mirror of
https://gitee.com/openharmony/startup_appspawn
synced 2024-11-27 01:00:38 +00:00
add package name gids
Signed-off-by: wangfeng <wangfeng277@huawei.com>
This commit is contained in:
parent
fcd3f76e46
commit
7b34f95485
@ -391,6 +391,14 @@
|
|||||||
"src-path" : "/mnt/data/<currentUserId>",
|
"src-path" : "/mnt/data/<currentUserId>",
|
||||||
"sandbox-path" : "/mnt/data/<currentUserId>"
|
"sandbox-path" : "/mnt/data/<currentUserId>"
|
||||||
}]
|
}]
|
||||||
|
}, {
|
||||||
|
"name": "com.ohos.sceneboard",
|
||||||
|
"sandbox-switch": "ON",
|
||||||
|
"gids": ["data_reserve"],
|
||||||
|
"mount-paths" : [{
|
||||||
|
"src-path" : "/data/app/el1/bundle/public/",
|
||||||
|
"sandbox-path" : "/data/bundles/"
|
||||||
|
}]
|
||||||
}]
|
}]
|
||||||
},
|
},
|
||||||
"name-groups": [{
|
"name-groups": [{
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"global": {
|
"global": {
|
||||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
"sandbox-root" : "/mnt/sandbox/<currentUserId>/app-root-isolated",
|
||||||
"sandbox-ns-flags" : [ "net" ]
|
"sandbox-ns-flags" : [ "net" ]
|
||||||
},
|
},
|
||||||
"required": {
|
"required": {
|
||||||
@ -29,9 +29,6 @@
|
|||||||
}, {
|
}, {
|
||||||
"src-path" : "/system/lib64",
|
"src-path" : "/system/lib64",
|
||||||
"sandbox-path" : "/system/lib64"
|
"sandbox-path" : "/system/lib64"
|
||||||
}, {
|
|
||||||
"src-path" : "/data/app/el1/bundle/public/<PackageName>",
|
|
||||||
"sandbox-path" : "/data/storage/el1/bundle"
|
|
||||||
}],
|
}],
|
||||||
"symbol-links" : [{
|
"symbol-links" : [{
|
||||||
"target-name" : "/system/etc",
|
"target-name" : "/system/etc",
|
||||||
@ -50,13 +47,14 @@
|
|||||||
"link-name" : "/lib64",
|
"link-name" : "/lib64",
|
||||||
"check-action-status": "false"
|
"check-action-status": "false"
|
||||||
}],
|
}],
|
||||||
"mount-files": [{
|
"mount-files": [],
|
||||||
"src-path" : "/system/etc/hosts",
|
|
||||||
"sandbox-path" : "/data/service/el1/network/hosts_user/hosts"
|
|
||||||
}],
|
|
||||||
"mount-groups" : []
|
"mount-groups" : []
|
||||||
},
|
},
|
||||||
"app-variable": {
|
"app-variable": {
|
||||||
|
"mount-paths": [{
|
||||||
|
"src-path" : "/data/app/el1/bundle/public/<PackageName>",
|
||||||
|
"sandbox-path" : "/data/storage/el1/bundle"
|
||||||
|
}],
|
||||||
"mount-groups": []
|
"mount-groups": []
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -30,7 +30,7 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
ohos_prebuilt_etc("appdata-sandbox-isolated-new.json") {
|
ohos_prebuilt_etc("appdata-sandbox-isolated-new.json") {
|
||||||
source = "../appdata-sandbox-isolated.json"
|
source = "../appdata-sandbox-isolated-new.json"
|
||||||
part_name = "${part_name}"
|
part_name = "${part_name}"
|
||||||
module_install_dir = "etc/sandbox"
|
module_install_dir = "etc/sandbox"
|
||||||
}
|
}
|
||||||
|
@ -611,6 +611,38 @@ static int AppendPermissionGid(const AppSpawnSandboxCfg *sandbox, AppSpawningCtx
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int AppendPackageNameGids(const AppSpawnSandboxCfg *sandbox, AppSpawningCtx *property)
|
||||||
|
{
|
||||||
|
AppSpawnMsgDacInfo *dacInfo = (AppSpawnMsgDacInfo *)GetAppProperty(property, TLV_DAC_INFO);
|
||||||
|
APPSPAWN_CHECK(dacInfo != NULL, return APPSPAWN_TLV_NONE,
|
||||||
|
"No tlv %{public}d in msg %{public}s", TLV_DAC_INFO, GetProcessName(property));
|
||||||
|
|
||||||
|
SandboxPackageNameNode *sandboxNode =
|
||||||
|
(SandboxPackageNameNode *)GetSandboxSection(&sandbox->packageNameQueue, GetProcessName(property));
|
||||||
|
if (sandboxNode == NULL || sandboxNode->section.gidCount == 0) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
size_t copyLen = sandboxNode->section.gidCount;
|
||||||
|
if ((sandboxNode->section.gidCount + dacInfo->gidCount) > APP_MAX_GIDS) {
|
||||||
|
APPSPAWN_LOGW("More gid for %{public}s msg count %{public}u permission %{public}u",
|
||||||
|
GetProcessName(property),
|
||||||
|
dacInfo->gidCount,
|
||||||
|
sandboxNode->section.gidCount);
|
||||||
|
copyLen = APP_MAX_GIDS - dacInfo->gidCount;
|
||||||
|
}
|
||||||
|
int ret = memcpy_s(&dacInfo->gidTable[dacInfo->gidCount], sizeof(gid_t) * copyLen,
|
||||||
|
sandboxNode->section.gidTable, sizeof(gid_t) * copyLen);
|
||||||
|
if (ret != EOK) {
|
||||||
|
APPSPAWN_LOGW("Failed to append permission %{public}s gid to %{public}s",
|
||||||
|
sandboxNode->section.name,
|
||||||
|
GetProcessName(property));
|
||||||
|
}
|
||||||
|
dacInfo->gidCount += copyLen;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int SpawnPrepareSandboxCfg(AppSpawnMgr *content, AppSpawningCtx *property)
|
int SpawnPrepareSandboxCfg(AppSpawnMgr *content, AppSpawningCtx *property)
|
||||||
{
|
{
|
||||||
APPSPAWN_CHECK_ONLY_EXPER(content != NULL, return -1);
|
APPSPAWN_CHECK_ONLY_EXPER(content != NULL, return -1);
|
||||||
@ -637,6 +669,8 @@ int SpawnPrepareSandboxCfg(AppSpawnMgr *content, AppSpawningCtx *property)
|
|||||||
|
|
||||||
int ret = AppendPermissionGid(sandbox, property);
|
int ret = AppendPermissionGid(sandbox, property);
|
||||||
APPSPAWN_CHECK(ret == 0, return ret, "Failed to add gid for %{public}s", GetProcessName(property));
|
APPSPAWN_CHECK(ret == 0, return ret, "Failed to add gid for %{public}s", GetProcessName(property));
|
||||||
|
ret = AppendPackageNameGids(sandbox, property);
|
||||||
|
APPSPAWN_CHECK(ret == 0, return ret, "Failed to add gid for %{public}s", GetProcessName(property));
|
||||||
ret = StagedMountSystemConst(sandbox, property, IsNWebSpawnMode(content));
|
ret = StagedMountSystemConst(sandbox, property, IsNWebSpawnMode(content));
|
||||||
APPSPAWN_CHECK(ret == 0, return ret, "Failed to mount system-const for %{public}s", GetProcessName(property));
|
APPSPAWN_CHECK(ret == 0, return ret, "Failed to mount system-const for %{public}s", GetProcessName(property));
|
||||||
return 0;
|
return 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user