openharmony/startup_appspawn
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_appspawn synced 2024-12-03 12:53:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add user id for sandbox root dir

Browse Source 
Signed-off-by: zhangkaixiang <zhangkaixiang5@huawei.com>
Change-Id: Ib496af3736c5303bc481e4cba57ce52c8ea2ef59
This commit is contained in:
zhangkaixiang 2024-01-04 13:53:07 +00:00
parent 29f4bbea34
commit 40994ab4eb
4 changed files with 13 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
appdata-sandbox.json
View File

@ -2,7 +2,6 @@
"common" : [{
"top-sandbox-switch": "ON",
"app-base" : [{
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"sandbox-ns-flags": [ "pid" ],
"mount-paths" : [{
"src-path" : "/config",
@ -95,7 +94,7 @@
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "true"
}, {
"src-path" : "/mnt/sandbox/<PackageName>/data/storage/el2",
"src-path" : "/mnt/sandbox/<currentUserId>/<PackageName>/data/storage/el2",
"sandbox-path" : "/data/storage/el2",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
@ -216,7 +215,6 @@
]
}],
"app-resources" : [{
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/data/app/el1/bundle/public/com.ohos.nweb",
"sandbox-path" : "/data/storage/el1/bundle/nweb",
@ -251,7 +249,6 @@
],
"flags-point" : [{
"flags": "DLP_MANAGER",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/data/app/el2/<currentUserId>/base/<PackageName_index>",
"sandbox-path" : "/data/storage/el2/base",
@ -285,7 +282,6 @@
}
]}, {
"flags": "START_FLAGS_BACKUP",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths": [{
"src-path": "/data/service/el2/<currentUserId>/backup/bundles/<PackageName>",
"sandbox-path": "/data/storage/el2/backup",
@ -306,7 +302,6 @@
"individual" : [{
"com.huawei.ohos.hiviewx" : [{
"sandbox-switch": "ON",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/data/log/",
"sandbox-path" : "/data/log/",
@ -318,7 +313,6 @@
}],
"com.huawei.ohos.betaclub" : [{
"sandbox-switch": "ON",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/data/log/",
"sandbox-path" : "/data/log/",
@ -330,7 +324,6 @@
}],
"com.ohos.medialibrary.medialibrarydata" : [{
"sandbox-switch": "ON",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/storage/media/<currentUserId>",
"sandbox-path" : "/storage/media",
@ -363,7 +356,6 @@
}],
"com.ohos.launcher" : [{
"sandbox-switch": "ON",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/data/app/el1/bundle/public/",
"sandbox-path" : "/data/bundles/",
@ -375,7 +367,6 @@
}],
"com.ohos.systemui" : [{
"sandbox-switch": "ON",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/data/app/el1/bundle/public/",
"sandbox-path" : "/data/app/el1/bundle/public/",
@ -387,7 +378,6 @@
}],
"com.ohos.sceneboard" : [{
"sandbox-switch": "ON",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/data/app/el1/bundle/public/",
"sandbox-path" : "/data/app/el1/bundle/public/",
@ -399,7 +389,6 @@
}],
"com.ohos.permissionmanager" : [{
"sandbox-switch": "ON",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/data/app/el1/bundle/public/",
"sandbox-path" : "/data/bundles/",
@ -411,7 +400,6 @@
}],
"com.ohos.certmanager" : [{
"sandbox-switch": "ON",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/data/app/el1/bundle/public/",
"sandbox-path" : "/data/bundles/",
@ -423,7 +411,6 @@
}],
"com.ohos.amsdialog" : [{
"sandbox-switch": "ON",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/data/app/el1/bundle/public/",
"sandbox-path" : "/data/bundles/",
@ -435,11 +422,9 @@
}],
"ohos.samples.ecg" : [{
"sandbox-switch": "ON",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [],
"flags-point" : [{
"flags": "NOT_SUPPORTED",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/data/app/el1/bundle/public/",
"sandbox-path" : "/data/bundles/",
@ -448,7 +433,6 @@
}
]}, {
"flags": "START_FLAGS_BACKUP",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/data/app/el1/bundle/public/",
"sandbox-path" : "/data/bundles/",
@ -461,7 +445,6 @@
}],
"com.ohos.dlpmanager" : [{
"sandbox-switch": "ON",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"sandbox-shared" : "true",
"mount-paths" : [{
"src-path" : "/mnt/data/<currentUserId>",
@ -481,7 +464,6 @@
}],
"com.ohos.UserFile.ExternalFileManager" : [{
"sandbox-switch": "ON",
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"mount-paths" : [{
"src-path" : "/data/service/el1/public/storage_daemon/share/public",
"sandbox-path" : "/data/storage/el1/bundle/storage_daemon",
@ -587,7 +569,6 @@
"permission":[{
"ohos.permission.FILE_ACCESS_MANAGER":[{
"sandbox-switch": "ON",
"sandbox-root": "/mnt/sandbox/<PackageName>",
"gids": [1006, 1008],
"mount-paths": [{
"src-path": "/data/service/el1/public/storage_daemon/share/public",
@ -620,7 +601,6 @@
}],
"ohos.permission.READ_IMAGEVIDEO":[{
"sandbox-switch": "ON",
"sandbox-root": "/mnt/sandbox/<PackageName>",
"gids": [1008],
"mount-paths": [{
"src-path": "/data/service/el2/<currentUserId>/hmdfs/account/files/.thumbs/Photo",
@ -631,7 +611,6 @@
}],
"ohos.permission.FILE_CROSS_APP":[{
"sandbox-switch": "ON",
"sandbox-root": "/mnt/sandbox/<PackageName>",
"gids": [1006],
"mount-paths": [{
"src-path": "/storage/media/<currentUserId>/local/files/Docs",
@ -669,7 +648,6 @@
}],
"ohos.permission.ACTIVATE_THEME_PACKAGE":[{
"sandbox-switch": "ON",
"sandbox-root": "/mnt/sandbox/<PackageName>",
"mount-paths": [{
"src-path": "/data/service/el1/public/themes/<currentUserId>/a/system",
"sandbox-path": "/data/themes/a/system",
@ -684,7 +662,6 @@
}],
"ohos.permission.GET_WALLPAPER":[{
"sandbox-switch": "ON",
"sandbox-root": "/mnt/sandbox/<PackageName>",
"mount-paths": [{
"src-path": "/data/service/el1/public/wallpaper/<currentUserId>",
"sandbox-path": "/data/wallpaper",
@ -694,7 +671,6 @@
}],
"ohos.permission.ACCESS_BUNDLE_DIR":[{
"sandbox-switch": "ON",
"sandbox-root": "/mnt/sandbox/<PackageName>",
"gids": [1010],
"mount-paths": [{
"src-path": "/data/app/el1/bundle/public",

4
etc/sandbox/appdata_sandbox_fixer.py
View File

@ -30,13 +30,13 @@ APP_SANDBOX_DEFAULT = '''
"common" : [{
"top-sandbox-switch": "ON",
"app-base" : [{
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"sandbox-root" : "/mnt/sandbox/<currentUserId>/<PackageName>",
"mount-paths" : [],
"symbol-links": [],
"flags-point" : []
}],
"app-resources" : [{
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"sandbox-root" : "/mnt/sandbox/<currentUserId>/<PackageName>",
"mount-paths" : [],
"flags-point" : [],
"symbol-links" : []

9
standard/appspawn_service.c
View File

@ -267,16 +267,21 @@ void MakeDirRec(const char *path)
static void MountAppEl2Dir(const AppSpawnClient* client)
{
const int userIdBase = 200000;
const char rootPath[] = "/mnt/sandbox/";
const char el2Path[] = "/data/storage/el2";
AppParameter *appProperty = &((AppSpawnClientExt *)client)->property;
if (IsUnlockStatus(appProperty->uid)) {
return;
}
size_t allPathSize = strlen(rootPath) + strlen(el2Path) + strlen(appProperty->bundleName) + 1;
char userId[USER_ID_SIZE] = {0};
size_t len = sprintf_s(userId, USER_ID_SIZE, "%u", appProperty->uid);
APPSPAWN_CHECK(len > 0 && (len < USER_ID_SIZE), return true, "Failed to get userId");
size_t allPathSize = strlen(rootPath) + strlen(el2Path) + strlen(appProperty->bundleName) + strlen(userId) + 1;
char *path = malloc(sizeof(char) * (allPathSize));
APPSPAWN_CHECK(path != NULL, return, "Failed to malloc path");
size_t len = sprintf_s(path, allPathSize, "%s%s%s", rootPath,
size_t len = sprintf_s(path, allPathSize, "%s%s/%s%s", rootPath, userId,
appProperty->bundleName, el2Path);
APPSPAWN_CHECK(len > 0 && (len < allPathSize), return, "Failed to get el2 path");

6
util/src/sandbox_utils.cpp
View File

@ -314,7 +314,7 @@ std::string SandboxUtils::GetSbxPathByConfig(const ClientSocket::AppProperty *ap
sandboxRoot = config[g_sandboxRootPrefix].get<std::string>();
sandboxRoot = ConvertToRealPath(appProperty, sandboxRoot);
} else {
sandboxRoot = g_sandBoxDir + appProperty->bundleName;
sandboxRoot = g_sandBoxDir + appProperty->bundleName + "/" + to_string(appProperty->uid / UID_BASE);
APPSPAWN_LOGE("read sandbox-root config failed, set sandbox-root to default root"
"app name is %{public}s", appProperty->bundleName);
}
@ -978,7 +978,7 @@ int32_t SandboxUtils::DoSandboxRootFolderCreateAdapt(std::string &sandboxPackage
#endif
MakeDirRecursive(sandboxPackagePath, FILE_MODE);
// bind mount "/" to /mnt/sandbox/<packageName> path
// bind mount "/" to /mnt/sandbox/<currentUserId>/<packageName> path
// rootfs: to do more resources bind mount here to get more strict resources constraints
#ifndef APPSPAWN_TEST
rc = mount("/", sandboxPackagePath.c_str(), NULL, BASIC_MOUNT_FLAGS, NULL);
@ -1271,7 +1271,7 @@ int32_t SandboxUtils::SetAppSandboxProperty(AppSpawnClient *client)
if (CheckBundleName(appProperty->bundleName) != 0) {
return -1;
}
std::string sandboxPackagePath = g_sandBoxRootDir;
std::string sandboxPackagePath = g_sandBoxRootDir + to_string(appProperty->uid / UID_BASE) + "/";
const std::string bundleName = appProperty->bundleName;
bool sandboxSharedStatus = GetSandboxPrivateSharedStatus(bundleName);
sandboxPackagePath += bundleName;