From c97889c3888fd3c295d116729179e0344c42df0f Mon Sep 17 00:00:00 2001 From: Qiheng Lin Date: Wed, 16 Feb 2022 16:19:05 +0800 Subject: [PATCH 1/2] add log when bind mount fail Signed-off-by: Qiheng Lin Change-Id: I6087fcd01b04c464e67711243980a5d478723a4f --- src/appspawn_server.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/appspawn_server.cpp b/src/appspawn_server.cpp index 383aaab6..70e260d8 100644 --- a/src/appspawn_server.cpp +++ b/src/appspawn_server.cpp @@ -396,11 +396,14 @@ int32_t AppSpawnServer::DoAppSandboxMountOnce(const std::string originPath, cons rc = mount(originPath.c_str(), destinationPath.c_str(), NULL, MS_BIND | MS_REC, NULL); if (rc) { + HiLog::Error(LABEL, "bind mount %{public}s to %{public}s failed %{public}d", originPath.c_str(), + destinationPath.c_str(), errno); return rc; } rc = mount(NULL, destinationPath.c_str(), NULL, MS_PRIVATE, NULL); if (rc) { + HiLog::Error(LABEL, "private mount to %{public}s failed %{public}d", destinationPath.c_str(), errno); return rc; } -- Gitee From c31fe4e367b2432350a34825c0ad80bc2a018d1f Mon Sep 17 00:00:00 2001 From: Qiheng Lin Date: Wed, 16 Feb 2022 16:17:19 +0800 Subject: [PATCH 2/2] appsandbox mount the install path to accounts path Signed-off-by: Qiheng Lin Change-Id: I94ae35301108b563179bd885913d78b0469d16f0 --- src/appspawn_server.cpp | 31 +++++++++++++++++++++++++------ src/include/appspawn_server.h | 5 +++++ 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/src/appspawn_server.cpp b/src/appspawn_server.cpp index 70e260d8..227e09d8 100644 --- a/src/appspawn_server.cpp +++ b/src/appspawn_server.cpp @@ -413,7 +413,7 @@ int32_t AppSpawnServer::DoAppSandboxMountOnce(const std::string originPath, cons int32_t AppSpawnServer::DoAppSandboxMount(const ClientSocket::AppProperty *appProperty, std::string rootPath) { std::string currentUserId = std::to_string(appProperty->uid / 200000); - std::string oriInstallPath = "/data/app/el1/bundle/"; + std::string oriInstallPath = "/data/app/el1/bundle/public/"; std::string oriDataPath = "/data/app/el2/" + currentUserId + "/base/"; std::string oriDatabasePath = "/data/app/el2/" + currentUserId + "/database/"; std::string destDatabasePath = rootPath + "/data/storage/el2/database"; @@ -432,7 +432,7 @@ int32_t AppSpawnServer::DoAppSandboxMount(const ClientSocket::AppProperty *appPr mountMap[destDataPath] = oriDataPath; std::map::iterator iter; - for (iter = mountMap.begin(); iter != mountMap.end(); iter++) { + for (iter = mountMap.begin(); iter != mountMap.end(); ++iter) { rc = DoAppSandboxMountOnce(iter->second.c_str(), iter->first.c_str()); if (rc) { return rc; @@ -452,11 +452,23 @@ int32_t AppSpawnServer::DoAppSandboxMount(const ClientSocket::AppProperty *appPr std::string destappdataPath = rootPath + oriappdataPath; DoAppSandboxMountOnce(oriappdataPath.c_str(), destappdataPath.c_str()); - std::string oriapplicationsPath = "/data/accounts/account_0/applications/"; - std::string destapplicationsPath = rootPath + oriapplicationsPath; + return 0; +} + +int32_t AppSpawnServer::DoAppSandboxMountCustomized(const ClientSocket::AppProperty *appProperty, std::string rootPath) +{ + std::string bundleName = appProperty->bundleName; + std::string currentUserId = std::to_string(appProperty->uid / 200000); + + // account_0/applications/ dir can still access other packages' data now for compatibility purpose + std::string oriapplicationsPath = "/data/app/el1/bundle/public/"; + std::string destapplicationsPath = rootPath + "/data/accounts/account_0/applications/"; DoAppSandboxMountOnce(oriapplicationsPath.c_str(), destapplicationsPath.c_str()); - // only bind mount media library app + // need permission check for system app here + std::string destbundlesPath = rootPath + "/data/bundles/"; + DoAppSandboxMountOnce(oriapplicationsPath.c_str(), destbundlesPath.c_str()); + if (bundleName.find("medialibrary") != std::string::npos) { std::string oriMediaPath = "/storage/media/" + currentUserId; std::string destMediaPath = rootPath + "/storage/media"; @@ -494,6 +506,7 @@ void AppSpawnServer::DoAppSandboxMkdir(std::string sandboxPackagePath, const Cli mkdirInfo.push_back("/data/accounts/account_0"); mkdirInfo.push_back("/data/accounts/account_0/applications/"); mkdirInfo.push_back("/data/accounts/account_0/appdata/"); + mkdirInfo.push_back("/data/bundles/"); for (int i = 0; i < mkdirInfo.size(); i++) { dirPath = sandboxPackagePath + mkdirInfo[i]; @@ -551,7 +564,7 @@ int32_t AppSpawnServer::DoSandboxRootFolderCreate(std::string sandboxPackagePath // bind mount root folder to /mnt/sandbox/ path std::map::iterator iter; - for (iter = mountMap.begin(); iter != mountMap.end(); iter++) { + for (iter = mountMap.begin(); iter != mountMap.end(); ++iter) { rc = DoAppSandboxMountOnce(iter->first.c_str(), iter->second.c_str()); if (rc) { HiLog::Error(LABEL, "move root folder failed, %{public}s", sandboxPackagePath.c_str()); @@ -616,6 +629,12 @@ int32_t AppSpawnServer::SetAppSandboxProperty(const ClientSocket::AppProperty *a return rc; } + rc = DoAppSandboxMountCustomized(appProperty, sandboxPackagePath); + if (rc) { + HiLog::Error(LABEL, "DoAppSandboxMountCustomized failed, packagename is %{public}s", appProperty->processName); + return rc; + } + rc = chdir(sandboxPackagePath.c_str()); if (rc) { HiLog::Error(LABEL, "chdir failed, packagename is %{public}s, path is %{public}s", \ diff --git a/src/include/appspawn_server.h b/src/include/appspawn_server.h index abef561a..06be8f02 100644 --- a/src/include/appspawn_server.h +++ b/src/include/appspawn_server.h @@ -142,6 +142,11 @@ private: */ int32_t DoAppSandboxMount(const ClientSocket::AppProperty *appProperty, std::string rootPath); + /** + * Do app sandbox original path mount for some customized packages + */ + int32_t DoAppSandboxMountCustomized(const ClientSocket::AppProperty *appProperty, std::string rootPath); + /** * Do app sandbox mkdir /mnt/sandbox// */ -- Gitee