diff --git a/appdata-sandbox-app.json b/appdata-sandbox-app.json index 3f6dd7b3..44bd3b8f 100755 --- a/appdata-sandbox-app.json +++ b/appdata-sandbox-app.json @@ -24,8 +24,11 @@ "src-path" : "/module_update", "sandbox-path" : "/module_update" }, { - "src-path" : "/system/app", - "sandbox-path" : "/system/app" + "src-path" : "/system/app/appServiceFwk", + "sandbox-path" : "/system/app/appServiceFwk" + }, { + "src-path" : "/system/app/shared_bundles", + "sandbox-path" : "/system/app/shared_bundles" }, { "src-path" : "/system/fonts", "sandbox-path" : "/system/fonts" @@ -389,8 +392,14 @@ }, { "src-path" : "/data/app/el1/bundle//hnp/", "sandbox-path" : "/data/app" - } - ]}], + }] + }, { + "name": "PREINSTALLED_HAP", + "mount-paths": [{ + "src-path": "/system/app", + "sandbox-path": "/system/app" + }] + }], "package-name": [{ "name": "com.ohos.medialibrary.medialibrarydata", "mount-paths" : [{ diff --git a/appdata-sandbox.json b/appdata-sandbox.json index 9be9213f..805dbdc1 100755 --- a/appdata-sandbox.json +++ b/appdata-sandbox.json @@ -29,8 +29,13 @@ "sandbox-flags" : [ "bind", "rec" ], "check-action-status": "false" }, { - "src-path" : "/system/app", - "sandbox-path" : "/system/app", + "src-path" : "/system/app/appServiceFwk", + "sandbox-path" : "/system/app/appServiceFwk", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/app/shared_bundles", + "sandbox-path" : "/system/app/shared_bundles", "sandbox-flags" : [ "bind", "rec" ], "check-action-status": "false" }, { @@ -386,6 +391,14 @@ "sandbox-flags" : [ "bind", "rec" ], "check-action-status": "false" } + ]}, { + "flags": "PREINSTALLED_HAP", + "mount-paths": [{ + "src-path": "/system/app", + "sandbox-path": "/system/app", + "sandbox-flags": [ "bind", "rec" ], + "check-action-status": "false" + } ]} ], "symbol-links" : [ diff --git a/interfaces/innerkits/include/appspawn.h b/interfaces/innerkits/include/appspawn.h index c75504bc..1891c12c 100644 --- a/interfaces/innerkits/include/appspawn.h +++ b/interfaces/innerkits/include/appspawn.h @@ -183,6 +183,7 @@ typedef enum { APP_FLAGS_ISOLATED_NETWORK, APP_FLAGS_ISOLATED_DATAGROUP, APP_FLAGS_TEMP_JIT = 28, + APP_FLAGS_PRE_INSTALLED_HAP = 29, MAX_FLAGS_INDEX = 63, } AppFlagsIndex; diff --git a/modules/common/appspawn_common.c b/modules/common/appspawn_common.c index 02eeef35..18c435c2 100644 --- a/modules/common/appspawn_common.c +++ b/modules/common/appspawn_common.c @@ -62,6 +62,7 @@ #define BITLEN32 32 #define PID_NS_INIT_UID 100000 // reserved for pid_ns_init process, avoid app, render proc, etc. #define PID_NS_INIT_GID 100000 +#define PREINSTALLED_HAP_FLAG 0x01 // hapFlags 0x01: SELINUX_HAP_RESTORECON_PREINSTALLED_APP in selinux static int SetProcessName(const AppSpawnMgr *content, const AppSpawningCtx *property) { @@ -353,6 +354,21 @@ static int32_t WaitForDebugger(const AppSpawningCtx *property) return 0; } +static int SpawnSetPreInstalledFlag(AppSpawningCtx *property) +{ + AppSpawnMsgDomainInfo *msgDomainInfo = (AppSpawnMsgDomainInfo *)GetAppProperty(property, TLV_DOMAIN_INFO); + APPSPAWN_CHECK(msgDomainInfo != NULL, return APPSPAWN_TLV_NONE, "No domain info in req from %{public}s", + GetProcessName(property)); + if ((msgDomainInfo->hapFlags & PREINSTALLED_HAP_FLAG) != 0) { + int ret = SetAppSpawnMsgFlag(property->message, TLV_MSG_FLAGS, APP_FLAGS_PRE_INSTALLED_HAP); + if (ret != 0) { + APPSPAWN_LOGE("Set appspawn msg flag failed"); + return ret; + } + } + return 0; +} + static int SpawnInitSpawningEnv(AppSpawnMgr *content, AppSpawningCtx *property) { APPSPAWN_LOGV("Spawning: clear env"); @@ -365,6 +381,9 @@ static int SpawnInitSpawningEnv(AppSpawnMgr *content, AppSpawningCtx *property) ret = SetAppAccessToken(content, property); APPSPAWN_CHECK_ONLY_EXPER(ret == 0, return ret); + + ret = SpawnSetPreInstalledFlag(property); + APPSPAWN_CHECK_ONLY_EXPER(ret == 0, return ret); return 0; } diff --git a/modules/sandbox/sandbox_load.c b/modules/sandbox/sandbox_load.c index 3158aa3d..59e070a5 100644 --- a/modules/sandbox/sandbox_load.c +++ b/modules/sandbox/sandbox_load.c @@ -45,7 +45,8 @@ static const SandboxFlagInfo FLAGE_POINT_MAP[] = { {"0", 0}, {"START_FLAGS_BACKUP", (unsigned long)APP_FLAGS_BACKUP_EXTENSION}, {"DLP_MANAGER", (unsigned long)APP_FLAGS_DLP_MANAGER}, - {"DEVELOPER_MODE", (unsigned long)APP_FLAGS_DEVELOPER_MODE} + {"DEVELOPER_MODE", (unsigned long)APP_FLAGS_DEVELOPER_MODE}, + {"PREINSTALLED_HAP", (unsigned long)APP_FLAGS_PRE_INSTALLED_HAP} }; static const SandboxFlagInfo MOUNT_MODE_MAP[] = { diff --git a/modules/sandbox/sandbox_utils.cpp b/modules/sandbox/sandbox_utils.cpp index bc897e72..9472a5cf 100644 --- a/modules/sandbox/sandbox_utils.cpp +++ b/modules/sandbox/sandbox_utils.cpp @@ -706,7 +706,8 @@ static uint32_t ConvertFlagStr(const std::string &flagStr) { const std::map flagsMap = {{"0", 0}, {"START_FLAGS_BACKUP", 1}, {"DLP_MANAGER", 2}, - {"DEVELOPER_MODE", 17}}; + {"DEVELOPER_MODE", 17}, + {"PREINSTALLED_HAP", 29}}; if (flagsMap.count(flagStr)) { return 1 << flagsMap.at(flagStr);