mirror of
https://gitee.com/openharmony/startup_appspawn
synced 2024-10-07 08:13:30 +00:00
build appdata sandbox
Signed-off-by: cheng_jinsong <chengjinsong2@huawei.com>
This commit is contained in:
parent
28c64e0b1f
commit
8e6c98e08e
@ -27,12 +27,7 @@ using namespace OHOS::AppSpawn;
|
||||
namespace {
|
||||
const std::string MODULE_TEST_BUNDLE_NAME("moduleTestProcessName");
|
||||
const std::string NAMESPACE_JSON_CONFIG("/system/etc/sandbox/sandbox-config.json");
|
||||
#if defined (__aarch64__) || defined (__x86_64__)
|
||||
const std::string APP_JSON_CONFIG("/system/etc/sandbox/appdata-sandbox64.json");
|
||||
#else
|
||||
const std::string APP_JSON_CONFIG("/system/etc/sandbox/appdata-sandbox.json");
|
||||
#endif
|
||||
const std::string PRODUCT_JSON_CONFIG("/system/etc/sandbox/product-sandbox.json");
|
||||
}
|
||||
|
||||
void LoadAppSandboxConfig(void)
|
||||
@ -43,10 +38,6 @@ void LoadAppSandboxConfig(void)
|
||||
APPSPAWN_CHECK_ONLY_LOG(rc, "AppSpawnServer::Failed to load app private sandbox config");
|
||||
SandboxUtils::StoreJsonConfig(appSandboxConfig);
|
||||
|
||||
rc = JsonUtils::GetJsonObjFromJson(appSandboxConfig, PRODUCT_JSON_CONFIG);
|
||||
APPSPAWN_CHECK_ONLY_LOG(rc, "AppSpawnServer::Failed to load app product sandbox config");
|
||||
SandboxUtils::StoreProductJsonConfig(appSandboxConfig);
|
||||
|
||||
nlohmann::json appNamespaceConfig;
|
||||
rc = JsonUtils::GetJsonObjFromJson(appNamespaceConfig, NAMESPACE_JSON_CONFIG);
|
||||
APPSPAWN_CHECK_ONLY_LOG(rc, "AppSpawnServer::Failed to load app sandbox namespace config");
|
||||
|
22
appdata-sandbox-asan.json
Executable file
22
appdata-sandbox-asan.json
Executable file
@ -0,0 +1,22 @@
|
||||
{
|
||||
"common" : [{
|
||||
"top-sandbox-switch": "ON",
|
||||
"app-base" : [{
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [ {
|
||||
"src-path" : "/system/asan/lib",
|
||||
"sandbox-path" : "/system/asan/lib",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/vendor/asan/lib",
|
||||
"sandbox-path" : "/vendor/asan/lib",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}
|
||||
],
|
||||
"symbol-links" : [
|
||||
]
|
||||
}]
|
||||
}]
|
||||
}
|
@ -43,11 +43,6 @@
|
||||
"sandbox-path" : "/system/lib",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/asan/lib",
|
||||
"sandbox-path" : "/system/asan/lib",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/data",
|
||||
"sandbox-path" : "/system/data",
|
||||
@ -78,11 +73,6 @@
|
||||
"sandbox-path" : "/vendor/lib",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/vendor/asan/lib",
|
||||
"sandbox-path" : "/vendor/asan/lib",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/data/app/el1/bundle/public/<PackageName>",
|
||||
"sandbox-path" : "/data/storage/el1/bundle",
|
||||
|
@ -4,51 +4,6 @@
|
||||
"app-base" : [{
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/config",
|
||||
"sandbox-path" : "/config",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/dev",
|
||||
"sandbox-path" : "/dev",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/proc",
|
||||
"sandbox-path" : "/proc",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/sys",
|
||||
"sandbox-path" : "/sys",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/sys_prod",
|
||||
"sandbox-path" : "/sys_prod",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/app",
|
||||
"sandbox-path" : "/system/app",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/fonts",
|
||||
"sandbox-path" : "/system/fonts",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/lib",
|
||||
"sandbox-path" : "/system/lib",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/asan/lib",
|
||||
"sandbox-path" : "/system/asan/lib",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/lib64",
|
||||
"sandbox-path" : "/system/lib64",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
@ -58,31 +13,6 @@
|
||||
"sandbox-path" : "/system/asan/lib64",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/data",
|
||||
"sandbox-path" : "/system/data",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/usr",
|
||||
"sandbox-path" : "/system/usr",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/profile",
|
||||
"sandbox-path" : "/system/profile",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/bin",
|
||||
"sandbox-path" : "/system/bin",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/etc",
|
||||
"sandbox-path" : "/system/etc",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/vendor/lib64",
|
||||
"sandbox-path" : "/vendor/lib64",
|
||||
@ -93,368 +23,38 @@
|
||||
"sandbox-path" : "/vendor/asan/lib64",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/data/app/el1/bundle/public/<PackageName>",
|
||||
"sandbox-path" : "/data/storage/el1/bundle",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "true"
|
||||
}, {
|
||||
"src-path" : "/data/app/el2/<currentUserId>/base/<PackageName>",
|
||||
"sandbox-path" : "/data/storage/el2/base",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
},{
|
||||
"src-path" : "/data/app/el1/<currentUserId>/database/<PackageName>",
|
||||
"sandbox-path" : "/data/storage/el1/database",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "true"
|
||||
}, {
|
||||
"src-path" : "/data/app/el2/<currentUserId>/database/<PackageName>",
|
||||
"sandbox-path" : "/data/storage/el2/database",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/data/app/el1/<currentUserId>/base/<PackageName>",
|
||||
"sandbox-path" : "/data/storage/el1/base",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "true"
|
||||
}, {
|
||||
"src-path" : "/mnt/hmdfs/<currentUserId>",
|
||||
"sandbox-path" : "/mnt/hmdfs/<currentUserId>",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/mnt/hmdfs/<currentUserId>/account/merge_view/data/<PackageName>",
|
||||
"sandbox-path" : "/data/storage/el2/distributedfiles",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/mnt/hmdfs/<currentUserId>/non_account/merge_view/data/",
|
||||
"sandbox-path" : "/data/storage/el2/auth_groups",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/data/local/ark-cache/<PackageName>",
|
||||
"sandbox-path" : "/data/storage/ark-cache",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/data/local/ark-profile/<currentUserId>/<PackageName>",
|
||||
"sandbox-path" : "/data/storage/ark-profile",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/mnt/share/<currentUserId>/<PackageName>",
|
||||
"sandbox-path" : "/data/storage/el2/share",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}
|
||||
],
|
||||
"symbol-links" : [{
|
||||
"target-name" : "/system/bin",
|
||||
"link-name" : "/bin",
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"target-name" : "/system/lib64",
|
||||
"link-name" : "/lib64",
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"target-name" : "/system/lib",
|
||||
"link-name" : "/lib",
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"target-name" : "/system/etc",
|
||||
"link-name" : "/etc",
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"target-name" : "/sys/kernel/debug",
|
||||
"link-name" : "/d",
|
||||
"check-action-status": "false"
|
||||
}
|
||||
]
|
||||
}],
|
||||
"app-resources" : [{
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/data/app/el1/bundle/public/com.ohos.nweb",
|
||||
"sandbox-path" : "/data/storage/el1/bundle/nweb",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/data/app/el1/bundle/public/ohos.global.systemres",
|
||||
"sandbox-path" : "/data/storage/el1/bundle/ohos.global.systemres",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/app/ohos.global.systemres",
|
||||
"sandbox-path" : "/data/storage/el1/bundle/systemResources",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/app/SystemResources",
|
||||
"sandbox-path" : "/data/storage/el1/bundle/systemResources",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/data/app/el1/bundle/public/ohos.global.systemres.overlay",
|
||||
"sandbox-path" : "/data/storage/el1/bundle/ohos.global.systemres.overlay",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/data/misc",
|
||||
"sandbox-path" : "/data/storage/el1/bundle/misc",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}
|
||||
],
|
||||
"flags-point" : [{
|
||||
"flags": "DLP_MANAGER",
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/data/app/el2/<currentUserId>/base/<PackageName_index>",
|
||||
"sandbox-path" : "/data/storage/el2/base",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
},{
|
||||
"src-path" : "/data/app/el1/<currentUserId>/database/<PackageName_index>",
|
||||
"sandbox-path" : "/data/storage/el1/database",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/data/app/el2/<currentUserId>/database/<PackageName_index>",
|
||||
"sandbox-path" : "/data/storage/el2/database",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/data/app/el1/<currentUserId>/base/<PackageName_index>",
|
||||
"sandbox-path" : "/data/storage/el1/base",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}
|
||||
]}, {
|
||||
"flags": "START_FLAGS_BACKUP",
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths": [{
|
||||
"src-path": "/data/service/el2/<currentUserId>/backup/bundles/<PackageName>",
|
||||
"sandbox-path": "/data/storage/el2/backup",
|
||||
"sandbox-flags": [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}
|
||||
]}
|
||||
],
|
||||
"symbol-links" : [
|
||||
]
|
||||
"mount-paths" : [],
|
||||
"flags-point" : [],
|
||||
"symbol-links" : []
|
||||
}]
|
||||
}],
|
||||
"individual" : [{
|
||||
"com.huawei.ohos.hiviewx" : [{
|
||||
"sandbox-switch": "ON",
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/data/log/",
|
||||
"sandbox-path" : "/data/log/",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "true"
|
||||
}
|
||||
],
|
||||
"symbol-links" : []
|
||||
}],
|
||||
"com.huawei.ohos.betaclub" : [{
|
||||
"sandbox-switch": "ON",
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/data/log/",
|
||||
"sandbox-path" : "/data/log/",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "true"
|
||||
}
|
||||
],
|
||||
"symbol-links" : []
|
||||
}],
|
||||
"com.ohos.medialibrary.medialibrarydata" : [{
|
||||
"sandbox-switch": "ON",
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/storage/media/<currentUserId>",
|
||||
"sandbox-path" : "/storage/media",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "none",
|
||||
"sandbox-path" : "/storage/media/local/epfs",
|
||||
"sandbox-flags" : [ "MS_NODEV" ],
|
||||
"fs-type": "epfs",
|
||||
"check-action-status": "false"
|
||||
}
|
||||
],
|
||||
"symbol-links" : []
|
||||
}],
|
||||
"com.ohos.launcher" : [{
|
||||
"sandbox-switch": "ON",
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/data/app/el1/bundle/public/",
|
||||
"sandbox-path" : "/data/bundles/",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "true"
|
||||
}
|
||||
],
|
||||
"symbol-links" : []
|
||||
}],
|
||||
"com.ohos.systemui" : [{
|
||||
"sandbox-switch": "ON",
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/data/app/el1/bundle/public/",
|
||||
"sandbox-path" : "/data/app/el1/bundle/public/",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "true"
|
||||
}
|
||||
],
|
||||
"symbol-links" : []
|
||||
}],
|
||||
"com.ohos.permissionmanager" : [{
|
||||
"sandbox-switch": "ON",
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/data/app/el1/bundle/public/",
|
||||
"sandbox-path" : "/data/bundles/",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "true"
|
||||
}
|
||||
],
|
||||
"symbol-links" : []
|
||||
}],
|
||||
"ohos.samples.ecg" : [{
|
||||
"sandbox-switch": "OFF",
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/data/app/el1/bundle/public/",
|
||||
"sandbox-path" : "/data/bundles/",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "true"
|
||||
}
|
||||
],
|
||||
"symbol-links" : []
|
||||
}],
|
||||
"com.ohos.dlpmanager" : [{
|
||||
"sandbox-switch": "ON",
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/dev/fuse",
|
||||
"sandbox-path" : "/data/fuse",
|
||||
"sandbox-flags" : [ "MS_NOSUID", "MS_NODEV", "MS_NOEXEC", "MS_NOATIME", "MS_LAZYTIME" ],
|
||||
"fs-type": "fuse",
|
||||
"check-action-status": "false"
|
||||
}
|
||||
],
|
||||
"symbol-links" : []
|
||||
}],
|
||||
"com.ohos.UserFile.ExternalFileManager" : [{
|
||||
"sandbox-switch": "ON",
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/data/service/el1/public/storage_daemon/share/public",
|
||||
"sandbox-path" : "/data/storage/el1/bundle/storage_daemon",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "true"
|
||||
},
|
||||
{
|
||||
"src-path" : "/mnt/external",
|
||||
"sandbox-path" : "/mnt/external",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "true"
|
||||
}
|
||||
],
|
||||
"symbol-links" : []
|
||||
}],
|
||||
"__internal__.com.ohos.render" : [{
|
||||
"sandbox-root" : "/mnt/sandbox/com.ohos.render/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/dev",
|
||||
"sandbox-path" : "/dev",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/proc",
|
||||
"sandbox-path" : "/proc",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/sys",
|
||||
"sandbox-path" : "/sys",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/fonts",
|
||||
"sandbox-path" : "/system/fonts",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/etc",
|
||||
"sandbox-path" : "/system/etc",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/data/app/el2/<currentUserId>/base/<PackageName>",
|
||||
"sandbox-path" : "/data/storage/el2/base",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "true"
|
||||
}, {
|
||||
"src-path" : "/data/app/el1/bundle/public/com.ohos.nweb",
|
||||
"sandbox-path" : "/data/storage/el1/bundle/nweb",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/bin",
|
||||
"sandbox-path" : "/system/bin",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/lib",
|
||||
"sandbox-path" : "/system/lib",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/lib64",
|
||||
"sandbox-path" : "/system/lib64",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/app/com.ohos.nweb",
|
||||
"sandbox-path" : "/system/app/com.ohos.nweb",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/vendor/lib64",
|
||||
"sandbox-path" : "/vendor/lib64",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/data/app/el1/bundle/public/com.ohos.nweb",
|
||||
"sandbox-path" : "/data/app/el1/bundle/public/com.ohos.nweb",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"src-path" : "/system/app/NWeb",
|
||||
"sandbox-path" : "/system/app/NWeb",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}
|
||||
],
|
||||
"symbol-links" : [{
|
||||
"target-name" : "/system/etc",
|
||||
"link-name" : "/etc",
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"target-name" : "/system/bin",
|
||||
"link-name" : "/bin",
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"target-name" : "/system/lib",
|
||||
"link-name" : "/lib",
|
||||
"check-action-status": "false"
|
||||
}, {
|
||||
"target-name" : "/system/lib64",
|
||||
"link-name" : "/lib64",
|
||||
"check-action-status": "false"
|
||||
@ -463,12 +63,7 @@
|
||||
"flags-point" : [{
|
||||
"flags": "DLP_MANAGER",
|
||||
"sandbox-root" : "/mnt/sandbox/com.ohos.render/<PackageName>",
|
||||
"mount-paths" : [{
|
||||
"src-path" : "/data/app/el2/<currentUserId>/base/<PackageName_index>",
|
||||
"sandbox-path" : "/data/storage/el2/base",
|
||||
"sandbox-flags" : [ "bind", "rec" ],
|
||||
"check-action-status": "false"
|
||||
}],
|
||||
"mount-paths" : [],
|
||||
"symbol-links" : [{}]
|
||||
}]
|
||||
}]
|
||||
|
24
etc/BUILD.gn
24
etc/BUILD.gn
@ -12,26 +12,25 @@
|
||||
# limitations under the License.
|
||||
|
||||
import("//base/startup/appspawn/appspawn.gni")
|
||||
import("//base/startup/appspawn/etc/sandbox/appdata_sandbox_fixer.gni")
|
||||
import("//build/ohos.gni")
|
||||
|
||||
ohos_prebuilt_etc("appdata-sandbox.json") {
|
||||
if (target_cpu == "arm64") {
|
||||
source = "//base/startup/appspawn/appdata-sandbox64.json"
|
||||
} else {
|
||||
source = "//base/startup/appspawn/appdata-sandbox.json"
|
||||
ohos_prebuilt_appdata_sandbox("appdata-sandbox.json") {
|
||||
source = "../appdata-sandbox.json"
|
||||
patterns = []
|
||||
extra_sandbox_cfgs = []
|
||||
if (target_cpu == "arm64" || target_cpu == "x86_64") {
|
||||
extra_sandbox_cfgs += [ "../appdata-sandbox64.json" ]
|
||||
}
|
||||
|
||||
if (is_asan) {
|
||||
extra_sandbox_cfgs += [ "../appdata-sandbox-asan.json" ]
|
||||
}
|
||||
extra_sandbox_cfgs += [ "../product-sandbox.json" ]
|
||||
subsystem_name = "${subsystem_name}"
|
||||
part_name = "${part_name}"
|
||||
module_install_dir = "etc/sandbox"
|
||||
}
|
||||
|
||||
ohos_prebuilt_etc("product-sandbox.json") {
|
||||
source = "//base/startup/appspawn/product-sandbox.json"
|
||||
part_name = "${part_name}"
|
||||
module_install_dir = "etc/sandbox"
|
||||
}
|
||||
|
||||
ohos_prebuilt_etc("sandbox-config.json") {
|
||||
source = "//base/startup/appspawn/sandbox-config.json"
|
||||
part_name = "${part_name}"
|
||||
@ -48,7 +47,6 @@ group("etc_files") {
|
||||
deps = [
|
||||
":appdata-sandbox.json",
|
||||
":appspawn_preload.json",
|
||||
":product-sandbox.json",
|
||||
":sandbox-config.json",
|
||||
]
|
||||
}
|
||||
|
89
etc/sandbox/appdata_sandbox_fixer.gni
Executable file
89
etc/sandbox/appdata_sandbox_fixer.gni
Executable file
@ -0,0 +1,89 @@
|
||||
# Copyright (c) 2023 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import("//build/config/python.gni")
|
||||
import("//build/templates/common/copy.gni")
|
||||
|
||||
template("ohos_prebuilt_appdata_sandbox") {
|
||||
assert(defined(invoker.source), "source must be defined for ${target_name}.")
|
||||
|
||||
_fixed_sandbox_target = "${target_name}_sandbox_fixed"
|
||||
_fixed_sandbox_file = target_gen_dir + "/${target_name}.fixed/" +
|
||||
get_path_info(invoker.source, "file")
|
||||
_output_para_file = get_path_info(invoker.source, "file")
|
||||
|
||||
action_with_pydeps(_fixed_sandbox_target) {
|
||||
deps = []
|
||||
script = "//base/startup/appspawn/etc/sandbox/appdata_sandbox_fixer.py"
|
||||
depfile = "${target_gen_dir}/${target_name}.d"
|
||||
args = [
|
||||
"--output",
|
||||
rebase_path(_fixed_sandbox_file, root_build_dir),
|
||||
"--source-file",
|
||||
rebase_path(invoker.source, root_build_dir),
|
||||
"--depfile",
|
||||
rebase_path(depfile, root_build_dir),
|
||||
]
|
||||
if (defined(invoker.extra_sandbox_cfgs)) {
|
||||
foreach(extra, invoker.extra_sandbox_cfgs) {
|
||||
args += [
|
||||
"--extra_sandbox_cfg",
|
||||
rebase_path(extra, root_build_dir),
|
||||
]
|
||||
}
|
||||
}
|
||||
if (defined(invoker.patterns)) {
|
||||
foreach(pattern, invoker.patterns) {
|
||||
args += [
|
||||
"--patterns",
|
||||
pattern,
|
||||
]
|
||||
}
|
||||
}
|
||||
inputs = [ invoker.source ]
|
||||
outputs = [ _fixed_sandbox_file ]
|
||||
}
|
||||
|
||||
ohos_copy(target_name) {
|
||||
deps = [ ":$_fixed_sandbox_target" ]
|
||||
forward_variables_from(invoker,
|
||||
[
|
||||
"testonly",
|
||||
"visibility",
|
||||
|
||||
"deps",
|
||||
"public_configs",
|
||||
"subsystem_name",
|
||||
"part_name",
|
||||
|
||||
# For generate_module_info
|
||||
"install_images",
|
||||
"module_install_dir",
|
||||
"relative_install_dir",
|
||||
"symlink_target_name",
|
||||
|
||||
# Open source license related
|
||||
"license_file",
|
||||
"license_as_sources",
|
||||
])
|
||||
sources = [ _fixed_sandbox_file ]
|
||||
outputs = [ "${target_out_dir}/${target_name}/${_output_para_file}" ]
|
||||
module_type = "etc"
|
||||
install_enable = true
|
||||
module_source_dir = "${target_out_dir}/${target_name}"
|
||||
module_install_name = _output_para_file
|
||||
if (defined(invoker.install_enable)) {
|
||||
install_enable = invoker.install_enable
|
||||
}
|
||||
}
|
||||
}
|
229
etc/sandbox/appdata_sandbox_fixer.py
Executable file
229
etc/sandbox/appdata_sandbox_fixer.py
Executable file
@ -0,0 +1,229 @@
|
||||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
# Copyright (c) 2023 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import optparse
|
||||
import os
|
||||
import sys
|
||||
import json
|
||||
import stat
|
||||
|
||||
sys.path.append(os.path.join(os.path.dirname(__file__), os.pardir, os.pardir,
|
||||
os.pardir, os.pardir, os.pardir, "build"))
|
||||
from scripts.util import build_utils # noqa: E402
|
||||
|
||||
#default json
|
||||
|
||||
APP_SANDBOX_DEFAULT = '''
|
||||
{
|
||||
"common" : [{
|
||||
"top-sandbox-switch": "ON",
|
||||
"app-base" : [{
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [],
|
||||
"symbol-links": [],
|
||||
"flags-point" : []
|
||||
}],
|
||||
"app-resources" : [{
|
||||
"sandbox-root" : "/mnt/sandbox/<PackageName>",
|
||||
"mount-paths" : [],
|
||||
"flags-point" : [],
|
||||
"symbol-links" : []
|
||||
}]
|
||||
}],
|
||||
"individual" : [{}]
|
||||
}
|
||||
'''
|
||||
#only string in list
|
||||
|
||||
def _merge_list(origin, new):
|
||||
if origin is None or new is None:
|
||||
return
|
||||
for data1 in new:
|
||||
if data1 not in origin:
|
||||
origin.append(data1)
|
||||
|
||||
def _is_same_data(data1, data2, keys):
|
||||
for key in keys:
|
||||
if data1.get(key) != data2.get(key):
|
||||
return False
|
||||
return True
|
||||
|
||||
#for object in list
|
||||
|
||||
def _handle_same_array(data1, data2):
|
||||
for field in ["sandbox-root", "sandbox-path", "check-action-status", "fs-type", "link-name"]:
|
||||
if data1.get(field) is not None:
|
||||
data2[field] = data1[field]
|
||||
|
||||
for field in ["sandbox-flags"]: # by list merger
|
||||
item = data1.get(field)
|
||||
if item is not None and len(item) > 0:
|
||||
_merge_list(data2[field], item)
|
||||
|
||||
def _merge_scope_array(origin, new, keys):
|
||||
for data1 in new:
|
||||
found = False
|
||||
for data2 in origin:
|
||||
if _is_same_data(data1, data2, keys):
|
||||
found = True
|
||||
_handle_same_array(data1, data2)
|
||||
break
|
||||
if not found:
|
||||
origin.append(data1)
|
||||
|
||||
def _handle_same_data(data1, data2, field_infos):
|
||||
for field in ["sandbox-root"]:
|
||||
if data1.get(field) is not None:
|
||||
data2[field] = data1[field]
|
||||
|
||||
# for array
|
||||
for name, keys in field_infos.items():
|
||||
item = data1.get(name)
|
||||
if item is not None and len(item) > 0:
|
||||
_merge_scope_array(data2[field], item, keys)
|
||||
|
||||
def _merge_scope_flags_point(origin, new):
|
||||
field_infos = {
|
||||
"mount-paths": ["src-path"]
|
||||
}
|
||||
for data1 in new:
|
||||
found = False
|
||||
for data2 in origin:
|
||||
if _is_same_data(data1, data2, ["flags"]):
|
||||
found = True
|
||||
_handle_same_data(data1, data2, field_infos)
|
||||
break
|
||||
|
||||
if not found:
|
||||
origin.append(data1)
|
||||
|
||||
def _merge_scope_app(origin, new):
|
||||
field_infos = {
|
||||
"mount-paths": ["src-path"],
|
||||
"symbol-links": ["target-name"]
|
||||
}
|
||||
# normal filed
|
||||
for k in ["sandbox-root", "sandbox-switch"]:
|
||||
if new[0].get(k) is not None:
|
||||
origin[0][k] = new[0].get(k)
|
||||
|
||||
# for flags-point
|
||||
flags_points = new[0].get("flags-point")
|
||||
if flags_points:
|
||||
_merge_scope_flags_point(origin[0]["flags-point"], flags_points)
|
||||
|
||||
# for array
|
||||
for name, keys in field_infos.items():
|
||||
item = new[0].get(name)
|
||||
if item is not None and len(item) > 0:
|
||||
_merge_scope_array(origin[0].get(name), item, keys)
|
||||
|
||||
def _merge_scope_individual(origin, new):
|
||||
for k, v in new.items():
|
||||
if k not in origin:
|
||||
origin[k] = v
|
||||
else:
|
||||
_merge_scope_app(origin[k], v)
|
||||
|
||||
def _merge_scope_common(origin, new):
|
||||
# 处理 top-sandbox-switch
|
||||
for name in ["top-sandbox-switch"]:
|
||||
if new.get(name) :
|
||||
origin[name] = new.get(name)
|
||||
|
||||
#处理 app-base
|
||||
app = new.get("app-base")
|
||||
if app is not None and len(app) > 0:
|
||||
_merge_scope_app(origin.get("app-base"), app)
|
||||
pass
|
||||
|
||||
#处理 app-resources
|
||||
app = new.get("app-resources")
|
||||
if app is not None and len(app) > 0:
|
||||
_merge_scope_app(origin.get("app-resources"), app)
|
||||
pass
|
||||
|
||||
def parse_args(args):
|
||||
args = build_utils.expand_file_args(args)
|
||||
parser = optparse.OptionParser()
|
||||
build_utils.add_depfile_option(parser)
|
||||
parser.add_option('--output', help='fixed sandbox configure file')
|
||||
parser.add_option('--source-file', help='source para file')
|
||||
parser.add_option('--patterns', action="append",
|
||||
type="string", dest="patterns", help='replace string patterns like libpath:lib64')
|
||||
parser.add_option('--extra_sandbox_cfg', action="append",
|
||||
type="string", dest="extra_sandbox_cfgs", help='extra sandbox')
|
||||
|
||||
options, _ = parser.parse_args(args)
|
||||
return options
|
||||
|
||||
def __substitude_contents(options, source_file):
|
||||
with open(source_file, "r") as f:
|
||||
contents = f.read()
|
||||
if not options.patterns:
|
||||
return json.loads(contents)
|
||||
for pattern in options.patterns:
|
||||
parts = pattern.split(":")
|
||||
contents = contents.replace("{%s}" % parts[0], parts[1])
|
||||
return json.loads(contents)
|
||||
|
||||
def _get_json_list(options):
|
||||
data_list = []
|
||||
#decode source file
|
||||
contents = __substitude_contents(options, options.source_file)
|
||||
if contents :
|
||||
data_list.append(contents)
|
||||
|
||||
if options.extra_sandbox_cfgs is None:
|
||||
return data_list
|
||||
|
||||
#decode extra file
|
||||
for sandbox_cfg in options.extra_sandbox_cfgs:
|
||||
contents = __substitude_contents(options, sandbox_cfg)
|
||||
if contents :
|
||||
data_list.append(contents)
|
||||
return data_list
|
||||
|
||||
def fix_sandbox_config_file(options):
|
||||
data_list = _get_json_list(options)
|
||||
#decode template
|
||||
origin_json = json.loads(APP_SANDBOX_DEFAULT)
|
||||
|
||||
for data in data_list:
|
||||
# 处理common
|
||||
common = data.get("common")
|
||||
if common is not None and len(common) > 0:
|
||||
_merge_scope_common(origin_json.get("common")[0], common[0])
|
||||
|
||||
#处理individual
|
||||
individuals = data.get("individual")
|
||||
if individuals is not None and len(individuals) > 0:
|
||||
_merge_scope_individual(origin_json.get("individual")[0], individuals[0])
|
||||
pass
|
||||
|
||||
# dump json to output
|
||||
flags = os.O_WRONLY | os.O_CREAT | os.O_TRUNC
|
||||
modes = stat.S_IWUSR | stat.S_IRUSR | stat.S_IWGRP | stat.S_IRGRP
|
||||
with os.fdopen(os.open(options.output, flags, modes), 'w') as f:
|
||||
f.write(json.dumps(origin_json, ensure_ascii=False, indent=2))
|
||||
|
||||
def main(args):
|
||||
options = parse_args(args)
|
||||
depfile_deps = ([options.source_file])
|
||||
fix_sandbox_config_file(options)
|
||||
build_utils.write_depfile(options.depfile, options.output, depfile_deps, add_pydeps=False)
|
||||
|
||||
if __name__ == '__main__':
|
||||
sys.exit(main(sys.argv[1:]))
|
9
etc/sandbox/appdata_sandbox_fixer.pydeps
Executable file
9
etc/sandbox/appdata_sandbox_fixer.pydeps
Executable file
@ -0,0 +1,9 @@
|
||||
# Generated by running:
|
||||
# build/print_python_deps.py --root base/startup/appspawn/etc/sandbox --output base/startup/appspawn/etc/sandbox/appdata_sandbox_fixer.pydeps base/startup/appspawn/etc/sandbox/appdata_sandbox_fixer.py
|
||||
../../../../../build/gn_helpers.py
|
||||
../../../../../build/scripts/__init__.py
|
||||
../../../../../build/scripts/util/__init__.py
|
||||
../../../../../build/scripts/util/build_utils.py
|
||||
../../../../../build/scripts/util/md5_check.py
|
||||
../../../../../build/scripts/util/pycache.py
|
||||
appdata_sandbox_fixer.py
|
@ -665,13 +665,6 @@ HWTEST(AppSpawnSandboxTest, App_Spawn_Sandbox_22, TestSize.Level0)
|
||||
nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str());
|
||||
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config1);
|
||||
|
||||
std::string pJsconfig1 = "{ \
|
||||
\"common\":[], \
|
||||
\"individual\": [] \
|
||||
}";
|
||||
nlohmann::json p_config1 = nlohmann::json::parse(pJsconfig1.c_str());
|
||||
OHOS::AppSpawn::SandboxUtils::StoreProductJsonConfig(p_config1);
|
||||
|
||||
ClientSocket::AppProperty *m_appProperty = GetAppProperty();
|
||||
int ret = strcpy_s(m_appProperty->apl, APP_APL_MAX_LEN, "system_basic");
|
||||
if (ret != 0) {
|
||||
|
@ -21,6 +21,7 @@
|
||||
#include <sys/types.h>
|
||||
#include "nlohmann/json.hpp"
|
||||
#include "client_socket.h"
|
||||
#include "appspawn_server.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace AppSpawn {
|
||||
@ -30,9 +31,7 @@ public:
|
||||
static nlohmann::json GetNamespaceJsonConfig(void);
|
||||
static void StoreJsonConfig(nlohmann::json &appSandboxConfig);
|
||||
static nlohmann::json GetJsonConfig();
|
||||
static void StoreProductJsonConfig(nlohmann::json &productSandboxConfig);
|
||||
static nlohmann::json GetProductJsonConfig();
|
||||
static int32_t SetAppSandboxProperty(const ClientSocket::AppProperty *appProperty);
|
||||
static int32_t SetAppSandboxProperty(AppSpawnClient *client);
|
||||
static uint32_t GetNamespaceFlagsFromConfig(const char *bundleName);
|
||||
|
||||
private:
|
||||
@ -59,7 +58,8 @@ private:
|
||||
static int32_t DoSandboxRootFolderCreate(const ClientSocket::AppProperty *appProperty,
|
||||
std::string &sandboxPackagePath);
|
||||
static void DoSandboxChmod(nlohmann::json jsonConfig, std::string &sandboxRoot);
|
||||
static int DoAllMntPointsMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig);
|
||||
static int DoAllMntPointsMount(const ClientSocket::AppProperty *appProperty,
|
||||
nlohmann::json &appConfig, const std::string §ion = "app-base");
|
||||
static int DoAllSymlinkPointslink(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig);
|
||||
static std::string ConvertToRealPath(const ClientSocket::AppProperty *appProperty, std::string sandboxRoot);
|
||||
static std::string GetSbxPathByConfig(const ClientSocket::AppProperty *appProperty, nlohmann::json &config);
|
||||
|
@ -27,6 +27,7 @@
|
||||
#include "json_utils.h"
|
||||
#include "securec.h"
|
||||
#include "appspawn_server.h"
|
||||
#include "appspawn_service.h"
|
||||
#ifdef WITH_SELINUX
|
||||
#include "hap_restorecon.h"
|
||||
#endif
|
||||
@ -102,7 +103,6 @@ namespace {
|
||||
|
||||
nlohmann::json SandboxUtils::appNamespaceConfig_;
|
||||
nlohmann::json SandboxUtils::appSandboxConfig_;
|
||||
nlohmann::json SandboxUtils::productSandboxConfig_;
|
||||
|
||||
void SandboxUtils::StoreNamespaceJsonConfig(nlohmann::json &appNamespaceConfig)
|
||||
{
|
||||
@ -124,16 +124,6 @@ nlohmann::json SandboxUtils::GetJsonConfig()
|
||||
return SandboxUtils::appSandboxConfig_;
|
||||
}
|
||||
|
||||
void SandboxUtils::StoreProductJsonConfig(nlohmann::json &productSandboxConfig)
|
||||
{
|
||||
SandboxUtils::productSandboxConfig_ = productSandboxConfig;
|
||||
}
|
||||
|
||||
nlohmann::json SandboxUtils::GetProductJsonConfig()
|
||||
{
|
||||
return SandboxUtils::productSandboxConfig_;
|
||||
}
|
||||
|
||||
static uint32_t NamespaceFlagsFromConfig(const std::vector<std::string> &vec)
|
||||
{
|
||||
const std::map<std::string, uint32_t> NamespaceFlagsMap = { {"mnt", CLONE_NEWNS}, {"pid", CLONE_NEWPID} };
|
||||
@ -493,11 +483,13 @@ void SandboxUtils::CheckAndPrepareSrcPath(const ClientSocket::AppProperty *appPr
|
||||
}
|
||||
}
|
||||
|
||||
int SandboxUtils::DoAllMntPointsMount(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig)
|
||||
int SandboxUtils::DoAllMntPointsMount(const ClientSocket::AppProperty *appProperty,
|
||||
nlohmann::json &appConfig, const std::string §ion)
|
||||
{
|
||||
std::string bundleName = appProperty->bundleName;
|
||||
if (appConfig.find(g_mountPrefix) == appConfig.end()) {
|
||||
APPSPAWN_LOGV("mount config is not found, app name is %{public}s", bundleName.c_str());
|
||||
APPSPAWN_LOGV("mount config is not found in %{public}s, app name is %{public}s",
|
||||
section.c_str(), bundleName.c_str());
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -524,16 +516,12 @@ int SandboxUtils::DoAllMntPointsMount(const ClientSocket::AppProperty *appProper
|
||||
std::string sandboxPath = sandboxRoot + ConvertToRealPath(appProperty,
|
||||
mntPoint[g_sandBoxPath].get<std::string>());
|
||||
unsigned long mountFlags = GetMountFlagsFromConfig(mntPoint[g_sandBoxFlags].get<std::vector<std::string>>());
|
||||
std::string fsType = "";
|
||||
if (mntPoint.find(g_fsType) != mntPoint.end()) {
|
||||
fsType = mntPoint[g_fsType].get<std::string>();
|
||||
}
|
||||
std::string fsType = (mntPoint.find(g_fsType) != mntPoint.end()) ? mntPoint[g_fsType].get<std::string>() : "";
|
||||
|
||||
int ret = 0;
|
||||
/* check and prepare /data/app/el2 base and database package path to avoid BMS failed to create this folder */
|
||||
CheckAndPrepareSrcPath(appProperty, srcPath);
|
||||
/* if app mount failed for special strategy, we need deal with common mount config */
|
||||
ret = HandleSpecialAppMount(appProperty, srcPath, sandboxPath, fsType, mountFlags);
|
||||
int ret = HandleSpecialAppMount(appProperty, srcPath, sandboxPath, fsType, mountFlags);
|
||||
if (ret < 0) {
|
||||
if (fsType.empty()) {
|
||||
ret = DoAppSandboxMountOnce(srcPath.c_str(), sandboxPath.c_str(), nullptr, mountFlags, nullptr);
|
||||
@ -545,7 +533,8 @@ int SandboxUtils::DoAllMntPointsMount(const ClientSocket::AppProperty *appProper
|
||||
std::string actionStatus = g_statusCheck;
|
||||
(void)JsonUtils::GetStringFromJson(mntPoint, g_actionStatuc, actionStatus);
|
||||
if (actionStatus == g_statusCheck) {
|
||||
APPSPAWN_LOGE("DoAppSandboxMountOnce failed, %{public}s", sandboxPath.c_str());
|
||||
APPSPAWN_LOGE("DoAppSandboxMountOnce section %{public}s failed, %{public}s",
|
||||
section.c_str(), sandboxPath.c_str());
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
@ -600,7 +589,7 @@ int32_t SandboxUtils::DoSandboxFilePrivateBind(const ClientSocket::AppProperty *
|
||||
{
|
||||
nlohmann::json privateAppConfig = wholeConfig[g_privatePrefix][0];
|
||||
if (privateAppConfig.find(appProperty->bundleName) != privateAppConfig.end()) {
|
||||
return DoAllMntPointsMount(appProperty, privateAppConfig[appProperty->bundleName][0]);
|
||||
return DoAllMntPointsMount(appProperty, privateAppConfig[appProperty->bundleName][0], g_privatePrefix);
|
||||
}
|
||||
|
||||
return 0;
|
||||
@ -634,7 +623,7 @@ int32_t SandboxUtils::HandleFlagsPoint(const ClientSocket::AppProperty *appPrope
|
||||
std::string flagsStr = flagPoint[g_flags].get<std::string>();
|
||||
uint32_t flag = ConvertFlagStr(flagsStr);
|
||||
if ((appProperty->flags & flag) != 0) {
|
||||
return DoAllMntPointsMount(appProperty, flagPoint);
|
||||
return DoAllMntPointsMount(appProperty, flagPoint, g_flagePoint);
|
||||
}
|
||||
} else {
|
||||
APPSPAWN_LOGE("read flags config failed, app name is %{public}s", appProperty->bundleName);
|
||||
@ -672,14 +661,14 @@ int32_t SandboxUtils::DoSandboxFileCommonBind(const ClientSocket::AppProperty *a
|
||||
int ret = 0;
|
||||
|
||||
if (commonConfig.find(g_appBase) != commonConfig.end()) {
|
||||
ret = DoAllMntPointsMount(appProperty, commonConfig[g_appBase][0]);
|
||||
ret = DoAllMntPointsMount(appProperty, commonConfig[g_appBase][0], g_appBase);
|
||||
if (ret) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
if (commonConfig.find(g_appResources) != commonConfig.end()) {
|
||||
ret = DoAllMntPointsMount(appProperty, commonConfig[g_appResources][0]);
|
||||
ret = DoAllMntPointsMount(appProperty, commonConfig[g_appResources][0], g_appResources);
|
||||
}
|
||||
|
||||
return ret;
|
||||
@ -730,7 +719,7 @@ int32_t SandboxUtils::SetRenderSandboxProperty(const ClientSocket::AppProperty *
|
||||
nlohmann::json privateAppConfig = config[g_privatePrefix][0];
|
||||
|
||||
if (privateAppConfig.find(g_ohosRender) != privateAppConfig.end()) {
|
||||
int ret = DoAllMntPointsMount(appProperty, privateAppConfig[g_ohosRender][0]);
|
||||
int ret = DoAllMntPointsMount(appProperty, privateAppConfig[g_ohosRender][0], g_ohosRender);
|
||||
APPSPAWN_CHECK(ret == 0, return ret, "DoAllMntPointsMount failed, %{public}s",
|
||||
appProperty->bundleName);
|
||||
ret = DoAllSymlinkPointslink(appProperty, privateAppConfig[g_ohosRender][0]);
|
||||
@ -746,15 +735,11 @@ int32_t SandboxUtils::SetRenderSandboxProperty(const ClientSocket::AppProperty *
|
||||
|
||||
int32_t SandboxUtils::SetPrivateAppSandboxProperty(const ClientSocket::AppProperty *appProperty)
|
||||
{
|
||||
nlohmann::json productConfig = SandboxUtils::GetProductJsonConfig();
|
||||
nlohmann::json config = SandboxUtils::GetJsonConfig();
|
||||
int ret = 0;
|
||||
|
||||
ret = SetPrivateAppSandboxProperty_(appProperty, config);
|
||||
APPSPAWN_CHECK(ret == 0, return ret, "parse adddata-sandbox config failed");
|
||||
ret = SetPrivateAppSandboxProperty_(appProperty, productConfig);
|
||||
APPSPAWN_CHECK_ONLY_LOG(ret == 0, "parse product-sandbox config failed");
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -782,17 +767,12 @@ int32_t SandboxUtils::SetCommonAppSandboxProperty(const ClientSocket::AppPropert
|
||||
std::string &sandboxPackagePath)
|
||||
{
|
||||
nlohmann::json jsonConfig = SandboxUtils::GetJsonConfig();
|
||||
nlohmann::json productConfig = SandboxUtils::GetProductJsonConfig();
|
||||
int ret = 0;
|
||||
|
||||
ret = SetCommonAppSandboxProperty_(appProperty, jsonConfig);
|
||||
APPSPAWN_CHECK(ret == 0, return ret,
|
||||
"parse appdata config for common failed, %{public}s", sandboxPackagePath.c_str());
|
||||
|
||||
ret = SetCommonAppSandboxProperty_(appProperty, productConfig);
|
||||
APPSPAWN_CHECK(ret == 0, return ret,
|
||||
"parse product config for common failed, %{public}s", sandboxPackagePath.c_str());
|
||||
|
||||
ret = MountAllHsp(appProperty, sandboxPackagePath);
|
||||
APPSPAWN_CHECK(ret == 0, return ret, "mount hspList failed, %{public}s", sandboxPackagePath.c_str());
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user