From 514376bdf9aabb93eeb05115941bae6b08485460 Mon Sep 17 00:00:00 2001 From: zhangkaixiang Date: Mon, 24 Jul 2023 09:52:28 +0800 Subject: [PATCH] support to mount to MS_SHARED by json Signed-off-by: zhangkaixiang --- appdata-sandbox.json | 10 ++++++++-- util/include/sandbox_utils.h | 8 +++++--- util/src/sandbox_utils.cpp | 14 +++++++------- 3 files changed, 20 insertions(+), 12 deletions(-) diff --git a/appdata-sandbox.json b/appdata-sandbox.json index aa067434..ef0e284d 100755 --- a/appdata-sandbox.json +++ b/appdata-sandbox.json @@ -371,6 +371,12 @@ "sandbox-root" : "/mnt/sandbox/", "sandbox-shared" : "true", "mount-paths" : [{ + "src-path" : "/mnt/data/", + "sandbox-path" : "/mnt/data", + "sandbox-flags" : [ "bind", "rec" ], + "mount-shared-flag" : "true", + "check-action-status": "true" + }, { "src-path" : "/dev/fuse", "sandbox-path" : "/mnt/data/fuse", "sandbox-flags" : [ "MS_NOSUID", "MS_NODEV", "MS_NOEXEC", "MS_NOATIME", "MS_LAZYTIME" ], @@ -390,7 +396,7 @@ "check-action-status": "true" }, { - "src-path" : "/mnt/external", + "src-path" : "/mnt/data/external", "sandbox-path" : "/mnt/external", "sandbox-flags" : [ "bind", "rec" ], "check-action-status": "true" @@ -498,7 +504,7 @@ "sandbox-flags": [ "bind", "rec" ] }, { - "src-path": "/mnt/external", + "src-path": "/mnt/data/external", "sandbox-path": "/storage/External", "sandbox-flags": [ "bind", "rec" ] }, diff --git a/util/include/sandbox_utils.h b/util/include/sandbox_utils.h index 04e40fca..36390bcc 100644 --- a/util/include/sandbox_utils.h +++ b/util/include/sandbox_utils.h @@ -16,10 +16,12 @@ #ifndef SANDBOX_UTILS_H #define SANDBOX_UTILS_H -#include -#include #include +#include +#include #include +#include + #include "nlohmann/json.hpp" #include "client_socket.h" #include "appspawn_server.h" @@ -40,7 +42,7 @@ public: private: static int32_t DoAppSandboxMountOnce(const char *originPath, const char *destinationPath, const char *fsType, unsigned long mountFlags, - const char *options); + const char *options, mode_t mountSharedFlag = MS_SLAVE); static int32_t DoSandboxFileCommonBind(const ClientSocket::AppProperty *appProperty, nlohmann::json &wholeConfig); static int32_t DoSandboxFileCommonSymlink(const ClientSocket::AppProperty *appProperty, nlohmann::json &wholeConfig); diff --git a/util/src/sandbox_utils.cpp b/util/src/sandbox_utils.cpp index 0bc98fc7..9407d544 100644 --- a/util/src/sandbox_utils.cpp +++ b/util/src/sandbox_utils.cpp @@ -104,6 +104,7 @@ namespace { const char *g_topSandBoxSwitchPrefix = "top-sandbox-switch"; const char *g_targetName = "target-name"; const char *g_flagePoint = "flags-point"; + const char *g_mountSharedFlag = "mount-shared-flag"; const char *g_flags = "flags"; const char *g_sandBoxNameSpace = "sandbox-namespace"; const char *g_sandBoxCloneFlags = "clone-flags"; @@ -197,7 +198,7 @@ static void MakeDirRecursive(const std::string &path, mode_t mode) int32_t SandboxUtils::DoAppSandboxMountOnce(const char *originPath, const char *destinationPath, const char *fsType, unsigned long mountFlags, - const char *options) + const char *options, mode_t mountSharedFlag) { // To make sure destinationPath exist MakeDirRecursive(destinationPath, FILE_MODE); @@ -210,7 +211,7 @@ int32_t SandboxUtils::DoAppSandboxMountOnce(const char *originPath, const char * destinationPath); return ret; } - ret = mount(NULL, destinationPath, NULL, MS_SLAVE, NULL); + ret = mount(NULL, destinationPath, NULL, mountSharedFlag, NULL); APPSPAWN_CHECK(ret == 0, return ret, "errno is: %{public}d, private mount to %{public}s failed", errno, destinationPath); #endif @@ -536,17 +537,16 @@ int SandboxUtils::DoAllMntPointsMount(const ClientSocket::AppProperty *appProper mntPoint[g_sandBoxPath].get()); unsigned long mountFlags = GetMountFlagsFromConfig(mntPoint[g_sandBoxFlags].get>()); std::string fsType = (mntPoint.find(g_fsType) != mntPoint.end()) ? mntPoint[g_fsType].get() : ""; + const char* fsTypePoint = fsType.empty() ? nullptr : fsType.c_str(); + mode_t mountSharedFlag = (mntPoint.find(g_mountSharedFlag) != mntPoint.end()) ? MS_SHARED : MS_SLAVE; /* check and prepare /data/app/el2 base and database package path to avoid BMS failed to create this folder */ CheckAndPrepareSrcPath(appProperty, srcPath); /* if app mount failed for special strategy, we need deal with common mount config */ int ret = HandleSpecialAppMount(appProperty, srcPath, sandboxPath, fsType, mountFlags); if (ret < 0) { - if (fsType.empty()) { - ret = DoAppSandboxMountOnce(srcPath.c_str(), sandboxPath.c_str(), nullptr, mountFlags, nullptr); - } else { - ret = DoAppSandboxMountOnce(srcPath.c_str(), sandboxPath.c_str(), fsType.c_str(), mountFlags, nullptr); - } + ret = DoAppSandboxMountOnce(srcPath.c_str(), sandboxPath.c_str(), fsTypePoint, + mountFlags, nullptr, mountSharedFlag); } if (ret) { std::string actionStatus = g_statusCheck;