openharmony/startup_appspawn
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_appspawn synced 2024-11-23 07:00:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

appextension

Browse Source 
Signed-off-by: zhongning5 <zhongning5@huawei.com>
This commit is contained in:
zhongning5 2024-05-30 20:45:08 +08:00
parent b6e55c241e
commit 3942cc597c
11 changed files with 548 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
appdata-sandbox-app.json
View File

@ -69,8 +69,8 @@
"sandbox-path" : "/system/etc",
"src-path" : "/system/etc"
}, {
"sandbox-path" : "/system/resources",
"src-path" : "/system/resources"
"sandbox-path" : "/system/resource",
"src-path" : "/system/resource"
}, {
"sandbox-path" : "/vendor/<lib>",
"src-path" : "/vendor/<lib>"
@ -80,6 +80,12 @@
}, {
"sandbox-path" : "/vendor/etc/hiai",
"src-path" : "/vendor/etc/hiai"
}, {
"src-path": "/storage/media/<currentUserId>/local/files/Docs/Downloads/<variablePackageName>",
"sandbox-path": "/storage/Users/<currentUserId>/Downloads"
}, {
"src-path" : "/mnt/hmdfs/<currentUserId>/cloud/data/<PackageName>",
"sandbox-path" : "/data/storage/el2/cloud"
}],
"mount-files": [{
"src-path" : "/system/<lib>/ld-musl-arm.so.1",
@ -107,10 +113,10 @@
"app-variable": {
"mount-paths": [{
"sandbox-path": "/data/storage/el1/base",
"src-path": "/data/app/el1/<currentUserId>/base/<PackageName>"
"src-path": "/data/app/el1/<currentUserId>/base/<variablePackageName>"
}, {
"sandbox-path": "/data/storage/el1/database",
"src-path": "/data/app/el1/<currentUserId>/database/<PackageName>"
"src-path": "/data/app/el1/<currentUserId>/database/<variablePackageName>"
}, {
"src-path" : "/system/app/ohos.global.systemres",
"sandbox-path" : "/data/global/systemResources"
@ -118,20 +124,20 @@
"src-path" : "/system/app/SystemResources",
"sandbox-path" : "/data/global/systemResources"
}, {
"src-path" : "/data/app/el1/bundle/public/<PackageName>",
"src-path" : "/data/app/el1/bundle/public/<variablePackageName>",
"sandbox-path" : "/data/storage/el1/bundle",
"check-action-status": "true"
}, {
"src-path" : "/data/misc",
"sandbox-path" : "/data/storage/el1/bundle/misc"
}, {
"src-path" : "/data/local/ark-cache/<PackageName>",
"src-path" : "/data/local/ark-cache/<variablePackageName>",
"sandbox-path" : "/data/storage/ark-cache"
}, {
"src-path" : "/data/local/ark-profile/<currentUserId>/<PackageName>",
"src-path" : "/data/local/ark-profile/<currentUserId>/<variablePackageName>",
"sandbox-path" : "/data/storage/ark-profile"
}, {
"src-path" : "/data/local/shader_cache/local/<PackageName>",
"src-path" : "/data/local/shader_cache/local/<variablePackageName>",
"sandbox-path" : "/data/storage/shader_cache/local"
}, {
"src-path" : "/data/local/shader_cache/cloud/<PackageName>",
@ -174,12 +180,6 @@
"src-path": "/storage/media/<currentUserId>/local/files/.Recent"
}],
"mount-groups": [ "user-public" ]
}, {
"name": "ohos.permission.CLOUDFILE_SYNC",
"mount-paths": [{
"src-path" : "/mnt/hmdfs/<currentUserId>/cloud/data/<PackageName>",
"sandbox-path" : "/data/storage/el2/cloud"
}]
}, {
"name": "ohos.permission.READ_IMAGEVIDEO",
"sandbox-switch": "ON",
@ -270,23 +270,30 @@
"sandbox-path": "/data/storage/el5/database",
"src-path": "/data/app/el5/<currentUserId>/database/<PackageName>"
}]
}, {
}, {
"name": "ohos.permission.ACCESS_FILE_CONTENT_SHARE",
"sandbox-switch": "ON",
"gids": ["file_manager", "user_data_rw"],
"mount-paths": [{
"src-path": "/data/service/el2/public/file_monitor_service/content_share",
"sandbox-path": "/storage/ContentShare",
"sandbox-path": "/storage/ContentShare"
}]
}, {
"name": "ohos.permission.ACCESS_LOCAL_BACKUP",
"gids": [1023],
"mount-paths": [{
"src-path": "/data/hwbackup",
"sandbox-path": "/data/hwbackup"
}]
}],
"spawn-flag": [{
"name": "START_FLAGS_BACKUP",
"mount-paths": [{
"sandbox-path": "/data/storage/el2/backup",
"src-path": "/data/service/el2/<currentUserId>/backup/bundles/<PackageName>"
"src-path": "/data/service/el2/<currentUserId>/backup/bundles/<variablePackageName>"
}, {
"sandbox-path": "/data/storage/el1/backup",
"src-path": "/data/service/el1/<currentUserId>/backup/bundles/<PackageName>"
"src-path": "/data/service/el1/<currentUserId>/backup/bundles/<variablePackageName>"
}],
"mount-groups": []
}, {
@ -311,7 +318,16 @@
"src-path": "/mnt/share/<currentUserId>/<PackageName_index>"
}],
"mount-groups": []
}],
}, {
"name": "DEVELOPER_MODE",
"mount-paths": [{
"src-path": "/data/app/el1/bundle/<currentUserId>/hnppublic",
"sandbox-path": "/data/service/hnp"
}, {
"src-path" : "/data/app/el1/bundle/<currentUserId>/hnp/<variablePackageName>",
"sandbox-path" : "/data/app"
}
]}],
"package-name": [{
"name": "com.ohos.medialibrary.medialibrarydata",
"mount-paths" : [{
@ -388,19 +404,19 @@
},
"mount-paths": [{
"sandbox-path": "<deps-path>/base",
"src-path": "/data/app/el2/<currentUserId>/base/<PackageName>"
"src-path": "/data/app/el2/<currentUserId>/base/<variablePackageName>"
}, {
"sandbox-path": "<deps-path>/database",
"src-path": "/data/app/el2/<currentUserId>/database/<PackageName>"
"src-path": "/data/app/el2/<currentUserId>/database/<variablePackageName>"
}, {
"sandbox-path": "<deps-path>/log",
"src-path": "/data/app/el2/<currentUserId>/log/<PackageName>"
"src-path": "/data/app/el2/<currentUserId>/log/<variablePackageName>"
}, {
"sandbox-path": "<deps-path>/auth_groups",
"src-path": "/mnt/hmdfs/<currentUserId>/non_account/merge_view/data"
}, {
"sandbox-path": "<deps-path>/distributedfiles",
"src-path": "/mnt/hmdfs/<currentUserId>/account/merge_view/data/<PackageName>"
"src-path": "/mnt/hmdfs/<currentUserId>/account/merge_view/data/<variablePackageName>"
}, {
"sandbox-path": "<deps-path>/share",
"src-path": "/mnt/share/<currentUserId>/<PackageName_index>"
@ -416,10 +432,10 @@
},
"mount-paths": [{
"sandbox-path": "<deps-path>/base",
"src-path": "/data/app/el3/<currentUserId>/base/<PackageName>"
"src-path": "/data/app/el3/<currentUserId>/base/<variablePackageName>"
}, {
"sandbox-path": "<deps-path>/database",
"src-path": "/data/app/el3/<currentUserId>/database/<PackageName>"
"src-path": "/data/app/el3/<currentUserId>/database/<variablePackageName>"
}]
}, {
"name": "el4",
@ -432,27 +448,27 @@
},
"mount-paths": [{
"sandbox-path": "<deps-path>/base",
"src-path": "/data/app/el4/<currentUserId>/base/<PackageName>"
"src-path": "/data/app/el4/<currentUserId>/base/<variablePackageName>"
}, {
"sandbox-path": "<deps-path>/database",
"src-path": "/data/app/el4/<currentUserId>/database/<PackageName>"
"src-path": "/data/app/el4/<currentUserId>/database/<variablePackageName>"
}]
}, {
"name": "hsp",
"name": "HspList",
"type": "app-variable",
"mount-paths": [{
"sandbox-path": "/data/storage/el2/group/<bundle-name>/<module-name>",
"src-path": "/data/app/el1/bundle/public/<bundle-name>/<version>/<module-name>"
}]
}, {
"name": "data-group",
"name": "DataGroup",
"type": "app-variable",
"mount-paths": [{
"sandbox-path": "/data/storage/el2/group/<uuid>",
"sandbox-path": "/data/storage/el2/group/<data-uuid>",
"src-path": "<data-dir>"
}]
}, {
"name": "overlay",
"name": "Overlay",
"type": "app-variable",
"mount-paths": [{
"sandbox-path": "/data/storage/overlay/<hap-name>",

8
etc/sandbox/appdata_sandbox_fixer.py
View File

@ -117,7 +117,7 @@ def _merge_scope_app(origin, new):
"symbol-links": ["target-name"]
}
# normal filed
for k in ["sandbox-root", "sandbox-switch", "gids"]:
for k in ["sandbox-root", "sandbox-switch", "gids", "sandbox-ns-flags"]:
if new[0].get(k) is not None:
origin[0][k] = new[0].get(k)
@ -126,6 +126,12 @@ def _merge_scope_app(origin, new):
if flags_points:
_merge_scope_flags_point(origin[0]["flags-point"], flags_points)
# by list merger
for field in ["sandbox-ns-flags"]:
item = origin[0].get(field)
if item is not None and len(item) > 0:
_merge_list(new[0][field], item)
# for array
for name, keys in field_infos.items():
item = new[0].get(name)

67
modules/sandbox/appspawn_sandbox.c
View File

@ -52,7 +52,7 @@ static inline bool CheckSpawningPermissionFlagSet(const SandboxContext *context,
return CheckAppSpawnMsgFlag(context->message, TLV_PERMISSION, index);
}
static void CheckDirRecursive(const char *path)
static bool CheckDirRecursive(const char *path)
{
char buffer[PATH_MAX] = {0};
const char slash = '/';
@ -66,14 +66,14 @@ static void CheckDirRecursive(const char *path)
continue;
}
int ret = memcpy_s(buffer, PATH_MAX, path, p - path - 1);
APPSPAWN_CHECK(ret == 0, return, "Failed to copy path");
APPSPAWN_CHECK(ret == 0, return false, "Failed to copy path");
ret = access(buffer, F_OK);
APPSPAWN_CHECK(ret == 0, return, "Dir not exit %{public}s errno: %{public}d", buffer, errno);
APPSPAWN_CHECK(ret == 0, return false, "Dir not exit %{public}s errno: %{public}d", buffer, errno);
curPos = strchr(p, slash);
}
int ret = access(path, F_OK);
APPSPAWN_CHECK(ret == 0, return, "Dir not exit %{public}s errno: %{public}d", buffer, errno);
return;
APPSPAWN_CHECK(ret == 0, return false, "Dir not exit %{public}s errno: %{public}d", buffer, errno);
return true;
}
int SandboxMountPath(const MountArg *arg)
@ -193,6 +193,12 @@ static int InitSandboxContext(SandboxContext *context,
context->sandboxShared = packageNode->section.sandboxShared;
}
context->message = property->message;
context->sandboxNsFlags = CLONE_NEWNS;
if (CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_SANDBOX)) {
context->sandboxNsFlags |= sandbox->sandboxNsFlags & CLONE_NEWNET ? CLONE_NEWNET : 0;
}
// root path
const char *rootPath = GetSandboxRealVar(context, BUFFER_FOR_SOURCE, sandbox->rootPath, NULL, NULL);
if (rootPath) {
@ -348,6 +354,43 @@ static void CreateDemandSrc(const SandboxContext *context, const PathMountNode *
}
}
static const char *GetRealSrcPath(const SandboxContext *context, const char *source, VarExtraData *extraData)
{
bool hasPackageName = strstr(source, "<variablePackageName>") != NULL;
extraData->variablePackageName = (char *)context->bundleName;
const char *originPath = GetSandboxRealVar(context, BUFFER_FOR_SOURCE, source, NULL, extraData);
if (originPath == NULL) {
return NULL;
}
if (!hasPackageName) {
return originPath;
}
if (!CheckSpawningMsgFlagSet(context, APP_FLAGS_ATOMIC_SERVICE) ||
!CheckDirRecursive(originPath)) {
return originPath;
}
AppSpawnMsgDacInfo *dacInfo = (AppSpawnMsgDacInfo *)GetSpawningMsgInfo(context, TLV_DAC_INFO);
char *accountId = GetAppSpawnMsgExtInfo(context->message, MSG_EXT_NAME_ACCOUNT_ID, NULL);
if (accountId == NULL || dacInfo == NULL) {
return originPath;
}
// user target to format path
int len = sprintf_s(context->buffer[BUFFER_FOR_TARGET].buffer,
context->buffer[BUFFER_FOR_TARGET].bufferLen, "%s/%s", context->bundleName, accountId);
APPSPAWN_CHECK(len > 0, return NULL, "format variablePackageName fail %{public}s", context->bundleName);
extraData->variablePackageName = context->buffer[BUFFER_FOR_TARGET].buffer;
originPath = GetSandboxRealVar(context, BUFFER_FOR_SOURCE, source, NULL, extraData);
if (originPath == NULL) {
return NULL;
}
MakeDirRec(originPath, FILE_MODE, 0);
int ret = chown(originPath, dacInfo->uid, dacInfo->gid);
APPSPAWN_CHECK_ONLY_LOG(ret == 0, "chown failed, path %{public}s, errno %{public}d", originPath, errno);
return originPath;
}
static int DoSandboxPathNodeMount(const SandboxContext *context,
const SandboxSection *section, const PathMountNode *sandboxNode, uint32_t operation)
{
@ -358,10 +401,10 @@ static int DoSandboxPathNodeMount(const SandboxContext *context,
MountArg args = {};
uint32_t category = GetMountArgs(context, sandboxNode, operation, &args);
VarExtraData *extraData = GetVarExtraData(context, section);
args.originPath = GetSandboxRealVar(context, BUFFER_FOR_SOURCE, sandboxNode->source, NULL, extraData);
args.originPath = GetRealSrcPath(context, sandboxNode->source, extraData);
// dest
extraData->operation = operation; // only destinationPath
// 对namespace的节点需要对目的沙盒进行特殊处理不能带root-dir
// 对name group的节点需要对目的沙盒进行特殊处理不能带root-dir
if (CHECK_FLAGS_BY_INDEX(operation, SANDBOX_TAG_NAME_GROUP) &&
CHECK_FLAGS_BY_INDEX(operation, MOUNT_PATH_OP_ONLY_SANDBOX)) {
args.destinationPath = GetSandboxRealVar(context, BUFFER_FOR_TARGET, sandboxNode->target, NULL, extraData);
@ -943,17 +986,21 @@ int MountSandboxConfigs(const AppSpawnSandboxCfg *sandbox, const AppSpawningCtx
int ret = InitSandboxContext(context, sandbox, property, nwebspawn);
APPSPAWN_CHECK_ONLY_EXPER(ret == 0, return ret);
APPSPAWN_LOGV("Set sandbox config %{public}s sandboxNsFlags 0x%{public}x",
context->rootPath, context->sandboxNsFlags);
do {
APPSPAWN_LOGV("Set sandbox config %{public}s", context->rootPath);
ret = StagedMountPreUnShare(context, sandbox);
APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break);
CreateSandboxDir(context->rootPath, FILE_MODE);
// add pid to a new mnt namespace
ret = unshare(CLONE_NEWNS);
ret = unshare(context->sandboxNsFlags);
APPSPAWN_CHECK(ret == 0, break,
"unshare failed, app: %{public}s errno: %{public}d", context->bundleName, errno);
if ((context->sandboxNsFlags & CLONE_NEWNET) == CLONE_NEWNET) {
ret = EnableNewNetNamespace();
APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break);
}
ret = SandboxRootFolderCreate(context, sandbox);
APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break);

2
modules/sandbox/appspawn_sandbox.h
View File

@ -204,6 +204,7 @@ typedef struct TagSandboxContext {
uint32_t dlpUiExtType : 1;
uint32_t appFullMountEnable : 1;
uint32_t nwebspawn : 1;
uint32_t sandboxNsFlags;
char *rootPath;
} SandboxContext;
@ -267,6 +268,7 @@ typedef struct {
typedef struct TagVarExtraData {
uint32_t sandboxTag;
uint32_t operation;
char *variablePackageName;
union {
PathMountNode *depNode;
} data;

53
modules/sandbox/sandbox_cfgvar.c
View File

@ -100,7 +100,7 @@ static int ReplaceVariableByParameter(const char *varData, SandboxBuffer *sandbo
static int ReplaceVariableForDepSandboxPath(const SandboxContext *context,
const char *buffer, uint32_t bufferLen, uint32_t *realLen, const VarExtraData *extraData)
{
APPSPAWN_CHECK(extraData != NULL, return -1, "Invalid extra data ");
APPSPAWN_CHECK(extraData != NULL && extraData->data.depNode != NULL, return -1, "Invalid extra data ");
uint32_t len = strlen(extraData->data.depNode->target);
int ret = memcpy_s((char *)buffer, bufferLen, extraData->data.depNode->target, len);
APPSPAWN_CHECK(ret == 0, return -1, "Failed to copy real data");
@ -111,7 +111,7 @@ static int ReplaceVariableForDepSandboxPath(const SandboxContext *context,
static int ReplaceVariableForDepSrcPath(const SandboxContext *context,
const char *buffer, uint32_t bufferLen, uint32_t *realLen, const VarExtraData *extraData)
{
APPSPAWN_CHECK(extraData != NULL, return -1, "Invalid extra data ");
APPSPAWN_CHECK(extraData != NULL && extraData->data.depNode != NULL, return -1, "Invalid extra data ");
uint32_t len = strlen(extraData->data.depNode->source);
int ret = memcpy_s((char *)buffer, bufferLen, extraData->data.depNode->source, len);
APPSPAWN_CHECK(ret == 0, return -1, "Failed to copy real data");
@ -122,7 +122,7 @@ static int ReplaceVariableForDepSrcPath(const SandboxContext *context,
static int ReplaceVariableForDepPath(const SandboxContext *context,
const char *buffer, uint32_t bufferLen, uint32_t *realLen, const VarExtraData *extraData)
{
APPSPAWN_CHECK(extraData != NULL, return -1, "Invalid extra data ");
APPSPAWN_CHECK(extraData != NULL && extraData->data.depNode != NULL, return -1, "Invalid extra data ");
char *path = extraData->data.depNode->source;
if (CHECK_FLAGS_BY_INDEX(extraData->operation, MOUNT_PATH_OP_REPLACE_BY_SANDBOX)) {
path = extraData->data.depNode->target;
@ -137,6 +137,52 @@ static int ReplaceVariableForDepPath(const SandboxContext *context,
return 0;
}
static int ReplaceVariableForpackageName(const SandboxContext *context,
const char *buffer, uint32_t bufferLen, uint32_t *realLen, const VarExtraData *extraData)
{
APPSPAWN_CHECK(context != NULL, return -1, "Invalid extra data ");
if (extraData != NULL && extraData->variablePackageName != NULL) {
int len = sprintf_s((char *)buffer, bufferLen, "%s", extraData->variablePackageName);
APPSPAWN_CHECK(len > 0 && ((uint32_t)len < bufferLen),
return -1, "Failed to format path app: %{public}s", context->bundleName);
*realLen = (uint32_t)len;
return 0;
}
AppSpawnMsgBundleInfo *bundleInfo = (AppSpawnMsgBundleInfo *)GetSpawningMsgInfo(context, TLV_BUNDLE_INFO);
APPSPAWN_CHECK(bundleInfo != NULL, return APPSPAWN_TLV_NONE,
"No bundle info in msg %{public}s", context->bundleName);
uint32_t flags = CheckAppSpawnMsgFlag(context->message, TLV_MSG_FLAGS, APP_FLAGS_CLONE_ENABLE) ? 1 : 0;
flags |= CheckAppSpawnMsgFlag(context->message, TLV_MSG_FLAGS, APP_FLAGS_EXTENSION_SANDBOX) ? 0x2 : 0;
char *extension = GetAppSpawnMsgExtInfo(context->message, MSG_EXT_NAME_APP_EXTENSION, NULL);
int32_t len = 0;
switch (flags) {
case 0: // default,
len = sprintf_s((char *)buffer, bufferLen, "%s", bundleInfo->bundleName);
break;
case 1: // 1 +clone-bundleIndex+packageName
len = sprintf_s((char *)buffer, bufferLen, "+clone-%u+%s", bundleInfo->bundleIndex, bundleInfo->bundleName);
break;
case 2: { // 2 +extension-<extensionType>+packageName
APPSPAWN_CHECK(extension != NULL, return -1, "Invalid extension data ");
len = sprintf_s((char *)buffer, bufferLen, "+extension-%s+%s", extension, bundleInfo->bundleName);
break;
}
case 3: { // 3 +clone-bundleIndex+extension-<extensionType>+packageName
APPSPAWN_CHECK(extension != NULL, return -1, "Invalid extension data ");
len = sprintf_s((char *)buffer, bufferLen, "+clone-%u+extension-%s+%s",
bundleInfo->bundleIndex, extension, bundleInfo->bundleName);
break;
}
default:
break;
}
APPSPAWN_CHECK(len > 0 && ((uint32_t)len < bufferLen),
return -1, "Failed to format path app: %{public}s flags %{public}u", context->bundleName, flags);
*realLen = (uint32_t)len;
return 0;
}
static int GetVariableName(char *varData, uint32_t len, const char *varStart, uint32_t *varLen)
{
uint32_t i = 0;
@ -289,6 +335,7 @@ void AddDefaultVariable(void)
AddVariableReplaceHandler("<deps-sandbox-path>", ReplaceVariableForDepSandboxPath);
AddVariableReplaceHandler("<deps-src-path>", ReplaceVariableForDepSrcPath);
AddVariableReplaceHandler("<deps-path>", ReplaceVariableForDepPath);
AddVariableReplaceHandler("<variablePackageName>", ReplaceVariableForpackageName);
}
void ClearVariable(void)

6
modules/sandbox/sandbox_expand.c
View File

@ -84,6 +84,10 @@ static inline char *GetLastPath(const char *libPhysicalPath)
static int MountAllGroup(const SandboxContext *context, const cJSON *groups)
{
APPSPAWN_CHECK(context != NULL && groups != NULL, return -1, "Invalid context or group");
unsigned long mountFlags = MS_REC | MS_BIND;
if (!CheckAppSpawnMsgFlag(context->message, TLV_MSG_FLAGS, APP_FLAGS_ISOLATED_SANDBOX)) {
mountFlags = MS_NODEV | MS_RDONLY;
}
int ret = 0;
cJSON *dataGroupIds = cJSON_GetObjectItemCaseSensitive(groups, "dataGroupId");
cJSON *gids = cJSON_GetObjectItemCaseSensitive(groups, "gid");
@ -110,7 +114,7 @@ static int MountAllGroup(const SandboxContext *context, const cJSON *groups)
APPSPAWN_LOGV("MountAllGroup src: '%{public}s' =>'%{public}s'", libPhysicalPath, context->buffer[0].buffer);
CreateSandboxDir(context->buffer[0].buffer, FILE_MODE);
MountArg mountArg = {libPhysicalPath, context->buffer[0].buffer, NULL, MS_REC | MS_BIND, NULL, MS_SLAVE};
MountArg mountArg = {libPhysicalPath, context->buffer[0].buffer, NULL, mountFlags, NULL, MS_SLAVE};
ret = SandboxMountPath(&mountArg);
APPSPAWN_CHECK(ret == 0, return ret, "mount library failed %{public}d", ret);
}

87
modules/sandbox/sandbox_utils.cpp
View File

@ -347,6 +347,44 @@ unsigned long SandboxUtils::GetMountFlagsFromConfig(const std::vector<std::strin
return mountFlags;
}
static std::string ReplaceVariablePackageName(const AppSpawningCtx *appProperty, const std::string &path)
{
std::string tmpSandboxPath = path;
AppSpawnMsgBundleInfo *bundleInfo =
reinterpret_cast<AppSpawnMsgBundleInfo *>(GetAppProperty(appProperty, TLV_BUNDLE_INFO));
APPSPAWN_CHECK(bundleInfo != NULL, return "", "No bundle info in msg %{public}s", GetBundleName(appProperty));
uint32_t flags = CheckAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_CLONE_ENABLE) ? 1 : 0;
char *extension = reinterpret_cast<char *>(
GetAppSpawnMsgExtInfo(appProperty->message, MSG_EXT_NAME_APP_EXTENSION, NULL));
std::ostringstream variablePackageName;
switch (flags) {
case 0: // default,
variablePackageName << bundleInfo->bundleName;
break;
case 1: // 1 +clone-bundleIndex+packageName
variablePackageName << "+clone-" << bundleInfo->bundleIndex << "+" << bundleInfo->bundleName;
break;
case 2: { // 2 +extension-<extensionType>+packageName
APPSPAWN_CHECK(extension != NULL, return "", "Invalid extension data ");
variablePackageName << "+extension-" << extension << "+" << bundleInfo->bundleName;
break;
}
case 3: { // 3 +clone-bundleIndex+extension-<extensionType>+packageName
APPSPAWN_CHECK(extension != NULL, return "", "Invalid extension data ");
variablePackageName << "+clone-" << bundleInfo->bundleIndex << "+extension" << "-" <<
extension << "+" << bundleInfo->bundleName;
break;
}
default:
variablePackageName << bundleInfo->bundleName;
break;
}
tmpSandboxPath = replace_all(tmpSandboxPath, g_variablePackageName, variablePackageName.str());
APPSPAWN_LOGV("tmpSandboxPath %{public}s", tmpSandboxPath.c_str());
return tmpSandboxPath;
}
string SandboxUtils::ConvertToRealPath(const AppSpawningCtx *appProperty, std::string path)
{
AppSpawnMsgBundleInfo *info =
@ -377,7 +415,7 @@ string SandboxUtils::ConvertToRealPath(const AppSpawningCtx *appProperty, std::s
oldPath = replace_all(oldPath, g_variablePackageName, variablePackageName);
if (!CheckAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_ATOMIC_SERVICE) ||
!CheckDirRecursive(oldPath)) {
return oldPath;
return ReplaceVariablePackageName(appProperty, path);
}
std::string accountId = GetExtraInfoByType(appProperty, MSG_EXT_NAME_ACCOUNT_ID);
if (accountId.length() != 0) {
@ -386,7 +424,9 @@ string SandboxUtils::ConvertToRealPath(const AppSpawningCtx *appProperty, std::s
MakeDirRecursive(path, FILE_MODE);
int ret = chown(path.c_str(), dacInfo->uid, dacInfo->gid);
APPSPAWN_CHECK_ONLY_LOG(ret == 0, "chown failed, path %{public}s, errno %{public}d", path.c_str(), errno);
return path;
}
return ReplaceVariablePackageName(appProperty, path);
}
return path;
@ -632,11 +672,11 @@ std::string SandboxUtils::GetSandboxPath(const AppSpawningCtx *appProperty, nloh
const std::string &section, std::string sandboxRoot)
{
std::string sandboxPath = "";
std::string tmpSandboxPath = mntPoint[g_sandBoxPath].get<std::string>();
if (section.compare(g_permissionPrefix) == 0) {
sandboxPath = sandboxRoot + ConvertToRealPathWithPermission(appProperty,
mntPoint[g_sandBoxPath].get<std::string>());
sandboxPath = sandboxRoot + ConvertToRealPathWithPermission(appProperty, tmpSandboxPath);
} else {
sandboxPath = sandboxRoot + ConvertToRealPath(appProperty, mntPoint[g_sandBoxPath].get<std::string>());
sandboxPath = sandboxRoot + ConvertToRealPath(appProperty, tmpSandboxPath);
}
return sandboxPath;
}
@ -1135,6 +1175,11 @@ int32_t SandboxUtils::MountAllGroup(const AppSpawningCtx *appProperty, std::stri
return ret;
}
mode_t mountFlags = MS_REC | MS_BIND;
if (CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX)) {
mountFlags = MS_NODEV | MS_RDONLY;
}
nlohmann::json groups = nlohmann::json::parse(dataGroupInfo.c_str(), nullptr, false);
APPSPAWN_CHECK(!groups.is_discarded() && groups.contains(g_groupList_key_dataGroupId)
&& groups.contains(g_groupList_key_gid) && groups.contains(g_groupList_key_dir), return -1,
@ -1160,7 +1205,7 @@ int32_t SandboxUtils::MountAllGroup(const AppSpawningCtx *appProperty, std::stri
std::string dataGroupUuid = libPhysicalPath.substr(lastPathSplitPos + 1);
std::string mntPath = sandboxPackagePath + g_sandboxGroupPath + dataGroupUuid;
ret = DoAppSandboxMountOnce(libPhysicalPath.c_str(), mntPath.c_str(), "", BASIC_MOUNT_FLAGS, nullptr);
ret = DoAppSandboxMountOnce(libPhysicalPath.c_str(), mntPath.c_str(), "", mountFlags, nullptr);
APPSPAWN_CHECK(ret == 0, return ret, "mount library failed %d", ret);
}
return ret;
@ -1394,7 +1439,19 @@ int32_t SandboxUtils::ChangeCurrentDir(std::string &sandboxPackagePath, const st
return ret;
}
int32_t SandboxUtils::SetAppSandboxProperty(AppSpawningCtx *appProperty)
static inline int EnableSandboxNamespace(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags)
{
int rc = unshare(sandboxNsFlags);
APPSPAWN_CHECK(rc == 0, return rc, "unshare failed, packagename is %{public}s", GetBundleName(appProperty));
if ((sandboxNsFlags & CLONE_NEWNET) == CLONE_NEWNET) {
rc = EnableNewNetNamespace();
APPSPAWN_CHECK(rc == 0, return rc, "Set new netnamespace failed %{public}s", GetBundleName(appProperty));
}
return 0;
}
int32_t SandboxUtils::SetAppSandboxProperty(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags)
{
APPSPAWN_CHECK(appProperty != nullptr, return -1, "Invalid appspwn client");
if (CheckBundleName(GetBundleName(appProperty)) != 0) {
@ -1413,7 +1470,7 @@ int32_t SandboxUtils::SetAppSandboxProperty(AppSpawningCtx *appProperty)
MakeDirRecursive(sandboxPackagePath.c_str(), FILE_MODE);
// add pid to a new mnt namespace
int rc = unshare(CLONE_NEWNS);
int rc = EnableSandboxNamespace(appProperty, sandboxNsFlags);
APPSPAWN_CHECK(rc == 0, return rc, "unshare failed, packagename is %{public}s", bundleName.c_str());
int index = 0;
@ -1447,7 +1504,7 @@ int32_t SandboxUtils::SetAppSandboxProperty(AppSpawningCtx *appProperty)
return 0;
}
int32_t SandboxUtils::SetAppSandboxPropertyNweb(AppSpawningCtx *appProperty)
int32_t SandboxUtils::SetAppSandboxPropertyNweb(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags)
{
APPSPAWN_CHECK(appProperty != nullptr, return -1, "Invalid appspwn client");
if (CheckBundleName(GetBundleName(appProperty)) != 0) {
@ -1460,7 +1517,7 @@ int32_t SandboxUtils::SetAppSandboxPropertyNweb(AppSpawningCtx *appProperty)
MakeDirRecursive(sandboxPackagePath.c_str(), FILE_MODE);
// add pid to a new mnt namespace
int rc = unshare(CLONE_NEWNS);
int rc = EnableSandboxNamespace(appProperty, sandboxNsFlags);
APPSPAWN_CHECK(rc == 0, return rc, "unshare failed, packagename is %{public}s", bundleName.c_str());
// check app sandbox switch
@ -1566,10 +1623,16 @@ int32_t SetAppSandboxProperty(AppSpawnMgr *content, AppSpawningCtx *property)
return ret;
}
}
uint32_t sandboxNsFlags = CLONE_NEWNS;
if (CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX)) {
sandboxNsFlags |= content->content.sandboxNsFlags & CLONE_NEWNET ? CLONE_NEWNET : 0;
}
APPSPAWN_LOGV("SetAppSandboxProperty sandboxNsFlags 0x%{public}x", sandboxNsFlags);
if (IsNWebSpawnMode(content)) {
ret = OHOS::AppSpawn::SandboxUtils::SetAppSandboxPropertyNweb(property);
ret = OHOS::AppSpawn::SandboxUtils::SetAppSandboxPropertyNweb(property, sandboxNsFlags);
} else {
ret = OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(property);
ret = OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(property, sandboxNsFlags);
}
// for module test do not create sandbox, use APP_FLAGS_IGNORE_SANDBOX to ignore sandbox result
if (CheckAppMsgFlagsSet(property, APP_FLAGS_IGNORE_SANDBOX)) {
@ -1678,6 +1741,7 @@ static int SpawnMountDirOnLock(AppSpawnMgr *content, AppSpawningCtx *property)
return 0;
}
#ifndef APPSPAWN_SANDBOX_NEW
MODULE_CONSTRUCTOR(void)
{
APPSPAWN_LOGV("Load sandbox module ...");
@ -1685,3 +1749,4 @@ MODULE_CONSTRUCTOR(void)
(void)AddAppSpawnHook(STAGE_PARENT_PRE_FORK, HOOK_PRIO_COMMON, SpawnMountDirOnLock);
(void)AddAppSpawnHook(STAGE_CHILD_EXECUTE, HOOK_PRIO_SANDBOX, SetAppSandboxProperty);
}
#endif

4
modules/sandbox/sandbox_utils.h
View File

@ -32,8 +32,8 @@ class SandboxUtils {
public:
static void StoreJsonConfig(nlohmann::json &appSandboxConfig);
static std::vector<nlohmann::json> &GetJsonConfig();
static int32_t SetAppSandboxProperty(AppSpawningCtx *client);
static int32_t SetAppSandboxPropertyNweb(AppSpawningCtx *client);
static int32_t SetAppSandboxProperty(AppSpawningCtx *client, uint32_t sandboxNsFlags = CLONE_NEWNS);
static int32_t SetAppSandboxPropertyNweb(AppSpawningCtx *client, uint32_t sandboxNsFlags = CLONE_NEWNS);
static uint32_t GetSandboxNsFlags(bool isNweb);
static std::set<std::string> GetMountPermissionNames();
static std::string GetExtraInfoByType(const AppSpawningCtx *appProperty, const std::string &type);

254
test/unittest/app_spawn_standard_test/app_spawn_sandbox_new_test.cpp
View File

@ -1998,4 +1998,258 @@ HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_Deps_005, TestSize.Level0)
AppSpawnClientDestroy(clientHandle);
ASSERT_EQ(ret, 0);
}
/**
* @brief app extension
*
*/
HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_001, TestSize.Level0)
{
AppSpawnSandboxCfg *sandbox = nullptr;
AppSpawnClientHandle clientHandle = nullptr;
AppSpawnReqMsgHandle reqHandle = 0;
AppSpawningCtx *property = nullptr;
int ret = -1;
do {
ret = AppSpawnClientInit(APPSPAWN_SERVER_NAME, &clientHandle);
APPSPAWN_CHECK(ret == 0, break, "Failed to create reqMgr %{public}s", APPSPAWN_SERVER_NAME);
reqHandle = g_testHelper.CreateMsg(clientHandle, MSG_APP_SPAWN, 1);
APPSPAWN_CHECK(reqHandle != INVALID_REQ_HANDLE, break, "Failed to create req %{public}s", APPSPAWN_SERVER_NAME);
// set APP_FLAGS_ISOLATED_SANDBOX
ret = AppSpawnReqMsgSetAppFlag(reqHandle, APP_FLAGS_ISOLATED_SANDBOX);
APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break);
ret = APPSPAWN_ARG_INVALID;
property = g_testHelper.GetAppProperty(clientHandle, reqHandle);
APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break);
sandbox = CreateAppSpawnSandbox();
APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break);
ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str());
APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break);
ret = MountSandboxConfigs(sandbox, property, 0);
} while (0);
if (sandbox) {
DeleteAppSpawnSandbox(sandbox);
}
DeleteAppSpawningCtx(property);
AppSpawnClientDestroy(clientHandle);
ASSERT_EQ(ret, 0);
}
HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_002, TestSize.Level0)
{
AppSpawnSandboxCfg *sandbox = nullptr;
AppSpawnClientHandle clientHandle = nullptr;
AppSpawnReqMsgHandle reqHandle = 0;
AppSpawningCtx *property = nullptr;
int ret = -1;
do {
ret = AppSpawnClientInit(APPSPAWN_SERVER_NAME, &clientHandle);
APPSPAWN_CHECK(ret == 0, break, "Failed to create reqMgr %{public}s", APPSPAWN_SERVER_NAME);
reqHandle = g_testHelper.CreateMsg(clientHandle, MSG_APP_SPAWN, 1);
APPSPAWN_CHECK(reqHandle != INVALID_REQ_HANDLE, break, "Failed to create req %{public}s", APPSPAWN_SERVER_NAME);
// set APP_FLAGS_ISOLATED_SANDBOX
ret = AppSpawnReqMsgSetAppFlag(reqHandle, APP_FLAGS_ISOLATED_SANDBOX);
APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break);
ret = APPSPAWN_ARG_INVALID;
property = g_testHelper.GetAppProperty(clientHandle, reqHandle);
APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break);
sandbox = CreateAppSpawnSandbox();
APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break);
ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str());
APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break);
sandbox->sandboxNsFlags = CLONE_NEWPID; // only pid
ret = MountSandboxConfigs(sandbox, property, 0);
} while (0);
if (sandbox) {
DeleteAppSpawnSandbox(sandbox);
}
DeleteAppSpawningCtx(property);
AppSpawnClientDestroy(clientHandle);
ASSERT_EQ(ret, 0);
}
HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_003, TestSize.Level0)
{
AppSpawnSandboxCfg *sandbox = nullptr;
AppSpawnClientHandle clientHandle = nullptr;
AppSpawnReqMsgHandle reqHandle = 0;
AppSpawningCtx *property = nullptr;
int ret = -1;
do {
ret = AppSpawnClientInit(APPSPAWN_SERVER_NAME, &clientHandle);
APPSPAWN_CHECK(ret == 0, break, "Failed to create reqMgr %{public}s", APPSPAWN_SERVER_NAME);
reqHandle = g_testHelper.CreateMsg(clientHandle, MSG_APP_SPAWN, 1);
APPSPAWN_CHECK(reqHandle != INVALID_REQ_HANDLE, break, "Failed to create req %{public}s", APPSPAWN_SERVER_NAME);
// set APP_FLAGS_ISOLATED_SANDBOX
ret = AppSpawnReqMsgSetAppFlag(reqHandle, APP_FLAGS_ISOLATED_SANDBOX);
APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break);
// add expand info to msg
const char dataGroupInfoListStr[] = "{ \
\"dataGroupId\":[\"1234abcd5678efgh\", \"abcduiop1234\"], \
\"dir\":[\"/data/app/el2/100/group/091a68a9-2cc9-4279-8849-28631b598975\", \
\"/data/app/el2/100/group/ce876162-fe69-45d3-aa8e-411a047af564\"], \
\"gid\":[\"20100001\", \"20100002\"] \
}";
ret = AppSpawnReqMsgAddStringInfo(reqHandle, "DataGroup", dataGroupInfoListStr);
APPSPAWN_CHECK(ret == 0, break, "Failed to ext tlv %{public}s", dataGroupInfoListStr);
ret = APPSPAWN_ARG_INVALID;
property = g_testHelper.GetAppProperty(clientHandle, reqHandle);
APPSPAWN_CHECK_ONLY_EXPER(property != nullptr, break);
sandbox = CreateAppSpawnSandbox();
APPSPAWN_CHECK_ONLY_EXPER(sandbox != nullptr, break);
ret = TestParseAppSandboxConfig(sandbox, g_commonConfig.c_str());
APPSPAWN_CHECK_ONLY_EXPER(ret == 0, break);
ret = MountSandboxConfigs(sandbox, property, 0);
} while (0);
if (sandbox) {
DeleteAppSpawnSandbox(sandbox);
}
DeleteAppSpawningCtx(property);
AppSpawnClientDestroy(clientHandle);
ASSERT_EQ(ret, 0);
}
HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_004, TestSize.Level0)
{
AppSpawningCtx *spawningCtx = TestCreateAppSpawningCtx();
SandboxContext *context = TestGetSandboxContext(spawningCtx, 0);
ASSERT_EQ(context != nullptr, 1);
const char *value = GetSandboxRealVar(context, 0, "/system/<variablePackageName>/module", nullptr, nullptr);
APPSPAWN_LOGV("value %{public}s", value);
ASSERT_EQ(value != nullptr, 1);
ASSERT_EQ(strcmp(value, "/system/com.example.myapplication/module") == 0, 1);
DeleteSandboxContext(context);
DeleteAppSpawningCtx(spawningCtx);
}
HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_005, TestSize.Level0)
{
AppSpawningCtx *spawningCtx = TestCreateAppSpawningCtx();
ASSERT_EQ(spawningCtx != nullptr, 1);
int ret = SetAppSpawnMsgFlag(spawningCtx->message, TLV_MSG_FLAGS, APP_FLAGS_CLONE_ENABLE);
ASSERT_EQ(ret, 0);
SandboxContext *context = TestGetSandboxContext(spawningCtx, 0);
ASSERT_EQ(context != nullptr, 1);
const char *value = GetSandboxRealVar(context, 0, "/system/<variablePackageName>/module", nullptr, nullptr);
APPSPAWN_LOGV("value %{public}s", value);
ASSERT_EQ(value != nullptr, 1); // +clone-bundleIndex+packageName
ASSERT_EQ(strcmp(value, "/system/+clone-100+com.example.myapplication/module") == 0, 1);
DeleteSandboxContext(context);
DeleteAppSpawningCtx(spawningCtx);
}
HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_006, TestSize.Level0)
{
AppSpawnClientHandle clientHandle = nullptr;
int ret = AppSpawnClientInit(APPSPAWN_SERVER_NAME, &clientHandle);
ASSERT_EQ(ret, 0);
AppSpawnReqMsgHandle reqHandle = g_testHelper.CreateMsg(clientHandle, MSG_APP_SPAWN, 0);
ASSERT_EQ(reqHandle != nullptr, 1);
ret = AppSpawnReqMsgAddStringInfo(reqHandle, MSG_EXT_NAME_APP_EXTENSION, "test001");
ASSERT_EQ(ret, 0);
ret = AppSpawnReqMsgSetAppFlag(reqHandle, APP_FLAGS_EXTENSION_SANDBOX);
ASSERT_EQ(ret, 0);
AppSpawningCtx *spawningCtx = g_testHelper.GetAppProperty(clientHandle, reqHandle);
ASSERT_EQ(spawningCtx != nullptr, 1);
SandboxContext *context = TestGetSandboxContext(spawningCtx, 0);
ASSERT_EQ(context != nullptr, 1);
const char *value = GetSandboxRealVar(context, 0, "/system/<variablePackageName>/module", nullptr, nullptr);
APPSPAWN_LOGV("value %{public}s", value);
ASSERT_EQ(value != nullptr, 1); // +extension-<extensionType>+packageName
ASSERT_EQ(strcmp(value, "/system/+extension-test001+com.example.myapplication/module") == 0, 1);
DeleteSandboxContext(context);
DeleteAppSpawningCtx(spawningCtx);
AppSpawnClientDestroy(clientHandle);
}
HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_007, TestSize.Level0)
{
AppSpawnClientHandle clientHandle = nullptr;
int ret = AppSpawnClientInit(APPSPAWN_SERVER_NAME, &clientHandle);
ASSERT_EQ(ret, 0);
AppSpawnReqMsgHandle reqHandle = g_testHelper.CreateMsg(clientHandle, MSG_APP_SPAWN, 0);
ASSERT_EQ(reqHandle != nullptr, 1);
ret = AppSpawnReqMsgAddStringInfo(reqHandle, MSG_EXT_NAME_APP_EXTENSION, "test001");
ASSERT_EQ(ret, 0);
ret = AppSpawnReqMsgSetAppFlag(reqHandle, APP_FLAGS_EXTENSION_SANDBOX);
ASSERT_EQ(ret, 0);
ret = AppSpawnReqMsgSetAppFlag(reqHandle, APP_FLAGS_CLONE_ENABLE);
ASSERT_EQ(ret, 0);
AppSpawningCtx *spawningCtx = g_testHelper.GetAppProperty(clientHandle, reqHandle);
ASSERT_EQ(spawningCtx != nullptr, 1);
SandboxContext *context = TestGetSandboxContext(spawningCtx, 0);
ASSERT_EQ(context != nullptr, 1);
const char *value = GetSandboxRealVar(context, 0, "/system/<variablePackageName>/module", nullptr, nullptr);
APPSPAWN_LOGV("value %{public}s", value);
ASSERT_EQ(value != nullptr, 1); // +clone-bundleIndex+extension-<extensionType>+packageName
ASSERT_EQ(strcmp(value, "/system/+clone-100+extension-test001+com.example.myapplication/module") == 0, 1);
DeleteSandboxContext(context);
DeleteAppSpawningCtx(spawningCtx);
AppSpawnClientDestroy(clientHandle);
}
HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_008, TestSize.Level0)
{
AppSpawnClientHandle clientHandle = nullptr;
int ret = AppSpawnClientInit(APPSPAWN_SERVER_NAME, &clientHandle);
ASSERT_EQ(ret, 0);
AppSpawnReqMsgHandle reqHandle = g_testHelper.CreateMsg(clientHandle, MSG_APP_SPAWN, 0);
ASSERT_EQ(reqHandle != nullptr, 1);
ret = AppSpawnReqMsgSetAppFlag(reqHandle, APP_FLAGS_EXTENSION_SANDBOX);
ASSERT_EQ(ret, 0);
ret = AppSpawnReqMsgSetAppFlag(reqHandle, APP_FLAGS_CLONE_ENABLE);
ASSERT_EQ(ret, 0);
AppSpawningCtx *spawningCtx = g_testHelper.GetAppProperty(clientHandle, reqHandle);
ASSERT_EQ(spawningCtx != nullptr, 1);
SandboxContext *context = TestGetSandboxContext(spawningCtx, 0);
ASSERT_EQ(context != nullptr, 1);
const char *value = GetSandboxRealVar(context, 0, "/system/<variablePackageName>/module", nullptr, nullptr);
ASSERT_EQ(value == nullptr, 1);
DeleteSandboxContext(context);
DeleteAppSpawningCtx(spawningCtx);
AppSpawnClientDestroy(clientHandle);
}
HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_009, TestSize.Level0)
{
AppSpawnClientHandle clientHandle = nullptr;
int ret = AppSpawnClientInit(APPSPAWN_SERVER_NAME, &clientHandle);
ASSERT_EQ(ret, 0);
AppSpawnReqMsgHandle reqHandle = g_testHelper.CreateMsg(clientHandle, MSG_APP_SPAWN, 0);
ASSERT_EQ(reqHandle != nullptr, 1);
ret = AppSpawnReqMsgSetAppFlag(reqHandle, APP_FLAGS_EXTENSION_SANDBOX);
ASSERT_EQ(ret, 0);
AppSpawningCtx *spawningCtx = g_testHelper.GetAppProperty(clientHandle, reqHandle);
ASSERT_EQ(spawningCtx != nullptr, 1);
SandboxContext *context = TestGetSandboxContext(spawningCtx, 0);
ASSERT_EQ(context != nullptr, 1);
const char *value = GetSandboxRealVar(context, 0, "/system/<variablePackageName>/module", nullptr, nullptr);
ASSERT_EQ(value == nullptr, 1);
DeleteSandboxContext(context);
DeleteAppSpawningCtx(spawningCtx);
AppSpawnClientDestroy(clientHandle);
}
} // namespace OHOS

2
util/include/appspawn_utils.h
View File

@ -121,6 +121,8 @@ int IsDeveloperModeOpen();
void InitCommonEnv(void);
int ConvertEnvValue(const char *srcEnv, char *dstEnv, int len);
int EnableNewNetNamespace(void);
#ifndef APP_FILE_NAME
#define APP_FILE_NAME (strrchr((__FILE__), '/') ? strrchr((__FILE__), '/') + 1 : (__FILE__))
#endif

77
util/src/appspawn_utils.c
View File

@ -17,11 +17,16 @@
#include <ctype.h>
#include <dirent.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <linux/if.h>
#include <sys/ioctl.h>
#include <sys/mount.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/types.h>
@ -115,9 +120,6 @@ uint64_t DiffTime(const struct timespec *startTime, const struct timespec *endTi
int MakeDirRec(const char *path, mode_t mode, int lastPath)
{
if (path == NULL || *path == '\0') {
return -1;
}
APPSPAWN_CHECK(path != NULL && *path != '\0', return -1, "Invalid path to create");
char buffer[PATH_MAX] = {0};
const char slash = '/';
@ -208,11 +210,6 @@ char *GetLastStr(const char *str, const char *dst)
char *end = (char *)str + strlen(str);
size_t len = strlen(dst);
while (end != str) {
if (isspace(*end)) { // clear space
*end = '\0';
end--;
continue;
}
if (strncmp(end, dst, len) == 0) {
return end;
}
@ -221,8 +218,9 @@ char *GetLastStr(const char *str, const char *dst)
return NULL;
}
static char *ReadFile(const char *fileName)
char *ReadFile(const char *fileName)
{
APPSPAWN_CHECK_ONLY_EXPER(fileName != NULL, return NULL);
char *buffer = NULL;
FILE *fd = NULL;
do {
@ -231,7 +229,6 @@ static char *ReadFile(const char *fileName)
fileStat.st_size <= 0 || fileStat.st_size > MAX_JSON_FILE_LEN) {
return NULL;
}
APPSPAWN_LOGI("LoadAppSandboxConfig %{public}s size %{public}u", fileName, (uint32_t)fileStat.st_size);
fd = fopen(fileName, "r");
APPSPAWN_CHECK(fd != NULL, break, "Failed to open file %{public}s", fileName);
@ -302,22 +299,7 @@ void DumpCurrentDir(char *buffer, uint32_t bufferLen, const char *dirPath)
{
APPSPAWN_CHECK_ONLY_EXPER(buffer != NULL, return);
APPSPAWN_CHECK_ONLY_EXPER(dirPath != NULL, return);
APPSPAWN_CHECK_ONLY_EXPER(bufferLen > 0 , return);
char tmp[32] = {0}; // 32 max
int ret = GetParameter("startup.appspawn.cold.boot", "", tmp, sizeof(tmp));
if (ret <= 0 || strcmp(tmp, "1") != 0) {
return;
}
struct stat st = {};
if (stat(dirPath, &st) == 0 && S_ISREG(st.st_mode)) {
APPSPAWN_LOGW("file %{public}s", dirPath);
if (access(dirPath, F_OK) != 0) {
APPSPAWN_LOGW("file %{public}s not exist", dirPath);
}
return;
}
APPSPAWN_CHECK_ONLY_EXPER(bufferLen > 0, return);
DIR *pDir = opendir(dirPath);
APPSPAWN_CHECK(pDir != NULL, return, "Read dir :%{public}s failed.%{public}d", dirPath, errno);
@ -329,7 +311,7 @@ void DumpCurrentDir(char *buffer, uint32_t bufferLen, const char *dirPath)
}
if (dp->d_type == DT_DIR) {
APPSPAWN_LOGW(" Current path %{public}s/%{public}s ", dirPath, dp->d_name);
ret = snprintf_s(buffer, bufferLen, bufferLen - 1, "%s/%s", dirPath, dp->d_name);
int ret = snprintf_s(buffer, bufferLen, bufferLen - 1, "%s/%s", dirPath, dp->d_name);
APPSPAWN_CHECK(ret > 0, break, "Failed to snprintf_s errno: %{public}d", errno);
char *path = strdup(buffer);
DumpCurrentDir(buffer, bufferLen, path);
@ -361,19 +343,28 @@ void AppSpawnDump(const char *fmt, ...)
if (g_dumpToStream == NULL) {
return;
}
APPSPAWN_CHECK_ONLY_EXPER(fmt != NULL, return);
char format[128] = {0}; // 128 max buffer for format
uint32_t size = strlen(fmt);
int curr = 0;
for (uint32_t index = 0; index < size; index++) {
if (curr >= (int)sizeof(format)) {
format[curr - 1] = '\0';
if (curr >= (int)sizeof(format)) { // invalid format
return;
}
if (fmt[index] == '%' && (strncmp(&fmt[index + 1], "{public}", strlen("{public}")) == 0)) {
if (fmt[index] != '%') {
format[curr++] = fmt[index];
continue;
}
if (strncmp(&fmt[index + 1], "{public}", strlen("{public}")) == 0) {
format[curr++] = fmt[index];
index += strlen("{public}");
continue;
}
format[curr++] = fmt[index];
if (strncmp(&fmt[index + 1], "{private}", strlen("{private}")) == 0) {
format[curr++] = fmt[index];
index += strlen("{private}");
continue;
}
}
va_list vargs;
va_start(vargs, format);
@ -411,3 +402,27 @@ uint32_t GetSpawnTimeout(uint32_t def)
}
return value;
}
int EnableNewNetNamespace(void)
{
int sockfd = socket(AF_INET, SOCK_DGRAM, 0);
APPSPAWN_CHECK(sockfd >= 0, return APPSPAWN_SYSTEM_ERROR, "Failed to create socket errno %{public}d", errno);
// enable loop
int ret = 0;
do {
struct ifreq ifr = {};
ret = strcpy_s(ifr.ifr_name, sizeof(ifr.ifr_name), "lo");
APPSPAWN_CHECK(ret == 0, break, "Failed to copy if name");
ret = ioctl(sockfd, SIOCGIFFLAGS, &ifr);
APPSPAWN_CHECK(ret >= 0, break, "ioctl SIOCGIFFLAGS errno %{public}d", errno);
ifr.ifr_flags |= IFF_UP | IFF_LOOPBACK;
ret = ioctl(sockfd, SIOCSIFFLAGS, &ifr);
APPSPAWN_CHECK(ret >= 0, break, "ioctl SIOCSIFFLAGS errno %{public}d", errno);
} while (0);
close(sockfd);
APPSPAWN_LOGV("Enable network namespace result %{public}d", ret);
return ret;
}