openharmony/startup_appspawn
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_appspawn synced 2024-11-23 07:00:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!1694 支持gpu进程单独配置挂载点

Browse Source 
Merge pull request !1694 from nianyuu/master
This commit is contained in:
openharmony_ci 2024-11-13 09:55:14 +00:00 committed by Gitee
commit 2b18b52fc9
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 198 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
appdata-sandbox.json
View File

@ -54,11 +54,6 @@
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/ld-musl-arm.so.1",
"sandbox-path" : "/system/lib/ld-musl-arm.so.1",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
},{
"src-path" : "/system/lib/ndk",
"sandbox-path" : "/system/lib/ndk",
"sandbox-flags" : [ "bind", "rec" ],
@ -579,8 +574,133 @@
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/ld-musl-arm.so.1",
"sandbox-path" : "/system/lib/ld-musl-arm.so.1",
"src-path" : "/system/app/<arkWebPackageName>",
"sandbox-path" : "/system/app/<arkWebPackageName>",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/vendor/lib",
"sandbox-path" : "/vendor/lib",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/data/app/el1/bundle/public/<arkWebPackageName>",
"sandbox-path" : "/data/app/el1/bundle/public/<arkWebPackageName>",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/app/NWeb",
"sandbox-path" : "/system/app/NWeb",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/module_update/ArkWebCore/app/<arkWebPackageName>",
"sandbox-path" : "/module_update/ArkWebCore/app/<arkWebPackageName>",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}
],
"symbol-links" : [{
"target-name" : "/system/etc",
"link-name" : "/etc",
"check-action-status": "false"
}, {
"target-name" : "/system/bin",
"link-name" : "/bin",
"check-action-status": "false"
}, {
"target-name" : "/system/lib",
"link-name" : "/lib",
"check-action-status": "false"
}
]
}],
"__internal__.com.ohos.gpu" : [{
"sandbox-root" : "/mnt/sandbox/com.ohos.render/<PackageName>",
"sandbox-ns-flags" : [ "pid", "net" ],
"mount-paths" : [{
"src-path" : "/dev",
"sandbox-path" : "/dev",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/proc",
"sandbox-path" : "/proc",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/sys",
"sandbox-path" : "/sys",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/fonts",
"sandbox-path" : "/system/fonts",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/etc",
"sandbox-path" : "/system/etc",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/etc/hosts",
"sandbox-path" : "/data/service/el1/network/hosts_user/hosts",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/data/app/el1/bundle/public/<arkWebPackageName>",
"sandbox-path" : "/data/storage/el1/bundle/arkwebcore",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/bin",
"sandbox-path" : "/system/bin",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib",
"sandbox-path" : "/system/lib",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/platformsdk",
"sandbox-path" : "/system/lib/platformsdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/ndk",
"sandbox-path" : "/system/lib/ndk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/module",
"sandbox-path" : "/system/lib/module",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/chipset-pub-sdk",
"sandbox-path" : "/system/lib/chipset-pub-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/chipset-sdk",
"sandbox-path" : "/system/lib/chipset-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/seccomp",
"sandbox-path" : "/system/lib/seccomp",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/extensionability",
"sandbox-path" : "/system/lib/extensionability",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/media",
"sandbox-path" : "/system/lib/media",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
@ -623,13 +743,7 @@
"link-name" : "/lib",
"check-action-status": "false"
}
],
"flags-point" : [{
"flags": "DLP_MANAGER",
"sandbox-root" : "/mnt/sandbox/com.ohos.render/<PackageName>",
"mount-paths" : [],
"symbol-links" : [{}]
}]
]
}]
}],
"permission":[{

79
appdata-sandbox64.json
View File

@ -5,11 +5,6 @@
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"sandbox-ns-flags" : [ "net" ],
"mount-paths" : [{
"src-path" : "/system/lib",
"sandbox-path" : "/system/lib",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/platformsdk",
"sandbox-path" : "/system/lib64/platformsdk",
"sandbox-flags" : [ "bind", "rec" ],
@ -49,11 +44,6 @@
"sandbox-path" : "/system/lib64/media",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/ld-musl-aarch64.so.1",
"sandbox-path" : "/system/lib/ld-musl-aarch64.so.1",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/asan/lib64",
"sandbox-path" : "/system/asan/lib64",
@ -95,11 +85,6 @@
"sandbox-root" : "/mnt/sandbox/com.ohos.render/<PackageName>",
"sandbox-ns-flags" : [ "pid", "net" ],
"mount-paths" : [{
"src-path" : "/system/lib",
"sandbox-path" : "/system/lib",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
},{
"src-path" : "/system/lib64/platformsdk",
"sandbox-path" : "/system/lib64/platformsdk",
"sandbox-flags" : [ "bind", "rec" ],
@ -140,8 +125,60 @@
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/ld-musl-aarch64.so.1",
"sandbox-path" : "/system/lib/ld-musl-aarch64.so.1",
"src-path" : "/vendor/lib64",
"sandbox-path" : "/vendor/lib64",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}
],
"symbol-links" : [{
"target-name" : "/system/lib64",
"link-name" : "/lib64",
"check-action-status": "false"
}
]
}],
"__internal__.com.ohos.gpu" : [{
"sandbox-root" : "/mnt/sandbox/com.ohos.render/<PackageName>",
"sandbox-ns-flags" : [ "pid", "net" ],
"mount-paths" : [{
"src-path" : "/system/lib64/platformsdk",
"sandbox-path" : "/system/lib64/platformsdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/ndk",
"sandbox-path" : "/system/lib64/ndk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/module",
"sandbox-path" : "/system/lib64/module",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/chipset-pub-sdk",
"sandbox-path" : "/system/lib64/chipset-pub-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/chipset-sdk",
"sandbox-path" : "/system/lib64/chipset-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/seccomp",
"sandbox-path" : "/system/lib64/seccomp",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/extensionability",
"sandbox-path" : "/system/lib64/extensionability",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/media",
"sandbox-path" : "/system/lib64/media",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
@ -156,13 +193,7 @@
"link-name" : "/lib64",
"check-action-status": "false"
}
],
"flags-point" : [{
"flags": "DLP_MANAGER",
"sandbox-root" : "/mnt/sandbox/com.ohos.render/<PackageName>",
"mount-paths" : [],
"symbol-links" : [{}]
}]
]
}]
}]
}

16
modules/sandbox/sandbox_utils.cpp
View File

@ -127,6 +127,7 @@ namespace {
const char* g_fileSeparator = "/";
const char* g_overlayDecollator = "|";
const std::string g_sandBoxRootDir = "/mnt/sandbox/";
const std::string g_ohosGpu = "__internal__.com.ohos.gpu";
const std::string g_ohosRender = "__internal__.com.ohos.render";
const std::string g_sandBoxRootDirNweb = "/mnt/sandbox/com.ohos.render/";
const std::string FILE_CROSS_APP_MODE = "ohos.permission.FILE_CROSS_APP";
@ -1100,7 +1101,10 @@ int32_t SandboxUtils::SetRenderSandboxPropertyNweb(const AppSpawningCtx *appProp
for (auto& config : SandboxUtils::GetJsonConfig(type)) {
nlohmann::json& privateAppConfig = config[g_privatePrefix][0];
if (privateAppConfig.find(g_ohosRender) != privateAppConfig.end()) {
char *processType = (char *)(GetAppSpawnMsgExtInfo(appProperty->message, MSG_EXT_NAME_PROCESS_TYPE, NULL));
APPSPAWN_CHECK(processType != NULL, return -1, "Invalid processType data");
if (strcmp(processType, "render") == 0 && privateAppConfig.find(g_ohosRender) != privateAppConfig.end()) {
int ret = DoAllMntPointsMount(appProperty, privateAppConfig[g_ohosRender][0], nullptr, g_ohosRender);
APPSPAWN_CHECK(ret == 0, return ret, "DoAllMntPointsMount failed, %{public}s",
GetBundleName(appProperty));
@ -1110,6 +1114,16 @@ int32_t SandboxUtils::SetRenderSandboxPropertyNweb(const AppSpawningCtx *appProp
ret = HandleFlagsPoint(appProperty, privateAppConfig[g_ohosRender][0]);
APPSPAWN_CHECK_ONLY_LOG(ret == 0, "HandleFlagsPoint for render-sandbox failed, %{public}s",
GetBundleName(appProperty));
} else if (strcmp(processType, "gpu") == 0 && privateAppConfig.find(g_ohosGpu) != privateAppConfig.end()) {
int ret = DoAllMntPointsMount(appProperty, privateAppConfig[g_ohosGpu][0], nullptr, g_ohosGpu);
APPSPAWN_CHECK(ret == 0, return ret, "DoAllMntPointsMount failed, %{public}s",
GetBundleName(appProperty));
ret = DoAllSymlinkPointslink(appProperty, privateAppConfig[g_ohosGpu][0]);
APPSPAWN_CHECK(ret == 0, return ret, "DoAllSymlinkPointslink failed, %{public}s",
GetBundleName(appProperty));
ret = HandleFlagsPoint(appProperty, privateAppConfig[g_ohosGpu][0]);
APPSPAWN_CHECK_ONLY_LOG(ret == 0, "HandleFlagsPoint for render-sandbox failed, %{public}s",
GetBundleName(appProperty));
}
}
return 0;