mirror of
https://gitee.com/openharmony/startup_appspawn
synced 2024-11-23 07:00:17 +00:00
fix: 新需求
Signed-off-by: 樊景乐 <fanjingle@h-partners.com>
This commit is contained in:
樊景乐
fan-jingle
parent
23f9147b03
commit
b31d6357b6
@ -71,6 +71,7 @@ extern "C" {
|
|||||||
#define FILE_ACCESS_COMMON_DIR_MODE "ohos.permission.FILE_ACCESS_COMMON_DIR"
|
#define FILE_ACCESS_COMMON_DIR_MODE "ohos.permission.FILE_ACCESS_COMMON_DIR"
|
||||||
#define ACCESS_DLP_FILE_MODE "ohos.permission.ACCESS_DLP_FILE"
|
#define ACCESS_DLP_FILE_MODE "ohos.permission.ACCESS_DLP_FILE"
|
||||||
#define FILE_ACCESS_MANAGER_MODE "ohos.permission.FILE_ACCESS_MANAGER"
|
#define FILE_ACCESS_MANAGER_MODE "ohos.permission.FILE_ACCESS_MANAGER"
|
||||||
|
#define READ_WRITE_USER_FILE_MODE "ohos.permission.READ_WRITE_USER_FILE"
|
||||||
|
|
||||||
typedef enum SandboxTag {
|
typedef enum SandboxTag {
|
||||||
SANDBOX_TAG_MOUNT_PATH = 0,
|
SANDBOX_TAG_MOUNT_PATH = 0,
|
||||||
|
|||||||
@ -643,6 +643,42 @@ static int AppendPackageNameGids(const AppSpawnSandboxCfg *sandbox, AppSpawningC
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int SetSandboxPermissionFlag(AppSpawnSandboxCfg *sandbox, AppSpawningCtx *property)
|
||||||
|
{
|
||||||
|
int32_t index = 0;
|
||||||
|
if (sandbox->appFullMountEnable) {
|
||||||
|
index = GetPermissionIndexInQueue(&sandbox->permissionQueue, FILE_CROSS_APP_MODE);
|
||||||
|
} else {
|
||||||
|
index = GetPermissionIndexInQueue(&sandbox->permissionQueue, FILE_ACCESS_COMMON_DIR_MODE);
|
||||||
|
}
|
||||||
|
|
||||||
|
int32_t fileMgrIndex = GetPermissionIndexInQueue(&sandbox->permissionQueue, FILE_ACCESS_MANAGER_MODE);
|
||||||
|
int32_t userFileIndex = GetPermissionIndexInQueue(&sandbox->permissionQueue, READ_WRITE_USER_FILE_MODE);
|
||||||
|
int fileMgrRes = CheckAppPermissionFlagSet(property, (uint32_t)fileMgrIndex);
|
||||||
|
int userFileRes = CheckAppPermissionFlagSet(property, (uint32_t)userFileIndex);
|
||||||
|
//If both FILE_ACCESS_MANAGER_MODE and READ_WRITE_USER_FILE_MODE exist, the value is invalid.
|
||||||
|
if (fileMgrRes != 0 && userFileRes != 0) {
|
||||||
|
APPSPAWN_LOGE("invalid msg request.");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
// If FILE_ACCESS_MANAGER_MODE and READ_WRITE_USER_FILE_MODE do not exist,set the flag bit.
|
||||||
|
if (index > 0 && (fileMgrIndex > 0 && userFileIndex > 0) && (fileMgrRes == 0 && userFileRes == 0)) {
|
||||||
|
if (SetAppPermissionFlags(property, index) != 0) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int AppendGids(AppSpawnSandboxCfg *sandbox, AppSpawningCtx *property)
|
||||||
|
{
|
||||||
|
int ret = AppendPermissionGid(sandbox, property);
|
||||||
|
APPSPAWN_CHECK(ret == 0, return ret, "Failed to add gid for %{public}s", GetProcessName(property));
|
||||||
|
ret = AppendPackageNameGids(sandbox, property);
|
||||||
|
APPSPAWN_CHECK(ret == 0, return ret, "Failed to add gid for %{public}s", GetProcessName(property));
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
int SpawnPrepareSandboxCfg(AppSpawnMgr *content, AppSpawningCtx *property)
|
int SpawnPrepareSandboxCfg(AppSpawnMgr *content, AppSpawningCtx *property)
|
||||||
{
|
{
|
||||||
APPSPAWN_CHECK_ONLY_EXPER(content != NULL, return -1);
|
APPSPAWN_CHECK_ONLY_EXPER(content != NULL, return -1);
|
||||||
@ -652,25 +688,13 @@ int SpawnPrepareSandboxCfg(AppSpawnMgr *content, AppSpawningCtx *property)
|
|||||||
EXT_DATA_SANDBOX;
|
EXT_DATA_SANDBOX;
|
||||||
AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, type);
|
AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, type);
|
||||||
APPSPAWN_CHECK(sandbox != NULL, return -1, "Failed to get sandbox for %{public}s", GetProcessName(property));
|
APPSPAWN_CHECK(sandbox != NULL, return -1, "Failed to get sandbox for %{public}s", GetProcessName(property));
|
||||||
|
int ret = SetSandboxPermissionFlag(sandbox, property);
|
||||||
int32_t index = 0;
|
if (ret != 0) {
|
||||||
if (sandbox->appFullMountEnable) {
|
APPSPAWN_LOGW("set sandbox permission flag failed.");
|
||||||
index = GetPermissionIndexInQueue(&sandbox->permissionQueue, FILE_CROSS_APP_MODE);
|
return APPSPAWN_SANDBOX_ERROR_SET_PERMISSION_FLAG_FAIL;
|
||||||
} else {
|
|
||||||
index = GetPermissionIndexInQueue(&sandbox->permissionQueue, FILE_ACCESS_COMMON_DIR_MODE);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t fileMgrIndex = GetPermissionIndexInQueue(&sandbox->permissionQueue, FILE_ACCESS_MANAGER_MODE);
|
|
||||||
if (index > 0 && (CheckAppMsgFlagsSet(property, (uint32_t)fileMgrIndex) == 0)) {
|
|
||||||
if (SetAppPermissionFlags(property, index) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
int ret = AppendPermissionGid(sandbox, property);
|
|
||||||
APPSPAWN_CHECK(ret == 0, return ret, "Failed to add gid for %{public}s", GetProcessName(property));
|
|
||||||
ret = AppendPackageNameGids(sandbox, property);
|
|
||||||
APPSPAWN_CHECK(ret == 0, return ret, "Failed to add gid for %{public}s", GetProcessName(property));
|
APPSPAWN_CHECK(ret == 0, return ret, "Failed to add gid for %{public}s", GetProcessName(property));
|
||||||
|
ret = AppendGids(sandbox, property);
|
||||||
ret = StagedMountSystemConst(sandbox, property, IsNWebSpawnMode(content));
|
ret = StagedMountSystemConst(sandbox, property, IsNWebSpawnMode(content));
|
||||||
APPSPAWN_CHECK(ret == 0, return ret, "Failed to mount system-const for %{public}s", GetProcessName(property));
|
APPSPAWN_CHECK(ret == 0, return ret, "Failed to mount system-const for %{public}s", GetProcessName(property));
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@ -134,6 +134,7 @@ namespace {
|
|||||||
const std::string FILE_ACCESS_COMMON_DIR_MODE = "ohos.permission.FILE_ACCESS_COMMON_DIR";
|
const std::string FILE_ACCESS_COMMON_DIR_MODE = "ohos.permission.FILE_ACCESS_COMMON_DIR";
|
||||||
const std::string ACCESS_DLP_FILE_MODE = "ohos.permission.ACCESS_DLP_FILE";
|
const std::string ACCESS_DLP_FILE_MODE = "ohos.permission.ACCESS_DLP_FILE";
|
||||||
const std::string FILE_ACCESS_MANAGER_MODE = "ohos.permission.FILE_ACCESS_MANAGER";
|
const std::string FILE_ACCESS_MANAGER_MODE = "ohos.permission.FILE_ACCESS_MANAGER";
|
||||||
|
const std::string READ_WRITE_USER_FILE_MODE = "ohos.permission.READ_WRITE_USER_FILE";
|
||||||
const std::string ARK_WEB_PERSIST_PACKAGE_NAME = "persist.arkwebcore.package_name";
|
const std::string ARK_WEB_PERSIST_PACKAGE_NAME = "persist.arkwebcore.package_name";
|
||||||
|
|
||||||
const std::string& getArkWebPackageName()
|
const std::string& getArkWebPackageName()
|
||||||
@ -1585,13 +1586,19 @@ int32_t SandboxUtils::SetPermissionWithParam(AppSpawningCtx *appProperty)
|
|||||||
} else if (appFullMountStatus == FILE_ACCESS_COMMON_DIR_STATUS) {
|
} else if (appFullMountStatus == FILE_ACCESS_COMMON_DIR_STATUS) {
|
||||||
index = GetPermissionIndex(nullptr, FILE_ACCESS_COMMON_DIR_MODE.c_str());
|
index = GetPermissionIndex(nullptr, FILE_ACCESS_COMMON_DIR_MODE.c_str());
|
||||||
}
|
}
|
||||||
|
int32_t userFileIndex = GetPermissionIndex(nullptr, READ_WRITE_USER_FILE_MODE.c_str());
|
||||||
int32_t fileMgrIndex = GetPermissionIndex(nullptr, FILE_ACCESS_MANAGER_MODE.c_str());
|
int32_t fileMgrIndex = GetPermissionIndex(nullptr, FILE_ACCESS_MANAGER_MODE.c_str());
|
||||||
if (index > 0 && fileMgrIndex > 0 &&
|
if ((CheckAppPermissionFlagSet(appProperty, static_cast<uint32_t>(userFileIndex)) != 0) &&
|
||||||
(CheckAppPermissionFlagSet(appProperty, static_cast<uint32_t>(fileMgrIndex)) == 0)) {
|
(CheckAppPermissionFlagSet(appProperty, static_cast<uint32_t>(fileMgrIndex)) != 0)) {
|
||||||
|
APPSPAWN_LOGE("invalid msg request.");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (index > 0 && (fileMgrIndex > 0 && userFileIndex > 0) &&
|
||||||
|
(CheckAppPermissionFlagSet(appProperty, static_cast<uint32_t>(userFileIndex)) == 0) &&
|
||||||
|
(CheckAppPermissionFlagSet(appProperty, static_cast<uint32_t>(fileMgrIndex))== 0)) {
|
||||||
return SetAppPermissionFlags(appProperty, index);
|
return SetAppPermissionFlags(appProperty, index);
|
||||||
}
|
}
|
||||||
return -1;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef APPSPAWN_MOUNT_TMPSHM
|
#ifdef APPSPAWN_MOUNT_TMPSHM
|
||||||
@ -1631,6 +1638,7 @@ int32_t SandboxUtils::SetAppSandboxProperty(AppSpawningCtx *appProperty, uint32_
|
|||||||
|
|
||||||
if (SetPermissionWithParam(appProperty) != 0) {
|
if (SetPermissionWithParam(appProperty) != 0) {
|
||||||
APPSPAWN_LOGW("Set app permission flag fail.");
|
APPSPAWN_LOGW("Set app permission flag fail.");
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
// check app sandbox switch
|
// check app sandbox switch
|
||||||
|
|||||||
@ -122,6 +122,7 @@ typedef enum {
|
|||||||
APPSPAWN_DEBUG_MODE_NOT_SUPPORT,
|
APPSPAWN_DEBUG_MODE_NOT_SUPPORT,
|
||||||
APPSPAWN_ERROR_UTILS_MEM_FAIL,
|
APPSPAWN_ERROR_UTILS_MEM_FAIL,
|
||||||
APPSPAWN_ERROR_FILE_RMDIR_FAIL,
|
APPSPAWN_ERROR_FILE_RMDIR_FAIL,
|
||||||
|
APPSPAWN_SANDBOX_ERROR_SET_PERMISSION_FLAG_FAIL,
|
||||||
APPSPAWN_NODE_EXIST,
|
APPSPAWN_NODE_EXIST,
|
||||||
} AppSpawnErrorCode;
|
} AppSpawnErrorCode;
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user