From 5097a8c45fe18e285d534da30112b64d3717622b Mon Sep 17 00:00:00 2001 From: Mupceet Date: Thu, 28 Apr 2022 21:36:03 +0800 Subject: [PATCH 1/4] =?UTF-8?q?fix:=E5=9B=9E=E9=80=80sandbox?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mupceet --- adapter/appspawn_sandbox.cpp | 22 ++-------------------- standard/appspawn_process.c | 2 ++ 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/adapter/appspawn_sandbox.cpp b/adapter/appspawn_sandbox.cpp index 51dcee01..a8f08cd1 100644 --- a/adapter/appspawn_sandbox.cpp +++ b/adapter/appspawn_sandbox.cpp @@ -330,31 +330,13 @@ static int32_t DoSandboxRootFolderCreate(const std::string &sandboxPackagePath) return 0; } -static void MatchSandbox(AppSpawnClientExt *appProperty) -{ - if (appProperty == nullptr) { - return; - } - if (strcmp("system_basic", appProperty->property.apl) == 0) { - EnterSandbox("priv-app"); - } else if (strcmp("normal", appProperty->property.apl) == 0) { - EnterSandbox("app"); - } else if (strcmp("system_core ", appProperty->property.apl) == 0) { - EnterSandbox("app"); - } else { - APPSPAWN_LOGE("AppSpawnServer::Failed to match appspawn sandbox %s", appProperty->property.apl); - EnterSandbox("app"); - } -} - int32_t SetAppSandboxProperty(struct AppSpawnContent_ *content, AppSpawnClient *client) { int rc = 0; APPSPAWN_CHECK(client != NULL, return -1, "Invalid appspwn client"); AppSpawnClientExt *appProperty = (AppSpawnClientExt *)client; - MatchSandbox(appProperty); - // create /mnt/sandbox/ path�?later put it to rootfs module - std::string sandboxPackagePath = "/"; + // create /mnt/sandbox/ path later put it to rootfs module + std::string sandboxPackagePath = "/mnt/sandbox/"; sandboxPackagePath += appProperty->property.bundleName; mkdir(sandboxPackagePath.c_str(), FILE_MODE); diff --git a/standard/appspawn_process.c b/standard/appspawn_process.c index d0f00c70..b7399f23 100644 --- a/standard/appspawn_process.c +++ b/standard/appspawn_process.c @@ -381,5 +381,7 @@ void SetContentFunction(AppSpawnContent *content) content->setAppSandbox = SetAppSandboxProperty; content->setAppAccessToken = SetAppAccessToken; content->coldStartApp = ColdStartApp; +#ifdef APPSPAWN_SUPPORT_SANDBOX content->registerAppSandbox = RegisterAppSandbox; +#endif } -- Gitee From 2653cc54a488ddaff1bafede920af7349c96dd39 Mon Sep 17 00:00:00 2001 From: Mupceet Date: Fri, 29 Apr 2022 11:33:15 +0800 Subject: [PATCH 2/4] =?UTF-8?q?fix:=E8=A1=A5=E5=85=85mkdir?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mupceet --- adapter/appspawn_sandbox.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/adapter/appspawn_sandbox.cpp b/adapter/appspawn_sandbox.cpp index a8f08cd1..e71a75b2 100644 --- a/adapter/appspawn_sandbox.cpp +++ b/adapter/appspawn_sandbox.cpp @@ -337,6 +337,7 @@ int32_t SetAppSandboxProperty(struct AppSpawnContent_ *content, AppSpawnClient * AppSpawnClientExt *appProperty = (AppSpawnClientExt *)client; // create /mnt/sandbox/ path later put it to rootfs module std::string sandboxPackagePath = "/mnt/sandbox/"; + mkdir(sandboxPackagePath.c_str(), FILE_MODE); sandboxPackagePath += appProperty->property.bundleName; mkdir(sandboxPackagePath.c_str(), FILE_MODE); -- Gitee From 543ad209ddc527a5122f2306a4b8fa1b2a8ba0fe Mon Sep 17 00:00:00 2001 From: Mupceet Date: Fri, 29 Apr 2022 11:46:53 +0800 Subject: [PATCH 3/4] =?UTF-8?q?fix:=E8=A1=A5=E5=85=85mkdir?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mupceet --- adapter/appspawn_sandbox.cpp | 19 ------------------- util/src/sandbox_utils.cpp | 2 ++ 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/adapter/appspawn_sandbox.cpp b/adapter/appspawn_sandbox.cpp index 1e92b9e8..9ae7bc94 100644 --- a/adapter/appspawn_sandbox.cpp +++ b/adapter/appspawn_sandbox.cpp @@ -110,28 +110,9 @@ void RegisterAppSandbox(struct AppSpawnContent_ *content, AppSpawnClient *client } } -static void MatchSandbox(AppSpawnClientExt *appProperty) -{ - if (appProperty == nullptr) { - return; - } - if (strcmp("system_basic", appProperty->property.apl) == 0) { - EnterSandbox("priv-app"); - } else if (strcmp("normal", appProperty->property.apl) == 0) { - EnterSandbox("app"); - } else if (strcmp("system_core ", appProperty->property.apl) == 0) { - EnterSandbox("app"); - } else { - APPSPAWN_LOGE("AppSpawnServer::Failed to match appspawn sandbox %s", appProperty->property.apl); - EnterSandbox("app"); - } -} - int32_t SetAppSandboxProperty(struct AppSpawnContent_ *content, AppSpawnClient *client) { APPSPAWN_CHECK(client != NULL, return -1, "Invalid appspwn client"); AppSpawnClientExt *appProperty = (AppSpawnClientExt *)client; - MatchSandbox(appProperty); - return SandboxUtils::SetAppSandboxProperty(&appProperty->property); } diff --git a/util/src/sandbox_utils.cpp b/util/src/sandbox_utils.cpp index 564bb9a4..6a03a7b9 100644 --- a/util/src/sandbox_utils.cpp +++ b/util/src/sandbox_utils.cpp @@ -516,8 +516,10 @@ bool SandboxUtils::CheckAppSandboxSwitchStatus(const ClientSocket::AppProperty * int32_t SandboxUtils::SetAppSandboxProperty(const ClientSocket::AppProperty *appProperty) { std::string sandboxPackagePath = "/mnt/sandbox/"; + mkdir(sandboxPackagePath.c_str(), FILE_MODE); const std::string bundleName = appProperty->bundleName; sandboxPackagePath += bundleName; + mkdir(sandboxPackagePath.c_str(), FILE_MODE); int rc = 0; // add pid to a new mnt namespace -- Gitee From edd2f5889df9688a8f5d72cd35d50146644b68c5 Mon Sep 17 00:00:00 2001 From: Mupceet Date: Fri, 29 Apr 2022 12:54:36 +0800 Subject: [PATCH 4/4] =?UTF-8?q?fix:=E8=A1=A5=E5=85=85mkdir?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mupceet --- util/src/sandbox_utils.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/util/src/sandbox_utils.cpp b/util/src/sandbox_utils.cpp index 6a03a7b9..cd3cf164 100644 --- a/util/src/sandbox_utils.cpp +++ b/util/src/sandbox_utils.cpp @@ -520,10 +520,9 @@ int32_t SandboxUtils::SetAppSandboxProperty(const ClientSocket::AppProperty *app const std::string bundleName = appProperty->bundleName; sandboxPackagePath += bundleName; mkdir(sandboxPackagePath.c_str(), FILE_MODE); - int rc = 0; // add pid to a new mnt namespace - rc = unshare(CLONE_NEWNS); + int rc = unshare(CLONE_NEWNS); if (rc) { HiLog::Error(LABEL, "unshare failed, packagename is %{public}s", bundleName.c_str()); return rc; -- Gitee