diff --git a/adapter/appspawn_sandbox.cpp b/adapter/appspawn_sandbox.cpp index 9ae7bc9431122a03f36e70f8642f0fa309801f2a..980ee2dacbb34287010d07fd24eab941c9ce095c 100644 --- a/adapter/appspawn_sandbox.cpp +++ b/adapter/appspawn_sandbox.cpp @@ -44,6 +44,7 @@ bool g_isAppSandboxCreated = false; namespace { const std::string APP_JSON_CONFIG("/system/etc/sandbox/appdata-sandbox.json"); + const std::string PRODUCT_JSON_CONFIG("/system/etc/sandbox/product-sandbox.json"); } void LoadAppSandboxConfig(void) @@ -55,6 +56,12 @@ void LoadAppSandboxConfig(void) HiLog::Error(LABEL, "AppSpawnServer::Failed to load app private sandbox config"); } SandboxUtils::StoreJsonConfig(appSandboxConfig); + + rc = JsonUtils::GetJsonObjFromJson(appSandboxConfig, PRODUCT_JSON_CONFIG); + if (!rc) { + HiLog::Error(LABEL, "AppSpawnServer::Failed to load app product sandbox config"); + } + SandboxUtils::StoreProductJsonConfig(appSandboxConfig); } static void RegisterSandbox(AppSpawnContentExt *appSpawnContent, const char *sandbox) diff --git a/product-sandbox.json b/product-sandbox.json new file mode 100755 index 0000000000000000000000000000000000000000..b3b3662ea4c8c60634e67dbda1c215c0f5f44fbd --- /dev/null +++ b/product-sandbox.json @@ -0,0 +1,34 @@ +{ + "common" : [{ + "top-sandbox-switch": "ON", + "app-base" : [{ + "sandbox-root" : "/mnt/sandbox/", + "mount-bind-paths" : [], + "symbol-links" : [] + }], + "app-resources" : [{ + "sandbox-root" : "/mnt/sandbox/", + "mount-bind-paths" : [], + "symbol-links" : [] + }] + }], + "individual" : [{ + "ohos.samples.xxx" : [{ + "sandbox-switch": "ON", + "sandbox-root" : "/mnt/sandbox/", + "mount-bind-paths" : [{ + "src-path" : "/data/app/el1/bundle/public/", + "sandbox-path" : "/data/accounts/account_0/applications/", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + }, { + "src-path" : "/data/app/el1/bundle/public/", + "sandbox-path" : "/data/bundles/", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + } + ], + "symbol-links" : [] + }] + }] +} \ No newline at end of file diff --git a/util/include/sandbox_utils.h b/util/include/sandbox_utils.h index 7632267ed738a383c46ec948d2821436d1946cd3..44d58f0ca571f5d026c0690991aa325af00d8496 100644 --- a/util/include/sandbox_utils.h +++ b/util/include/sandbox_utils.h @@ -28,6 +28,8 @@ class SandboxUtils { public: static void StoreJsonConfig(nlohmann::json &appSandboxConfig); static nlohmann::json GetJsonConfig(); + static void StoreProductJsonConfig(nlohmann::json &productSandboxConfig); + static nlohmann::json GetProductJsonConfig(); static int32_t SetAppSandboxProperty(const ClientSocket::AppProperty *appProperty); private: @@ -55,9 +57,14 @@ private: static bool CheckAppSandboxSwitchStatus(const ClientSocket::AppProperty *appProperty); static bool GetSbxSwitchStatusByConfig(nlohmann::json &config); static unsigned long GetMountFlagsFromConfig(const std::vector &vec); + static int32_t SetCommonAppSandboxProperty_(const ClientSocket::AppProperty *appProperty, + nlohmann::json &config); + static int32_t SetPrivateAppSandboxProperty_(const ClientSocket::AppProperty *appProperty, + nlohmann::json &config); private: static nlohmann::json appSandboxConfig_; + static nlohmann::json productSandboxConfig_; }; } // namespace AppSpawn } // namespace OHOS diff --git a/util/src/sandbox_utils.cpp b/util/src/sandbox_utils.cpp index 556c44a37831d2732c3d2437ef6f2bc6cb18194c..ad1ad18b18a7f48604642e7e68d646d1db41050e 100644 --- a/util/src/sandbox_utils.cpp +++ b/util/src/sandbox_utils.cpp @@ -70,6 +70,7 @@ namespace { nlohmann::json SandboxUtils::appSandboxConfig_; +nlohmann::json SandboxUtils::productSandboxConfig_; void SandboxUtils::StoreJsonConfig(nlohmann::json &appSandboxConfig) { @@ -81,6 +82,16 @@ nlohmann::json SandboxUtils::GetJsonConfig() return SandboxUtils::appSandboxConfig_; } +void SandboxUtils::StoreProductJsonConfig(nlohmann::json &productSandboxConfig) +{ + SandboxUtils::productSandboxConfig_ = productSandboxConfig; +} + +nlohmann::json SandboxUtils::GetProductJsonConfig() +{ + return SandboxUtils::productSandboxConfig_; +} + void SandboxUtils::MakeDirRecursive(const std::string path, mode_t mode) { size_t size = path.size(); @@ -389,10 +400,10 @@ int32_t SandboxUtils::DoSandboxFileCommonSymlink(const ClientSocket::AppProperty return ret; } -int32_t SandboxUtils::SetPrivateAppSandboxProperty(const ClientSocket::AppProperty *appProperty) +int32_t SandboxUtils::SetPrivateAppSandboxProperty_(const ClientSocket::AppProperty *appProperty, + nlohmann::json &config) { - nlohmann::json config = SandboxUtils::GetJsonConfig(); - int ret; + int ret = 0; ret = DoSandboxFilePrivateBind(appProperty, config); if (ret) { @@ -403,32 +414,72 @@ int32_t SandboxUtils::SetPrivateAppSandboxProperty(const ClientSocket::AppProper ret = DoSandboxFilePrivateSymlink(appProperty, config); if (ret) { HiLog::Error(LABEL, "DoSandboxFilePrivateSymlink failed"); + } + + return ret; +} + +int32_t SandboxUtils::SetPrivateAppSandboxProperty(const ClientSocket::AppProperty *appProperty) +{ + nlohmann::json productConfig = SandboxUtils::GetProductJsonConfig(); + nlohmann::json config = SandboxUtils::GetJsonConfig(); + int ret = 0; + + ret = SetPrivateAppSandboxProperty_(appProperty, config); + if (ret) { + HiLog::Error(LABEL, "parse adddata-sandbox config failed"); return ret; } - return 0; + ret = SetPrivateAppSandboxProperty_(appProperty, productConfig); + if (ret) { + HiLog::Error(LABEL, "parse product-sandbox config failed"); + } + + return ret; } -int32_t SandboxUtils::SetCommonAppSandboxProperty(const ClientSocket::AppProperty *appProperty, - std::string &sandboxPackagePath) +int32_t SandboxUtils::SetCommonAppSandboxProperty_(const ClientSocket::AppProperty *appProperty, + nlohmann::json &config) { - nlohmann::json jsonConfig = SandboxUtils::GetJsonConfig(); + int rc = 0; - int rc = DoSandboxFileCommonBind(appProperty, jsonConfig); + rc = DoSandboxFileCommonBind(appProperty, config); if (rc) { - HiLog::Error(LABEL, "DoSandboxFileCommonBind failed, %{public}s", sandboxPackagePath.c_str()); + HiLog::Error(LABEL, "DoSandboxFileCommonBind failed, %{public}s", appProperty->bundleName); return rc; } // if sandbox switch is off, don't do symlink work again if (CheckAppSandboxSwitchStatus(appProperty) == true && (CheckTotalSandboxSwitchStatus(appProperty) == true)) { - rc = DoSandboxFileCommonSymlink(appProperty, jsonConfig); + rc = DoSandboxFileCommonSymlink(appProperty, config); if (rc) { - HiLog::Error(LABEL, "DoSandboxFileCommonSymlink failed, %{public}s", sandboxPackagePath.c_str()); - return rc; + HiLog::Error(LABEL, "DoSandboxFileCommonSymlink failed, %{public}s", appProperty->bundleName); } } + return rc; +} + +int32_t SandboxUtils::SetCommonAppSandboxProperty(const ClientSocket::AppProperty *appProperty, + std::string &sandboxPackagePath) +{ + nlohmann::json jsonConfig = SandboxUtils::GetJsonConfig(); + nlohmann::json productConfig = SandboxUtils::GetProductJsonConfig(); + int ret = 0; + + ret = SetCommonAppSandboxProperty_(appProperty, jsonConfig); + if (ret) { + HiLog::Error(LABEL, "parse appdata config for common failed, %{public}s", sandboxPackagePath.c_str()); + return ret; + } + + ret = SetCommonAppSandboxProperty_(appProperty, productConfig); + if (ret) { + HiLog::Error(LABEL, "parse product config for common failed, %{public}s", sandboxPackagePath.c_str()); + return ret; + } + if (strcmp(appProperty->apl, APL_SYSTEM_BASIC.data()) == 0 || strcmp(appProperty->apl, APL_SYSTEM_CORE.data()) == 0) { // need permission check for system app here