openharmony/startup_appspawn
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_appspawn synced 2025-03-01 17:05:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

enable appdata sandbox

Browse Source 
Signed-off-by: zhongning5 <zhongning5@huawei.com>
This commit is contained in:
zhongning5 2024-03-16 10:51:06 +08:00
parent 76bc27e6b9
commit b0be821519
3 changed files with 195 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
appdata-sandbox.json
View File

@ -39,8 +39,48 @@
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib",
"sandbox-path" : "/system/lib",
"src-path" : "/system/lib/platformsdk",
"sandbox-path" : "/system/lib/platformsdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/ld-musl-arm.so.1",
"sandbox-path" : "/system/lib/ld-musl-arm.so.1",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
},{
"src-path" : "/system/lib/ndk",
"sandbox-path" : "/system/lib/ndk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/module",
"sandbox-path" : "/system/lib/module",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/chipset-pub-sdk",
"sandbox-path" : "/system/lib/chipset-pub-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/chipset-sdk",
"sandbox-path" : "/system/lib/chipset-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/seccomp",
"sandbox-path" : "/system/lib/seccomp",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/extensionability",
"sandbox-path" : "/system/lib/extensionability",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/media",
"sandbox-path" : "/system/lib/media",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
@ -507,8 +547,48 @@
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib",
"sandbox-path" : "/system/lib",
"src-path" : "/system/lib/platformsdk",
"sandbox-path" : "/system/lib/platformsdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/ndk",
"sandbox-path" : "/system/lib/ndk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/module",
"sandbox-path" : "/system/lib/module",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/chipset-pub-sdk",
"sandbox-path" : "/system/lib/chipset-pub-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/chipset-sdk",
"sandbox-path" : "/system/lib/chipset-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/seccomp",
"sandbox-path" : "/system/lib/seccomp",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/extensionability",
"sandbox-path" : "/system/lib/extensionability",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/media",
"sandbox-path" : "/system/lib/media",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/ld-musl-arm.so.1",
"sandbox-path" : "/system/lib/ld-musl-arm.so.1",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {

88
appdata-sandbox64.json
View File

@ -5,8 +5,48 @@
"sandbox-root" : "/mnt/sandbox/<PackageName>",
"sandbox-ns-flags" : [ "pid" ],
"mount-paths" : [{
"src-path" : "/system/lib64",
"sandbox-path" : "/system/lib64",
"src-path" : "/system/lib64/platformsdk",
"sandbox-path" : "/system/lib64/platformsdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/ndk",
"sandbox-path" : "/system/lib64/ndk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/module",
"sandbox-path" : "/system/lib64/module",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/chipset-pub-sdk",
"sandbox-path" : "/system/lib64/chipset-pub-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/chipset-sdk",
"sandbox-path" : "/system/lib64/chipset-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/seccomp",
"sandbox-path" : "/system/lib64/seccomp",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/extensionability",
"sandbox-path" : "/system/lib64/extensionability",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/media",
"sandbox-path" : "/system/lib64/media",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/ld-musl-aarch64.so.1",
"sandbox-path" : "/system/lib/ld-musl-aarch64.so.1",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
@ -45,8 +85,48 @@
"sandbox-root" : "/mnt/sandbox/com.ohos.render/<PackageName>",
"sandbox-ns-flags" : [ "pid", "net" ],
"mount-paths" : [{
"src-path" : "/system/lib64",
"sandbox-path" : "/system/lib64",
"src-path" : "/system/lib64/platformsdk",
"sandbox-path" : "/system/lib64/platformsdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/ndk",
"sandbox-path" : "/system/lib64/ndk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/module",
"sandbox-path" : "/system/lib64/module",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/chipset-pub-sdk",
"sandbox-path" : "/system/lib64/chipset-pub-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/chipset-sdk",
"sandbox-path" : "/system/lib64/chipset-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/seccomp",
"sandbox-path" : "/system/lib64/seccomp",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/extensionability",
"sandbox-path" : "/system/lib64/extensionability",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64/media",
"sandbox-path" : "/system/lib64/media",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/ld-musl-aarch64.so.1",
"sandbox-path" : "/system/lib/ld-musl-aarch64.so.1",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {

29
util/src/sandbox_utils.cpp
View File

@ -166,12 +166,37 @@ static void CheckDirRecursive(const std::string &path)
return;
}
static void CheckAndCreatFile(const char *file)
{
if (access(file, F_OK) == 0) {
APPSPAWN_LOGI("file %{public}s already exist", file);
return;
}
std::string path = file;
auto pos = path.find_last_of('/');
APPSPAWN_CHECK(pos != std::string::npos, return, "file %{public}s error", file);
std::string dir = path.substr(0, pos);
MakeDirRecursive(dir, FILE_MODE);
int fd = open(file, O_CREAT, FILE_MODE);
if (fd < 0) {
APPSPAWN_LOGW("failed create %{public}s, err=%{public}d", file, errno);
} else {
close(fd);
}
return;
}
int32_t SandboxUtils::DoAppSandboxMountOnce(const char *originPath, const char *destinationPath,
const char *fsType, unsigned long mountFlags,
const char *options, mode_t mountSharedFlag)
{
// To make sure destinationPath exist
MakeDirRecursive(destinationPath, FILE_MODE);
struct stat st = {};
if (stat(originPath, &st) == 0 && S_ISREG(st.st_mode)) {
CheckAndCreatFile(destinationPath);
} else {
MakeDirRecursive(destinationPath, FILE_MODE);
}
#ifndef APPSPAWN_TEST
int ret = 0;
// to mount fs and bind mount files or directory