From 73507982fbebe20c35e96f4af5e1104a1ae9e14b Mon Sep 17 00:00:00 2001
From: xionglei6 <xionglei6@huawei.com>
Date: Tue, 25 Jan 2022 16:59:56 +0800
Subject: [PATCH 1/3] =?UTF-8?q?add:=E6=94=AF=E6=8C=81=E5=9C=A8=E9=85=8D?=
 =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6=E4=B8=AD=E9=85=8D=E7=BD=AE=E6=9C=8D?=
 =?UTF-8?q?=E5=8A=A1=E8=BF=9B=E7=A8=8B=E7=9A=84=E7=BB=91=E6=A0=B8=E3=80=81?=
 =?UTF-8?q?=E4=BC=98=E5=85=88=E7=BA=A7=E3=80=81MAC=E4=BF=A1=E6=81=AF?=
 =?UTF-8?q?=E4=BB=A5=E5=8F=8AAccessToken=E4=BF=A1=E6=81=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: xionglei6 <xionglei6@huawei.com>
---
 BUILD.gn                                     | 10 +++++++++-
 interfaces/innerkits/include/client_socket.h |  3 +++
 src/appspawn_server.cpp                      | 11 +++++++++++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/BUILD.gn b/BUILD.gn
index d0e4d285..9f52f159 100755
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -39,7 +39,15 @@ config("appspawn_config") {
 ohos_executable("appspawn") {
   sources = [ "${appspawn_path}/src/main.cpp" ]
   configs = [ ":appspawn_config" ]
-  deps = [ "${appspawn_path}:appspawn_server" ]
+  include_dirs = [
+    "//base/security/access_token/interfaces/innerkits/token_setproc/include",
+    "//base/security/selinux/interfaces/policycoreutils/include",
+  ]
+  deps = [
+    "${appspawn_path}:appspawn_server",
+    "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc",
+    "//base/security/selinux:libload_policy",
+  ]
   external_deps = [ "hiviewdfx_hilog_native:libhilog" ]
 
   install_enable = true
diff --git a/interfaces/innerkits/include/client_socket.h b/interfaces/innerkits/include/client_socket.h
index 2706a7c3..7bcb0c7f 100644
--- a/interfaces/innerkits/include/client_socket.h
+++ b/interfaces/innerkits/include/client_socket.h
@@ -87,6 +87,7 @@ public:
     static constexpr int LEN_PROC_NAME = 256;           // process name length
     static constexpr int LEN_SO_PATH = 256;             // load so lib
     static constexpr int MAX_GIDS = 64;
+    static constexpr int APL_MAX_LEN = 32;
 
     struct AppProperty {
         uint32_t uid;                     // the UNIX uid that the child process setuid() to after fork()
@@ -95,6 +96,8 @@ public:
         uint32_t gidCount;                // the size of gidTable
         char processName[LEN_PROC_NAME];  // process name
         char soPath[LEN_SO_PATH];         // so lib path
+        uint32_t accessTokenId;
+        char apl[APL_MAX_LEN];
     };
 
 private:
diff --git a/src/appspawn_server.cpp b/src/appspawn_server.cpp
index 38ccf1e4..af3ede06 100644
--- a/src/appspawn_server.cpp
+++ b/src/appspawn_server.cpp
@@ -420,6 +420,17 @@ bool AppSpawnServer::SetAppProcProperty(int connectFd, const ClientSocket::AppPr
         return false;
     }
 
+    ret = SetSelfTokenID(appProperty->accessTokenId);
+    if (ret != 0) {
+        HiLog::Error(LABEL, "AppSpawnServer::Failed to set access token id, errno = %{public}d", errno);
+    }
+
+    HapContext hapContext;
+    ret = hapContext.HapDomainSetcontext(appProperty->apl, appProperty->processName);
+    if (ret != 0) {
+        HiLog::Error(LABEL, "AppSpawnServer::Failed to hap domain set context, errno = %{public}d", errno);
+    }
+
     ret = SetProcessName(longProcName, longProcNameLen, appProperty->processName, strlen(appProperty->processName) + 1);
     if (FAILED(ret)) {
         NotifyResToParentProc(fd[1], ret);
-- 
Gitee


From 527dcaa9721bbf9d43bb90c65027d866a57c4b51 Mon Sep 17 00:00:00 2001
From: xionglei6 <xionglei6@huawei.com>
Date: Tue, 25 Jan 2022 17:11:10 +0800
Subject: [PATCH 2/3] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: xionglei6 <xionglei6@huawei.com>
---
 src/appspawn_server.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/appspawn_server.cpp b/src/appspawn_server.cpp
index af3ede06..26c3e01d 100644
--- a/src/appspawn_server.cpp
+++ b/src/appspawn_server.cpp
@@ -27,6 +27,8 @@
 #include "hilog/log.h"
 #include "main_thread.h"
 #include "securec.h"
+#include "token_setproc.h"
+#include "hap_restorecon.h"
 
 #include <dirent.h>
 #include <dlfcn.h>
-- 
Gitee


From d3554917518ace4be0fc4b40461f266d9f71ec49 Mon Sep 17 00:00:00 2001
From: xionglei6 <xionglei6@huawei.com>
Date: Tue, 25 Jan 2022 17:32:45 +0800
Subject: [PATCH 3/3] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: xionglei6 <xionglei6@huawei.com>
---
 src/appspawn_server.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/appspawn_server.cpp b/src/appspawn_server.cpp
index 26c3e01d..687f67e0 100644
--- a/src/appspawn_server.cpp
+++ b/src/appspawn_server.cpp
@@ -29,6 +29,10 @@
 #include "securec.h"
 #include "token_setproc.h"
 #include "hap_restorecon.h"
+#include "bundle_mgr_interface.h"
+#include "if_system_ability_manager.h"
+#include "iservice_registry.h"
+#include "system_ability_definition.h"
 
 #include <dirent.h>
 #include <dlfcn.h>
-- 
Gitee