openharmony/startup_appspawn
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_appspawn synced 2024-11-22 22:50:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of gitee.com:openharmony/startup_appspawn into feature/deviceDebug

Browse Source 
Signed-off-by: 王达 <wangda20@huawei.com>
This commit is contained in:
王达 2024-10-22 06:32:48 +00:00 committed by Gitee
commit 285e131772
131 changed files with 1049 additions and 2761 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
BUILD.gn
View File

@ -29,6 +29,9 @@ config("appspawn_config") {
if (build_seccomp) {
cflags += [ "-DWITH_SECCOMP" ]
if (appspawn_seccomp_privilege) {
cflags += [ "-DSECCOMP_PRIVILEGE" ]
}
}
}

34
appdata-sandbox-app.json
View File

@ -151,11 +151,11 @@
"src-path" : "/data/service/el1/public/themes/<currentUserId>/b/app",
"sandbox-path" : "/data/themes/b/app"
}, {
"src-path" : "/data/service/el1/<currentUserId>/distributeddata/utd",
"src-path" : "/data/service/el1/<currentUserId>/utdtypes/utd",
"sandbox-path" : "/data/utd"
}, {
"src-path" : "/data/app/el1/bundle/public/<arkWebPackageName>",
"sandbox-path" : "/data/storage/el1/bundle/arkwebcore"
"sandbox-path" : "/mnt/nweb/tmp"
}, {
"src-path" : "/mnt/hmdfs/<currentUserId>",
"sandbox-path" : "/mnt/hmdfs/<currentUserId>"
@ -163,6 +163,10 @@
"src-path" : "/mnt/hmdfs/<currentUserId>/cloud/data/<PackageName>",
"sandbox-path" : "/data/storage/el2/cloud"
}],
"symbol-links" : [{
"target-name" : "/mnt/nweb/tmp",
"link-name" : "/data/storage/el1/bundle/arkwebcore"
}],
"mount-groups": ["el2", "el3", "el4"]
}
},
@ -242,7 +246,7 @@
"name": "ohos.permission.ACCESS_PROTOCOL_DFX_DATA",
"gids": ["log"],
"mount-paths": [{
"src-path": "/data/log/protocol",
"src-path": "/data/service/el1/public/chr/protocol",
"sandbox-path": "/data/log/protocol"
}, {
"src-path": "/log/chr",
@ -282,7 +286,7 @@
"sandbox-switch": "ON",
"gids": ["file_manager", "user_data_rw"],
"mount-paths": [{
"src-path": "/data/service/el2/public/file_monitor_service/content_share",
"src-path": "/data/service/el2/<currentUserId>/file_monitor_service/content_share",
"sandbox-path": "/storage/ContentShare"
}]
}, {
@ -328,6 +332,20 @@
"sandbox-switch": "ON",
"gids" : ["readproc"],
"mount-paths": []
}, {
"name": "ohos.permission.ACCESS_ANALYTICS",
"sandbox-switch": "ON",
"gids" : ["log"],
"mount-paths": [{
"src-path": "/data/log/faultlog/faultlogger",
"sandbox-path": "/data/log/faultlog/faultlogger"
}]
}, {
"name": "ohos.permission.RECEIVE_UPDATE_MESSAGE",
"mount-paths": [{
"src-path": "/data/service/el1/public/update/param_service/install/system/etc/<PackageName>",
"sandbox-path": "/data/service/el1/public/update/param_service/install/system/etc/<PackageName>"
}]
}],
"spawn-flag": [{
"name": "START_FLAGS_BACKUP",
@ -391,6 +409,14 @@
"src-path" : "/mnt/data/<currentUserId>",
"sandbox-path" : "/mnt/data/<currentUserId>"
}]
}, {
"name": "com.ohos.sceneboard",
"sandbox-switch": "ON",
"gids": ["data_reserve"],
"mount-paths" : [{
"src-path" : "/data/app/el1/bundle/public/",
"sandbox-path" : "/data/bundles/"
}]
}]
},
"name-groups": [{

61
appdata-sandbox-isolated-new.json Normal file
View File

@ -0,0 +1,61 @@
{
"global": {
"sandbox-root" : "/mnt/sandbox/<currentUserId>/app-root-isolated",
"sandbox-ns-flags" : [ "net" ]
},
"required": {
"system-const": {
"mount-paths": [{
"src-path" : "/dev",
"sandbox-path" : "/dev"
}, {
"src-path" : "/proc",
"sandbox-path" : "/proc"
}, {
"src-path" : "/sys",
"sandbox-path" : "/sys"
}, {
"src-path" : "/system/fonts",
"sandbox-path" : "/system/fonts"
}, {
"src-path" : "/system/etc",
"sandbox-path" : "/system/etc"
}, {
"src-path" : "/system/bin",
"sandbox-path" : "/system/bin"
}, {
"src-path" : "/system/lib",
"sandbox-path" : "/system/lib"
}, {
"src-path" : "/system/lib64",
"sandbox-path" : "/system/lib64"
}],
"symbol-links" : [{
"target-name" : "/system/etc",
"link-name" : "/etc",
"check-action-status": "false"
}, {
"target-name" : "/system/bin",
"link-name" : "/bin",
"check-action-status": "false"
}, {
"target-name" : "/system/lib",
"link-name" : "/lib",
"check-action-status": "false"
}, {
"target-name" : "/system/lib64",
"link-name" : "/lib64",
"check-action-status": "false"
}],
"mount-files": [],
"mount-groups" : []
},
"app-variable": {
"mount-paths": [{
"src-path" : "/data/app/el1/bundle/public/<PackageName>",
"sandbox-path" : "/data/storage/el1/bundle"
}],
"mount-groups": []
}
}
}

7
appdata-sandbox-nweb.json
View File

@ -24,8 +24,11 @@
"src-path" : "/system/bin",
"sandbox-path" : "/system/bin"
}, {
"src-path" : "/system/<lib>",
"sandbox-path" : "/system/<lib>"
"src-path" : "/system/lib",
"sandbox-path" : "/system/lib"
}, {
"src-path" : "/system/lib64",
"sandbox-path" : "/system/lib64"
}, {
"src-path" : "/data/app/el1/bundle/public/<arkWebPackageName>",
"sandbox-path" : "/data/storage/el1/bundle/arkwebcore"

26
appdata-sandbox.json
View File

@ -249,7 +249,7 @@
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/data/service/el1/<currentUserId>/distributeddata/utd",
"src-path" : "/data/service/el1/<currentUserId>/utdtypes/utd",
"sandbox-path" : "/data/utd",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
@ -790,7 +790,7 @@
"sandbox-switch": "ON",
"gids": [1007],
"mount-paths": [{
"src-path": "/data/log/protocol",
"src-path": "/data/service/el1/public/chr/protocol",
"sandbox-path": "/data/log/protocol",
"sandbox-flags": [ "bind", "rec" ]
},
@ -859,6 +859,16 @@
}
]
}],
"ohos.permission.RECEIVE_UPDATE_MESSAGE":[{
"sandbox-switch": "ON",
"mount-paths": [{
"src-path": "/data/service/el1/public/update/param_service/install/system/etc/<PackageName>",
"sandbox-path": "/data/service/el1/public/update/param_service/install/system/etc/<PackageName>",
"sandbox-flags": [ "bind", "rec" ],
"check-action-status": "false"
}
]
}],
"ohos.permission.READ_DFX_XPOWER":[{
"sandbox-switch": "ON",
"mount-paths": [{
@ -888,7 +898,7 @@
"sandbox-switch": "ON",
"gids": [1006, 1008],
"mount-paths": [{
"src-path": "/data/service/el2/public/file_monitor_service/content_share",
"src-path": "/data/service/el2/<currentUserId>/file_monitor_service/content_share",
"sandbox-path": "/storage/ContentShare",
"sandbox-flags": [ "bind", "rec" ]
}
@ -918,6 +928,16 @@
"sandbox-switch": "ON",
"gids": [3009],
"mount-paths": []
}],
"ohos.permission.ACCESS_ANALYTICS":[{
"sandbox-switch": "ON",
"gids": [1007],
"mount-paths": [{
"src-path": "/data/log/faultlog/faultlogger",
"sandbox-path": "/data/log/faultlog/faultlogger",
"sandbox-flags": [ "bind", "rec" ]
}
]
}]
}]
}

1
appspawn.cfg
View File

@ -34,6 +34,7 @@
"critical" : [1, 4, 240],
"uid" : "root",
"gid" : ["root"],
"setuid" : true,
"socket" : [{
"name" : "AppSpawn",
"family" : "AF_LOCAL",

9
appspawn.gni
View File

@ -30,4 +30,13 @@ declare_args() {
appspawn_use_encaps = false
enable_appspawn_dump_catcher = true
appspawn_unittest_coverage = false
appspawn_mount_tmpshm = false
appspawn_seccomp_privilege = false
}
if (!defined(global_parts_info) ||
defined(global_parts_info.security_dlp_permission_service)) {
dlp_permission_enable = true
} else {
dlp_permission_enable = false
}

7
bundle.json
View File

@ -22,7 +22,9 @@
"appspawn_support_nweb",
"appspawn_support_cj",
"appspawn_support_native",
"appspawn_use_encaps"
"appspawn_use_encaps",
"appspawn_mount_tmpshm",
"appspawn_seccomp_privilege"
],
"rom": "296KB",
"ram": "13125KB",
@ -65,7 +67,8 @@
"zlib",
"cJSON",
"json",
"faultloggerd"
"faultloggerd",
"dlp_permission_service"
],
"third_party": [
"bounds_checking_function",

71
common/appspawn_server.c
View File

@ -149,6 +149,46 @@ static int CloneAppSpawn(void *arg)
return 0;
}
#ifndef OHOS_LITE
static void NwebSpawnCloneChildProcess(AppSpawnContent *content, AppSpawnClient *client, pid_t *pid)
{
AppSpawnForkArg arg;
arg.client = client;
arg.content = content;
#ifndef APPSPAWN_TEST
AppSpawningCtx *property = (AppSpawningCtx *)client;
uint32_t len = 0;
char *processType = (char *)(GetAppSpawnMsgExtInfo(property->message, MSG_EXT_NAME_PROCESS_TYPE, &len));
APPSPAWN_CHECK(processType != NULL, return, "Invalid processType data");
if (strcmp(processType, "gpu") == 0) {
*pid = clone(CloneAppSpawn, NULL, CLONE_NEWNET | SIGCHLD, (void *)&arg);
} else {
*pid = clone(CloneAppSpawn, NULL, content->sandboxNsFlags | SIGCHLD, (void *)&arg);
}
#else
*pid = clone(CloneAppSpawn, NULL, content->sandboxNsFlags | SIGCHLD, (void *)&arg);
#endif
}
#endif
static void AppSpawnForkChildProcess(AppSpawnContent *content, AppSpawnClient *client, pid_t *pid)
{
struct timespec forkStart = {0};
clock_gettime(CLOCK_MONOTONIC, &forkStart);
StartAppspawnTrace("AppspawnForkStart");
*pid = fork();
if (*pid == 0) {
struct timespec forkEnd = {0};
clock_gettime(CLOCK_MONOTONIC, &forkEnd);
uint64_t diff = DiffTime(&forkStart, &forkEnd);
APPSPAWN_CHECK_ONLY_LOG(diff < MAX_FORK_TIME, "fork time %{public}" PRId64 " us", diff);
ProcessExit(AppSpawnChild(content, client));
} else {
FinishAppspawnTrace();
}
}
int AppSpawnProcessMsg(AppSpawnContent *content, AppSpawnClient *client, pid_t *childPid)
{
APPSPAWN_CHECK(content != NULL, return -1, "Invalid content for appspawn");
@ -159,41 +199,14 @@ int AppSpawnProcessMsg(AppSpawnContent *content, AppSpawnClient *client, pid_t *
pid_t pid = 0;
#ifndef OHOS_LITE
if (content->mode == MODE_FOR_NWEB_SPAWN) {
AppSpawnForkArg arg;
arg.client = client;
arg.content = content;
#ifndef APPSPAWN_TEST
AppSpawningCtx *property = (AppSpawningCtx *)client;
uint32_t len = 0;
char *processType = (char *)(GetAppSpawnMsgExtInfo(property->message, MSG_EXT_NAME_PROCESS_TYPE, &len));
if (strcmp(processType, "gpu") == 0) {
pid = clone(CloneAppSpawn, NULL, CLONE_NEWNET | SIGCHLD, (void *)&arg);
} else {
pid = clone(CloneAppSpawn, NULL, content->sandboxNsFlags | SIGCHLD, (void *)&arg);
}
#else
pid = clone(CloneAppSpawn, NULL, content->sandboxNsFlags | SIGCHLD, (void *)&arg);
#endif
NwebSpawnCloneChildProcess(content, client, &pid);
} else {
#else
{
#endif
struct timespec forkStart = {0};
clock_gettime(CLOCK_MONOTONIC, &forkStart);
StartAppspawnTrace("AppspawnForkStart");
pid = fork();
if (pid == 0) {
struct timespec forkEnd = {0};
clock_gettime(CLOCK_MONOTONIC, &forkEnd);
uint64_t diff = DiffTime(&forkStart, &forkEnd);
APPSPAWN_CHECK_ONLY_LOG(diff < MAX_FORK_TIME, "fork time %{public}" PRId64 " us", diff);
ProcessExit(AppSpawnChild(content, client));
} else {
FinishAppspawnTrace();
}
AppSpawnForkChildProcess(content, client, &pid);
}
APPSPAWN_CHECK(pid >= 0, return APPSPAWN_FORK_FAIL, "fork child process error: %{public}d", errno);
*childPid = pid;
return 0;
}

1
common/appspawn_server.h
View File

@ -68,7 +68,6 @@ typedef struct AppSpawnContent {
int32_t preforkFd[2];
int32_t parentToChildFd[2];
char *propertyBuffer;
int isPrefork;
pid_t reservedPid;
int enablePerfork;
#endif

8
etc/BUILD.gn
View File

@ -29,8 +29,8 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
module_install_dir = "etc/sandbox"
}
ohos_prebuilt_etc("appdata-sandbox-isolated.json") {
source = "../appdata-sandbox-isolated.json"
ohos_prebuilt_etc("appdata-sandbox-isolated-new.json") {
source = "../appdata-sandbox-isolated-new.json"
part_name = "${part_name}"
module_install_dir = "etc/sandbox"
}
@ -68,11 +68,13 @@ ohos_prebuilt_etc("appspawn_preload.json") {
group("etc_files") {
deps = [
":appdata-sandbox-isolated.json",
":appdata-sandbox.json",
":appspawn_preload.json",
]
if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
deps += [ ":appdata-sandbox-nweb.json" ]
deps += [ ":appdata-sandbox-isolated-new.json" ]
} else {
deps += [ ":appdata-sandbox-isolated.json" ]
}
}

21
interfaces/innerkits/client/appspawn_client.c
View File

@ -45,7 +45,7 @@ static uint32_t GetDefaultTimeout(uint32_t def)
int ret = GetParameter("persist.appspawn.reqMgr.timeout", "0", data, sizeof(data));
if (ret > 0 && strcmp(data, "0") != 0) {
errno = 0;
value = atoi(data);
value = (uint32_t)atoi(data);
return (errno != 0) ? def : value;
}
return value;
@ -131,7 +131,7 @@ APPSPAWN_STATIC int CreateClientSocket(uint32_t type, uint32_t timeout)
int pathLen = snprintf_s(addr.sun_path, pathSize, (pathSize - 1), "%s%s", APPSPAWN_SOCKET_DIR, socketName);
APPSPAWN_CHECK(pathLen > 0, break, "Format path %{public}s error: %{public}d", socketName, errno);
addr.sun_family = AF_LOCAL;
socklen_t socketAddrLen = offsetof(struct sockaddr_un, sun_path) + pathLen + 1;
socklen_t socketAddrLen = (socklen_t)(offsetof(struct sockaddr_un, sun_path) + (socklen_t)pathLen + 1);
ret = connect(socketFd, (struct sockaddr *)(&addr), socketAddrLen);
APPSPAWN_CHECK(ret == 0, break,
"Failed to connect %{public}s error: %{public}d", addr.sun_path, errno);
@ -142,6 +142,16 @@ APPSPAWN_STATIC int CreateClientSocket(uint32_t type, uint32_t timeout)
return -1;
}
APPSPAWN_STATIC int UpdateSocketTimeout(uint32_t timeout, int socketFd)
{
struct timeval timeoutVal = {timeout, 0};
int ret = setsockopt(socketFd, SOL_SOCKET, SO_SNDTIMEO, &timeoutVal, sizeof(timeoutVal));
APPSPAWN_CHECK(ret == 0, return ret, "Set opt SO_SNDTIMEO error: %{public}d", errno);
ret = setsockopt(socketFd, SOL_SOCKET, SO_RCVTIMEO, &timeoutVal, sizeof(timeoutVal));
APPSPAWN_CHECK(ret == 0, return ret, "Set opt SO_RCVTIMEO error: %{public}d", errno);
return ret;
}
static int ReadMessage(int socketFd, uint32_t sendMsgId, uint8_t *buf, int len, AppSpawnResult *result)
{
ssize_t rLen = TEMP_FAILURE_RETRY(read(socketFd, buf, len));
@ -245,6 +255,7 @@ APPSPAWN_STATIC void TryCreateSocket(AppSpawnReqMsgMgr *reqMgr)
static int ClientSendMsg(AppSpawnReqMsgMgr *reqMgr, AppSpawnReqMsgNode *reqNode, AppSpawnResult *result)
{
uint32_t retryCount = 1;
int isColdRun = reqNode->isAsan;
while (retryCount <= reqMgr->maxRetryCount) {
if (reqMgr->socketId < 0) { // try create socket
TryCreateSocket(reqMgr);
@ -254,6 +265,9 @@ static int ClientSendMsg(AppSpawnReqMsgMgr *reqMgr, AppSpawnReqMsgNode *reqNode,
continue;
}
}
if (isColdRun && reqMgr->timeout < ASAN_TIMEOUT) {
UpdateSocketTimeout(ASAN_TIMEOUT, reqMgr->socketId);
}
if (reqNode->msg->msgId == 0) {
reqNode->msg->msgId = reqMgr->msgNextId++;
@ -264,6 +278,9 @@ static int ClientSendMsg(AppSpawnReqMsgMgr *reqMgr, AppSpawnReqMsgNode *reqNode,
reqMgr->recvBlock.buffer, reqMgr->recvBlock.blockSize, result);
}
if (ret == 0) {
if (isColdRun && reqMgr->timeout < ASAN_TIMEOUT) {
UpdateSocketTimeout(reqMgr->timeout, reqMgr->socketId);
}
return 0;
}
// retry

3
interfaces/innerkits/client/appspawn_client.h
View File

@ -28,8 +28,10 @@ extern "C" {
#ifdef ASAN_DETECTOR
#define TIMEOUT_DEF 60
#define ASAN_TIMEOUT 60
#else
#define TIMEOUT_DEF 2
#define ASAN_TIMEOUT 5
#endif
#define RETRY_TIME (200 * 1000) // 200 * 1000 wait 200ms CONNECT_RETRY_DELAY = 200 * 1000
@ -73,6 +75,7 @@ typedef struct TagAppSpawnReqMsgNode {
uint32_t retryCount;
int fdCount;
int fds[APP_MAX_FD_COUNT];
int isAsan;
AppSpawnMsgFlags *msgFlags;
AppSpawnMsgFlags *permissionFlags;
AppSpawnMsg *msg;

19
interfaces/innerkits/client/appspawn_msg.c
View File

@ -232,7 +232,7 @@ static int AddAppData(AppSpawnReqMsgNode *reqNode,
static int SetFlagsTlv(AppSpawnReqMsgNode *reqNode,
AppSpawnMsgBlock *block, AppSpawnMsgFlags **msgFlags, int type, int maxCount)
{
uint32_t units = CalcFlagsUnits(maxCount);
uint32_t units = (uint32_t)CalcFlagsUnits(maxCount);
APPSPAWN_LOGV("SetFlagsTlv maxCount %{public}d type %{public}d units %{public}d", maxCount, type, units);
uint32_t flagsLen = sizeof(AppSpawnTlv) + sizeof(AppSpawnMsgFlags) + sizeof(uint32_t) * units;
APPSPAWN_CHECK((block->blockSize - block->currentIndex) > flagsLen,
@ -300,6 +300,7 @@ static AppSpawnReqMsgNode *CreateAppSpawnReqMsg(uint32_t msgType, const char *pr
reqNode->msgFlags = NULL;
reqNode->permissionFlags = NULL;
reqNode->fdCount = 0;
reqNode->isAsan = 0;
int ret = CreateBaseMsg(reqNode, msgType, processName);
APPSPAWN_CHECK(ret == 0, DeleteAppSpawnReqMsg(reqNode);
return NULL, "Failed to create base msg for %{public}s", processName);
@ -393,6 +394,15 @@ int AppSpawnReqMsgSetBundleInfo(AppSpawnReqMsgHandle reqHandle, uint32_t bundleI
return AddAppData(reqNode, TLV_BUNDLE_INFO, data, MAX_DATA_IN_TLV, "TLV_BUNDLE_INFO");
}
static int CheckEnabled(const char *param, const char *value)
{
char tmp[32] = {0}; // 32 max
int ret = GetParameter(param, "", tmp, sizeof(tmp));
APPSPAWN_LOGV("CheckEnabled key %{public}s ret %{public}d result: %{public}s", param, ret, tmp);
int enabled = (ret > 0 && strcmp(tmp, value) == 0);
return enabled;
}
int AppSpawnReqMsgSetAppFlag(AppSpawnReqMsgHandle reqHandle, AppFlagsIndex flagIndex)
{
AppSpawnReqMsgNode *reqNode = (AppSpawnReqMsgNode *)reqHandle;
@ -400,6 +410,13 @@ int AppSpawnReqMsgSetAppFlag(AppSpawnReqMsgHandle reqHandle, AppFlagsIndex flagI
APPSPAWN_CHECK(reqNode->msgFlags != NULL, return APPSPAWN_ARG_INVALID, "No msg flags tlv ");
APPSPAWN_CHECK(flagIndex < MAX_FLAGS_INDEX, return APPSPAWN_ARG_INVALID,
"Invalid msg app flags %{public}d", flagIndex);
if (!reqNode->isAsan &&
(flagIndex == APP_FLAGS_UBSAN_ENABLED || flagIndex == APP_FLAGS_ASANENABLED ||
flagIndex == APP_FLAGS_TSAN_ENABLED || flagIndex == APP_FLAGS_HWASAN_ENABLED ||
(flagIndex == APP_FLAGS_COLD_BOOT && CheckEnabled("startup.appspawn.cold.boot", "true")))) {
reqNode->isAsan = 1;
}
return SetAppSpawnMsgFlags(reqNode->msgFlags, flagIndex);
}

2
interfaces/innerkits/hnp/src/hnp_api.c
View File

@ -194,7 +194,7 @@ int NativeInstallHnp(const char *userId, const char *hnpRootPath, const HapInfo
argv[index++] = "-a";
argv[index++] = (char *)hapInfo->abi;
if (IS_OPTION_SET(installOptions, OPTION_INDEX_FORCE)) {
if (installOptions >= 0 && IS_OPTION_SET((unsigned int)installOptions, OPTION_INDEX_FORCE)) {
argv[index++] = "-f";
}

2
interfaces/innerkits/permission/appspawn_mount_permission.c
View File

@ -85,7 +85,7 @@ static int ParseAppSandboxConfig(const cJSON *appSandboxConfig, PermissionManage
APPSPAWN_CHECK(configs != NULL && cJSON_IsArray(configs), return 0, "No permission in json");
int ret = 0;
uint32_t configSize = cJSON_GetArraySize(configs);
uint32_t configSize = (uint32_t)cJSON_GetArraySize(configs);
for (uint32_t i = 0; i < configSize; i++) {
cJSON *json = cJSON_GetArrayItem(configs, i);
ret = ParsePermissionConfig(json, mgr);

3
modules/ace_adapter/ace_adapter.cpp
View File

@ -62,7 +62,7 @@ static void GetModules(const cJSON *root, std::set<std::string> &modules)
return;
}
uint32_t moduleCount = cJSON_GetArraySize(modulesJson);
uint32_t moduleCount = (uint32_t)cJSON_GetArraySize(modulesJson);
for (uint32_t i = 0; i < moduleCount; ++i) {
const char *moduleName = cJSON_GetStringValue(cJSON_GetArrayItem(modulesJson, i));
if (moduleName == nullptr) {
@ -240,6 +240,7 @@ APPSPAWN_STATIC int RunChildByRenderCmd(const AppSpawnMgr *content, const AppSpa
static int RunChildProcessor(AppSpawnContent *content, AppSpawnClient *client)
{
EnableCache();
APPSPAWN_CHECK(client != NULL && content != NULL, return -1, "Invalid client");
AppSpawningCtx *property = reinterpret_cast<AppSpawningCtx *>(client);
int ret = 0;

3
modules/common/BUILD.gn
View File

@ -56,6 +56,9 @@ ohos_shared_library("appspawn_common") {
}
if (build_seccomp) {
defines += [ "WITH_SECCOMP" ]
if (appspawn_seccomp_privilege) {
cflags += [ "-DSECCOMP_PRIVILEGE" ]
}
external_deps += [ "init:seccomp" ]
}

41
modules/common/appspawn_adapter.cpp
View File

@ -31,6 +31,12 @@
#ifdef WITH_SECCOMP
#include "seccomp_policy.h"
#include <sys/prctl.h>
#ifdef SECCOMP_PRIVILEGE
#include <dlfcn.h>
#define GET_ALL_PROCESSES "ohos.permission.GET_ALL_PROCESSES"
#define GET_PERMISSION_INDEX "GetPermissionIndex"
using GetPermissionFunc = int32_t (*)(void *, const char *);
#endif
#endif
#define MSG_EXT_NAME_PROCESS_TYPE "ProcessType"
#define NWEBSPAWN_SERVER_NAME "nwebspawn"
@ -45,8 +51,6 @@ int SetAppAccessToken(const AppSpawnMgr *content, const AppSpawningCtx *property
reinterpret_cast<AppSpawnMsgAccessToken *>(GetAppProperty(property, TLV_ACCESS_TOKEN_INFO));
APPSPAWN_CHECK(tokenInfo != NULL, return APPSPAWN_MSG_INVALID,
"No access token in msg %{public}s", GetProcessName(property));
APPSPAWN_LOGV("AppSpawnServer::set access token %{public}" PRId64 " %{public}d %{public}d",
tokenInfo->accessTokenIdEx, IsNWebSpawnMode(content), IsIsolatedNativeSpawnMode(content, property));
if (IsNWebSpawnMode(content) || IsIsolatedNativeSpawnMode(content, property)) {
TokenIdKit tokenIdKit;
@ -105,7 +109,7 @@ int SetSelinuxCon(const AppSpawnMgr *content, const AppSpawningCtx *property)
HapContext hapContext;
HapDomainInfo hapDomainInfo;
hapDomainInfo.apl = msgDomainInfo->apl;
hapDomainInfo.packageName = GetProcessName(property);
hapDomainInfo.packageName = GetBundleName(property);
hapDomainInfo.hapFlags = msgDomainInfo->hapFlags;
if (CheckAppMsgFlagsSet(property, APP_FLAGS_DEBUGGABLE)) {
hapDomainInfo.hapFlags |= SELINUX_HAP_DEBUGGABLE;
@ -137,6 +141,11 @@ int SetUidGidFilter(const AppSpawnMgr *content)
}
ret = SetSeccompPolicyWithName(INDIVIDUAL, NWEBSPAWN_NAME);
} else {
#ifdef SECCOMP_PRIVILEGE
if (IsDeveloperModeOpen()) {
return 0;
}
#endif
ret = SetSeccompPolicyWithName(INDIVIDUAL, APPSPAWN_NAME);
}
if (!ret) {
@ -151,6 +160,7 @@ int SetUidGidFilter(const AppSpawnMgr *content)
int SetSeccompFilter(const AppSpawnMgr *content, const AppSpawningCtx *property)
{
#ifdef WITH_SECCOMP
APPSPAWN_CHECK(property != nullptr, return 0, "property is NULL");
const char *appName = APP_NAME;
SeccompFilterType type = APP;
@ -163,6 +173,23 @@ int SetSeccompFilter(const AppSpawnMgr *content, const AppSpawningCtx *property)
}
}
#ifdef SECCOMP_PRIVILEGE
if (IsDeveloperModeOpen()) {
static GetPermissionFunc getPermissionFuncPtr = nullptr;
if (getPermissionFuncPtr == nullptr) {
getPermissionFuncPtr = reinterpret_cast<GetPermissionFunc>(dlsym(nullptr, GET_PERMISSION_INDEX));
if (getPermissionFuncPtr == nullptr) {
APPSPAWN_LOGE("Failed to dlsym get permission errno is %{public}d", errno);
return -EINVAL;
}
}
int32_t index = getPermissionFuncPtr(nullptr, GET_ALL_PROCESSES);
if (CheckAppPermissionFlagSet(property, static_cast<uint32_t>(index)) != 0) {
appName = APP_PRIVILEGE;
}
}
#endif
if (CheckAppSpawnMsgFlag(property->message, TLV_MSG_FLAGS, APP_FLAGS_ISOLATED_SANDBOX) != 0) {
appName = IMF_EXTENTOIN_NAME;
}
@ -195,12 +222,12 @@ void InitAppCommonEnv(const AppSpawningCtx *property)
if (appInfo == NULL) {
return;
}
const int userId = appInfo->uid / UID_BASE;
const uint32_t userId = appInfo->uid / UID_BASE;
char user[MAX_USERID_LEN] = {0};
int len = sprintf_s(user, MAX_USERID_LEN, "%d", userId);
APPSPAWN_CHECK(len > 0, return, "Failed to format userid: %{public}d", userId);
int len = sprintf_s(user, MAX_USERID_LEN, "%u", userId);
APPSPAWN_CHECK(len > 0, return, "Failed to format userid: %{public}u", userId);
int ret = setenv("USER", user, 1);
APPSPAWN_CHECK(ret == 0, return, "setenv failed, userid:%{public}d, errno: %{public}d", userId, errno);
APPSPAWN_CHECK(ret == 0, return, "setenv failed, userid:%{public}u, errno: %{public}d", userId, errno);
}
int32_t SetEnvInfo(const AppSpawnMgr *content, const AppSpawningCtx *property)

2
modules/common/appspawn_begetctl.c
View File

@ -43,7 +43,7 @@ APPSPAWN_STATIC void RunAppSandbox(const char *ptyName)
OpenConsole();
char *realPath = realpath(ptyName, NULL);
if (realPath == NULL) {
APPSPAWN_CHECK(errno == ENOENT,return,
APPSPAWN_CHECK(errno == ENOENT, return,
"Failed to resolve %{public}s real path err=%{public}d", ptyName, errno);
}
APPSPAWN_CHECK(realPath != NULL, _exit(1), "Failed get realpath, err=%{public}d", errno);

15
modules/common/appspawn_common.c
View File

@ -309,11 +309,12 @@ static int32_t CheckTraceStatus(void)
APPSPAWN_CHECK(fd >= 0, return errno, "Failed to open /proc/self/status error: %{public}d", errno);
char data[1024] = {0}; // 1024 is data length
ssize_t dataNum = read(fd, data, sizeof(data));
ssize_t dataNum = read(fd, data, sizeof(data) - 1);
(void)close(fd);
APPSPAWN_CHECK(dataNum > 0, return -1, "Failed to read file /proc/self/status error: %{public}d", errno);
const char *tracerPid = "TracerPid:\t";
data[dataNum] = '\0';
char *traceStr = strstr(data, tracerPid);
APPSPAWN_CHECK(traceStr != NULL, return -1, "Not found %{public}s", tracerPid);
@ -375,15 +376,9 @@ static int SpawnSetAppEnv(AppSpawnMgr *content, AppSpawningCtx *property)
return 0;
}
static int SpawnEnableCache(AppSpawnMgr *content, AppSpawningCtx *property)
static int SpawnSetIntPermission(AppSpawnMgr *content, AppSpawningCtx *property)
{
APPSPAWN_LOGV("Spawning: enable cache for app process");
// enable cache for app process
mallopt(M_OHOS_CONFIG, M_TCACHE_PERFORMANCE_MODE);
mallopt(M_OHOS_CONFIG, M_ENABLE_OPT_TCACHE);
mallopt(M_SET_THREAD_CACHE, M_THREAD_CACHE_ENABLE);
mallopt(M_DELAYED_FREE, M_DELAYED_FREE_ENABLE);
APPSPAWN_LOGV("Spawning: set Internet Permission for app process");
int ret = SetInternetPermission(property);
APPSPAWN_CHECK_ONLY_EXPER(ret == 0, return ret);
return ret;
@ -548,7 +543,7 @@ MODULE_CONSTRUCTOR(void)
AddAppSpawnHook(STAGE_PARENT_PRE_FORK, HOOK_PRIO_HIGHEST, SpawnGetSpawningFlag);
AddAppSpawnHook(STAGE_CHILD_PRE_COLDBOOT, HOOK_PRIO_HIGHEST, SpawnInitSpawningEnv);
AddAppSpawnHook(STAGE_CHILD_PRE_COLDBOOT, HOOK_PRIO_COMMON + 1, SpawnSetAppEnv);
AddAppSpawnHook(STAGE_CHILD_EXECUTE, HOOK_PRIO_HIGHEST, SpawnEnableCache);
AddAppSpawnHook(STAGE_CHILD_EXECUTE, HOOK_PRIO_HIGHEST, SpawnSetIntPermission);
AddAppSpawnHook(STAGE_CHILD_EXECUTE, HOOK_PRIO_PROPERTY, SpawnSetProperties);
AddAppSpawnHook(STAGE_CHILD_POST_RELY, HOOK_PRIO_HIGHEST, SpawnComplete);
AddAppSpawnHook(STAGE_PARENT_POST_FORK, HOOK_PRIO_HIGHEST, CloseFdArgs);

2
modules/common/appspawn_silk.c
View File

@ -46,7 +46,7 @@ static void ParseSilkConfig(const cJSON *root, struct SilkConfig *config)
return;
}
uint32_t configCount = cJSON_GetArraySize(silkJson);
uint32_t configCount = (uint32_t)cJSON_GetArraySize(silkJson);
APPSPAWN_CHECK(configCount <= SILK_JSON_MAX, configCount = SILK_JSON_MAX,
"config count %{public}u is larger than %{public}d", configCount, SILK_JSON_MAX);
config->configItems = (char **)malloc(configCount * sizeof(char *));

1
modules/module_engine/include/appspawn_hook.h
View File

@ -40,6 +40,7 @@ typedef struct TagAppSpawnedProcess AppSpawnedProcessInfo;
typedef enum {
EXT_DATA_SANDBOX,
EXT_DATA_NAMESPACE,
EXT_DATA_ISOLATED_SANDBOX,
} ExtDataType;
struct TagAppSpawnExtData;

6
modules/modulemgr/appspawn_modulemgr.c
View File

@ -60,7 +60,7 @@ int AppSpawnModuleMgrInstall(const char *moduleName)
void AppSpawnModuleMgrUnInstall(int type)
{
if (type >= MODULE_MAX) {
if ((type < 0) || (type >= MODULE_MAX)) {
return;
}
if (g_moduleMgr[type].moduleMgr == NULL) {
@ -72,7 +72,7 @@ void AppSpawnModuleMgrUnInstall(int type)
int AppSpawnLoadAutoRunModules(int type)
{
if (type >= MODULE_MAX) {
if ((type < 0) || (type >= MODULE_MAX)) {
return -1;
}
if (g_moduleMgr[type].moduleMgr != NULL) {
@ -204,7 +204,7 @@ int AppSpawnHookExecute(AppSpawnHookStage stage, uint32_t flags, AppSpawnContent
forkArg.client = client;
forkArg.content = content;
HOOK_EXEC_OPTIONS options;
options.flags = flags; // TRAVERSE_STOP_WHEN_ERROR : 0;
options.flags = (int)flags; // TRAVERSE_STOP_WHEN_ERROR : 0;
options.preHook = PreAppSpawnHookExec;
options.postHook = PostAppSpawnHookExec;
int ret = HookMgrExecute(GetAppSpawnHookMgr(), stage, (void *)(&forkArg), &options);

9
modules/nweb_adapter/BUILD.gn
View File

@ -20,11 +20,15 @@ ohos_shared_library("appspawn_nweb") {
".",
"${appspawn_path}/common",
"${appspawn_path}/standard",
"${appspawn_path}/util/include",
]
defines = []
cflags = []
deps = [ "${appspawn_path}/modules/module_engine:libappspawn_module_engine" ]
deps = [
"${appspawn_path}/modules/module_engine:libappspawn_module_engine",
"${appspawn_path}/util:libappspawn_util",
]
if (target_cpu == "arm64") {
defines += [ "webview_arm64" ]
}
@ -39,6 +43,9 @@ ohos_shared_library("appspawn_nweb") {
]
if (build_seccomp) {
cflags += [ "-DWITH_SECCOMP" ]
if (appspawn_seccomp_privilege) {
cflags += [ "-DSECCOMP_PRIVILEGE" ]
}
external_deps += [ "init:seccomp" ]
}
subsystem_name = "${subsystem_name}"

6
modules/nweb_adapter/nwebspawn_adapter.cpp
View File

@ -29,6 +29,7 @@
#include "appspawn_hook.h"
#include "appspawn_manager.h"
#include "appspawn_utils.h"
#ifdef WITH_SECCOMP
#include "seccomp_policy.h"
@ -94,12 +95,11 @@ APPSPAWN_STATIC std::string GetArkWebRenderLibName()
APPSPAWN_STATIC int RunChildProcessor(AppSpawnContent *content, AppSpawnClient *client)
{
EnableCache();
uint32_t len = 0;
char *renderCmd = reinterpret_cast<char *>(GetAppPropertyExt(
reinterpret_cast<AppSpawningCtx *>(client), MSG_EXT_NAME_RENDER_CMD, &len));
if (renderCmd == nullptr) {
return -1;
}
APPSPAWN_CHECK_ONLY_EXPER(renderCmd != nullptr, return -1);
std::string renderStr(renderCmd);
void *webEngineHandle = nullptr;
void *nwebRenderHandle = nullptr;

22
modules/sandbox/BUILD.gn
View File

@ -50,6 +50,12 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
defines += [ "WITH_SELINUX" ]
external_deps += [ "selinux_adapter:libhap_restorecon" ]
}
if (appspawn_mount_tmpshm) {
defines += [ "APPSPAWN_MOUNT_TMPSHM" ]
if (build_selinux) {
external_deps += [ "selinux_adapter:librestorecon" ]
}
}
subsystem_name = "${subsystem_name}"
part_name = "${part_name}"
@ -61,6 +67,11 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
} else {
module_install_dir = "lib/appspawn/common"
}
if (dlp_permission_enable) {
cflags_cc = [ "-DWITH_DLP" ]
external_deps += [ "dlp_permission_service:libdlp_fuse" ]
}
}
} else {
ohos_shared_library("appspawn_sandbox") {
@ -97,6 +108,12 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
defines += [ "WITH_SELINUX" ]
external_deps += [ "selinux_adapter:libhap_restorecon" ]
}
if (appspawn_mount_tmpshm) {
defines += [ "APPSPAWN_MOUNT_TMPSHM" ]
if (build_selinux) {
external_deps += [ "selinux_adapter:librestorecon" ]
}
}
subsystem_name = "${subsystem_name}"
part_name = "${part_name}"
@ -108,5 +125,10 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
} else {
module_install_dir = "lib/appspawn/common"
}
if (dlp_permission_enable) {
cflags_cc = [ "-DWITH_DLP" ]
external_deps += [ "dlp_permission_service:libdlp_fuse" ]
}
}
}

6
modules/sandbox/appspawn_permission.c
View File

@ -123,6 +123,9 @@ const SandboxPermissionNode *GetPermissionNodeInQueue(SandboxQueue *queue, const
return NULL;
}
ListNode *node = OH_ListFind(&queue->front, (void *)permission, PermissionNodeCompareName);
if (node == NULL) {
return NULL;
}
return (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node);
}
@ -132,6 +135,9 @@ const SandboxPermissionNode *GetPermissionNodeInQueueByIndex(SandboxQueue *queue
return NULL;
}
ListNode *node = OH_ListFind(&queue->front, (void *)&index, PermissionNodeCompareIndex);
if (node == NULL) {
return NULL;
}
return (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node);
}

2
modules/sandbox/appspawn_permission.h
View File

@ -32,7 +32,7 @@ extern "C" {
#endif
#define WEB_SANDBOX_FILE_NAME "/appdata-sandbox-nweb.json"
#define ISOLATED_SANDBOX_FILE_NAME "/appdata-sandbox-isolated.json"
#define ISOLATED_SANDBOX_FILE_NAME "/appdata-sandbox-isolated-new.json"
typedef struct TagSandboxQueue SandboxQueue;
typedef struct TagPermissionNode SandboxPermissionNode;

302
modules/sandbox/appspawn_sandbox.c
View File

@ -32,12 +32,22 @@
#include "appspawn_msg.h"
#include "appspawn_utils.h"
#ifdef WITH_DLP
#include "dlp_fuse_fd.h"
#endif
#include "init_utils.h"
#include "parameter.h"
#include "appspawn_permission.h"
#ifdef WITH_SELINUX
#ifdef APPSPAWN_MOUNT_TMPSHM
#include "policycoreutils.h"
#endif // APPSPAWN_MOUNT_TMPSHM
#endif // WITH_SELINUX
#define USER_ID_SIZE 16
#define DIR_MODE 0711
#define DEV_SHM_DIR "/dev/shm/"
static inline void SetMountPathOperation(uint32_t *operation, uint32_t index)
{
@ -129,7 +139,7 @@ static int BuildRootPath(char *buffer, uint32_t bufferLen, const AppSpawnSandbox
} else {
len = sprintf_s(buffer + currLen, bufferLen - currLen, "%d", uid);
}
APPSPAWN_CHECK(len > 0 && (uint32_t)(len < (bufferLen - currLen)), return ret,
APPSPAWN_CHECK(len > 0 && ((uint32_t)len < (bufferLen - currLen)), return ret,
"Failed to format root path %{public}s", sandbox->rootPath);
currLen += (uint32_t)len;
}
@ -198,7 +208,7 @@ static int InitSandboxContext(SandboxContext *context,
context->message = property->message;
context->sandboxNsFlags = CLONE_NEWNS;
if (CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_SANDBOX) ||
if ((CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_SANDBOX) && !IsDeveloperModeOpen()) ||
CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_NETWORK)) {
context->sandboxNsFlags |= sandbox->sandboxNsFlags & CLONE_NEWNET ? CLONE_NEWNET : 0;
}
@ -315,10 +325,10 @@ static int32_t SandboxMountFusePath(const SandboxContext *context, const MountAr
close(fd);
return -1;
}
/* close DLP_FUSE_FD and dup FD to it */
close(DLP_FUSE_FD);
ret = dup2(fd, DLP_FUSE_FD);
APPSPAWN_CHECK_ONLY_LOG(ret != -1, "dup fuse fd %{public}d failed, errno: %{public}d", fd, errno);
/* set DLP_FUSE_FD */
#ifdef WITH_DLP
SetDlpFuseFd(fd);
#endif
return 0;
}
@ -381,7 +391,6 @@ APPSPAWN_STATIC const char *GetRealSrcPath(const SandboxContext *context, const
// 设置挂载参数options
static int32_t SetMountArgsOption(const SandboxContext *context, uint32_t category, uint32_t operation, MountArg *args)
{
args->options = "";
if ((category != MOUNT_TMP_DAC_OVERRIDE) && (category != MOUNT_TMP_DAC_OVERRIDE_DELETE)) {
return 0;
}
@ -483,7 +492,12 @@ static int DoSandboxPathSymLink(const SandboxContext *context,
const char *target = GetSandboxRealVar(context, BUFFER_FOR_SOURCE, sandboxNode->target, NULL, NULL);
const char *linkName = GetSandboxRealVar(context, BUFFER_FOR_TARGET,
sandboxNode->linkName, context->rootPath, NULL);
APPSPAWN_LOGV("symlink, from %{public}s to %{public}s", target, linkName);
APPSPAWN_LOGV("symlink from %{public}s to %{public}s", target, linkName);
if (access(linkName, F_OK) == 0) {
if (rmdir(linkName) != 0) {
APPSPAWN_LOGW("linkName %{public}s already exist and rmdir failed, errno %{public}d", linkName, errno);
}
}
int ret = symlink(target, linkName);
if (ret && errno != EEXIST) {
if (sandboxNode->checkErrorFlag) {
@ -525,7 +539,7 @@ static int DoSandboxNodeMount(const SandboxContext *context, const SandboxSectio
return 0;
}
static bool IsUnlockStatus(uint32_t uid)
static bool IsUnlockStatus(uint32_t uid, const char *bundleName, size_t bundleNameLen)
{
const int userIdBase = UID_BASE;
uid = uid / userIdBase;
@ -534,11 +548,11 @@ static bool IsUnlockStatus(uint32_t uid)
}
const char rootPath[] = "/data/app/el2/";
const char basePath[] = "/base";
size_t allPathSize = strlen(rootPath) + strlen(basePath) + 1 + USER_ID_SIZE;
const char basePath[] = "/base/";
size_t allPathSize = strlen(rootPath) + strlen(basePath) + 1 + USER_ID_SIZE + bundleNameLen;
char *path = (char *)malloc(sizeof(char) * allPathSize);
APPSPAWN_CHECK(path != NULL, return true, "Failed to malloc path");
int len = sprintf_s(path, allPathSize, "%s%u%s", rootPath, uid, basePath);
int len = sprintf_s(path, allPathSize, "%s%u%s%s", rootPath, uid, basePath, bundleName);
APPSPAWN_CHECK(len > 0 && ((size_t)len < allPathSize), free(path); return true, "Failed to get base path");
if (access(path, F_OK) == 0) {
@ -598,8 +612,17 @@ static const MountSharedTemplate MOUNT_SHARED_MAP[] = {
static void MountDirToShared(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
{
const char rootPath[] = "/mnt/sandbox/";
const char nwebPath[] = "/mnt/nweb";
const char nwebTmpPath[] = "/mnt/nweb/tmp";
const char appRootName[] = "app-root";
AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSpawningMsgInfo(context, TLV_DAC_INFO);
if (info == NULL || IsUnlockStatus(info->uid)) {
if (info == NULL || context->bundleName == NULL) {
return;
}
MountDir(info, appRootName, rootPath, nwebPath);
MountDir(info, appRootName, rootPath, nwebTmpPath);
if (IsUnlockStatus(info->uid, context->bundleName, strlen(context->bundleName))) {
return;
}
@ -615,6 +638,21 @@ static void MountDirToShared(const SandboxContext *context, AppSpawnSandboxCfg *
}
}
}
char lockSbxPathStamp[MAX_SANDBOX_BUFFER] = { 0 };
int ret = 0;
if (CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_SANDBOX_TYPE) != 0) {
ret = snprintf_s(lockSbxPathStamp, MAX_SANDBOX_BUFFER, MAX_SANDBOX_BUFFER - 1, "%s%d/isolated/%s_locked",
rootPath, info->uid / UID_BASE, context->bundleName);
} else {
ret = snprintf_s(lockSbxPathStamp, MAX_SANDBOX_BUFFER, MAX_SANDBOX_BUFFER - 1, "%s%d/%s_locked",
rootPath, info->uid / UID_BASE, context->bundleName);
}
if (ret <= 0) {
APPSPAWN_LOGE("snprintf_s lock sandbox path stamp failed");
return;
}
CreateSandboxDir(lockSbxPathStamp, FILE_MODE);
}
static int UpdateMountPathDepsPath(const SandboxContext *context, SandboxNameGroupNode *groupNode)
@ -691,6 +729,9 @@ static int MountSandboxConfig(const SandboxContext *context,
continue;
}
SandboxNameGroupNode *groupNode = (SandboxNameGroupNode *)section->nameGroups[i];
if (groupNode->depMounted != 1) {
SetMountPathOperation(&operation, MOUNT_PATH_OP_REPLACE_BY_SANDBOX);
}
SetMountPathOperation(&operation, SANDBOX_TAG_NAME_GROUP);
ret = DoSandboxNodeMount(context, &groupNode->section, operation);
APPSPAWN_CHECK(ret == 0, return ret,
@ -1014,51 +1055,189 @@ int StagedMountSystemConst(AppSpawnSandboxCfg *sandbox, const AppSpawningCtx *pr
return ret;
}
static int MountDepGroups(const SandboxContext *context, SandboxNameGroupNode *groupNode)
{
/**
* unshare前处理mount-paths-deps
* 1.mount-paths-deps节点;
* 2.json文件中路径的变量值;
* 3.deps-mode的值是否是not-exists
* not-exist则判断mount-paths.src-path是否存在mount-paths-deps中的目录
* mount-paths-deps中的目录
* always则创建并挂载mount-paths-deps中的目录;
* deps-mode默认值为always;
*
*/
int ret = 0;
if (groupNode == NULL || groupNode->depNode == NULL) {
return 0;
}
ret = UpdateMountPathDepsPath(context, groupNode);
APPSPAWN_CHECK(ret == 0, return ret, "Failed to updata deps path name groups %{public}s", groupNode->section.name);
if (groupNode->depMode == MOUNT_MODE_NOT_EXIST && CheckAndCreateDepPath(context, groupNode)) {
return 0;
}
uint32_t operation = 0;
SetMountPathOperation(&operation, MOUNT_PATH_OP_UNMOUNT);
groupNode->depMounted = 1;
ret = DoSandboxPathNodeMount(context, &groupNode->section, groupNode->depNode, operation);
if (ret != 0) {
APPSPAWN_LOGE("Mount deps root fail %{public}s", groupNode->section.name);
}
return ret;
}
static int SetSystemConstDepGroups(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
{
SandboxSection *section = GetSandboxSection(&sandbox->requiredQueue, "system-const");
if (section == NULL || section->nameGroups == NULL) {
return 0;
}
int ret = 0;
for (uint32_t i = 0; i < section->number; i++) {
if (section->nameGroups[i] == NULL) {
continue;
}
SandboxNameGroupNode *groupNode = (SandboxNameGroupNode *)section->nameGroups[i];
ret = MountDepGroups(context, groupNode);
APPSPAWN_CHECK(ret == 0, return ret, "Failed to mount deps groups");
}
return ret;
}
static int SetAppVariableDepGroups(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
{
SandboxSection *section = GetSandboxSection(&sandbox->requiredQueue, "app-variable");
if (section == NULL || section->nameGroups == NULL) {
return 0;
}
int ret = 0;
for (uint32_t i = 0; i < section->number; i++) {
if (section->nameGroups[i] == NULL) {
continue;
}
SandboxNameGroupNode *groupNode = (SandboxNameGroupNode *)section->nameGroups[i];
ret = MountDepGroups(context, groupNode);
APPSPAWN_CHECK(ret == 0, return ret, "Failed to mount deps groups");
}
return ret;
}
static int SetSpawnFlagsDepGroups(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
{
ListNode *node = sandbox->spawnFlagsQueue.front.next;
int ret = 0;
while (node != &sandbox->spawnFlagsQueue.front) {
SandboxFlagsNode *sandboxNode = (SandboxFlagsNode *)ListEntry(node, SandboxMountNode, node);
// match flags point
if (sandboxNode->flagIndex == 0 || !CheckSpawningMsgFlagSet(context, sandboxNode->flagIndex)) {
node = node->next;
continue;
}
if (sandboxNode->section.nameGroups == NULL) {
node = node->next;
continue;
}
for (uint32_t i = 0; i < sandboxNode->section.number; i++) {
if (sandboxNode->section.nameGroups[i] == NULL) {
continue;
}
SandboxNameGroupNode *groupNode = (SandboxNameGroupNode *)sandboxNode->section.nameGroups[i];
ret = MountDepGroups(context, groupNode);
APPSPAWN_CHECK(ret == 0, return ret, "Failed to mount deps groups");
}
node = node->next;
}
return ret;
}
static int SetPackageNameDepGroups(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
{
SandboxPackageNameNode *sandboxNode =
(SandboxPackageNameNode *)GetSandboxSection(&sandbox->packageNameQueue, context->bundleName);
if (sandboxNode == NULL || sandboxNode->section.nameGroups == NULL) {
return 0;
}
int ret = 0;
for (uint32_t i = 0; i < sandboxNode->section.number; i++) {
if (sandboxNode->section.nameGroups[i] == NULL) {
continue;
}
SandboxNameGroupNode *groupNode = (SandboxNameGroupNode *)sandboxNode->section.nameGroups[i];
ret = MountDepGroups(context, groupNode);
APPSPAWN_CHECK(ret == 0, return ret, "Failed to mount deps groups");
}
return ret;
}
static int SetPermissionDepGroups(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
{
ListNode *node = sandbox->permissionQueue.front.next;
int ret = 0;
while (node != &sandbox->permissionQueue.front) {
SandboxPermissionNode *permissionNode = (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node);
// match flags point
if (!CheckSpawningPermissionFlagSet(context, permissionNode->permissionIndex)) {
node = node->next;
continue;
}
if (permissionNode->section.nameGroups == NULL) {
node = node->next;
continue;
}
for (uint32_t i = 0; i < permissionNode->section.number; i++) {
if (permissionNode->section.nameGroups[i] == NULL) {
continue;
}
SandboxNameGroupNode *groupNode = (SandboxNameGroupNode *)permissionNode->section.nameGroups[i];
ret = MountDepGroups(context, groupNode);
APPSPAWN_CHECK(ret == 0, return ret, "Failed to mount deps groups");
}
node = node->next;
}
return ret;
}
// The execution of the preunshare phase depends on the mounted mount point
static int StagedDepGroupMounts(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
{
int ret = SetSystemConstDepGroups(context, sandbox);
APPSPAWN_CHECK(ret == 0, return ret, "Failed to set system const deps groups");
ret = SetAppVariableDepGroups(context, sandbox);
APPSPAWN_CHECK(ret == 0, return ret, "Failed to set app variable deps groups");
ret = SetSpawnFlagsDepGroups(context, sandbox);
APPSPAWN_CHECK(ret == 0, return ret, "Failed to set spawn flags deps groups");
ret = SetPackageNameDepGroups(context, sandbox);
APPSPAWN_CHECK(ret == 0, return ret, "Failed to set package name deps groups");
ret = SetPermissionDepGroups(context, sandbox);
APPSPAWN_CHECK(ret == 0, return ret, "Failed to set permission deps groups");
return ret;
}
int StagedMountPreUnShare(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
{
APPSPAWN_CHECK(sandbox != NULL && context != NULL, return -1, "Invalid sandbox or context");
APPSPAWN_LOGV("Set sandbox config before unshare group count %{public}d", sandbox->depNodeCount);
MountDirToShared(context, sandbox);
/**
* unshare前处理mount-paths-deps
* root-dir global.sandbox-root
* src-dir "/mnt/sandbox/app-common/<currentUserId>"
* mount-paths-deps,mount-paths-deps
* src = mount-paths-deps.src-path
* dst = root-dir + mount-paths-deps.sandbox-path
* no-exist,mount-paths src()
mount-paths-deps.src-path .shared方式挂载mount-paths-deps
* always,shared方式挂载mount-paths-deps
* always
*
*/
int ret = 0;
for (uint32_t i = 0; i < sandbox->depNodeCount; i++) {
SandboxNameGroupNode *groupNode = sandbox->depGroupNodes[i];
if (groupNode == NULL || groupNode->depNode == NULL) {
continue;
}
APPSPAWN_LOGV("Set sandbox deps config %{public}s ", groupNode->section.name);
// change source and target to real path
ret = UpdateMountPathDepsPath(context, groupNode);
APPSPAWN_CHECK(ret == 0, return ret,
"Failed to update deps path name group %{public}s", groupNode->section.name);
int ret = StagedDepGroupMounts(context, sandbox);
if (groupNode->depMode == MOUNT_MODE_NOT_EXIST && CheckAndCreateDepPath(context, groupNode)) {
continue;
}
uint32_t operation = 0;
SetMountPathOperation(&operation, MOUNT_PATH_OP_UNMOUNT);
groupNode->depMounted = 1;
ret = DoSandboxPathNodeMount(context, &groupNode->section, groupNode->depNode, operation);
if (ret != 0) {
APPSPAWN_LOGE("Mount deps root fail %{public}s", groupNode->section.name);
return ret;
}
}
return 0;
return ret;
}
static int SetAppVariableConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox)
@ -1113,6 +1292,21 @@ int StagedMountPostUnshare(const SandboxContext *context, const AppSpawnSandboxC
return ret;
}
#ifdef APPSPAWN_MOUNT_TMPSHM
static void MountDevShmPath(SandboxContext *context)
{
char sandboxDevShmPath[PATH_MAX] = {};
int ret = strcpy_s(sandboxDevShmPath, sizeof(sandboxDevShmPath), context->rootPath);
APPSPAWN_CHECK(ret == 0, return, "Failed to strcpy rootPath");
ret = strcat_s(sandboxDevShmPath, sizeof(sandboxDevShmPath), DEV_SHM_DIR);
APPSPAWN_CHECK(ret == 0, return, "Failed to format devShmPath");
int result = mount("tmpfs", sandboxDevShmPath, "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV, "size=32M");
if (result != 0) {
APPSPAWN_LOGW("Error mounting %{public}s to tmpfs, errno %{public}d", sandboxDevShmPath, errno);
}
}
#endif
int MountSandboxConfigs(AppSpawnSandboxCfg *sandbox, const AppSpawningCtx *property, int nwebspawn)
{
APPSPAWN_CHECK_ONLY_EXPER(property != NULL, return -1);
@ -1150,8 +1344,14 @@ int MountSandboxConfigs(AppSpawnSandboxCfg *sandbox, const AppSpawningCtx *prope
ret = SetBundleResourceSandboxConfig(context, sandbox);
APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break);
#ifdef APPSPAWN_MOUNT_TMPSHM
MountDevShmPath(context);
#endif
ret = ChangeCurrentDir(context);
APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break);
#if defined(APPSPAWN_MOUNT_TMPSHM) && defined(WITH_SELINUX)
Restorecon(DEV_SHM_DIR);
#endif
APPSPAWN_LOGV("Change root dir success %{public}s ", context->rootPath);
} while (0);
DeleteSandboxContext(context);

5
modules/sandbox/appspawn_sandbox.h
View File

@ -46,7 +46,6 @@ extern "C" {
#define FILE_MODE 0711
#define MAX_SANDBOX_BUFFER 256
#define OPTIONS_MAX_LEN 256
#define DLP_FUSE_FD 1000
#define APP_FLAGS_SECTION 0x80000000
#define BASIC_MOUNT_FLAGS (MS_REC | MS_BIND)
#define INVALID_UID ((uint32_t)-1)
@ -230,8 +229,8 @@ typedef struct {
*
* @return AppSpawnSandboxCfg*
*/
AppSpawnSandboxCfg *CreateAppSpawnSandbox(void);
AppSpawnSandboxCfg *GetAppSpawnSandbox(const AppSpawnMgr *content);
AppSpawnSandboxCfg *CreateAppSpawnSandbox(ExtDataType type);
AppSpawnSandboxCfg *GetAppSpawnSandbox(const AppSpawnMgr *content, ExtDataType type);
void DeleteAppSpawnSandbox(AppSpawnSandboxCfg *sandbox);
int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, RunMode mode);
void DumpAppSpawnSandboxCfg(AppSpawnSandboxCfg *sandbox);

2
modules/sandbox/sandbox_cfgvar.c
View File

@ -60,8 +60,6 @@ static int VarCurrentUseIdReplace(const SandboxContext *context,
int len = 0;
if (extraData == NULL || !CHECK_FLAGS_BY_INDEX(extraData->operation, SANDBOX_TAG_PERMISSION)) {
len = sprintf_s((char *)buffer, bufferLen, "%u", info->uid / UID_BASE);
} else if (context->appFullMountEnable && strlen(info->userName) > 0) {
len = sprintf_s((char *)buffer, bufferLen, "%s", "currentUser");
} else {
len = sprintf_s((char *)buffer, bufferLen, "%s", "currentUser");
}

1
modules/sandbox/sandbox_load.c
View File

@ -534,6 +534,7 @@ static SandboxNameGroupNode *ParseNameGroup(AppSpawnSandboxCfg *sandbox, const c
// "type": "system-const",
// "caps": ["shared"],
node->destType = GetNameGroupTypeFromConfig(groupConfig, "type", SANDBOX_TAG_INVALID);
node->depMounted = 0;
// success, insert section
AddSandboxSection(&node->section, &sandbox->nameGroupsQueue);
return node;

103
modules/sandbox/sandbox_manager.c
View File

@ -349,10 +349,10 @@ static int AppSpawnExtDataCompareDataId(ListNode *node, void *data)
return extData->dataId - *(uint32_t *)data;
}
AppSpawnSandboxCfg *GetAppSpawnSandbox(const AppSpawnMgr *content)
AppSpawnSandboxCfg *GetAppSpawnSandbox(const AppSpawnMgr *content, ExtDataType type)
{
APPSPAWN_CHECK_ONLY_EXPER(content != NULL, return NULL);
uint32_t dataId = EXT_DATA_SANDBOX;
uint32_t dataId = type;
ListNode *node = OH_ListFind(&content->extData, (void *)&dataId, AppSpawnExtDataCompareDataId);
if (node == NULL) {
return NULL;
@ -433,7 +433,7 @@ static void FreeAppSpawnSandbox(struct TagAppSpawnExtData *data)
DeleteAppSpawnSandbox(sandbox);
}
AppSpawnSandboxCfg *CreateAppSpawnSandbox(void)
AppSpawnSandboxCfg *CreateAppSpawnSandbox(ExtDataType type)
{
// create sandbox
AppSpawnSandboxCfg *sandbox = (AppSpawnSandboxCfg *)calloc(1, sizeof(AppSpawnSandboxCfg));
@ -441,7 +441,7 @@ AppSpawnSandboxCfg *CreateAppSpawnSandbox(void)
// ext data init
OH_ListInit(&sandbox->extData.node);
sandbox->extData.dataId = EXT_DATA_SANDBOX;
sandbox->extData.dataId = type;
sandbox->extData.freeNode = FreeAppSpawnSandbox;
sandbox->extData.dumpNode = DumpSandbox;
@ -482,17 +482,41 @@ void DumpAppSpawnSandboxCfg(AppSpawnSandboxCfg *sandbox)
DumpSandboxQueue(&sandbox->nameGroupsQueue.front, DumpSandboxNameGroupNode);
}
APPSPAWN_STATIC int PreLoadSandboxCfg(AppSpawnMgr *content)
APPSPAWN_STATIC int PreLoadIsoLatedSandboxCfg(AppSpawnMgr *content)
{
AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content);
APPSPAWN_CHECK(sandbox == NULL, return 0, "Sandbox has been load");
if (IsNWebSpawnMode(content)) {
return 0;
}
sandbox = CreateAppSpawnSandbox();
AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, EXT_DATA_ISOLATED_SANDBOX);
APPSPAWN_CHECK(sandbox == NULL, return 0, "Isolated sandbox has been load");
sandbox = CreateAppSpawnSandbox(EXT_DATA_ISOLATED_SANDBOX);
APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return APPSPAWN_SYSTEM_ERROR);
OH_ListAddTail(&content->extData, &sandbox->extData.node);
// load app sandbox config
LoadAppSandboxConfig(sandbox, IsNWebSpawnMode(content));
LoadAppSandboxConfig(sandbox, MODE_FOR_NATIVE_SPAWN);
sandbox->maxPermissionIndex = PermissionRenumber(&sandbox->permissionQueue);
content->content.sandboxNsFlags = 0;
if (sandbox->pidNamespaceSupport) {
content->content.sandboxNsFlags = sandbox->sandboxNsFlags;
}
return 0;
}
APPSPAWN_STATIC int PreLoadSandboxCfg(AppSpawnMgr *content)
{
AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, EXT_DATA_SANDBOX);
APPSPAWN_CHECK(sandbox == NULL, return 0, "Sandbox has been load");
sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX);
APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return APPSPAWN_SYSTEM_ERROR);
OH_ListAddTail(&content->extData, &sandbox->extData.node);
// load app sandbox config
LoadAppSandboxConfig(sandbox, content->content.mode);
sandbox->maxPermissionIndex = PermissionRenumber(&sandbox->permissionQueue);
content->content.sandboxNsFlags = 0;
@ -502,9 +526,17 @@ APPSPAWN_STATIC int PreLoadSandboxCfg(AppSpawnMgr *content)
return 0;
}
APPSPAWN_STATIC int IsolatedSandboxHandleServerExit(AppSpawnMgr *content)
{
AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, EXT_DATA_ISOLATED_SANDBOX);
APPSPAWN_CHECK(sandbox != NULL, return 0, "Isolated sandbox not load");
return 0;
}
APPSPAWN_STATIC int SandboxHandleServerExit(AppSpawnMgr *content)
{
AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content);
AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, EXT_DATA_SANDBOX);
APPSPAWN_CHECK(sandbox != NULL, return 0, "Sandbox not load");
return 0;
@ -512,7 +544,9 @@ APPSPAWN_STATIC int SandboxHandleServerExit(AppSpawnMgr *content)
int SpawnBuildSandboxEnv(AppSpawnMgr *content, AppSpawningCtx *property)
{
AppSpawnSandboxCfg *appSandbox = GetAppSpawnSandbox(content);
ExtDataType type = CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? EXT_DATA_ISOLATED_SANDBOX :
EXT_DATA_SANDBOX;
AppSpawnSandboxCfg *appSandbox = GetAppSpawnSandbox(content, type);
APPSPAWN_CHECK(appSandbox != NULL, return -1, "Failed to get sandbox for %{public}s", GetProcessName(property));
// no sandbox
if (CheckAppMsgFlagsSet(property, APP_FLAGS_NO_SANDBOX)) {
@ -577,12 +611,46 @@ static int AppendPermissionGid(const AppSpawnSandboxCfg *sandbox, AppSpawningCtx
return 0;
}
static int AppendPackageNameGids(const AppSpawnSandboxCfg *sandbox, AppSpawningCtx *property)
{
AppSpawnMsgDacInfo *dacInfo = (AppSpawnMsgDacInfo *)GetAppProperty(property, TLV_DAC_INFO);
APPSPAWN_CHECK(dacInfo != NULL, return APPSPAWN_TLV_NONE,
"No tlv %{public}d in msg %{public}s", TLV_DAC_INFO, GetProcessName(property));
SandboxPackageNameNode *sandboxNode =
(SandboxPackageNameNode *)GetSandboxSection(&sandbox->packageNameQueue, GetProcessName(property));
if (sandboxNode == NULL || sandboxNode->section.gidCount == 0) {
return 0;
}
size_t copyLen = sandboxNode->section.gidCount;
if ((sandboxNode->section.gidCount + dacInfo->gidCount) > APP_MAX_GIDS) {
APPSPAWN_LOGW("More gid for %{public}s msg count %{public}u permission %{public}u",
GetProcessName(property),
dacInfo->gidCount,
sandboxNode->section.gidCount);
copyLen = APP_MAX_GIDS - dacInfo->gidCount;
}
int ret = memcpy_s(&dacInfo->gidTable[dacInfo->gidCount], sizeof(gid_t) * copyLen,
sandboxNode->section.gidTable, sizeof(gid_t) * copyLen);
if (ret != EOK) {
APPSPAWN_LOGW("Failed to append permission %{public}s gid to %{public}s",
sandboxNode->section.name,
GetProcessName(property));
}
dacInfo->gidCount += copyLen;
return 0;
}
int SpawnPrepareSandboxCfg(AppSpawnMgr *content, AppSpawningCtx *property)
{
APPSPAWN_CHECK_ONLY_EXPER(content != NULL, return -1);
APPSPAWN_CHECK_ONLY_EXPER(property != NULL, return -1);
APPSPAWN_LOGV("Prepare sandbox config %{public}s", GetProcessName(property));
AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content);
ExtDataType type = CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? EXT_DATA_ISOLATED_SANDBOX :
EXT_DATA_SANDBOX;
AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, type);
APPSPAWN_CHECK(sandbox != NULL, return -1, "Failed to get sandbox for %{public}s", GetProcessName(property));
int32_t index = 0;
@ -601,6 +669,8 @@ int SpawnPrepareSandboxCfg(AppSpawnMgr *content, AppSpawningCtx *property)
int ret = AppendPermissionGid(sandbox, property);
APPSPAWN_CHECK(ret == 0, return ret, "Failed to add gid for %{public}s", GetProcessName(property));
ret = AppendPackageNameGids(sandbox, property);
APPSPAWN_CHECK(ret == 0, return ret, "Failed to add gid for %{public}s", GetProcessName(property));
ret = StagedMountSystemConst(sandbox, property, IsNWebSpawnMode(content));
APPSPAWN_CHECK(ret == 0, return ret, "Failed to mount system-const for %{public}s", GetProcessName(property));
return 0;
@ -610,8 +680,13 @@ APPSPAWN_STATIC int SandboxUnmountPath(const AppSpawnMgr *content, const AppSpaw
{
APPSPAWN_CHECK_ONLY_EXPER(content != NULL, return -1);
APPSPAWN_CHECK_ONLY_EXPER(appInfo != NULL, return -1);
AppSpawnSandboxCfg *sandbox = NULL;
APPSPAWN_LOGV("Sandbox process %{public}s %{public}u exit", appInfo->name, appInfo->uid);
AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content);
if (content->content.mode == MODE_FOR_NATIVE_SPAWN) {
sandbox = GetAppSpawnSandbox(content, EXT_DATA_ISOLATED_SANDBOX);
} else {
sandbox = GetAppSpawnSandbox(content, EXT_DATA_SANDBOX);
}
return UnmountDepPaths(sandbox, appInfo->uid);
}
@ -620,7 +695,9 @@ MODULE_CONSTRUCTOR(void)
{
APPSPAWN_LOGV("Load sandbox module ...");
(void)AddServerStageHook(STAGE_SERVER_PRELOAD, HOOK_PRIO_SANDBOX, PreLoadSandboxCfg);
(void)AddServerStageHook(STAGE_SERVER_PRELOAD, HOOK_PRIO_SANDBOX, PreLoadIsoLatedSandboxCfg);
(void)AddServerStageHook(STAGE_SERVER_EXIT, HOOK_PRIO_SANDBOX, SandboxHandleServerExit);
(void)AddServerStageHook(STAGE_SERVER_EXIT, HOOK_PRIO_SANDBOX, IsolatedSandboxHandleServerExit);
(void)AddAppSpawnHook(STAGE_PARENT_PRE_FORK, HOOK_PRIO_SANDBOX, SpawnPrepareSandboxCfg);
(void)AddAppSpawnHook(STAGE_CHILD_EXECUTE, HOOK_PRIO_SANDBOX, SpawnBuildSandboxEnv);
(void)AddProcessMgrHook(STAGE_SERVER_APP_DIED, 0, SandboxUnmountPath);

127
modules/sandbox/sandbox_utils.cpp
View File

@ -35,6 +35,9 @@
#include "appspawn_service.h"
#include "appspawn_utils.h"
#include "config_policy_utils.h"
#ifdef WITH_DLP
#include "dlp_fuse_fd.h"
#endif
#include "init_param.h"
#include "parameter.h"
#include "parameters.h"
@ -42,9 +45,13 @@
#ifdef WITH_SELINUX
#include "hap_restorecon.h"
#endif
#ifdef APPSPAWN_MOUNT_TMPSHM
#include "policycoreutils.h"
#endif // APPSPAWN_MOUNT_TMPSHM
#endif // WITH_SELINUX
#define MAX_MOUNT_TIME 500 // 500us
#define DEV_SHM_DIR "/dev/shm/"
using namespace std;
using namespace OHOS;
@ -53,7 +60,6 @@ namespace OHOS {
namespace AppSpawn {
namespace {
constexpr int32_t OPTIONS_MAX_LEN = 256;
constexpr int32_t DLP_FUSE_FD = 1000;
constexpr int32_t APP_LOG_DIR_GID = 1007;
constexpr int32_t APP_DATABASE_DIR_GID = 3012;
constexpr int32_t FILE_ACCESS_COMMON_DIR_STATUS = 0;
@ -163,7 +169,7 @@ bool JsonUtils::GetJsonObjFromJson(nlohmann::json &jsonObj, const std::string &j
}
jsonFileStream.close();
jsonObj = nlohmann::json::parse(buf.str(), nullptr, false);
APPSPAWN_CHECK(jsonObj.is_structured(), return false, "Parse json file into jsonObj failed.");
APPSPAWN_CHECK(!jsonObj.is_discarded() && jsonObj.is_structured(), return false, "Parse json file failed");
return true;
}
@ -263,24 +269,26 @@ int32_t SandboxUtils::DoAppSandboxMountOnce(const char *originPath, const char *
// to mount fs and bind mount files or directory
struct timespec mountStart = {0};
clock_gettime(CLOCK_MONOTONIC, &mountStart);
APPSPAWN_LOGV("Bind mount %{public}s to %{public}s '%{public}s' '%{public}lu' '%{public}s' '%{public}u'",
originPath, destinationPath, fsType, mountFlags, options, mountSharedFlag);
ret = mount(originPath, destinationPath, fsType, mountFlags, options);
struct timespec mountEnd = {0};
clock_gettime(CLOCK_MONOTONIC, &mountEnd);
uint64_t diff = DiffTime(&mountStart, &mountEnd);
APPSPAWN_CHECK_ONLY_LOG(diff < MAX_MOUNT_TIME, "mount %{public}s time %{public}" PRId64 " us", originPath, diff);
if (ret != 0) {
APPSPAWN_LOGI("errno is: %{public}d, bind mount %{public}s to %{public}s", errno, originPath, destinationPath);
std::string originPathStr = originPath == nullptr ? "" : originPath;
size_t index = originPathStr.find("data/app/el2/");
if (index != std::string::npos) {
if (originPathStr.find("data/app/el1/") != std::string::npos ||
originPathStr.find("data/app/el2/") != std::string::npos) {
CheckDirRecursive(originPathStr);
}
APPSPAWN_LOGI("errno is: %{public}d, bind mount %{public}s to %{public}s", errno, originPath,
destinationPath);
return ret;
}
ret = mount(nullptr, destinationPath, nullptr, mountSharedFlag, nullptr);
APPSPAWN_CHECK(ret == 0, return ret,
"errno is: %{public}d, private mount to %{public}s failed", errno, destinationPath);
APPSPAWN_CHECK(ret == 0, return ret, "errno is: %{public}d, private mount to %{public}s %{public}u failed",
errno, destinationPath, mountSharedFlag);
return 0;
}
@ -596,9 +604,10 @@ bool SandboxUtils::GetSbxSwitchStatusByConfig(nlohmann::json &config)
static bool CheckMountConfig(nlohmann::json &mntPoint, const AppSpawningCtx *appProperty,
bool checkFlag)
{
bool istrue = mntPoint.find(g_srcPath) == mntPoint.end() || mntPoint.find(g_sandBoxPath) == mntPoint.end() ||
bool istrue = mntPoint.find(g_srcPath) == mntPoint.end() || (!mntPoint[g_srcPath].is_string()) ||
mntPoint.find(g_sandBoxPath) == mntPoint.end() || (!mntPoint[g_sandBoxPath].is_string()) ||
((mntPoint.find(g_sandBoxFlags) == mntPoint.end()) &&
(mntPoint.find(g_sandBoxFlagsCustomized) == mntPoint.end()));
(mntPoint.find(g_sandBoxFlagsCustomized) == mntPoint.end()));
APPSPAWN_CHECK(!istrue, return false,
"read mount config failed, app name is %{public}s", GetBundleName(appProperty));
@ -644,7 +653,7 @@ static int32_t DoDlpAppMountStrategy(const AppSpawningCtx *appProperty,
char options[OPTIONS_MAX_LEN];
(void)sprintf_s(options, sizeof(options), "fd=%d,"
"rootmode=40000,user_id=%d,group_id=%d,allow_other,"
"rootmode=40000,user_id=%u,group_id=%u,allow_other,"
"context=\"u:object_r:dlp_fuse_file:s0\","
"fscontext=u:object_r:dlp_fuse_file:s0",
fd, dacInfo->uid, dacInfo->gid);
@ -654,6 +663,8 @@ static int32_t DoDlpAppMountStrategy(const AppSpawningCtx *appProperty,
int ret = 0;
#ifndef APPSPAWN_TEST
APPSPAWN_LOGV("Bind mount %{public}s to %{public}s '%{public}s' '%{public}lu' '%{public}s'",
srcPath.c_str(), sandboxPath.c_str(), fsType.c_str(), mountFlags, options);
ret = mount(srcPath.c_str(), sandboxPath.c_str(), fsType.c_str(), mountFlags, options);
APPSPAWN_CHECK(ret == 0, close(fd);
return ret, "DoDlpAppMountStrategy failed, bind mount %{public}s to %{public}s failed %{public}d",
@ -663,10 +674,11 @@ static int32_t DoDlpAppMountStrategy(const AppSpawningCtx *appProperty,
APPSPAWN_CHECK(ret == 0, close(fd);
return ret, "errno is: %{public}d, private mount to %{public}s failed", errno, sandboxPath.c_str());
#endif
/* close DLP_FUSE_FD and dup FD to it */
close(DLP_FUSE_FD);
ret = dup2(fd, DLP_FUSE_FD);
APPSPAWN_CHECK_ONLY_LOG(ret != -1, "dup fuse fd %{public}d failed, errno is %{public}d", fd, errno);
/* set DLP_FUSE_FD */
#ifdef WITH_DLP
SetDlpFuseFd(fd);
#endif
ret = fd;
return ret;
}
@ -785,10 +797,10 @@ int SandboxUtils::DoAllMntPointsMount(const AppSpawningCtx *appProperty,
std::string sandboxRoot = GetSbxPathByConfig(appProperty, appConfig);
bool checkFlag = CheckMountFlag(appProperty, bundleName, appConfig);
nlohmann::json mountPoints = appConfig[g_mountPrefix];
nlohmann::json& mountPoints = appConfig[g_mountPrefix];
unsigned int mountPointSize = mountPoints.size();
for (unsigned int i = 0; i < mountPointSize; i++) {
nlohmann::json mntPoint = mountPoints[i];
nlohmann::json& mntPoint = mountPoints[i];
if ((CheckMountConfig(mntPoint, appProperty, checkFlag) == false)) {
continue;
}
@ -834,7 +846,7 @@ int32_t SandboxUtils::DoAddGid(AppSpawningCtx *appProperty, nlohmann::json &appC
return 0;
}
nlohmann::json gids = appConfig[g_gidPrefix];
nlohmann::json& gids = appConfig[g_gidPrefix];
unsigned int gidSize = gids.size();
for (unsigned int i = 0; i < gidSize; i++) {
if (dacInfo->gidCount < APP_MAX_GIDS) {
@ -851,15 +863,16 @@ int SandboxUtils::DoAllSymlinkPointslink(const AppSpawningCtx *appProperty, nloh
APPSPAWN_CHECK(appConfig.find(g_symlinkPrefix) != appConfig.end(), return 0, "symlink config is not found,"
"maybe result sandbox launch failed app name is %{public}s", GetBundleName(appProperty));
nlohmann::json symlinkPoints = appConfig[g_symlinkPrefix];
nlohmann::json& symlinkPoints = appConfig[g_symlinkPrefix];
std::string sandboxRoot = GetSbxPathByConfig(appProperty, appConfig);
unsigned int symlinkPointSize = symlinkPoints.size();
for (unsigned int i = 0; i < symlinkPointSize; i++) {
nlohmann::json symPoint = symlinkPoints[i];
nlohmann::json& symPoint = symlinkPoints[i];
// Check the validity of the symlink configuration
if (symPoint.find(g_targetName) == symPoint.end() || symPoint.find(g_linkName) == symPoint.end()) {
if (symPoint.find(g_targetName) == symPoint.end() || (!symPoint[g_targetName].is_string()) ||
symPoint.find(g_linkName) == symPoint.end() || (!symPoint[g_linkName].is_string())) {
APPSPAWN_LOGE("read symlink config failed, app name is %{public}s", GetBundleName(appProperty));
continue;
}
@ -889,7 +902,7 @@ int32_t SandboxUtils::DoSandboxFilePrivateBind(const AppSpawningCtx *appProperty
nlohmann::json &wholeConfig)
{
const char *bundleName = GetBundleName(appProperty);
nlohmann::json privateAppConfig = wholeConfig[g_privatePrefix][0];
nlohmann::json& privateAppConfig = wholeConfig[g_privatePrefix][0];
if (privateAppConfig.find(bundleName) != privateAppConfig.end()) {
APPSPAWN_LOGV("DoSandboxFilePrivateBind %{public}s", bundleName);
DoAddGid((AppSpawningCtx *)appProperty, privateAppConfig[bundleName][0], "", g_privatePrefix);
@ -906,7 +919,7 @@ int32_t SandboxUtils::DoSandboxFilePermissionBind(AppSpawningCtx *appProperty,
APPSPAWN_LOGV("DoSandboxFilePermissionBind not found permission information in config file");
return 0;
}
nlohmann::json permissionAppConfig = wholeConfig[g_permissionPrefix][0];
nlohmann::json& permissionAppConfig = wholeConfig[g_permissionPrefix][0];
for (nlohmann::json::iterator it = permissionAppConfig.begin(); it != permissionAppConfig.end(); ++it) {
const std::string permission = it.key();
int index = GetPermissionIndex(nullptr, permission.c_str());
@ -943,7 +956,7 @@ int32_t SandboxUtils::DoSandboxFilePrivateSymlink(const AppSpawningCtx *appPrope
nlohmann::json &wholeConfig)
{
const char *bundleName = GetBundleName(appProperty);
nlohmann::json privateAppConfig = wholeConfig[g_privatePrefix][0];
nlohmann::json& privateAppConfig = wholeConfig[g_privatePrefix][0];
if (privateAppConfig.find(bundleName) != privateAppConfig.end()) {
return DoAllSymlinkPointslink(appProperty, privateAppConfig[bundleName][0]);
}
@ -958,13 +971,13 @@ int32_t SandboxUtils::HandleFlagsPoint(const AppSpawningCtx *appProperty,
return 0;
}
nlohmann::json flagsPoints = appConfig[g_flagePoint];
nlohmann::json& flagsPoints = appConfig[g_flagePoint];
unsigned int flagsPointSize = flagsPoints.size();
for (unsigned int i = 0; i < flagsPointSize; i++) {
nlohmann::json flagPoint = flagsPoints[i];
nlohmann::json& flagPoint = flagsPoints[i];
if (flagPoint.find(g_flags) != flagPoint.end()) {
if (flagPoint.find(g_flags) != flagPoint.end() && flagPoint[g_flags].is_string()) {
std::string flagsStr = flagPoint[g_flags].get<std::string>();
uint32_t flag = ConvertFlagStr(flagsStr);
if ((GetAppMsgFlags(appProperty) & flag) != 0) {
@ -982,7 +995,7 @@ int32_t SandboxUtils::DoSandboxFilePrivateFlagsPointHandle(const AppSpawningCtx
nlohmann::json &wholeConfig)
{
const char *bundleName = GetBundleName(appProperty);
nlohmann::json privateAppConfig = wholeConfig[g_privatePrefix][0];
nlohmann::json& privateAppConfig = wholeConfig[g_privatePrefix][0];
if (privateAppConfig.find(bundleName) != privateAppConfig.end()) {
return HandleFlagsPoint(appProperty, privateAppConfig[bundleName][0]);
}
@ -993,7 +1006,7 @@ int32_t SandboxUtils::DoSandboxFilePrivateFlagsPointHandle(const AppSpawningCtx
int32_t SandboxUtils::DoSandboxFileCommonFlagsPointHandle(const AppSpawningCtx *appProperty,
nlohmann::json &wholeConfig)
{
nlohmann::json commonConfig = wholeConfig[g_commonPrefix][0];
nlohmann::json& commonConfig = wholeConfig[g_commonPrefix][0];
if (commonConfig.find(g_appResources) != commonConfig.end()) {
return HandleFlagsPoint(appProperty, commonConfig[g_appResources][0]);
}
@ -1003,7 +1016,7 @@ int32_t SandboxUtils::DoSandboxFileCommonFlagsPointHandle(const AppSpawningCtx *
int32_t SandboxUtils::DoSandboxFileCommonBind(const AppSpawningCtx *appProperty, nlohmann::json &wholeConfig)
{
nlohmann::json commonConfig = wholeConfig[g_commonPrefix][0];
nlohmann::json& commonConfig = wholeConfig[g_commonPrefix][0];
int ret = 0;
if (commonConfig.find(g_appBase) != commonConfig.end()) {
@ -1023,7 +1036,7 @@ int32_t SandboxUtils::DoSandboxFileCommonBind(const AppSpawningCtx *appProperty,
int32_t SandboxUtils::DoSandboxFileCommonSymlink(const AppSpawningCtx *appProperty,
nlohmann::json &wholeConfig)
{
nlohmann::json commonConfig = wholeConfig[g_commonPrefix][0];
nlohmann::json& commonConfig = wholeConfig[g_commonPrefix][0];
int ret = 0;
if (commonConfig.find(g_appBase) != commonConfig.end()) {
@ -1407,7 +1420,7 @@ bool SandboxUtils::CheckAppSandboxSwitchStatus(const AppSpawningCtx *appProperty
}
nlohmann::json& privateAppConfig = wholeConfig[g_privatePrefix][0];
if (privateAppConfig.find(GetBundleName(appProperty)) != privateAppConfig.end()) {
nlohmann::json appConfig = privateAppConfig[GetBundleName(appProperty)][0];
nlohmann::json& appConfig = privateAppConfig[GetBundleName(appProperty)][0];
rc = GetSbxSwitchStatusByConfig(appConfig);
if (rc) {
break;
@ -1565,7 +1578,7 @@ static inline int EnableSandboxNamespace(AppSpawningCtx *appProperty, uint32_t s
int32_t SandboxUtils::SetPermissionWithParam(AppSpawningCtx *appProperty)
{
uint32_t index = 0;
int32_t index = 0;
int32_t appFullMountStatus = CheckAppFullMountEnable();
if (appFullMountStatus == FILE_CROSS_APP_STATUS) {
index = GetPermissionIndex(nullptr, FILE_CROSS_APP_MODE.c_str());
@ -1573,13 +1586,25 @@ int32_t SandboxUtils::SetPermissionWithParam(AppSpawningCtx *appProperty)
index = GetPermissionIndex(nullptr, FILE_ACCESS_COMMON_DIR_MODE.c_str());
}
int32_t fileMgrIndex = GetPermissionIndex(nullptr, FILE_ACCESS_MANAGER_MODE.c_str());
if (index > 0 && (CheckAppPermissionFlagSet(appProperty, static_cast<uint32_t>(fileMgrIndex)) == 0)) {
int32_t fileMgrIndex = GetPermissionIndex(nullptr, FILE_ACCESS_MANAGER_MODE.c_str());
if (index > 0 && fileMgrIndex > 0 &&
(CheckAppPermissionFlagSet(appProperty, static_cast<uint32_t>(fileMgrIndex)) == 0)) {
return SetAppPermissionFlags(appProperty, index);
}
return 0;
return -1;
}
#ifdef APPSPAWN_MOUNT_TMPSHM
void SandboxUtils::MountDevShmPath(std::string &sandboxPath)
{
std::string sandboxDevShmPath = sandboxPath + DEV_SHM_DIR;
int result = mount("tmpfs", sandboxDevShmPath.c_str(), "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV, "size=32M");
if (result != 0) {
APPSPAWN_LOGW("Error mounting %{public}s to tmpfs, errno %{public}d", sandboxDevShmPath.c_str(), errno);
}
}
#endif
int32_t SandboxUtils::SetAppSandboxProperty(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags)
{
APPSPAWN_CHECK(appProperty != nullptr, return -1, "Invalid appspwn client");
@ -1619,11 +1644,18 @@ int32_t SandboxUtils::SetAppSandboxProperty(AppSpawningCtx *appProperty, uint32_
rc = SetSandboxProperty(appProperty, sandboxPackagePath);
APPSPAWN_CHECK(rc == 0, return rc, "SetSandboxProperty failed, %{public}s", bundleName.c_str());
#ifdef APPSPAWN_MOUNT_TMPSHM
MountDevShmPath(sandboxPackagePath);
#endif
#ifndef APPSPAWN_TEST
rc = ChangeCurrentDir(sandboxPackagePath, bundleName, sandboxSharedStatus);
APPSPAWN_CHECK(rc == 0, return rc, "change current dir failed");
APPSPAWN_LOGI("Change root dir success");
#endif
#if defined(APPSPAWN_MOUNT_TMPSHM) && defined(WITH_SELINUX)
Restorecon(DEV_SHM_DIR);
#endif // APPSPAWN_MOUNT_TMPSHM && WITH_SELINUX
#endif // APPSPAWN_TEST
return 0;
}
@ -1753,7 +1785,7 @@ int32_t SetAppSandboxProperty(AppSpawnMgr *content, AppSpawningCtx *property)
}
}
uint32_t sandboxNsFlags = CLONE_NEWNS;
if (CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX) ||
if ((CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX) && !IsDeveloperModeOpen()) ||
CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_NETWORK)) {
sandboxNsFlags |= content->content.sandboxNsFlags & CLONE_NEWNET ? CLONE_NEWNET : 0;
}
@ -1776,7 +1808,7 @@ int32_t SetAppSandboxProperty(AppSpawnMgr *content, AppSpawningCtx *property)
#define DIR_MODE 0711
#ifndef APPSPAWN_SANDBOX_NEW
static bool IsUnlockStatus(uint32_t uid)
static bool IsUnlockStatus(uint32_t uid, const char *bundleName, size_t bundleNameLen)
{
const int userIdBase = 200000;
uid = uid / userIdBase;
@ -1785,12 +1817,13 @@ static bool IsUnlockStatus(uint32_t uid)
}
const char rootPath[] = "/data/app/el2/";
const char basePath[] = "/base";
size_t allPathSize = strlen(rootPath) + strlen(basePath) + 1 + USER_ID_SIZE;
const char basePath[] = "/base/";
size_t allPathSize = strlen(rootPath) + strlen(basePath) + 1 + USER_ID_SIZE + bundleNameLen;
char *path = reinterpret_cast<char *>(malloc(sizeof(char) * allPathSize));
APPSPAWN_CHECK(path != NULL, return true, "Failed to malloc path");
int len = sprintf_s(path, allPathSize, "%s%u%s", rootPath, uid, basePath);
APPSPAWN_CHECK(len > 0 && ((size_t)len < allPathSize), return true, "Failed to get base path");
int len = sprintf_s(path, allPathSize, "%s%u%s%s", rootPath, uid, basePath, bundleName);
APPSPAWN_CHECK(len > 0 && ((size_t)len < allPathSize), free(path);
return true, "Failed to get base path");
if (access(path, F_OK) == 0) {
APPSPAWN_LOGI("this is unlock status");
@ -1867,8 +1900,8 @@ static void MountDirToShared(const AppSpawningCtx *property)
string sourcePath = "/data/app/el1/bundle/public/" + string(bundleName);
MountDir(property, rootPath, sourcePath.c_str(), el1Path);
if (IsUnlockStatus(info->uid)) {
size_t bundleNameLen = strlen(bundleName);
if (IsUnlockStatus(info->uid, bundleName, bundleNameLen)) {
return;
}
@ -1884,7 +1917,7 @@ static void MountDirToShared(const AppSpawningCtx *property)
}
}
}
std::string lockSbxPathStamp = rootPath + to_string(info->uid / UID_BASE) + "/";
lockSbxPathStamp += CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? "isolated/" : "";
lockSbxPathStamp += bundleName;

3
modules/sandbox/sandbox_utils.h
View File

@ -120,6 +120,9 @@ private:
const std::string &section, std::string sandboxRoot);
static void GetSandboxMountConfig(const AppSpawningCtx *appProperty, const std::string &section,
nlohmann::json &mntPoint,SandboxMountConfig &mountConfig);
#ifdef APPSPAWN_MOUNT_TMPSHM
static void MountDevShmPath(std::string &sandboxPath);
#endif
static std::map<SandboxConfigType, std::vector<nlohmann::json>> appSandboxConfig_;
static int32_t deviceTypeEnable_;
};

1
service/hnp/base/hnp_base.h
View File

@ -280,7 +280,6 @@ int HnpDeleteFolder(const char *path);
int HnpCreateFolder(const char* path);
int HnpWriteInfoToFile(const char* filePath, char *buff, int len);
int ParseHnpCfgFile(const char *hnpCfgPath, HnpCfgInfo *hnpCfg);

27
service/hnp/base/hnp_file.c
View File

@ -84,9 +84,9 @@ int ReadFileToStream(const char *filePath, char **stream, int *streamLen)
(void)fclose(file);
return HNP_ERRNO_NOMEM;
}
ret = fread(streamTmp, sizeof(char), size, file);
if (ret != size) {
HNP_LOGE("fread unsuccess. ret=%{public}d, size=%{public}d", ret, size);
size_t readLen = fread(streamTmp, sizeof(char), size, file);
if (readLen != (size_t)size) {
HNP_LOGE("fread unsuccess. readLen=%{public}zu, size=%{public}d", readLen, size);
(void)fclose(file);
free(streamTmp);
return HNP_ERRNO_BASE_FILE_READ_FAILED;
@ -97,25 +97,6 @@ int ReadFileToStream(const char *filePath, char **stream, int *streamLen)
return 0;
}
int HnpWriteInfoToFile(const char* filePath, char *buff, int len)
{
FILE *fp = fopen(filePath, "w");
if (fp == NULL) {
HNP_LOGE("open file:%{public}s unsuccess!", filePath);
return HNP_ERRNO_BASE_FILE_OPEN_FAILED;
}
int writeLen = fwrite(buff, sizeof(char), len, fp);
if (writeLen != len) {
HNP_LOGE("write file:%{public}s unsuccess! len=%{public}d, write=%{public}d", filePath, len, writeLen);
(void)fclose(fp);
return HNP_ERRNO_BASE_FILE_WRITE_FAILED;
}
(void)fclose(fp);
return 0;
}
int GetRealPath(char *srcPath, char *realPath)
{
char dstTmpPath[MAX_FILE_PATH_LEN];
@ -292,6 +273,8 @@ int HnpPathFileCount(const char *path)
num++;
}
closedir(dir);
return num;
#endif
}

56
service/hnp/base/hnp_json.c
View File

@ -31,7 +31,7 @@ static int ParseLinksJsonToCfgInfo(cJSON *linksItem, HnpCfgInfo *hnpCfg)
int linkArrayNum = cJSON_GetArraySize(linksItem);
if (linkArrayNum > 0) {
hnpCfg->linkNum = linkArrayNum;
hnpCfg->linkNum = (size_t)linkArrayNum;
linkArray = (NativeBinLink*)malloc(sizeof(NativeBinLink) * linkArrayNum);
if (linkArray == NULL) {
HNP_LOGE("malloc unsuccess.");
@ -183,11 +183,12 @@ static bool HnpInstallHapExistCheck(const char *hnpPackageName, cJSON *json, cJS
{
cJSON *hapItem = NULL;
bool hapExist = false;
cJSON *hapJson = NULL;
for (int i = 0; i < cJSON_GetArraySize(json); i++) {
hapItem = cJSON_GetArrayItem(json, i);
if ((cJSON_GetObjectItem(hapItem, "hap") != NULL) &&
(strcmp(cJSON_GetObjectItem(hapItem, "hap")->valuestring, hnpPackageName) == 0)) {
hapJson = cJSON_GetObjectItem(hapItem, "hap");
if ((hapJson != NULL) && (cJSON_IsString(hapJson)) && (strcmp(hapJson->valuestring, hnpPackageName) == 0)) {
hapExist = true;
*hapItemOut = hapItem;
*hapIndex = i;
@ -231,8 +232,9 @@ static void HnpPackageVersionUpdateAll(cJSON *json, const HnpCfgInfo *hnpCfg)
cJSON *hnpItemArr = cJSON_GetObjectItem(hapItem, "hnp");
for (int j = 0; j < cJSON_GetArraySize(hnpItemArr); j++) {
cJSON *hnpItem = cJSON_GetArrayItem(hnpItemArr, j);
if ((cJSON_GetObjectItem(hnpItem, "name") == NULL) ||
(strcmp(cJSON_GetObjectItem(hnpItem, "name")->valuestring, hnpCfg->name) != 0)) {
cJSON *nameItem = cJSON_GetObjectItem(hnpItem, "name");
if ((nameItem == NULL) ||
((cJSON_IsString(nameItem)) && (strcmp(nameItem->valuestring, hnpCfg->name) != 0))) {
continue;
}
cJSON *version = cJSON_GetObjectItem(hnpItem, "current_version");
@ -255,10 +257,11 @@ static int HnpHapJsonWrite(cJSON *json)
return HNP_ERRNO_BASE_FILE_OPEN_FAILED;
}
char *jsonStr = cJSON_Print(json);
int ret = fwrite(jsonStr, strlen(jsonStr), sizeof(char), fp);
size_t jsonStrSize = strlen(jsonStr);
size_t writeLen = fwrite(jsonStr, sizeof(char), jsonStrSize, fp);
(void)fclose(fp);
free(jsonStr);
if (ret < 0) {
if (writeLen != jsonStrSize) {
HNP_LOGE("package info write file:%{public}s unsuccess!", HNP_PACKAGE_INFO_JSON_FILE_PATH);
return HNP_ERRNO_BASE_FILE_WRITE_FAILED;
}
@ -288,11 +291,13 @@ static int HnpHapJsonHnpAdd(bool hapExist, cJSON *json, cJSON *hapItem, const ch
hnpItemArr = cJSON_CreateArray();
if (hnpItemArr == NULL) {
HNP_LOGE("hnp json write array create unsuccess");
cJSON_Delete(hapItem);
return HNP_ERRNO_BASE_JSON_ARRAY_CREATE_FAILED;
}
cJSON_AddItemToObject(hapItem, "hnp", hnpItemArr);
cJSON_AddItemToArray(json, hapItem);
}
cJSON *hnpItem = cJSON_CreateObject();
if (hnpItem == NULL) {
HNP_LOGE("hnp json write create hnp object unsuccess");
@ -466,7 +471,8 @@ int HnpPackageInfoGet(const char *packageName, HnpPackageInfo **packageInfoOut,
cJSON *name = cJSON_GetObjectItem(hnpItem, "name");
cJSON *version = cJSON_GetObjectItem(hnpItem, "current_version");
cJSON *installVersion = cJSON_GetObjectItem(hnpItem, "install_version");
if (name == NULL || version == NULL || installVersion == NULL) {
if (name == NULL || version == NULL || installVersion == NULL || !cJSON_IsString(name) ||
!cJSON_IsString(version) || !cJSON_IsString(installVersion)) {
continue;
}
hnpExist = HnpOtherPackageInstallCheck(name->valuestring, version->valuestring, hapIndex, json);
@ -570,19 +576,22 @@ int HnpPackageInfoDelete(const char *packageName)
static char *HnpNeedUnInstallHnpVersionGet(cJSON *hnpItemArr, const char *name)
{
char *version = NULL;
if (hnpItemArr == NULL) {
return NULL;
}
for (int i = 0; i < cJSON_GetArraySize(hnpItemArr); i++) {
cJSON *hnpItem = cJSON_GetArrayItem(hnpItemArr, i);
if ((cJSON_GetObjectItem(hnpItem, "name") != NULL) &&
(cJSON_GetObjectItem(hnpItem, "current_version") != NULL) &&
(cJSON_GetObjectItem(hnpItem, "install_version") != NULL) &&
(strcmp(cJSON_GetObjectItem(hnpItem, "name")->valuestring, name) == 0) &&
(strcmp(cJSON_GetObjectItem(hnpItem, "current_version")->valuestring,
cJSON_GetObjectItem(hnpItem, "install_version")->valuestring) == 0)) {
return cJSON_GetObjectItem(hnpItem, "current_version")->valuestring;
cJSON *nameItem = cJSON_GetObjectItem(hnpItem, "name");
cJSON *currentItem = cJSON_GetObjectItem(hnpItem, "current_version");
cJSON *installItem = cJSON_GetObjectItem(hnpItem, "install_version");
if ((nameItem != NULL) && (currentItem != NULL) && (installItem != NULL) && (cJSON_IsString(nameItem)) &&
(cJSON_IsString(currentItem)) && (cJSON_IsString(installItem)) &&
(strcmp(nameItem->valuestring, name) == 0) &&
(strcmp(currentItem->valuestring, installItem->valuestring) == 0)) {
version = strdup(currentItem->valuestring);
return version;
}
}
@ -594,6 +603,7 @@ char *HnpCurrentVersionGet(const char *name)
char *infoStream;
int size;
cJSON *hapItem = NULL;
char *version = NULL;
int ret = ReadFileToStream(HNP_PACKAGE_INFO_JSON_FILE_PATH, &infoStream, &size);
if (ret != 0) {
@ -611,15 +621,19 @@ char *HnpCurrentVersionGet(const char *name)
hapItem = cJSON_GetArrayItem(json, i);
cJSON *hnpItemArr = cJSON_GetObjectItem(hapItem, "hnp");
if (hnpItemArr == NULL) {
cJSON_Delete(json);
return NULL;
}
for (int i = 0; i < cJSON_GetArraySize(hnpItemArr); i++) {
cJSON *hnpItem = cJSON_GetArrayItem(hnpItemArr, i);
if ((cJSON_GetObjectItem(hnpItem, "name") != NULL) &&
(cJSON_GetObjectItem(hnpItem, "current_version") != NULL) &&
(strcmp(cJSON_GetObjectItem(hnpItem, "name")->valuestring, name) == 0)) {
return cJSON_GetObjectItem(hnpItem, "current_version")->valuestring;
for (int j = 0; j < cJSON_GetArraySize(hnpItemArr); j++) {
cJSON *hnpItem = cJSON_GetArrayItem(hnpItemArr, j);
cJSON *nameItem = cJSON_GetObjectItem(hnpItem, "name");
cJSON *versionItem = cJSON_GetObjectItem(hnpItem, "current_version");
if ((nameItem != NULL) && (versionItem != NULL) && (cJSON_IsString(nameItem)) &&
(cJSON_IsString(versionItem)) && (strcmp(nameItem->valuestring, name) == 0)) {
version = strdup(versionItem->valuestring);
cJSON_Delete(json);
return version;
}
}
}

9
service/hnp/base/hnp_sal.c
View File

@ -56,14 +56,21 @@ int HnpProcessRunCheck(const char *runPath)
APPSPAWN_STATIC void HnpRelPath(const char *fromPath, const char *toPath, char *relPath)
{
char *from = strdup(fromPath);
if (from == NULL) {
return;
}
char *to = strdup(toPath);
if (to == NULL) {
free(from);
return;
}
int numDirs = 0;
int ret;
char *fromHead = from;
char *toHead = to;
while ((*from) && (*to) && (*from == *to)) {
while ((*from != '\0') && (*to != '\0') && (*from == *to)) {
from++;
to++;
}

26
service/hnp/base/hnp_zip.c
View File

@ -74,7 +74,7 @@ static int ZipAddFile(const char* file, int offset, zipFile zf)
int err;
char buf[1024];
char transPath[MAX_FILE_PATH_LEN];
int len;
size_t len;
FILE *f;
zip_fileinfo fileInfo = {0};
@ -346,8 +346,8 @@ static bool HnpELFFileCheck(const char *path)
return false;
}
int ret = fread(buff, sizeof(char), HNP_ELF_FILE_CHECK_HEAD_LEN, fp);
if (ret != HNP_ELF_FILE_CHECK_HEAD_LEN) {
size_t readLen = fread(buff, sizeof(char), HNP_ELF_FILE_CHECK_HEAD_LEN, fp);
if (readLen != HNP_ELF_FILE_CHECK_HEAD_LEN) {
(void)fclose(fp);
return false;
}
@ -418,21 +418,19 @@ int HnpFileCountGet(const char *path, int *count)
int HnpUnZip(const char *inputFile, const char *outputDir, const char *hnpSignKeyPrefix,
HnpSignMapInfo *hnpSignMapInfos, int *count)
{
unzFile zipFile;
int result;
char fileName[MAX_FILE_PATH_LEN];
unz_file_info fileInfo;
char filePath[MAX_FILE_PATH_LEN];
HNP_LOGI("HnpUnZip zip=%{public}s, output=%{public}s", inputFile, outputDir);
zipFile = unzOpen(inputFile);
unzFile zipFile = unzOpen(inputFile);
if (zipFile == NULL) {
HNP_LOGE("unzip open hnp:%{public}s unsuccess!", inputFile);
return HNP_ERRNO_BASE_UNZIP_OPEN_FAILED;
}
result = unzGoToFirstFile(zipFile);
int result = unzGoToFirstFile(zipFile);
while (result == UNZ_OK) {
result = unzGetCurrentFileInfo(zipFile, &fileInfo, fileName, sizeof(fileName), NULL, 0, NULL, 0);
if (result != UNZ_OK) {
@ -440,6 +438,11 @@ int HnpUnZip(const char *inputFile, const char *outputDir, const char *hnpSignKe
unzClose(zipFile);
return HNP_ERRNO_BASE_UNZIP_GET_INFO_FAILED;
}
if (strstr(fileName, "../")) {
HNP_LOGE("unzip filename[%{public}s],does not allow the use of ../", fileName);
unzClose(zipFile);
return HNP_ERRNO_BASE_UNZIP_GET_INFO_FAILED;
}
char *slash = strchr(fileName, '/');
if (slash != NULL) {
slash++;
@ -447,8 +450,7 @@ int HnpUnZip(const char *inputFile, const char *outputDir, const char *hnpSignKe
slash = fileName;
}
result = sprintf_s(filePath, MAX_FILE_PATH_LEN, "%s/%s", outputDir, slash);
if (result < 0) {
if (sprintf_s(filePath, MAX_FILE_PATH_LEN, "%s/%s", outputDir, slash) < 0) {
HNP_LOGE("sprintf unsuccess.");
unzClose(zipFile);
return HNP_ERRNO_BASE_SPRINTF_FAILED;
@ -510,11 +512,11 @@ int HnpCfgGetFromZip(const char *inputFile, HnpCfgInfo *hnpCfg)
unzClose(zipFile);
return HNP_ERRNO_NOMEM;
}
uLong readSize = unzReadCurrentFile(zipFile, cfgStream, fileInfo.uncompressed_size);
if (readSize != fileInfo.uncompressed_size) {
int readSize = unzReadCurrentFile(zipFile, cfgStream, fileInfo.uncompressed_size);
if (readSize < 0 || (uLong)readSize != fileInfo.uncompressed_size) {
free(cfgStream);
unzClose(zipFile);
HNP_LOGE("unzip read zip:%{public}s info size[%{public}lu]=>[%{public}lu] error!", inputFile,
HNP_LOGE("unzip read zip:%{public}s info size[%{public}lu]=>[%{public}d] error!", inputFile,
fileInfo.uncompressed_size, readSize);
return HNP_ERRNO_BASE_FILE_READ_FAILED;
}

14
service/hnp/installer/src/hnp_installer.c
View File

@ -63,6 +63,11 @@ static int HnpGenerateSoftLinkAllByJson(const char *installPath, const char *dst
}
for (unsigned int i = 0; i < hnpCfg->linkNum; i++) {
if (strstr(currentLink->source, "../") || strstr(currentLink->target, "../")) {
HNP_LOGE("hnp json link source[%{public}s],target[%{public}s],does not allow the use of ../",
currentLink->source, currentLink->target);
return HNP_ERRNO_INSTALLER_GET_HNP_PATH_FAILED;
}
int ret = sprintf_s(srcFile, MAX_FILE_PATH_LEN, "%s/%s", installPath, currentLink->source);
char *fileName;
if (ret < 0) {
@ -252,7 +257,7 @@ static int HnpUnInstallPublicHnp(const char* packageName, const char *name, cons
static int HnpNativeUnInstall(HnpPackageInfo *packageInfo, int uid, const char *packageName)
{
int ret;
int ret = 0;
HNP_LOGI("hnp uninstall start now! name=%{public}s,version=[%{public}s,%{public}s],uid=%{public}d,"
"package=%{public}s", packageInfo->name, packageInfo->currentVersion, packageInfo->installVersion, uid,
@ -273,9 +278,6 @@ static int HnpNativeUnInstall(HnpPackageInfo *packageInfo, int uid, const char *
}
}
HNP_LOGI("hnp uninstall end! ret=%{public}d", ret);
if (ret != 0) {
return ret;
}
return 0;
}
@ -387,7 +389,9 @@ static int HnpPublicDealAfterInstall(HnpInstallInfo *hnpInfo, HnpCfgInfo *hnpCfg
hnpInfo->hapInstallInfo->uid, true);
}
}
if (version != NULL) {
free(version);
}
hnpCfg->isInstall = true;
return HnpInstallInfoJsonWrite(hnpInfo->hapInstallInfo->hapPackageName, hnpCfg);

15
standard/BUILD.gn
View File

@ -31,6 +31,9 @@ config("appspawn_server_config") {
if (build_seccomp) {
cflags += [ "-DWITH_SECCOMP" ]
if (appspawn_seccomp_privilege) {
cflags += [ "-DSECCOMP_PRIVILEGE" ]
}
}
configs = [ "${appspawn_path}:appspawn_config" ]
}
@ -93,6 +96,10 @@ ohos_executable("appspawn") {
}
cflags = []
if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
defines += [ "APPSPAWN_SANDBOX_NEW" ]
}
#ldflags = [ "-Wl,--dynamic-linker,/system/bin/linker64z" ]
if (!defined(global_parts_info) ||
defined(global_parts_info.security_code_signature)) {
@ -195,6 +202,10 @@ ohos_executable("cjappspawn") {
}
cflags = []
if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
defines += [ "APPSPAWN_SANDBOX_NEW" ]
}
#ldflags = [ "-Wl,--dynamic-linker,/system/bin/linker64z" ]
if (!defined(global_parts_info) ||
defined(global_parts_info.security_code_signature)) {
@ -262,6 +273,10 @@ ohos_executable("nativespawn") {
}
cflags = []
if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
defines += [ "APPSPAWN_SANDBOX_NEW" ]
}
#ldflags = [ "-Wl,--dynamic-linker,/system/bin/linker64z" ]
if (!defined(global_parts_info) ||
defined(global_parts_info.security_code_signature)) {

12
standard/appspawn_appmgr.c
View File

@ -374,9 +374,9 @@ static int DumpAppSpawnQueue(ListNode *node, void *data)
static int DumpAppQueue(ListNode *node, void *data)
{
AppSpawnedProcess *appInfo = ListEntry(node, AppSpawnedProcess, node);
int64_t diff = DiffTime(&appInfo->spawnStart, &appInfo->spawnEnd);
uint64_t diff = DiffTime(&appInfo->spawnStart, &appInfo->spawnEnd);
APPSPAPWN_DUMP("App info uid: %{public}u pid: %{public}x", appInfo->uid, appInfo->pid);
APPSPAPWN_DUMP("App info name: %{public}s exitStatus: 0x%{public}x spawn time: %{public}" PRId64 " us ",
APPSPAPWN_DUMP("App info name: %{public}s exitStatus: 0x%{public}x spawn time: %{public}" PRIu64 " us ",
appInfo->name, appInfo->exitStatus, diff);
return 0;
}
@ -396,9 +396,13 @@ void ProcessAppSpawnDumpMsg(const AppSpawnMsgNode *message)
FILE *stream = NULL;
uint32_t len = 0;
char *ptyName = GetAppSpawnMsgExtInfo(message, "pty-name", &len);
if (ptyName != NULL) { //
if (ptyName != NULL) {
APPSPAWN_LOGI("Dump info to file '%{public}s'", ptyName);
stream = fopen(ptyName, "w");
char canonicalPtyPath[PATH_MAX] = {0};
if (realpath(ptyName, canonicalPtyPath) == NULL) {
return;
}
stream = fopen(canonicalPtyPath, "w");
SetDumpToStream(stream);
} else {
SetDumpToStream(stdout);

2
standard/appspawn_main.c
View File

@ -137,7 +137,7 @@ int main(int argc, char *const argv[])
}
AppSpawnContent *content = StartSpawnService(arg, argvSize, argc, argv);
if (content != NULL) {
if (arg->moduleType == MODULE_APPSPAWN) {
if ((arg->moduleType == MODULE_APPSPAWN) && (arg->mode != MODE_FOR_APP_COLD_RUN)) {
AppSpawnKickDogStart(content);
}
content->runAppSpawn(content, argc, argv);

9
standard/appspawn_msgmgr.c
View File

@ -395,13 +395,14 @@ void DumpAppSpawnMsg(const AppSpawnMsgNode *message)
APPSPAWN_ONLY_EXPER(domainInfo != NULL,
APPSPAPWN_DUMP("App domain info hap: 0x%{public}x apl: \"%{public}s\"", domainInfo->hapFlags, domainInfo->apl));
AppSpawnMgr *mgr = GetAppSpawnMgr();
if (mgr == NULL || ((mgr->flags & APP_DEVELOPER_MODE) != APP_DEVELOPER_MODE)) {
return;
}
AppSpawnMsgOwnerId *owner = (AppSpawnMsgOwnerId *)GetAppSpawnMsgInfo(message, TLV_OWNER_INFO);
APPSPAWN_ONLY_EXPER(owner != NULL, APPSPAPWN_DUMP("App owner info: \"%{public}s\" ", owner->ownerId));
AppSpawnMsgAccessToken *t = (AppSpawnMsgAccessToken *)GetAppSpawnMsgInfo(message, TLV_ACCESS_TOKEN_INFO);
APPSPAWN_ONLY_EXPER(t != NULL,
APPSPAPWN_DUMP("App access token info: %{public}" PRId64 "", t->accessTokenIdEx));
AppSpawnMsgInternetInfo *info = (AppSpawnMsgInternetInfo *)GetAppSpawnMsgInfo(message, TLV_INTERNET_INFO);
APPSPAWN_ONLY_EXPER(info != NULL,
APPSPAPWN_DUMP("App internet permission info [%{public}d %{public}d]",

157
standard/appspawn_service.c
View File

@ -54,6 +54,7 @@
#define FD_PATH_SIZE 128
#define MAX_MEM_SIZE (4 * 1024)
#define APPSPAWN_MSG_USER_CHECK_COUNT 3
#define PREFORK_PROCESS "apppool"
#ifndef PIDFD_NONBLOCK
#define PIDFD_NONBLOCK O_NONBLOCK
#endif
@ -88,7 +89,7 @@ static void CloseDevEncaps(int fd)
static inline void SetFdCtrl(int fd, int opt)
{
int option = fcntl(fd, F_GETFD);
int ret = fcntl(fd, F_SETFD, option | opt);
int ret = fcntl(fd, F_SETFD, (unsigned int)option | (unsigned int)opt);
if (ret < 0) {
APPSPAWN_LOGI("Set fd %{public}d option %{public}d %{public}d result: %{public}d", fd, option, opt, errno);
}
@ -150,6 +151,11 @@ static inline void DumpStatus(const char *appName, pid_t pid, int status)
static void HandleDiedPid(pid_t pid, uid_t uid, int status)
{
AppSpawnContent *content = GetAppSpawnContent();
if (pid == content->reservedPid) {
APPSPAWN_LOGW("HandleDiedPid with reservedPid %{public}d", pid);
content->reservedPid = 0;
}
AppSpawnedProcess *appInfo = GetSpawnedProcess(pid);
if (appInfo == NULL) { // If an exception occurs during app spawning, kill pid, return failed
WaitChildDied(pid);
@ -205,7 +211,7 @@ APPSPAWN_STATIC void ProcessSignal(const struct signalfd_siginfo *siginfo)
static void AppSpawningCtxOnClose(const AppSpawnMgr *mgr, AppSpawningCtx *ctx, void *data)
{
if (ctx->message == NULL || ctx->message->connection != data) {
if (ctx == NULL || ctx->message == NULL || ctx->message->connection != data) {
return;
}
APPSPAWN_LOGI("Kill process, pid: %{public}d app: %{public}s", ctx->pid, GetProcessName(ctx));
@ -480,7 +486,7 @@ static void OnReceiveRequest(const TaskHandle taskHandle, const uint8_t *buffer,
static char *GetMapMem(uint32_t clientId, const char *processName, uint32_t size, bool readOnly, bool isNweb)
{
char path[PATH_MAX] = {};
int len = sprintf_s(path, sizeof(path), APPSPAWN_MSG_DIR "%s/%s_%d",
int len = sprintf_s(path, sizeof(path), APPSPAWN_MSG_DIR "%s/%s_%u",
isNweb ? "nwebspawn" : "appspawn", processName, clientId);
APPSPAWN_CHECK(len > 0, return NULL, "Failed to format path %{public}s", processName);
APPSPAWN_LOGV("GetMapMem for child %{public}s memSize %{public}u", path, size);
@ -535,7 +541,7 @@ static int InitForkContext(AppSpawningCtx *property)
}
int option = fcntl(property->forkCtx.fd[0], F_GETFD);
if (option > 0) {
(void)fcntl(property->forkCtx.fd[0], F_SETFD, option | O_NONBLOCK);
(void)fcntl(property->forkCtx.fd[0], F_SETFD, (unsigned int)option | O_NONBLOCK);
}
return 0;
}
@ -612,9 +618,19 @@ static void WatchChildProcessFd(AppSpawningCtx *property)
}
}
static int IsChildColdRun(AppSpawningCtx *property)
{
return CheckAppMsgFlagsSet(property, APP_FLAGS_UBSAN_ENABLED)
|| CheckAppMsgFlagsSet(property, APP_FLAGS_ASANENABLED)
|| CheckAppMsgFlagsSet(property, APP_FLAGS_TSAN_ENABLED)
|| CheckAppMsgFlagsSet(property, APP_FLAGS_HWASAN_ENABLED)
|| (property->client.flags & APP_COLD_START);
}
static int AddChildWatcher(AppSpawningCtx *property)
{
uint32_t timeout = GetSpawnTimeout(WAIT_CHILD_RESPONSE_TIMEOUT);
uint32_t defTimeout = IsChildColdRun(property) ? COLD_CHILD_RESPONSE_TIMEOUT : WAIT_CHILD_RESPONSE_TIMEOUT;
uint32_t timeout = GetSpawnTimeout(defTimeout);
LE_WatchInfo watchInfo = {};
watchInfo.fd = property->forkCtx.fd[0];
watchInfo.flags = WATCHER_ONCE;
@ -719,9 +735,37 @@ static void ClearMMAP(int clientId)
}
}
static int SetPreforkProcessName(AppSpawnContent *content)
{
int ret = prctl(PR_SET_NAME, PREFORK_PROCESS);
if (ret == -1) {
return errno;
}
ret = memset_s(content->longProcName,
(size_t)content->longProcNameLen, 0, (size_t)content->longProcNameLen);
if (ret != EOK) {
return EINVAL;
}
ret = strncpy_s(content->longProcName, content->longProcNameLen,
PREFORK_PROCESS, strlen(PREFORK_PROCESS));
if (ret != EOK) {
return EINVAL;
}
return 0;
}
static void ProcessPreFork(AppSpawnContent *content, AppSpawningCtx *property)
{
APPSPAWN_CHECK(pipe(content->preforkFd) == 0, return, "prefork with prefork pipe failed %{public}d", errno);
APPSPAWN_CHECK_ONLY_EXPER(content->parentToChildFd[0] <= 0, close(content->parentToChildFd[0]);
content->parentToChildFd[0] = -1);
APPSPAWN_CHECK_ONLY_EXPER(content->parentToChildFd[1] <= 0, close(content->parentToChildFd[1]);
content->parentToChildFd[1] = -1);
APPSPAWN_CHECK(pipe(content->parentToChildFd) == 0, return, "prefork with prefork pipe failed %{public}d", errno);
content->reservedPid = fork();
APPSPAWN_LOGV("prefork fork finish %{public}d,%{public}d,%{public}d,%{public}d,%{public}d",
content->reservedPid, content->preforkFd[0], content->preforkFd[1], content->parentToChildFd[0],
@ -729,7 +773,7 @@ static void ProcessPreFork(AppSpawnContent *content, AppSpawningCtx *property)
if (content->reservedPid == 0) {
(void)close(property->forkCtx.fd[0]);
(void)close(property->forkCtx.fd[1]);
int isRet = prctl(PR_SET_NAME, "apppool");
int isRet = SetPreforkProcessName(content);
APPSPAWN_LOGI("prefork process start wait read msg with set processname %{public}d", isRet);
AppSpawnClient client = {0, 0};
int infoSize = read(content->parentToChildFd[0], &client, sizeof(AppSpawnClient));
@ -781,7 +825,7 @@ static int AppSpawnProcessMsgForPrefork(AppSpawnContent *content, AppSpawnClient
int option = fcntl(property->forkCtx.fd[0], F_GETFD);
if (option > 0) {
ret = fcntl(property->forkCtx.fd[0], F_SETFD, option | O_NONBLOCK);
ret = fcntl(property->forkCtx.fd[0], F_SETFD, (unsigned int)option | O_NONBLOCK);
APPSPAWN_CHECK_ONLY_LOG(ret == 0, "fcntl failed %{public}d,%{public}d", ret, errno);
}
@ -803,13 +847,9 @@ static bool IsSupportPrefork(AppSpawnContent *content, AppSpawnClient *client)
if (!content->enablePerfork) {
return false;
}
if (!content->isPrefork) {
if (pipe(content->parentToChildFd) == 0) {
content->isPrefork = true;
}
}
AppSpawningCtx *property = (AppSpawningCtx *)client;
if (content->mode == MODE_FOR_APP_SPAWN && !(client->flags & APP_COLD_START) && content->isPrefork
if (content->mode == MODE_FOR_APP_SPAWN && !IsChildColdRun(property)
&& !CheckAppMsgFlagsSet(property, APP_FLAGS_CHILDPROCESS)) {
return true;
}
@ -869,9 +909,7 @@ static void ProcessSpawnReqMsg(AppSpawnConnection *connection, AppSpawnMsgNode *
// mount el2 dir
// getWrapBundleNameValue
AppSpawnHookExecute(STAGE_PARENT_PRE_FORK, 0, GetAppSpawnContent(), &property->client);
if (IsDeveloperModeOn(property)) {
DumpAppSpawnMsg(property->message);
}
DumpAppSpawnMsg(property->message);
clock_gettime(CLOCK_MONOTONIC, &property->spawnStart);
ret = RunAppSpawnProcessMsg(GetAppSpawnContent(), &property->client, &property->pid);
@ -889,14 +927,29 @@ static void ProcessSpawnReqMsg(AppSpawnConnection *connection, AppSpawnMsgNode *
}
}
static uint32_t g_lastDiedAppId = 0;
static uint32_t g_crashTimes = 0;
#define MAX_CRASH_TIME 5
static void WaitChildDied(pid_t pid)
{
AppSpawningCtx *property = GetAppSpawningCtxByPid(pid);
if (property != NULL && property->state == APP_STATE_SPAWNING) {
APPSPAWN_LOGI("Child process %{public}s fail \'child crash \'pid %{public}d appId: %{public}d",
GetProcessName(property), property->pid, property->client.id);
if (property->client.id == g_lastDiedAppId + 1) {
g_crashTimes++;
} else {
g_crashTimes = 1;
}
g_lastDiedAppId = property->client.id;
SendResponse(property->message->connection, &property->message->msgHeader, APPSPAWN_CHILD_CRASH, 0);
DeleteAppSpawningCtx(property);
if (g_crashTimes >= MAX_CRASH_TIME) {
APPSPAWN_LOGW("Continuous failures in spawning the app, restart appspawn");
StopAppSpawn();
}
}
}
@ -1073,9 +1126,9 @@ APPSPAWN_STATIC int AppSpawnColdStartApp(struct AppSpawnContent *content, AppSpa
APPSPAWN_CHECK(len > 0, return APPSPAWN_SYSTEM_ERROR, "Invalid to format fd");
len = sprintf_s(buffer[1], sizeof(buffer[1]), " %u ", property->client.flags);
APPSPAWN_CHECK(len > 0, return APPSPAWN_SYSTEM_ERROR, "Invalid to format flags");
len = sprintf_s(buffer[2], sizeof(buffer[2]), " %d ", property->forkCtx.msgSize); // 2 2 index for dest path
len = sprintf_s(buffer[2], sizeof(buffer[2]), " %u ", property->forkCtx.msgSize); // 2 2 index for dest path
APPSPAWN_CHECK(len > 0, return APPSPAWN_SYSTEM_ERROR, "Invalid to format shmId ");
len = sprintf_s(buffer[3], sizeof(buffer[3]), " %d ", property->client.id); // 3 3 index for client id
len = sprintf_s(buffer[3], sizeof(buffer[3]), " %u ", property->client.id); // 3 3 index for client id
APPSPAWN_CHECK(len > 0, return APPSPAWN_SYSTEM_ERROR, "Invalid to format shmId ");
#ifndef APPSPAWN_TEST
@ -1100,12 +1153,12 @@ static AppSpawningCtx *GetAppSpawningCtxFromArg(AppSpawnMgr *content, int argc,
AppSpawningCtx *property = CreateAppSpawningCtx();
APPSPAWN_CHECK(property != NULL, return NULL, "Create app spawning ctx fail");
property->forkCtx.fd[1] = atoi(argv[FD_VALUE_INDEX]);
property->client.flags = atoi(argv[FLAGS_VALUE_INDEX]);
property->client.flags = (uint32_t)atoi(argv[FLAGS_VALUE_INDEX]);
property->client.flags &= ~APP_COLD_START;
int isNweb = IsNWebSpawnMode(content);
uint32_t size = atoi(argv[SHM_SIZE_INDEX]);
property->client.id = atoi(argv[CLIENT_ID_INDEX]);
uint32_t size = (uint32_t)atoi(argv[SHM_SIZE_INDEX]);
property->client.id = (uint32_t)atoi(argv[CLIENT_ID_INDEX]);
uint8_t *buffer = (uint8_t *)GetMapMem(property->client.id,
argv[PARAM_VALUE_INDEX], size, true, isNweb);
if (buffer == NULL) {
@ -1123,7 +1176,7 @@ static AppSpawningCtx *GetAppSpawningCtxFromArg(AppSpawnMgr *content, int argc,
munmap((char *)buffer, size);
//unlink
char path[PATH_MAX] = {0};
int len = sprintf_s(path, sizeof(path), APPSPAWN_MSG_DIR "%s/%s_%d",
int len = sprintf_s(path, sizeof(path), APPSPAWN_MSG_DIR "%s/%s_%u",
isNweb ? "nwebspawn" : "appspawn", argv[PARAM_VALUE_INDEX], property->client.id);
if (len > 0) {
unlink(path);
@ -1151,9 +1204,7 @@ static void AppSpawnColdRun(AppSpawnContent *content, int argc, char *const argv
APPSPAWN_LOGE("Failed to get property from arg");
return;
}
if (IsDeveloperModeOn(property)) {
DumpAppSpawnMsg(property->message);
}
DumpAppSpawnMsg(property->message);
int ret = AppSpawnExecuteSpawningHook(content, &property->client);
if (ret == 0) {
@ -1211,8 +1262,9 @@ APPSPAWN_STATIC int AppSpawnClearEnv(AppSpawnMgr *content, AppSpawningCtx *prope
static int IsEnablePerfork()
{
char buffer[32] = {0};
int ret = GetParameter("persist.sys.prefork.enable", "false", buffer, sizeof(buffer));
return (ret > 0 && strcmp(buffer, "true") == 0);
int ret = GetParameter("persist.sys.prefork.enable", "true", buffer, sizeof(buffer));
APPSPAWN_LOGV("IsEnablePerfork result %{public}d, %{public}s", ret, buffer);
return strcmp(buffer, "true") == 0;
}
AppSpawnContent *AppSpawnCreateContent(const char *socketName, char *longProcName, uint32_t nameLen, int mode)
@ -1351,6 +1403,7 @@ static bool CheckAllDigit(char *userId)
return true;
}
#ifdef APPSPAWN_SANDBOX_NEW
static int ProcessSpawnRemountMsg(AppSpawnConnection *connection, AppSpawnMsgNode *message)
{
char srcPath[PATH_SIZE] = {0};
@ -1365,7 +1418,51 @@ static int ProcessSpawnRemountMsg(AppSpawnConnection *connection, AppSpawnMsgNod
while ((ent = readdir(rootDir)) != NULL) {
char *userId = ent->d_name;
if (strcmp(userId, ".") == 0 || strcmp(userId, "..") == 0 || !CheckAllDigit(userId)) {
continue;
continue;
}
char destPath[PATH_SIZE] = {0};
int ret = snprintf_s(destPath, sizeof(destPath), sizeof(destPath) - 1,
"%s/%s/app-root/mnt/nweb/tmp", rootPath, userId);
APPSPAWN_CHECK(ret > 0, continue, "Failed to snprintf_s, errno %{public}d", errno);
ret = umount2(destPath, MNT_DETACH);
if (ret != 0) {
APPSPAWN_LOGW("Umount %{public}s failed, errno %{public}d", destPath, errno);
}
ret = mount(srcPath, destPath, NULL, MS_BIND | MS_REC, NULL);
if (ret != 0 && errno == EBUSY) {
ret = mount(srcPath, destPath, NULL, MS_BIND | MS_REC, NULL);
APPSPAWN_LOGW("Bind mount again %{public}s to %{public}s, ret %{public}d", srcPath, destPath, ret);
}
APPSPAWN_CHECK(ret == 0, continue,
"Failed to bind mount %{public}s to %{public}s, errno %{public}d", srcPath, destPath, errno);
ret = mount(NULL, destPath, NULL, MS_SHARED, NULL);
APPSPAWN_CHECK(ret == 0, continue,
"Failed to shared mount %{public}s, errno %{public}d", destPath, errno);
APPSPAWN_LOGI("Remount %{public}s to %{public}s success", srcPath, destPath);
}
closedir(rootDir);
return 0;
}
#else
static int ProcessSpawnRemountMsg(AppSpawnConnection *connection, AppSpawnMsgNode *message)
{
char srcPath[PATH_SIZE] = {0};
int len = GetArkWebInstallPath("persist.arkwebcore.install_path", srcPath);
APPSPAWN_CHECK(len > 0, return -1, "Failed to get arkwebcore install path");
char *rootPath = "/mnt/sandbox";
DIR *rootDir = opendir(rootPath);
APPSPAWN_CHECK(rootDir != NULL, return -1, "Failed to opendir %{public}s, errno %{public}d", rootPath, errno);
struct dirent *ent;
while ((ent = readdir(rootDir)) != NULL) {
char *userId = ent->d_name;
if (strcmp(userId, ".") == 0 || strcmp(userId, "..") == 0 || !CheckAllDigit(userId)) {
continue;
}
char userIdPath[PATH_SIZE] = {0};
@ -1405,6 +1502,7 @@ static int ProcessSpawnRemountMsg(AppSpawnConnection *connection, AppSpawnMsgNod
closedir(rootDir);
return 0;
}
#endif
static void ProcessSpawnRestartMsg(AppSpawnConnection *connection, AppSpawnMsgNode *message)
{
@ -1426,8 +1524,7 @@ static void ProcessSpawnRestartMsg(AppSpawnConnection *connection, AppSpawnMsgNo
APPSPAWN_CHECK(fd >= 0, return, "Get fd failed %{public}d, errno %{public}d", fd, errno);
int op = fcntl(fd, F_GETFD);
op &= ~FD_CLOEXEC;
int ret = fcntl(fd, F_SETFD, op);
int ret = fcntl(fd, F_SETFD, (unsigned int)op & ~FD_CLOEXEC);
if (ret < 0) {
APPSPAWN_LOGE("Set fd failed %{public}d, %{public}d, ret %{public}d, errno %{public}d", fd, op, ret, errno);
}

2
standard/appspawn_service.h
View File

@ -34,9 +34,11 @@ extern "C" {
#ifdef APPSPAWN_TEST
#define MAX_WAIT_MSG_COMPLETE (5 * 100) // 500ms
#define COLD_CHILD_RESPONSE_TIMEOUT 5
#define WAIT_CHILD_RESPONSE_TIMEOUT 3 //3s
#else
#define MAX_WAIT_MSG_COMPLETE (5 * 1000) // 5s
#define COLD_CHILD_RESPONSE_TIMEOUT 5
#define WAIT_CHILD_RESPONSE_TIMEOUT 3 //3s
#endif

104
test/fuzztest/appspawnctx_fuzzer/appspawnctx_fuzzer.cpp
View File

@ -1,104 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "appspawnctx_fuzzer.h"
#include <string>
#include "appspawn_manager.h"
/**
* @brief ctx对象的操作
*
*/
namespace OHOS {
void ProcessTraversal(const AppSpawnMgr *mgr, AppSpawningCtx *ctx, void *data)
{
return;
}
void AppSpawningCtxTraversal(ProcessTraversal traversal, void *data)
{
AppSpawnMgr *mgr = GetAppSpawnMgr();
if (mgr == NULL || traversal == NULL) {
return
}
ListNode *node = g_appSpawnMgr->appQueue.next;
while (node != &g_appSpawnMgr->appQueue) {
ListNode *next = node->next;
AppSpawnedProcess *appInfo = ListEntry(node, AppSpawnedProcess, node);
traversal(g_appSpawnMgr, appInfo, data);
node = next;
}
}
int FuzzAppSpawningCtxTraversal(const uint8_t *data, size_t size)
{
pid_t pid = static_cast<pid_t>(size);
AppSpawningCtxTraversal(ProcessTraversal, (void *)data);
return 0;
}
int FuzzGetAppSpawningCtxByPid(const uint8_t *data, size_t size)
{
pid_t pid = static_cast<pid_t>(size);
AppSpawningCtx *ctx = GetAppSpawningCtxByPid(pid);
if (ctx) {
return 0;
}
return -1;
}
int FuzzCreateAppSpawningCtx(const uint8_t *data, size_t size)
{
AppSpawningCtx *ctx = CreateAppSpawningCtx();
if (ctx) {
return 0;
}
return -1;
}
int FuzzDeleteAppSpawningCtx(const uint8_t *data, size_t size)
{
AppSpawningCtx *ctx = CreateAppSpawningCtx();
if (ctx) {
DeleteAppSpawningCtx(ctx);
return 0;
}
return -1;
}
int FuzzKillAndWaitStatus(const uint8_t *data, size_t size)
{
pid_t pid = static_cast<pid_t>(size);
int status = 0;
int ret = KillAndWaitStatus(pid, pid, &status);
if (ret) {
return -1;
}
return 0;
}
}
/* Fuzzer entry point */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
/* Run your code on data */
OHOS::FuzzAppSpawningCtxTraversal(data, size);
OHOS::FuzzGetAppSpawningCtxByPid(data, size);
OHOS::FuzzCreateAppSpawningCtx(data, size);
OHOS::FuzzDeleteAppSpawningCtx(data, size);
OHOS::FuzzKillAndWaitStatus(data, size);
return 0;
}

19
test/fuzztest/appspawnctx_fuzzer/appspawnctx_fuzzer.h
View File

@ -1,19 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef APPSPAWNCTX_FUZZER
#define APPSPAWNCTX_FUZZER
#define FUZZ_PROJECT_NAME "appspawnctx_fuzzer"
#endif // APPSPAWNCTX_FUZZER

14
test/fuzztest/appspawnctx_fuzzer/corpus/init
View File

@ -1,14 +0,0 @@
# Copyright (c) 2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FUZZ

25
test/fuzztest/appspawnctx_fuzzer/project.xml
View File

@ -1,25 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<fuzz_config>
<fuzztest>
<!-- maximum length of a test input -->
<max_len>100</max_len>
<!-- maximum total time in seconds to run the fuzzer -->
<max_total_time>30</max_total_time>
<!-- memory usage limit in Mb -->
<rss_limit_mb>2048</rss_limit_mb>
</fuzztest>
</fuzz_config>

73
test/fuzztest/appspawnmanager_fuzzer/appspawnmanager_fuzzer.cpp
View File

@ -1,73 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "appspawnmanager_fuzzer.h"
#include <string>
#include "appspawn_manager.h"
/**
* @brief App Spawn Mgr object op
*
*/
namespace OHOS {
int FuzzCreateAppSpawnMgr(const uint8_t *data, size_t size)
{
AppSpawnMgr *mgr = CreateAppSpawnMgr(size);
if (mgr) {
return 1;
}
return -1;
}
int FuzzGetAppSpawnMgr(const uint8_t *data, size_t size)
{
AppSpawnMgr *mgr = GetAppSpawnMgr();
if (mgr) {
return 1;
}
return -1;
}
int FuzzDeleteAppSpawnMgr(const uint8_t *data, size_t size)
{
AppSpawnMgr *mgr = GetAppSpawnMgr();
if (mgr) {
DeleteAppSpawnMgr(mgr)
return 1;
}
return -1;
}
int FuzzGetAppSpawnContent(const uint8_t *data, size_t size)
{
AppSpawnContent *content = GetAppSpawnContent();
if (mgr) {
return 1;
}
return -1;
}
}
/* Fuzzer entry point */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
/* Run your code on data */
OHOS::FuzzCreateAppSpawnMgr(data, size);
OHOS::FuzzGetAppSpawnMgr(data, size);
OHOS::FuzzDeleteAppSpawnMgr(data, size);
OHOS::FuzzGetAppSpawnContent(data, size);
return 0;
}

19
test/fuzztest/appspawnmanager_fuzzer/appspawnmanager_fuzzer.h
View File

@ -1,19 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef APPSPAWNMANAGER_FUZZER
#define APPSPAWNMANAGER_FUZZER
#define FUZZ_PROJECT_NAME "appspawnmanager_fuzzer"
#endif // APPSPAWNMANAGER_FUZZER

14
test/fuzztest/appspawnmanager_fuzzer/corpus/init
View File

@ -1,14 +0,0 @@
# Copyright (c) 2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FUZZ

25
test/fuzztest/appspawnmanager_fuzzer/project.xml
View File

@ -1,25 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<fuzz_config>
<fuzztest>
<!-- maximum length of a test input -->
<max_len>100</max_len>
<!-- maximum total time in seconds to run the fuzzer -->
<max_total_time>30</max_total_time>
<!-- memory usage limit in Mb -->
<rss_limit_mb>2048</rss_limit_mb>
</fuzztest>
</fuzz_config>

57
test/fuzztest/appspawnmodulemgr_fuzzer/appspawnmodulemgr_fuzzer.cpp
View File

@ -1,57 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "appspawnmodulemgr_fuzzer.h"
#include <string>
#include "appspawn_modulemgr.h"
namespace OHOS {
int FuzzAppSpawnModuleMgrInstall(const uint8_t *data, size_t size)
{
std::string moduleName(reinterpret_cast<const char*>(data), size);
return AppSpawnModuleMgrInstall(moduleName.c_str());
}
int FuzzAppSpawnLoadAutoRunModules(const uint8_t *data, size_t size)
{
int type = static_cast<int>(size);
return AppSpawnLoadAutoRunModules(type);
}
int FuzzAppSpawnModuleMgrUnInstall(const uint8_t *data, size_t size)
{
int type = static_cast<int>(size);
return AppSpawnModuleMgrUnInstall(type);
}
int FuzzzAppSpawnModuleMgrUnInstall(const uint8_t *data, size_t size)
{
AppSpawnModuleMgrUnInstall();
return 0;
}
}
/* Fuzzer entry point */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
/* Run your code on data */
OHOS::FuzzAppSpawnModuleMgrInstall(data, size);
OHOS::FuzzAppSpawnLoadAutoRunModules(data, size);
OHOS::FuzzAppSpawnModuleMgrUnInstall(data, size);
OHOS::FuzzzAppSpawnModuleMgrUnInstall(data, size);
return 0;
}

19
test/fuzztest/appspawnmodulemgr_fuzzer/appspawnmodulemgr_fuzzer.h
View File

@ -1,19 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef APPSPAWNMODULEMGR_FUZZER
#define APPSPAWNMODULEMGR_FUZZER
#define FUZZ_PROJECT_NAME "appspawnmodulemgr_fuzzer"
#endif // APPSPAWNMODULEMGR_FUZZER

14
test/fuzztest/appspawnmodulemgr_fuzzer/corpus/init
View File

@ -1,14 +0,0 @@
# Copyright (c) 2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FUZZ

25
test/fuzztest/appspawnmodulemgr_fuzzer/project.xml
View File

@ -1,25 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<fuzz_config>
<fuzztest>
<!-- maximum length of a test input -->
<max_len>100</max_len>
<!-- maximum total time in seconds to run the fuzzer -->
<max_total_time>30</max_total_time>
<!-- memory usage limit in Mb -->
<rss_limit_mb>2048</rss_limit_mb>
</fuzztest>
</fuzz_config>

102
test/fuzztest/appspawnprocess_fuzzer/appspawnprocess_fuzzer.cpp
View File

@ -1,102 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "appspawnprocess_fuzzer.h"
#include <string>
#include "appspawn_manager.h"
/**
* @brief app实例的操作
*
*/
namespace OHOS {
void AppTraversal(const AppSpawnMgr *mgr, AppSpawnedProcess *appInfo, void *data)
{
return;
}
void TraversalSpawnedProcess(AppTraversal traversal, void *data)
{
AppSpawnMgr *mgr = GetAppSpawnMgr();
if (mgr == NULL || traversal == NULL) {
return;
}
ListNode *node = g_appSpawnMgr->appQueue.next;
while (node != &g_appSpawnMgr->appQueue) {
ListNode *next = node->next;
AppSpawnedProcess *appInfo = ListEntry(node, AppSpawnedProcess, node);
traversal(g_appSpawnMgr, appInfo, data);
node = next;
}
}
int FuzzTraversalSpawnedProcess(const uint8_t *data, size_t size)
{
TraversalSpawnedProcess(AppTraversal, (void *)data);
return 0;
}
int FuzzAddSpawnedProcess(const uint8_t *data, size_t size)
{
pid_t pid = static_cast<pid_t>(size);
std::string processName(reinterpret_cast<const char*>(data), size);
AddSpawnedProcess(pid, processName.c_str());
return 0;
}
int FuzzGetSpawnedProcess(const uint8_t *data, size_t size)
{
pid_t pid = static_cast<pid_t>(size);
AppSpawnedProcess *process = GetSpawnedProcess(pid);
if (!process) {
return -1;
}
return 0;
}
int FuzzGetSpawnedProcessByName(const uint8_t *data, size_t size)
{
std::string processName(reinterpret_cast<const char*>(data), size);
AppSpawnedProcess *process = GetSpawnedProcessByName(processName.c_str());
if (!process) {
return -1;
}
return 0;
}
int FuzzTerminateSpawnedProcess(const uint8_t *data, size_t size)
{
pid_t pid = static_cast<pid_t>(size);
AppSpawnedProcess *process = GetSpawnedProcess(pid);
if (!process) {
return -1;
}
TerminateSpawnedProcess(process);
return 0;
}
}
/* Fuzzer entry point */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
/* Run your code on data */
OHOS::FuzzTraversalSpawnedProcess(data, size);
OHOS::FuzzAddSpawnedProcess(data, size);
OHOS::FuzzGetSpawnedProcess(data, size);
OHOS::FuzzGetSpawnedProcessByName(data, size);
OHOS::FuzzTerminateSpawnedProcess(data, size);
return 0;
}

19
test/fuzztest/appspawnprocess_fuzzer/appspawnprocess_fuzzer.h
View File

@ -1,19 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef APPSPAWNPROCESS_FUZZER
#define APPSPAWNPROCESS_FUZZER
#define FUZZ_PROJECT_NAME "appspawnprocess_fuzzer"
#endif // APPSPAWNPROCESS_FUZZER

14
test/fuzztest/appspawnprocess_fuzzer/corpus/init
View File

@ -1,14 +0,0 @@
# Copyright (c) 2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FUZZ

25
test/fuzztest/appspawnprocess_fuzzer/project.xml
View File

@ -1,25 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<fuzz_config>
<fuzztest>
<!-- maximum length of a test input -->
<max_len>100</max_len>
<!-- maximum total time in seconds to run the fuzzer -->
<max_total_time>30</max_total_time>
<!-- memory usage limit in Mb -->
<rss_limit_mb>2048</rss_limit_mb>
</fuzztest>
</fuzz_config>

14
test/fuzztest/hnp_fuzzer/hnphnppackcmd_fuzzer/corpus/init
View File

@ -1,14 +0,0 @@
# Copyright (c) 2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FUZZ

69
test/fuzztest/hnp_fuzzer/hnphnppackcmd_fuzzer/hnphnppackcmd_fuzzer.cpp
View File

@ -1,69 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "hnp_fuzzer.h"
#include <string>
#include "appspawn_utils.h"
#include "parameter.h"
#include "hnp_base.h"
#include "hnp_pack.h"
#include "hnp_installer.h"
#include "hnp_api.h"
#include "securec.h"
namespace OHOS {
int FuzzHnpPackCmd(const uint8_t *data, size_t size)
{
if (data == nullptr) {
return 0;
}
(void)mkdir("hnp_sample", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
FILE *fp = fopen("./hnp_sample/hnp.json", "w");
(void)fclose(fp);
char arg1[] = "hnp";
char arg2[] = "pack";
char arg3[] = const_cast<char *>(data);
arg4[] = const_cast<char *>(data);
arg5[] = const_cast<char *>(data);
arg6[] = const_cast<char *>(data);
char *argv[] = {arg1, arg2, arg3, arg4, arg5, arg6};
int argc = sizeof(argv) / sizeof(argv[0]);
char cfg[] = "{\"type\":\"hnp-config\",\"name\":\"sample\",\"version\":\"1.1\",\"install\":{}}";
fp = fopen("./hnp_sample/hnp.json", "w");
(void)fwrite(cfg, sizeof(char), strlen(cfg) + 1, fp);
(void)fclose(fp);
(void)HnpCmdPack(argc, argv);
(void)remove("./hnp_out/sample.hnp");
(void)remove("./hnp_sample/hnp.json");
(void)rmdir("hnp_sample");
(void)rmdir("hnp_out");
return 0;
}
}
/* Fuzzer entry point */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
/* Run your code on data */
OHOS::FuzzHnpPackCmd(data, size);
return 0;
}

21
test/fuzztest/hnp_fuzzer/hnphnppackcmd_fuzzer/hnphnppackcmd_fuzzer.h
View File

@ -1,21 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef HNPHNPPACKCMD_FUZZER
#define HNPHNPPACKCMD_FUZZER
#define FUZZ_PROJECT_NAME "hnphnppackcmd_fuzzer"
#endif // HNPHNPPACKCMD_FUZZER

25
test/fuzztest/hnp_fuzzer/hnphnppackcmd_fuzzer/project.xml
View File

@ -1,25 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<fuzz_config>
<fuzztest>
<!-- maximum length of a test input -->
<max_len>100</max_len>
<!-- maximum total time in seconds to run the fuzzer -->
<max_total_time>30</max_total_time>
<!-- memory usage limit in Mb -->
<rss_limit_mb>2048</rss_limit_mb>
</fuzztest>
</fuzz_config>

14
test/fuzztest/hnp_fuzzer/hnpnativeinstallhnp_fuzzer/corpus/init
View File

@ -1,14 +0,0 @@
# Copyright (c) 2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FUZZ

193
test/fuzztest/hnp_fuzzer/hnpnativeinstallhnp_fuzzer/hnpnativeinstallhnp_fuzzer.cpp
View File

@ -1,193 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "hnpnativeinstallhnp_fuzzer.h"
#include <string>
#include "appspawn_utils.h"
#include "parameter.h"
#include "hnp_base.h"
#include "hnp_pack.h"
#include "hnp_installer.h"
#include "hnp_api.h"
#include "securec.h"
namespace OHOS {
void HnpPackWithoutBin(char *name, bool isPublic, bool isFirst)
{
char arg6[MAX_FILE_PATH_LEN];
if (isPublic) {
(void)strcpy_s(arg6, MAX_FILE_PATH_LEN, "./hnp_out/public");
} else {
(void)strcpy_s(arg6, MAX_FILE_PATH_LEN, "./hnp_out/private");
}
if (isFirst) {
(void)mkdir("./hnp_sample", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("./hnp_out", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out/public", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out/private", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
}
char arg1[] = "hnpcli";
char arg2[] = "pack";
char arg3[] = "-i";
char arg4[] = "./hnp_sample";
char arg5[] = "-o";
char arg7[] = "-n";
char arg9[] = "-v";
char arg10[] = "1.1";
char *argv[] = {arg1, arg2, arg3, arg4, arg5, arg6, arg7, name, arg9, arg10};
int argc = sizeof(argv) / sizeof(argv[0]);
(void)HnpCmdPack(argc, argv);
}
void HnpPackWithoutBinDelete(void)
{
(void)HnpDeleteFolder("hnp_sample");
(void)HnpDeleteFolder("hnp_out");
}
void HnpPackWithBin(char *name, bool isPublic, bool isFirst, mode_t mode)
{
char arg6[MAX_FILE_PATH_LEN];
if (isPublic) {
(void)strcpy_s(arg6, MAX_FILE_PATH_LEN, "./hnp_out/public");
} else {
(void)strcpy_s(arg6, MAX_FILE_PATH_LEN, "./hnp_out/private");
}
if (isFirst) {
(void)mkdir("hnp_sample", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_sample/bin", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
FILE *fp = fopen("hnp_sample/bin/out", "wb");
(void)fclose(fp);
(void)chmod("hnp_sample/bin/out", mode);
(void)mkdir("hnp_out", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out/public", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out/private", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
}
char arg1[] = "hnpcli";
char arg2[] = "pack";
char arg3[] = "-i";
char arg4[] = "./hnp_sample";
char arg5[] = "-o";
char arg7[] = "-n";
char arg9[] = "-v";
char arg10[] = "1.1";
char *argv[] = {arg1, arg2, arg3, arg4, arg5, arg6, arg7, name, arg9, arg10};
int argc = sizeof(argv) / sizeof(argv[0]);
(void)HnpCmdPack(argc, argv);
}
void HnpPackWithBinDelete(void)
{
(void)HnpDeleteFolder("hnp_sample");
(void)HnpDeleteFolder("hnp_out");
}
void HnpPackWithCfg(bool isPublic, bool isFirst)
{
FILE *fp;
int whitelen;
char arg6[MAX_FILE_PATH_LEN];
if (isPublic) {
(void)strcpy_s(arg6, MAX_FILE_PATH_LEN, "./hnp_out/public");
} else {
(void)strcpy_s(arg6, MAX_FILE_PATH_LEN, "./hnp_out/private");
}
if (isFirst) {
(void)mkdir("hnp_sample", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_sample/bin", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out/public", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out/private", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
fp = fopen("hnp_sample/bin/out", "wb");
(void)fclose(fp);
fp = fopen("hnp_sample/bin/out2", "wb");
(void)fclose(fp);
fp = fopen("hnp_sample/hnp.json", "w");
(void)fclose(fp);
}
char arg1[] = "hnp";
char arg2[] = "pack";
char arg3[] = "-i";
char arg4[] = "./hnp_sample";
char arg5[] = "-o";
char *argv[] = {arg1, arg2, arg3, arg4, arg5, arg6};
int argc = sizeof(argv) / sizeof(argv[0]);
char cfg[] = "{\"type\":\"hnp-config\",\"name\":\"sample\",\"version\":\"1.1\",\"install\":"
"{\"links\":[{\"source\":\"bin/out\",\"target\":\"outt\"},{\"source\":\"bin/out2\","
"\"target\":\"out2\"}]}}";
fp = fopen("hnp_sample/hnp.json", "w");
whitelen = fwrite(cfg, sizeof(char), strlen(cfg) + 1, fp);
(void)fclose(fp);
(void)whitelen, strlen(cfg) + 1);
(void)HnpCmdPack(argc, argv);
}
void HnpPackWithCfgDelete(void)
{
(void)HnpDeleteFolder("hnp_sample");
(void)HnpDeleteFolder("hnp_out");
}
int FuzzNativeInstallHnp(const uint8_t *data, size_t size)
{
if (data == nullptr) {
return 0;
}
char *userId = const_cast<char *>(data);
int installOptions = *(reinterpret_cast<int *>(data));
const char *hnpRootPath = "./hnp_out";
HapInfo hapInfo;
hapInfo.packageName = const_cast<char *>(data);
hapInfo.hapPath = const_cast<char *>(data);
hapInfo.abi = const_cast<char *>(data);
// clear resource before test
HnpDeleteFolder("hnp_sample");
HnpDeleteFolder("hnp_out");
HnpDeleteFolder(HNP_BASE_PATH);
remove(HNP_PACKAGE_INFO_JSON_FILE_PATH);
(void)mkdir(HNP_BASE_PATH, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
HnpPackWithBin(const_cast<char *>("sample_public"), true, true, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH);
HnpPackWithBin(const_cast<char *>("sample_private"), false, false, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH);
(void)NativeInstallHnp(userId, hnpRootPath, hapInfo, installOptions);
return 0;
}
}
/* Fuzzer entry point */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
/* Run your code on data */
OHOS::FuzzNativeInstallHnp(data, size);
return 0;
}

21
test/fuzztest/hnp_fuzzer/hnpnativeinstallhnp_fuzzer/hnpnativeinstallhnp_fuzzer.h
View File

@ -1,21 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef HNPNATIVEINSTALLHNP_FUZZER
#define HNPNATIVEINSTALLHNP_FUZZER
#define FUZZ_PROJECT_NAME "hnpnativeinstallhnp_fuzzer"
#endif // HNP_FUZZER

25
test/fuzztest/hnp_fuzzer/hnpnativeinstallhnp_fuzzer/project.xml
View File

@ -1,25 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<fuzz_config>
<fuzztest>
<!-- maximum length of a test input -->
<max_len>100</max_len>
<!-- maximum total time in seconds to run the fuzzer -->
<max_total_time>30</max_total_time>
<!-- memory usage limit in Mb -->
<rss_limit_mb>2048</rss_limit_mb>
</fuzztest>
</fuzz_config>

14
test/fuzztest/hnp_fuzzer/hnpnativeuninstallhnp_fuzzer/corpus/init
View File

@ -1,14 +0,0 @@
# Copyright (c) 2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FUZZ

217
test/fuzztest/hnp_fuzzer/hnpnativeuninstallhnp_fuzzer/hnpnativeuninstallhnp_fuzzer.cpp
View File

@ -1,217 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "hnp_fuzzer.h"
#include <string>
#include "appspawn_utils.h"
#include "parameter.h"
#include "hnp_base.h"
#include "hnp_pack.h"
#include "hnp_installer.h"
#include "hnp_api.h"
#include "securec.h"
namespace OHOS {
void HnpPackWithoutBin(char *name, bool isPublic, bool isFirst)
{
char arg6[MAX_FILE_PATH_LEN];
if (isPublic) {
(void)strcpy_s(arg6, MAX_FILE_PATH_LEN, "./hnp_out/public");
} else {
(void)strcpy_s(arg6, MAX_FILE_PATH_LEN, "./hnp_out/private");
}
if (isFirst) {
(void)mkdir("./hnp_sample", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("./hnp_out", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out/public", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out/private", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
}
char arg1[] = "hnpcli";
char arg2[] = "pack";
char arg3[] = "-i";
char arg4[] = "./hnp_sample";
char arg5[] = "-o";
char arg7[] = "-n";
char arg9[] = "-v";
char arg10[] = "1.1";
char *argv[] = {arg1, arg2, arg3, arg4, arg5, arg6, arg7, name, arg9, arg10};
int argc = sizeof(argv) / sizeof(argv[0]);
(void)HnpCmdPack(argc, argv);
}
void HnpPackWithoutBinDelete(void)
{
(void)HnpDeleteFolder("hnp_sample");
(void)HnpDeleteFolder("hnp_out");
}
void HnpPackWithBin(char *name, bool isPublic, bool isFirst, mode_t mode)
{
char arg6[MAX_FILE_PATH_LEN];
if (isPublic) {
(void)strcpy_s(arg6, MAX_FILE_PATH_LEN, "./hnp_out/public");
} else {
(void)strcpy_s(arg6, MAX_FILE_PATH_LEN, "./hnp_out/private");
}
if (isFirst) {
(void)mkdir("hnp_sample", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_sample/bin", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
FILE *fp = fopen("hnp_sample/bin/out", "wb");
(void)fclose(fp);
(void)chmod("hnp_sample/bin/out", mode);
(void)mkdir("hnp_out", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out/public", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out/private", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
}
char arg1[] = "hnpcli";
char arg2[] = "pack";
char arg3[] = "-i";
char arg4[] = "./hnp_sample";
char arg5[] = "-o";
char arg7[] = "-n";
char arg9[] = "-v";
char arg10[] = "1.1";
char *argv[] = {arg1, arg2, arg3, arg4, arg5, arg6, arg7, name, arg9, arg10};
int argc = sizeof(argv) / sizeof(argv[0]);
(void)HnpCmdPack(argc, argv);
}
void HnpPackWithBinDelete(void)
{
(void)HnpDeleteFolder("hnp_sample");
(void)HnpDeleteFolder("hnp_out");
}
void HnpPackWithCfg(bool isPublic, bool isFirst)
{
FILE *fp;
int whitelen;
char arg6[MAX_FILE_PATH_LEN];
if (isPublic) {
(void)strcpy_s(arg6, MAX_FILE_PATH_LEN, "./hnp_out/public");
} else {
(void)strcpy_s(arg6, MAX_FILE_PATH_LEN, "./hnp_out/private");
}
if (isFirst) {
(void)mkdir("hnp_sample", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_sample/bin", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out/public", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
(void)mkdir("hnp_out/private", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
fp = fopen("hnp_sample/bin/out", "wb");
(void)fclose(fp);
fp = fopen("hnp_sample/bin/out2", "wb");
(void)fclose(fp);
fp = fopen("hnp_sample/hnp.json", "w");
(void)fclose(fp);
}
char arg1[] = "hnp";
char arg2[] = "pack";
char arg3[] = "-i";
char arg4[] = "./hnp_sample";
char arg5[] = "-o";
char *argv[] = {arg1, arg2, arg3, arg4, arg5, arg6};
int argc = sizeof(argv) / sizeof(argv[0]);
char cfg[] = "{\"type\":\"hnp-config\",\"name\":\"sample\",\"version\":\"1.1\",\"install\":"
"{\"links\":[{\"source\":\"bin/out\",\"target\":\"outt\"},{\"source\":\"bin/out2\","
"\"target\":\"out2\"}]}}";
fp = fopen("hnp_sample/hnp.json", "w");
whitelen = fwrite(cfg, sizeof(char), strlen(cfg) + 1, fp);
(void)fclose(fp);
(void)whitelen, strlen(cfg) + 1);
(void)HnpCmdPack(argc, argv);
}
void HnpPackWithCfgDelete(void)
{
(void)HnpDeleteFolder("hnp_sample");
(void)HnpDeleteFolder("hnp_out");
}
void HnpInstall(char *package)
{
char arg1[] = "hnp";
char arg2[] = "install";
char arg3[] = "-u";
char arg4[] = "10000";
char arg5[] = "-p";
char arg7[] = "-f";
char arg8[] = "-i";
char arg9[] = "./hnp_out";
char arg10[] = "-s";
char arg11[] = "./hnp_out";
char arg12[] = "-a";
char arg13[] = "system64";
char* argv[] = {arg1, arg2, arg3, arg4, arg5, package, arg7, arg8, arg9, arg10, arg11, arg12, arg13};
int argc = sizeof(argv) / sizeof(argv[0]);
(void)HnpCmdInstall(argc, argv);
}
void HnpUnInstall(char *package)
{
char arg1[] = "hnp";
char arg2[] = "uninstall";
char arg3[] = "-u";
char arg4[] = "10000";
char arg5[] = "-p";
char* argv[] = {arg1, arg2, arg3, arg4, arg5, package};
int argc = sizeof(argv) / sizeof(argv[0]);
(void)HnpCmdUnInstall(argc, argv);
remove(HNP_PACKAGE_INFO_JSON_FILE_PATH);
}
int FuzzNativeUnInstallHnp(const uint8_t *data, size_t size)
{
if (data == nullptr) {
return 0;
}
// clear resource before test
HnpDeleteFolder("hnp_sample");
HnpDeleteFolder("hnp_out");
HnpDeleteFolder(HNP_BASE_PATH);
remove(HNP_PACKAGE_INFO_JSON_FILE_PATH);
mkdir(HNP_BASE_PATH, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
HnpPackWithCfg(true, true);
HnpInstall(const_cast<char *>("sample"));
char *userId = const_cast<char *>(data);
char *packageName = const_cast<char *>(data);
(void)NativeUnInstallHnp(userId, packageName);
return 0;
}
}
/* Fuzzer entry point */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
/* Run your code on data */
OHOS::FuzzNativeUnInstallHnp(data, size);
return 0;
}

21
test/fuzztest/hnp_fuzzer/hnpnativeuninstallhnp_fuzzer/hnpnativeuninstallhnp_fuzzer.h
View File

@ -1,21 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef HNPNATIVEUNINSTALLHNP_FUZZER
#define HNPNATIVEUNINSTALLHNP_FUZZER
#define FUZZ_PROJECT_NAME "hnpnativeuninstallhnp_fuzzer"
#endif // HNPNATIVEUNINSTALLHNP_FUZZER

25
test/fuzztest/hnp_fuzzer/hnpnativeuninstallhnp_fuzzer/project.xml
View File

@ -1,25 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<fuzz_config>
<fuzztest>
<!-- maximum length of a test input -->
<max_len>100</max_len>
<!-- maximum total time in seconds to run the fuzzer -->
<max_total_time>30</max_total_time>
<!-- memory usage limit in Mb -->
<rss_limit_mb>2048</rss_limit_mb>
</fuzztest>
</fuzz_config>

8
test/haptest/app_startup_test/AppScope/resources/base/element/string.json
View File

@ -1,8 +0,0 @@
{
"string": [
{
"name": "app_name",
"value": "WebApplicationJump"
}
]
}

BIN
test/haptest/app_startup_test/AppScope/resources/base/media/app_icon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.7 KiB

78
test/haptest/app_startup_test/LICENSE
View File

@ -1,78 +0,0 @@
Copyright (c) 2024 Huawei Device Co., Ltd. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Apache License, Version 2.0
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
2. Grant of Copyright License.
Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
3. Grant of Patent License.
Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
4. Redistribution.
You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
1.You must give any other recipients of the Work or Derivative Works a copy of this License; and
2.You must cause any modified files to carry prominent notices stating that You changed the files; and
3.You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
4.If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions.
Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
6. Trademarks.
This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty.
Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
8. Limitation of Liability.
In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability.
While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS

36
test/haptest/app_startup_test/README.en.md
View File

@ -1,36 +0,0 @@
# WebApplicationJump
#### Description
{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
#### Software Architecture
Software architecture description
#### Installation
1. xxxx
2. xxxx
3. xxxx
#### Instructions
1. xxxx
2. xxxx
3. xxxx
#### Contribution
1. Fork the repository
2. Create Feat_xxx branch
3. Commit your code
4. Create Pull Request
#### Gitee Feature
1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
2. Gitee blog [blog.gitee.com](https://blog.gitee.com)
3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
4. The most valuable open source project [GVP](https://gitee.com/gvp)
5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

28
test/haptest/app_startup_test/README.md
View File

@ -1,28 +0,0 @@
# Web和应用的跳转与拉起
## 介绍
本示例基于应用拉起相关能力实现了Web页面与ArkTS页面的相互拉起、从Web页面拉起各类应用、以及拉起应用市场详情页等场景。
## 效果预览
手机运行效果图如下:
<img src="screenshots/device/phone.gif" />
## 工程目录结构
```
├──entry/src/main/ets // 代码区
│ ├──common
│ | ├──Logger.ets // 日志工具类
│ | └──Constants.ets // 常量
│ ├──entryability
│ | └──EntryAbility.ets
│ ├──entrybackupability
│ | └──EntryBackupAbility.ets
│ └──pages
│ ├──Index.ets // 入口界面
│ └──OriginPage.ets // 原生页面
└──entry/src/main/resources // 应用资源目录
```

8
test/haptest/app_startup_test/dependence/PulledUpApplication/AppScope/resources/base/element/string.json
View File

@ -1,8 +0,0 @@
{
"string": [
{
"name": "app_name",
"value": "PulledUpApplication"
}
]
}

BIN
test/haptest/app_startup_test/dependence/PulledUpApplication/AppScope/resources/base/media/app_icon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.7 KiB

21
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/hvigorfile.ts
View File

@ -1,21 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { hapTasks } from '@ohos/hvigor-ohos-plugin';
export default {
system: hapTasks, /* Built-in plugin of Hvigor. It cannot be modified. */
plugins:[] /* Custom plugin to extend the functionality of Hvigor. */
}

18
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/obfuscation-rules.txt
View File

@ -1,18 +0,0 @@
# Define project specific obfuscation rules here.
# You can include the obfuscation configuration files in the current module's build-profile.json5.
#
# For more details, see
# https://developer.huawei.com/consumer/cn/doc/harmonyos-guides-V5/source-obfuscation-V5
# Obfuscation options:
# -disable-obfuscation: disable all obfuscations
# -enable-property-obfuscation: obfuscate the property names
# -enable-toplevel-obfuscation: obfuscate the names in the global scope
# -compact: remove unnecessary blank spaces and all line feeds
# -remove-log: remove all console.* statements
# -print-namecache: print the name cache that contains the mapping from the old names to new names
# -apply-namecache: reuse the given cache file
# Keep options:
# -keep-property-name: specifies property names that you want to keep
# -keep-global-name: specifies names that you want to keep in the global scope

56
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/src/main/ets/entryability/EntryAbility.ets
View File

@ -1,56 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { AbilityConstant, UIAbility, Want } from '@kit.AbilityKit';
import { hilog } from '@kit.PerformanceAnalysisKit';
import { window } from '@kit.ArkUI';
export default class EntryAbility extends UIAbility {
onCreate(want: Want, launchParam: AbilityConstant.LaunchParam): void {
hilog.info(0x0000, 'testTag', '%{public}s', 'Ability onCreate');
}
onDestroy(): void {
hilog.info(0x0000, 'testTag', '%{public}s', 'Ability onDestroy');
}
onWindowStageCreate(windowStage: window.WindowStage): void {
// Main window is created, set main page for this ability
hilog.info(0x0000, 'testTag', '%{public}s', 'Ability onWindowStageCreate');
windowStage.loadContent('pages/Index', (err) => {
if (err.code) {
hilog.error(0x0000, 'testTag', 'Failed to load the content. Cause: %{public}s', JSON.stringify(err) ?? '');
return;
}
hilog.info(0x0000, 'testTag', 'Succeeded in loading the content.');
});
}
onWindowStageDestroy(): void {
// Main window is destroyed, release UI related resources
hilog.info(0x0000, 'testTag', '%{public}s', 'Ability onWindowStageDestroy');
}
onForeground(): void {
// Ability has brought to foreground
hilog.info(0x0000, 'testTag', '%{public}s', 'Ability onForeground');
}
onBackground(): void {
// Ability has back to background
hilog.info(0x0000, 'testTag', '%{public}s', 'Ability onBackground');
}
}

27
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/src/main/ets/entrybackupability/EntryBackupAbility.ets
View File

@ -1,27 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { hilog } from '@kit.PerformanceAnalysisKit';
import { BackupExtensionAbility, BundleVersion } from '@kit.CoreFileKit';
export default class EntryBackupAbility extends BackupExtensionAbility {
async onBackup() {
hilog.info(0x0000, 'testTag', 'onBackup ok');
}
async onRestore(bundleVersion: BundleVersion) {
hilog.info(0x0000, 'testTag', 'onRestore ok %{public}s', JSON.stringify(bundleVersion));
}
}

35
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/src/main/ets/pages/Index.ets
View File

@ -1,35 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
@Entry
@Component
struct Index {
@State message: string = 'Hello World';
build() {
RelativeContainer() {
Text(this.message)
.id('HelloWorld')
.fontSize(50)
.fontWeight(FontWeight.Bold)
.alignRules({
center: { anchor: '__container__', align: VerticalAlign.Center },
middle: { anchor: '__container__', align: HorizontalAlign.Center }
})
}
.height('100%')
.width('100%')
}
}

8
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/src/main/resources/base/element/color.json
View File

@ -1,8 +0,0 @@
{
"color": [
{
"name": "start_window_background",
"value": "#FFFFFF"
}
]
}

16
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/src/main/resources/base/element/string.json
View File

@ -1,16 +0,0 @@
{
"string": [
{
"name": "module_desc",
"value": "module description"
},
{
"name": "EntryAbility_desc",
"value": "description"
},
{
"name": "EntryAbility_label",
"value": "被拉起应用"
}
]
}

BIN
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/src/main/resources/base/media/background.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 56 KiB

BIN
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/src/main/resources/base/media/foreground.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

7
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/src/main/resources/base/media/layered_image.json
View File

@ -1,7 +0,0 @@
{
"layered-image":
{
"background" : "$media:background",
"foreground" : "$media:foreground"
}
}

BIN
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/src/main/resources/base/media/startIcon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 20 KiB

3
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/src/main/resources/base/profile/backup_config.json
View File

@ -1,3 +0,0 @@
{
"allowToBackupRestore": true
}

5
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/src/main/resources/base/profile/main_pages.json
View File

@ -1,5 +0,0 @@
{
"src": [
"pages/Index"
]
}

16
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/src/main/resources/en_US/element/string.json
View File

@ -1,16 +0,0 @@
{
"string": [
{
"name": "module_desc",
"value": "module description"
},
{
"name": "EntryAbility_desc",
"value": "description"
},
{
"name": "EntryAbility_label",
"value": "PulledUpApplication"
}
]
}

16
test/haptest/app_startup_test/dependence/PulledUpApplication/entry/src/main/resources/zh_CN/element/string.json
View File

@ -1,16 +0,0 @@
{
"string": [
{
"name": "module_desc",
"value": "模块描述"
},
{
"name": "EntryAbility_desc",
"value": "description"
},
{
"name": "EntryAbility_label",
"value": "被拉起应用"
}
]
}

21
test/haptest/app_startup_test/dependence/PulledUpApplication/hvigorfile.ts
View File

@ -1,21 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { appTasks } from '@ohos/hvigor-ohos-plugin';
export default {
system: appTasks, /* Built-in plugin of Hvigor. It cannot be modified. */
plugins:[] /* Custom plugin to extend the functionality of Hvigor. */
}

21
test/haptest/app_startup_test/entry/hvigorfile.ts
View File

@ -1,21 +0,0 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { hapTasks } from '@ohos/hvigor-ohos-plugin';
export default {
system: hapTasks, /* Built-in plugin of Hvigor. It cannot be modified. */
plugins:[] /* Custom plugin to extend the functionality of Hvigor. */
}

Some files were not shown because too many files have changed in this diff Show More