sync arkweb remount code to newsandbox

Signed-off-by: nianyuu <zhouwenqiang12@huawei.com>
2024-11-22 22:50:21 +00:00 · 2024-09-24 17:48:06 +08:00 · 2024-09-24 17:48:06 +08:00 · bdfc8d66b5
commit bdfc8d66b5
parent fcd3f76e46
5 changed files with 85 additions and 8 deletions
--- a/appdata-sandbox-app.json
+++ b/appdata-sandbox-app.json
@ -155,7 +155,7 @@
                "sandbox-path" : "/data/utd"
            }, {
                "src-path" : "/data/app/el1/bundle/public/<arkWebPackageName>",
-                "sandbox-path" : "/data/storage/el1/bundle/arkwebcore"
+                "sandbox-path" : "/mnt/nweb/tmp"
            }, {
                "src-path" : "/mnt/hmdfs/<currentUserId>",
                "sandbox-path" : "/mnt/hmdfs/<currentUserId>"
@ -163,6 +163,10 @@
                "src-path" : "/mnt/hmdfs/<currentUserId>/cloud/data/<PackageName>",
                "sandbox-path" : "/data/storage/el2/cloud"
            }],
+            "symbol-links" : [{
+                "target-name" : "/mnt/nweb/tmp",
+                "link-name" : "/data/storage/el1/bundle/arkwebcore"
+            }],
            "mount-groups": ["el2", "el3", "el4"]
        }
    },
--- a/appdata-sandbox-nweb.json
+++ b/appdata-sandbox-nweb.json
@ -24,8 +24,11 @@
                "src-path" : "/system/bin",
                "sandbox-path" : "/system/bin"
            }, {
-                "src-path" : "/system/<lib>",
-                "sandbox-path" : "/system/<lib>"
+                "src-path" : "/system/lib",
+                "sandbox-path" : "/system/lib"
+            }, {
+                "src-path" : "/system/lib64",
+                "sandbox-path" : "/system/lib64"
            }, {
                "src-path" : "/data/app/el1/bundle/public/<arkWebPackageName>",
                "sandbox-path" : "/data/storage/el1/bundle/arkwebcore"
--- a/modules/sandbox/appspawn_sandbox.c
+++ b/modules/sandbox/appspawn_sandbox.c
@ -483,7 +483,12 @@ static int DoSandboxPathSymLink(const SandboxContext *context,
    const char *target = GetSandboxRealVar(context, BUFFER_FOR_SOURCE, sandboxNode->target, NULL, NULL);
    const char *linkName = GetSandboxRealVar(context, BUFFER_FOR_TARGET,
        sandboxNode->linkName, context->rootPath, NULL);
-    APPSPAWN_LOGV("symlink, from %{public}s to %{public}s", target, linkName);
+    APPSPAWN_LOGV("symlink from %{public}s to %{public}s", target, linkName);
+    if (access(linkName, F_OK) == 0) {
+        if (rmdir(linkName) != 0) {
+            APPSPAWN_LOGW("linkName %{public}s already exist and rmdir failed, errno %{public}d", linkName, errno);
+        }
+    }
    int ret = symlink(target, linkName);
    if (ret && errno != EEXIST) {
        if (sandboxNode->checkErrorFlag) {
@ -598,10 +603,17 @@ static const MountSharedTemplate MOUNT_SHARED_MAP[] = {
 static void MountDirToShared(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
 {
    const char rootPath[] = "/mnt/sandbox/";
+    const char nwebPath[] = "/mnt/nweb";
+    const char nwebTmpPath[] = "/mnt/nweb/tmp";
+    const char appRootName[] = "app-root";
    AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSpawningMsgInfo(context, TLV_DAC_INFO);
-    size_t bundleNameLen = strlen(context->bundleName);
-    if (info == NULL || context->bundleName == NULL ||
-        IsUnlockStatus(info->uid, context->bundleName, bundleNameLen)) {
+    if (info == NULL || context->bundleName == NULL) {
+        return;
+    }
+    MountDir(info, appRootName, rootPath, nwebPath);
+    MountDir(info, appRootName, rootPath, nwebTmpPath);
+
+    if (IsUnlockStatus(info->uid, context->bundleName, strlen(context->bundleName))) {
        return;
    }

--- a/standard/BUILD.gn
+++ b/standard/BUILD.gn
@ -92,6 +92,10 @@ ohos_executable("appspawn") {
  }
  cflags = []

+  if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
+    defines += [ "APPSPAWN_SANDBOX_NEW" ]
+  }
+
  #ldflags = [ "-Wl,--dynamic-linker,/system/bin/linker64z" ]
  if (!defined(global_parts_info) ||
      defined(global_parts_info.security_code_signature)) {
@ -193,6 +197,10 @@ ohos_executable("cjappspawn") {
  }
  cflags = []

+  if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
+    defines += [ "APPSPAWN_SANDBOX_NEW" ]
+  }
+
  #ldflags = [ "-Wl,--dynamic-linker,/system/bin/linker64z" ]
  if (!defined(global_parts_info) ||
      defined(global_parts_info.security_code_signature)) {
@ -259,6 +267,10 @@ ohos_executable("nativespawn") {
  }
  cflags = []

+  if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
+    defines += [ "APPSPAWN_SANDBOX_NEW" ]
+  }
+
  #ldflags = [ "-Wl,--dynamic-linker,/system/bin/linker64z" ]
  if (!defined(global_parts_info) ||
      defined(global_parts_info.security_code_signature)) {
--- a/standard/appspawn_service.c
+++ b/standard/appspawn_service.c
@ -1294,6 +1294,7 @@ static bool CheckAllDigit(char *userId)
    return true;
 }

+#ifdef APPSPAWN_SANDBOX_NEW
 static int ProcessSpawnRemountMsg(AppSpawnConnection *connection, AppSpawnMsgNode *message)
 {
    char srcPath[PATH_SIZE] = {0};
@ -1308,7 +1309,51 @@ static int ProcessSpawnRemountMsg(AppSpawnConnection *connection, AppSpawnMsgNod
    while ((ent = readdir(rootDir)) != NULL) {
        char *userId = ent->d_name;
        if (strcmp(userId, ".") == 0 || strcmp(userId, "..") == 0 || !CheckAllDigit(userId)) {
-                continue;
+            continue;
+        }
+        char destPath[PATH_SIZE] = {0};
+        int ret = snprintf_s(destPath, sizeof(destPath), sizeof(destPath) - 1,
+            "%s/%s/app-root/mnt/nweb/tmp", rootPath, userId);
+        APPSPAWN_CHECK(ret > 0, continue, "Failed to snprintf_s, errno %{public}d", errno);
+
+        ret = umount2(destPath, MNT_DETACH);
+        if (ret != 0) {
+            APPSPAWN_LOGW("Umount %{public}s failed, errno %{public}d", destPath, errno);
+        }
+
+        ret = mount(srcPath, destPath, NULL, MS_BIND | MS_REC, NULL);
+        if (ret != 0 && errno == EBUSY) {
+            ret = mount(srcPath, destPath, NULL, MS_BIND | MS_REC, NULL);
+            APPSPAWN_LOGW("Bind mount again %{public}s to %{public}s, ret %{public}d", srcPath, destPath, ret);
+        }
+        APPSPAWN_CHECK(ret == 0, continue,
+            "Failed to bind mount %{public}s to %{public}s, errno %{public}d", srcPath, destPath, errno);
+
+        ret = mount(NULL, destPath, NULL, MS_SHARED, NULL);
+        APPSPAWN_CHECK(ret == 0, continue,
+            "Failed to shared mount %{public}s, errno %{public}d", destPath, errno);
+
+        APPSPAWN_LOGI("Remount %{public}s to %{public}s success", srcPath, destPath);
+    }
+    closedir(rootDir);
+    return 0;
+}
+#else
+static int ProcessSpawnRemountMsg(AppSpawnConnection *connection, AppSpawnMsgNode *message)
+{
+    char srcPath[PATH_SIZE] = {0};
+    int len = GetArkWebInstallPath("persist.arkwebcore.install_path", srcPath);
+    APPSPAWN_CHECK(len > 0, return -1, "Failed to get arkwebcore install path");
+
+    char *rootPath = "/mnt/sandbox";
+    DIR *rootDir = opendir(rootPath);
+    APPSPAWN_CHECK(rootDir != NULL, return -1, "Failed to opendir %{public}s, errno %{public}d", rootPath, errno);
+
+    struct dirent *ent;
+    while ((ent = readdir(rootDir)) != NULL) {
+        char *userId = ent->d_name;
+        if (strcmp(userId, ".") == 0 || strcmp(userId, "..") == 0 || !CheckAllDigit(userId)) {
+            continue;
        }

        char userIdPath[PATH_SIZE] = {0};
@ -1348,6 +1393,7 @@ static int ProcessSpawnRemountMsg(AppSpawnConnection *connection, AppSpawnMsgNod
    closedir(rootDir);
    return 0;
 }
+#endif

 static void ProcessSpawnRestartMsg(AppSpawnConnection *connection, AppSpawnMsgNode *message)
 {