From 7b34f95485d5ce384e2f913388daddb2be38b4f9 Mon Sep 17 00:00:00 2001
From: wangfeng <wangfeng277@huawei.com>
Date: Tue, 24 Sep 2024 23:04:14 +0800
Subject: [PATCH] add package name gids

Signed-off-by: wangfeng <wangfeng277@huawei.com>
---
 appdata-sandbox-app.json          |  8 ++++++++
 appdata-sandbox-isolated-new.json | 14 ++++++-------
 etc/BUILD.gn                      |  2 +-
 modules/sandbox/sandbox_manager.c | 34 +++++++++++++++++++++++++++++++
 4 files changed, 49 insertions(+), 9 deletions(-)

diff --git a/appdata-sandbox-app.json b/appdata-sandbox-app.json
index ace201e5..85d9103c 100755
--- a/appdata-sandbox-app.json
+++ b/appdata-sandbox-app.json
@@ -391,6 +391,14 @@
                 "src-path" : "/mnt/data/<currentUserId>",
                 "sandbox-path" : "/mnt/data/<currentUserId>"
             }]
+        }, {
+            "name": "com.ohos.sceneboard",
+            "sandbox-switch": "ON",
+            "gids": ["data_reserve"],
+            "mount-paths" : [{
+                "src-path" : "/data/app/el1/bundle/public/",
+                "sandbox-path" : "/data/bundles/"
+            }]
         }]
     },
     "name-groups": [{
diff --git a/appdata-sandbox-isolated-new.json b/appdata-sandbox-isolated-new.json
index bdd784c7..6e4f0aaf 100644
--- a/appdata-sandbox-isolated-new.json
+++ b/appdata-sandbox-isolated-new.json
@@ -1,6 +1,6 @@
 {
     "global": {
-        "sandbox-root" : "/mnt/sandbox/<PackageName>",
+        "sandbox-root" : "/mnt/sandbox/<currentUserId>/app-root-isolated",
         "sandbox-ns-flags" : [ "net" ]
     },
     "required": {
@@ -29,9 +29,6 @@
             }, {
                 "src-path" : "/system/lib64",
                 "sandbox-path" : "/system/lib64"
-            }, {
-                "src-path" : "/data/app/el1/bundle/public/<PackageName>",
-                "sandbox-path" : "/data/storage/el1/bundle"
             }],
             "symbol-links" : [{
                 "target-name" : "/system/etc",
@@ -50,13 +47,14 @@
                 "link-name" : "/lib64",
                 "check-action-status": "false"
                 }],
-            "mount-files": [{
-                "src-path" : "/system/etc/hosts",
-                "sandbox-path" : "/data/service/el1/network/hosts_user/hosts"
-            }],
+            "mount-files": [],
             "mount-groups" : []
         },
         "app-variable": {
+            "mount-paths": [{
+                "src-path" : "/data/app/el1/bundle/public/<PackageName>",
+                "sandbox-path" : "/data/storage/el1/bundle"
+            }],
             "mount-groups": []
         }
     }
diff --git a/etc/BUILD.gn b/etc/BUILD.gn
index 0eb23f1e..fdda0586 100644
--- a/etc/BUILD.gn
+++ b/etc/BUILD.gn
@@ -30,7 +30,7 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
   }
 
   ohos_prebuilt_etc("appdata-sandbox-isolated-new.json") {
-    source = "../appdata-sandbox-isolated.json"
+    source = "../appdata-sandbox-isolated-new.json"
     part_name = "${part_name}"
     module_install_dir = "etc/sandbox"
   }
diff --git a/modules/sandbox/sandbox_manager.c b/modules/sandbox/sandbox_manager.c
index c2281184..56ffc658 100644
--- a/modules/sandbox/sandbox_manager.c
+++ b/modules/sandbox/sandbox_manager.c
@@ -611,6 +611,38 @@ static int AppendPermissionGid(const AppSpawnSandboxCfg *sandbox, AppSpawningCtx
     return 0;
 }
 
+static int AppendPackageNameGids(const AppSpawnSandboxCfg *sandbox, AppSpawningCtx *property)
+{
+    AppSpawnMsgDacInfo *dacInfo = (AppSpawnMsgDacInfo *)GetAppProperty(property, TLV_DAC_INFO);
+    APPSPAWN_CHECK(dacInfo != NULL, return APPSPAWN_TLV_NONE,
+        "No tlv %{public}d in msg %{public}s", TLV_DAC_INFO, GetProcessName(property));
+    
+    SandboxPackageNameNode *sandboxNode =
+        (SandboxPackageNameNode *)GetSandboxSection(&sandbox->packageNameQueue, GetProcessName(property));
+    if (sandboxNode == NULL || sandboxNode->section.gidCount == 0) {
+        return 0;
+    }
+
+    size_t copyLen = sandboxNode->section.gidCount;
+    if ((sandboxNode->section.gidCount + dacInfo->gidCount) > APP_MAX_GIDS) {
+        APPSPAWN_LOGW("More gid for %{public}s msg count %{public}u permission %{public}u",
+                      GetProcessName(property),
+                      dacInfo->gidCount,
+                      sandboxNode->section.gidCount);
+        copyLen = APP_MAX_GIDS - dacInfo->gidCount;
+    }
+    int ret = memcpy_s(&dacInfo->gidTable[dacInfo->gidCount], sizeof(gid_t) * copyLen,
+                       sandboxNode->section.gidTable, sizeof(gid_t) * copyLen);
+    if (ret != EOK) {
+        APPSPAWN_LOGW("Failed to append permission %{public}s gid to %{public}s",
+                      sandboxNode->section.name,
+                      GetProcessName(property));
+    }
+    dacInfo->gidCount += copyLen;
+
+    return 0;
+}
+
 int SpawnPrepareSandboxCfg(AppSpawnMgr *content, AppSpawningCtx *property)
 {
     APPSPAWN_CHECK_ONLY_EXPER(content != NULL, return -1);
@@ -637,6 +669,8 @@ int SpawnPrepareSandboxCfg(AppSpawnMgr *content, AppSpawningCtx *property)
 
     int ret = AppendPermissionGid(sandbox, property);
     APPSPAWN_CHECK(ret == 0, return ret, "Failed to add gid for %{public}s", GetProcessName(property));
+    ret = AppendPackageNameGids(sandbox, property);
+    APPSPAWN_CHECK(ret == 0, return ret, "Failed to add gid for %{public}s", GetProcessName(property));
     ret = StagedMountSystemConst(sandbox, property, IsNWebSpawnMode(content));
     APPSPAWN_CHECK(ret == 0, return ret, "Failed to mount system-const for %{public}s", GetProcessName(property));
     return 0;