modify system/app dir mount point

Signed-off-by: wangfeng <wangfeng277@huawei.com>
2024-11-23 07:00:17 +00:00 · 2024-11-06 14:32:10 +08:00 · 2024-11-06 14:32:10 +08:00 · 5575ad8dfc
commit 5575ad8dfc
parent 61386951b5
6 changed files with 52 additions and 8 deletions
--- a/appdata-sandbox-app.json
+++ b/appdata-sandbox-app.json
@ -24,8 +24,11 @@
                "src-path" : "/module_update",
                "sandbox-path" : "/module_update"
            }, {
-                "src-path" : "/system/app",
-                "sandbox-path" : "/system/app"
+                "src-path" : "/system/app/appServiceFwk",
+                "sandbox-path" : "/system/app/appServiceFwk"
+            }, {
+                "src-path" : "/system/app/shared_bundles",
+                "sandbox-path" : "/system/app/shared_bundles"
            }, {
                "src-path" : "/system/fonts",
                "sandbox-path" : "/system/fonts"
@ -389,8 +392,14 @@
            }, {
                "src-path" : "/data/app/el1/bundle/<currentUserId>/hnp/<PackageName>",
                "sandbox-path" : "/data/app"
-            }
-        ]}],
+            }]
+        }, {
+            "name": "PREINSTALLED_HAP",
+            "mount-paths": [{
+                "src-path": "/system/app",
+                "sandbox-path": "/system/app"
+            }]
+        }],
        "package-name": [{
            "name": "com.ohos.medialibrary.medialibrarydata",
            "mount-paths" : [{
--- a/appdata-sandbox.json
+++ b/appdata-sandbox.json
@ -29,8 +29,13 @@
                    "sandbox-flags" : [ "bind", "rec" ],
                    "check-action-status": "false"
                }, {
-                    "src-path" : "/system/app",
-                    "sandbox-path" : "/system/app",
+                    "src-path" : "/system/app/appServiceFwk",
+                    "sandbox-path" : "/system/app/appServiceFwk",
+                    "sandbox-flags" : [ "bind", "rec" ],
+                    "check-action-status": "false"
+                }, {
+                    "src-path" : "/system/app/shared_bundles",
+                    "sandbox-path" : "/system/app/shared_bundles",
                    "sandbox-flags" : [ "bind", "rec" ],
                    "check-action-status": "false"
                }, {
@ -386,6 +391,14 @@
                            "sandbox-flags" : [ "bind", "rec" ],
                            "check-action-status": "false"
                        }
+                    ]}, {
+                        "flags": "PREINSTALLED_HAP",
+                        "mount-paths": [{
+                            "src-path": "/system/app",
+                            "sandbox-path": "/system/app",
+                            "sandbox-flags": [ "bind", "rec" ],
+                            "check-action-status": "false"
+                        }
                    ]}
            ],
            "symbol-links" : [
--- a/interfaces/innerkits/include/appspawn.h
+++ b/interfaces/innerkits/include/appspawn.h
@ -183,6 +183,7 @@ typedef enum {
    APP_FLAGS_ISOLATED_NETWORK,
    APP_FLAGS_ISOLATED_DATAGROUP,
    APP_FLAGS_TEMP_JIT = 28,
+    APP_FLAGS_PRE_INSTALLED_HAP = 29,
    MAX_FLAGS_INDEX = 63,
 } AppFlagsIndex;

--- a/modules/common/appspawn_common.c
+++ b/modules/common/appspawn_common.c
@ -62,6 +62,7 @@
 #define BITLEN32 32
 #define PID_NS_INIT_UID 100000  // reserved for pid_ns_init process, avoid app, render proc, etc.
 #define PID_NS_INIT_GID 100000
+#define PREINSTALLED_HAP_FLAG 0x01 // hapFlags 0x01: SELINUX_HAP_RESTORECON_PREINSTALLED_APP in selinux

 static int SetProcessName(const AppSpawnMgr *content, const AppSpawningCtx *property)
 {
@ -353,6 +354,21 @@ static int32_t WaitForDebugger(const AppSpawningCtx *property)
    return 0;
 }

+static int SpawnSetPreInstalledFlag(AppSpawningCtx *property)
+{
+    AppSpawnMsgDomainInfo *msgDomainInfo = (AppSpawnMsgDomainInfo *)GetAppProperty(property, TLV_DOMAIN_INFO);
+    APPSPAWN_CHECK(msgDomainInfo != NULL, return APPSPAWN_TLV_NONE, "No domain info in req from %{public}s",
+                   GetProcessName(property));
+    if ((msgDomainInfo->hapFlags & PREINSTALLED_HAP_FLAG) != 0) {
+        int ret = SetAppSpawnMsgFlag(property->message, TLV_MSG_FLAGS, APP_FLAGS_PRE_INSTALLED_HAP);
+        if (ret != 0) {
+            APPSPAWN_LOGE("Set appspawn msg flag failed");
+            return ret;
+        }
+    }
+    return 0;
+}
+
 static int SpawnInitSpawningEnv(AppSpawnMgr *content, AppSpawningCtx *property)
 {
    APPSPAWN_LOGV("Spawning: clear env");
@ -365,6 +381,9 @@ static int SpawnInitSpawningEnv(AppSpawnMgr *content, AppSpawningCtx *property)

    ret = SetAppAccessToken(content, property);
    APPSPAWN_CHECK_ONLY_EXPER(ret == 0, return ret);
+
+    ret = SpawnSetPreInstalledFlag(property);
+    APPSPAWN_CHECK_ONLY_EXPER(ret == 0, return ret);
    return 0;
 }

--- a/modules/sandbox/sandbox_load.c
+++ b/modules/sandbox/sandbox_load.c
@ -45,7 +45,8 @@ static const SandboxFlagInfo FLAGE_POINT_MAP[] = {
    {"0", 0},
    {"START_FLAGS_BACKUP", (unsigned long)APP_FLAGS_BACKUP_EXTENSION},
    {"DLP_MANAGER", (unsigned long)APP_FLAGS_DLP_MANAGER},
-    {"DEVELOPER_MODE", (unsigned long)APP_FLAGS_DEVELOPER_MODE}
+    {"DEVELOPER_MODE", (unsigned long)APP_FLAGS_DEVELOPER_MODE},
+    {"PREINSTALLED_HAP", (unsigned long)APP_FLAGS_PRE_INSTALLED_HAP}
 };

 static const SandboxFlagInfo MOUNT_MODE_MAP[] = {
--- a/modules/sandbox/sandbox_utils.cpp
+++ b/modules/sandbox/sandbox_utils.cpp
@ -706,7 +706,8 @@ static uint32_t ConvertFlagStr(const std::string &flagStr)
 {
    const std::map<std::string, int> flagsMap = {{"0", 0}, {"START_FLAGS_BACKUP", 1},
                                                 {"DLP_MANAGER", 2},
-                                                 {"DEVELOPER_MODE", 17}};
+                                                 {"DEVELOPER_MODE", 17},
+                                                 {"PREINSTALLED_HAP", 29}};

    if (flagsMap.count(flagStr)) {
        return 1 << flagsMap.at(flagStr);