From 0616eae07e98df664522fb424f044054ef9d52ec Mon Sep 17 00:00:00 2001
From: zzhcharmer <zhouzhenhui3@h-partners.com>
Date: Tue, 11 Mar 2025 11:10:15 +0800
Subject: [PATCH] set custom sandbox for selinux

Signed-off-by: zzhcharmer <zhouzhenhui3@h-partners.com>
---
 modules/common/appspawn_adapter.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/common/appspawn_adapter.cpp b/modules/common/appspawn_adapter.cpp
index b9703a10..67bc381a 100644
--- a/modules/common/appspawn_adapter.cpp
+++ b/modules/common/appspawn_adapter.cpp
@@ -100,6 +100,11 @@ void SetHapDomainInfo(HapDomainInfo *hapDomainInfo, const AppSpawningCtx *proper
     if (CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX)) {
         hapDomainInfo->hapFlags |= SELINUX_HAP_INPUT_ISOLATE;
     }
+#ifdef CUSTOM_SANDBOX
+    if (CheckAppMsgFlagsSet(property, APP_FLAGS_CUSTOM_SANDBOX)) {
+        hapDomainInfo->hapFlags |= SELINUX_HAP_CUSTOM_SANDBOX;
+    }
+#endif
     if (CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SELINUX_LABEL)) {
         uint32_t len = 0;
         std::string extensionType =
-- 
Gitee