diff --git a/BUILD.gn b/BUILD.gn index bf012e291a49c8e4b168e23da9286e6d3f5f5e27..c1e2f72756af16922bea95d383e03b78734b9bb4 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2022 Huawei Device Co., Ltd. +# Copyright (c) 2021-2023 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -117,9 +117,15 @@ ohos_static_library("appspawn_server") { "//foundation/communication/netmanager_base/services/netmanagernative/netsys_client:netsys_client", ] external_deps = [ + "ability_base:extractortool", + "ability_base:want", + "bundle_framework:appexecfwk_core", "c_utils:utils", + "common_event_service:cesfwk_core", "hilog_native:libhilog", "init:libbegetutil", + "ipc:ipc_core", + "samgr:samgr_proxy", ] if (build_selinux) { external_deps += [ "selinux:libhap_restorecon" ] @@ -170,9 +176,15 @@ ohos_static_library("nwebspawn_server") { "//foundation/communication/netmanager_base/services/netmanagernative/netsys_client:netsys_client", ] external_deps = [ + "ability_base:extractortool", + "ability_base:want", + "bundle_framework:appexecfwk_core", "c_utils:utils", + "common_event_service:cesfwk_core", "hilog_native:libhilog", "init:libbegetutil", + "ipc:ipc_core", + "samgr:samgr_proxy", ] if (build_selinux) { external_deps += [ "selinux:libhap_restorecon" ] @@ -204,7 +216,11 @@ ohos_executable("nwebspawn") { ] configs = [ ":appspawn_config" ] deps = [ "${appspawn_path}:nwebspawn_server" ] - external_deps = [ "hilog_native:libhilog" ] + external_deps = [ + "ability_base:extractortool", + "bundle_framework:appexecfwk_core", + "hilog_native:libhilog", + ] if (build_selinux) { external_deps += [ "selinux:libhap_restorecon" ] } diff --git a/interfaces/innerkits/include/appspawn_msg.h b/interfaces/innerkits/include/appspawn_msg.h index 476c78750df4a8178e346e700b96a183728a0f28..ea78a4f9d544012aa19cb73078dd9c25ea98a774 100644 --- a/interfaces/innerkits/include/appspawn_msg.h +++ b/interfaces/innerkits/include/appspawn_msg.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Copyright (c) 2021-2023 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -67,6 +67,7 @@ typedef enum AppOperateType_ { #define APP_ASANENABLED 0x10 #define APP_ACCESS_BUNDLE_DIR 0x20 #define APP_NATIVEDEBUG 0X40 +#define APP_OVERLAY 0x80 #define BITLEN32 32 #define FDLEN2 2 diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index 4c53bcfcd61106b40ee9e31397be9055389123a3..e15a38e959b573420c37760a54a1b89db3d98f70 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Huawei Device Co., Ltd. +# Copyright (c) 2022-2023 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -118,6 +118,7 @@ ohos_unittest("AppSpawn_ut") { ] external_deps = [ + "ability_base:extractortool", "ability_base:want", "ability_runtime:app_manager", "ability_runtime:runtime", @@ -130,6 +131,7 @@ ohos_unittest("AppSpawn_ut") { "init:libbegetutil", "ipc:ipc_core", "napi:ace_napi", + "samgr:samgr_proxy", ] if (appspawn_report_event) { diff --git a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp index a208bb316c06e28b4d345fa9c336f7333a2f8834..5141797b5d1244b7d6f5b54128822bcdc7e31ea2 100644 --- a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp +++ b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Copyright (c) 2021-2023 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -1283,4 +1283,119 @@ HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_36, TestSize.Level0) m_appProperty->hspList = {}; GTEST_LOG_(INFO) << "App_Spawn_Sandbox_36 end"; } + +/** +* @tc.name: App_Spawn_Sandbox_37 +* @tc.desc: load overlay infos SetAppSandboxProperty by App com.ohos.dlpmanager. +* @tc.type: FUNC +* @tc.require:issueI6ORXY +* @tc.author: +*/ +HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_37, TestSize.Level0) +{ + GTEST_LOG_(INFO) << "App_Spawn_Sandbox_37 start"; + ClientSocket::AppProperty *m_appProperty = GetAppProperty(); + + m_appProperty->uid = 1000; // the UNIX uid that the child process setuid() to after fork() + m_appProperty->gid = 1000; // the UNIX gid that the child process setgid() to after fork() + m_appProperty->gidCount = 1; + m_appProperty->flags |= 0x80; + + if (strcpy_s(m_appProperty->processName, APP_LEN_PROC_NAME, "com.ohos.dlpmanager") != 0) { + GTEST_LOG_(INFO) << "SetAppSandboxProperty start 1" << std::endl; + } + + if (strcpy_s(m_appProperty->bundleName, APP_LEN_BUNDLE_NAME, "com.ohos.dlpmanager") != 0) { + GTEST_LOG_(INFO) << "SetAppSandboxProperty start 2" << std::endl; + } + + if (strcpy_s(m_appProperty->apl, APP_APL_MAX_LEN, "normal") != 0) { + GTEST_LOG_(INFO) << "SetAppSandboxProperty start 3" << std::endl; + } + + GTEST_LOG_(INFO) << "SetAppSandboxProperty section 2" << std::endl; + m_appProperty->accessTokenId = 671201800; // 671201800 is accessTokenId + m_appProperty->pid = 354; // query render process exited status by render process pid + + int32_t ret = OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(m_appProperty); + EXPECT_EQ(0, ret); + GTEST_LOG_(INFO) << "App_Spawn_Sandbox_37 end"; +} + +/** +* @tc.name: App_Spawn_Sandbox_38 +* @tc.desc: load overlay infos SetAppSandboxProperty by App com.ohos.dlpmanager. +* @tc.type: FUNC +* @tc.require:issueI6ORXY +* @tc.author: +*/ +HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_38, TestSize.Level0) +{ + GTEST_LOG_(INFO) << "App_Spawn_Sandbox_38 start"; + ClientSocket::AppProperty *m_appProperty = GetAppProperty(); + m_appProperty->uid = 1000; + m_appProperty->gid = 1000; + m_appProperty->gidCount = 1; + std::string sandBoxRootDir = "/mnt/sandbox/com.ohos.dlpmanager"; + + if (strcpy_s(m_appProperty->processName, APP_LEN_PROC_NAME, "com.ohos.dlpmanager") != 0) { + GTEST_LOG_(INFO) << "SetAppSandboxProperty start 1" << std::endl; + } + + if (strcpy_s(m_appProperty->bundleName, APP_LEN_BUNDLE_NAME, "com.ohos.dlpmanager") != 0) { + GTEST_LOG_(INFO) << "SetAppSandboxProperty start 2" << std::endl; + } + + if (strcpy_s(m_appProperty->apl, APP_APL_MAX_LEN, "normal") != 0) { + GTEST_LOG_(INFO) << "SetAppSandboxProperty start 3" << std::endl; + } + + GTEST_LOG_(INFO) << "SetAppSandboxProperty section 2" << std::endl; + m_appProperty->accessTokenId = 671201800; // 671201800 is accessTokenId + m_appProperty->pid = 354; // query render process exited status by render process pid + + int32_t ret = OHOS::AppSpawn::SandboxUtils::SetOverlayAppSandboxProperty(m_appProperty, sandBoxRootDir); + EXPECT_EQ(0, ret); + + GTEST_LOG_(INFO) << "App_Spawn_Sandbox_38 end"; +} + +/** +* @tc.name: App_Spawn_Sandbox_39 +* @tc.desc: load overlay infos SetAppSandboxProperty by App com.ohos.dlpmanager. +* @tc.type: FUNC +* @tc.require:issueI6ORXY +* @tc.author: +*/ +HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_39, TestSize.Level0) +{ + GTEST_LOG_(INFO) << "App_Spawn_Sandbox_39 start"; + ClientSocket::AppProperty *m_appProperty = GetAppProperty(); + m_appProperty->uid = 1000; + m_appProperty->gid = 1000; + m_appProperty->gidCount = 1; + m_appProperty->flags |= 0x80; + std::string sandBoxRootDir = "/mnt/sandbox/com.ohos.dlpmanager"; + + if (strcpy_s(m_appProperty->processName, APP_LEN_PROC_NAME, "com.ohos.dlpmanager") != 0) { + GTEST_LOG_(INFO) << "SetAppSandboxProperty start 1" << std::endl; + } + + if (strcpy_s(m_appProperty->bundleName, APP_LEN_BUNDLE_NAME, "com.ohos.dlpmanager") != 0) { + GTEST_LOG_(INFO) << "SetAppSandboxProperty start 2" << std::endl; + } + + if (strcpy_s(m_appProperty->apl, APP_APL_MAX_LEN, "normal") != 0) { + GTEST_LOG_(INFO) << "SetAppSandboxProperty start 3" << std::endl; + } + + GTEST_LOG_(INFO) << "SetAppSandboxProperty section 2" << std::endl; + m_appProperty->accessTokenId = 671201800; // 671201800 is accessTokenId + m_appProperty->pid = 354; // query render process exited status by render process pid + + int32_t ret = OHOS::AppSpawn::SandboxUtils::SetOverlayAppSandboxProperty(m_appProperty, sandBoxRootDir); + EXPECT_EQ(0, ret); + + GTEST_LOG_(INFO) << "App_Spawn_Sandbox_39 end"; +} } // namespace OHOS diff --git a/util/include/sandbox_utils.h b/util/include/sandbox_utils.h index 945bf61d8056389de4b83252860d4904246d6660..69836cc2312006e4bbbbc46cec000e8b488c2fe9 100644 --- a/util/include/sandbox_utils.h +++ b/util/include/sandbox_utils.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2022 Huawei Device Co., Ltd. + * Copyright (C) 2022-2023 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -75,6 +75,8 @@ private: nlohmann::json &config); static int32_t SetRenderSandboxProperty(const ClientSocket::AppProperty *appProperty, std::string &sandboxPackagePath); + static int32_t SetOverlayAppSandboxProperty(const ClientSocket::AppProperty *appProperty, + std::string &sandboxPackagePath); private: static nlohmann::json appNamespaceConfig_; diff --git a/util/src/sandbox_utils.cpp b/util/src/sandbox_utils.cpp index fd632702e46f7504f643339823c1baa83fd4f53a..feaec8bd6f3cdb4e1ee58b080b7a472ce49472fd 100644 --- a/util/src/sandbox_utils.cpp +++ b/util/src/sandbox_utils.cpp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2022 Huawei Device Co., Ltd. + * Copyright (C) 2022-2023 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -15,21 +15,27 @@ #include "sandbox_utils.h" +#include #include -#include - +#include +#include #include #include #include #include -#include +#include -#include "json_utils.h" -#include "securec.h" #include "appspawn_server.h" +#include "bundle_mgr_proxy.h" +#include "constants.h" #ifdef WITH_SELINUX #include "hap_restorecon.h" #endif +#include "iservice_registry.h" +#include "json_utils.h" +#include "refbase.h" +#include "securec.h" +#include "system_ability_definition.h" using namespace std; using namespace OHOS; @@ -48,22 +54,23 @@ namespace { constexpr static mode_t BASIC_MOUNT_FLAGS = MS_REC | MS_BIND; constexpr std::string_view APL_SYSTEM_CORE("system_core"); constexpr std::string_view APL_SYSTEM_BASIC("system_basic"); - const std::string g_packageItems[] = {{"cache"}, {"files"}, {"temp"}, {"preferences"}, {"haps"}}; - const std::string g_physicalAppInstallPath = "/data/app/el1/bundle/public/"; - const std::string g_sandboxHspInstallPath = "/data/storage/el1/bundle/"; - const std::string g_sandBoxAppInstallPath = "/data/accounts/account_0/applications/"; - const std::string g_dataBundles = "/data/bundles/"; - const std::string g_userId = ""; - const std::string g_packageName = ""; - const std::string g_packageNameIndex = ""; - const std::string g_sandBoxDir = "/mnt/sandbox/"; - const std::string g_statusCheck = "true"; - const std::string g_sbxSwitchCheck = "ON"; - const std::string g_dlpBundleName = "com.ohos.dlpmanager"; - const std::string g_internal = "__internal__"; - const std::string g_hspList_key_bundles = "bundles"; - const std::string g_hspList_key_modules = "modules"; - const std::string g_hspList_key_versions = "versions"; + const std::string PACKAGE_ITEMS[] = {{"cache"}, {"files"}, {"temp"}, {"preferences"}, {"haps"}}; + const std::string PHYSICAL_APP_INSTALL_PATH = "/data/app/el1/bundle/public/"; + const std::string SANDBOX_HSP_INSTALL_PATH = "/data/storage/el1/bundle/"; + const std::string SANDBOX_APP_INSTALL_PATH = "/data/accounts/account_0/applications/"; + const std::string DATA_BUNDLES = "/data/bundles/"; + const std::string USER_ID = ""; + const std::string PACKAGE_NAME = ""; + const std::string PACKAGE_NAME_INDEX = ""; + const std::string SANDBOX_DIR = "/mnt/sandbox/"; + const std::string STATUS_CHECK = "true"; + const std::string SBX_SWITCH_CHECK = "ON"; + const std::string DLP_BUNDLE_NAME = "com.ohos.dlpmanager"; + const std::string INTERNAL = "__internal__"; + const std::string HSP_LIST_KEY_BUNDLES = "bundles"; + const std::string HSP_LIST_KEY_MODULES = "modules"; + const std::string HSP_LIST_KEY_VERSIONS = "versions"; + const std::string OVERLAY_PATH = "/data/storage/ovl/"; const char *g_actionStatuc = "check-action-status"; const char *g_accountPrefix = "/account/data/"; const char *g_accountNonPrefix = "/non_account/data/"; @@ -93,10 +100,10 @@ namespace { const char *g_sandBoxNameSpace = "sandbox-namespace"; const char *g_sandBoxCloneFlags = "clone-flags"; #ifndef NWEB_SPAWN - const std::string g_sandBoxRootDir = "/mnt/sandbox/"; + const std::string SANDBOX_ROOT_DIR = "/mnt/sandbox/"; #else const std::string g_ohosRender = "__internal__.com.ohos.render"; - const std::string g_sandBoxRootDir = "/mnt/sandbox/com.ohos.render/"; + const std::string SANDBOX_ROOT_DIR = "/mnt/sandbox/com.ohos.render/"; #endif } @@ -211,12 +218,12 @@ int32_t SandboxUtils::DoAppSandboxMountOnce(const char *originPath, const char * return 0; } -static std::string& replace_all(std::string& str, const std::string& old_value, const std::string& new_value) +static std::string& ReplaceAll(std::string& str, const std::string& oldValue, const std::string& newValue) { while (true) { std::string::size_type pos(0); - if ((pos = str.find(old_value)) != std::string::npos) { - str.replace(pos, old_value.length(), new_value); + if ((pos = str.find(oldValue)) != std::string::npos) { + str.replace(pos, oldValue.length(), newValue); } else { break; } @@ -296,18 +303,18 @@ unsigned long SandboxUtils::GetMountFlagsFromConfig(const std::vectorbundleName; bundleNameIndex = bundleNameIndex + "_" + std::to_string(appProperty->bundleIndex); - path = replace_all(path, g_packageNameIndex, bundleNameIndex); + path = ReplaceAll(path, PACKAGE_NAME_INDEX, bundleNameIndex); } - if (path.find(g_packageName) != std::string::npos) { - path = replace_all(path, g_packageName, appProperty->bundleName); + if (path.find(PACKAGE_NAME) != std::string::npos) { + path = ReplaceAll(path, PACKAGE_NAME, appProperty->bundleName); } - if (path.find(g_userId) != std::string::npos) { - path = replace_all(path, g_userId, std::to_string(appProperty->uid / UID_BASE)); + if (path.find(USER_ID) != std::string::npos) { + path = ReplaceAll(path, USER_ID, std::to_string(appProperty->uid / UID_BASE)); } return path; @@ -320,7 +327,7 @@ std::string SandboxUtils::GetSbxPathByConfig(const ClientSocket::AppProperty *ap sandboxRoot = config[g_sandboxRootPrefix].get(); sandboxRoot = ConvertToRealPath(appProperty, sandboxRoot); } else { - sandboxRoot = g_sandBoxDir + appProperty->bundleName; + sandboxRoot = SANDBOX_DIR + appProperty->bundleName; APPSPAWN_LOGE("read sandbox-root config failed, set sandbox-root to default root" "app name is %{public}s", appProperty->bundleName); } @@ -332,7 +339,7 @@ bool SandboxUtils::GetSbxSwitchStatusByConfig(nlohmann::json &config) { if (config.find(g_sandBoxSwitchPrefix) != config.end()) { std::string switchStatus = config[g_sandBoxSwitchPrefix].get(); - if (switchStatus == g_sbxSwitchCheck) { + if (switchStatus == SBX_SWITCH_CHECK) { return true; } else { return false; @@ -351,9 +358,9 @@ static bool CheckMountConfig(nlohmann::json &mntPoint, const ClientSocket::AppPr APPSPAWN_CHECK(!istrue, return false, "read mount config failed, app name is %{public}s", appProperty->bundleName); if (mntPoint[g_appAplName] != nullptr) { - std::string app_apl_name = mntPoint[g_appAplName].get(); + std::string appAplName = mntPoint[g_appAplName].get(); const char *p_app_apl = nullptr; - p_app_apl = app_apl_name.c_str(); + p_app_apl = appAplName.c_str(); if (!strcmp(p_app_apl, appProperty->apl)) { return false; } @@ -364,7 +371,7 @@ static bool CheckMountConfig(nlohmann::json &mntPoint, const ClientSocket::AppPr if (checkFlag && (configSrcPath.find("/data/app") != std::string::npos && (configSrcPath.find("/base") != std::string::npos || configSrcPath.find("/database") != std::string::npos - ) && configSrcPath.find(g_packageName) != std::string::npos)) { + ) && configSrcPath.find(PACKAGE_NAME) != std::string::npos)) { return false; } @@ -410,7 +417,7 @@ static int32_t HandleSpecialAppMount(const ClientSocket::AppProperty *appPropert /* dlp application mount strategy */ /* dlp is an example, we should change to real bundle name later */ - if (bundleName.find(g_dlpBundleName) != std::string::npos) { + if (bundleName.find(DLP_BUNDLE_NAME) != std::string::npos) { if (fsType.empty()) { return -1; } else { @@ -461,7 +468,7 @@ void SandboxUtils::CheckAndPrepareSrcPath(const ClientSocket::AppProperty *appPr MakeDirRecursive(srcPath.c_str(), BASE_FOLDER_FILE_MODE); chown(srcPath.c_str(), appProperty->uid, appProperty->gid); - for (const std::string &packageItem : g_packageItems) { + for (const std::string &packageItem : PACKAGE_ITEMS) { const std::string newPath = srcPath + "/" + packageItem; MkdirAndChown(newPath, BASE_FOLDER_FILE_MODE, appProperty->uid, appProperty->gid); } @@ -542,9 +549,9 @@ int SandboxUtils::DoAllMntPointsMount(const ClientSocket::AppProperty *appProper } } if (ret) { - std::string actionStatus = g_statusCheck; + std::string actionStatus = STATUS_CHECK; (void)JsonUtils::GetStringFromJson(mntPoint, g_actionStatuc, actionStatus); - if (actionStatus == g_statusCheck) { + if (actionStatus == STATUS_CHECK) { APPSPAWN_LOGE("DoAppSandboxMountOnce failed, %{public}s", sandboxPath.c_str()); return ret; } @@ -582,9 +589,9 @@ int SandboxUtils::DoAllSymlinkPointslink(const ClientSocket::AppProperty *appPro if (ret && errno != EEXIST) { APPSPAWN_LOGE("errno is %{public}d, symlink failed, %{public}s", errno, linkName.c_str()); - std::string actionStatus = g_statusCheck; + std::string actionStatus = STATUS_CHECK; (void)JsonUtils::GetStringFromJson(symPoint, g_actionStatuc, actionStatus); - if (actionStatus == g_statusCheck) { + if (actionStatus == STATUS_CHECK) { return ret; } } @@ -800,8 +807,8 @@ int32_t SandboxUtils::SetCommonAppSandboxProperty(const ClientSocket::AppPropert strcmp(appProperty->apl, APL_SYSTEM_CORE.data()) == 0 || (appProperty->flags & APP_ACCESS_BUNDLE_DIR) != 0) { // need permission check for system app here - std::string destbundlesPath = sandboxPackagePath + g_dataBundles; - DoAppSandboxMountOnce(g_physicalAppInstallPath.c_str(), destbundlesPath.c_str(), "", BASIC_MOUNT_FLAGS, + std::string destbundlesPath = sandboxPackagePath + DATA_BUNDLES; + DoAppSandboxMountOnce(PHYSICAL_APP_INSTALL_PATH.c_str(), destbundlesPath.c_str(), "", BASIC_MOUNT_FLAGS, nullptr); } @@ -821,12 +828,12 @@ int32_t SandboxUtils::MountAllHsp(const ClientSocket::AppProperty *appProperty, } nlohmann::json hsps = nlohmann::json::parse(appProperty->hspList.data, nullptr, false); - APPSPAWN_CHECK(!hsps.is_discarded() && hsps.contains(g_hspList_key_bundles) && hsps.contains(g_hspList_key_modules) - && hsps.contains(g_hspList_key_versions), return -1, "MountAllHsp: json parse failed"); + APPSPAWN_CHECK(!hsps.is_discarded() && hsps.contains(HSP_LIST_KEY_BUNDLES) && hsps.contains(HSP_LIST_KEY_MODULES) + && hsps.contains(HSP_LIST_KEY_VERSIONS), return -1, "MountAllHsp: json parse failed"); - nlohmann::json& bundles = hsps[g_hspList_key_bundles]; - nlohmann::json& modules = hsps[g_hspList_key_modules]; - nlohmann::json& versions = hsps[g_hspList_key_versions]; + nlohmann::json& bundles = hsps[HSP_LIST_KEY_BUNDLES]; + nlohmann::json& modules = hsps[HSP_LIST_KEY_MODULES]; + nlohmann::json& versions = hsps[HSP_LIST_KEY_VERSIONS]; APPSPAWN_CHECK(bundles.is_array() && modules.is_array() && versions.is_array() && bundles.size() == modules.size() && bundles.size() == versions.size(), return -1, "MountAllHsp: value is not arrary or sizes are not same"); @@ -843,8 +850,9 @@ int32_t SandboxUtils::MountAllHsp(const ClientSocket::AppProperty *appProperty, APPSPAWN_CHECK(CheckPath(libBundleName) && CheckPath(libModuleName) && CheckPath(libVersion), return -1, "MountAllHsp: path error"); - std::string libPhysicalPath = g_physicalAppInstallPath + libBundleName + "/" + libVersion + "/" + libModuleName; - std::string mntPath = sandboxPackagePath + g_sandboxHspInstallPath + libBundleName + "/" + libModuleName; + std::string libPhysicalPath = PHYSICAL_APP_INSTALL_PATH + libBundleName + "/" + libVersion + "/" + + libModuleName; + std::string mntPath = sandboxPackagePath + SANDBOX_HSP_INSTALL_PATH + libBundleName + "/" + libModuleName; ret = DoAppSandboxMountOnce(libPhysicalPath.c_str(), mntPath.c_str(), "", BASIC_MOUNT_FLAGS, nullptr); APPSPAWN_CHECK(ret == 0, return ret, "mount library failed %{public}d", ret); } @@ -885,7 +893,7 @@ int32_t SandboxUtils::DoSandboxRootFolderCreate(const ClientSocket::AppProperty bool SandboxUtils::CheckBundleNameForPrivate(const std::string &bundleName) { - if (bundleName.find(g_internal) != std::string::npos) { + if (bundleName.find(INTERNAL) != std::string::npos) { return false; } return true; @@ -898,7 +906,7 @@ bool SandboxUtils::CheckTotalSandboxSwitchStatus(const ClientSocket::AppProperty nlohmann::json commonAppConfig = wholeConfig[g_commonPrefix][0]; if (commonAppConfig.find(g_topSandBoxSwitchPrefix) != commonAppConfig.end()) { std::string switchStatus = commonAppConfig[g_topSandBoxSwitchPrefix].get(); - if (switchStatus == g_sbxSwitchCheck) { + if (switchStatus == SBX_SWITCH_CHECK) { return true; } else { return false; @@ -936,12 +944,71 @@ static int CheckBundleName(const std::string &bundleName) return 0; } +static sptr GetOverlayManagerProxy() +{ + auto samgrProxy = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (samgrProxy == nullptr) { + APPSPAWN_LOGE("fail to get samgr."); + return nullptr; + } + sptr bundleObj = samgrProxy->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID); + if (bundleObj == nullptr) { + APPSPAWN_LOGE("fail to get bundle manager service."); + return nullptr; + } + sptr bms = iface_cast(bundleObj); + return bms->GetOverlayManagerProxy(); +} + +int32_t SandboxUtils::SetOverlayAppSandboxProperty(const ClientSocket::AppProperty *appProperty, + string &sandboxPackagePath) +{ + if ((appProperty->flags & APP_OVERLAY) != APP_OVERLAY) { + return 0; + } + sptr overlayManagerProxy = GetOverlayManagerProxy(); + if (overlayManagerProxy == nullptr) { + APPSPAWN_LOGE("fail to get overlay manager proxy."); + return -1; + } + + vector mountFlagVec = {"bind", "rec"}; + unsigned long mountFlags = GetMountFlagsFromConfig(mountFlagVec); + string sandboxOverlayPath = sandboxPackagePath + OVERLAY_PATH; + + vector overlayModuleInfo; + overlayManagerProxy->GetOverlayModuleInfoForTarget(appProperty->bundleName, "", overlayModuleInfo, + appProperty->uid / UID_BASE); + int32_t ret = 0; + set mountedSrcSet; + for (const AppExecFwk::OverlayModuleInfo& info : overlayModuleInfo) { + int32_t pathIndex = info.hapPath.find_last_of(AbilityBase::Constants::FILE_SEPARATOR); + std::string srcPath = info.hapPath.substr(0, pathIndex); + if (!mountedSrcSet.empty() && mountedSrcSet.find(srcPath) != mountedSrcSet.end()) { + APPSPAWN_LOGI("%{public}s have mounted before, no need to mount twice.", srcPath.c_str()); + continue; + } + + int32_t bundleNameIndex = srcPath.find_last_of(AbilityBase::Constants::FILE_SEPARATOR); + string destPath = sandboxOverlayPath + srcPath.substr(bundleNameIndex + 1, srcPath.length()); + int32_t retMount = DoAppSandboxMountOnce(srcPath.c_str(), destPath.c_str(), + nullptr, mountFlags, nullptr); + if (retMount != 0) { + APPSPAWN_LOGE("fail to mount overlay path, src is %s.", info.hapPath.c_str()); + ret = retMount; + } + + mountedSrcSet.emplace(srcPath); + } + return ret; +} + int32_t SandboxUtils::SetAppSandboxProperty(const ClientSocket::AppProperty *appProperty) { if (appProperty == nullptr || CheckBundleName(appProperty->bundleName) != 0) { return -1; } - std::string sandboxPackagePath = g_sandBoxRootDir; + std::string sandboxPackagePath = SANDBOX_ROOT_DIR; const std::string bundleName = appProperty->bundleName; sandboxPackagePath += bundleName; MakeDirRecursive(sandboxPackagePath.c_str(), FILE_MODE); @@ -980,6 +1047,10 @@ int32_t SandboxUtils::SetAppSandboxProperty(const ClientSocket::AppProperty *app sandboxPackagePath.c_str()); #endif + rc = SetOverlayAppSandboxProperty(appProperty, sandboxPackagePath); + APPSPAWN_CHECK(rc == 0, return rc, "SetOverlayAppSandboxProperty failed, packagename is %s", + bundleName.c_str()); + #ifndef APPSPAWN_TEST rc = chdir(sandboxPackagePath.c_str()); APPSPAWN_CHECK(rc == 0, return rc, "chdir failed, packagename is %{public}s, path is %{public}s",