openharmony/startup_appspawn
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_appspawn synced 2025-02-18 19:18:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!398 seccomp模块进程内存映射空间优化

Browse Source 
Merge pull request !398 from 夏不白/seccomp_so
This commit is contained in:
openharmony_ci 2022-09-09 06:49:08 +00:00 committed by Gitee
commit 0381991bfe
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 7 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
adapter/appspawn_adapter.cpp
View File

@ -54,7 +54,7 @@ void SetSelinuxCon(struct AppSpawnContent_ *content, AppSpawnClient *client)
void SetUidGidFilter(struct AppSpawnContent_ *content)
{
#ifdef WITH_SECCOMP
if (!SetSeccompPolicy(APPSPAWN)) {
if (!SetSeccompPolicyWithName(APPSPAWN_NAME)) {
APPSPAWN_LOGE("AppSpawnServer::Failed to set APPSPAWN seccomp filter");
} else {
APPSPAWN_LOGI("AppSpawnServer::Success to set APPSPAWN seccomp filter");
@ -62,26 +62,21 @@ void SetUidGidFilter(struct AppSpawnContent_ *content)
#endif
}
int SetSeccompFilter(struct AppSpawnContent_ *content, AppSpawnClient *client)
void SetSeccompFilter(struct AppSpawnContent_ *content, AppSpawnClient *client)
{
#ifdef WITH_SECCOMP
#ifdef NWEB_SPAWN
if (!SetSeccompPolicy(NWEBSPAWN)) {
if (!SetSeccompPolicyWithName(NWEBSPAWN_NAME)) {
APPSPAWN_LOGE("NwebspawnServer::Failed to set NWEBSPAWN seccomp filter");
return -1;
} else {
APPSPAWN_LOGI("NwebspawnServer::Success to set NWEBSPAWN seccomp filter");
return 0;
}
#else
if (!SetSeccompPolicy(APP)) {
if (!SetSeccompPolicyWithName(APP_NAME)) {
APPSPAWN_LOGE("AppSpawnServer::Failed to set APP seccomp filter");
return -1;
} else {
APPSPAWN_LOGI("AppSpawnServer::Success to set APP seccomp filter");
return 0;
}
#endif
#endif
return 0;
}

2
adapter/appspawn_adapter.h
View File

@ -33,7 +33,7 @@ int GetRenderProcessTerminationStatus(int32_t pid, int *status);
void RecordRenderProcessExitedStatus(pid_t pid, int status);
void LoadAppSandboxConfig(void);
void SetUidGidFilter(struct AppSpawnContent_ *content);
int SetSeccompFilter(struct AppSpawnContent_ *content, AppSpawnClient *client);
void SetSeccompFilter(struct AppSpawnContent_ *content, AppSpawnClient *client);
int32_t GetAppNamespaceFlags(const char *bundleName);
#ifdef __cplusplus

4
common/appspawn_server.c
View File

@ -100,9 +100,7 @@ int DoStartApp(struct AppSpawnContent_ *content, AppSpawnClient *client, char *l
}
if (content->setSeccompFilter) {
ret = content->setSeccompFilter(content, client);
APPSPAWN_CHECK(ret == 0, NotifyResToParent(content, client, ret);
return ret, "Failed to set setSeccompFilter");
content->setSeccompFilter(content, client);
}
if (content->setUidGid) {

2
common/appspawn_server.h
View File

@ -82,7 +82,7 @@ typedef struct AppSpawnContent_ {
#ifdef ASAN_DETECTOR
int (*getWrapBundleNameValue)(struct AppSpawnContent_ *content, AppSpawnClient *client);
#endif
int (*setSeccompFilter)(struct AppSpawnContent_ *content, AppSpawnClient *client);
void (*setSeccompFilter)(struct AppSpawnContent_ *content, AppSpawnClient *client);
} AppSpawnContent;
typedef struct {