From fc670be36c3ac80e6f48aaf8ecc8549219784b74 Mon Sep 17 00:00:00 2001 From: Zheng Yongjun Date: Tue, 17 May 2022 22:35:18 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BD=BF=E8=83=BD=E5=BA=94=E7=94=A8=E6=B2=99?= =?UTF-8?q?=E7=AE=B1=E4=BA=A7=E5=93=81=E5=8C=96=E7=BB=84=E4=BB=B6=E9=85=8D?= =?UTF-8?q?=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Zheng Yongjun --- adapter/appspawn_sandbox.cpp | 7 ++++ product-sandbox.json | 34 ++++++++++++++++ util/include/sandbox_utils.h | 7 ++++ util/src/sandbox_utils.cpp | 75 ++++++++++++++++++++++++++++++------ 4 files changed, 111 insertions(+), 12 deletions(-) create mode 100755 product-sandbox.json diff --git a/adapter/appspawn_sandbox.cpp b/adapter/appspawn_sandbox.cpp index 9ae7bc94..980ee2da 100644 --- a/adapter/appspawn_sandbox.cpp +++ b/adapter/appspawn_sandbox.cpp @@ -44,6 +44,7 @@ bool g_isAppSandboxCreated = false; namespace { const std::string APP_JSON_CONFIG("/system/etc/sandbox/appdata-sandbox.json"); + const std::string PRODUCT_JSON_CONFIG("/system/etc/sandbox/product-sandbox.json"); } void LoadAppSandboxConfig(void) @@ -55,6 +56,12 @@ void LoadAppSandboxConfig(void) HiLog::Error(LABEL, "AppSpawnServer::Failed to load app private sandbox config"); } SandboxUtils::StoreJsonConfig(appSandboxConfig); + + rc = JsonUtils::GetJsonObjFromJson(appSandboxConfig, PRODUCT_JSON_CONFIG); + if (!rc) { + HiLog::Error(LABEL, "AppSpawnServer::Failed to load app product sandbox config"); + } + SandboxUtils::StoreProductJsonConfig(appSandboxConfig); } static void RegisterSandbox(AppSpawnContentExt *appSpawnContent, const char *sandbox) diff --git a/product-sandbox.json b/product-sandbox.json new file mode 100755 index 00000000..b3b3662e --- /dev/null +++ b/product-sandbox.json @@ -0,0 +1,34 @@ +{ + "common" : [{ + "top-sandbox-switch": "ON", + "app-base" : [{ + "sandbox-root" : "/mnt/sandbox/", + "mount-bind-paths" : [], + "symbol-links" : [] + }], + "app-resources" : [{ + "sandbox-root" : "/mnt/sandbox/", + "mount-bind-paths" : [], + "symbol-links" : [] + }] + }], + "individual" : [{ + "ohos.samples.xxx" : [{ + "sandbox-switch": "ON", + "sandbox-root" : "/mnt/sandbox/", + "mount-bind-paths" : [{ + "src-path" : "/data/app/el1/bundle/public/", + "sandbox-path" : "/data/accounts/account_0/applications/", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + }, { + "src-path" : "/data/app/el1/bundle/public/", + "sandbox-path" : "/data/bundles/", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + } + ], + "symbol-links" : [] + }] + }] +} \ No newline at end of file diff --git a/util/include/sandbox_utils.h b/util/include/sandbox_utils.h index 7632267e..44d58f0c 100644 --- a/util/include/sandbox_utils.h +++ b/util/include/sandbox_utils.h @@ -28,6 +28,8 @@ class SandboxUtils { public: static void StoreJsonConfig(nlohmann::json &appSandboxConfig); static nlohmann::json GetJsonConfig(); + static void StoreProductJsonConfig(nlohmann::json &productSandboxConfig); + static nlohmann::json GetProductJsonConfig(); static int32_t SetAppSandboxProperty(const ClientSocket::AppProperty *appProperty); private: @@ -55,9 +57,14 @@ private: static bool CheckAppSandboxSwitchStatus(const ClientSocket::AppProperty *appProperty); static bool GetSbxSwitchStatusByConfig(nlohmann::json &config); static unsigned long GetMountFlagsFromConfig(const std::vector &vec); + static int32_t SetCommonAppSandboxProperty_(const ClientSocket::AppProperty *appProperty, + nlohmann::json &config); + static int32_t SetPrivateAppSandboxProperty_(const ClientSocket::AppProperty *appProperty, + nlohmann::json &config); private: static nlohmann::json appSandboxConfig_; + static nlohmann::json productSandboxConfig_; }; } // namespace AppSpawn } // namespace OHOS diff --git a/util/src/sandbox_utils.cpp b/util/src/sandbox_utils.cpp index 556c44a3..ad1ad18b 100644 --- a/util/src/sandbox_utils.cpp +++ b/util/src/sandbox_utils.cpp @@ -70,6 +70,7 @@ namespace { nlohmann::json SandboxUtils::appSandboxConfig_; +nlohmann::json SandboxUtils::productSandboxConfig_; void SandboxUtils::StoreJsonConfig(nlohmann::json &appSandboxConfig) { @@ -81,6 +82,16 @@ nlohmann::json SandboxUtils::GetJsonConfig() return SandboxUtils::appSandboxConfig_; } +void SandboxUtils::StoreProductJsonConfig(nlohmann::json &productSandboxConfig) +{ + SandboxUtils::productSandboxConfig_ = productSandboxConfig; +} + +nlohmann::json SandboxUtils::GetProductJsonConfig() +{ + return SandboxUtils::productSandboxConfig_; +} + void SandboxUtils::MakeDirRecursive(const std::string path, mode_t mode) { size_t size = path.size(); @@ -389,10 +400,10 @@ int32_t SandboxUtils::DoSandboxFileCommonSymlink(const ClientSocket::AppProperty return ret; } -int32_t SandboxUtils::SetPrivateAppSandboxProperty(const ClientSocket::AppProperty *appProperty) +int32_t SandboxUtils::SetPrivateAppSandboxProperty_(const ClientSocket::AppProperty *appProperty, + nlohmann::json &config) { - nlohmann::json config = SandboxUtils::GetJsonConfig(); - int ret; + int ret = 0; ret = DoSandboxFilePrivateBind(appProperty, config); if (ret) { @@ -403,32 +414,72 @@ int32_t SandboxUtils::SetPrivateAppSandboxProperty(const ClientSocket::AppProper ret = DoSandboxFilePrivateSymlink(appProperty, config); if (ret) { HiLog::Error(LABEL, "DoSandboxFilePrivateSymlink failed"); + } + + return ret; +} + +int32_t SandboxUtils::SetPrivateAppSandboxProperty(const ClientSocket::AppProperty *appProperty) +{ + nlohmann::json productConfig = SandboxUtils::GetProductJsonConfig(); + nlohmann::json config = SandboxUtils::GetJsonConfig(); + int ret = 0; + + ret = SetPrivateAppSandboxProperty_(appProperty, config); + if (ret) { + HiLog::Error(LABEL, "parse adddata-sandbox config failed"); return ret; } - return 0; + ret = SetPrivateAppSandboxProperty_(appProperty, productConfig); + if (ret) { + HiLog::Error(LABEL, "parse product-sandbox config failed"); + } + + return ret; } -int32_t SandboxUtils::SetCommonAppSandboxProperty(const ClientSocket::AppProperty *appProperty, - std::string &sandboxPackagePath) +int32_t SandboxUtils::SetCommonAppSandboxProperty_(const ClientSocket::AppProperty *appProperty, + nlohmann::json &config) { - nlohmann::json jsonConfig = SandboxUtils::GetJsonConfig(); + int rc = 0; - int rc = DoSandboxFileCommonBind(appProperty, jsonConfig); + rc = DoSandboxFileCommonBind(appProperty, config); if (rc) { - HiLog::Error(LABEL, "DoSandboxFileCommonBind failed, %{public}s", sandboxPackagePath.c_str()); + HiLog::Error(LABEL, "DoSandboxFileCommonBind failed, %{public}s", appProperty->bundleName); return rc; } // if sandbox switch is off, don't do symlink work again if (CheckAppSandboxSwitchStatus(appProperty) == true && (CheckTotalSandboxSwitchStatus(appProperty) == true)) { - rc = DoSandboxFileCommonSymlink(appProperty, jsonConfig); + rc = DoSandboxFileCommonSymlink(appProperty, config); if (rc) { - HiLog::Error(LABEL, "DoSandboxFileCommonSymlink failed, %{public}s", sandboxPackagePath.c_str()); - return rc; + HiLog::Error(LABEL, "DoSandboxFileCommonSymlink failed, %{public}s", appProperty->bundleName); } } + return rc; +} + +int32_t SandboxUtils::SetCommonAppSandboxProperty(const ClientSocket::AppProperty *appProperty, + std::string &sandboxPackagePath) +{ + nlohmann::json jsonConfig = SandboxUtils::GetJsonConfig(); + nlohmann::json productConfig = SandboxUtils::GetProductJsonConfig(); + int ret = 0; + + ret = SetCommonAppSandboxProperty_(appProperty, jsonConfig); + if (ret) { + HiLog::Error(LABEL, "parse appdata config for common failed, %{public}s", sandboxPackagePath.c_str()); + return ret; + } + + ret = SetCommonAppSandboxProperty_(appProperty, productConfig); + if (ret) { + HiLog::Error(LABEL, "parse product config for common failed, %{public}s", sandboxPackagePath.c_str()); + return ret; + } + if (strcmp(appProperty->apl, APL_SYSTEM_BASIC.data()) == 0 || strcmp(appProperty->apl, APL_SYSTEM_CORE.data()) == 0) { // need permission check for system app here -- Gitee