From d47aae6b647fc5cc15aaf2ebfe6d8cab6e63469b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E8=BE=BE?= Date: Mon, 19 Aug 2024 23:23:55 +0800 Subject: [PATCH] =?UTF-8?q?native=E8=BF=9B=E7=A8=8B=E5=AD=B5=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王达 --- appdata-sandbox-isolated.json | 122 ++++++++++++++++++ appspawn.cfg | 12 +- common/appspawn_server.h | 24 ++++ etc/BUILD.gn | 16 +++ interfaces/innerkits/client/appspawn_client.c | 21 ++- interfaces/innerkits/client/appspawn_client.h | 1 + interfaces/innerkits/include/appspawn.h | 6 + modules/common/appspawn_adapter.cpp | 4 +- modules/module_engine/include/appspawn_msg.h | 1 + modules/sandbox/appspawn_permission.h | 1 + modules/sandbox/appspawn_sandbox.c | 2 +- modules/sandbox/appspawn_sandbox.h | 2 +- modules/sandbox/sandbox_load.c | 13 +- modules/sandbox/sandbox_utils.cpp | 82 ++++++++---- modules/sandbox/sandbox_utils.h | 11 +- service/hnp/README_zh.md | 2 +- standard/appspawn_main.c | 108 +++++++++------- standard/appspawn_manager.h | 5 + standard/appspawn_service.c | 94 +++++++------- standard/appspawn_service.h | 7 + standard/nwebspawn_launcher.c | 27 ++++ test/moduletest/appspawn_client_test.cpp | 29 ++++- test/moduletest/appspawn_test_cmder.cpp | 17 ++- test/moduletest/appspawn_test_cmder.h | 2 +- .../app_spawn_sandbox_test.cpp | 30 ++--- .../app_spawn_sandboxmgr_test.cpp | 18 +-- 26 files changed, 493 insertions(+), 164 deletions(-) create mode 100644 appdata-sandbox-isolated.json diff --git a/appdata-sandbox-isolated.json b/appdata-sandbox-isolated.json new file mode 100644 index 00000000..5558cec1 --- /dev/null +++ b/appdata-sandbox-isolated.json @@ -0,0 +1,122 @@ +{ + "common": [{ + "top-sandbox-switch": "ON", + "app-base": [{ + "sandbox-ns-flags" : [ "net" ], + "mount-paths" : [{ + "src-path" : "/dev", + "sandbox-path" : "/dev", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/proc", + "sandbox-path" : "/proc", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/sys", + "sandbox-path" : "/sys", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/fonts", + "sandbox-path" : "/system/fonts", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/etc", + "sandbox-path" : "/system/etc", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/etc/hosts", + "sandbox-path" : "/data/service/el1/network/hosts_user/hosts", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/bin", + "sandbox-path" : "/system/bin", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib", + "sandbox-path" : "/system/lib", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib64", + "sandbox-path" : "/system/lib64", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib/platformsdk", + "sandbox-path" : "/system/lib/platformsdk", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib/ndk", + "sandbox-path" : "/system/lib/ndk", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib/module", + "sandbox-path" : "/system/lib/module", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib/chipset-pub-sdk", + "sandbox-path" : "/system/lib/chipset-pub-sdk", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib/chipset-sdk", + "sandbox-path" : "/system/lib/chipset-sdk", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib/seccomp", + "sandbox-path" : "/system/lib/seccomp", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib/extensionability", + "sandbox-path" : "/system/lib/extensionability", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib/media", + "sandbox-path" : "/system/lib/media", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/system/lib/ld-musl-arm.so.1", + "sandbox-path" : "/system/lib/ld-musl-arm.so.1", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }, { + "src-path" : "/data/app/el1/bundle/public/", + "sandbox-path" : "/data/app/el1/bundle/public/", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "false" + }], + "symbol-links" : [{ + "target-name" : "/system/etc", + "link-name" : "/etc", + "check-action-status": "false" + }, { + "target-name" : "/system/bin", + "link-name" : "/bin", + "check-action-status": "false" + }, { + "target-name" : "/system/lib", + "link-name" : "/lib", + "check-action-status": "false" + }, { + "target-name" : "/system/lib64", + "link-name" : "/lib64", + "check-action-status": "false" + }] + + }] + }] +} diff --git a/appspawn.cfg b/appspawn.cfg index 2145015f..1a3a039a 100644 --- a/appspawn.cfg +++ b/appspawn.cfg @@ -55,6 +55,17 @@ "gid" : "nwebspawn", "option" : [ ] + }, + { + "name" : "NativeSpawn", + "family" : "AF_LOCAL", + "type" : "SOCK_STREAM", + "protocol" : "default", + "permissions" : "0666", + "uid" : "root", + "gid" : "appspawn", + "option" : [ + ] }], "sandbox" : 0, "start-mode" : "boot", @@ -66,4 +77,3 @@ } ] } - diff --git a/common/appspawn_server.h b/common/appspawn_server.h index b7ccd84a..3bbc74d1 100644 --- a/common/appspawn_server.h +++ b/common/appspawn_server.h @@ -29,9 +29,33 @@ typedef enum { MODE_FOR_NWEB_SPAWN, MODE_FOR_APP_COLD_RUN, MODE_FOR_NWEB_COLD_RUN, + MODE_FOR_NATIVE_SPAWN, + MODE_FOR_CJAPP_SPAWN, MODE_INVALID } RunMode; +typedef enum { + PROCESS_FOR_APP_SPAWN, + PROCESS_FOR_NWEB_SPAWN, + PROCESS_FOR_APP_COLD_RUN, + PROCESS_FOR_NWEB_COLD_RUN, + PROCESS_FOR_NATIVE_SPAWN, + PROCESS_FOR_NWEB_RESTART, + PROCESS_INVALID +} RunProcess; + +typedef enum { + CJPROCESS_FOR_APP_SPAWN, + CJPROCESS_FOR_APP_COLD_RUN, + CJPROCESS_INVALID +} CJRunProcess; + +typedef enum { + PROCESS_TYPE_APPSPAWN, + PROCESS_TYPE_CJAPPSPAWN, + PROCESS_TYPE_INVALID +} ProcessType; + typedef struct AppSpawnClient { uint32_t id; uint32_t flags; // Save negotiated flags diff --git a/etc/BUILD.gn b/etc/BUILD.gn index 242cd018..782bef98 100644 --- a/etc/BUILD.gn +++ b/etc/BUILD.gn @@ -28,6 +28,12 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) { part_name = "${part_name}" module_install_dir = "etc/sandbox" } + + ohos_prebuilt_etc("appdata-sandbox-isolated.json") { + source = "../appdata-sandbox-isolated.json" + part_name = "${part_name}" + module_install_dir = "etc/sandbox" + } } else { ohos_prebuilt_appdata_sandbox("appdata-sandbox.json") { source = "../appdata-sandbox.json" @@ -43,6 +49,15 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) { part_name = "${part_name}" module_install_dir = "etc/sandbox" } + + ohos_prebuilt_appdata_sandbox("appdata-sandbox-isolated.json") { + source = "../appdata-sandbox-isolated.json" + patterns = [] + extra_sandbox_cfgs = [] + subsystem_name = "${subsystem_name}" + part_name = "${part_name}" + module_install_dir = "etc/sandbox" + } } ohos_prebuilt_etc("appspawn_preload.json") { @@ -54,6 +69,7 @@ ohos_prebuilt_etc("appspawn_preload.json") { group("etc_files") { deps = [ ":appdata-sandbox.json", + ":appdata-sandbox-isolated.json", ":appspawn_preload.json", ] if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) { diff --git a/interfaces/innerkits/client/appspawn_client.c b/interfaces/innerkits/client/appspawn_client.c index 84e6aae6..72e4f938 100644 --- a/interfaces/innerkits/client/appspawn_client.c +++ b/interfaces/innerkits/client/appspawn_client.c @@ -91,8 +91,22 @@ APPSPAWN_STATIC void CloseClientSocket(int socketId) APPSPAWN_STATIC int CreateClientSocket(uint32_t type, uint32_t timeout) { - const char *socketName = type == CLIENT_FOR_APPSPAWN ? APPSPAWN_SOCKET_NAME : - (type == CLIENT_FOR_CJAPPSPAWN ? CJAPPSPAWN_SOCKET_NAME : NWEBSPAWN_SOCKET_NAME); + const char *socketName; + + switch (type) { + case CLIENT_FOR_APPSPAWN: + socketName = APPSPAWN_SOCKET_NAME; + break; + case CLIENT_FOR_CJAPPSPAWN: + socketName = CJAPPSPAWN_SOCKET_NAME; + break; + case CLIENT_FOR_NATIVESPAWN: + socketName = NATIVESPAWN_SOCKET_NAME; + break; + default: + socketName = NWEBSPAWN_SOCKET_NAME; + break; + } int socketFd = socket(AF_UNIX, SOCK_STREAM, 0); // SOCK_SEQPACKET APPSPAWN_CHECK(socketFd >= 0, return -1, @@ -270,6 +284,9 @@ int AppSpawnClientInit(const char *serviceName, AppSpawnClientHandle *handle) type = CLIENT_FOR_CJAPPSPAWN; } else if (strcmp(serviceName, NWEBSPAWN_SERVER_NAME) == 0 || strstr(serviceName, NWEBSPAWN_SOCKET_NAME) != NULL) { type = CLIENT_FOR_NWEBSPAWN; + } else if (strcmp(serviceName, NATIVESPAWN_SERVER_NAME) == 0 || + strstr(serviceName, NATIVESPAWN_SOCKET_NAME) != NULL) { + type = CLIENT_FOR_NATIVESPAWN; } int ret = InitClientInstance(type); APPSPAWN_CHECK(ret == 0, return APPSPAWN_SYSTEM_ERROR, "Failed to create reqMgr"); diff --git a/interfaces/innerkits/client/appspawn_client.h b/interfaces/innerkits/client/appspawn_client.h index 268332bd..8f8090e2 100644 --- a/interfaces/innerkits/client/appspawn_client.h +++ b/interfaces/innerkits/client/appspawn_client.h @@ -46,6 +46,7 @@ typedef enum { CLIENT_FOR_APPSPAWN, CLIENT_FOR_NWEBSPAWN, CLIENT_FOR_CJAPPSPAWN, + CLIENT_FOR_NATIVESPAWN, CLIENT_MAX } AppSpawnClientType; diff --git a/interfaces/innerkits/include/appspawn.h b/interfaces/innerkits/include/appspawn.h index d6a24c1f..3613e6aa 100644 --- a/interfaces/innerkits/include/appspawn.h +++ b/interfaces/innerkits/include/appspawn.h @@ -49,6 +49,7 @@ typedef void *AppSpawnClientHandle; #define APPSPAWN_SERVER_NAME "appspawn" #define CJAPPSPAWN_SERVER_NAME "cjappspawn" #define NWEBSPAWN_RESTART "nwebRestart" +#define NATIVESPAWN_SERVER_NAME "nativespawn" #pragma pack(4) #define APP_MAX_GIDS 64 @@ -175,6 +176,11 @@ typedef enum { APP_FLAGS_CHILDPROCESS, APP_FLAGS_HWASAN_ENABLED = 21, APP_FLAGS_UBSAN_ENABLED = 22, + APP_FLAGS_ISOLATED_SANDBOX_TYPE, + APP_FLAGS_ISOLATED_SELINUX_LABEL, + APP_FLAGS_ISOLATED_SECCOMP_TYPE, + APP_FLAGS_ISOLATED_NETWORK, + APP_FLAGS_ISOLATED_DATAGROUP, MAX_FLAGS_INDEX = 63, } AppFlagsIndex; diff --git a/modules/common/appspawn_adapter.cpp b/modules/common/appspawn_adapter.cpp index aa6c9bed..2d2d8bff 100644 --- a/modules/common/appspawn_adapter.cpp +++ b/modules/common/appspawn_adapter.cpp @@ -48,7 +48,7 @@ int SetAppAccessToken(const AppSpawnMgr *content, const AppSpawningCtx *property APPSPAWN_LOGV("AppSpawnServer::set access token %{public}" PRId64 " %{public}d", tokenInfo->accessTokenIdEx, IsNWebSpawnMode(content)); - if (IsNWebSpawnMode(content)) { + if (IsNWebSpawnMode(content) || IsNativeSpawnMode(content)) { TokenIdKit tokenIdKit; tokenId = tokenIdKit.GetRenderTokenID(tokenInfo->accessTokenIdEx); } else { @@ -151,7 +151,7 @@ int SetSeccompFilter(const AppSpawnMgr *content, const AppSpawningCtx *property) #ifdef WITH_SECCOMP const char *appName = APP_NAME; SeccompFilterType type = APP; - + if (IsNWebSpawnMode(content)) { uint32_t len = 0; std::string processType = diff --git a/modules/module_engine/include/appspawn_msg.h b/modules/module_engine/include/appspawn_msg.h index 0d6dbf75..3c632529 100644 --- a/modules/module_engine/include/appspawn_msg.h +++ b/modules/module_engine/include/appspawn_msg.h @@ -30,6 +30,7 @@ extern "C" { #define APPSPAWN_SOCKET_NAME "AppSpawn" #define CJAPPSPAWN_SOCKET_NAME "CJAppSpawn" #define KEEPALIVE_NAME "keepalive" +#define NATIVESPAWN_SOCKET_NAME "NativeSpawn" #define APPSPAWN_ALIGN(len) (((len) + 0x03) & (~0x03)) #define APPSPAWN_TLV_NAME_LEN 32 diff --git a/modules/sandbox/appspawn_permission.h b/modules/sandbox/appspawn_permission.h index a78ae67e..56d16e75 100644 --- a/modules/sandbox/appspawn_permission.h +++ b/modules/sandbox/appspawn_permission.h @@ -27,6 +27,7 @@ extern "C" { #define APP_SANDBOX_FILE_NAME "/appdata-sandbox.json" #define WEB_SANDBOX_FILE_NAME "/appdata-sandbox-nweb.json" +#define ISOLATED_SANDBOX_FILE_NAME "/appdata-sandbox-isolated.json" typedef struct TagSandboxQueue SandboxQueue; typedef struct TagPermissionNode SandboxPermissionNode; diff --git a/modules/sandbox/appspawn_sandbox.c b/modules/sandbox/appspawn_sandbox.c index edf8af55..b8fb1c0c 100644 --- a/modules/sandbox/appspawn_sandbox.c +++ b/modules/sandbox/appspawn_sandbox.c @@ -199,7 +199,7 @@ static int InitSandboxContext(SandboxContext *context, context->message = property->message; context->sandboxNsFlags = CLONE_NEWNS; - if (CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_SANDBOX)) { + if (CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_NETWORK)) { context->sandboxNsFlags |= sandbox->sandboxNsFlags & CLONE_NEWNET ? CLONE_NEWNET : 0; } diff --git a/modules/sandbox/appspawn_sandbox.h b/modules/sandbox/appspawn_sandbox.h index 56006da1..7dd767c8 100644 --- a/modules/sandbox/appspawn_sandbox.h +++ b/modules/sandbox/appspawn_sandbox.h @@ -227,7 +227,7 @@ typedef struct { AppSpawnSandboxCfg *CreateAppSpawnSandbox(void); AppSpawnSandboxCfg *GetAppSpawnSandbox(const AppSpawnMgr *content); void DeleteAppSpawnSandbox(AppSpawnSandboxCfg *sandbox); -int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, int nwebSpawn); +int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, RunMode mode); void DumpAppSpawnSandboxCfg(AppSpawnSandboxCfg *sandbox); /** diff --git a/modules/sandbox/sandbox_load.c b/modules/sandbox/sandbox_load.c index 8ef4baa2..825e08b7 100644 --- a/modules/sandbox/sandbox_load.c +++ b/modules/sandbox/sandbox_load.c @@ -661,10 +661,19 @@ APPSPAWN_STATIC int ParseAppSandboxConfig(const cJSON *root, ParseJsonContext *c return ret; } -int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, int nwebSpawn) +APPSPAWN_STATIC const char *GetSandboxNameByMode(RunMode mode) +{ + if (mode == MODE_FOR_NATIVE_SPAWN) { + return ISOLATED_SANDBOX_FILE_NAME; + } + + return APP_SANDBOX_FILE_NAME; +} + +int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, RunMode mode) { APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return APPSPAWN_ARG_INVALID); - const char *sandboxName = nwebSpawn ? WEB_SANDBOX_FILE_NAME : APP_SANDBOX_FILE_NAME; + const char *sandboxName = GetSandboxNameByMode(mode); if (sandbox->depGroupNodes != NULL) { APPSPAWN_LOGW("Sandbox has been load"); return 0; diff --git a/modules/sandbox/sandbox_utils.cpp b/modules/sandbox/sandbox_utils.cpp index 1f7af40e..9a9573de 100644 --- a/modules/sandbox/sandbox_utils.cpp +++ b/modules/sandbox/sandbox_utils.cpp @@ -33,6 +33,7 @@ #include "appspawn_msg.h" #include "appspawn_server.h" #include "appspawn_service.h" +#include "appspawn_utils.h" #include "config_policy_utils.h" #include "init_param.h" #include "parameter.h" @@ -62,6 +63,7 @@ namespace { constexpr std::string_view APL_SYSTEM_CORE("system_core"); constexpr std::string_view APL_SYSTEM_BASIC("system_basic"); const std::string APP_JSON_CONFIG("/appdata-sandbox.json"); + const std::string APP_ISOLATED_JSON_CONFIG("/appdata-sandbox-isolated.json"); const std::string g_physicalAppInstallPath = "/data/app/el1/bundle/public/"; const std::string g_sandboxGroupPath = "/data/storage/el2/group/"; const std::string g_sandboxHspInstallPath = "/data/storage/el1/bundle/"; @@ -180,17 +182,17 @@ bool JsonUtils::GetStringFromJson(const nlohmann::json &json, const std::string } } -std::vector SandboxUtils::appSandboxConfig_ = {}; +std::map> SandboxUtils::appSandboxConfig_ = {}; int32_t SandboxUtils::deviceTypeEnable_ = -1; -void SandboxUtils::StoreJsonConfig(nlohmann::json &appSandboxConfig) +void SandboxUtils::StoreJsonConfig(nlohmann::json &appSandboxConfig, SandboxConfigType type) { - SandboxUtils::appSandboxConfig_.push_back(appSandboxConfig); + SandboxUtils::appSandboxConfig_[type].push_back(appSandboxConfig); } -std::vector &SandboxUtils::GetJsonConfig() +std::vector &SandboxUtils::GetJsonConfig(SandboxConfigType type) { - return SandboxUtils::appSandboxConfig_; + return SandboxUtils::appSandboxConfig_[type]; } static void MakeDirRecursive(const std::string &path, mode_t mode) @@ -562,8 +564,9 @@ std::string SandboxUtils::GetSbxPathByConfig(const AppSpawningCtx *appProperty, std::string sandboxRoot = ""; const std::string originSandboxPath = "/mnt/sandbox/"; + std::string isolatedFlagText = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? "isolated/" : ""; const std::string defaultSandboxRoot = g_sandBoxDir + to_string(dacInfo->uid / UID_BASE) + - "/" + GetBundleName(appProperty); + "/" + isolatedFlagText.c_str() + GetBundleName(appProperty); if (config.find(g_sandboxRootPrefix) != config.end()) { sandboxRoot = config[g_sandboxRootPrefix].get(); if (sandboxRoot == originSandboxPath) { @@ -934,7 +937,7 @@ int32_t SandboxUtils::DoSandboxFilePermissionBind(AppSpawningCtx *appProperty, std::set SandboxUtils::GetMountPermissionNames() { std::set permissionSet; - for (auto& config : SandboxUtils::GetJsonConfig()) { + for (auto& config : SandboxUtils::GetJsonConfig(SANBOX_APP_JSON_CONFIG)) { if (config.find(g_permissionPrefix) == config.end()) { continue; } @@ -1081,7 +1084,10 @@ int32_t SandboxUtils::SetRenderSandboxProperty(const AppSpawningCtx *appProperty int32_t SandboxUtils::SetRenderSandboxPropertyNweb(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath) { - for (auto& config : SandboxUtils::GetJsonConfig()) { + SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? + SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; + + for (auto& config : SandboxUtils::GetJsonConfig(type)) { nlohmann::json& privateAppConfig = config[g_privatePrefix][0]; if (privateAppConfig.find(g_ohosRender) != privateAppConfig.end()) { int ret = DoAllMntPointsMount(appProperty, privateAppConfig[g_ohosRender][0], nullptr, g_ohosRender); @@ -1101,17 +1107,23 @@ int32_t SandboxUtils::SetRenderSandboxPropertyNweb(const AppSpawningCtx *appProp int32_t SandboxUtils::SetPrivateAppSandboxProperty(const AppSpawningCtx *appProperty) { int ret = 0; - for (auto& config : SandboxUtils::GetJsonConfig()) { + SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? + SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; + + for (auto& config : SandboxUtils::GetJsonConfig(type)) { ret = SetPrivateAppSandboxProperty_(appProperty, config); APPSPAWN_CHECK(ret == 0, return ret, "parse adddata-sandbox config failed"); } return ret; } -static bool GetSandboxPrivateSharedStatus(const string &bundleName) +static bool GetSandboxPrivateSharedStatus(const string &bundleName, AppSpawningCtx *appProperty) { bool result = false; - for (auto& config : SandboxUtils::GetJsonConfig()) { + SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? + SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; + + for (auto& config : SandboxUtils::GetJsonConfig(type)) { nlohmann::json& privateAppConfig = config[g_privatePrefix][0]; if (privateAppConfig.find(bundleName) != privateAppConfig.end() && privateAppConfig[bundleName][0].find(g_sandBoxShared) != @@ -1129,7 +1141,10 @@ static bool GetSandboxPrivateSharedStatus(const string &bundleName) int32_t SandboxUtils::SetPermissionAppSandboxProperty(AppSpawningCtx *appProperty) { int ret = 0; - for (auto& config : SandboxUtils::GetJsonConfig()) { + SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? + SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; + + for (auto& config : SandboxUtils::GetJsonConfig(type)) { ret = SetPermissionAppSandboxProperty_(appProperty, config); APPSPAWN_CHECK(ret == 0, return ret, "parse adddata-sandbox config failed"); } @@ -1161,7 +1176,10 @@ int32_t SandboxUtils::SetCommonAppSandboxProperty(const AppSpawningCtx *appPrope std::string &sandboxPackagePath) { int ret = 0; - for (auto& jsonConfig : SandboxUtils::GetJsonConfig()) { + SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? + SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; + + for (auto& jsonConfig : SandboxUtils::GetJsonConfig(type)) { ret = SetCommonAppSandboxProperty_(appProperty, jsonConfig); APPSPAWN_CHECK(ret == 0, return ret, "parse appdata config for common failed, %{public}s", sandboxPackagePath.c_str()); @@ -1330,7 +1348,7 @@ uint32_t SandboxUtils::GetSandboxNsFlags(bool isNweb) return nsFlags; } - for (auto& config : SandboxUtils::GetJsonConfig()) { + for (auto& config : SandboxUtils::GetJsonConfig(SANBOX_APP_JSON_CONFIG)) { if (isNweb) { nlohmann::json& privateAppConfig = config[g_privatePrefix][0]; if (privateAppConfig.find(g_ohosRender) == privateAppConfig.end()) { @@ -1371,7 +1389,10 @@ bool SandboxUtils::CheckBundleNameForPrivate(const std::string &bundleName) bool SandboxUtils::CheckTotalSandboxSwitchStatus(const AppSpawningCtx *appProperty) { - for (auto& wholeConfig : SandboxUtils::GetJsonConfig()) { + SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? + SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; + + for (auto& wholeConfig : SandboxUtils::GetJsonConfig(type)) { if (wholeConfig.find(g_commonPrefix) == wholeConfig.end()) { continue; } @@ -1392,7 +1413,10 @@ bool SandboxUtils::CheckTotalSandboxSwitchStatus(const AppSpawningCtx *appProper bool SandboxUtils::CheckAppSandboxSwitchStatus(const AppSpawningCtx *appProperty) { bool rc = true; - for (auto& wholeConfig : SandboxUtils::GetJsonConfig()) { + SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? + SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; + + for (auto& wholeConfig : SandboxUtils::GetJsonConfig(type)) { if (wholeConfig.find(g_privatePrefix) == wholeConfig.end()) { continue; } @@ -1584,8 +1608,10 @@ int32_t SandboxUtils::SetAppSandboxProperty(AppSpawningCtx *appProperty, uint32_ std::string sandboxPackagePath = g_sandBoxRootDir + to_string(dacInfo->uid / UID_BASE) + "/"; const std::string bundleName = GetBundleName(appProperty); - bool sandboxSharedStatus = GetSandboxPrivateSharedStatus(bundleName) || (CheckAppPermissionFlagSet(appProperty, - static_cast(GetPermissionIndex(nullptr, ACCESS_DLP_FILE_MODE.c_str()))) != 0); + bool sandboxSharedStatus = GetSandboxPrivateSharedStatus(bundleName, appProperty) || + (CheckAppPermissionFlagSet(appProperty, static_cast(GetPermissionIndex(nullptr, + ACCESS_DLP_FILE_MODE.c_str()))) != 0); + sandboxPackagePath += CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? "isolated/" : ""; sandboxPackagePath += bundleName; MakeDirRecursive(sandboxPackagePath.c_str(), FILE_MODE); @@ -1624,7 +1650,7 @@ int32_t SandboxUtils::SetAppSandboxPropertyNweb(AppSpawningCtx *appProperty, uin } std::string sandboxPackagePath = g_sandBoxRootDirNweb; const std::string bundleName = GetBundleName(appProperty); - bool sandboxSharedStatus = GetSandboxPrivateSharedStatus(bundleName); + bool sandboxSharedStatus = GetSandboxPrivateSharedStatus(bundleName, appProperty); sandboxPackagePath += bundleName; MakeDirRecursive(sandboxPackagePath.c_str(), FILE_MODE); @@ -1705,11 +1731,17 @@ int LoadAppSandboxConfig(AppSpawnMgr *content) continue; } std::string path = files->paths[i]; - path += OHOS::AppSpawn::APP_JSON_CONFIG; - APPSPAWN_LOGI("LoadAppSandboxConfig %{public}s", path.c_str()); - rc = OHOS::AppSpawn::JsonUtils::GetJsonObjFromJson(appSandboxConfig, path); - APPSPAWN_CHECK(rc, continue, "Failed to load app data sandbox config %{public}s", path.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(appSandboxConfig); + std::string appPath = path + OHOS::AppSpawn::APP_JSON_CONFIG; + APPSPAWN_LOGI("LoadAppSandboxConfig %{public}s", appPath.c_str()); + rc = OHOS::AppSpawn::JsonUtils::GetJsonObjFromJson(appSandboxConfig, appPath); + APPSPAWN_CHECK(rc, continue, "Failed to load app data sandbox config %{public}s", appPath.c_str()); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(appSandboxConfig, SANBOX_APP_JSON_CONFIG); + + std::string isolatedPath = path + OHOS::AppSpawn::APP_ISOLATED_JSON_CONFIG; + APPSPAWN_LOGI("LoadAppSandboxConfig %{public}s", isolatedPath.c_str()); + rc = OHOS::AppSpawn::JsonUtils::GetJsonObjFromJson(appSandboxConfig, isolatedPath); + APPSPAWN_CHECK(rc, continue, "Failed to load app data sandbox config %{public}s", isolatedPath.c_str()); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(appSandboxConfig, SANBOX_ISOLATED_JSON_CONFIG); } FreeCfgFiles(files); bool isNweb = IsNWebSpawnMode(content); @@ -1736,7 +1768,7 @@ int32_t SetAppSandboxProperty(AppSpawnMgr *content, AppSpawningCtx *property) } } uint32_t sandboxNsFlags = CLONE_NEWNS; - if (CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX)) { + if (CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_NETWORK)) { sandboxNsFlags |= content->content.sandboxNsFlags & CLONE_NEWNET ? CLONE_NEWNET : 0; } APPSPAWN_LOGV("SetAppSandboxProperty sandboxNsFlags 0x%{public}x", sandboxNsFlags); diff --git a/modules/sandbox/sandbox_utils.h b/modules/sandbox/sandbox_utils.h index d85fac97..c1013a06 100755 --- a/modules/sandbox/sandbox_utils.h +++ b/modules/sandbox/sandbox_utils.h @@ -26,12 +26,17 @@ #include "appspawn_server.h" #include "appspawn_manager.h" +typedef enum { + SANBOX_APP_JSON_CONFIG, + SANBOX_ISOLATED_JSON_CONFIG +} SandboxConfigType; + namespace OHOS { namespace AppSpawn { class SandboxUtils { public: - static void StoreJsonConfig(nlohmann::json &appSandboxConfig); - static std::vector &GetJsonConfig(); + static void StoreJsonConfig(nlohmann::json &appSandboxConfig, SandboxConfigType type); + static std::vector &GetJsonConfig(SandboxConfigType type); static int32_t SetAppSandboxProperty(AppSpawningCtx *client, uint32_t sandboxNsFlags = CLONE_NEWNS); static int32_t SetAppSandboxPropertyNweb(AppSpawningCtx *client, uint32_t sandboxNsFlags = CLONE_NEWNS); static uint32_t GetSandboxNsFlags(bool isNweb); @@ -115,7 +120,7 @@ private: const std::string §ion, std::string sandboxRoot); static void GetSandboxMountConfig(const AppSpawningCtx *appProperty, const std::string §ion, nlohmann::json &mntPoint,SandboxMountConfig &mountConfig); - static std::vector appSandboxConfig_; + static std::map> appSandboxConfig_; static int32_t deviceTypeEnable_; }; class JsonUtils { diff --git a/service/hnp/README_zh.md b/service/hnp/README_zh.md index 6b3ef6c3..9e500d26 100644 --- a/service/hnp/README_zh.md +++ b/service/hnp/README_zh.md @@ -74,7 +74,7 @@ HAP工程根目录 ## 3 Native软件包的使用方法 ### 3.1 在hap应用中访问Native二进制 以c++语言为例,可以在hap应用代码中通过system、execv等函数执行二进制。默认公有hnp包软链接路径为/data/service/hnp/bin,默认私有hnp包软链接路径为/data/app/bin,默认软链接路径已加入环境变量中。 -### 3.1 hdc shell执行方法 +### 3.2 hdc shell执行方法 **操作步骤:** 1. 从应用市场下载Native软件包hap应用并安装。 diff --git a/standard/appspawn_main.c b/standard/appspawn_main.c index 7d02e5d6..d8622dae 100644 --- a/standard/appspawn_main.c +++ b/standard/appspawn_main.c @@ -27,6 +27,22 @@ #define APPSPAWN_PRELOAD "libappspawn_helper.z.so" +static AppSpawnStartArgTemplate g_appSpawnStartArgTemplate[PROCESS_INVALID] = { + {APPSPAWN_SERVER_NAME, {MODE_FOR_APP_SPAWN, MODULE_APPSPAWN, APPSPAWN_SOCKET_NAME, APPSPAWN_SERVER_NAME, 1}}, + {NWEBSPAWN_SERVER_NAME, {MODE_FOR_NWEB_SPAWN, MODULE_NWEBSPAWN, NWEBSPAWN_SOCKET_NAME, NWEBSPAWN_SERVER_NAME, 1}}, + {"app_cold", {MODE_FOR_APP_COLD_RUN, MODULE_APPSPAWN, APPSPAWN_SOCKET_NAME, APPSPAWN_SERVER_NAME, 0}}, + {"nweb_cold", {MODE_FOR_NWEB_COLD_RUN, MODULE_NWEBSPAWN, APPSPAWN_SOCKET_NAME, NWEBSPAWN_SERVER_NAME, 0}}, + {NATIVESPAWN_SERVER_NAME, {MODE_FOR_NATIVE_SPAWN, MODULE_APPSPAWN, NATIVESPAWN_SOCKET_NAME, + NATIVESPAWN_SERVER_NAME, 1}}, + {NWEBSPAWN_RESTART, {MODE_FOR_NWEB_SPAWN, MODULE_NWEBSPAWN, NWEBSPAWN_SOCKET_NAME, NWEBSPAWN_SERVER_NAME, 1}}, +}; + +static AppSpawnStartArgTemplate g_appCJSpawnStartArgTemplate[CJPROCESS_INVALID] = { + {CJAPPSPAWN_SERVER_NAME, {MODE_FOR_CJAPP_SPAWN, MODULE_APPSPAWN, CJAPPSPAWN_SOCKET_NAME, CJAPPSPAWN_SERVER_NAME, + 1}}, + {"app_cold", {MODE_FOR_APP_COLD_RUN, MODULE_APPSPAWN, CJAPPSPAWN_SOCKET_NAME, CJAPPSPAWN_SERVER_NAME, 0}}, +}; + static void CheckPreload(char *const argv[]) { char buf[256] = APPSPAWN_PRELOAD; // 256 is enough in most cases @@ -58,6 +74,27 @@ static void CheckPreload(char *const argv[]) APPSPAWN_LOGE("execv fail: %{public}s: %{public}d: %{public}d", buf, errno, ret); } +static AppSpawnStartArgTemplate *GetAppSpawnStartArg(const char *serverName, ProcessType type) +{ + if (type == PROCESS_TYPE_APPSPAWN) { + for (uint32_t i = 0; i < ARRAY_LENGTH(g_appSpawnStartArgTemplate); i++) { + if (strcmp(serverName, g_appSpawnStartArgTemplate[i].serverName) == 0) { + return &g_appSpawnStartArgTemplate[i]; + } + } + + return &g_appSpawnStartArgTemplate[PROCESS_FOR_APP_SPAWN]; + } else { + for (uint32_t i = 0; i < ARRAY_LENGTH(g_appCJSpawnStartArgTemplate); i++) { + if (strcmp(serverName, g_appCJSpawnStartArgTemplate[i].serverName) == 0) { + return &g_appCJSpawnStartArgTemplate[i]; + } + } + + return &g_appCJSpawnStartArgTemplate[CJPROCESS_FOR_APP_SPAWN]; + } +} + // appspawn -mode appspawn | cold | nwebspawn -param app_property -fd clientFd int main(int argc, char *const argv[]) { @@ -74,59 +111,34 @@ int main(int argc, char *const argv[]) CheckPreload(argv); (void)signal(SIGPIPE, SIG_IGN); uint32_t argvSize = end - start; - AppSpawnStartArg arg = {}; -#ifndef CJAPP_SPAWN - arg.mode = MODE_FOR_APP_SPAWN; - arg.socketName = APPSPAWN_SOCKET_NAME; - arg.serviceName = APPSPAWN_SERVER_NAME; - arg.moduleType = MODULE_APPSPAWN; - arg.initArg = 1; - if (argc <= MODE_VALUE_INDEX) { // appspawn start - arg.mode = MODE_FOR_APP_SPAWN; - } else if (strcmp(argv[MODE_VALUE_INDEX], "app_cold") == 0) { // cold start - APPSPAWN_CHECK(argc >= ARG_NULL, return 0, "Invalid arg for cold start %{public}d", argc); - arg.mode = MODE_FOR_APP_COLD_RUN; - arg.initArg = 0; - } else if (strcmp(argv[MODE_VALUE_INDEX], "nweb_cold") == 0) { // cold start - APPSPAWN_CHECK(argc >= ARG_NULL, return 0, "Invalid arg for cold start %{public}d", argc); - arg.mode = MODE_FOR_NWEB_COLD_RUN; - arg.moduleType = MODULE_NWEBSPAWN; - arg.serviceName = NWEBSPAWN_SERVER_NAME; - arg.initArg = 0; - } else if (strcmp(argv[MODE_VALUE_INDEX], NWEBSPAWN_SERVER_NAME) == 0) { // nweb spawn start - APPSPAWN_CHECK(argvSize >= APP_LEN_PROC_NAME, - return 0, "Invalid arg size for service %{public}s", arg.serviceName); - arg.mode = MODE_FOR_NWEB_SPAWN; - arg.moduleType = MODULE_NWEBSPAWN; - arg.socketName = NWEBSPAWN_SOCKET_NAME; - arg.serviceName = NWEBSPAWN_SERVER_NAME; - } else if (strcmp(argv[MODE_VALUE_INDEX], NWEBSPAWN_RESTART) == 0) { // nweb spawn restart - APPSPAWN_CHECK_ONLY_EXPER(argvSize >= APP_LEN_PROC_NAME, argvSize = APP_LEN_PROC_NAME); - arg.mode = MODE_FOR_NWEB_SPAWN; - arg.moduleType = MODULE_NWEBSPAWN; - arg.socketName = NWEBSPAWN_SOCKET_NAME; - arg.serviceName = NWEBSPAWN_SERVER_NAME; - } else { - APPSPAWN_CHECK(argvSize >= APP_LEN_PROC_NAME, - return 0, "Invalid arg size for service %{public}s", arg.serviceName); + AppSpawnStartArg *arg; + AppSpawnStartArgTemplate *argTemp = NULL; + +#ifdef CJAPP_SPAWN + argTemp = &g_appCJSpawnStartArgTemplate[CJPROCESS_FOR_APP_SPAWN]; + if (argc > MODE_VALUE_INDEX) { + argTemp = GetAppSpawnStartArg(argv[MODE_VALUE_INDEX], PROCESS_TYPE_CJAPPSPAWN); } - AppSpawnContent *content = StartSpawnService(&arg, argvSize, argc, argv); #else - arg.mode = MODE_FOR_APP_SPAWN; - arg.socketName = CJAPPSPAWN_SOCKET_NAME; - arg.serviceName = CJAPPSPAWN_SERVER_NAME; - arg.moduleType = MODULE_APPSPAWN; - arg.initArg = 1; - // cold start in cjappspawn is for ide-sanitizers (asan/tsan/hwasan) - if (strcmp(argv[MODE_VALUE_INDEX], "app_cold") == 0) { // cold start - APPSPAWN_CHECK(argc >= ARG_NULL, return 0, "Invalid arg for cold start %{public}d", argc); - arg.mode = MODE_FOR_APP_COLD_RUN; - arg.initArg = 0; + argTemp = &g_appSpawnStartArgTemplate[PROCESS_FOR_APP_SPAWN]; + if (argc > MODE_VALUE_INDEX) { + argTemp = GetAppSpawnStartArg(argv[MODE_VALUE_INDEX], PROCESS_TYPE_APPSPAWN); } - AppSpawnContent *content = StartCJSpawnService(&arg, argvSize, argc, argv); #endif + arg = &argTemp->arg; + if (arg->initArg == 0) { + APPSPAWN_CHECK(argc >= ARG_NULL, return 0, "Invalid arg for cold start %{public}d", argc); + } else { + if (strcmp(argTemp->serverName, NWEBSPAWN_RESTART) == 0) { // nweb spawn restart + APPSPAWN_CHECK_ONLY_EXPER(argvSize >= APP_LEN_PROC_NAME, argvSize = APP_LEN_PROC_NAME); + } else { + APPSPAWN_CHECK(argvSize >= APP_LEN_PROC_NAME, return 0, "Invalid arg size for service %{public}s", + arg->serviceName); + } + } + AppSpawnContent *content = StartSpawnService(arg, argvSize, argc, argv); if (content != NULL) { - if (arg.moduleType == MODULE_APPSPAWN) { + if (arg->moduleType == MODULE_APPSPAWN) { AppSpawnKickDogStart(content); } content->runAppSpawn(content, argc, argv); diff --git a/standard/appspawn_manager.h b/standard/appspawn_manager.h index 2f6216d6..7354d5b5 100644 --- a/standard/appspawn_manager.h +++ b/standard/appspawn_manager.h @@ -187,6 +187,11 @@ APPSPAWN_INLINE int IsNWebSpawnMode(const AppSpawnMgr *content) (content->content.mode == MODE_FOR_NWEB_SPAWN || content->content.mode == MODE_FOR_NWEB_COLD_RUN); } +APPSPAWN_INLINE int IsNativeSpawnMode(const AppSpawnMgr *content) +{ + return (content != NULL) && (content->content.mode == MODE_FOR_NATIVE_SPAWN); +} + APPSPAWN_INLINE int IsColdRunMode(const AppSpawnMgr *content) { return (content != NULL) && diff --git a/standard/appspawn_service.c b/standard/appspawn_service.c index c1bac5b3..61ff35b4 100644 --- a/standard/appspawn_service.c +++ b/standard/appspawn_service.c @@ -117,6 +117,16 @@ static void StopAppSpawn(void) OH_ListInit(&appInfo->node); free(appInfo); } + // delete nativespawn, and wait exit. Otherwise, the process of nativespawn spawning will become zombie + appInfo = GetSpawnedProcessByName(NATIVESPAWN_SERVER_NAME); + if (appInfo != NULL) { + APPSPAWN_LOGI("kill %{public}s pid: %{public}d", appInfo->name, appInfo->pid); + int exitStatus = 0; + KillAndWaitStatus(appInfo->pid, SIGTERM, &exitStatus); + OH_ListRemove(&appInfo->node); + OH_ListInit(&appInfo->node); + free(appInfo); + } TraversalSpawnedProcess(AppQueueDestroyProc, NULL); APPSPAWN_LOGI("StopAppSpawn "); #ifdef APPSPAWN_HISYSEVENT @@ -962,25 +972,54 @@ AppSpawnContent *AppSpawnCreateContent(const char *socketName, char *longProcNam return &appSpawnContent->content; } -#ifndef CJAPP_SPAWN +APPSPAWN_STATIC void AppSpawnArgSet(RunMode mode, AppSpawnStartArg *arg) +{ + if (mode == MODE_FOR_NWEB_SPAWN) { + arg->socketName = NWEBSPAWN_SOCKET_NAME; + arg->serviceName = NWEBSPAWN_SERVER_NAME; + arg->moduleType = MODULE_NWEBSPAWN; + arg->mode = MODE_FOR_NWEB_SPAWN; + arg->initArg = 1; + } else if (mode == MODE_FOR_NATIVE_SPAWN) { + arg->socketName = NATIVESPAWN_SOCKET_NAME; + arg->serviceName = NATIVESPAWN_SERVER_NAME; + arg->moduleType = MODULE_APPSPAWN; + arg->mode = MODE_FOR_NATIVE_SPAWN; + arg->initArg = 1; + } + + return; +} + +APPSPAWN_STATIC void AppSpawnStartServiceEnd(pid_t nwebSpawnPid, pid_t NativeSpawnPid) +{ + AddSpawnedProcess(nwebSpawnPid, NWEBSPAWN_SERVER_NAME); + AddSpawnedProcess(NativeSpawnPid, NATIVESPAWN_SERVER_NAME); + SetParameter("bootevent.appspawn.started", "true"); +} + AppSpawnContent *StartSpawnService(const AppSpawnStartArg *startArg, uint32_t argvSize, int argc, char *const argv[]) { APPSPAWN_CHECK(startArg != NULL && argv != NULL, return NULL, "Invalid start arg"); pid_t pid = 0; + pid_t NativeSpawnPid = 0; AppSpawnStartArg *arg = (AppSpawnStartArg *)startArg; APPSPAWN_LOGV("Start appspawn argvSize %{public}d mode %{public}d service %{public}s", argvSize, arg->mode, arg->serviceName); if (arg->mode == MODE_FOR_APP_SPAWN) { pid = NWebSpawnLaunch(); if (pid == 0) { - arg->socketName = NWEBSPAWN_SOCKET_NAME; - arg->serviceName = NWEBSPAWN_SERVER_NAME; - arg->moduleType = MODULE_NWEBSPAWN; - arg->mode = MODE_FOR_NWEB_SPAWN; - arg->initArg = 1; + AppSpawnArgSet(MODE_FOR_NWEB_SPAWN, arg); + } else { + NativeSpawnPid = NativeSpawnLaunch(); + if (NativeSpawnPid == 0) { + AppSpawnArgSet(MODE_FOR_NATIVE_SPAWN, arg); + } } } else if (arg->mode == MODE_FOR_NWEB_SPAWN && getuid() == 0) { NWebSpawnInit(); + } else if (arg->mode == MODE_FOR_NATIVE_SPAWN && getuid() == 0) { + NativeSpawnInit(); } if (arg->initArg) { int ret = memset_s(argv[0], argvSize, 0, (size_t)argvSize); @@ -1007,12 +1046,10 @@ AppSpawnContent *StartSpawnService(const AppSpawnStartArg *startArg, uint32_t ar #endif AddAppSpawnHook(STAGE_CHILD_PRE_RUN, HOOK_PRIO_LOWEST, AppSpawnClearEnv); if (arg->mode == MODE_FOR_APP_SPAWN) { - AddSpawnedProcess(pid, NWEBSPAWN_SERVER_NAME); - SetParameter("bootevent.appspawn.started", "true"); + AppSpawnStartServiceEnd(pid, NativeSpawnPid); } return content; } -#endif static AppSpawnMsgNode *ProcessSpawnBegetctlMsg(AppSpawnConnection *connection, AppSpawnMsgNode *message) { @@ -1211,41 +1248,4 @@ static void ProcessRecvMsg(AppSpawnConnection *connection, AppSpawnMsgNode *mess DeleteAppSpawnMsg(message); break; } -} - -// To support cjappspawn -#ifdef CJAPP_SPAWN -AppSpawnContent *StartCJSpawnService(const AppSpawnStartArg *startArg, uint32_t argvSize, int argc, char *const argv[]) -{ - APPSPAWN_LOGI("Start CJ Spawn Service ..."); - APPSPAWN_CHECK(startArg != NULL && argv != NULL, return NULL, "Invalid start arg"); - AppSpawnStartArg *arg = (AppSpawnStartArg *)startArg; - APPSPAWN_LOGV("Start appspawn argvSize %{public}d mode %{public}d service %{public}s", - argvSize, arg->mode, arg->serviceName); - if (arg->initArg) { - int ret = memset_s(argv[0], argvSize, 0, (size_t)argvSize); - APPSPAWN_CHECK(ret == EOK, return NULL, "Failed to memset argv[0]"); - ret = strncpy_s(argv[0], argvSize, arg->serviceName, strlen(arg->serviceName)); - APPSPAWN_CHECK(ret == EOK, return NULL, "Failed to copy service name %{public}s", arg->serviceName); - } - - // load module appspawn/common - AppSpawnLoadAutoRunModules(MODULE_COMMON); - AppSpawnModuleMgrInstall(ASAN_MODULE_PATH); - - APPSPAWN_CHECK(LE_GetDefaultLoop() != NULL, return NULL, "Invalid default loop"); - AppSpawnContent *content = AppSpawnCreateContent(arg->socketName, argv[0], argvSize, arg->mode); - APPSPAWN_CHECK(content != NULL, return NULL, "Failed to create content for %{public}s", arg->socketName); - - AppSpawnLoadAutoRunModules(arg->moduleType); // load corresponding plugin according to startup mode - int ret = ServerStageHookExecute(STAGE_SERVER_PRELOAD, content); // Preload, prase the sandbox - APPSPAWN_CHECK(ret == 0, AppSpawnDestroyContent(content); - return NULL, "Failed to prepare load %{public}s result: %{public}d", arg->serviceName, ret); -#ifndef APPSPAWN_TEST - APPSPAWN_CHECK(content->runChildProcessor != NULL, AppSpawnDestroyContent(content); - return NULL, "No child processor %{public}s result: %{public}d", arg->serviceName, ret); -#endif - AddAppSpawnHook(STAGE_CHILD_PRE_RUN, HOOK_PRIO_LOWEST, AppSpawnClearEnv); - return content; -} -#endif +} \ No newline at end of file diff --git a/standard/appspawn_service.h b/standard/appspawn_service.h index f9344e9f..856e78f4 100644 --- a/standard/appspawn_service.h +++ b/standard/appspawn_service.h @@ -64,8 +64,15 @@ typedef struct TagAppSpawnStartArg { uint32_t initArg : 1; } AppSpawnStartArg; +typedef struct { + char *serverName; + AppSpawnStartArg arg; +} AppSpawnStartArgTemplate; + pid_t NWebSpawnLaunch(void); void NWebSpawnInit(void); +pid_t NativeSpawnLaunch(void); +void NativeSpawnInit(void); AppSpawnContent *StartSpawnService(const AppSpawnStartArg *arg, uint32_t argvSize, int argc, char *const argv[]); #ifdef CJAPP_SPAWN AppSpawnContent *StartCJSpawnService(const AppSpawnStartArg *arg, uint32_t argvSize, int argc, char *const argv[]); diff --git a/standard/nwebspawn_launcher.c b/standard/nwebspawn_launcher.c index 40be6897..5b984c11 100644 --- a/standard/nwebspawn_launcher.c +++ b/standard/nwebspawn_launcher.c @@ -41,6 +41,9 @@ #define NWEB_UID 3081 #define NWEB_GID 3081 #define NWEB_NAME "nwebspawn" +#define NATIVE_UID 3082 +#define NATIVE_GID 3082 +#define NATIVE_NAME "nativespawn" #define CAP_NUM 2 #define BITLEN32 32 @@ -93,3 +96,27 @@ pid_t NWebSpawnLaunch(void) APPSPAWN_LOGI("nwebspawn fork success pid: %{public}d", ret); return ret; } + +void NativeSpawnInit(void) +{ + APPSPAWN_LOGI("NativeSpawnInit"); +#ifdef WITH_SELINUX + int ret = setcon("u:r:nativespawn:s0"); + APPSPAWN_CHECK_ONLY_LOG(ret == 0, "Setcon failed, errno: %{public}d", errno); +#endif + pid_t pid = getpid(); + setpriority(PRIO_PROCESS, pid, 0); +#ifndef APPSPAWN_TEST + (void)prctl(PR_SET_NAME, NATIVE_NAME); +#endif +} + +pid_t NativeSpawnLaunch(void) +{ + pid_t pid = fork(); + if (pid == 0) { + NativeSpawnInit(); + } + APPSPAWN_LOGI("Nativespawn fork success pid: %{public}d", pid); + return pid; +} \ No newline at end of file diff --git a/test/moduletest/appspawn_client_test.cpp b/test/moduletest/appspawn_client_test.cpp index f5c2aad9..eedc2050 100644 --- a/test/moduletest/appspawn_client_test.cpp +++ b/test/moduletest/appspawn_client_test.cpp @@ -16,6 +16,7 @@ #include "appspawn.h" #include "appspawn_utils.h" #include "securec.h" +#include "appspawn_server.h" #include @@ -32,7 +33,7 @@ public: void TearDown() {} }; -static AppSpawnReqMsgHandle CreateMsg(AppSpawnClientHandle handle, const char *bundleName) +static AppSpawnReqMsgHandle CreateMsg(AppSpawnClientHandle handle, const char *bundleName, RunMode mode) { AppSpawnReqMsgHandle reqHandle = 0; int ret = AppSpawnReqMsgCreate(MSG_APP_SPAWN, bundleName, &reqHandle); @@ -52,6 +53,14 @@ static AppSpawnReqMsgHandle CreateMsg(AppSpawnClientHandle handle, const char *b APPSPAWN_CHECK(ret == 0, break, "Failed to add dac %{public}s", APPSPAWN_SERVER_NAME); AppSpawnReqMsgSetAppFlag(reqHandle, static_cast(10)); // 10 test + if (mode == MODE_FOR_NATIVE_SPAWN) { + AppSpawnReqMsgSetAppFlag(reqHandle, static_cast(23)); // 23 APP_FLAGS_ISOLATED_SANDBOX_TYPE + AppSpawnReqMsgSetAppFlag(reqHandle, static_cast(26)); // 26 APP_FLAGS_ISOLATED_NETWORK + } + + const char *apl = "normal"; + ret = AppSpawnReqMsgSetAppDomainInfo(reqHandle, 1, apl); + APPSPAWN_CHECK(ret == 0, break, "Failed to add domain %{public}s", APPSPAWN_SERVER_NAME); ret = AppSpawnReqMsgSetAppAccessToken(reqHandle, 12345678); // 12345678 APPSPAWN_CHECK(ret == 0, break, "Failed to add access token %{public}s", APPSPAWN_SERVER_NAME); @@ -85,7 +94,7 @@ HWTEST_F(AppSpawnClientTest, AppSpawn_Client_test001, TestSize.Level0) { AppSpawnClientHandle clientHandle = CreateClient(APPSPAWN_SERVER_NAME); ASSERT_EQ(clientHandle != NULL, 1); - AppSpawnReqMsgHandle reqHandle = CreateMsg(clientHandle, "ohos.samples.clock"); + AppSpawnReqMsgHandle reqHandle = CreateMsg(clientHandle, "ohos.samples.clock", MODE_FOR_APP_SPAWN); ASSERT_EQ(reqHandle != INVALID_REQ_HANDLE, 1); AppSpawnResult result = {}; @@ -95,5 +104,21 @@ HWTEST_F(AppSpawnClientTest, AppSpawn_Client_test001, TestSize.Level0) } AppSpawnClientDestroy(clientHandle); } + +HWTEST_F(AppSpawnClientTest, AppSpawn_Client_test002, TestSize.Level0) +{ + AppSpawnClientHandle clientHandle = CreateClient(NATIVESPAWN_SERVER_NAME); + ASSERT_EQ(clientHandle != NULL, 1); + AppSpawnReqMsgHandle reqHandle = CreateMsg(clientHandle, "ohos.samples.clock", MODE_FOR_NATIVE_SPAWN); + ASSERT_EQ(reqHandle != INVALID_REQ_HANDLE, 1); + + AppSpawnResult result = {}; + int ret = AppSpawnClientSendMsg(clientHandle, reqHandle, &result); + if (ret == 0 && result.pid > 0) { + kill(result.pid, SIGKILL); + } + AppSpawnClientDestroy(clientHandle); +} + } // namespace AppSpawn } // namespace OHOS diff --git a/test/moduletest/appspawn_test_cmder.cpp b/test/moduletest/appspawn_test_cmder.cpp index 87888176..0aed8552 100644 --- a/test/moduletest/appspawn_test_cmder.cpp +++ b/test/moduletest/appspawn_test_cmder.cpp @@ -88,7 +88,8 @@ static const char *APPSPAWN_TEST_USAGE = "usage: AppSpawnTest \n" " --thread xx use multi-thread to send message\n" " --type xx send msg type \n" " --pid xx render terminate pid\n" - " --mode nwebspawn send message to nwebspawn service\n"; + " --mode nwebspawn send message to nwebspawn service\n" + " --mode nativespawn send message to nativespawn service\n"; int AppSpawnTestCommander::ProcessArgs(int argc, char *const argv[]) { @@ -111,7 +112,13 @@ int AppSpawnTestCommander::ProcessArgs(int argc, char *const argv[]) sendMsg = 1; } else if (strcmp(argv[i], "--mode") == 0 && ((i + 1) < argc)) { i++; - appSpawn_ = strcmp(argv[i], "nwebspawn") == 0 ? 0 : 1; + if (strcmp(argv[i], "nwebspawn") == 0) { + appSpawn_ = 0; + } else if (strcmp(argv[i], "nativespawn") == 0) { + appSpawn_ = 2; + } else { + appSpawn_ = 1; + } sendMsg = 1; } else if (strcmp(argv[i], "--type") == 0 && ((i + 1) < argc)) { i++; @@ -380,7 +387,8 @@ int AppSpawnTestCommander::CreateMsg(AppSpawnReqMsgHandle &reqHandle, int AppSpawnTestCommander::SendMsg() { - const char *server = appSpawn_ ? APPSPAWN_SERVER_NAME : NWEBSPAWN_SERVER_NAME; + const char *server = appSpawn_ == 1 ? APPSPAWN_SERVER_NAME : (appSpawn_ == 2 ? NATIVESPAWN_SERVER_NAME : + NWEBSPAWN_SERVER_NAME); printf("Send msg to server '%s' \n", server); AppSpawnReqMsgHandle reqHandle = INVALID_REQ_HANDLE; int ret = 0; @@ -547,7 +555,8 @@ void AppSpawnTestCommander::DumpThread(ThreadTaskHandle handle, const ThreadCont int AppSpawnTestCommander::Run() { int ret = 0; - const char *name = appSpawn_ ? APPSPAWN_SERVER_NAME : NWEBSPAWN_SERVER_NAME; + const char *name = appSpawn_ == 1 ? APPSPAWN_SERVER_NAME : (appSpawn_ == 2 ? NATIVESPAWN_SERVER_NAME : + NWEBSPAWN_SERVER_NAME); if (clientHandle_ == NULL) { ret = AppSpawnClientInit(name, &clientHandle_); APPSPAWN_CHECK(ret == 0, return -1, "Failed to create client %{public}s", name); diff --git a/test/moduletest/appspawn_test_cmder.h b/test/moduletest/appspawn_test_cmder.h index 5ee553a0..5ebf494e 100644 --- a/test/moduletest/appspawn_test_cmder.h +++ b/test/moduletest/appspawn_test_cmder.h @@ -101,7 +101,7 @@ private: int ptyFd_{-1}; uint32_t dumpFlags : 1; uint32_t exit_ : 1; - uint32_t appSpawn_ : 1; + uint32_t appSpawn_ : 2; uint32_t msgType_; pid_t terminatePid_; uint32_t threadCount_{1}; diff --git a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp index ffb18bc7..58a5be7b 100644 --- a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp +++ b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp @@ -197,7 +197,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_10, TestSize.Level0) }"; nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test @@ -238,7 +238,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_13, TestSize.Level0) }"; nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl; g_testHelper.SetTestUid(1000); // 1000 test @@ -278,7 +278,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_14, TestSize.Level0) }"; nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl; @@ -322,7 +322,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_15, TestSize.Level0) }"; nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl; g_testHelper.SetTestUid(1000); // 1000 test @@ -357,7 +357,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_16, TestSize.Level0) }"; nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl; g_testHelper.SetTestUid(1000); // 1000 test @@ -390,7 +390,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_17, TestSize.Level0) \"individual\": [] \ }"; nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); std::string value; rc = JsonUtils::GetStringFromJson(j_config, "common", value); @@ -439,7 +439,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_20, TestSize.Level0) \"individual\": [] \ }"; nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test @@ -464,7 +464,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_20, TestSize.Level0) }] \ }"; nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config1); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config1, SANBOX_APP_JSON_CONFIG); OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty); DeleteAppSpawningCtx(appProperty); } @@ -485,7 +485,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_22, TestSize.Level0) \"individual\": [] \ }"; nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config1); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config1, SANBOX_APP_JSON_CONFIG); g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test @@ -1108,7 +1108,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_38, TestSize.Level0) }"; nlohmann::json p_config1 = nlohmann::json::parse(pJsconfig1.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(p_config1); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(p_config1, SANBOX_APP_JSON_CONFIG); std::string sandboxPackagePath = "/mnt/sandbox/100/"; const std::string bundleName = GetBundleName(appProperty); @@ -1206,7 +1206,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_41, TestSize.Level0) }"; nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); uint32_t cloneFlags = OHOS::AppSpawn::SandboxUtils::GetSandboxNsFlags(false); EXPECT_EQ(!!(cloneFlags & CLONE_NEWPID), true); @@ -1240,7 +1240,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_42, TestSize.Level0) nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); const char *mountPath = "mount-paths"; nlohmann::json j_secondConfig = j_config[mountPath][0]; - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); std::string fsType = OHOS::AppSpawn::SandboxUtils::GetSandboxFsType(j_secondConfig); int ret = strcmp(fsType.c_str(), "sharefs"); @@ -1273,7 +1273,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_43, TestSize.Level0) const char *mountPath = "mount-paths"; nlohmann::json j_secondConfig = j_config[mountPath][0]; - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); OHOS::AppSpawn::SandboxUtils::SandboxMountConfig mountConfig; std::string section = "common"; AppSpawningCtx *appProperty = GetTestAppProperty(); @@ -1307,7 +1307,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_44, TestSize.Level0) const char *mountPath = "mount-paths"; nlohmann::json j_secondConfig = j_config[mountPath][0]; - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); OHOS::AppSpawn::SandboxUtils::SandboxMountConfig mountConfig; std::string section = "permission"; AppSpawningCtx *appProperty = GetTestAppProperty(); @@ -1341,7 +1341,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_45, TestSize.Level0) const char *mountPath = "mount-paths"; nlohmann::json j_secondConfig = j_config[mountPath][0]; - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config); + OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); AppSpawningCtx *appProperty = GetTestAppProperty(); std::string options = OHOS::AppSpawn::SandboxUtils::GetSandboxOptions(appProperty, j_secondConfig); int ret = strcmp(options.c_str(), "support_overwrite=1,user_id=100"); diff --git a/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp b/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp index 34c36e9d..df94c953 100644 --- a/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp +++ b/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp @@ -88,15 +88,15 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_AppSpawnSandboxCfg_002, TestSize.Leve OH_ListAddTail(&sandbox->extData.node, &mgr->extData); // for appspawn - int ret = LoadAppSandboxConfig(sandbox, 0); + int ret = LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); EXPECT_EQ(ret, 0); - ret = LoadAppSandboxConfig(sandbox, 0); // 重复load + ret = LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); // 重复load EXPECT_EQ(ret, 0); DeleteAppSpawnSandbox(sandbox); DeleteAppSpawnMgr(mgr); - ret = LoadAppSandboxConfig(nullptr, 0); + ret = LoadAppSandboxConfig(nullptr, MODE_FOR_APP_SPAWN); EXPECT_NE(ret, 0); } @@ -111,23 +111,23 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_AppSpawnSandboxCfg_003, TestSize.Leve int ret = 0; #ifdef APPSPAWN_SANDBOX_NEW // for nwebspawn - ret = LoadAppSandboxConfig(sandbox, 1); + ret = LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN); EXPECT_EQ(ret, 0); - ret = LoadAppSandboxConfig(sandbox, 1); // 重复load + ret = LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN); // 重复load EXPECT_EQ(ret, 0); - ret = LoadAppSandboxConfig(sandbox, 2); // 重复load + ret = LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN); // 重复load EXPECT_EQ(ret, 0); #else // for nwebspawn - ret = LoadAppSandboxConfig(sandbox, 0); + ret = LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN); EXPECT_EQ(ret, 0); - ret = LoadAppSandboxConfig(sandbox, 0); // 重复load + ret = LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN); // 重复load EXPECT_EQ(ret, 0); #endif DeleteAppSpawnSandbox(sandbox); DeleteAppSpawnMgr(mgr); - ret = LoadAppSandboxConfig(nullptr, 1); + ret = LoadAppSandboxConfig(nullptr, MODE_FOR_NWEB_SPAWN); EXPECT_NE(ret, 0); }