openharmony/startup_appspawn
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_appspawn synced 2024-11-23 07:00:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!1654 fix new sandbox bug

Browse Source 
Merge pull request !1654 from nianyuu/master
This commit is contained in:
openharmony_ci 2024-11-06 03:26:48 +00:00 committed by Gitee
commit 364f3d290e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
appdata-sandbox-app.json
View File

@ -89,9 +89,6 @@
}, {
"src-path" : "/system/app/SystemResources",
"sandbox-path" : "/data/global/systemResources"
}, {
"src-path" : "/data/misc",
"sandbox-path" : "/data/storage/el1/bundle/misc"
}, {
"src-path" : "/data/service/el1/public/cert_manager_service/certificates/user_open",
"sandbox-path" : "/data/certificates/user_cacerts"
@ -129,6 +126,9 @@
"src-path" : "/data/app/el1/bundle/public/<PackageName>",
"sandbox-path" : "/data/storage/el1/bundle",
"check-action-status": "true"
}, {
"src-path" : "/data/misc",
"sandbox-path" : "/data/storage/el1/bundle/misc"
}, {
"src-path" : "/data/local/ark-cache/<PackageName>",
"sandbox-path" : "/data/storage/ark-cache"

12
modules/sandbox/appspawn_sandbox.c
View File

@ -102,11 +102,11 @@ int SandboxMountPath(const MountArg *arg)
int ret = mount(arg->originPath, arg->destinationPath, arg->fsType, arg->mountFlags, arg->options);
if (ret != 0) {
if (arg->originPath != NULL && strstr(arg->originPath, "/data/app/el2/") != NULL) {
CheckDirRecursive(arg->originPath);
}
APPSPAWN_LOGW("errno is: %{public}d, bind mount %{public}s => %{public}s",
errno, arg->originPath, arg->destinationPath);
if (strstr(arg->originPath, "/data/app/el1/") != NULL || strstr(arg->originPath, "/data/app/el2/") != NULL) {
CheckDirRecursive(arg->originPath);
}
return errno;
}
ret = mount(NULL, arg->destinationPath, NULL, arg->mountSharedFlag, NULL);
@ -467,11 +467,13 @@ static int DoSandboxPathNodeMount(const SandboxContext *context,
}
CreateDemandSrc(context, sandboxNode, &args);
int ret = 0;
if (CHECK_FLAGS_BY_INDEX(operation, MOUNT_PATH_OP_UNMOUNT)) { // unmount this deps
APPSPAWN_LOGV("umount2 %{public}s", args.destinationPath);
umount2(args.destinationPath, MNT_DETACH);
ret = umount2(args.destinationPath, MNT_DETACH);
APPSPAWN_CHECK_ONLY_LOG(ret == 0, "Failed to umount %{public}s errno %{public}d", args.destinationPath, errno);
}
int ret = 0;
ret = DoSandboxMountByCategory(context, sandboxNode, &args, operation);
if (ret != 0 && sandboxNode->checkErrorFlag) {
APPSPAWN_LOGE("Failed to mount config, section: %{public}s result: %{public}d category: %{public}d",

1
modules/sandbox/sandbox_load.c
View File

@ -677,6 +677,7 @@ int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, RunMode mode)
{
APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return APPSPAWN_ARG_INVALID);
const char *sandboxName = GetSandboxNameByMode(mode);
APPSPAWN_LOGV("Get sandboxName %{public}s by mode %{public}d", sandboxName, mode);
if (sandbox->depGroupNodes != NULL) {
APPSPAWN_LOGW("Sandbox has been load");
return 0;

10
modules/sandbox/sandbox_manager.c
View File

@ -495,7 +495,7 @@ APPSPAWN_STATIC int PreLoadIsoLatedSandboxCfg(AppSpawnMgr *content)
APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return APPSPAWN_SYSTEM_ERROR);
OH_ListAddTail(&content->extData, &sandbox->extData.node);
// load app sandbox config
// load isolated sandbox config
LoadAppSandboxConfig(sandbox, MODE_FOR_NATIVE_SPAWN);
sandbox->maxPermissionIndex = PermissionRenumber(&sandbox->permissionQueue);
@ -515,8 +515,12 @@ APPSPAWN_STATIC int PreLoadSandboxCfg(AppSpawnMgr *content)
APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return APPSPAWN_SYSTEM_ERROR);
OH_ListAddTail(&content->extData, &sandbox->extData.node);
// load app sandbox config
LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN);
// load app/nweb sandbox config
if (IsNWebSpawnMode(content)) {
LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN);
} else {
LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN);
}
sandbox->maxPermissionIndex = PermissionRenumber(&sandbox->permissionQueue);
content->content.sandboxNsFlags = 0;

2
modules/sandbox/sandbox_utils.cpp
View File

@ -287,7 +287,7 @@ int32_t SandboxUtils::DoAppSandboxMountOnce(const char *originPath, const char *
}
ret = mount(nullptr, destinationPath, nullptr, mountSharedFlag, nullptr);
APPSPAWN_CHECK(ret == 0, return ret, "errno is: %{public}d, private mount to %{public}s %{public}u failed",
APPSPAWN_CHECK(ret == 0, return ret, "errno is: %{public}d, private mount to %{public}s '%{public}u' failed",
errno, destinationPath, mountSharedFlag);
return 0;
}