From 99079e86758438186c4e67de21602b1af1fd445c Mon Sep 17 00:00:00 2001 From: Mupceet Date: Tue, 17 May 2022 19:12:51 +0800 Subject: [PATCH] appspawn_stand: split system directory and support arm64 Signed-off-by: Mupceet Change-Id: I7d8f48b75973064bea274bead4d4d8f6e2880376 --- appdata-sandbox.json | 52 ++++++++++++++++++++- util/include/sandbox_utils.h | 2 +- util/src/sandbox_utils.cpp | 88 +++++++++++++++++++++++++++++++++++- 3 files changed, 137 insertions(+), 5 deletions(-) diff --git a/appdata-sandbox.json b/appdata-sandbox.json index d470659a..72c6b0bb 100644 --- a/appdata-sandbox.json +++ b/appdata-sandbox.json @@ -3,6 +3,19 @@ "top-sandbox-switch": "ON", "app-base" : [{ "sandbox-root" : "/mnt/sandbox/", + "mount-kind-paths": [{ + "src-path" : "/system/lib/media/", + "sandbox-path" : "/testapp/app", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true", + "kind-name": "normal" + }, { + "src-path" : "/system/lib/module/", + "sandbox-path" : "/testapp/private", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true", + "kind-name": "system_basic" + }], "mount-bind-paths" : [{ "src-path" : "/config", "sandbox-path" : "/config", @@ -29,8 +42,43 @@ "sandbox-flags" : [ "bind", "rec" ], "check-action-status": "false" }, { - "src-path" : "/system", - "sandbox-path" : "/system", + "src-path" : "/system/app", + "sandbox-path" : "/system/app", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/fonts", + "sandbox-path" : "/system/fonts", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib64", + "sandbox-path" : "/system/lib64", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/data", + "sandbox-path" : "/system/data", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/usr", + "sandbox-path" : "/system/usr", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/profile", + "sandbox-path" : "/system/profile", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/bin", + "sandbox-path" : "/system/bin", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/etc", + "sandbox-path" : "/system/etc", "sandbox-flags" : [ "bind", "rec" ], "check-action-status": "false" }, { diff --git a/util/include/sandbox_utils.h b/util/include/sandbox_utils.h index 7632267e..f36b3cb3 100644 --- a/util/include/sandbox_utils.h +++ b/util/include/sandbox_utils.h @@ -48,6 +48,7 @@ private: std::string &sandboxPackagePath); static void DoSandboxChmod(nlohmann::json jsonConfig, std::string &sandboxRoot); static int DoAllMntPointsMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig); + static int DoAllMntKindMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig); static int DoAllSymlinkPointslink(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig); static std::string ConvertToRealPath(const ClientSocket::AppProperty *appProperty, std::string sandboxRoot); static std::string GetSbxPathByConfig(const ClientSocket::AppProperty *appProperty, nlohmann::json &config); @@ -55,7 +56,6 @@ private: static bool CheckAppSandboxSwitchStatus(const ClientSocket::AppProperty *appProperty); static bool GetSbxSwitchStatusByConfig(nlohmann::json &config); static unsigned long GetMountFlagsFromConfig(const std::vector &vec); - private: static nlohmann::json appSandboxConfig_; }; diff --git a/util/src/sandbox_utils.cpp b/util/src/sandbox_utils.cpp index cd3cf164..3bf31aec 100644 --- a/util/src/sandbox_utils.cpp +++ b/util/src/sandbox_utils.cpp @@ -49,6 +49,8 @@ namespace { const std::string SANDBOX_DIR = "/mnt/sandbox/"; const std::string STATUS_CHECK = "true"; const std::string SBX_SWITCH_CHECK = "ON"; + const std::string SYSTEM_LIB = "/lib"; + const std::string SYSTEM_LIB_64 = "/lib64"; const char *COMMON_PREFIX = "common"; const char *PRIVATE_PREFIX = "individual"; const char *SRC_PATH = "src-path"; @@ -66,9 +68,10 @@ namespace { const char *WARGNAR_DEVICE_PATH = "/3rdmodem"; const char *APP_BASE = "app-base"; const char *APP_RESOURCES = "app-resources"; + const char *KIND_NAME = "kind-name"; + const char *MOUNT_KIND_PREFIX = "mount-kind-paths"; } - nlohmann::json SandboxUtils::appSandboxConfig_; void SandboxUtils::StoreJsonConfig(nlohmann::json &appSandboxConfig) @@ -242,6 +245,77 @@ bool SandboxUtils::GetSbxSwitchStatusByConfig(nlohmann::json &config) return true; } +static bool Replace_OS64(nlohmann::json &mntPoint,const std::string JSON_TYPE, const std::string OLD_STRING, const std::string NEW_STRING) +{ + std::string LIB_OS = mntPoint[JSON_TYPE].get(); + std::string::size_type pos(0); + pos = LIB_OS.find(OLD_STRING); + if (pos != std::string::npos) { + LIB_OS.replace(pos, OLD_STRING.length(), NEW_STRING); + mntPoint[JSON_TYPE] = LIB_OS; + return true; + } + return false; +} + +int SandboxUtils::DoAllMntKindMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig) +{ + if (appConfig.find(MOUNT_KIND_PREFIX) == appConfig.end()) { + HiLog::Debug(LABEL, "mount config is not found, maybe reuslt sandbox launch failed" + "app name is %{public}s", appProperty->bundleName); + return 0; + } + + nlohmann::json mountPoints = appConfig[MOUNT_KIND_PREFIX]; + std::string sandboxRoot = GetSbxPathByConfig(appProperty, appConfig); + int mountPointSize = mountPoints.size(); + + for (int i = 0; i < mountPointSize; i++) { + nlohmann::json mntPoint = mountPoints[i]; + std::string APP_KIND = mntPoint[KIND_NAME]; + const char * p_app_kind = APP_KIND.c_str(); + + // if not defined, + if (!strcmp(p_app_kind, appProperty->apl)) { + if (strcmp(p_app_kind, "normal") || strcmp(p_app_kind, "system_basic")) { + continue; + } + } + + // Check the validity of the mount configuration + if (mntPoint.find(SRC_PATH) == mntPoint.end() || mntPoint.find(SANDBOX_PATH) == mntPoint.end() + || mntPoint.find(SANDBOX_FLAGS) == mntPoint.end()) { + HiLog::Error(LABEL, "read mount config failed, app name is %{public}s", appProperty->bundleName); + continue; + } + +#ifdef __aarch64__ + if (!Replace_OS64(mntPoint, SRC_PATH, SYSTEM_LIB, SYSTEM_LIB_64)) { + HiLog::Error(LABEL, "replace os 64 error, app name is %{public}s", appProperty->bundleName); + } +#endif + std::string srcPath = ConvertToRealPath(appProperty, mntPoint[SRC_PATH].get()); + std::string sandboxPath = sandboxRoot + ConvertToRealPath(appProperty, + mntPoint[SANDBOX_PATH].get()); + unsigned long mountFlags = GetMountFlagsFromConfig(mntPoint[SANDBOX_FLAGS].get>()); + + int ret = DoAppSandboxMountOnce(srcPath.c_str(), sandboxPath.c_str(), mountFlags); + if (ret) { + HiLog::Error(LABEL, "DoAppSandboxMountOnce failed, %{public}s", sandboxPath.c_str()); + + std::string actionStatus = STATUS_CHECK; + (void)JsonUtils::GetStringFromJson(mntPoint, ACTION_STATUS, actionStatus); + if (actionStatus == STATUS_CHECK) { + return ret; + } + } + + DoSandboxChmod(mntPoint, sandboxRoot); + } + + return 0; +} + int SandboxUtils::DoAllMntPointsMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig) { if (appConfig.find(MOUNT_PREFIX) == appConfig.end()) { @@ -307,6 +381,15 @@ int SandboxUtils::DoAllSymlinkPointslink(const ClientSocket::AppProperty *appPro continue; } +#ifdef __aarch64__ + if (!Replace_OS64(symPoint, TARGET_NAME, "lib", "lib64")) { + HiLog::Error(LABEL, "replace os 64 error, app name is %{public}s", appProperty->bundleName); + } + if (!Replace_OS64(symPoint, LINK_NAME, "lib", "lib64")) { + HiLog::Error(LABEL, "replace os 64 error, app name is %{public}s", appProperty->bundleName); + } +#endif + std::string targetName = ConvertToRealPath(appProperty, symPoint[TARGET_NAME].get()); std::string linkName = sandboxRoot + ConvertToRealPath(appProperty, symPoint[LINK_NAME].get()); HiLog::Debug(LABEL, "symlink, from %{public}s to %{public}s", targetName.c_str(), linkName.c_str()); @@ -354,9 +437,10 @@ int32_t SandboxUtils::DoSandboxFileCommonBind(const ClientSocket::AppProperty *a { nlohmann::json commonConfig = wholeConfig[COMMON_PREFIX][0]; int ret = 0; - + int test = 0; if (commonConfig.find(APP_BASE) != commonConfig.end()) { ret = DoAllMntPointsMount(appProperty, commonConfig[APP_BASE][0]); + test = DoAllMntKindMount(appProperty, commonConfig[APP_BASE][0]); if (ret) { return ret; } -- Gitee