Signed-off-by: renzehua3@huawei.com <renzehua3@huawei.com>

Add flagsPoint control for rendering process's sandbox. Change-Id: I5ccc31c4a59aa71be57a90176d4e6bac39f2fab8 Change-Id: I678f892686f31f27c7a8b4887e2f93387df1372e
2025-03-01 17:05:37 +00:00 · 2022-12-30 10:43:47 +08:00 · 2022-12-30 10:43:47 +08:00 · 79ff1417b7
commit 79ff1417b7
parent 2c30b4eb7d
3 changed files with 30 additions and 5 deletions
--- a/appdata-sandbox.json
+++ b/appdata-sandbox.json
@ -393,7 +393,7 @@
                    "check-action-status": "false"
                }
            ],
-            "symbol-links" : [ {
+            "symbol-links" : [{
                    "target-name" : "/system/etc",
                    "link-name" : "/etc",
                    "check-action-status": "false"
@ -406,7 +406,18 @@
                    "link-name" : "/lib",
                    "check-action-status": "false"
                }
-            ]
+            ],
+            "flags-point" : [{
+                "flags": "DLP_MANAGER",
+                "sandbox-root" : "/mnt/sandbox/com.ohos.render/<PackageName>",
+                "mount-paths" : [{
+                    "src-path" : "/data/app/el2/<currentUserId>/base/<PackageName_index>",
+                    "sandbox-path" : "/data/storage/el2/base",
+                    "sandbox-flags" : [ "bind", "rec" ],
+                    "check-action-status": "false"
+                }],
+                "symbol-links" : [{}]
+            }]
        }]
    }]
 }
--- a/appdata-sandbox64.json
+++ b/appdata-sandbox64.json
@ -407,7 +407,7 @@
                    "check-action-status": "false"
                }
            ],
-            "symbol-links" : [ {
+            "symbol-links" : [{
                    "target-name" : "/system/etc",
                    "link-name" : "/etc",
                    "check-action-status": "false"
@ -424,7 +424,18 @@
                    "link-name" : "/lib64",
                    "check-action-status": "false"
                }
-            ]
+            ],
+            "flags-point" : [{
+                "flags": "DLP_MANAGER",
+                "sandbox-root" : "/mnt/sandbox/com.ohos.render/<PackageName>",
+                "mount-paths" : [{
+                    "src-path" : "/data/app/el2/<currentUserId>/base/<PackageName_index>",
+                    "sandbox-path" : "/data/storage/el2/base",
+                    "sandbox-flags" : [ "bind", "rec" ],
+                    "check-action-status": "false"
+                }],
+                "symbol-links" : [{}]
+            }]
        }]
    }]
 }
--- a/util/src/sandbox_utils.cpp
+++ b/util/src/sandbox_utils.cpp
@ -722,7 +722,10 @@ int32_t SandboxUtils::SetRenderSandboxProperty(const ClientSocket::AppProperty *
        APPSPAWN_CHECK(ret == 0, return ret, "DoAllMntPointsMount failed, %s",
            appProperty->bundleName);
        ret = DoAllSymlinkPointslink(appProperty, privateAppConfig[g_ohosRender][0]);
-        APPSPAWN_CHECK(ret == 0, return ret, "DoAllSymlinkPointslink  failed, %s",
+        APPSPAWN_CHECK(ret == 0, return ret, "DoAllSymlinkPointslink failed, %s",
+            appProperty->bundleName);
+        ret = HandleFlagsPoint(appProperty, privateAppConfig[g_ohosRender][0]);
+        APPSPAWN_CHECK_ONLY_LOG(ret == 0, "HandleFlagsPoint for render-sandbox failed, %s",
            appProperty->bundleName);
    }
 #endif