diff --git a/interfaces/innerkits/include/appspawn.h b/interfaces/innerkits/include/appspawn.h index f04bcf1a1e1fe0a47a8685c62d485c7bc393602f..ba13d857557c22c5621a5293cf108343a5e780ed 100644 --- a/interfaces/innerkits/include/appspawn.h +++ b/interfaces/innerkits/include/appspawn.h @@ -199,6 +199,7 @@ typedef enum { APP_FLAGS_PRE_INSTALLED_HAP = 29, APP_FLAGS_GET_ALL_PROCESSES = 30, APP_FLAGS_CUSTOM_SANDBOX = 31, + APP_FLAGS_UNLOCKED_STATUS = 33, MAX_FLAGS_INDEX = 63, } AppFlagsIndex; diff --git a/modules/sandbox/appspawn_sandbox.c b/modules/sandbox/appspawn_sandbox.c index 3a6fe8c7cf3dbff4cd58a9364b0b5544e79f7dc3..2c6abd33d4f59b3d7792b74c314c7e68dfc0f096 100644 --- a/modules/sandbox/appspawn_sandbox.c +++ b/modules/sandbox/appspawn_sandbox.c @@ -51,6 +51,18 @@ #define LOCK_STATUS_SIZE 16 #define DEV_SHM_DIR "/dev/shm/" +static bool CheckSrcPathStatus(const SandboxContext *context, const char *path) +{ + if (strstr(path, "data/app/el1/") || strstr(path, "data/app/el2/")) { + return true; + } + if ((strstr(path, "data/app/el3/") || strstr(path, "data/app/el4/") || strstr(path, "data/app/el5/")) && + (context == NULL || CheckSandboxCtxMsgFlagSet(context, APP_FLAGS_UNLOCKED_STATUS))) { + return true; + } + return false; +} + APPSPAWN_STATIC bool CheckDirRecursive(const char *path) { char buffer[PATH_MAX] = {0}; @@ -75,7 +87,7 @@ APPSPAWN_STATIC bool CheckDirRecursive(const char *path) return true; } -int SandboxMountPath(const MountArg *arg) +int SandboxMountPath(const SandboxContext *context, const MountArg *arg) { APPSPAWN_CHECK(arg != NULL && arg->originPath != NULL && arg->destinationPath != NULL, return APPSPAWN_ARG_INVALID, "Invalid arg "); @@ -88,7 +100,7 @@ int SandboxMountPath(const MountArg *arg) if (ret != 0) { APPSPAWN_LOGW("errno is: %{public}d, bind mount %{public}s => %{public}s", errno, arg->originPath, arg->destinationPath); - if (strstr(arg->originPath, "/data/app/el1/") != NULL || strstr(arg->originPath, "/data/app/el2/") != NULL) { + if (errno == ENOENT && CheckSrcPathStatus(context, arg->originPath)) { CheckDirRecursive(arg->originPath); } return errno; @@ -330,7 +342,7 @@ static int32_t SandboxMountFusePath(const SandboxContext *context, const MountAr // To make sure destinationPath exist CreateSandboxDir(args->destinationPath, FILE_MODE); MountArg mountArg = {args->originPath, args->destinationPath, args->fsType, args->mountFlags, options, MS_SHARED}; - ret = SandboxMountPath(&mountArg); + ret = SandboxMountPath(context, &mountArg); if (ret != 0) { close(fd); return -1; @@ -439,7 +451,7 @@ static int DoSandboxMountByCategory(const SandboxContext *context, const PathMou if (category == MOUNT_TMP_DLP_FUSE || category == MOUNT_TMP_FUSE) { ret = SandboxMountFusePath(context, args); } else { - ret = SandboxMountPath(args); + ret = SandboxMountPath(context, args); } return ret; } @@ -659,7 +671,7 @@ static int SetExpandSandboxConfig(const SandboxContext *context, const AppSpawnS BUFFER_FOR_TARGET, "/data/bundles/", context->rootPath, NULL); CreateSandboxDir(destBundlesPath, FILE_MODE); MountArg mountArg = {PHYSICAL_APP_INSTALL_PATH, destBundlesPath, NULL, MS_REC | MS_BIND, NULL, MS_SLAVE}; - ret = SandboxMountPath(&mountArg); + ret = SandboxMountPath(context, &mountArg); APPSPAWN_CHECK(ret == 0, return ret, "mount library failed %{public}d", ret); } return 0; @@ -735,7 +747,7 @@ static int SetBundleResourceSandboxConfig(const SandboxContext *context, const A MountArg mountArg = { "/data/service/el1/public/bms/bundle_resources/", destPath, NULL, MS_REC | MS_BIND, NULL, MS_SLAVE }; - int ret = SandboxMountPath(&mountArg); + int ret = SandboxMountPath(context, &mountArg); return ret; } @@ -772,7 +784,7 @@ static int SandboxRootFolderCreateNoShare( "set propagation slave failed, app: %{public}s errno: %{public}d", context->rootPath, errno); MountArg arg = {context->rootPath, context->rootPath, NULL, BASIC_MOUNT_FLAGS, NULL, MS_SLAVE}; - ret = SandboxMountPath(&arg); + ret = SandboxMountPath(context, &arg); APPSPAWN_CHECK(ret == 0, return ret, "mount path failed, app: %{public}s errno: %{public}d", context->rootPath, ret); return ret; diff --git a/modules/sandbox/appspawn_sandbox.h b/modules/sandbox/appspawn_sandbox.h index 8abb7640e9d4caf9dba4d2e046427f57a0b63c20..f87530566585b556010ed34b0c10c877747019ab 100644 --- a/modules/sandbox/appspawn_sandbox.h +++ b/modules/sandbox/appspawn_sandbox.h @@ -331,14 +331,15 @@ void ClearExpandAppSandboxConfigHandle(void); __attribute__((always_inline)) inline void *GetSandboxCtxMsgInfo(const SandboxContext *context, uint32_t type) { - APPSPAWN_CHECK(context->message != NULL, + APPSPAWN_CHECK(context != NULL && context->message != NULL, return NULL, "Invalid property for type %{public}u", type); return GetAppSpawnMsgInfo(context->message, type); } __attribute__((always_inline)) inline bool CheckSandboxCtxMsgFlagSet(const SandboxContext *context, uint32_t index) { - APPSPAWN_CHECK(context->message != NULL, return false, "Invalid property for type %{public}d", TLV_MSG_FLAGS); + APPSPAWN_CHECK(context != NULL && context->message != NULL, + return false, "Invalid property for type %{public}d", TLV_MSG_FLAGS); return CheckAppSpawnMsgFlag(context->message, TLV_MSG_FLAGS, index); } @@ -404,7 +405,7 @@ typedef struct TagMountArg { mode_t mountSharedFlag; } MountArg; -int SandboxMountPath(const MountArg *arg); +int SandboxMountPath(const SandboxContext *context, const MountArg *arg); __attribute__((always_inline)) inline int IsPathEmpty(const char *path) { diff --git a/modules/sandbox/sandbox_debug_mode.c b/modules/sandbox/sandbox_debug_mode.c index 69a0cc31b1412b64572907f3969ab4f6a80473a6..db5a2138b55a8b1352e9d2c32d4369f591b546e6 100644 --- a/modules/sandbox/sandbox_debug_mode.c +++ b/modules/sandbox/sandbox_debug_mode.c @@ -378,7 +378,7 @@ static int MountDebugDirBySharefs(const SandboxContext *context, const AppSpawnS .mountFlags = tmp->mountFlags, .mountSharedFlag = MS_SLAVE }; - ret = SandboxMountPath(&args); + ret = SandboxMountPath(context, &args); APPSPAWN_CHECK(ret == 0, return APPSPAWN_SYSTEM_ERROR, "Failed to mount points"); return 0; diff --git a/modules/sandbox/sandbox_expand.c b/modules/sandbox/sandbox_expand.c index 717b1c41a74e582cbbb2e892441b9565d69f558e..623afca8794364c004e8467e6dd97adbc6a0e648 100644 --- a/modules/sandbox/sandbox_expand.c +++ b/modules/sandbox/sandbox_expand.c @@ -65,7 +65,7 @@ APPSPAWN_STATIC int MountAllHsp(const SandboxContext *context, const cJSON *hsps MountArg mountArg = { context->buffer[0].buffer, context->buffer[1].buffer, NULL, MS_REC | MS_BIND, NULL, MS_SLAVE }; - ret = SandboxMountPath(&mountArg); + ret = SandboxMountPath(context, &mountArg); APPSPAWN_CHECK(ret == 0, return ret, "mount library failed %{public}d", ret); } return ret; @@ -121,7 +121,7 @@ APPSPAWN_STATIC int MountAllGroup(const SandboxContext *context, const AppSpawnS ret = CreateSandboxDir(context->buffer[0].buffer, FILE_MODE); APPSPAWN_CHECK(ret == 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, "Mkdir sandbox dir failed"); MountArg mountArg = {srcPath, context->buffer[0].buffer, NULL, mountFlags, NULL, mountSharedFlag}; - ret = SandboxMountPath(&mountArg); + ret = SandboxMountPath(context, &mountArg); APPSPAWN_CHECK_ONLY_LOG(ret == 0, "mount datagroup failed"); } return 0; @@ -176,7 +176,7 @@ static int SetOverlayAppPath(const char *hapPath, void *context) MountArg mountArg = { sandboxContext->buffer[0].buffer, sandboxContext->buffer[1].buffer, NULL, MS_REC | MS_BIND, NULL, MS_SHARED }; - int retMount = SandboxMountPath(&mountArg); + int retMount = SandboxMountPath(context, &mountArg); if (retMount != 0) { APPSPAWN_LOGE("Fail to mount overlay path, src is %{public}s.", hapPath); ret = retMount; diff --git a/modules/sandbox/sandbox_shared.c b/modules/sandbox/sandbox_shared.c index 983a9390fd525e454fe790cc833c71e061ad01d9..147f50447df0bd0427a97bf09c70651628a70970 100644 --- a/modules/sandbox/sandbox_shared.c +++ b/modules/sandbox/sandbox_shared.c @@ -127,7 +127,7 @@ static bool SetSandboxPathShared(const char *sandboxPath) return true; } -static int MountWithFileMgr(const AppDacInfo *info) +static int MountWithFileMgr(const SandboxContext *context, const AppDacInfo *info) { /* /mnt/user//nosharefs/docs */ char nosharefsDocsDir[PATH_MAX_LEN] = {0}; @@ -167,14 +167,14 @@ static int MountWithFileMgr(const AppDacInfo *info) .options = NULL, .mountSharedFlag = MS_SHARED }; - ret = SandboxMountPath(&arg); + ret = SandboxMountPath(context, &arg); if (ret != 0) { APPSPAWN_LOGE("mount %{public}s shared failed, ret %{public}d", storageUserPath, ret); } return ret; } -static int MountWithOther(const AppDacInfo *info) +static int MountWithOther(const SandboxContext *context, const AppDacInfo *info) { /* /mnt/user//sharefs/docs */ char sharefsDocsDir[PATH_MAX_LEN] = {0}; @@ -222,7 +222,7 @@ static int MountWithOther(const AppDacInfo *info) .options = options, .mountSharedFlag = MS_SHARED }; - ret = SandboxMountPath(&arg); + ret = SandboxMountPath(context, &arg); if (ret != 0) { APPSPAWN_LOGE("mount %{public}s shared failed, ret %{public}d", storageUserPath, ret); } @@ -236,10 +236,10 @@ static void MountStorageUsers(const SandboxContext *context, AppSpawnSandboxCfg int checkRes = CheckSandboxCtxPermissionFlagSet(context, (uint32_t)index); if (checkRes == 0) { /* mount /mnt/user//sharefs/docs to /mnt/sandbox//app-root/storage/Users */ - ret = MountWithOther(info); + ret = MountWithOther(context, info); } else { /* mount /mnt/user//nosharefs/docs to /mnt/sandbox//app-root/storage/Users */ - ret = MountWithFileMgr(info); + ret = MountWithFileMgr(context, info); } if (ret != 0) { APPSPAWN_LOGE("Update %{public}s storage dir failed, ret %{public}d", @@ -249,7 +249,7 @@ static void MountStorageUsers(const SandboxContext *context, AppSpawnSandboxCfg } } -static int MountSharedMapItem(const char *bundleNamePath, const char *sandboxPathItem) +static int MountSharedMapItem(const SandboxContext *context, const char *bundleNamePath, const char *sandboxPathItem) { /* /mnt/sandbox///data/storage/el */ char sandboxPath[PATH_MAX_LEN] = {0}; @@ -280,7 +280,7 @@ static int MountSharedMapItem(const char *bundleNamePath, const char *sandboxPat .options = NULL, .mountSharedFlag = MS_SHARED }; - ret = SandboxMountPath(&arg); + ret = SandboxMountPath(context, &arg); if (ret != 0) { APPSPAWN_LOGE("mount %{public}s shared failed, ret %{public}d", sandboxPath, ret); } @@ -292,12 +292,12 @@ static void MountSharedMap(const SandboxContext *context, AppSpawnSandboxCfg *sa int length = sizeof(MOUNT_SHARED_MAP) / sizeof(MOUNT_SHARED_MAP[0]); for (int i = 0; i < length; i++) { if (MOUNT_SHARED_MAP[i].permission == NULL) { - MountSharedMapItem(bundleNamePath, MOUNT_SHARED_MAP[i].sandboxPath); + MountSharedMapItem(context, bundleNamePath, MOUNT_SHARED_MAP[i].sandboxPath); } else { int index = GetPermissionIndexInQueue(&sandbox->permissionQueue, MOUNT_SHARED_MAP[i].permission); APPSPAWN_LOGV("mount dir on lock mountPermissionFlags %{public}d", index); if (CheckSandboxCtxPermissionFlagSet(context, (uint32_t)index)) { - MountSharedMapItem(bundleNamePath, MOUNT_SHARED_MAP[i].sandboxPath); + MountSharedMapItem(context, bundleNamePath, MOUNT_SHARED_MAP[i].sandboxPath); } } } @@ -452,7 +452,7 @@ int UpdateDataGroupDirs(AppSpawnMgr *content) .options = NULL, .mountSharedFlag = MS_SHARED }; - ret = SandboxMountPath(&args); + ret = SandboxMountPath(NULL, &args); if (ret != 0) { APPSPAWN_LOGE("Shared mount %{public}s to %{public}s failed, errno %{public}d", args.originPath, args.destinationPath, ret); @@ -500,6 +500,7 @@ int MountDirsToShared(AppSpawnMgr *content, SandboxContext *context, AppSpawnSan } if (IsUnlockStatus(info->uid)) { + SetAppSpawnMsgFlag(context->message, TLV_MSG_FLAGS, APP_FLAGS_UNLOCKED_STATUS); return 0; } diff --git a/modules/sandbox/sandbox_shared_mount.cpp b/modules/sandbox/sandbox_shared_mount.cpp index 58f2635c3fef5df9410b5b62b39d737786bd6085..c72f51654de4d3122c4309f58fe12f11ff7e1f7f 100644 --- a/modules/sandbox/sandbox_shared_mount.cpp +++ b/modules/sandbox/sandbox_shared_mount.cpp @@ -23,7 +23,6 @@ #include #include #include "securec.h" -#include "nlohmann/json.hpp" #include "sandbox_shared_mount.h" #include "appspawn_mount_permission.h" @@ -185,7 +184,7 @@ static int MountEl1Bundle(const AppSpawningCtx *property, const AppDacInfo *info ret = umount2(targetPath, MNT_DETACH); if (ret != 0) { - APPSPAWN_LOGE("umount2 %{public}s failed, errno %{public}d", targetPath, errno); + APPSPAWN_LOGE("umount2 %{public}s failed, errno %{public}d", targetPath, errno); } SharedMountArgs arg = { @@ -565,6 +564,7 @@ static void MountDirToShared(AppSpawnMgr *content, const AppSpawningCtx *propert MountEl1Bundle(property, info, bundleInfo->bundleName); if (IsUnlockStatus(info->uid)) { + SetAppSpawnMsgFlag(property->message, TLV_MSG_FLAGS, APP_FLAGS_UNLOCKED_STATUS); return; } diff --git a/modules/sandbox/sandbox_shared_mount.h b/modules/sandbox/sandbox_shared_mount.h index ad2e8cd9b993c652520ce41997bb6b971e88e3c7..1a24f2cce94ebc4c10277dc73ccc17985aee6874 100644 --- a/modules/sandbox/sandbox_shared_mount.h +++ b/modules/sandbox/sandbox_shared_mount.h @@ -16,6 +16,8 @@ #ifndef SANDBOX_SHARED_MOUNT_H #define SANDBOX_SHARED_MOUNT_H +#include "nlohmann/json.hpp" + #include "appspawn.h" #include "appspawn_hook.h" #include "appspawn_manager.h" @@ -46,14 +48,14 @@ typedef struct DataGroupSandboxPathTemplate { const char *permission; } DataGroupSandboxPathTemplate; -typedef struct { +struct SharedMountArgs { const char *srcPath; const char *destPath; - const char *fsType; - unsigned long mountFlags; - const char *options; - mode_t mountSharedFlag; -} SharedMountArgs; + const char *fsType = ""; + unsigned long mountFlags = MS_REC | MS_BIND; + const char *options = ""; + mode_t mountSharedFlag = MS_SLAVE; +}; bool IsValidDataGroupItem(nlohmann::json &item); int GetElxInfoFromDir(const char *path); diff --git a/modules/sandbox/sandbox_utils.cpp b/modules/sandbox/sandbox_utils.cpp index f00273d45a59fb22d24c2ad32e8af74435d04710..258b7eaac19d23cd909e5d79068a3a2db64356c3 100644 --- a/modules/sandbox/sandbox_utils.cpp +++ b/modules/sandbox/sandbox_utils.cpp @@ -35,7 +35,6 @@ #include "appspawn_service.h" #include "appspawn_utils.h" #include "config_policy_utils.h" -#include "sandbox_shared_mount.h" #ifdef WITH_DLP #include "dlp_fuse_fd.h" #endif @@ -316,17 +315,27 @@ static void CheckMountStatus(const std::string &path) APPSPAWN_CHECK_ONLY_LOG(flag, "Mountinfo not contains %{public}s", path.c_str()); } -int32_t SandboxUtils::DoAppSandboxMountOnce(const char *originPath, const char *destinationPath, - const char *fsType, unsigned long mountFlags, - const char *options, mode_t mountSharedFlag) +static bool CheckSrcPathStatus(const AppSpawningCtx *appProperty, const char *path) { - if (originPath == nullptr || destinationPath == nullptr || originPath[0] == '\0' || destinationPath[0] == '\0') { + if (strstr(path, "data/app/el1/") || strstr(path, "data/app/el2/")) { + return true; + } + if ((strstr(path, "data/app/el3/") || strstr(path, "data/app/el4/") || strstr(path, "data/app/el5/")) && + CheckAppMsgFlagsSet(appProperty, APP_FLAGS_UNLOCKED_STATUS)) { + return true; + } + return false; +} + +int32_t SandboxUtils::DoAppSandboxMountOnce(const AppSpawningCtx *appProperty, const SharedMountArgs *arg) +{ + if (!(arg && arg->srcPath && arg->destPath && arg->srcPath[0] != '\0' && arg->destPath[0] != '\0')) { return 0; } - if (strstr(originPath, "system/etc/hosts") != nullptr) { - CheckAndCreatFile(destinationPath); + if (strstr(arg->srcPath, "system/etc/hosts") != nullptr) { + CheckAndCreatFile(arg->destPath); } else { - MakeDirRecursive(destinationPath, FILE_MODE); + MakeDirRecursive(arg->destPath, FILE_MODE); } int ret = 0; @@ -334,31 +343,29 @@ int32_t SandboxUtils::DoAppSandboxMountOnce(const char *originPath, const char * struct timespec mountStart = {0}; clock_gettime(CLOCK_MONOTONIC_COARSE, &mountStart); APPSPAWN_LOGV("Bind mount %{public}s to %{public}s '%{public}s' '%{public}lu' '%{public}s' '%{public}u'", - originPath, destinationPath, fsType, mountFlags, options, mountSharedFlag); - ret = mount(originPath, destinationPath, fsType, mountFlags, options); + arg->srcPath, arg->destPath, arg->fsType, arg->mountFlags, arg->options, arg->mountSharedFlag); + ret = mount(arg->srcPath, arg->destPath, arg->fsType, arg->mountFlags, arg->options); struct timespec mountEnd = {0}; clock_gettime(CLOCK_MONOTONIC_COARSE, &mountEnd); uint64_t diff = DiffTime(&mountStart, &mountEnd); - APPSPAWN_CHECK_ONLY_LOG(diff < MAX_MOUNT_TIME, "mount %{public}s time %{public}" PRId64 " us", originPath, diff); + APPSPAWN_CHECK_ONLY_LOG(diff < MAX_MOUNT_TIME, "mount %{public}s time %{public}" PRId64 " us", arg->srcPath, diff); #ifdef APPSPAWN_HISYSEVENT APPSPAWN_CHECK_ONLY_EXPER(diff < FUNC_REPORT_DURATION, ReportAbnormalDuration("MOUNT", diff)); #endif if (ret != 0) { - APPSPAWN_LOGI("errno is: %{public}d, bind mount %{public}s to %{public}s", errno, originPath, destinationPath); - std::string originPathStr = originPath == nullptr ? "" : originPath; - if (originPathStr.find("data/app/el1/") != std::string::npos || - originPathStr.find("data/app/el2/") != std::string::npos) { - CheckDirRecursive(originPathStr); + APPSPAWN_LOGI("errno is: %{public}d, bind mount %{public}s to %{public}s", errno, arg->srcPath, arg->destPath); + if (errno == ENOENT && CheckSrcPathStatus(appProperty, arg->srcPath)) { + CheckDirRecursive(arg->srcPath); } return ret; } - ret = mount(nullptr, destinationPath, nullptr, mountSharedFlag, nullptr); + ret = mount(nullptr, arg->destPath, nullptr, arg->mountSharedFlag, nullptr); if (ret != 0) { APPSPAWN_LOGI("errno is: %{public}d, private mount to %{public}s '%{public}u' failed", - errno, destinationPath, mountSharedFlag); + errno, arg->destPath, arg->mountSharedFlag); if (errno == EINVAL) { - CheckMountStatus(destinationPath); + CheckMountStatus(arg->destPath); } return ret; } @@ -920,32 +927,34 @@ int SandboxUtils::DoAllMntPointsMount(const AppSpawningCtx *appProperty, unsigned int mountPointSize = mountPoints.size(); for (unsigned int i = 0; i < mountPointSize; i++) { nlohmann::json& mntPoint = mountPoints[i]; - if ((CheckMountConfig(mntPoint, appProperty, checkFlag) == false)) { - continue; - } + APPSPAWN_CHECK_ONLY_EXPER(CheckMountConfig(mntPoint, appProperty, checkFlag), continue); + std::string srcPath = ConvertToRealPath(appProperty, mntPoint[g_srcPath].get()); - if (!GetCreateSandboxPath(mntPoint, srcPath)) { - continue; - } + APPSPAWN_CHECK_ONLY_EXPER(GetCreateSandboxPath(mntPoint, srcPath), continue); std::string sandboxPath = GetSandboxPath(appProperty, mntPoint, section, sandboxRoot); SandboxMountConfig mountConfig = {0}; GetSandboxMountConfig(appProperty, section, mntPoint, mountConfig); - unsigned long mountFlags = GetSandboxMountFlags(mntPoint); - mode_t mountSharedFlag = (mntPoint.find(g_mountSharedFlag) != mntPoint.end()) ? MS_SHARED : MS_SLAVE; + SharedMountArgs arg = { + .srcPath = srcPath.c_str(), + .destPath = sandboxPath.c_str(), + .fsType = mountConfig.fsType.c_str(), + .mountFlags = GetSandboxMountFlags(mntPoint), + .options = mountConfig.optionsPoint.c_str(), + .mountSharedFlag = (mntPoint.find(g_mountSharedFlag) != mntPoint.end()) ? MS_SHARED : MS_SLAVE + }; /* if app mount failed for special strategy, we need deal with common mount config */ - int ret = HandleSpecialAppMount(appProperty, srcPath, sandboxPath, mountConfig.fsType, mountFlags); + int ret = HandleSpecialAppMount(appProperty, arg.srcPath, arg.destPath, arg.fsType, arg.mountFlags); if (ret < 0) { - ret = DoAppSandboxMountOnce(srcPath.c_str(), sandboxPath.c_str(), mountConfig.fsType.c_str(), - mountFlags, mountConfig.optionsPoint.c_str(), mountSharedFlag); + ret = DoAppSandboxMountOnce(appProperty, &arg); } APPSPAWN_CHECK(ret == 0 || !GetCheckStatus(mntPoint), #ifdef APPSPAWN_HISYSEVENT - ReportMountFail(bundleName.c_str(), srcPath.c_str(), sandboxPath.c_str(), errno); + ReportMountFail(bundleName.c_str(), arg.srcPath, arg.destPath, errno); ret = APPSPAWN_SANDBOX_MOUNT_FAIL; #endif return ret, - "DoAppSandboxMountOnce section %{public}s failed, %{public}s", section.c_str(), sandboxPath.c_str()); + "DoAppSandboxMountOnce section %{public}s failed, %{public}s", section.c_str(), arg.destPath); DoSandboxChmod(mntPoint, sandboxRoot); } return 0; @@ -1330,13 +1339,15 @@ int32_t SandboxUtils::SetCommonAppSandboxProperty(const AppSpawningCtx *appPrope AppSpawnMsgDomainInfo *info = reinterpret_cast(GetAppProperty(appProperty, TLV_DOMAIN_INFO)); APPSPAWN_CHECK(info != nullptr, return -1, "No domain info %{public}s", sandboxPackagePath.c_str()); - if (strcmp(info->apl, APL_SYSTEM_BASIC.data()) == 0 || - strcmp(info->apl, APL_SYSTEM_CORE.data()) == 0 || + if (strcmp(info->apl, APL_SYSTEM_BASIC.data()) == 0 || strcmp(info->apl, APL_SYSTEM_CORE.data()) == 0 || CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ACCESS_BUNDLE_DIR)) { // need permission check for system app here std::string destbundlesPath = sandboxPackagePath + g_dataBundles; - DoAppSandboxMountOnce(g_physicalAppInstallPath.c_str(), destbundlesPath.c_str(), "", BASIC_MOUNT_FLAGS, - nullptr); + SharedMountArgs arg = { + .srcPath = g_physicalAppInstallPath.c_str(), + .destPath = destbundlesPath.c_str() + }; + DoAppSandboxMountOnce(appProperty, &arg); } return 0; @@ -1390,7 +1401,11 @@ int32_t SandboxUtils::MountAllHsp(const AppSpawningCtx *appProperty, std::string std::string libPhysicalPath = g_physicalAppInstallPath + libBundleName + "/" + libVersion + "/" + libModuleName; std::string mntPath = sandboxPackagePath + g_sandboxHspInstallPath + libBundleName + "/" + libModuleName; - ret = DoAppSandboxMountOnce(libPhysicalPath.c_str(), mntPath.c_str(), "", BASIC_MOUNT_FLAGS, nullptr); + SharedMountArgs arg = { + .srcPath = libPhysicalPath.c_str(), + .destPath = mntPath.c_str() + }; + ret = DoAppSandboxMountOnce(appProperty, &arg); APPSPAWN_CHECK(ret == 0, return ret, "mount library failed %{public}d", ret); } return ret; @@ -1448,14 +1463,19 @@ int32_t SandboxUtils::MountAllGroup(const AppSpawningCtx *appProperty, std::stri continue; } } + std::string dataGroupUuid = item[g_groupList_key_uuid]; std::string mntPath = sandboxPackagePath + templateItem->sandboxPath + dataGroupUuid; - mode_t mountFlags = MS_REC | MS_BIND; mode_t mountSharedFlag = MS_SLAVE; if (CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX)) { mountSharedFlag |= MS_REMOUNT | MS_NODEV | MS_RDONLY | MS_BIND; } - ret = DoAppSandboxMountOnce(srcPath.c_str(), mntPath.c_str(), "", mountFlags, nullptr, mountSharedFlag); + SharedMountArgs arg = { + .srcPath = srcPath.c_str(), + .destPath = mntPath.c_str(), + .mountSharedFlag = mountSharedFlag + }; + ret = DoAppSandboxMountOnce(appProperty, &arg); if (ret != 0) { APPSPAWN_LOGE("mount el%{public}d datagroup failed", elxValue); } @@ -1472,8 +1492,11 @@ int32_t SandboxUtils::DoSandboxRootFolderCreate(const AppSpawningCtx *appPropert return rc; } #endif - DoAppSandboxMountOnce(sandboxPackagePath.c_str(), sandboxPackagePath.c_str(), "", - BASIC_MOUNT_FLAGS, nullptr); + SharedMountArgs arg = { + .srcPath = sandboxPackagePath.c_str(), + .destPath = sandboxPackagePath.c_str() + }; + DoAppSandboxMountOnce(appProperty, &arg); return 0; } @@ -1606,8 +1629,11 @@ int32_t SandboxUtils::SetOverlayAppSandboxProperty(const AppSpawningCtx *appProp auto bundleNameIndex = srcPath.find_last_of(g_fileSeparator); string destPath = sandboxOverlayPath + srcPath.substr(bundleNameIndex + 1, srcPath.length()); - int32_t retMount = DoAppSandboxMountOnce(srcPath.c_str(), destPath.c_str(), - nullptr, BASIC_MOUNT_FLAGS, nullptr); + SharedMountArgs arg = { + .srcPath = srcPath.c_str(), + .destPath = destPath.c_str() + }; + int32_t retMount = DoAppSandboxMountOnce(appProperty, &arg); if (retMount != 0) { APPSPAWN_LOGE("fail to mount overlay path, src is %{public}s.", hapPath.c_str()); ret = retMount; @@ -1621,16 +1647,16 @@ int32_t SandboxUtils::SetOverlayAppSandboxProperty(const AppSpawningCtx *appProp int32_t SandboxUtils::SetBundleResourceAppSandboxProperty(const AppSpawningCtx *appProperty, string &sandboxPackagePath) { - int ret = 0; if (!CheckAppMsgFlagsSet(appProperty, APP_FLAGS_BUNDLE_RESOURCES)) { - return ret; + return 0; } - string srcPath = g_bundleResourceSrcPath; string destPath = sandboxPackagePath + g_bundleResourceDestPath; - ret = DoAppSandboxMountOnce( - srcPath.c_str(), destPath.c_str(), nullptr, BASIC_MOUNT_FLAGS, nullptr); - return ret; + SharedMountArgs arg = { + .srcPath = g_bundleResourceSrcPath.c_str(), + .destPath = destPath.c_str() + }; + return DoAppSandboxMountOnce(appProperty, &arg); } int32_t SandboxUtils::CheckAppFullMountEnable() diff --git a/modules/sandbox/sandbox_utils.h b/modules/sandbox/sandbox_utils.h index 1ad93280af16cde5d56284860c8278fe8b9a32fb..e4cc70b4b9e8eae420e24e5915eca69f67bbc706 100755 --- a/modules/sandbox/sandbox_utils.h +++ b/modules/sandbox/sandbox_utils.h @@ -22,7 +22,7 @@ #include #include -#include "nlohmann/json.hpp" +#include "sandbox_shared_mount.h" #include "appspawn_server.h" #include "appspawn_manager.h" @@ -52,9 +52,7 @@ public: #ifndef APPSPAWN_TEST private: #endif - static int32_t DoAppSandboxMountOnce(const char *originPath, const char *destinationPath, - const char *fsType, unsigned long mountFlags, - const char *options, mode_t mountSharedFlag = MS_SLAVE); + static int32_t DoAppSandboxMountOnce(const AppSpawningCtx *appProperty, const SharedMountArgs *arg); static int32_t DoSandboxFileCommonBind(const AppSpawningCtx *appProperty, nlohmann::json &wholeConfig); static int32_t DoSandboxFileCommonSymlink(const AppSpawningCtx *appProperty, nlohmann::json &wholeConfig); diff --git a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp index 5d6bba808d0327b2a7adc1a78c3cb21f407e4075..85a6f01e2ff0490c6c4be91354dba7d848b0b803 100644 --- a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp +++ b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp @@ -835,7 +835,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_31, TestSize.Level0) HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_32, TestSize.Level0) { GTEST_LOG_(INFO) << "App_Spawn_Sandbox_32 start"; - int ret = OHOS::AppSpawn::SandboxUtils::DoAppSandboxMountOnce(nullptr, "", nullptr, 0, nullptr); + int ret = OHOS::AppSpawn::SandboxUtils::DoAppSandboxMountOnce(nullptr, nullptr); EXPECT_EQ(ret, 0); std::string mJsconfig1 = "{ \ diff --git a/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp b/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp index 3a63ac1c0f42af73412f4e44ac10e8faf5146470..efb6c5bd10d0d1f0ea3c9f1e8f58a7c2d9d1a776 100644 --- a/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp +++ b/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp @@ -584,14 +584,14 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_Add_App_SandboxMountPath_001, TestSiz arg.destinationPath = "/data/appspawn/test"; arg.mountSharedFlag = 1; - int ret = SandboxMountPath(&arg); + int ret = SandboxMountPath(nullptr, &arg); EXPECT_EQ(ret, 0); - ret = SandboxMountPath(&arg); + ret = SandboxMountPath(nullptr, &arg); EXPECT_EQ(ret, 0); - ret = SandboxMountPath(nullptr); + ret = SandboxMountPath(nullptr, nullptr); EXPECT_NE(ret, 0); arg.mountSharedFlag = -1; - ret = SandboxMountPath(&arg); + ret = SandboxMountPath(nullptr, &arg); EXPECT_EQ(ret, 0); }