diff --git a/modules/sandbox/appspawn_sandbox.c b/modules/sandbox/appspawn_sandbox.c index a51e3803f1bc017cb7e12687250a210ce6527840..868e173f0c92462deec3170c1be74bcf707e3b5f 100644 --- a/modules/sandbox/appspawn_sandbox.c +++ b/modules/sandbox/appspawn_sandbox.c @@ -51,7 +51,19 @@ #define LOCK_STATUS_SIZE 16 #define DEV_SHM_DIR "/dev/shm/" -APPSPAWN_STATIC bool CheckDirRecursive(const char *path) +bool IsNeededCheckPathStatus(const SandboxContext *context, const char *path) +{ + if (strstr(path, "data/app/el1/") || strstr(path, "data/app/el2/")) { + return true; + } + if ((strstr(path, "data/app/el3/") || strstr(path, "data/app/el4/") || strstr(path, "data/app/el5/")) && + CheckSandboxCtxMsgFlagSet(context, APP_FLAGS_UNLOCKED_STATUS)) { + return true; + } + return false; +} + +bool CheckDirRecursive(const char *path) { char buffer[PATH_MAX] = {0}; const char slash = '/'; @@ -78,7 +90,7 @@ APPSPAWN_STATIC bool CheckDirRecursive(const char *path) int SandboxMountPath(const MountArg *arg) { APPSPAWN_CHECK(arg != NULL && arg->originPath != NULL && arg->destinationPath != NULL, - return APPSPAWN_ARG_INVALID, "Invalid arg "); + return APPSPAWN_ARG_INVALID, "Invalid arg"); APPSPAWN_LOGV("Bind mount arg: '%{public}s' '%{public}s' %{public}x '%{public}s' %{public}s => %{public}s", arg->fsType, arg->mountSharedFlag == MS_SHARED ? "MS_SHARED" : "MS_SLAVE", @@ -88,15 +100,12 @@ int SandboxMountPath(const MountArg *arg) if (ret != 0) { APPSPAWN_LOGW("errno is: %{public}d, bind mount %{public}s => %{public}s", errno, arg->originPath, arg->destinationPath); - if (strstr(arg->originPath, "/data/app/el1/") != NULL || strstr(arg->originPath, "/data/app/el2/") != NULL) { - CheckDirRecursive(arg->originPath); - } return errno; } ret = mount(NULL, arg->destinationPath, NULL, arg->mountSharedFlag, NULL); if (ret != 0) { - APPSPAWN_LOGW("errno is: %{public}d, bind mount %{public}s => %{public}s", - errno, arg->originPath, arg->destinationPath); + APPSPAWN_LOGW("errno is: %{public}d, %{public}s mount %{public}s => %{public}s", + errno, arg->mountSharedFlag == MS_SHARED ? "MS_SHARED" : "MS_SLAVE", arg->originPath, arg->destinationPath); return errno; } return 0; @@ -440,6 +449,9 @@ static int DoSandboxMountByCategory(const SandboxContext *context, const PathMou ret = SandboxMountFusePath(context, args); } else { ret = SandboxMountPath(args); + if (ret == ENOENT && IsNeededCheckPathStatus(context, args->originPath)) { + CheckDirRecursive(args->originPath); + } } return ret; } @@ -655,6 +667,9 @@ static int SetExpandSandboxConfig(const SandboxContext *context, const AppSpawnS CreateSandboxDir(destBundlesPath, FILE_MODE); MountArg mountArg = {PHYSICAL_APP_INSTALL_PATH, destBundlesPath, NULL, MS_REC | MS_BIND, NULL, MS_SLAVE}; ret = SandboxMountPath(&mountArg); + if (ret == ENOENT) { + CheckDirRecursive(PHYSICAL_APP_INSTALL_PATH); + } APPSPAWN_CHECK(ret == 0, return ret, "mount library failed %{public}d", ret); } return 0; diff --git a/modules/sandbox/appspawn_sandbox.h b/modules/sandbox/appspawn_sandbox.h index 8abb7640e9d4caf9dba4d2e046427f57a0b63c20..040acc8fbeb2bbf88ef034985bc2a0f8e2f8a7dc 100644 --- a/modules/sandbox/appspawn_sandbox.h +++ b/modules/sandbox/appspawn_sandbox.h @@ -331,14 +331,15 @@ void ClearExpandAppSandboxConfigHandle(void); __attribute__((always_inline)) inline void *GetSandboxCtxMsgInfo(const SandboxContext *context, uint32_t type) { - APPSPAWN_CHECK(context->message != NULL, + APPSPAWN_CHECK(context != NULL && context->message != NULL, return NULL, "Invalid property for type %{public}u", type); return GetAppSpawnMsgInfo(context->message, type); } __attribute__((always_inline)) inline bool CheckSandboxCtxMsgFlagSet(const SandboxContext *context, uint32_t index) { - APPSPAWN_CHECK(context->message != NULL, return false, "Invalid property for type %{public}d", TLV_MSG_FLAGS); + APPSPAWN_CHECK(context != NULL && context->message != NULL, + return false, "Invalid property for type %{public}u", TLV_MSG_FLAGS); return CheckAppSpawnMsgFlag(context->message, TLV_MSG_FLAGS, index); } @@ -346,7 +347,7 @@ __attribute__((always_inline)) inline bool CheckSandboxCtxPermissionFlagSet( const SandboxContext *context, uint32_t index) { APPSPAWN_CHECK(context != NULL && context->message != NULL, - return false, "Invalid property for type %{public}d", TLV_PERMISSION); + return false, "Invalid property for type %{public}u", TLV_PERMISSION); return CheckAppSpawnMsgFlag(context->message, TLV_PERMISSION, index); } @@ -404,6 +405,8 @@ typedef struct TagMountArg { mode_t mountSharedFlag; } MountArg; +bool IsNeededCheckPathStatus(const SandboxContext *context, const char *path); +bool CheckDirRecursive(const char *path); int SandboxMountPath(const MountArg *arg); __attribute__((always_inline)) inline int IsPathEmpty(const char *path) diff --git a/modules/sandbox/sandbox_expand.c b/modules/sandbox/sandbox_expand.c index 717b1c41a74e582cbbb2e892441b9565d69f558e..862d81da6219f16d4c92854b04b1899293e247f7 100644 --- a/modules/sandbox/sandbox_expand.c +++ b/modules/sandbox/sandbox_expand.c @@ -66,6 +66,9 @@ APPSPAWN_STATIC int MountAllHsp(const SandboxContext *context, const cJSON *hsps context->buffer[0].buffer, context->buffer[1].buffer, NULL, MS_REC | MS_BIND, NULL, MS_SLAVE }; ret = SandboxMountPath(&mountArg); + if (ret == ENOENT) { + CheckDirRecursive(context->buffer[0].buffer); + } APPSPAWN_CHECK(ret == 0, return ret, "mount library failed %{public}d", ret); } return ret; @@ -122,6 +125,9 @@ APPSPAWN_STATIC int MountAllGroup(const SandboxContext *context, const AppSpawnS APPSPAWN_CHECK(ret == 0, return APPSPAWN_ERROR_UTILS_MEM_FAIL, "Mkdir sandbox dir failed"); MountArg mountArg = {srcPath, context->buffer[0].buffer, NULL, mountFlags, NULL, mountSharedFlag}; ret = SandboxMountPath(&mountArg); + if (ret == ENOENT && IsNeededCheckPathStatus(context, srcPath)) { + CheckDirRecursive(srcPath); + } APPSPAWN_CHECK_ONLY_LOG(ret == 0, "mount datagroup failed"); } return 0; @@ -176,10 +182,10 @@ static int SetOverlayAppPath(const char *hapPath, void *context) MountArg mountArg = { sandboxContext->buffer[0].buffer, sandboxContext->buffer[1].buffer, NULL, MS_REC | MS_BIND, NULL, MS_SHARED }; - int retMount = SandboxMountPath(&mountArg); - if (retMount != 0) { - APPSPAWN_LOGE("Fail to mount overlay path, src is %{public}s.", hapPath); - ret = retMount; + ret = SandboxMountPath(&mountArg); + if (ret == ENOENT) { + APPSPAWN_LOGE("Fail to mount overlay path, src is %{public}s", hapPath); + CheckDirRecursive(sandboxContext->buffer[0].buffer); } return ret; } diff --git a/modules/sandbox/sandbox_shared.c b/modules/sandbox/sandbox_shared.c index 8d51b99530c1f09fbf5d3b89dedb83f3e4c8a98b..9cb205bd2485a152e68ecd284187aa1760e02a6d 100644 --- a/modules/sandbox/sandbox_shared.c +++ b/modules/sandbox/sandbox_shared.c @@ -491,9 +491,8 @@ int UpdateDataGroupDirs(AppSpawnMgr *content) .mountSharedFlag = MS_SHARED }; ret = SandboxMountPath(&args); - if (ret != 0) { - APPSPAWN_LOGE("Shared mount %{public}s to %{public}s failed, errno %{public}d", args.originPath, - args.destinationPath, ret); + if (ret == ENOENT) { + CheckDirRecursive(args.originPath); } node = node->next; } @@ -540,6 +539,7 @@ int MountDirsToShared(AppSpawnMgr *content, SandboxContext *context, AppSpawnSan MountDataShared(info); if (IsUnlockStatus(info->uid)) { + SetAppSpawnMsgFlag(context->message, TLV_MSG_FLAGS, APP_FLAGS_UNLOCKED_STATUS); return 0; } diff --git a/test/mock/app_spawn_stub.h b/test/mock/app_spawn_stub.h index c9009860f5c5b0c0fec9900ad3334e4cd6dc6c87..88c6bf4a19031151300050ace488ef259fec3c31 100644 --- a/test/mock/app_spawn_stub.h +++ b/test/mock/app_spawn_stub.h @@ -89,7 +89,6 @@ void CloseClientSocket(int socketId); int ParseAppSandboxConfig(const cJSON *appSandboxConfig, AppSpawnSandboxCfg *sandbox); AppSpawnSandboxCfg *CreateAppSpawnSandbox(ExtDataType type); void AddDefaultVariable(void); -bool CheckDirRecursive(const char *path); void CreateDemandSrc(const SandboxContext *context, const PathMountNode *sandboxNode, const MountArg *args); int CheckSandboxMountNode(const SandboxContext *context, const SandboxSection *section, const PathMountNode *sandboxNode, uint32_t operation);