPAWN_LOGI("Get mountinfo %{public}s end", bundleName.c_str()); } static bool IsSandboxPathShared(const std::vector &sharedMounts, const std::string &sandboxPath) @@ -193,7 +192,7 @@ static int MountEl1Bundle(const AppSpawningCtx *property, const AppDacInfo *info /* /mnt/sandbox///data/storage/el1/bundle */ char targetPath[PATH_MAX_LEN] = {0}; - ret = snprintf_s(targetPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "/mnt/sandbox/%d/%s/data/storage/el1/bundle", + ret = snprintf_s(targetPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "/mnt/sandbox/%u/%s/data/storage/el1/bundle", info->uid/ UID_BASE, bundleName); if (ret <= 0) { APPSPAWN_LOGE("snprintf el1 bundle sandbox path failed, errno %{public}d", errno); @@ -445,7 +444,7 @@ static int AddDataGroupItemToQueue(AppSpawnMgr *content, const std::string &srcP } dataGroupNode->srcPath.pathLen = strlen(dataGroupNode->srcPath.path); dataGroupNode->destPath.pathLen = strlen(dataGroupNode->destPath.path); - ListNode *node = OH_ListFind(&content->dataGroupCtxQueue, (void*)dataGroupNode, DataGroupCtxNodeCompare); + ListNode *node = OH_ListFind(&content->dataGroupCtxQueue, (void *)dataGroupNode, DataGroupCtxNodeCompare); if (node != nullptr) { APPSPAWN_LOGI("DataGroupCtxNode %{public}s is exist", dataGroupNode->srcPath.path); return 0; @@ -547,7 +546,7 @@ int UpdateDataGroupDirs(AppSpawnMgr *content) while (node != &content->dataGroupCtxQueue) { DataGroupCtx *dataGroupNode = (DataGroupCtx *)ListEntry(node, DataGroupCtx, node); char sandboxPath[PATH_MAX_LEN] = {0}; - int ret = snprintf_s(sandboxPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s/%s", dataGroupNode->destPath.path, + int ret = snprintf_s(sandboxPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s%s", dataGroupNode->destPath.path, dataGroupNode->dataGroupUuid); if (ret <= 0) { APPSPAWN_LOGE("snprintf_s sandboxPath: %{public}s failed, errno %{public}d", @@ -567,7 +566,6 @@ int UpdateDataGroupDirs(AppSpawnMgr *content) if (ret != 0) { APPSPAWN_LOGE("Shared mount %{public}s to %{public}s failed, errno %{public}d", args.srcPath, sandboxPath, ret); - return APPSPAWN_SANDBOX_ERROR_MOUNT_FAIL; } node = node->next; } @@ -634,4 +632,3 @@ MODULE_CONSTRUCTOR(void) (void)AddServerStageHook(STAGE_SERVER_LOCK, HOOK_PRIO_COMMON, UpdateDataGroupDirs); #endif } - diff --git a/service/hnp/installer/README_zh.md b/service/hnp/installer/README_zh.md index bbf53414b7744028fb26d2771455b2b9a1f84915..d06cda79743d787cb9f67e135deb054bc92611ad 100644 --- a/service/hnp/installer/README_zh.md +++ b/service/hnp/installer/README_zh.md @@ -20,7 +20,7 @@ Native软件包安装就是将从应用市场下载解压出来的hnp包安装到鸿蒙PC设备上。当前提供接口调用以及hnp命令行两种方式进行安装。 - 1) hnp帮助命令 hnp -h。 +1) hnp帮助命令 hnp -h: ``` usage:hnp [-u ][-p ][-i ][-f][-s ][-a ] @@ -141,7 +141,7 @@ b. 强制安装会将已安装的软件先卸载掉之后再安装当前新的 c. 批量安装应用的hnp软件时如果中间安装出错,则直接退出安装流程返回,之前已安装的软件继续保留。 -3) 接口调用安装。 +3) 接口调用安装: 安装接口原型: ``` @@ -172,7 +172,7 @@ c. 批量安装应用的hnp软件时如果中间安装出错,则直接退出 Native软件包卸载就是将已安装到系统上的Native软件进行卸载。当期望卸载的软件正在运行时,则卸载失败。当前提供接口调用以及命令行两种方式进行卸载。 - 1) hnp命令行卸载: +1) hnp命令行卸载: ``` hnp uninstall -u [系统用户ID] -p [hap包名] ``` @@ -187,13 +187,13 @@ c. 批量安装应用的hnp软件时如果中间安装出错,则直接退出 baidu应用下hnp软件卸载: hnp uninstall -u 100 -p baidu - 卸载之前已经安装的baidu应用下所有hnp软件。100为安装所在的系统用户ID。 + 卸载之前已经安装的baidu应用下所有hnp软件,100为安装所在的系统用户ID。 执行成功观察点: 观察点1:之前baidu应用安装的时候分别安装了公有和私有的hnpsample软件,所以本次卸载需要观察以下之前安装的软件目录“hnpsample.org”是否已删除。 公有软件: - /data/app/el1/bundle/100/hnppublic/hnpsample.org。 + /data/app/el1/bundle/100/hnppublic/hnpsample.org 私有软件: - /data/app/el1/bundle/100/hnp/baidu/hnpsample.org。 + /data/app/el1/bundle/100/hnp/baidu/hnpsample.org 观察点2:查看/data/service/el1/startup/hnp_info.json安装管理文件中对应baidu这一hap节点信息是否删除。 ``` @@ -203,7 +203,7 @@ a. 如果公有hnp软件被其它应用所共有,则卸载本应用不会删 b. 公有hnp软件卸载前会判断该软件是否正在运行,如果正在运行则会卸载失败。私有hnp软件因为其所属应用已经卸载,不存在正在使用的情况,因此私有软件不用校验是否正在运行。 -2) 接口调用卸载。 +2) 接口调用卸载: 卸载接口原型: ``` diff --git a/service/hnp/installer/api_hnp.md b/service/hnp/installer/api_hnp.md index 075b2d4cb77266c11e32cffdc12f15c64e9a35f3..0ac512b86b9fe1307c23cbdf828c1062b6a94b86 100644 --- a/service/hnp/installer/api_hnp.md +++ b/service/hnp/installer/api_hnp.md @@ -12,7 +12,7 @@ ### 结构体定义 -NA。 +NA. ### 函数 @@ -79,9 +79,9 @@ int NativeUnInstallHnp(const char *userId, const char *packageName); 参数: - userId:用户ID; + userId:用户ID。 - packageName:hap应用软件包名; + packageName:hap应用软件包名。 **返回:** diff --git a/standard/appspawn_service.c b/standard/appspawn_service.c index 8ca1bb109ff7b7413c307f46734eca786b63db6d..3401316ce72d007bb1c39d4ef594d36b7e5d2641 100644 --- a/standard/appspawn_service.c +++ b/standard/appspawn_service.c @@ -51,8 +51,9 @@ #define PARAM_BUFFER_SIZE 10 #define PATH_SIZE 256 #define FD_PATH_SIZE 128 -#define APPSPAWN_MSG_USER_CHECK_COUNT 4 + #define PREFORK_PROCESS "apppool" +#define APPSPAWN_MSG_USER_CHECK_COUNT 4 #define USER_ID_MIN_VALUE 100 #define USER_ID_MAX_VALUE 10736 #define LOCK_STATUS_PARAM_SIZE 64 diff --git a/test/unittest/app_spawn_standard_test/nweb_spawn_service_test.cpp b/test/unittest/app_spawn_standard_test/nweb_spawn_service_test.cpp index 3eb8d62a02e57fa4392233a93aad743f4b377fbf..ce549992d47ffbd38ef87ee5acc7f458396e12ec 100644 --- a/test/unittest/app_spawn_standard_test/nweb_spawn_service_test.cpp +++ b/test/unittest/app_spawn_standard_test/nweb_spawn_service_test.cpp @@ -18,7 +18,6 @@ #include #include #include -#include #include #include @@ -38,9 +37,6 @@ using namespace testing; using namespace testing::ext; using namespace OHOS; -APPSPAWN_STATIC int RunChildProcessor(AppSpawnContent *content, AppSpawnClient *client); -APPSPAWN_STATIC bool SetSeccompPolicyForRenderer(void *nwebRenderHandle); - namespace OHOS { class NWebSpawnServiceTest : public testing::Test { public: @@ -502,27 +498,4 @@ HWTEST_F(NWebSpawnServiceTest, NWeb_Spawn_Msg_008, TestSize.Level0) } ASSERT_EQ(ret, 0); } - -namespace { -#if defined(webview_arm64) - const std::string NWEB_HAP_LIB_PATH = "/data/storage/el1/bundle/nweb/libs/arm64"; -#elif defined(webview_x86_64) - const std::string NWEB_HAP_LIB_PATH = "/data/storage/el1/bundle/nweb/libs/x86_64"; -#else - const std::string NWEB_HAP_LIB_PATH = "/data/storage/el1/bundle/nweb/libs/arm"; -#endif -} - -HWTEST_F(NWebSpawnServiceTest, NWeb_Spawn_nwebspawn_adapter, TestSize.Level0) -{ - AppSpawnContent content; - int ret = RunChildProcessor(&content, nullptr); - ASSERT_EQ(ret, -1); - - const std::string renderLibDir = NWEB_HAP_LIB_PATH + "/libnweb_render.so"; - void *nwebRenderHandle = dlopen(renderLibDir.c_str(), RTLD_NOW | RTLD_GLOBAL); - ASSERT_EQ((nwebRenderHandle != nullptr), 1); - bool res = SetSeccompPolicyForRenderer(nwebRenderHandle); - ASSERT_FALSE(res); -} } // namespace OHOS