!722 支持挂载点通过配置文件设置为MS_SHARED

Merge pull request !722 from 张凯祥/zkx_fix_dlp
2024-12-02 12:27:28 +00:00 · 2023-07-24 12:29:38 +00:00 · 2023-07-24 12:29:38 +00:00 · 7912e1b715
commit 7912e1b715
parent e97ec89abf 514376bdf9
3 changed files with 20 additions and 12 deletions
--- a/appdata-sandbox.json
+++ b/appdata-sandbox.json
@ -371,6 +371,12 @@
            "sandbox-root" : "/mnt/sandbox/<PackageName>",
            "sandbox-shared" : "true",
            "mount-paths" : [{
+                    "src-path" : "/mnt/data/<currentUserId>",
+                    "sandbox-path" : "/mnt/data",
+                    "sandbox-flags" : [ "bind", "rec" ],
+                    "mount-shared-flag" : "true",
+                    "check-action-status": "true"
+                }, {
                    "src-path" : "/dev/fuse",
                    "sandbox-path" : "/mnt/data/fuse",
                    "sandbox-flags" : [ "MS_NOSUID", "MS_NODEV", "MS_NOEXEC", "MS_NOATIME", "MS_LAZYTIME" ],
@ -390,7 +396,7 @@
                    "check-action-status": "true"
                },
                {
-                    "src-path" : "/mnt/external",
+                    "src-path" : "/mnt/data/external",
                    "sandbox-path" : "/mnt/external",
                    "sandbox-flags" : [ "bind", "rec" ],
                    "check-action-status": "true"
@ -498,7 +504,7 @@
                "sandbox-flags": [ "bind", "rec" ]
              },
              {
-                "src-path": "/mnt/external",
+                "src-path": "/mnt/data/external",
                "sandbox-path": "/storage/External",
                "sandbox-flags": [ "bind", "rec" ]
              },
--- a/util/include/sandbox_utils.h
+++ b/util/include/sandbox_utils.h
@ -16,10 +16,12 @@
 #ifndef SANDBOX_UTILS_H
 #define SANDBOX_UTILS_H

-#include <string>
-#include <vector>
 #include <set>
+#include <string>
+#include <sys/mount.h>
 #include <sys/types.h>
+#include <vector>
+
 #include "nlohmann/json.hpp"
 #include "client_socket.h"
 #include "appspawn_server.h"
@ -40,7 +42,7 @@ public:
 private:
    static int32_t DoAppSandboxMountOnce(const char *originPath, const char *destinationPath,
                                         const char *fsType, unsigned long mountFlags,
-                                         const char *options);
+                                         const char *options, mode_t mountSharedFlag = MS_SLAVE);
    static int32_t DoSandboxFileCommonBind(const ClientSocket::AppProperty *appProperty, nlohmann::json &wholeConfig);
    static int32_t DoSandboxFileCommonSymlink(const ClientSocket::AppProperty *appProperty,
                                              nlohmann::json &wholeConfig);
--- a/util/src/sandbox_utils.cpp
+++ b/util/src/sandbox_utils.cpp
@ -104,6 +104,7 @@ namespace {
    const char *g_topSandBoxSwitchPrefix = "top-sandbox-switch";
    const char *g_targetName = "target-name";
    const char *g_flagePoint = "flags-point";
+    const char *g_mountSharedFlag = "mount-shared-flag";
    const char *g_flags = "flags";
    const char *g_sandBoxNameSpace = "sandbox-namespace";
    const char *g_sandBoxCloneFlags = "clone-flags";
@ -197,7 +198,7 @@ static void MakeDirRecursive(const std::string &path, mode_t mode)

 int32_t SandboxUtils::DoAppSandboxMountOnce(const char *originPath, const char *destinationPath,
                                            const char *fsType, unsigned long mountFlags,
-                                            const char *options)
+                                            const char *options, mode_t mountSharedFlag)
 {
    // To make sure destinationPath exist
    MakeDirRecursive(destinationPath, FILE_MODE);
@ -210,7 +211,7 @@ int32_t SandboxUtils::DoAppSandboxMountOnce(const char *originPath, const char *
                      destinationPath);
        return ret;
    }
-    ret = mount(NULL, destinationPath, NULL, MS_SLAVE, NULL);
+    ret = mount(NULL, destinationPath, NULL, mountSharedFlag, NULL);
    APPSPAWN_CHECK(ret == 0, return ret,
        "errno is: %{public}d, private mount to %{public}s failed", errno, destinationPath);
 #endif
@ -536,17 +537,16 @@ int SandboxUtils::DoAllMntPointsMount(const ClientSocket::AppProperty *appProper
                                                                  mntPoint[g_sandBoxPath].get<std::string>());
        unsigned long mountFlags = GetMountFlagsFromConfig(mntPoint[g_sandBoxFlags].get<std::vector<std::string>>());
        std::string fsType = (mntPoint.find(g_fsType) != mntPoint.end()) ? mntPoint[g_fsType].get<std::string>() : "";
+        const char* fsTypePoint = fsType.empty() ? nullptr : fsType.c_str();
+        mode_t mountSharedFlag = (mntPoint.find(g_mountSharedFlag) != mntPoint.end()) ? MS_SHARED : MS_SLAVE;

        /* check and prepare /data/app/el2 base and database package path to avoid BMS failed to create this folder */
        CheckAndPrepareSrcPath(appProperty, srcPath);
        /* if app mount failed for special strategy, we need deal with common mount config */
        int ret = HandleSpecialAppMount(appProperty, srcPath, sandboxPath, fsType, mountFlags);
        if (ret < 0) {
-            if (fsType.empty()) {
-                ret = DoAppSandboxMountOnce(srcPath.c_str(), sandboxPath.c_str(), nullptr, mountFlags, nullptr);
-            } else {
-                ret = DoAppSandboxMountOnce(srcPath.c_str(), sandboxPath.c_str(), fsType.c_str(), mountFlags, nullptr);
-            }
+            ret = DoAppSandboxMountOnce(srcPath.c_str(), sandboxPath.c_str(), fsTypePoint,
+                                        mountFlags, nullptr, mountSharedFlag);
        }
        if (ret) {
            std::string actionStatus = g_statusCheck;