feat: add isolated_render

Signed-off-by: c30043414 <caobaolong5@huawei.com> Change-Id: Ic6d981be3c9f0c47258765216e16ea7e563efe91
2024-11-23 15:10:44 +00:00 · 2023-07-06 12:37:11 +08:00 · 2023-07-06 12:37:11 +08:00 · b9898ff343
commit b9898ff343
parent 83ca624c20
3 changed files with 27 additions and 2 deletions
--- a/BUILD.gn
+++ b/BUILD.gn
@ -177,9 +177,13 @@ ohos_static_library("nwebspawn_server") {
    "APPSPAWN_CHECK_GID_UID",
    "APPSPAWN_LABEL=\"NWEBSPAWN\"",
  ]
+  include_dirs = [ "//third_party/selinux/libselinux/include/" ]
  configs = [ ":appspawn_config" ]
  ldflags = [ "-Wl,--dynamic-linker,/system/bin/linker64z" ]
-  deps = [ "//foundation/communication/netmanager_base/services/netmanagernative/netsys_client:netsys_client" ]
+  deps = [
+    "//foundation/communication/netmanager_base/services/netmanagernative/netsys_client:netsys_client",
+    "//third_party/selinux:libselinux",
+  ]
  external_deps = [
    "access_token:libtoken_setproc",
    "c_utils:utils",
--- a/adapter/appspawn_adapter.cpp
+++ b/adapter/appspawn_adapter.cpp
@ -17,6 +17,10 @@

 #include <cerrno>

+#ifdef NWEB_SPAWN
+#include "selinux/selinux.h"
+#endif
+
 #include "appspawn_service.h"
 #ifdef WITH_SELINUX
 #include "hap_restorecon.h"
@ -40,6 +44,9 @@ void SetAppAccessToken(struct AppSpawnContent_ *content, AppSpawnClient *client)
 void SetSelinuxCon(struct AppSpawnContent_ *content, AppSpawnClient *client)
 {
 #ifdef WITH_SELINUX
+#ifdef NWEB_SPAWN
+    setcon("u:r:isolated_render:s0");
+#else
    UNUSED(content);
    AppSpawnClientExt *appProperty = reinterpret_cast<AppSpawnClientExt *>(client);
    HapContext hapContext;
@ -58,6 +65,7 @@ void SetSelinuxCon(struct AppSpawnContent_ *content, AppSpawnClient *client)
        APPSPAWN_LOGV("AppSpawnServer::Success to hap domain set context, ret = %{public}d", ret);
    }
 #endif
+#endif
 }

 void SetUidGidFilter(struct AppSpawnContent_ *content)
--- a/bundle.json
+++ b/bundle.json
@ -43,7 +43,20 @@
                "hitrace",
                "common_event_service",
                "hisysevent"
-            ]
+            ],
+	    "third_party": [
+                "bounds_checking_function",
+                "bzip2",
+                "libdrm",
+                "lz4",
+                "openssl",
+                "libusb",
+                "zlib",
+                "libuv",
+                "cjson",
+                "libpng",
+                "selinux"
+	    ]
        },
        "build": {
            "sub_component": [