Change the source directory for mounting downloads

Signed-off-by: wangfeng <wangfeng277@huawei.com>
2025-02-22 21:41:56 +00:00 · 2024-05-11 11:08:31 +08:00 · 2024-05-11 11:08:31 +08:00 · 68da9d608f
commit 68da9d608f
parent e4dd39d2e5
2 changed files with 25 additions and 15 deletions
--- a/appdata-sandbox.json
+++ b/appdata-sandbox.json
@ -248,11 +248,6 @@
                    "sandbox-path" : "/data/storage/el4/database",
                    "sandbox-flags" : [ "bind", "rec" ],
                    "check-action-status": "false"
-                }, {
-                    "src-path": "/storage/media/<currentUserId>/local/files/Docs/Downloads/<PackageName>",
-                    "sandbox-path": "/storage/Users/currentUser/Downloads",
-                    "sandbox-flags": [ "bind", "rec" ],
-                    "check-action-status": "false"
                }, {
                    "src-path" : "/mnt/hmdfs/<currentUserId>/cloud/data/<PackageName>",
                    "sandbox-path" : "/data/storage/el2/cloud",
@ -746,6 +741,18 @@
                }
            ]
        }],
+        "ohos.permission.FILE_ACCESS_COMMON_DIR":[{
+            "sandbox-switch": "ON",
+            "mount-paths": [{
+                    "src-path": "/storage/media/<currentUserId>/local/files/Docs",
+                    "sandbox-path": "/storage/Users/currentUser",
+                    "sandbox-flags": [ "bind", "rec" ],
+                    "dac-override-sensitive": "true",
+                    "fs-type": "sharefs",
+                    "options": "override"
+                }
+            ]
+        }],
        "ohos.permission.ACTIVATE_THEME_PACKAGE":[{
            "sandbox-switch": "ON",
            "gids": [3817],
--- a/modules/sandbox/sandbox_utils.cpp
+++ b/modules/sandbox/sandbox_utils.cpp
@ -113,6 +113,7 @@ namespace {
    const std::string g_ohosRender = "__internal__.com.ohos.render";
    const std::string g_sandBoxRootDirNweb = "/mnt/sandbox/com.ohos.render/";
    const std::string FILE_CROSS_APP_MODE = "ohos.permission.FILE_CROSS_APP";
+    const std::string FILE_ACCESS_COMMON_DIR_MODE = "ohos.permission.FILE_ACCESS_COMMON_DIR";
 }

 static uint32_t GetAppMsgFlags(const AppSpawningCtx *property)
@ -583,8 +584,7 @@ static uint32_t ConvertFlagStr(const std::string &flagStr)
 unsigned long SandboxUtils::GetSandboxMountFlags(nlohmann::json &config)
 {
    unsigned long mountFlags = BASIC_MOUNT_FLAGS;
-    if (GetSandboxDacOverrideEnable(config) && (deviceTypeEnable_ == true) &&
-        (config.find(g_sandBoxFlagsCustomized) != config.end())) {
+    if (GetSandboxDacOverrideEnable(config) && (config.find(g_sandBoxFlagsCustomized) != config.end())) {
        mountFlags = GetMountFlagsFromConfig(config[g_sandBoxFlagsCustomized].get<std::vector<std::string>>());
    } else if (config.find(g_sandBoxFlags) != config.end()) {
        mountFlags = GetMountFlagsFromConfig(config[g_sandBoxFlags].get<std::vector<std::string>>());
@ -595,8 +595,7 @@ unsigned long SandboxUtils::GetSandboxMountFlags(nlohmann::json &config)
 std::string SandboxUtils::GetSandboxFsType(nlohmann::json &config)
 {
    std::string fsType;
-    if (GetSandboxDacOverrideEnable(config) && (deviceTypeEnable_ == true)
-        && (config.find(g_fsType) != config.end())) {
+    if (GetSandboxDacOverrideEnable(config) && (config.find(g_fsType) != config.end())) {
        fsType = config[g_fsType].get<std::string>();
    } else {
        fsType = "";
@ -607,8 +606,7 @@ std::string SandboxUtils::GetSandboxFsType(nlohmann::json &config)
 std::string SandboxUtils::GetSandboxOptions(nlohmann::json &config)
 {
    std::string options;
-    if (GetSandboxDacOverrideEnable(config) && (deviceTypeEnable_ == true) &&
-        (config.find(g_sandBoxOptions) != config.end())) {
+    if (GetSandboxDacOverrideEnable(config) && (config.find(g_sandBoxOptions) != config.end())) {
        options = config[g_sandBoxOptions].get<std::string>();
    } else {
        options = "";
@ -1416,11 +1414,16 @@ int32_t SandboxUtils::SetAppSandboxProperty(AppSpawningCtx *appProperty)
    int rc = unshare(CLONE_NEWNS);
    APPSPAWN_CHECK(rc == 0, return rc, "unshare failed, packagename is %{public}s", bundleName.c_str());

+    int index = 0;
    if (CheckAppFullMountEnable()) {
-        int index = GetPermissionIndex(nullptr, FILE_CROSS_APP_MODE.c_str());
-        if (index > 0) {
-            SetAppPermissionFlags(appProperty, index);
-        }
+        index = GetPermissionIndex(nullptr, FILE_CROSS_APP_MODE.c_str());
+    } else {
+        index = GetPermissionIndex(nullptr, FILE_ACCESS_COMMON_DIR_MODE.c_str());
+    }
+    if (index > 0) {
+        SetAppPermissionFlags(appProperty, index);
+    } else {
+        APPSPAWN_LOGW("Set app permission flag fail.");
    }

    // check app sandbox switch