From fb719e736c3739de130260c08091ea781adbfcaf Mon Sep 17 00:00:00 2001
From: lnlan <lanleinan@163.com>
Date: Tue, 2 Aug 2022 22:38:46 +0800
Subject: [PATCH 1/2] =?UTF-8?q?Revert=20"!354=20=E4=BD=BF=E8=83=BDwebview?=
 =?UTF-8?q?=E6=B8=B2=E6=9F=93=E8=BF=9B=E7=A8=8Bseccomp-BPF=E6=B2=99?=
 =?UTF-8?q?=E7=AE=B1"?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: lnlan <lanleinan4@huawei.com>

This reverts commit 192e59145a386a1b0fb96acb522614274b2985d3, reversing
changes made to 7774a397cb587c661177fd385124b92fc2d90990.
---
 adapter/appspawn_adapter.cpp | 16 ----------------
 adapter/appspawn_adapter.h   |  4 +---
 common/appspawn_server.c     |  6 ------
 common/appspawn_server.h     |  1 -
 standard/appspawn_process.c  |  1 -
 5 files changed, 1 insertion(+), 27 deletions(-)

diff --git a/adapter/appspawn_adapter.cpp b/adapter/appspawn_adapter.cpp
index f2817e76..c08762ab 100644
--- a/adapter/appspawn_adapter.cpp
+++ b/adapter/appspawn_adapter.cpp
@@ -61,19 +61,3 @@ void SetUidGidFilter(struct AppSpawnContent_ *content)
     }
 #endif
 }
-
-int SetSeccompFilter(struct AppSpawnContent_ *content, AppSpawnClient *client)
-{
-#ifdef WITH_SECCOMP
-#ifdef NWEB_SPAWN
-    if (!SetSeccompPolicy(NWEBSPAWN)) {
-        APPSPAWN_LOGE("NwebspawnServer::Failed to set NWEBSPAWN seccomp filter");
-        return -1;
-    } else {
-        APPSPAWN_LOGE("NwebspawnServer::Success to set NWEBSPAWN seccomp filter");
-        return 0;
-    }
-#endif
-#endif
-    return 0;
-}
diff --git a/adapter/appspawn_adapter.h b/adapter/appspawn_adapter.h
index 512acc40..8091e75d 100644
--- a/adapter/appspawn_adapter.h
+++ b/adapter/appspawn_adapter.h
@@ -33,9 +33,7 @@ int GetRenderProcessTerminationStatus(int32_t pid, int *status);
 void RecordRenderProcessExitedStatus(pid_t pid, int status);
 void LoadAppSandboxConfig(void);
 void SetUidGidFilter(struct AppSpawnContent_ *content);
-int SetSeccompFilter(struct AppSpawnContent_ *content, AppSpawnClient *client);
-
 #ifdef __cplusplus
 }
 #endif
-#endif
+#endif
\ No newline at end of file
diff --git a/common/appspawn_server.c b/common/appspawn_server.c
index 4a2bed6e..884b7a75 100644
--- a/common/appspawn_server.c
+++ b/common/appspawn_server.c
@@ -93,12 +93,6 @@ int DoStartApp(struct AppSpawnContent_ *content, AppSpawnClient *client, char *l
             return ret, "Failed to set setProcessName");
     }
 
-    if (content->setSeccompFilter) {
-        ret = content->setSeccompFilter(content, client);
-        APPSPAWN_CHECK(ret == 0, NotifyResToParent(content, client, ret);
-            return ret, "Failed to set setSeccompFilter");
-    }
-
     if (content->setUidGid) {
         ret = content->setUidGid(content, client);
         APPSPAWN_CHECK(ret == 0, NotifyResToParent(content, client, ret);
diff --git a/common/appspawn_server.h b/common/appspawn_server.h
index 0b961fc6..7ed0c09e 100644
--- a/common/appspawn_server.h
+++ b/common/appspawn_server.h
@@ -81,7 +81,6 @@ typedef struct AppSpawnContent_ {
 #ifdef ASAN_DETECTOR
     int (*getWrapBundleNameValue)(struct AppSpawnContent_ *content, AppSpawnClient *client);
 #endif
-    int (*setSeccompFilter)(struct AppSpawnContent_ *content, AppSpawnClient *client);
 } AppSpawnContent;
 
 AppSpawnContent *AppSpawnCreateContent(const char *socketName, char *longProcName, uint32_t longProcNameLen, int cold);
diff --git a/standard/appspawn_process.c b/standard/appspawn_process.c
index fce7f754..26a26ff0 100644
--- a/standard/appspawn_process.c
+++ b/standard/appspawn_process.c
@@ -391,5 +391,4 @@ void SetContentFunction(AppSpawnContent *content)
 #ifdef ASAN_DETECTOR
     content->getWrapBundleNameValue = GetWrapBundleNameValue;
 #endif
-    content->setSeccompFilter = SetSeccompFilter;
 }
-- 
Gitee


From d1d482c7d69dbf3d9f3b0db3581e0dc9a6da68a9 Mon Sep 17 00:00:00 2001
From: lnlan <lanleinan@163.com>
Date: Tue, 2 Aug 2022 22:39:23 +0800
Subject: [PATCH 2/2] =?UTF-8?q?Revert=20"!343=20=E4=BD=BF=E8=83=BD?=
 =?UTF-8?q?=E7=B3=BB=E7=BB=9F=E8=BF=9B=E7=A8=8Bseccomp-bpf=E7=AD=96?=
 =?UTF-8?q?=E7=95=A5"?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: lnlan <lanleinan4@huawei.com>

This reverts commit 5aca4775f50cf52e6c1e9ab5a8e1317afcc54d07, reversing
changes made to d66a115ba828dc9bb459b0b04db7307046308711.

Change-Id: If13306c3af8604d57b6df3a4ecbfe6913a51ae25
---
 BUILD.gn                     | 14 +-------------
 adapter/appspawn_adapter.cpp | 15 ---------------
 adapter/appspawn_adapter.h   |  1 -
 common/appspawn_server.h     |  1 -
 standard/appspawn_service.c  |  5 -----
 standard/main.c              |  1 -
 6 files changed, 1 insertion(+), 36 deletions(-)

diff --git a/BUILD.gn b/BUILD.gn
index f2a83aa8..0ff7f5c1 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -99,14 +99,8 @@ ohos_static_library("appspawn_server") {
     external_deps += [ "selinux:libhap_restorecon" ]
   }
 
-  cflags = []
-  if (build_seccomp) {
-    cflags += [ "-DWITH_SECCOMP" ]
-    external_deps += [ "init:seccomp" ]
-  }
-
   if (appspawn_report_event) {
-    cflags += [ "-DREPORT_EVENT" ]
+    cflags = [ "-DREPORT_EVENT" ]
     deps += [ "adapter/sysevent:event_reporter" ]
   }
 
@@ -151,12 +145,6 @@ ohos_static_library("nwebspawn_server") {
     external_deps += [ "selinux:libhap_restorecon" ]
   }
 
-  cflags = []
-  if (build_seccomp) {
-    cflags += [ "-DWITH_SECCOMP" ]
-    external_deps += [ "init:seccomp" ]
-  }
-
   subsystem_name = "${subsystem_name}"
   part_name = "${part_name}"
 }
diff --git a/adapter/appspawn_adapter.cpp b/adapter/appspawn_adapter.cpp
index c08762ab..40aaa914 100644
--- a/adapter/appspawn_adapter.cpp
+++ b/adapter/appspawn_adapter.cpp
@@ -22,10 +22,6 @@
 #include "hap_restorecon.h"
 #endif
 #include "token_setproc.h"
-#ifdef WITH_SECCOMP
-#include "seccomp_policy.h"
-#endif
-
 
 void SetAppAccessToken(struct AppSpawnContent_ *content, AppSpawnClient *client)
 {
@@ -50,14 +46,3 @@ void SetSelinuxCon(struct AppSpawnContent_ *content, AppSpawnClient *client)
     }
 #endif
 }
-
-void SetUidGidFilter(struct AppSpawnContent_ *content)
-{
-#ifdef WITH_SECCOMP
-    if (!SetSeccompPolicy(APPSPAWN)) {
-        APPSPAWN_LOGE("AppSpawnServer::Failed to set APPSPAWN seccomp filter");
-    } else {
-        APPSPAWN_LOGI("AppSpawnServer::Success to set APPSPAWN seccomp filter");
-    }
-#endif
-}
diff --git a/adapter/appspawn_adapter.h b/adapter/appspawn_adapter.h
index 8091e75d..88dcba3b 100644
--- a/adapter/appspawn_adapter.h
+++ b/adapter/appspawn_adapter.h
@@ -32,7 +32,6 @@ void RunChildProcessor(AppSpawnContent *content, AppSpawnClient *client);
 int GetRenderProcessTerminationStatus(int32_t pid, int *status);
 void RecordRenderProcessExitedStatus(pid_t pid, int status);
 void LoadAppSandboxConfig(void);
-void SetUidGidFilter(struct AppSpawnContent_ *content);
 #ifdef __cplusplus
 }
 #endif
diff --git a/common/appspawn_server.h b/common/appspawn_server.h
index 7ed0c09e..76cd12f1 100644
--- a/common/appspawn_server.h
+++ b/common/appspawn_server.h
@@ -60,7 +60,6 @@ typedef struct AppSpawnContent_ {
     void (*loadExtendLib)(struct AppSpawnContent_ *content);
     void (*initAppSpawn)(struct AppSpawnContent_ *content);
     void (*runAppSpawn)(struct AppSpawnContent_ *content, int argc, char *const argv[]);
-    void (*setUidGidFilter)(struct AppSpawnContent_ *content);
 
     // for child
     void (*clearEnvironment)(struct AppSpawnContent_ *content, AppSpawnClient *client);
diff --git a/standard/appspawn_service.c b/standard/appspawn_service.c
index ac9d8669..5197a80e 100644
--- a/standard/appspawn_service.c
+++ b/standard/appspawn_service.c
@@ -462,11 +462,6 @@ static void AppSpawnInit(AppSpawnContent *content)
     // set private function
     SetContentFunction(content);
 
-    // set uid gid filetr
-    if (content->setUidGidFilter) {
-        content->setUidGidFilter(content);
-    }
-
     // load app sandbox config
     LoadAppSandboxConfig();
 }
diff --git a/standard/main.c b/standard/main.c
index 8ee4c742..e677bb0c 100644
--- a/standard/main.c
+++ b/standard/main.c
@@ -52,7 +52,6 @@ int main(int argc, char *const argv[])
     // set common operation
     content->loadExtendLib = LoadExtendLib;
     content->runChildProcessor = RunChildProcessor;
-    content->setUidGidFilter = SetUidGidFilter;
     content->initAppSpawn(content);
     content->runAppSpawn(content, argc, argv);
 
-- 
Gitee