From b0c58fa2156c4d82f433421484616f26eca03c32 Mon Sep 17 00:00:00 2001 From: Mupceet Date: Wed, 18 May 2022 16:49:53 +0800 Subject: [PATCH 1/4] =?UTF-8?q?appspawn:=E7=BB=86=E5=88=86system=E7=9B=AE?= =?UTF-8?q?=E5=BD=95=EF=BC=8C=E6=96=B0=E5=BB=BAetc=E3=80=81build.gn=20?= =?UTF-8?q?=E9=85=8D=E7=BD=AEjson=E6=96=87=E4=BB=B6=E4=BD=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mupceet --- adapter/appspawn_sandbox.cpp | 4 + appdata-sandbox.json | 52 +++++++- appdata-sandbox64.json | 239 +++++++++++++++++++++++++++++++++++ bundle.json | 1 + etc/BUILD.gn | 34 +++++ util/include/sandbox_utils.h | 1 + util/src/sandbox_utils.cpp | 60 ++++++++- 7 files changed, 387 insertions(+), 4 deletions(-) create mode 100644 appdata-sandbox64.json create mode 100644 etc/BUILD.gn diff --git a/adapter/appspawn_sandbox.cpp b/adapter/appspawn_sandbox.cpp index 980ee2da..a82b89c1 100644 --- a/adapter/appspawn_sandbox.cpp +++ b/adapter/appspawn_sandbox.cpp @@ -43,7 +43,11 @@ bool g_isPrivAppSandboxCreated = false; bool g_isAppSandboxCreated = false; namespace { +#ifdef __aarch64__ + const std::string APP_JSON_CONFIG("/system/etc/sandbox/appdata-sandbox64.json"); +#else const std::string APP_JSON_CONFIG("/system/etc/sandbox/appdata-sandbox.json"); +#endif const std::string PRODUCT_JSON_CONFIG("/system/etc/sandbox/product-sandbox.json"); } diff --git a/appdata-sandbox.json b/appdata-sandbox.json index f27629e0..1dbb5dae 100644 --- a/appdata-sandbox.json +++ b/appdata-sandbox.json @@ -3,6 +3,19 @@ "top-sandbox-switch": "ON", "app-base" : [{ "sandbox-root" : "/mnt/sandbox/", + "mount-apl-paths": [{ + "src-path" : "/system/lib/media/", + "sandbox-path" : "/testapp/app", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true", + "apl-name": "normal" + }, { + "src-path" : "/system/lib/module/", + "sandbox-path" : "/testapp/private", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true", + "apl-name": "system_basic" + }], "mount-bind-paths" : [{ "src-path" : "/config", "sandbox-path" : "/config", @@ -29,8 +42,43 @@ "sandbox-flags" : [ "bind", "rec" ], "check-action-status": "false" }, { - "src-path" : "/system", - "sandbox-path" : "/system", + "src-path" : "/system/app", + "sandbox-path" : "/system/app", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/fonts", + "sandbox-path" : "/system/fonts", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib", + "sandbox-path" : "/system/lib", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/data", + "sandbox-path" : "/system/data", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/usr", + "sandbox-path" : "/system/usr", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/profile", + "sandbox-path" : "/system/profile", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/bin", + "sandbox-path" : "/system/bin", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/etc", + "sandbox-path" : "/system/etc", "sandbox-flags" : [ "bind", "rec" ], "check-action-status": "false" }, { diff --git a/appdata-sandbox64.json b/appdata-sandbox64.json new file mode 100644 index 00000000..a136693b --- /dev/null +++ b/appdata-sandbox64.json @@ -0,0 +1,239 @@ +{ + "common" : [{ + "top-sandbox-switch": "ON", + "app-base" : [{ + "sandbox-root" : "/mnt/sandbox/", + "mount-apl-paths": [{ + "src-path" : "/system/lib64/media/", + "sandbox-path" : "/testapp/app", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true", + "apl-name": "normal" + }, { + "src-path" : "/system/lib64/module/", + "sandbox-path" : "/testapp/private", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true", + "apl-name": "system_basic" + }], + "mount-bind-paths" : [{ + "src-path" : "/config", + "sandbox-path" : "/config", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/dev", + "sandbox-path" : "/dev", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/proc", + "sandbox-path" : "/proc", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/sys", + "sandbox-path" : "/sys", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/sys_prod", + "sandbox-path" : "/sys_prod", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/app", + "sandbox-path" : "/system/app", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/fonts", + "sandbox-path" : "/system/fonts", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib64", + "sandbox-path" : "/system/lib64", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/data", + "sandbox-path" : "/system/data", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/usr", + "sandbox-path" : "/system/usr", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/profile", + "sandbox-path" : "/system/profile", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/bin", + "sandbox-path" : "/system/bin", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/etc", + "sandbox-path" : "/system/etc", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/data/app/el1/bundle/public/", + "sandbox-path" : "/data/storage/el1/bundle", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + }, { + "src-path" : "/data/app/el2//base/", + "sandbox-path" : "/data/storage/el2/base", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + },{ + "src-path" : "/data/app/el1//database/", + "sandbox-path" : "/data/storage/el1/database", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + }, { + "src-path" : "/data/app/el2//database/", + "sandbox-path" : "/data/storage/el2/database", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + }, { + "src-path" : "/data/app/el1//base/", + "sandbox-path" : "/data/storage/el1/base", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + }, { + "src-path" : "/mnt/hmdfs/", + "sandbox-path" : "/mnt/hmdfs/", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/mnt/hmdfs//account/merge_view/data/", + "sandbox-path" : "/data/storage/el2/distributedfiles", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/mnt/hmdfs//non_account/merge_view/data/", + "sandbox-path" : "/data/storage/el2/auth_groups", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/data/app/el1/bundle/public/com.ohos.nweb", + "sandbox-path" : "/data/storage/el1/bundle/nweb", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/data/app/el1/bundle/public/ohos.global.systemres", + "sandbox-path" : "/data/storage/el1/bundle/ohos.global.systemres", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + } + ], + "symbol-links" : [{ + "target-name" : "/system/bin", + "link-name" : "/bin", + "check-action-status": "false" + }, { + "target-name" : "/system/lib64", + "link-name" : "/lib64", + "check-action-status": "false" + }, { + "target-name" : "/system/etc", + "link-name" : "/etc", + "check-action-status": "false" + }, { + "target-name" : "/system/bin/init", + "link-name" : "/init", + "check-action-status": "false" + }, { + "target-name" : "/sys/kernel/debug", + "link-name" : "/d", + "check-action-status": "false" + } + ] + }], + "app-resources" : [{ + "sandbox-root" : "/mnt/sandbox/", + "mount-bind-paths" : [{ + "src-path" : "/data/app/el1/bundle/public/com.ohos.nweb", + "sandbox-path" : "/data/storage/el1/bundle/nweb", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/data/app/el1/bundle/public/ohos.global.systemres", + "sandbox-path" : "/data/storage/el1/bundle/ohos.global.systemres", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + } + ], + "symbol-links" : [ + ] + }] + }], + "individual" : [{ + "com.ohos.medialibrary.MediaLibraryDataA" : [{ + "sandbox-switch": "ON", + "sandbox-root" : "/mnt/sandbox/", + "mount-bind-paths" : [{ + "src-path" : "/storage/media/", + "sandbox-path" : "/storage/media", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + } + ], + "symbol-links" : [] + }], + "com.ohos.medialibrary.MediaScannerAbilityA" : [{ + "sandbox-switch": "ON", + "sandbox-root" : "/mnt/sandbox/", + "mount-bind-paths" : [{ + "src-path" : "/storage/media/", + "sandbox-path" : "/storage/media", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + } + ], + "symbol-links" : [] + }], + "com.ohos.launcher" : [{ + "sandbox-switch": "ON", + "sandbox-root" : "/mnt/sandbox/", + "mount-bind-paths" : [{ + "src-path" : "/data/app/el1/bundle/public/", + "sandbox-path" : "/data/bundles/", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + } + ], + "symbol-links" : [] + }], + "com.ohos.permissionmanager" : [{ + "sandbox-switch": "ON", + "sandbox-root" : "/mnt/sandbox/", + "mount-bind-paths" : [{ + "src-path" : "/data/app/el1/bundle/public/", + "sandbox-path" : "/data/bundles/", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + } + ], + "symbol-links" : [] + }], + "ohos.samples.ecg" : [{ + "sandbox-switch": "OFF", + "sandbox-root" : "/mnt/sandbox/", + "mount-bind-paths" : [{ + "src-path" : "/data/app/el1/bundle/public/", + "sandbox-path" : "/data/bundles/", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + } + ], + "symbol-links" : [] + }] + }] +} \ No newline at end of file diff --git a/bundle.json b/bundle.json index 616ce543..8f5599c3 100644 --- a/bundle.json +++ b/bundle.json @@ -42,6 +42,7 @@ "//base/startup/appspawn_standard:appspawn.rc", "//base/startup/appspawn_standard:appspawn_server", "//base/startup/appspawn_standard:nweb", + "//base/startup/appspawn_standard/etc:etc_files", "//base/startup/appspawn_standard/interfaces/innerkits:appspawn_socket_client" ], "inner_kits": [ diff --git a/etc/BUILD.gn b/etc/BUILD.gn new file mode 100644 index 00000000..f4fefe9a --- /dev/null +++ b/etc/BUILD.gn @@ -0,0 +1,34 @@ +# Copyright (c) 2020-2021 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//base/startup/appspawn_standard/appspawn.gni") +import("//build/ohos.gni") + +ohos_prebuilt_etc("appdata-sandbox.json") { + if (target_cpu == "arm64") { + source = "//base/startup/appspawn_standard/appdata-sandbox64.json" + } else { + source = "//base/startup/appspawn_standard/appdata-sandbox.json" + } + + relative_install_dir = "init" + subsystem_name = "${subsystem_name}" + part_name = "${part_name}" + module_install_dir = "etc/sandbox" +} + +group("etc_files") { + deps = [ + ":appdata-sandbox.json", + ] +} \ No newline at end of file diff --git a/util/include/sandbox_utils.h b/util/include/sandbox_utils.h index 44d58f0c..88e28a78 100644 --- a/util/include/sandbox_utils.h +++ b/util/include/sandbox_utils.h @@ -49,6 +49,7 @@ private: static int32_t DoSandboxRootFolderCreate(const ClientSocket::AppProperty *appProperty, std::string &sandboxPackagePath); static void DoSandboxChmod(nlohmann::json jsonConfig, std::string &sandboxRoot); + static int DoAllMntAplMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig); static int DoAllMntPointsMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig); static int DoAllSymlinkPointslink(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig); static std::string ConvertToRealPath(const ClientSocket::AppProperty *appProperty, std::string sandboxRoot); diff --git a/util/src/sandbox_utils.cpp b/util/src/sandbox_utils.cpp index ad1ad18b..4c47b586 100644 --- a/util/src/sandbox_utils.cpp +++ b/util/src/sandbox_utils.cpp @@ -66,6 +66,8 @@ namespace { const char *WARGNAR_DEVICE_PATH = "/3rdmodem"; const char *APP_BASE = "app-base"; const char *APP_RESOURCES = "app-resources"; + const char *KIND_NAME = "apl-name"; + const char *MOUNT_APL_PREFIX = "mount-apl-paths"; } @@ -253,6 +255,59 @@ bool SandboxUtils::GetSbxSwitchStatusByConfig(nlohmann::json &config) return true; } +int SandboxUtils::DoAllMntAplMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig) +{ + if (appConfig.find(MOUNT_APL_PREFIX) == appConfig.end()) { + HiLog::Debug(LABEL, "mount config is not found, maybe reuslt sandbox launch failed" + "app name is %{public}s", appProperty->bundleName); + return 0; + } + + nlohmann::json mountPoints = appConfig[MOUNT_APL_PREFIX]; + std::string sandboxRoot = GetSbxPathByConfig(appProperty, appConfig); + int mountPointSize = mountPoints.size(); + + for (int i = 0; i < mountPointSize; i++) { + nlohmann::json mntPoint = mountPoints[i]; + std::string APP_KIND = mntPoint[KIND_NAME]; + const char * p_app_kind = APP_KIND.c_str(); + + // if not defined + if (!strcmp(p_app_kind, appProperty->apl)) { + if (strcmp(p_app_kind, "normal") || strcmp(p_app_kind, "system_basic")) { + continue; + } + } + + // Check the validity of the mount configuration + if (mntPoint.find(SRC_PATH) == mntPoint.end() || mntPoint.find(SANDBOX_PATH) == mntPoint.end() + || mntPoint.find(SANDBOX_FLAGS) == mntPoint.end()) { + HiLog::Error(LABEL, "read mount config failed, app name is %{public}s", appProperty->bundleName); + continue; + } + + std::string srcPath = ConvertToRealPath(appProperty, mntPoint[SRC_PATH].get()); + std::string sandboxPath = sandboxRoot + ConvertToRealPath(appProperty, + mntPoint[SANDBOX_PATH].get()); + unsigned long mountFlags = GetMountFlagsFromConfig(mntPoint[SANDBOX_FLAGS].get>()); + + int ret = DoAppSandboxMountOnce(srcPath.c_str(), sandboxPath.c_str(), mountFlags); + if (ret) { + HiLog::Error(LABEL, "DoAppSandboxMountOnce failed, %{public}s", sandboxPath.c_str()); + + std::string actionStatus = STATUS_CHECK; + (void)JsonUtils::GetStringFromJson(mntPoint, ACTION_STATUS, actionStatus); + if (actionStatus == STATUS_CHECK) { + return ret; + } + } + + DoSandboxChmod(mntPoint, sandboxRoot); + } + + return 0; +} + int SandboxUtils::DoAllMntPointsMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig) { if (appConfig.find(MOUNT_PREFIX) == appConfig.end()) { @@ -365,10 +420,11 @@ int32_t SandboxUtils::DoSandboxFileCommonBind(const ClientSocket::AppProperty *a { nlohmann::json commonConfig = wholeConfig[COMMON_PREFIX][0]; int ret = 0; - + int test = 0; if (commonConfig.find(APP_BASE) != commonConfig.end()) { ret = DoAllMntPointsMount(appProperty, commonConfig[APP_BASE][0]); - if (ret) { + test = DoAllMntAplMount(appProperty, commonConfig[APP_BASE][0]); + if (ret && test) { return ret; } } -- Gitee From c8932fda77e7ec24d36a20d8e3297f15bf2b1e8f Mon Sep 17 00:00:00 2001 From: Mupceet Date: Wed, 18 May 2022 16:57:29 +0800 Subject: [PATCH 2/4] =?UTF-8?q?appspawn:=E7=BB=86=E5=88=86system=E7=9B=AE?= =?UTF-8?q?=E5=BD=95=EF=BC=8C=E6=96=B0=E5=BB=BAetc=E3=80=81build.gn=20?= =?UTF-8?q?=E9=85=8D=E7=BD=AEjson=E6=96=87=E4=BB=B6=E4=BD=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mupceet --- appdata-sandbox.json | 13 ------------- appdata-sandbox64.json | 13 ------------- util/src/sandbox_utils.cpp | 3 +-- 3 files changed, 1 insertion(+), 28 deletions(-) diff --git a/appdata-sandbox.json b/appdata-sandbox.json index 1dbb5dae..0e24f8b9 100644 --- a/appdata-sandbox.json +++ b/appdata-sandbox.json @@ -3,19 +3,6 @@ "top-sandbox-switch": "ON", "app-base" : [{ "sandbox-root" : "/mnt/sandbox/", - "mount-apl-paths": [{ - "src-path" : "/system/lib/media/", - "sandbox-path" : "/testapp/app", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "true", - "apl-name": "normal" - }, { - "src-path" : "/system/lib/module/", - "sandbox-path" : "/testapp/private", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "true", - "apl-name": "system_basic" - }], "mount-bind-paths" : [{ "src-path" : "/config", "sandbox-path" : "/config", diff --git a/appdata-sandbox64.json b/appdata-sandbox64.json index a136693b..bbb79189 100644 --- a/appdata-sandbox64.json +++ b/appdata-sandbox64.json @@ -3,19 +3,6 @@ "top-sandbox-switch": "ON", "app-base" : [{ "sandbox-root" : "/mnt/sandbox/", - "mount-apl-paths": [{ - "src-path" : "/system/lib64/media/", - "sandbox-path" : "/testapp/app", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "true", - "apl-name": "normal" - }, { - "src-path" : "/system/lib64/module/", - "sandbox-path" : "/testapp/private", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "true", - "apl-name": "system_basic" - }], "mount-bind-paths" : [{ "src-path" : "/config", "sandbox-path" : "/config", diff --git a/util/src/sandbox_utils.cpp b/util/src/sandbox_utils.cpp index 4c47b586..24be18a4 100644 --- a/util/src/sandbox_utils.cpp +++ b/util/src/sandbox_utils.cpp @@ -70,7 +70,6 @@ namespace { const char *MOUNT_APL_PREFIX = "mount-apl-paths"; } - nlohmann::json SandboxUtils::appSandboxConfig_; nlohmann::json SandboxUtils::productSandboxConfig_; @@ -424,7 +423,7 @@ int32_t SandboxUtils::DoSandboxFileCommonBind(const ClientSocket::AppProperty *a if (commonConfig.find(APP_BASE) != commonConfig.end()) { ret = DoAllMntPointsMount(appProperty, commonConfig[APP_BASE][0]); test = DoAllMntAplMount(appProperty, commonConfig[APP_BASE][0]); - if (ret && test) { + if (ret) { return ret; } } -- Gitee From 1d381916b951b253049c553fda94030015a3ce79 Mon Sep 17 00:00:00 2001 From: Mupceet Date: Wed, 18 May 2022 17:26:06 +0800 Subject: [PATCH 3/4] appspawn:fix code check Signed-off-by: Mupceet --- util/src/sandbox_utils.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/util/src/sandbox_utils.cpp b/util/src/sandbox_utils.cpp index 24be18a4..f6dcfe9f 100644 --- a/util/src/sandbox_utils.cpp +++ b/util/src/sandbox_utils.cpp @@ -269,7 +269,8 @@ int SandboxUtils::DoAllMntAplMount(const ClientSocket::AppProperty *appProperty, for (int i = 0; i < mountPointSize; i++) { nlohmann::json mntPoint = mountPoints[i]; std::string APP_KIND = mntPoint[KIND_NAME]; - const char * p_app_kind = APP_KIND.c_str(); + const char * p_app_kind = nullptr; + p_app_kind = APP_KIND.c_str(); // if not defined if (!strcmp(p_app_kind, appProperty->apl)) { -- Gitee From d857943de798b885aecfd7435f55a0ec3cde8932 Mon Sep 17 00:00:00 2001 From: Mupceet Date: Wed, 18 May 2022 20:01:04 +0800 Subject: [PATCH 4/4] appspawn: optimize mount by app-apl-name Signed-off-by: Mupceet --- appdata-sandbox64.json | 5 +++ etc/BUILD.gn | 1 - util/include/sandbox_utils.h | 1 - util/src/sandbox_utils.cpp | 69 ++++++------------------------------ 4 files changed, 16 insertions(+), 60 deletions(-) diff --git a/appdata-sandbox64.json b/appdata-sandbox64.json index bbb79189..aaa5cd16 100644 --- a/appdata-sandbox64.json +++ b/appdata-sandbox64.json @@ -38,6 +38,11 @@ "sandbox-path" : "/system/fonts", "sandbox-flags" : [ "bind", "rec" ], "check-action-status": "false" + }, { + "src-path" : "/system/lib", + "sandbox-path" : "/lib", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" }, { "src-path" : "/system/lib64", "sandbox-path" : "/system/lib64", diff --git a/etc/BUILD.gn b/etc/BUILD.gn index f4fefe9a..b13ce794 100644 --- a/etc/BUILD.gn +++ b/etc/BUILD.gn @@ -21,7 +21,6 @@ ohos_prebuilt_etc("appdata-sandbox.json") { source = "//base/startup/appspawn_standard/appdata-sandbox.json" } - relative_install_dir = "init" subsystem_name = "${subsystem_name}" part_name = "${part_name}" module_install_dir = "etc/sandbox" diff --git a/util/include/sandbox_utils.h b/util/include/sandbox_utils.h index 88e28a78..44d58f0c 100644 --- a/util/include/sandbox_utils.h +++ b/util/include/sandbox_utils.h @@ -49,7 +49,6 @@ private: static int32_t DoSandboxRootFolderCreate(const ClientSocket::AppProperty *appProperty, std::string &sandboxPackagePath); static void DoSandboxChmod(nlohmann::json jsonConfig, std::string &sandboxRoot); - static int DoAllMntAplMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig); static int DoAllMntPointsMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig); static int DoAllSymlinkPointslink(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig); static std::string ConvertToRealPath(const ClientSocket::AppProperty *appProperty, std::string sandboxRoot); diff --git a/util/src/sandbox_utils.cpp b/util/src/sandbox_utils.cpp index f6dcfe9f..3db172c7 100644 --- a/util/src/sandbox_utils.cpp +++ b/util/src/sandbox_utils.cpp @@ -66,8 +66,7 @@ namespace { const char *WARGNAR_DEVICE_PATH = "/3rdmodem"; const char *APP_BASE = "app-base"; const char *APP_RESOURCES = "app-resources"; - const char *KIND_NAME = "apl-name"; - const char *MOUNT_APL_PREFIX = "mount-apl-paths"; + const char *APP_APL_NAME = "app-apl-name"; } nlohmann::json SandboxUtils::appSandboxConfig_; @@ -254,60 +253,6 @@ bool SandboxUtils::GetSbxSwitchStatusByConfig(nlohmann::json &config) return true; } -int SandboxUtils::DoAllMntAplMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig) -{ - if (appConfig.find(MOUNT_APL_PREFIX) == appConfig.end()) { - HiLog::Debug(LABEL, "mount config is not found, maybe reuslt sandbox launch failed" - "app name is %{public}s", appProperty->bundleName); - return 0; - } - - nlohmann::json mountPoints = appConfig[MOUNT_APL_PREFIX]; - std::string sandboxRoot = GetSbxPathByConfig(appProperty, appConfig); - int mountPointSize = mountPoints.size(); - - for (int i = 0; i < mountPointSize; i++) { - nlohmann::json mntPoint = mountPoints[i]; - std::string APP_KIND = mntPoint[KIND_NAME]; - const char * p_app_kind = nullptr; - p_app_kind = APP_KIND.c_str(); - - // if not defined - if (!strcmp(p_app_kind, appProperty->apl)) { - if (strcmp(p_app_kind, "normal") || strcmp(p_app_kind, "system_basic")) { - continue; - } - } - - // Check the validity of the mount configuration - if (mntPoint.find(SRC_PATH) == mntPoint.end() || mntPoint.find(SANDBOX_PATH) == mntPoint.end() - || mntPoint.find(SANDBOX_FLAGS) == mntPoint.end()) { - HiLog::Error(LABEL, "read mount config failed, app name is %{public}s", appProperty->bundleName); - continue; - } - - std::string srcPath = ConvertToRealPath(appProperty, mntPoint[SRC_PATH].get()); - std::string sandboxPath = sandboxRoot + ConvertToRealPath(appProperty, - mntPoint[SANDBOX_PATH].get()); - unsigned long mountFlags = GetMountFlagsFromConfig(mntPoint[SANDBOX_FLAGS].get>()); - - int ret = DoAppSandboxMountOnce(srcPath.c_str(), sandboxPath.c_str(), mountFlags); - if (ret) { - HiLog::Error(LABEL, "DoAppSandboxMountOnce failed, %{public}s", sandboxPath.c_str()); - - std::string actionStatus = STATUS_CHECK; - (void)JsonUtils::GetStringFromJson(mntPoint, ACTION_STATUS, actionStatus); - if (actionStatus == STATUS_CHECK) { - return ret; - } - } - - DoSandboxChmod(mntPoint, sandboxRoot); - } - - return 0; -} - int SandboxUtils::DoAllMntPointsMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig) { if (appConfig.find(MOUNT_PREFIX) == appConfig.end()) { @@ -330,6 +275,15 @@ int SandboxUtils::DoAllMntPointsMount(const ClientSocket::AppProperty *appProper continue; } + if (mntPoint[APP_APL_NAME] != nullptr) { + std::string app_apl_name = mntPoint[APP_APL_NAME]; + const char * p_app_apl = nullptr; + p_app_apl = app_apl_name.c_str(); + if (!strcmp(p_app_apl, appProperty->apl)) { + continue; + } + } + std::string srcPath = ConvertToRealPath(appProperty, mntPoint[SRC_PATH].get()); std::string sandboxPath = sandboxRoot + ConvertToRealPath(appProperty, mntPoint[SANDBOX_PATH].get()); @@ -420,10 +374,9 @@ int32_t SandboxUtils::DoSandboxFileCommonBind(const ClientSocket::AppProperty *a { nlohmann::json commonConfig = wholeConfig[COMMON_PREFIX][0]; int ret = 0; - int test = 0; + if (commonConfig.find(APP_BASE) != commonConfig.end()) { ret = DoAllMntPointsMount(appProperty, commonConfig[APP_BASE][0]); - test = DoAllMntAplMount(appProperty, commonConfig[APP_BASE][0]); if (ret) { return ret; } -- Gitee