From 306b65deca9e882c1dcf2d169d2a4718b6cfffb0 Mon Sep 17 00:00:00 2001 From: wangfenging Date: Wed, 19 Mar 2025 16:05:27 +0800 Subject: [PATCH] new sandbox support debug hap dir mount Signed-off-by: wangfenging --- appdata-sandbox-debug.json | 35 ++ appdata-sandbox-gpu.json | 90 ++++ ...x-nweb.json => appdata-sandbox-render.json | 0 etc/BUILD.gn | 24 +- .../permission/appspawn_mount_permission.c | 3 +- modules/module_engine/include/appspawn_hook.h | 8 +- modules/sandbox/BUILD.gn | 1 + modules/sandbox/appspawn_permission.c | 6 +- modules/sandbox/appspawn_permission.h | 12 +- modules/sandbox/appspawn_sandbox.c | 67 ++- modules/sandbox/appspawn_sandbox.h | 56 ++- modules/sandbox/sandbox_adapter.cpp | 4 +- modules/sandbox/sandbox_cfgvar.c | 9 +- modules/sandbox/sandbox_debug_mode.c | 424 ++++++++++++++++++ modules/sandbox/sandbox_expand.c | 8 +- modules/sandbox/sandbox_load.c | 41 +- modules/sandbox/sandbox_manager.c | 119 +++-- .../app_spawn_sandbox_new_test.cpp | 74 +-- .../app_spawn_sandboxmgr_test.cpp | 54 +-- 19 files changed, 848 insertions(+), 187 deletions(-) create mode 100644 appdata-sandbox-debug.json create mode 100644 appdata-sandbox-gpu.json rename appdata-sandbox-nweb.json => appdata-sandbox-render.json (100%) mode change 100755 => 100644 mode change 100755 => 100644 interfaces/innerkits/permission/appspawn_mount_permission.c create mode 100644 modules/sandbox/sandbox_debug_mode.c diff --git a/appdata-sandbox-debug.json b/appdata-sandbox-debug.json new file mode 100644 index 00000000..f45194d3 --- /dev/null +++ b/appdata-sandbox-debug.json @@ -0,0 +1,35 @@ +{ + "global": { + "sandbox-root" : "/mnt/debugtmp//debug_hap/" + }, + "required": { + "system-const": {}, + "app-variable": { + "mount-paths": [{ + "src-path" : "/data/app/el1//base/", + "sandbox-path" : "/data/storage/el1/base" + }, { + "src-path" : "/data/app/el1//database/", + "sandbox-path" : "/data/storage/el1/database" + }, { + "src-path" : "/data/app/el2//base/", + "sandbox-path" : "/data/storage/el2/base" + }, { + "src-path" : "/data/app/el2//database/", + "sandbox-path" : "/data/storage/el2/database" + }] + } + }, + "conditional": { + "permission": [{ + "name": "ohos.permission.PROTECT_SCREEN_LOCK_DATA", + "mount-paths": [{ + "src-path" : "/data/app/el5//base/", + "sandbox-path" : "/data/storage/el5/base" + }, { + "src-path" : "/data/app/el5//database/", + "sandbox-path" : "/data/storage/el5/database" + }] + }] + } +} \ No newline at end of file diff --git a/appdata-sandbox-gpu.json b/appdata-sandbox-gpu.json new file mode 100644 index 00000000..78a5f812 --- /dev/null +++ b/appdata-sandbox-gpu.json @@ -0,0 +1,90 @@ +{ + "global": { + "sandbox-root" : "/mnt/sandbox/com.ohos.render/", + "sandbox-ns-flags" : [ "pid", "net" ] + }, + "required": { + "system-const": { + "mount-paths": [{ + "src-path" : "/dev", + "sandbox-path" : "/dev" + }, { + "src-path" : "/proc", + "sandbox-path" : "/proc" + }, { + "src-path" : "/sys", + "sandbox-path" : "/sys" + }, { + "src-path" : "/system/fonts", + "sandbox-path" : "/system/fonts" + }, { + "src-path" : "/system/etc", + "sandbox-path" : "/system/etc" + }, { + "src-path" : "/system/bin", + "sandbox-path" : "/system/bin" + }, { + "src-path" : "/system/lib", + "sandbox-path" : "/system/lib" + }, { + "src-path" : "/system/lib64", + "sandbox-path" : "/system/lib64" + }, { + "src-path" : "/vendor/", + "sandbox-path" : "/vendor/", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/app/NWeb", + "sandbox-path" : "/system/app/NWeb" + }, { + "src-path" : "/vendor/etc/vulkan/icd.d", + "sandbox-path" : "/vendor/etc/vulkan/icd.d" + }, { + "src-path" : "/data/local/shader_cache/cloud/common", + "sandbox-path" : "/data/storage/shader_cache/common" + }], + "symbol-links" : [{ + "target-name" : "/system/etc", + "link-name" : "/etc", + "check-action-status": "false" + }, { + "target-name" : "/system/bin", + "link-name" : "/bin", + "check-action-status": "false" + }, { + "target-name" : "/system/lib", + "link-name" : "/lib", + "check-action-status": "false" + }, { + "target-name" : "/system/lib64", + "link-name" : "/lib64", + "check-action-status": "false" + } + ], + "mount-files": [{ + "src-path" : "/system/etc/hosts", + "sandbox-path" : "/data/service/el1/network/hosts_user/hosts" + }], + "mount-groups" : [] + }, + "app-variable": { + "mount-paths": [{ + "src-path" : "/data/app/el1/bundle/public/", + "sandbox-path" : "/data/storage/el1/bundle/arkwebcore" + }, { + "src-path" : "/system/app/", + "sandbox-path" : "/system/app/" + }, { + "src-path" : "/module_update/ArkWebCore/app/", + "sandbox-path" : "/module_update/ArkWebCore/app/" + }, { + "src-path" : "/data/local/shader_cache/local/", + "sandbox-path" : "/data/storage/shader_cache/local" + }, { + "src-path" : "/data/local/shader_cache/cloud/", + "sandbox-path" : "/data/storage/shader_cache/cloud" + }] + } + } +} \ No newline at end of file diff --git a/appdata-sandbox-nweb.json b/appdata-sandbox-render.json old mode 100755 new mode 100644 similarity index 100% rename from appdata-sandbox-nweb.json rename to appdata-sandbox-render.json diff --git a/etc/BUILD.gn b/etc/BUILD.gn index dddce63f..b23fdfc1 100644 --- a/etc/BUILD.gn +++ b/etc/BUILD.gn @@ -16,8 +16,14 @@ import("//base/startup/appspawn/etc/sandbox/appdata_sandbox_fixer.gni") import("//build/ohos.gni") if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) { - ohos_prebuilt_etc("appdata-sandbox-nweb.json") { - source = "../appdata-sandbox-nweb.json" + ohos_prebuilt_etc("appdata-sandbox-render.json") { + source = "../appdata-sandbox-render.json" + part_name = "${part_name}" + module_install_dir = "etc/sandbox" + } + + ohos_prebuilt_etc("appdata-sandbox-gpu.json") { + source = "../appdata-sandbox-gpu.json" part_name = "${part_name}" module_install_dir = "etc/sandbox" } @@ -34,6 +40,12 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) { part_name = "${part_name}" module_install_dir = "etc/sandbox" } + + ohos_prebuilt_etc("appdata-sandbox-debug.json") { + source = "../appdata-sandbox-debug.json" + part_name = "${part_name}" + module_install_dir = "etc/sandbox" + } } else { ohos_prebuilt_appdata_sandbox("appdata-sandbox.json") { source = "../appdata-sandbox.json" @@ -79,8 +91,12 @@ group("etc_files") { ":appspawn_systemLib.json", ] if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) { - deps += [ ":appdata-sandbox-nweb.json" ] - deps += [ ":appdata-sandbox-isolated-new.json" ] + deps += [ + ":appdata-sandbox-debug.json", + ":appdata-sandbox-gpu.json", + ":appdata-sandbox-isolated-new.json", + ":appdata-sandbox-render.json", + ] } else { deps += [ ":appdata-sandbox-isolated.json" ] } diff --git a/interfaces/innerkits/permission/appspawn_mount_permission.c b/interfaces/innerkits/permission/appspawn_mount_permission.c old mode 100755 new mode 100644 index b2c75fe6..0f62627c --- a/interfaces/innerkits/permission/appspawn_mount_permission.c +++ b/interfaces/innerkits/permission/appspawn_mount_permission.c @@ -105,7 +105,8 @@ static PermissionManager *GetPermissionMgrByType(AppSpawnClientType type) static int LoadPermissionConfig(PermissionManager *mgr) { int ret = ParseJsonConfig("etc/sandbox", - mgr->type == CLIENT_FOR_APPSPAWN ? APP_SANDBOX_FILE_NAME : WEB_SANDBOX_FILE_NAME, ParseAppSandboxConfig, mgr); + mgr->type == CLIENT_FOR_APPSPAWN ? APP_SANDBOX_FILE_NAME : RENDER_SANDBOX_FILE_NAME, + ParseAppSandboxConfig, mgr); APPSPAWN_CHECK(ret == 0, return 0, "Load sandbox fail %{public}d", ret); mgr->maxPermissionIndex = PermissionRenumber(&mgr->permissionQueue); return 0; diff --git a/modules/module_engine/include/appspawn_hook.h b/modules/module_engine/include/appspawn_hook.h index 8b59bc74..edd26738 100644 --- a/modules/module_engine/include/appspawn_hook.h +++ b/modules/module_engine/include/appspawn_hook.h @@ -38,9 +38,13 @@ typedef struct AppSpawnClient AppSpawnClient; typedef struct TagAppSpawnedProcess AppSpawnedProcessInfo; typedef enum { - EXT_DATA_SANDBOX, + EXT_DATA_APP_SANDBOX, // 加载appdata-sandbox-app.json配置文件 EXT_DATA_NAMESPACE, - EXT_DATA_ISOLATED_SANDBOX, + EXT_DATA_ISOLATED_SANDBOX, // 加载appdata-sandbox-isolated-new.json配置文件 + EXT_DATA_RENDER_SANDBOX, // 加载appdata-sandbox-render.json配置文件 + EXT_DATA_GPU_SANDBOX, // 加载appdata-sandbox-gpu.json配置文件 + EXT_DATA_DEBUG_HAP_SANDBOX, // 加载appdata-sandbox-debug.json配置文件 + EXT_DATA_COUNT, } ExtDataType; struct TagAppSpawnExtData; diff --git a/modules/sandbox/BUILD.gn b/modules/sandbox/BUILD.gn index 5a7d2d2c..274d8e56 100644 --- a/modules/sandbox/BUILD.gn +++ b/modules/sandbox/BUILD.gn @@ -22,6 +22,7 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) { "appspawn_sandbox.c", "sandbox_adapter.cpp", "sandbox_cfgvar.c", + "sandbox_debug_mode.c", "sandbox_expand.c", "sandbox_load.c", "sandbox_manager.c", diff --git a/modules/sandbox/appspawn_permission.c b/modules/sandbox/appspawn_permission.c index 9de5d97d..4d130f36 100644 --- a/modules/sandbox/appspawn_permission.c +++ b/modules/sandbox/appspawn_permission.c @@ -117,7 +117,7 @@ int32_t PermissionRenumber(SandboxQueue *queue) return index + 1; } -const SandboxPermissionNode *GetPermissionNodeInQueue(SandboxQueue *queue, const char *permission) +const SandboxPermissionNode *GetPermissionNodeInQueue(const SandboxQueue *queue, const char *permission) { if (queue == NULL || permission == NULL) { return NULL; @@ -129,7 +129,7 @@ const SandboxPermissionNode *GetPermissionNodeInQueue(SandboxQueue *queue, const return (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); } -const SandboxPermissionNode *GetPermissionNodeInQueueByIndex(SandboxQueue *queue, int32_t index) +const SandboxPermissionNode *GetPermissionNodeInQueueByIndex(const SandboxQueue *queue, int32_t index) { if (queue == NULL) { return NULL; @@ -141,7 +141,7 @@ const SandboxPermissionNode *GetPermissionNodeInQueueByIndex(SandboxQueue *queue return (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); } -int32_t GetPermissionIndexInQueue(SandboxQueue *queue, const char *permission) +int32_t GetPermissionIndexInQueue(const SandboxQueue *queue, const char *permission) { APPSPAWN_CHECK_ONLY_EXPER(queue != NULL && permission != NULL, return INVALID_PERMISSION_INDEX); const SandboxPermissionNode *permissionNode = GetPermissionNodeInQueue(queue, permission); diff --git a/modules/sandbox/appspawn_permission.h b/modules/sandbox/appspawn_permission.h index 3daa8ee5..aacd5866 100644 --- a/modules/sandbox/appspawn_permission.h +++ b/modules/sandbox/appspawn_permission.h @@ -31,17 +31,19 @@ extern "C" { #define APP_SANDBOX_FILE_NAME "/appdata-sandbox.json" #endif -#define WEB_SANDBOX_FILE_NAME "/appdata-sandbox-nweb.json" -#define ISOLATED_SANDBOX_FILE_NAME "/appdata-sandbox-isolated-new.json" +#define RENDER_SANDBOX_FILE_NAME "/appdata-sandbox-render.json" +#define GPU_SANDBOX_FILE_NAME "/appdata-sandbox-gpu.json" +#define ISOLATED_SANDBOX_FILE_NAME "/appdata-sandbox-isolated-new.json" +#define DEBUG_SANDBOX_FILE_NAME "/appdata-sandbox-debug.json" typedef struct TagSandboxQueue SandboxQueue; typedef struct TagPermissionNode SandboxPermissionNode; int32_t AddSandboxPermissionNode(const char *name, SandboxQueue *queue); int32_t DeleteSandboxPermissions(SandboxQueue *queue); -int32_t GetPermissionIndexInQueue(SandboxQueue *queue, const char *permission); -const SandboxPermissionNode *GetPermissionNodeInQueue(SandboxQueue *queue, const char *permission); -const SandboxPermissionNode *GetPermissionNodeInQueueByIndex(SandboxQueue *queue, int32_t index); +int32_t GetPermissionIndexInQueue(const SandboxQueue *queue, const char *permission); +const SandboxPermissionNode *GetPermissionNodeInQueue(const SandboxQueue *queue, const char *permission); +const SandboxPermissionNode *GetPermissionNodeInQueueByIndex(const SandboxQueue *queue, int32_t index); int32_t PermissionRenumber(SandboxQueue *queue); #ifdef __cplusplus diff --git a/modules/sandbox/appspawn_sandbox.c b/modules/sandbox/appspawn_sandbox.c index f462908d..595eac96 100644 --- a/modules/sandbox/appspawn_sandbox.c +++ b/modules/sandbox/appspawn_sandbox.c @@ -51,24 +51,6 @@ #define LOCK_STATUS_SIZE 16 #define DEV_SHM_DIR "/dev/shm/" -static inline void SetMountPathOperation(uint32_t *operation, uint32_t index) -{ - *operation |= (1 << index); -} - -static inline bool CheckSpawningMsgFlagSet(const SandboxContext *context, uint32_t index) -{ - APPSPAWN_CHECK(context->message != NULL, return false, "Invalid property for type %{public}u", TLV_MSG_FLAGS); - return CheckAppSpawnMsgFlag(context->message, TLV_MSG_FLAGS, index); -} - -APPSPAWN_STATIC inline bool CheckSpawningPermissionFlagSet(const SandboxContext *context, uint32_t index) -{ - APPSPAWN_CHECK(context != NULL && context->message != NULL, - return NULL, "Invalid property for type %{public}u", TLV_PERMISSION); - return CheckAppSpawnMsgFlag(context->message, TLV_PERMISSION, index); -} - APPSPAWN_STATIC bool CheckDirRecursive(const char *path) { char buffer[PATH_MAX] = {0}; @@ -191,11 +173,11 @@ void DeleteSandboxContext(SandboxContext *context) static bool NeedNetworkIsolated(SandboxContext *context, const AppSpawningCtx *property) { int developerMode = IsDeveloperModeOpen(); - if (CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_SANDBOX) && !developerMode) { + if (CheckSandboxCtxMsgFlagSet(context, APP_FLAGS_ISOLATED_SANDBOX) && !developerMode) { return true; } - if (CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_NETWORK)) { + if (CheckSandboxCtxMsgFlagSet(context, APP_FLAGS_ISOLATED_NETWORK)) { uint32_t len = 0; char *extensionType = GetAppPropertyExt(property, MSG_EXT_NAME_EXTENSION_TYPE, &len); if (extensionType == NULL || extensionType[0] == '\0' || !developerMode) { @@ -206,14 +188,17 @@ static bool NeedNetworkIsolated(SandboxContext *context, const AppSpawningCtx *p return false; } -static int InitSandboxContext(SandboxContext *context, - const AppSpawnSandboxCfg *sandbox, const AppSpawningCtx *property, int nwebspawn) +int InitSandboxContext(SandboxContext *context, const AppSpawnSandboxCfg *sandbox, + const AppSpawningCtx *property, int nwebspawn) { AppSpawnMsgFlags *msgFlags = (AppSpawnMsgFlags *)GetAppProperty(property, TLV_MSG_FLAGS); APPSPAWN_CHECK(msgFlags != NULL, return APPSPAWN_TLV_NONE, "No msg flags in msg %{public}s", GetProcessName(property)); context->nwebspawn = nwebspawn; context->bundleName = GetBundleName(property); + if (context->bundleName == NULL) { + context->bundleName = GetProcessName(property); + } context->bundleHasWps = strstr(context->bundleName, "wps") != NULL; context->dlpBundle = strcmp(GetProcessName(property), "com.ohos.dlpmanager") == 0; context->appFullMountEnable = sandbox->appFullMountEnable; @@ -299,7 +284,7 @@ APPSPAWN_STATIC int CheckSandboxMountNode(const SandboxContext *context, } } // check apl - AppSpawnMsgDomainInfo *msgDomainInfo = (AppSpawnMsgDomainInfo *)GetSpawningMsgInfo(context, TLV_DOMAIN_INFO); + AppSpawnMsgDomainInfo *msgDomainInfo = (AppSpawnMsgDomainInfo *)GetSandboxCtxMsgInfo(context, TLV_DOMAIN_INFO); if (msgDomainInfo != NULL && sandboxNode->appAplName != NULL) { if (!strcmp(sandboxNode->appAplName, msgDomainInfo->apl)) { APPSPAWN_LOGW("Invalid mount app apl %{public}s %{public}s section %{public}s", @@ -312,7 +297,7 @@ APPSPAWN_STATIC int CheckSandboxMountNode(const SandboxContext *context, static int32_t SandboxMountFusePath(const SandboxContext *context, const MountArg *args) { - AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSpawningMsgInfo(context, TLV_DAC_INFO); + AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSandboxCtxMsgInfo(context, TLV_DAC_INFO); APPSPAWN_CHECK(info != NULL, return APPSPAWN_TLV_NONE, "No tlv %{public}d in msg %{public}s", TLV_DAC_INFO, context->bundleName); @@ -374,7 +359,7 @@ APPSPAWN_STATIC void CreateDemandSrc(const SandboxContext *context, const PathMo return; } CheckAndCreateSandboxFile(args->originPath); - AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSpawningMsgInfo(context, TLV_DAC_INFO); + AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSandboxCtxMsgInfo(context, TLV_DAC_INFO); APPSPAWN_CHECK(info != NULL, return, "No tlv %{public}d in msg %{public}s", TLV_DAC_INFO, context->bundleName); @@ -401,7 +386,7 @@ APPSPAWN_STATIC const char *GetRealSrcPath(const SandboxContext *context, const if (originPath == NULL) { return NULL; } - if (hasPackageName && CheckSpawningMsgFlagSet(context, APP_FLAGS_ATOMIC_SERVICE)) { + if (hasPackageName && CheckSandboxCtxMsgFlagSet(context, APP_FLAGS_ATOMIC_SERVICE)) { const char *varPackageName = strrchr(originPath, '/') ? strrchr(originPath, '/') + 1 : originPath; MakeAtomicServiceDir(context, originPath, varPackageName); } @@ -415,7 +400,7 @@ static int32_t SetMountArgsOption(const SandboxContext *context, uint32_t catego return 0; } - AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSpawningMsgInfo(context, TLV_DAC_INFO); + AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSandboxCtxMsgInfo(context, TLV_DAC_INFO); if (info == NULL) { APPSPAWN_LOGE("Get msg dac info failed"); return APPSPAWN_ARG_INVALID; @@ -734,7 +719,7 @@ static void UpdateStorageDir(const SandboxContext *context, AppSpawnSandboxCfg * } int index = GetPermissionIndexInQueue(&sandbox->permissionQueue, FILE_ACCESS_MANAGER_MODE); - int res = CheckSpawningPermissionFlagSet(context, index); + int res = CheckSandboxCtxPermissionFlagSet(context, index); if (res == 0) { char storageUserPath[MAX_SANDBOX_BUFFER] = {0}; ret = snprintf_s(storageUserPath, MAX_SANDBOX_BUFFER, MAX_SANDBOX_BUFFER - 1, "%s/%d/app-root/%s", rootPath, @@ -761,7 +746,7 @@ static void MountDirToShared(const SandboxContext *context, AppSpawnSandboxCfg * const char nwebPath[] = "/mnt/nweb"; const char nwebTmpPath[] = "/mnt/nweb/tmp"; const char appRootName[] = "app-root"; - AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSpawningMsgInfo(context, TLV_DAC_INFO); + AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSandboxCtxMsgInfo(context, TLV_DAC_INFO); if (info == NULL || context->bundleName == NULL) { return; } @@ -782,14 +767,14 @@ static void MountDirToShared(const SandboxContext *context, AppSpawnSandboxCfg * } else { int index = GetPermissionIndexInQueue(&sandbox->permissionQueue, MOUNT_SHARED_MAP[i].permission); APPSPAWN_LOGV("mount dir on lock mountPermissionFlags %{public}d", index); - if (CheckSpawningPermissionFlagSet(context, index)) { + if (CheckSandboxCtxPermissionFlagSet(context, index)) { MountDir(info, context->bundleName, rootPath, MOUNT_SHARED_MAP[i].sandboxPath); } } } char lockSbxPathStamp[MAX_SANDBOX_BUFFER] = { 0 }; int ret = 0; - if (CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_SANDBOX_TYPE) != 0) { + if (CheckSandboxCtxMsgFlagSet(context, APP_FLAGS_ISOLATED_SANDBOX_TYPE) != 0) { ret = snprintf_s(lockSbxPathStamp, MAX_SANDBOX_BUFFER, MAX_SANDBOX_BUFFER - 1, "%s%d/isolated/%s_locked", rootPath, info->uid / UID_BASE, context->bundleName); } else { @@ -855,8 +840,8 @@ static bool CheckAndCreateDepPath(const SandboxContext *context, const SandboxNa return false; } -static int MountSandboxConfig(const SandboxContext *context, - const AppSpawnSandboxCfg *sandbox, const SandboxSection *section, uint32_t op) +int MountSandboxConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox, + const SandboxSection *section, uint32_t op) { uint32_t operation = (op != MOUNT_PATH_OP_NONE) ? op : 0; SetMountPathOperation(&operation, section->sandboxNode.type); @@ -899,12 +884,12 @@ static int SetExpandSandboxConfig(const SandboxContext *context, const AppSpawnS "Set DataGroup config fail result: %{public}d, app: %{public}s", ret, context->bundleName); bool mountDestBundlePath = false; - AppSpawnMsgDomainInfo *msgDomainInfo = (AppSpawnMsgDomainInfo *)GetSpawningMsgInfo(context, TLV_DOMAIN_INFO); + AppSpawnMsgDomainInfo *msgDomainInfo = (AppSpawnMsgDomainInfo *)GetSandboxCtxMsgInfo(context, TLV_DOMAIN_INFO); if (msgDomainInfo != NULL) { mountDestBundlePath = (strcmp(msgDomainInfo->apl, APL_SYSTEM_BASIC) == 0) || (strcmp(msgDomainInfo->apl, APL_SYSTEM_CORE) == 0); } - if (mountDestBundlePath || (CheckSpawningMsgFlagSet(context, APP_FLAGS_ACCESS_BUNDLE_DIR) != 0)) { + if (mountDestBundlePath || (CheckSandboxCtxMsgFlagSet(context, APP_FLAGS_ACCESS_BUNDLE_DIR) != 0)) { // need permission check for system app here const char *destBundlesPath = GetSandboxRealVar(context, BUFFER_FOR_TARGET, "/data/bundles/", context->rootPath, NULL); @@ -933,7 +918,7 @@ static int SetSandboxSpawnFlagsConfig(const SandboxContext *context, const AppSp while (node != &sandbox->spawnFlagsQueue.front) { SandboxFlagsNode *sandboxNode = (SandboxFlagsNode *)ListEntry(node, SandboxMountNode, node); // match flags point - if (sandboxNode->flagIndex == 0 || !CheckSpawningMsgFlagSet(context, sandboxNode->flagIndex)) { + if (sandboxNode->flagIndex == 0 || !CheckSandboxCtxMsgFlagSet(context, sandboxNode->flagIndex)) { node = node->next; continue; } @@ -951,7 +936,7 @@ static int SetSandboxPermissionConfig(const SandboxContext *context, const AppSp ListNode *node = sandbox->permissionQueue.front.next; while (node != &sandbox->permissionQueue.front) { SandboxPermissionNode *permissionNode = (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); - if (!CheckSpawningPermissionFlagSet(context, permissionNode->permissionIndex)) { + if (!CheckSandboxCtxPermissionFlagSet(context, permissionNode->permissionIndex)) { node = node->next; continue; } @@ -967,7 +952,7 @@ static int SetSandboxPermissionConfig(const SandboxContext *context, const AppSp static int SetOverlayAppSandboxConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox) { - if (!CheckSpawningMsgFlagSet(context, APP_FLAGS_OVERLAY)) { + if (!CheckSandboxCtxMsgFlagSet(context, APP_FLAGS_OVERLAY)) { return 0; } int ret = ProcessExpandAppSandboxConfig(context, sandbox, "Overlay"); @@ -977,7 +962,7 @@ static int SetOverlayAppSandboxConfig(const SandboxContext *context, const AppSp static int SetBundleResourceSandboxConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox) { - if (!CheckSpawningMsgFlagSet(context, APP_FLAGS_BUNDLE_RESOURCES)) { + if (!CheckSandboxCtxMsgFlagSet(context, APP_FLAGS_BUNDLE_RESOURCES)) { return 0; } const char *destPath = GetSandboxRealVar(context, @@ -1283,7 +1268,7 @@ static int SetSpawnFlagsDepGroups(const SandboxContext *context, AppSpawnSandbox while (node != &sandbox->spawnFlagsQueue.front) { SandboxFlagsNode *sandboxNode = (SandboxFlagsNode *)ListEntry(node, SandboxMountNode, node); // match flags point - if (sandboxNode->flagIndex == 0 || !CheckSpawningMsgFlagSet(context, sandboxNode->flagIndex)) { + if (sandboxNode->flagIndex == 0 || !CheckSandboxCtxMsgFlagSet(context, sandboxNode->flagIndex)) { node = node->next; continue; } @@ -1333,7 +1318,7 @@ static int SetPermissionDepGroups(const SandboxContext *context, AppSpawnSandbox while (node != &sandbox->permissionQueue.front) { SandboxPermissionNode *permissionNode = (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); // match flags point - if (!CheckSpawningPermissionFlagSet(context, permissionNode->permissionIndex)) { + if (!CheckSandboxCtxPermissionFlagSet(context, permissionNode->permissionIndex)) { node = node->next; continue; } diff --git a/modules/sandbox/appspawn_sandbox.h b/modules/sandbox/appspawn_sandbox.h index 7602178f..d6b8cb0a 100644 --- a/modules/sandbox/appspawn_sandbox.h +++ b/modules/sandbox/appspawn_sandbox.h @@ -61,18 +61,18 @@ extern "C" { #define MOUNT_MODE_ALWAYS 1 // "always" #define MOUNT_MODE_NOT_EXIST 2 // "not-exists" -#define MOUNT_PATH_OP_NONE ((uint32_t)-1) -#define MOUNT_PATH_OP_SYMLINK SANDBOX_TAG_INVALID -#define MOUNT_PATH_OP_UNMOUNT (SANDBOX_TAG_INVALID + 1) -#define MOUNT_PATH_OP_ONLY_SANDBOX (SANDBOX_TAG_INVALID + 2) -#define MOUNT_PATH_OP_REPLACE_BY_SANDBOX (SANDBOX_TAG_INVALID + 3) -#define MOUNT_PATH_OP_REPLACE_BY_SRC (SANDBOX_TAG_INVALID + 4) -#define FILE_CROSS_APP_MODE "ohos.permission.FILE_CROSS_APP" -#define FILE_ACCESS_COMMON_DIR_MODE "ohos.permission.FILE_ACCESS_COMMON_DIR" -#define ACCESS_DLP_FILE_MODE "ohos.permission.ACCESS_DLP_FILE" -#define FILE_ACCESS_MANAGER_MODE "ohos.permission.FILE_ACCESS_MANAGER" -#define READ_WRITE_USER_FILE_MODE "ohos.permission.READ_WRITE_USER_FILE" -#define GET_ALL_PROCESSES_MODE "ohos.permission.GET_ALL_PROCESSES" +#define MOUNT_PATH_OP_NONE ((uint32_t)-1) +#define MOUNT_PATH_OP_SYMLINK SANDBOX_TAG_INVALID +#define MOUNT_PATH_OP_UNMOUNT (SANDBOX_TAG_INVALID + 1) +#define MOUNT_PATH_OP_ONLY_SANDBOX (SANDBOX_TAG_INVALID + 2) +#define MOUNT_PATH_OP_REPLACE_BY_SANDBOX (SANDBOX_TAG_INVALID + 3) +#define MOUNT_PATH_OP_REPLACE_BY_SRC (SANDBOX_TAG_INVALID + 4) +#define FILE_CROSS_APP_MODE "ohos.permission.FILE_CROSS_APP" +#define FILE_ACCESS_COMMON_DIR_MODE "ohos.permission.FILE_ACCESS_COMMON_DIR" +#define ACCESS_DLP_FILE_MODE "ohos.permission.ACCESS_DLP_FILE" +#define FILE_ACCESS_MANAGER_MODE "ohos.permission.FILE_ACCESS_MANAGER" +#define READ_WRITE_USER_FILE_MODE "ohos.permission.READ_WRITE_USER_FILE" +#define GET_ALL_PROCESSES_MODE "ohos.permission.GET_ALL_PROCESSES" typedef enum SandboxTag { SANDBOX_TAG_MOUNT_PATH = 0, @@ -234,9 +234,16 @@ typedef struct { AppSpawnSandboxCfg *CreateAppSpawnSandbox(ExtDataType type); AppSpawnSandboxCfg *GetAppSpawnSandbox(const AppSpawnMgr *content, ExtDataType type); void DeleteAppSpawnSandbox(AppSpawnSandboxCfg *sandbox); -int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, RunMode mode); +int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, ExtDataType type); void DumpAppSpawnSandboxCfg(AppSpawnSandboxCfg *sandbox); +/** + * @brief Init sandbox context + * + */ +int InitSandboxContext(SandboxContext *context, const AppSpawnSandboxCfg *sandbox, + const AppSpawningCtx *property, int nwebspawn); + /** * @brief SandboxSection op * @@ -261,10 +268,17 @@ void AddSandboxMountNode(SandboxMountNode *node, SandboxSection *section); PathMountNode *GetPathMountNode(const SandboxSection *section, int type, const char *source, const char *target); SymbolLinkNode *GetSymbolLinkNode(const SandboxSection *section, const char *target, const char *linkName); +__attribute__((always_inline)) inline void SetMountPathOperation(uint32_t *operation, uint32_t index) +{ + *operation |= (1 << index); +} + /** * @brief sandbox mount interface * */ +int MountSandboxConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox, + const SandboxSection *section, uint32_t op); int MountSandboxConfigs(AppSpawnSandboxCfg *sandbox, const AppSpawningCtx *property, int nwebspawn); int StagedMountSystemConst(AppSpawnSandboxCfg *sandbox, const AppSpawningCtx *property, int nwebspawn); int StagedMountPreUnShare(const SandboxContext *context, AppSpawnSandboxCfg *sandbox); @@ -312,13 +326,27 @@ int ProcessExpandAppSandboxConfig(const SandboxContext *context, void AddDefaultExpandAppSandboxConfigHandle(void); void ClearExpandAppSandboxConfigHandle(void); -__attribute__((always_inline)) inline void *GetSpawningMsgInfo(const SandboxContext *context, uint32_t type) +__attribute__((always_inline)) inline void *GetSandboxCtxMsgInfo(const SandboxContext *context, uint32_t type) { APPSPAWN_CHECK(context->message != NULL, return NULL, "Invalid property for type %{public}u", type); return GetAppSpawnMsgInfo(context->message, type); } +__attribute__((always_inline)) inline bool CheckSandboxCtxMsgFlagSet(const SandboxContext *context, uint32_t index) +{ + APPSPAWN_CHECK(context->message != NULL, return false, "Invalid property for type %{public}d", TLV_MSG_FLAGS); + return CheckAppSpawnMsgFlag(context->message, TLV_MSG_FLAGS, index); +} + +__attribute__((always_inline)) inline bool CheckSandboxCtxPermissionFlagSet( + const SandboxContext *context, uint32_t index) +{ + APPSPAWN_CHECK(context != NULL && context->message != NULL, + return false, "Invalid property for type %{public}d", TLV_PERMISSION); + return CheckAppSpawnMsgFlag(context->message, TLV_PERMISSION, index); +} + /** * @brief Sandbox Context op * diff --git a/modules/sandbox/sandbox_adapter.cpp b/modules/sandbox/sandbox_adapter.cpp index c7c25817..4eccf2f5 100644 --- a/modules/sandbox/sandbox_adapter.cpp +++ b/modules/sandbox/sandbox_adapter.cpp @@ -25,7 +25,7 @@ using namespace std; void MakeAtomicServiceDir(const SandboxContext *context, const char *originPath, const char *varPackageName) { APPSPAWN_CHECK_ONLY_EXPER(context != NULL && originPath != NULL && varPackageName != NULL, return); - AppSpawnMsgDacInfo *dacInfo = (AppSpawnMsgDacInfo *)GetSpawningMsgInfo(context, TLV_DAC_INFO); + AppSpawnMsgDacInfo *dacInfo = (AppSpawnMsgDacInfo *)GetSandboxCtxMsgInfo(context, TLV_DAC_INFO); APPSPAWN_CHECK(dacInfo != NULL, return, "No dac info for %{public}s", context->bundleName); string path(originPath); if (path.find("/mnt/share") != string::npos) { @@ -46,7 +46,7 @@ void MakeAtomicServiceDir(const SandboxContext *context, const char *originPath, APPSPAWN_CHECK(ret == 0, return, "chmod %{public}s failed, errno %{public}d", path.c_str(), errno); #ifdef WITH_SELINUX - AppSpawnMsgDomainInfo *msgDomainInfo = (AppSpawnMsgDomainInfo *)GetSpawningMsgInfo(context, TLV_DOMAIN_INFO); + AppSpawnMsgDomainInfo *msgDomainInfo = (AppSpawnMsgDomainInfo *)GetSandboxCtxMsgInfo(context, TLV_DOMAIN_INFO); APPSPAWN_CHECK(msgDomainInfo != NULL, return, "No domain info for %{public}s", context->bundleName); HapContext hapContext; HapFileInfo hapFileInfo; diff --git a/modules/sandbox/sandbox_cfgvar.c b/modules/sandbox/sandbox_cfgvar.c index 78384842..11268230 100644 --- a/modules/sandbox/sandbox_cfgvar.c +++ b/modules/sandbox/sandbox_cfgvar.c @@ -25,13 +25,12 @@ struct ListNode g_sandboxVarList = {&g_sandboxVarList, &g_sandboxVarList}; static int VarPackageNameIndexReplace(const SandboxContext *context, const char *buffer, uint32_t bufferLen, uint32_t *realLen, const VarExtraData *extraData) { - AppSpawnMsgBundleInfo *bundleInfo = ( - AppSpawnMsgBundleInfo *)GetSpawningMsgInfo(context, TLV_BUNDLE_INFO); + AppSpawnMsgBundleInfo *bundleInfo = (AppSpawnMsgBundleInfo *)GetSandboxCtxMsgInfo(context, TLV_BUNDLE_INFO); APPSPAWN_CHECK(bundleInfo != NULL, return APPSPAWN_TLV_NONE, "No bundle info in msg %{public}s", context->bundleName); int len = 0; if (bundleInfo->bundleIndex > 0) { - len = sprintf_s((char *)buffer, bufferLen, "%s_%d", bundleInfo->bundleName, bundleInfo->bundleIndex); + len = sprintf_s((char *)buffer, bufferLen, "%d_%s", bundleInfo->bundleIndex, bundleInfo->bundleName); } else { len = sprintf_s((char *)buffer, bufferLen, "%s", bundleInfo->bundleName); } @@ -54,7 +53,7 @@ APPSPAWN_STATIC int VarPackageNameReplace(const SandboxContext *context, static int VarCurrentUseIdReplace(const SandboxContext *context, const char *buffer, uint32_t bufferLen, uint32_t *realLen, const VarExtraData *extraData) { - AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSpawningMsgInfo(context, TLV_DAC_INFO); + AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSandboxCtxMsgInfo(context, TLV_DAC_INFO); APPSPAWN_CHECK(info != NULL, return APPSPAWN_TLV_NONE, "No tlv %{public}d in msg %{public}s", TLV_DAC_INFO, context->bundleName); int len = 0; @@ -160,7 +159,7 @@ static int ReplaceVariableForpackageName(const SandboxContext *context, const char *buffer, uint32_t bufferLen, uint32_t *realLen, const VarExtraData *extraData) { APPSPAWN_CHECK(context != NULL, return -1, "Invalid context"); - AppSpawnMsgBundleInfo *bundleInfo = (AppSpawnMsgBundleInfo *)GetSpawningMsgInfo(context, TLV_BUNDLE_INFO); + AppSpawnMsgBundleInfo *bundleInfo = (AppSpawnMsgBundleInfo *)GetSandboxCtxMsgInfo(context, TLV_BUNDLE_INFO); APPSPAWN_CHECK(bundleInfo != NULL, return APPSPAWN_TLV_NONE, "No bundle info in msg %{public}s", context->bundleName); diff --git a/modules/sandbox/sandbox_debug_mode.c b/modules/sandbox/sandbox_debug_mode.c new file mode 100644 index 00000000..4f7b3544 --- /dev/null +++ b/modules/sandbox/sandbox_debug_mode.c @@ -0,0 +1,424 @@ +/* + * Copyright (C) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#undef _GNU_SOURCE +#define _GNU_SOURCE + +#include "appspawn_sandbox.h" + +#include +#include +#include "securec.h" +#include "appspawn_manager.h" +#include "appspawn_utils.h" +#include "modulemgr.h" + +#define DEBUG_MNT_TMP_ROOT "/mnt/debugtmp" +#define DEBUG_MNT_SHAREFS_ROOT "/mnt/debug" +#define DEBUG_HAP_DIR "debug_hap" + +typedef struct TagRemoveDebugDirInfo { + char *debugTmpPath; + char *debugPath; + AppSpawnSandboxCfg *sandboxCfg; + SandboxContext *context; +} RemoveDebugDirInfo; + +static int InitDebugSandboxContext(SandboxContext *context, const AppSpawnSandboxCfg *sandbox, + const AppSpawningCtx *property, int nwebspawn); + +static void UmountAndRmdirDir(const char *targetPath) +{ + if (access(targetPath, F_OK) != 0) { + APPSPAWN_LOGE("targetPath %{public}s is not exist", targetPath); + return; + } + + int ret = umount2(targetPath, MNT_DETACH); + APPSPAWN_CHECK_ONLY_LOG(ret == 0, "umount failed %{public}s errno: %{public}d", targetPath, errno); + ret = rmdir(targetPath); + APPSPAWN_CHECK_ONLY_LOG(ret == 0, "rmdir failed %{public}s errno: %{public}d", targetPath, errno); + APPSPAWN_LOGI("rmdir targetPath: %{public}s", targetPath); +} + +static int RemoveDebugBaseConfig(SandboxSection *section, const char *debugRootPath) +{ + ListNode *node = section->front.next; + int ret = 0; + while (node != §ion->front && node != NULL) { + SandboxMountNode *sandboxNode = (SandboxMountNode *)ListEntry(node, SandboxMountNode, node); + APPSPAWN_CHECK(sandboxNode != NULL, return APPSPAWN_SANDBOX_INVALID, "Get sandbox mount node failed"); + char targetPath[PATH_MAX_LEN] = {0}; + ret = snprintf_s(targetPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s%s", debugRootPath, + ((PathMountNode *)sandboxNode)->target); + APPSPAWN_CHECK(ret >= 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, + "snprintf_s targetPath failed, errno: %{public}d", errno); + UmountAndRmdirDir(targetPath); + node = node->next; + } + return 0; +} + +static int RemoveDebugAppVarConfig(const AppSpawnSandboxCfg *sandboxCfg, const char *debugRootPath) +{ + SandboxSection *section = GetSandboxSection(&sandboxCfg->requiredQueue, "app-variable"); + if (section == NULL) { + return 0; + } + + return RemoveDebugBaseConfig(section, debugRootPath); +} + +static int RemoveDebugPermissionConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandboxCfg, + const char *debugRootPath) +{ + ListNode *node = sandboxCfg->permissionQueue.front.next; + int ret = 0; + while (node != &sandboxCfg->permissionQueue.front && node != NULL) { + SandboxPermissionNode *permissionNode = (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); + APPSPAWN_CHECK(permissionNode != NULL, return APPSPAWN_SANDBOX_INVALID, "Get sandbox permission node failed"); + APPSPAWN_LOGV("CheckSandboxCtxPermissionFlagSet permission %{public}d %{public}s", + permissionNode->permissionIndex, permissionNode->section.name); + ret = RemoveDebugBaseConfig(&permissionNode->section, debugRootPath); + APPSPAWN_CHECK(ret == 0, return ret, "Failed to remove debug permission config"); + node = node->next; + } + return ret; +} + +// 获取userId信息,若消息请求中携带userId拓展字段则使用userId否则使用info信息中的uid +static int ConvertUserIdPath(const AppSpawningCtx *property, char *debugRootPath, char *debugTmpRootPath) +{ + int ret = 0; + char *userId = (char *)GetAppSpawnMsgExtInfo(property->message, MSG_EXT_NAME_USERID, NULL); + if (userId == NULL) { + AppSpawnMsgDacInfo *dacInfo = (AppSpawnMsgDacInfo *)GetAppProperty(property, TLV_DAC_INFO); + APPSPAWN_CHECK(dacInfo != NULL, return APPSPAWN_TLV_NONE, "No tlv %{public}d in msg", TLV_DAC_INFO); + ret = snprintf_s(debugRootPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s%d", DEBUG_MNT_SHAREFS_ROOT, + dacInfo->uid / UID_BASE); + APPSPAWN_CHECK(ret >= 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, + "snprintf_s debugRootPath failed, errno: %{public}d", errno); + ret = snprintf_s(debugTmpRootPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s%d", DEBUG_MNT_TMP_ROOT, + dacInfo->uid / UID_BASE); + APPSPAWN_CHECK(ret >= 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, + "snprintf_s debugTmpRootPath failed, errno: %{public}d", errno); + } else { + ret = snprintf_s(debugRootPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s%s", DEBUG_MNT_SHAREFS_ROOT, uid); + APPSPAWN_CHECK(ret >= 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, + "snprintf_s debugRootPath failed, errno: %{public}d", errno); + ret = snprintf_s(debugTmpRootPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s%s", DEBUG_MNT_TMP_ROOT, uid); + APPSPAWN_CHECK(ret >= 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, + "snprintf_s debugTmpRootPath failed, errno: %{public}d", errno); + } + return ret; +} + +static int UnintallPrivateDirs(const AppSpawnMgr *content, const AppSpawningCtx *property, + RemoveDebugDirInfo *removeDebugDirInfo) +{ + AppSpawnMsgDacInfo *dacInfo = (AppSpawnMsgDacInfo *)GetAppProperty(property, TLV_DAC_INFO); + APPSPAWN_CHECK(dacInfo != NULL, return APPSPAWN_TLV_NONE, "No tlv %{public}d in msg", TLV_DAC_INFO); + + char uidPath[PATH_MAX_LEN] = {0}; + /* snprintf_s /mnt/debugtmp/ */ + int ret = snprintf_s(uidPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s%d/", DEBUG_MNT_TMP_ROOT, dacInfo->uid / UID_BASE); + APPSPAWN_CHECK(ret >= 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, + "snprintf_s /mnt/debugtmp/ failed, errno: %{public}d", errno); + + /* snprintf_s /mnt/debugtmp//debug_hap/ */ + ret = snprintf_s(removeDebugDirInfo->debugTmpPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s%s", + removeDebugDirInfo->debugTmpPath, removeDebugDirInfo->context->rootPath + strlen(uidPath)); + APPSPAWN_CHECK(ret >= 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, + "snprintf_s /mnt/debugtmp//debug_hap/ failed, errno: %{public}d", errno); + + ret = RemoveDebugAppVarConfig(removeDebugDirInfo->sandboxCfg, removeDebugDirInfo->debugTmpPath); + APPSPAWN_CHECK(ret == 0, return ret, "Failed to remove debug app variable config"); + + ret = RemoveDebugPermissionConfig(removeDebugDirInfo->context, removeDebugDirInfo->sandboxCfg, + removeDebugDirInfo->debugTmpPath); + APPSPAWN_CHECK(ret == 0, return ret, "Failed to remove debug permission config"); + + /* umount and remove dir /mnt/debug//debug_hap/ */ + ret = snprintf_s(removeDebugDirInfo->debugPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s%s/", + removeDebugDirInfo->debugPath, removeDebugDirInfo->context->rootPath + strlen(uidPath)); + APPSPAWN_CHECK(ret >= 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, + "snprintf_s /mnt/debug//debug_hap/ failed, errno: %{public}d", errno); + UmountAndRmdirDir(removeDebugDirInfo->debugPath); + + return 0; +} + +static int UnintallAllDirs(const AppSpawnMgr *content, const AppSpawningCtx *property, + RemoveDebugDirInfo *removeDebugDirInfo) +{ + /* snprintf_s /mnt/debugtmp//debug_hap */ + int ret = snprintf_s(removeDebugDirInfo->debugTmpPath + strlen(removeDebugDirInfo->debugTmpPath), PATH_MAX_LEN, + PATH_MAX_LEN - 1, "%s/", "debug_hap"); + APPSPAWN_CHECK(ret >= 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, + "snprintf_s /mnt/debugtmp//debug_hap failed, errno: %{public}d", errno); + + char debugTmpPackagePath[PATH_MAX_LEN] = {0}; + char debugPackagePath[PATH_MAX_LEN] = {0}; + DIR *dir = opendir(removeDebugDirInfo->debugTmpPath); + APPSPAWN_CHECK(dir != NULL, return APPSPAWN_SYSTEM_ERROR, + "Failed to open %{public}s, errno: %{public}d", removeDebugDirInfo->debugTmpPath, errno); + struct dirent *entry; + while ((entry = readdir(dir)) != NULL) { + if (entry->d_name[0] == '.') { + continue; + } + (void)memset_s(debugPackagePath, PATH_MAX_LEN, 0, PATH_MAX_LEN); + (void)memset_s(debugTmpPackagePath, PATH_MAX_LEN, 0, PATH_MAX_LEN); + + /* snprintf_s /mnt/debugtmp//debug_hap/ */ + ret = snprintf_s(debugTmpPackagePath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s%s", + removeDebugDirInfo->debugTmpPath, entry->d_name); + APPSPAWN_CHECK(ret >= 0, closedir(dir); return APPSPAWN_ERROR_UTILS_MEM_FAIL, + "snprintf_s /mnt/debugtmp//debug_hap/ failed, errno: %{public}d", errno); + + ret = RemoveDebugAppVarConfig(removeDebugDirInfo->sandboxCfg, debugTmpPackagePath); + APPSPAWN_CHECK(ret == 0, closedir(dir); return ret, "Failed to remove app variable config"); + + ret = RemoveDebugPermissionConfig(removeDebugDirInfo->context, removeDebugDirInfo->sandboxCfg, + debugTmpPackagePath); + APPSPAWN_CHECK(ret == 0, closedir(dir); return ret, "Failed to remove debug permission config"); + + /** + * umount and remove dir /mnt/debug//debug_hap/ + * /mnt/debug + /debug_hap/(debugTmpPackagePath) + */ + ret = snprintf_s(debugPackagePath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s%s", DEBUG_MNT_SHAREFS_ROOT, + debugTmpPackagePath + strlen(DEBUG_MNT_TMP_ROOT)); + APPSPAWN_CHECK(ret >= 0, closedir(dir); return APPSPAWN_ERROR_UTILS_MEM_FAIL, + "snprintf_s /mnt/debug//debug_hap/ failed, errno: %{public}d", errno); + UmountAndRmdirDir(debugPackagePath); + } + closedir(dir); + return 0; +} + +static int UninstallDebugSandbox(AppSpawnMgr *content, AppSpawningCtx *property) +{ + APPSPAWN_CHECK(content != NULL && property != NULL, return APPSPAWN_ARG_INVALID, + "Invalid appspawn client or property"); + char debugRootPath[PATH_MAX_LEN] = {0}; + char debugTmpRootPath[PATH_MAX_LEN] = {0}; + + int ret = ConvertUserIdPath(property, debugRootPath, debugTmpRootPath); + APPSPAWN_CHECK(ret == 0, return ret, "Failed to convert userid path"); + + AppSpawnSandboxCfg *sandboxCfg = GetAppSpawnSandbox(content, EXT_DATA_DEBUG_HAP_SANDBOX); + APPSPAWN_CHECK_ONLY_EXPER(sandboxCfg != NULL, return APPSPAWN_SANDBOX_INVALID, + "Failed to get sandbox for %{public}s", GetProcessName(property)); + + SandboxContext *context = GetSandboxContext(); // Need free after mounting each time + APPSPAWN_CHECK(ret == 0, return ret, "Failed to convert userid path"); + ret = InitDebugSandboxContext(context, sandboxCfg, property, IsNWebSpawnMode(content)); + APPSPAWN_CHECK_ONLY_EXPER(ret == 0, DeleteSandboxContext(context); return ret); + + RemoveDebugDirInfo removeDebugdirInfo = { + .debugPath = debugRootPath, + .debugTmpPath = debugTmpRootPath, + .context = context, + .sandboxCfg = sandboxCfg + }; + // If the message request carries package name information, it is necessary to obtain the actual package name + if (GetBundleName(property) != NULL) { + ret = UnintallPrivateDirs(content, property, &removeDebugdirInfo); + } else { // Traverse directories from debugTmpRootPath directory + ret = UnintallAllDirs(content, property, &removeDebugdirInfo); + } + APPSPAWN_CHECK_ONLY_LOG(ret == 0, "Failed to uninstall debug hap dir, ret: %{public}d", ret); + + DeleteSandboxContext(context); + return 0; +} + +// Mount the point of the app-variable attribute in the debug attribute. +static int SetDebugAppVarConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox) +{ + SandboxSection *section = GetSandboxSection(&sandbox->requiredQueue, "app-variable"); + if (section == NULL) { + return 0; + } + + uint32_t operation = 0; + if (CheckSandboxCtxMsgFlagSet(context, APP_FLAGS_ATOMIC_SERVICE)) { + SetMountPathOperation(&operation, MOUNT_PATH_OP_UNMOUNT); + } + int ret = MountSandboxConfig(context, sandbox, section, operation); + APPSPAWN_CHECK(ret == 0, return ret, "Set debug app-variable config fail result: %{public}d, app: %{public}s", + ret, context->bundleName); + return 0; +} + +static int SetDebugPermissionConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox) +{ + ListNode *node = sandbox->permissionQueue.front.next; + while (node != &sandbox->permissionQueue.front && node != NULL) { + SandboxPermissionNode *permissionNode = (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); + if (!CheckSandboxCtxPermissionFlagSet(context, permissionNode->permissionIndex)) { + node = node->next; + continue; + } + + APPSPAWN_LOGV("SetSandboxPermissionConfig permission %{public}d %{public}s", + permissionNode->permissionIndex, permissionNode->section.name); + uint32_t operation = MOUNT_PATH_OP_UNMOUNT; + if (CheckSandboxCtxMsgFlagSet(context, APP_FLAGS_ATOMIC_SERVICE)) { + SetMountPathOperation(&operation, MOUNT_PATH_OP_UNMOUNT); + } + int ret = MountSandboxConfig(context, sandbox, section, operation); + APPSPAWN_CHECK(ret == 0, return ret, "Set debug app-variable config fail result: %{public}d, app: %{public}s", + ret, context->bundleName); + node = node->next; + } + return 0; +} + +static int SetDebugAutomicTmpRootPath(SandboxContext *context, const AppSpawningCtx *property) +{ + context->bundleName = GetBundleName(property); + context->message = property->message; + AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSandboxCtxMsgInfo(context, TLV_DAC_INFO); + APPSPAWN_CHECK(info != NULL, return APPSPAWN_TLV_NONE, + "No tlv %{public}d in msg %{public}s", TLV_DAC_INFO, context->bundleName); + + char debugAutomicRootPath[PATH_MAX_LEN] = {0}; + int ret = snprintf_s(debugAutomicRootPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "/mnt/debugtmp/%d/debug_hap/%s", + info->uid / UID_BASE, context->bundleName); + APPSPAWN_CHECK(ret > 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, "snprintf_s debugAutomicRootPath failed"); + context->rootPath = strdup(debugAutomicRootPath); + if (context->rootPath == NULL) { + APPSPAWN_LOGE("Failed to strdup root path, rootPath: %{public}s', errno: %{public}d", context->rootPath, errno); + return APPSPAWN_SYSTEM_ERROR; + } + APPSPAWN_LOGI("Set automic sandbox root: %{public}s", context->rootPath); + return 0; +} + +static int InitDebugSandboxContext(SandboxContext *context, const AppSpawnSandboxCfg *sandbox, + const AppSpawningCtx *property, int nwebspawn) +{ + if (GetBundleName(property) != NULL) { + APPSPAWN_LOGI("No need init sandbox context"); + return 0; + } + if (!CheckAppMsgFlagsSet(property, APP_FLAGS_ATOMIC_SERVICE)) { + return InitSandboxContext(context, sandbox, property, nwebspawn); + } + + return SetDebugAutomicTmpRootPath(context, property); +} + +static int MountDebugTmpConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox) +{ + int ret = SetDebugAppVarConfig(context, sandbox); + APPSPAWN_CHECK_ONLY_EXPER(ret == 0, return ret); + + ret = SetDebugPermissionConfig(context, sandbox); + APPSPAWN_CHECK_ONLY_EXPER(ret == 0, return ret); + return ret; +} + +static int MountDebugDirBySharefs(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox) +{ + if (context->rootPath = NULL) { + APPSPAWN_LOGE("sandbox root is null"); + return APPSPAWN_SANDBOX_INVALID; + } + + const char *srcPath = context->rootPath; + char dstPath[PATH_MAX_LEN] = {0}; + size_t mntTmpRootLen = strlen(DEBUG_MNT_TMP_ROOT); + int ret = snprintf_s(dstPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s%s", + DEBUG_MNT_SHAREFS_ROOT, context->rootPath + mntTmpRootLen); + APPSPAWN_CHECK(ret > 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, "Failed to snprintf_s dstPath"); + + // If mount dstPath to MS_SHARED, the mount point already exists. + ret = mount(NULL, dstPath, NULL, MS_SHARED, NULL); + if (ret == 0) { + return 0; + } + + ret = MakeDirRec(dstPath, FILE_MODE, 1); + APPSPAWN_CHECK(ret == 0, return APPSPAWN_SANDBOX_ERROR_MKDIR_FAIL, "Failed to mkdir dstPath: %{public}s", dstPath); + + AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSandboxCtxMsgInfo(context, TLV_DAC_INFO); + APPSPAWN_CHECK(info != NULL, return APPSPAWN_TLV_NONE, + "No tlv %{public}d in msg %{public}s", TLV_DAC_INFO, context->bundleName); + + char options[OPTIONS_MAX_LEN] = {0}; + ret = snprintf_s(options, OPTIONS_MAX_LEN, OPTIONS_MAX_LEN - 1, "override_support_delete,user_id=%u", + info->uid / UID_BASE); + APPSPAWN_CHECK(ret > 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, "Failed to snprintf_s options"); + + const MountArgTemplate *tmp = GetMountArgTemplate(MOUNT_TMP_DAC_OVERRIDE_DELETE); + APPSPAWN_CHECK(tmp != NULL, return APPSPAWN_SANDBOX_INVALID, "Failed to get mount args"); + + MountArg args = { + .originPath = srcPath, + .destinationPath = dstPath, + .fsType = tmp->fsType, + .options = options, + .mountFlags = tmp->mountFlags, + .mountSharedFlag = MS_SLAVE + }; + ret = SandboxMountPath(&args); + APPSPAWN_CHECK(ret == 0, return APPSPAWN_SYSTEM_ERROR, "Failed to mount points"); + + return 0; +} + +static int InstallDebugSandbox(AppSpawnMgr *content, AppSpawningCtx *property) +{ + APPSPAWN_CHECK(property != NULL && content != NULL, return APPSPAWN_ARG_INVALID, + "Invalid appspawn client or property"); + if (!CheckAppMsgFlagsSet(property, APP_FLAGS_DEBUGGABLE) || !IsDeveloperModeOn(property)) { + return 0; + } + + APPSPAWN_LOGI("Install %{public}s debug sandbox", GetProcessName(property)); + AppSpawnSandboxCfg *sandboxCfg = GetAppSpawnSandbox(content, EXT_DATA_DEBUG_HAP_SANDBOX); + APPSPAWN_CHECK(sandboxCfg != NULL, return APPSPAWN_SANDBOX_INVALID, + "Failed to get sandbox for %{public}s", GetProcessName(property)); + + SandboxContext *context = GetSandboxContext(); // Need free after mounting each time + APPSPAWN_CHECK_ONLY_EXPER(context != NULL, return APPSPAWN_SYSTEM_ERROR); + int ret = InitDebugSandboxContext(context, sandboxCfg, property, IsNWebSpawnMode(content)); + APPSPAWN_CHECK_ONLY_EXPER(context != NULL, DeleteSandboxContext(context); return ret); + + do { + ret = MountDebugTmpConfig(context, sandboxCfg); + APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break); + /** + * /mnt/debugtmp//debug_hap// => + * /mnt/debug//debug_hap// + */ + ret = MountDebugDirBySharefs(context, sandboxCfg); + } while (0); + + DeleteSandboxContext(context); + return 0; +} + +#ifdef APPSPAWN_SANDBOX_NEW +MODULE_CONSTRUCTOR(void) +{ + APPSPAWN_LOGV("Load debug hap module ..."); + (void)AddAppSpawnHook(STAGE_PARENT_UNINSTALL, HOOK_PRIO_SANDBOX, UninstallDebugSandbox); + (void)AddAppSpawnHook(STAGE_PARENT_POST_RELY, HOOK_PRIO_SANDBOX, InstallDebugSandbox); +} +#endif \ No newline at end of file diff --git a/modules/sandbox/sandbox_expand.c b/modules/sandbox/sandbox_expand.c index 7c53fcb8..38f5e116 100644 --- a/modules/sandbox/sandbox_expand.c +++ b/modules/sandbox/sandbox_expand.c @@ -95,7 +95,7 @@ APPSPAWN_STATIC int MountAllGroup(const SandboxContext *context, const cJSON *gr cJSON *gids = cJSON_GetObjectItemCaseSensitive(groups, "gid"); cJSON *dirs = cJSON_GetObjectItemCaseSensitive(groups, "dir"); APPSPAWN_CHECK(dataGroupIds != NULL && cJSON_IsArray(dataGroupIds), - return -1, "MountAllGroup: invalid dataGroupIds"); + return 0, "MountAllGroup: invalid dataGroupIds"); APPSPAWN_CHECK(gids != NULL && cJSON_IsArray(gids), return -1, "MountAllGroup: invalid gids"); APPSPAWN_CHECK(dirs != NULL && cJSON_IsArray(dirs), return -1, "MountAllGroup: invalid dirs"); int count = cJSON_GetArraySize(dataGroupIds); @@ -118,9 +118,11 @@ APPSPAWN_STATIC int MountAllGroup(const SandboxContext *context, const cJSON *gr CreateSandboxDir(context->buffer[0].buffer, FILE_MODE); MountArg mountArg = {libPhysicalPath, context->buffer[0].buffer, NULL, mountFlags, NULL, mountSharedFlag}; ret = SandboxMountPath(&mountArg); - APPSPAWN_CHECK(ret == 0, return ret, "mount library failed %{public}d", ret); + if (ret != 0) { + APPSPAWN_LOGV("mount datagroup failed"); + } } - return ret; + return 0; } typedef struct { diff --git a/modules/sandbox/sandbox_load.c b/modules/sandbox/sandbox_load.c index 9bb7cd24..9ed25882 100644 --- a/modules/sandbox/sandbox_load.c +++ b/modules/sandbox/sandbox_load.c @@ -663,22 +663,39 @@ APPSPAWN_STATIC int ParseAppSandboxConfig(const cJSON *root, ParseJsonContext *c return ret; } -APPSPAWN_STATIC const char *GetSandboxNameByMode(RunMode mode) +APPSPAWN_STATIC const char *GetSandboxNameByType(ExtDataType type) { - if (mode == MODE_FOR_NATIVE_SPAWN) { - return ISOLATED_SANDBOX_FILE_NAME; - } - if (mode == MODE_FOR_NWEB_SPAWN || mode == MODE_FOR_NWEB_COLD_RUN) { - return WEB_SANDBOX_FILE_NAME; + if (type >= EXT_DATA_COUNT || type < EXT_DATA_APP_SANDBOX) { + return NULL; } - return APP_SANDBOX_FILE_NAME; -} - -int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, RunMode mode) + const char *fileName = NULL; + switch (type) { + case EXT_DATA_APP_SANDBOX: + fileName = APP_SANDBOX_FILE_NAME; + break; + case EXT_DATA_ISOLATED_SANDBOX: + fileName = ISOLATED_SANDBOX_FILE_NAME; + break; + case EXT_DATA_RENDER_SANDBOX: + fileName = RENDER_SANDBOX_FILE_NAME; + break; + case EXT_DATA_GPU_SANDBOX: + fileName = GPU_SANDBOX_FILE_NAME; + break; + case EXT_DATA_DEBUG_HAP_SANDBOX: + fileName = DEBUG_SANDBOX_FILE_NAME; + break; + default: + break; + } + return fileName; +} + +int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, ExtDataType type) { APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return APPSPAWN_ARG_INVALID); - const char *sandboxName = GetSandboxNameByMode(mode); - APPSPAWN_LOGV("Get sandboxName %{public}s by mode %{public}d", sandboxName, mode); + const char *sandboxName = GetSandboxNameByType(type); + APPSPAWN_LOGV("Get sandboxName %{public}s by type %{public}d", sandboxName, type); if (sandbox->depGroupNodes != NULL) { APPSPAWN_LOGW("Sandbox has been load"); return 0; diff --git a/modules/sandbox/sandbox_manager.c b/modules/sandbox/sandbox_manager.c index 80e0fd1f..5da123f6 100644 --- a/modules/sandbox/sandbox_manager.c +++ b/modules/sandbox/sandbox_manager.c @@ -482,21 +482,21 @@ void DumpAppSpawnSandboxCfg(AppSpawnSandboxCfg *sandbox) DumpSandboxQueue(&sandbox->nameGroupsQueue.front, DumpSandboxNameGroupNode); } -APPSPAWN_STATIC int PreLoadIsoLatedSandboxCfg(AppSpawnMgr *content) +static int PreLoadSandboxCfgByType(AppSpawnMgr *content, ExtDataType type) { - if (IsNWebSpawnMode(content)) { - return 0; + if (type >= EXT_DATA_COUNT || type < EXT_DATA_APP_SANDBOX) { + return APPSPAWN_ARG_INVALID; } - AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, EXT_DATA_ISOLATED_SANDBOX); - APPSPAWN_CHECK(sandbox == NULL, return 0, "Isolated sandbox has been load"); + AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, type); + APPSPAWN_CHECK(sandbox == NULL, return 0, "type %{public}d sandbox has been load", type); - sandbox = CreateAppSpawnSandbox(EXT_DATA_ISOLATED_SANDBOX); + sandbox = CreateAppSpawnSandbox(type); APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return APPSPAWN_SYSTEM_ERROR); OH_ListAddTail(&content->extData, &sandbox->extData.node); - // load isolated sandbox config - LoadAppSandboxConfig(sandbox, MODE_FOR_NATIVE_SPAWN); + // load sandbox config by type + LoadAppSandboxConfig(sandbox, type); sandbox->maxPermissionIndex = PermissionRenumber(&sandbox->permissionQueue); content->content.sandboxNsFlags = 0; @@ -506,26 +506,47 @@ APPSPAWN_STATIC int PreLoadIsoLatedSandboxCfg(AppSpawnMgr *content) return 0; } -APPSPAWN_STATIC int PreLoadSandboxCfg(AppSpawnMgr *content) +APPSPAWN_STATIC int PreLoadDebugSandboxCfg(AppSpawnMgr *content) { - AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, EXT_DATA_SANDBOX); - APPSPAWN_CHECK(sandbox == NULL, return 0, "Sandbox has been load"); + if (IsNWebSpawnMode(content)) { + return 0; + } - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); - APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return APPSPAWN_SYSTEM_ERROR); - OH_ListAddTail(&content->extData, &sandbox->extData.node); + int ret = PreLoadSandboxCfgByType(content, EXT_DATA_DEBUG_HAP_SANDBOX); + APPSPAWN_CHECK(ret == 0, return ret, "debug hap sandbox cfg preload failed"); + return 0; +} - // load app/nweb sandbox config +APPSPAWN_STATIC int PreLoadIsoLatedSandboxCfg(AppSpawnMgr *content) +{ if (IsNWebSpawnMode(content)) { - LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN); - } else { - LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); + return 0; } - sandbox->maxPermissionIndex = PermissionRenumber(&sandbox->permissionQueue); - content->content.sandboxNsFlags = 0; - if (IsNWebSpawnMode(content) || sandbox->pidNamespaceSupport) { - content->content.sandboxNsFlags = sandbox->sandboxNsFlags; + int ret = PreLoadSandboxCfgByType(content, EXT_DATA_ISOLATED_SANDBOX); + APPSPAWN_CHECK(ret == 0, return ret, "isolated sandbox cfg preload failed"); + return 0; +} + +APPSPAWN_STATIC int PreLoadAppSandboxCfg(AppSpawnMgr *content) +{ + if (IsNWebSpawnMode(content)) { + return 0; + } + + int ret = PreLoadSandboxCfgByType(content, EXT_DATA_APP_SANDBOX); + APPSPAWN_CHECK(ret == 0, return ret, "app sandbox cfg preload failed"); + return 0; +} + +APPSPAWN_STATIC int PreLoadNWebSandboxCfg(AppSpawnMgr *content) +{ + if (IsNWebSpawnMode(content)) { + int ret = PreLoadSandboxCfgByType(content, EXT_DATA_RENDER_SANDBOX); + APPSPAWN_CHECK(ret == 0, return ret, "render sandbox cfg preload failed"); + + ret = PreLoadSandboxCfgByType(content, EXT_DATA_GPU_SANDBOX); + APPSPAWN_CHECK(ret == 0, return ret, "gpu sandbox cfg preload failed"); } return 0; } @@ -540,28 +561,62 @@ APPSPAWN_STATIC int IsolatedSandboxHandleServerExit(AppSpawnMgr *content) APPSPAWN_STATIC int SandboxHandleServerExit(AppSpawnMgr *content) { - AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK(sandbox != NULL, return 0, "Sandbox not load"); return 0; } +static ExtDataType GetSandboxType(AppSpawnMgr *content, AppSpawningCtx *property) +{ + ExtDataType type = EXT_DATA_APP_SANDBOX; + if (IsNWebSpawnMode(content)) { + char *processType = (char *)GetAppPropertyExt(property, MSG_EXT_NAME_PROCESS_TYPE, NULL); + APPSPAWN_CHECK(processType != NULL, return type, "Invalid processType data"); + if (strcmp(processType, "render") == 0) { + type = EXT_DATA_RENDER_SANDBOX; + } else if (strcmp(processType, "gpu") == 0) { + type = EXT_DATA_GPU_SANDBOX; + } + } else { + type = CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? EXT_DATA_ISOLATED_SANDBOX : + EXT_DATA_APP_SANDBOX; + } + return type; +} + +/** + * @brief ɳ价 + * 1.ǷͨhapExtDataTypeΪEXT_DATA_APP_SANDBOX + * 2.ǷͨhaphapЯAPP_FLAGS_ISOLATED_SANDBOX_TYPE־λExtDataTypeΪEXT_DATA_ISOLATED_SANDBOX + * 3.rendeṛExtDataTypeΪEXT_DATA_RENDER_SANDBOX + * 4.gpụExtDataTypeΪEXT_DATA_GPU_SANDBOX + * 5.ӦýʱЯAPP_FLAG_DEBUGABLEλ˿ģʽҪExtDataTypeΪEXT_DATA_DEBUG_HAP_SANDBOX + + * @param content appspawn global content + * @param property app property + * @return int + */ + int SpawnBuildSandboxEnv(AppSpawnMgr *content, AppSpawningCtx *property) { - ExtDataType type = CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? EXT_DATA_ISOLATED_SANDBOX : - EXT_DATA_SANDBOX; - AppSpawnSandboxCfg *appSandbox = GetAppSpawnSandbox(content, type); - content->content.sandboxType = type; - APPSPAWN_CHECK(appSandbox != NULL, return -1, "Failed to get sandbox for %{public}s", GetProcessName(property)); - // no sandbox + // Don't build sandbox env if (CheckAppMsgFlagsSet(property, APP_FLAGS_NO_SANDBOX)) { return 0; } + + ExtDataType type = GetSandboxType(content, property); + AppSpawnSandboxCfg *appSandbox = GetAppSpawnSandbox(content, type); + APPSPAWN_CHECK(appSandbox != NULL, return APPSPAWN_SANDBOX_INVALID, "Failed to get sandbox for %{public}s", + GetProcessName(property)); + content->content.sandboxType = type; + // CLONE_NEWPID 0x20000000 // CLONE_NEWNET 0x40000000 if ((content->content.sandboxNsFlags & CLONE_NEWPID) == CLONE_NEWPID) { int ret = getprocpid(); if (ret < 0) { + APPSPAWN_LOGE("getprocpid failed, ret: %{public}d errno: %{public}d", ret, errno); return ret; } } @@ -706,7 +761,7 @@ int SpawnPrepareSandboxCfg(AppSpawnMgr *content, AppSpawningCtx *property) APPSPAWN_CHECK_ONLY_EXPER(property != NULL, return -1); APPSPAWN_LOGV("Prepare sandbox config %{public}s", GetProcessName(property)); ExtDataType type = CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? EXT_DATA_ISOLATED_SANDBOX : - EXT_DATA_SANDBOX; + EXT_DATA_APP_SANDBOX; AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, type); content->content.sandboxType = type; APPSPAWN_CHECK(sandbox != NULL, return -1, "Failed to get sandbox for %{public}s", GetProcessName(property)); @@ -740,8 +795,10 @@ APPSPAWN_STATIC int SandboxUnmountPath(const AppSpawnMgr *content, const AppSpaw MODULE_CONSTRUCTOR(void) { APPSPAWN_LOGV("Load sandbox module ..."); - (void)AddServerStageHook(STAGE_SERVER_PRELOAD, HOOK_PRIO_SANDBOX, PreLoadSandboxCfg); + (void)AddServerStageHook(STAGE_SERVER_PRELOAD, HOOK_PRIO_SANDBOX, PreLoadAppSandboxCfg); (void)AddServerStageHook(STAGE_SERVER_PRELOAD, HOOK_PRIO_SANDBOX, PreLoadIsoLatedSandboxCfg); + (void)AddServerStageHook(STAGE_SERVER_PRELOAD, HOOK_PRIO_SANDBOX, PreLoadNWebSandboxCfg); + (void)AddServerStageHook(STAGE_SERVER_PRELOAD, HOOK_PRIO_SANDBOX, PreLoadDebugSandboxCfg); (void)AddServerStageHook(STAGE_SERVER_EXIT, HOOK_PRIO_SANDBOX, SandboxHandleServerExit); (void)AddServerStageHook(STAGE_SERVER_EXIT, HOOK_PRIO_SANDBOX, IsolatedSandboxHandleServerExit); (void)AddAppSpawnHook(STAGE_PARENT_PRE_FORK, HOOK_PRIO_SANDBOX, SpawnPrepareSandboxCfg); diff --git a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_new_test.cpp b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_new_test.cpp index 4aef5d99..a41201da 100644 --- a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_new_test.cpp +++ b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_new_test.cpp @@ -679,9 +679,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Permission_01, TestSize.Level0) AppSpawnSandboxCfg *sandbox = nullptr; int ret = -1; do { - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); - LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); + LoadAppSandboxConfig(sandbox, EXT_DATA_APP_SANDBOX); sandbox->extData.dumpNode(&sandbox->extData); AppSpawnTestHelper testHelper; @@ -727,9 +727,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_ExpandCfg_01, TestSize.Level0) AppSpawnSandboxCfg *sandbox = nullptr; int ret = -1; do { - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); - LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); + LoadAppSandboxConfig(sandbox, EXT_DATA_APP_SANDBOX); // add default AddDefaultExpandAppSandboxConfigHandle(); // create msg @@ -767,9 +767,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_ExpandCfg_02, TestSize.Level0) AppSpawnSandboxCfg *sandbox = nullptr; int ret = -1; do { - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); - LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); + LoadAppSandboxConfig(sandbox, EXT_DATA_APP_SANDBOX); // add default AddDefaultExpandAppSandboxConfigHandle(); @@ -809,9 +809,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_ExpandCfg_03, TestSize.Level0) AppSpawnSandboxCfg *sandbox = nullptr; int ret = -1; do { - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); - LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); + LoadAppSandboxConfig(sandbox, EXT_DATA_APP_SANDBOX); // add default AddDefaultVariable(); @@ -851,9 +851,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_ExpandCfg_04, TestSize.Level0) AppSpawnSandboxCfg *sandbox = nullptr; int ret = -1; do { - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); - LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); + LoadAppSandboxConfig(sandbox, EXT_DATA_APP_SANDBOX); // add test ret = AppSpawnClientInit(APPSPAWN_SERVER_NAME, &clientHandle); @@ -910,9 +910,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_cfg_001, TestSize.Level0) AppSpawnSandboxCfg *sandbox = nullptr; int ret = -1; do { - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); - LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); + LoadAppSandboxConfig(sandbox, EXT_DATA_APP_SANDBOX); sandbox->extData.dumpNode(&sandbox->extData); ret = 0; } while (0); @@ -931,7 +931,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_cfg_002, TestSize.Level0) AppSpawnSandboxCfg *sandbox = nullptr; int ret = -1; do { - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); APPSPAWN_LOGV("sandbox->rootPath: %{public}s", sandbox->rootPath); @@ -980,7 +980,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_cfg_003, TestSize.Level0) AppSpawnSandboxCfg *sandbox = nullptr; int ret = -1; do { - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); TestParseAppSandboxConfig(sandbox, g_packageNameConfig.c_str()); @@ -1028,7 +1028,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_cfg_004, TestSize.Level0) AppSpawnSandboxCfg *sandbox = nullptr; int ret = -1; do { - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); TestParseAppSandboxConfig(sandbox, g_permissionConfig.c_str()); @@ -1077,7 +1077,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_cfg_005, TestSize.Level0) AppSpawnSandboxCfg *sandbox = nullptr; int ret = -1; do { - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); TestParseAppSandboxConfig(sandbox, g_spawnFlagsConfig.c_str()); @@ -1118,7 +1118,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_cfg_006, TestSize.Level0) AppSpawnSandboxCfg *sandbox = nullptr; int ret = -1; do { - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); @@ -1171,7 +1171,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_mount_001, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); @@ -1224,7 +1224,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_mount_002, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); @@ -1276,7 +1276,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_mount_003, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; @@ -1336,7 +1336,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_mount_004, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; ret = TestParseAppSandboxConfig(sandbox, g_packageNameConfig.c_str()); @@ -1387,7 +1387,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_mount_005, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; @@ -1439,7 +1439,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_mount_006, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; @@ -1497,7 +1497,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_mount_007, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; @@ -1554,7 +1554,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Category_001, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); @@ -1607,7 +1607,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Category_002, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); @@ -1660,7 +1660,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Category_003, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); @@ -1713,7 +1713,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Category_004, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); @@ -1765,7 +1765,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Deps_001, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); @@ -1817,7 +1817,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Deps_002, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); @@ -1868,7 +1868,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Deps_003, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); @@ -1920,7 +1920,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Deps_004, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); @@ -1972,7 +1972,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Deps_005, TestSize.Level0) property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); sandbox->appFullMountEnable = 1; ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); @@ -2026,7 +2026,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_001, TestSize.Level property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break); @@ -2062,7 +2062,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_002, TestSize.Level property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break); @@ -2108,7 +2108,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_003, TestSize.Level property = g_testHelper.GetAppProperty(clientHandle, reqHandle); APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break); ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str()); APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break); @@ -2343,7 +2343,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_mount_template, TestSize.Level0) HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_permission, TestSize.Level0) { - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); ASSERT_NE(sandbox, nullptr); int ret = AddSandboxPermissionNode(FILE_CROSS_APP_MODE, nullptr); ASSERT_EQ(ret, APPSPAWN_ARG_INVALID); diff --git a/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp b/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp index 637e6e27..272847a2 100644 --- a/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp +++ b/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp @@ -53,14 +53,14 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_AppSpawnSandboxCfg_001, TestSize.Leve AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(mgr, EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(mgr, EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox == nullptr, 1); - sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); - sandbox = GetAppSpawnSandbox(mgr, EXT_DATA_SANDBOX); + sandbox = GetAppSpawnSandbox(mgr, EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); // dump @@ -69,12 +69,12 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_AppSpawnSandboxCfg_001, TestSize.Leve // delete DeleteAppSpawnSandbox(sandbox); // get none - sandbox = GetAppSpawnSandbox(mgr, EXT_DATA_SANDBOX); + sandbox = GetAppSpawnSandbox(mgr, EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox == nullptr, 1); DumpAppSpawnSandboxCfg(sandbox); DeleteAppSpawnMgr(mgr); - sandbox = GetAppSpawnSandbox(nullptr, EXT_DATA_SANDBOX); + sandbox = GetAppSpawnSandbox(nullptr, EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox == nullptr, 1); } @@ -83,20 +83,20 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_AppSpawnSandboxCfg_002, TestSize.Leve AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); // for appspawn - int ret = LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); + int ret = LoadAppSandboxConfig(sandbox, EXT_DATA_APP_SANDBOX); EXPECT_EQ(ret, 0); - ret = LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); // 重复load + ret = LoadAppSandboxConfig(sandbox, EXT_DATA_APP_SANDBOX); // 重复load EXPECT_EQ(ret, 0); DeleteAppSpawnSandbox(sandbox); DeleteAppSpawnMgr(mgr); - ret = LoadAppSandboxConfig(nullptr, MODE_FOR_APP_SPAWN); + ret = LoadAppSandboxConfig(nullptr, EXT_DATA_APP_SANDBOX); EXPECT_NE(ret, 0); } @@ -105,29 +105,29 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_AppSpawnSandboxCfg_003, TestSize.Leve AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); int ret = 0; #ifdef APPSPAWN_SANDBOX_NEW // for nwebspawn - ret = LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN); + ret = LoadAppSandboxConfig(sandbox, EXT_DATA_APP_SANDBOX); EXPECT_EQ(ret, 0); - ret = LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN); // 重复load + ret = LoadAppSandboxConfig(sandbox, EXT_DATA_APP_SANDBOX); // 重复load EXPECT_EQ(ret, 0); - ret = LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN); // 重复load + ret = LoadAppSandboxConfig(sandbox, EXT_DATA_APP_SANDBOX); // 重复load EXPECT_EQ(ret, 0); #else // for nwebspawn - ret = LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); + ret = LoadAppSandboxConfig(sandbox, EXT_DATA_APP_SANDBOX); EXPECT_EQ(ret, 0); - ret = LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); // 重复load + ret = LoadAppSandboxConfig(sandbox, EXT_DATA_APP_SANDBOX); // 重复load EXPECT_EQ(ret, 0); #endif DeleteAppSpawnSandbox(sandbox); DeleteAppSpawnMgr(mgr); - ret = LoadAppSandboxConfig(nullptr, MODE_FOR_NWEB_SPAWN); + ret = LoadAppSandboxConfig(nullptr, EXT_DATA_APP_SANDBOX); EXPECT_NE(ret, 0); } @@ -136,7 +136,7 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_SandboxSection_001, TestSize.Level0) AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); @@ -183,7 +183,7 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_SandboxSection_002, TestSize.Level0) AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); @@ -220,7 +220,7 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_SandboxSection_003, TestSize.Level0) AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); @@ -246,7 +246,7 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_SandboxSection_004, TestSize.Level0) AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); @@ -288,7 +288,7 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_SandboxMountNode_001, TestSize.Level0 AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); @@ -323,7 +323,7 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_SandboxMountNode_002, TestSize.Level0 AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); @@ -354,7 +354,7 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_SandboxMountNode_003, TestSize.Level0 AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); @@ -402,7 +402,7 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_SandboxMountNode_004, TestSize.Level0 AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); @@ -477,7 +477,7 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_Mount_001, TestSize.Level0) AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); @@ -517,7 +517,7 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_Mount_002, TestSize.Level0) AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); @@ -550,7 +550,7 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_Mount_003, TestSize.Level0) AppSpawnMgr *mgr = CreateAppSpawnMgr(MODE_FOR_NWEB_SPAWN); EXPECT_EQ(mgr != nullptr, 1); - AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX); + AppSpawnSandboxCfg *sandbox = CreateAppSpawnSandbox(EXT_DATA_APP_SANDBOX); EXPECT_EQ(sandbox != nullptr, 1); sandbox->rootPath = strdup("/data/appspawn_ut/sandbox/"); OH_ListAddTail(&sandbox->extData.node, &mgr->extData); -- Gitee