openharmony/startup_appspawn
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_appspawn synced 2024-11-23 07:00:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

native进程孵化

Browse Source 
Signed-off-by: 王达 <wangda20@huawei.com>
This commit is contained in:
王达 2024-08-19 23:23:55 +08:00
parent 188d8c26d7
commit d47aae6b64
26 changed files with 493 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
appdata-sandbox-isolated.json Normal file
View File

@ -0,0 +1,122 @@
{
"common": [{
"top-sandbox-switch": "ON",
"app-base": [{
"sandbox-ns-flags" : [ "net" ],
"mount-paths" : [{
"src-path" : "/dev",
"sandbox-path" : "/dev",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/proc",
"sandbox-path" : "/proc",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/sys",
"sandbox-path" : "/sys",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/fonts",
"sandbox-path" : "/system/fonts",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/etc",
"sandbox-path" : "/system/etc",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/etc/hosts",
"sandbox-path" : "/data/service/el1/network/hosts_user/hosts",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/bin",
"sandbox-path" : "/system/bin",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib",
"sandbox-path" : "/system/lib",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib64",
"sandbox-path" : "/system/lib64",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/platformsdk",
"sandbox-path" : "/system/lib/platformsdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/ndk",
"sandbox-path" : "/system/lib/ndk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/module",
"sandbox-path" : "/system/lib/module",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/chipset-pub-sdk",
"sandbox-path" : "/system/lib/chipset-pub-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/chipset-sdk",
"sandbox-path" : "/system/lib/chipset-sdk",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/seccomp",
"sandbox-path" : "/system/lib/seccomp",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/extensionability",
"sandbox-path" : "/system/lib/extensionability",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/media",
"sandbox-path" : "/system/lib/media",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/system/lib/ld-musl-arm.so.1",
"sandbox-path" : "/system/lib/ld-musl-arm.so.1",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}, {
"src-path" : "/data/app/el1/bundle/public/",
"sandbox-path" : "/data/app/el1/bundle/public/",
"sandbox-flags" : [ "bind", "rec" ],
"check-action-status": "false"
}],
"symbol-links" : [{
"target-name" : "/system/etc",
"link-name" : "/etc",
"check-action-status": "false"
}, {
"target-name" : "/system/bin",
"link-name" : "/bin",
"check-action-status": "false"
}, {
"target-name" : "/system/lib",
"link-name" : "/lib",
"check-action-status": "false"
}, {
"target-name" : "/system/lib64",
"link-name" : "/lib64",
"check-action-status": "false"
}]
}]
}]
}

12
appspawn.cfg
View File

@ -55,6 +55,17 @@
"gid" : "nwebspawn",
"option" : [
]
},
{
"name" : "NativeSpawn",
"family" : "AF_LOCAL",
"type" : "SOCK_STREAM",
"protocol" : "default",
"permissions" : "0666",
"uid" : "root",
"gid" : "appspawn",
"option" : [
]
}],
"sandbox" : 0,
"start-mode" : "boot",
@ -66,4 +77,3 @@
}
]
}

24
common/appspawn_server.h
View File

@ -29,9 +29,33 @@ typedef enum {
MODE_FOR_NWEB_SPAWN,
MODE_FOR_APP_COLD_RUN,
MODE_FOR_NWEB_COLD_RUN,
MODE_FOR_NATIVE_SPAWN,
MODE_FOR_CJAPP_SPAWN,
MODE_INVALID
} RunMode;
typedef enum {
PROCESS_FOR_APP_SPAWN,
PROCESS_FOR_NWEB_SPAWN,
PROCESS_FOR_APP_COLD_RUN,
PROCESS_FOR_NWEB_COLD_RUN,
PROCESS_FOR_NATIVE_SPAWN,
PROCESS_FOR_NWEB_RESTART,
PROCESS_INVALID
} RunProcess;
typedef enum {
CJPROCESS_FOR_APP_SPAWN,
CJPROCESS_FOR_APP_COLD_RUN,
CJPROCESS_INVALID
} CJRunProcess;
typedef enum {
PROCESS_TYPE_APPSPAWN,
PROCESS_TYPE_CJAPPSPAWN,
PROCESS_TYPE_INVALID
} ProcessType;
typedef struct AppSpawnClient {
uint32_t id;
uint32_t flags; // Save negotiated flags

16
etc/BUILD.gn
View File

@ -28,6 +28,12 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
part_name = "${part_name}"
module_install_dir = "etc/sandbox"
}
ohos_prebuilt_etc("appdata-sandbox-isolated.json") {
source = "../appdata-sandbox-isolated.json"
part_name = "${part_name}"
module_install_dir = "etc/sandbox"
}
} else {
ohos_prebuilt_appdata_sandbox("appdata-sandbox.json") {
source = "../appdata-sandbox.json"
@ -43,6 +49,15 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
part_name = "${part_name}"
module_install_dir = "etc/sandbox"
}
ohos_prebuilt_appdata_sandbox("appdata-sandbox-isolated.json") {
source = "../appdata-sandbox-isolated.json"
patterns = []
extra_sandbox_cfgs = []
subsystem_name = "${subsystem_name}"
part_name = "${part_name}"
module_install_dir = "etc/sandbox"
}
}
ohos_prebuilt_etc("appspawn_preload.json") {
@ -54,6 +69,7 @@ ohos_prebuilt_etc("appspawn_preload.json") {
group("etc_files") {
deps = [
":appdata-sandbox.json",
":appdata-sandbox-isolated.json",
":appspawn_preload.json",
]
if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {

21
interfaces/innerkits/client/appspawn_client.c
View File

@ -91,8 +91,22 @@ APPSPAWN_STATIC void CloseClientSocket(int socketId)
APPSPAWN_STATIC int CreateClientSocket(uint32_t type, uint32_t timeout)
{
const char *socketName = type == CLIENT_FOR_APPSPAWN ? APPSPAWN_SOCKET_NAME :
(type == CLIENT_FOR_CJAPPSPAWN ? CJAPPSPAWN_SOCKET_NAME : NWEBSPAWN_SOCKET_NAME);
const char *socketName;
switch (type) {
case CLIENT_FOR_APPSPAWN:
socketName = APPSPAWN_SOCKET_NAME;
break;
case CLIENT_FOR_CJAPPSPAWN:
socketName = CJAPPSPAWN_SOCKET_NAME;
break;
case CLIENT_FOR_NATIVESPAWN:
socketName = NATIVESPAWN_SOCKET_NAME;
break;
default:
socketName = NWEBSPAWN_SOCKET_NAME;
break;
}
int socketFd = socket(AF_UNIX, SOCK_STREAM, 0); // SOCK_SEQPACKET
APPSPAWN_CHECK(socketFd >= 0, return -1,
@ -270,6 +284,9 @@ int AppSpawnClientInit(const char *serviceName, AppSpawnClientHandle *handle)
type = CLIENT_FOR_CJAPPSPAWN;
} else if (strcmp(serviceName, NWEBSPAWN_SERVER_NAME) == 0 || strstr(serviceName, NWEBSPAWN_SOCKET_NAME) != NULL) {
type = CLIENT_FOR_NWEBSPAWN;
} else if (strcmp(serviceName, NATIVESPAWN_SERVER_NAME) == 0 ||
strstr(serviceName, NATIVESPAWN_SOCKET_NAME) != NULL) {
type = CLIENT_FOR_NATIVESPAWN;
}
int ret = InitClientInstance(type);
APPSPAWN_CHECK(ret == 0, return APPSPAWN_SYSTEM_ERROR, "Failed to create reqMgr");

1
interfaces/innerkits/client/appspawn_client.h
View File

@ -46,6 +46,7 @@ typedef enum {
CLIENT_FOR_APPSPAWN,
CLIENT_FOR_NWEBSPAWN,
CLIENT_FOR_CJAPPSPAWN,
CLIENT_FOR_NATIVESPAWN,
CLIENT_MAX
} AppSpawnClientType;

6
interfaces/innerkits/include/appspawn.h
View File

@ -49,6 +49,7 @@ typedef void *AppSpawnClientHandle;
#define APPSPAWN_SERVER_NAME "appspawn"
#define CJAPPSPAWN_SERVER_NAME "cjappspawn"
#define NWEBSPAWN_RESTART "nwebRestart"
#define NATIVESPAWN_SERVER_NAME "nativespawn"
#pragma pack(4)
#define APP_MAX_GIDS 64
@ -175,6 +176,11 @@ typedef enum {
APP_FLAGS_CHILDPROCESS,
APP_FLAGS_HWASAN_ENABLED = 21,
APP_FLAGS_UBSAN_ENABLED = 22,
APP_FLAGS_ISOLATED_SANDBOX_TYPE,
APP_FLAGS_ISOLATED_SELINUX_LABEL,
APP_FLAGS_ISOLATED_SECCOMP_TYPE,
APP_FLAGS_ISOLATED_NETWORK,
APP_FLAGS_ISOLATED_DATAGROUP,
MAX_FLAGS_INDEX = 63,
} AppFlagsIndex;

2
modules/common/appspawn_adapter.cpp
View File

@ -48,7 +48,7 @@ int SetAppAccessToken(const AppSpawnMgr *content, const AppSpawningCtx *property
APPSPAWN_LOGV("AppSpawnServer::set access token %{public}" PRId64 " %{public}d",
tokenInfo->accessTokenIdEx, IsNWebSpawnMode(content));
if (IsNWebSpawnMode(content)) {
if (IsNWebSpawnMode(content) || IsNativeSpawnMode(content)) {
TokenIdKit tokenIdKit;
tokenId = tokenIdKit.GetRenderTokenID(tokenInfo->accessTokenIdEx);
} else {

1
modules/module_engine/include/appspawn_msg.h
View File

@ -30,6 +30,7 @@ extern "C" {
#define APPSPAWN_SOCKET_NAME "AppSpawn"
#define CJAPPSPAWN_SOCKET_NAME "CJAppSpawn"
#define KEEPALIVE_NAME "keepalive"
#define NATIVESPAWN_SOCKET_NAME "NativeSpawn"
#define APPSPAWN_ALIGN(len) (((len) + 0x03) & (~0x03))
#define APPSPAWN_TLV_NAME_LEN 32

1
modules/sandbox/appspawn_permission.h
View File

@ -27,6 +27,7 @@ extern "C" {
#define APP_SANDBOX_FILE_NAME "/appdata-sandbox.json"
#define WEB_SANDBOX_FILE_NAME "/appdata-sandbox-nweb.json"
#define ISOLATED_SANDBOX_FILE_NAME "/appdata-sandbox-isolated.json"
typedef struct TagSandboxQueue SandboxQueue;
typedef struct TagPermissionNode SandboxPermissionNode;

2
modules/sandbox/appspawn_sandbox.c
View File

@ -199,7 +199,7 @@ static int InitSandboxContext(SandboxContext *context,
context->message = property->message;
context->sandboxNsFlags = CLONE_NEWNS;
if (CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_SANDBOX)) {
if (CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_NETWORK)) {
context->sandboxNsFlags |= sandbox->sandboxNsFlags & CLONE_NEWNET ? CLONE_NEWNET : 0;
}

2
modules/sandbox/appspawn_sandbox.h
View File

@ -227,7 +227,7 @@ typedef struct {
AppSpawnSandboxCfg *CreateAppSpawnSandbox(void);
AppSpawnSandboxCfg *GetAppSpawnSandbox(const AppSpawnMgr *content);
void DeleteAppSpawnSandbox(AppSpawnSandboxCfg *sandbox);
int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, int nwebSpawn);
int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, RunMode mode);
void DumpAppSpawnSandboxCfg(AppSpawnSandboxCfg *sandbox);
/**

13
modules/sandbox/sandbox_load.c
View File

@ -661,10 +661,19 @@ APPSPAWN_STATIC int ParseAppSandboxConfig(const cJSON *root, ParseJsonContext *c
return ret;
}
int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, int nwebSpawn)
APPSPAWN_STATIC const char *GetSandboxNameByMode(RunMode mode)
{
if (mode == MODE_FOR_NATIVE_SPAWN) {
return ISOLATED_SANDBOX_FILE_NAME;
}
return APP_SANDBOX_FILE_NAME;
}
int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, RunMode mode)
{
APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return APPSPAWN_ARG_INVALID);
const char *sandboxName = nwebSpawn ? WEB_SANDBOX_FILE_NAME : APP_SANDBOX_FILE_NAME;
const char *sandboxName = GetSandboxNameByMode(mode);
if (sandbox->depGroupNodes != NULL) {
APPSPAWN_LOGW("Sandbox has been load");
return 0;

82
modules/sandbox/sandbox_utils.cpp
View File

@ -33,6 +33,7 @@
#include "appspawn_msg.h"
#include "appspawn_server.h"
#include "appspawn_service.h"
#include "appspawn_utils.h"
#include "config_policy_utils.h"
#include "init_param.h"
#include "parameter.h"
@ -62,6 +63,7 @@ namespace {
constexpr std::string_view APL_SYSTEM_CORE("system_core");
constexpr std::string_view APL_SYSTEM_BASIC("system_basic");
const std::string APP_JSON_CONFIG("/appdata-sandbox.json");
const std::string APP_ISOLATED_JSON_CONFIG("/appdata-sandbox-isolated.json");
const std::string g_physicalAppInstallPath = "/data/app/el1/bundle/public/";
const std::string g_sandboxGroupPath = "/data/storage/el2/group/";
const std::string g_sandboxHspInstallPath = "/data/storage/el1/bundle/";
@ -180,17 +182,17 @@ bool JsonUtils::GetStringFromJson(const nlohmann::json &json, const std::string
}
}
std::vector<nlohmann::json> SandboxUtils::appSandboxConfig_ = {};
std::map<SandboxConfigType, std::vector<nlohmann::json>> SandboxUtils::appSandboxConfig_ = {};
int32_t SandboxUtils::deviceTypeEnable_ = -1;
void SandboxUtils::StoreJsonConfig(nlohmann::json &appSandboxConfig)
void SandboxUtils::StoreJsonConfig(nlohmann::json &appSandboxConfig, SandboxConfigType type)
{
SandboxUtils::appSandboxConfig_.push_back(appSandboxConfig);
SandboxUtils::appSandboxConfig_[type].push_back(appSandboxConfig);
}
std::vector<nlohmann::json> &SandboxUtils::GetJsonConfig()
std::vector<nlohmann::json> &SandboxUtils::GetJsonConfig(SandboxConfigType type)
{
return SandboxUtils::appSandboxConfig_;
return SandboxUtils::appSandboxConfig_[type];
}
static void MakeDirRecursive(const std::string &path, mode_t mode)
@ -562,8 +564,9 @@ std::string SandboxUtils::GetSbxPathByConfig(const AppSpawningCtx *appProperty,
std::string sandboxRoot = "";
const std::string originSandboxPath = "/mnt/sandbox/<PackageName>";
std::string isolatedFlagText = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? "isolated/" : "";
const std::string defaultSandboxRoot = g_sandBoxDir + to_string(dacInfo->uid / UID_BASE) +
"/" + GetBundleName(appProperty);
"/" + isolatedFlagText.c_str() + GetBundleName(appProperty);
if (config.find(g_sandboxRootPrefix) != config.end()) {
sandboxRoot = config[g_sandboxRootPrefix].get<std::string>();
if (sandboxRoot == originSandboxPath) {
@ -934,7 +937,7 @@ int32_t SandboxUtils::DoSandboxFilePermissionBind(AppSpawningCtx *appProperty,
std::set<std::string> SandboxUtils::GetMountPermissionNames()
{
std::set<std::string> permissionSet;
for (auto& config : SandboxUtils::GetJsonConfig()) {
for (auto& config : SandboxUtils::GetJsonConfig(SANBOX_APP_JSON_CONFIG)) {
if (config.find(g_permissionPrefix) == config.end()) {
continue;
}
@ -1081,7 +1084,10 @@ int32_t SandboxUtils::SetRenderSandboxProperty(const AppSpawningCtx *appProperty
int32_t SandboxUtils::SetRenderSandboxPropertyNweb(const AppSpawningCtx *appProperty,
std::string &sandboxPackagePath)
{
for (auto& config : SandboxUtils::GetJsonConfig()) {
SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ?
SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG;
for (auto& config : SandboxUtils::GetJsonConfig(type)) {
nlohmann::json& privateAppConfig = config[g_privatePrefix][0];
if (privateAppConfig.find(g_ohosRender) != privateAppConfig.end()) {
int ret = DoAllMntPointsMount(appProperty, privateAppConfig[g_ohosRender][0], nullptr, g_ohosRender);
@ -1101,17 +1107,23 @@ int32_t SandboxUtils::SetRenderSandboxPropertyNweb(const AppSpawningCtx *appProp
int32_t SandboxUtils::SetPrivateAppSandboxProperty(const AppSpawningCtx *appProperty)
{
int ret = 0;
for (auto& config : SandboxUtils::GetJsonConfig()) {
SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ?
SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG;
for (auto& config : SandboxUtils::GetJsonConfig(type)) {
ret = SetPrivateAppSandboxProperty_(appProperty, config);
APPSPAWN_CHECK(ret == 0, return ret, "parse adddata-sandbox config failed");
}
return ret;
}
static bool GetSandboxPrivateSharedStatus(const string &bundleName)
static bool GetSandboxPrivateSharedStatus(const string &bundleName, AppSpawningCtx *appProperty)
{
bool result = false;
for (auto& config : SandboxUtils::GetJsonConfig()) {
SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ?
SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG;
for (auto& config : SandboxUtils::GetJsonConfig(type)) {
nlohmann::json& privateAppConfig = config[g_privatePrefix][0];
if (privateAppConfig.find(bundleName) != privateAppConfig.end() &&
privateAppConfig[bundleName][0].find(g_sandBoxShared) !=
@ -1129,7 +1141,10 @@ static bool GetSandboxPrivateSharedStatus(const string &bundleName)
int32_t SandboxUtils::SetPermissionAppSandboxProperty(AppSpawningCtx *appProperty)
{
int ret = 0;
for (auto& config : SandboxUtils::GetJsonConfig()) {
SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ?
SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG;
for (auto& config : SandboxUtils::GetJsonConfig(type)) {
ret = SetPermissionAppSandboxProperty_(appProperty, config);
APPSPAWN_CHECK(ret == 0, return ret, "parse adddata-sandbox config failed");
}
@ -1161,7 +1176,10 @@ int32_t SandboxUtils::SetCommonAppSandboxProperty(const AppSpawningCtx *appPrope
std::string &sandboxPackagePath)
{
int ret = 0;
for (auto& jsonConfig : SandboxUtils::GetJsonConfig()) {
SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ?
SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG;
for (auto& jsonConfig : SandboxUtils::GetJsonConfig(type)) {
ret = SetCommonAppSandboxProperty_(appProperty, jsonConfig);
APPSPAWN_CHECK(ret == 0, return ret,
"parse appdata config for common failed, %{public}s", sandboxPackagePath.c_str());
@ -1330,7 +1348,7 @@ uint32_t SandboxUtils::GetSandboxNsFlags(bool isNweb)
return nsFlags;
}
for (auto& config : SandboxUtils::GetJsonConfig()) {
for (auto& config : SandboxUtils::GetJsonConfig(SANBOX_APP_JSON_CONFIG)) {
if (isNweb) {
nlohmann::json& privateAppConfig = config[g_privatePrefix][0];
if (privateAppConfig.find(g_ohosRender) == privateAppConfig.end()) {
@ -1371,7 +1389,10 @@ bool SandboxUtils::CheckBundleNameForPrivate(const std::string &bundleName)
bool SandboxUtils::CheckTotalSandboxSwitchStatus(const AppSpawningCtx *appProperty)
{
for (auto& wholeConfig : SandboxUtils::GetJsonConfig()) {
SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ?
SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG;
for (auto& wholeConfig : SandboxUtils::GetJsonConfig(type)) {
if (wholeConfig.find(g_commonPrefix) == wholeConfig.end()) {
continue;
}
@ -1392,7 +1413,10 @@ bool SandboxUtils::CheckTotalSandboxSwitchStatus(const AppSpawningCtx *appProper
bool SandboxUtils::CheckAppSandboxSwitchStatus(const AppSpawningCtx *appProperty)
{
bool rc = true;
for (auto& wholeConfig : SandboxUtils::GetJsonConfig()) {
SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ?
SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG;
for (auto& wholeConfig : SandboxUtils::GetJsonConfig(type)) {
if (wholeConfig.find(g_privatePrefix) == wholeConfig.end()) {
continue;
}
@ -1584,8 +1608,10 @@ int32_t SandboxUtils::SetAppSandboxProperty(AppSpawningCtx *appProperty, uint32_
std::string sandboxPackagePath = g_sandBoxRootDir + to_string(dacInfo->uid / UID_BASE) + "/";
const std::string bundleName = GetBundleName(appProperty);
bool sandboxSharedStatus = GetSandboxPrivateSharedStatus(bundleName) || (CheckAppPermissionFlagSet(appProperty,
static_cast<uint32_t>(GetPermissionIndex(nullptr, ACCESS_DLP_FILE_MODE.c_str()))) != 0);
bool sandboxSharedStatus = GetSandboxPrivateSharedStatus(bundleName, appProperty) ||
(CheckAppPermissionFlagSet(appProperty, static_cast<uint32_t>(GetPermissionIndex(nullptr,
ACCESS_DLP_FILE_MODE.c_str()))) != 0);
sandboxPackagePath += CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? "isolated/" : "";
sandboxPackagePath += bundleName;
MakeDirRecursive(sandboxPackagePath.c_str(), FILE_MODE);
@ -1624,7 +1650,7 @@ int32_t SandboxUtils::SetAppSandboxPropertyNweb(AppSpawningCtx *appProperty, uin
}
std::string sandboxPackagePath = g_sandBoxRootDirNweb;
const std::string bundleName = GetBundleName(appProperty);
bool sandboxSharedStatus = GetSandboxPrivateSharedStatus(bundleName);
bool sandboxSharedStatus = GetSandboxPrivateSharedStatus(bundleName, appProperty);
sandboxPackagePath += bundleName;
MakeDirRecursive(sandboxPackagePath.c_str(), FILE_MODE);
@ -1705,11 +1731,17 @@ int LoadAppSandboxConfig(AppSpawnMgr *content)
continue;
}
std::string path = files->paths[i];
path += OHOS::AppSpawn::APP_JSON_CONFIG;
APPSPAWN_LOGI("LoadAppSandboxConfig %{public}s", path.c_str());
rc = OHOS::AppSpawn::JsonUtils::GetJsonObjFromJson(appSandboxConfig, path);
APPSPAWN_CHECK(rc, continue, "Failed to load app data sandbox config %{public}s", path.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(appSandboxConfig);
std::string appPath = path + OHOS::AppSpawn::APP_JSON_CONFIG;
APPSPAWN_LOGI("LoadAppSandboxConfig %{public}s", appPath.c_str());
rc = OHOS::AppSpawn::JsonUtils::GetJsonObjFromJson(appSandboxConfig, appPath);
APPSPAWN_CHECK(rc, continue, "Failed to load app data sandbox config %{public}s", appPath.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(appSandboxConfig, SANBOX_APP_JSON_CONFIG);
std::string isolatedPath = path + OHOS::AppSpawn::APP_ISOLATED_JSON_CONFIG;
APPSPAWN_LOGI("LoadAppSandboxConfig %{public}s", isolatedPath.c_str());
rc = OHOS::AppSpawn::JsonUtils::GetJsonObjFromJson(appSandboxConfig, isolatedPath);
APPSPAWN_CHECK(rc, continue, "Failed to load app data sandbox config %{public}s", isolatedPath.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(appSandboxConfig, SANBOX_ISOLATED_JSON_CONFIG);
}
FreeCfgFiles(files);
bool isNweb = IsNWebSpawnMode(content);
@ -1736,7 +1768,7 @@ int32_t SetAppSandboxProperty(AppSpawnMgr *content, AppSpawningCtx *property)
}
}
uint32_t sandboxNsFlags = CLONE_NEWNS;
if (CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX)) {
if (CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_NETWORK)) {
sandboxNsFlags |= content->content.sandboxNsFlags & CLONE_NEWNET ? CLONE_NEWNET : 0;
}
APPSPAWN_LOGV("SetAppSandboxProperty sandboxNsFlags 0x%{public}x", sandboxNsFlags);

11
modules/sandbox/sandbox_utils.h
View File

@ -26,12 +26,17 @@
#include "appspawn_server.h"
#include "appspawn_manager.h"
typedef enum {
SANBOX_APP_JSON_CONFIG,
SANBOX_ISOLATED_JSON_CONFIG
} SandboxConfigType;
namespace OHOS {
namespace AppSpawn {
class SandboxUtils {
public:
static void StoreJsonConfig(nlohmann::json &appSandboxConfig);
static std::vector<nlohmann::json> &GetJsonConfig();
static void StoreJsonConfig(nlohmann::json &appSandboxConfig, SandboxConfigType type);
static std::vector<nlohmann::json> &GetJsonConfig(SandboxConfigType type);
static int32_t SetAppSandboxProperty(AppSpawningCtx *client, uint32_t sandboxNsFlags = CLONE_NEWNS);
static int32_t SetAppSandboxPropertyNweb(AppSpawningCtx *client, uint32_t sandboxNsFlags = CLONE_NEWNS);
static uint32_t GetSandboxNsFlags(bool isNweb);
@ -115,7 +120,7 @@ private:
const std::string &section, std::string sandboxRoot);
static void GetSandboxMountConfig(const AppSpawningCtx *appProperty, const std::string &section,
nlohmann::json &mntPoint,SandboxMountConfig &mountConfig);
static std::vector<nlohmann::json> appSandboxConfig_;
static std::map<SandboxConfigType, std::vector<nlohmann::json>> appSandboxConfig_;
static int32_t deviceTypeEnable_;
};
class JsonUtils {

2
service/hnp/README_zh.md
View File

@ -74,7 +74,7 @@ HAP工程根目录
## 3 Native软件包的使用方法
### 3.1 在hap应用中访问Native二进制
以c++语言为例可以在hap应用代码中通过system、execv等函数执行二进制。默认公有hnp包软链接路径为/data/service/hnp/bin默认私有hnp包软链接路径为/data/app/bin默认软链接路径已加入环境变量中。
### 3.1 hdc shell执行方法
### 3.2 hdc shell执行方法
**操作步骤:**
1. 从应用市场下载Native软件包hap应用并安装。

108
standard/appspawn_main.c
View File

@ -27,6 +27,22 @@
#define APPSPAWN_PRELOAD "libappspawn_helper.z.so"
static AppSpawnStartArgTemplate g_appSpawnStartArgTemplate[PROCESS_INVALID] = {
{APPSPAWN_SERVER_NAME, {MODE_FOR_APP_SPAWN, MODULE_APPSPAWN, APPSPAWN_SOCKET_NAME, APPSPAWN_SERVER_NAME, 1}},
{NWEBSPAWN_SERVER_NAME, {MODE_FOR_NWEB_SPAWN, MODULE_NWEBSPAWN, NWEBSPAWN_SOCKET_NAME, NWEBSPAWN_SERVER_NAME, 1}},
{"app_cold", {MODE_FOR_APP_COLD_RUN, MODULE_APPSPAWN, APPSPAWN_SOCKET_NAME, APPSPAWN_SERVER_NAME, 0}},
{"nweb_cold", {MODE_FOR_NWEB_COLD_RUN, MODULE_NWEBSPAWN, APPSPAWN_SOCKET_NAME, NWEBSPAWN_SERVER_NAME, 0}},
{NATIVESPAWN_SERVER_NAME, {MODE_FOR_NATIVE_SPAWN, MODULE_APPSPAWN, NATIVESPAWN_SOCKET_NAME,
NATIVESPAWN_SERVER_NAME, 1}},
{NWEBSPAWN_RESTART, {MODE_FOR_NWEB_SPAWN, MODULE_NWEBSPAWN, NWEBSPAWN_SOCKET_NAME, NWEBSPAWN_SERVER_NAME, 1}},
};
static AppSpawnStartArgTemplate g_appCJSpawnStartArgTemplate[CJPROCESS_INVALID] = {
{CJAPPSPAWN_SERVER_NAME, {MODE_FOR_CJAPP_SPAWN, MODULE_APPSPAWN, CJAPPSPAWN_SOCKET_NAME, CJAPPSPAWN_SERVER_NAME,
1}},
{"app_cold", {MODE_FOR_APP_COLD_RUN, MODULE_APPSPAWN, CJAPPSPAWN_SOCKET_NAME, CJAPPSPAWN_SERVER_NAME, 0}},
};
static void CheckPreload(char *const argv[])
{
char buf[256] = APPSPAWN_PRELOAD; // 256 is enough in most cases
@ -58,6 +74,27 @@ static void CheckPreload(char *const argv[])
APPSPAWN_LOGE("execv fail: %{public}s: %{public}d: %{public}d", buf, errno, ret);
}
static AppSpawnStartArgTemplate *GetAppSpawnStartArg(const char *serverName, ProcessType type)
{
if (type == PROCESS_TYPE_APPSPAWN) {
for (uint32_t i = 0; i < ARRAY_LENGTH(g_appSpawnStartArgTemplate); i++) {
if (strcmp(serverName, g_appSpawnStartArgTemplate[i].serverName) == 0) {
return &g_appSpawnStartArgTemplate[i];
}
}
return &g_appSpawnStartArgTemplate[PROCESS_FOR_APP_SPAWN];
} else {
for (uint32_t i = 0; i < ARRAY_LENGTH(g_appCJSpawnStartArgTemplate); i++) {
if (strcmp(serverName, g_appCJSpawnStartArgTemplate[i].serverName) == 0) {
return &g_appCJSpawnStartArgTemplate[i];
}
}
return &g_appCJSpawnStartArgTemplate[CJPROCESS_FOR_APP_SPAWN];
}
}
// appspawn -mode appspawn | cold | nwebspawn -param app_property -fd clientFd
int main(int argc, char *const argv[])
{
@ -74,59 +111,34 @@ int main(int argc, char *const argv[])
CheckPreload(argv);
(void)signal(SIGPIPE, SIG_IGN);
uint32_t argvSize = end - start;
AppSpawnStartArg arg = {};
#ifndef CJAPP_SPAWN
arg.mode = MODE_FOR_APP_SPAWN;
arg.socketName = APPSPAWN_SOCKET_NAME;
arg.serviceName = APPSPAWN_SERVER_NAME;
arg.moduleType = MODULE_APPSPAWN;
arg.initArg = 1;
if (argc <= MODE_VALUE_INDEX) { // appspawn start
arg.mode = MODE_FOR_APP_SPAWN;
} else if (strcmp(argv[MODE_VALUE_INDEX], "app_cold") == 0) { // cold start
APPSPAWN_CHECK(argc >= ARG_NULL, return 0, "Invalid arg for cold start %{public}d", argc);
arg.mode = MODE_FOR_APP_COLD_RUN;
arg.initArg = 0;
} else if (strcmp(argv[MODE_VALUE_INDEX], "nweb_cold") == 0) { // cold start
APPSPAWN_CHECK(argc >= ARG_NULL, return 0, "Invalid arg for cold start %{public}d", argc);
arg.mode = MODE_FOR_NWEB_COLD_RUN;
arg.moduleType = MODULE_NWEBSPAWN;
arg.serviceName = NWEBSPAWN_SERVER_NAME;
arg.initArg = 0;
} else if (strcmp(argv[MODE_VALUE_INDEX], NWEBSPAWN_SERVER_NAME) == 0) { // nweb spawn start
APPSPAWN_CHECK(argvSize >= APP_LEN_PROC_NAME,
return 0, "Invalid arg size for service %{public}s", arg.serviceName);
arg.mode = MODE_FOR_NWEB_SPAWN;
arg.moduleType = MODULE_NWEBSPAWN;
arg.socketName = NWEBSPAWN_SOCKET_NAME;
arg.serviceName = NWEBSPAWN_SERVER_NAME;
} else if (strcmp(argv[MODE_VALUE_INDEX], NWEBSPAWN_RESTART) == 0) { // nweb spawn restart
APPSPAWN_CHECK_ONLY_EXPER(argvSize >= APP_LEN_PROC_NAME, argvSize = APP_LEN_PROC_NAME);
arg.mode = MODE_FOR_NWEB_SPAWN;
arg.moduleType = MODULE_NWEBSPAWN;
arg.socketName = NWEBSPAWN_SOCKET_NAME;
arg.serviceName = NWEBSPAWN_SERVER_NAME;
} else {
APPSPAWN_CHECK(argvSize >= APP_LEN_PROC_NAME,
return 0, "Invalid arg size for service %{public}s", arg.serviceName);
AppSpawnStartArg *arg;
AppSpawnStartArgTemplate *argTemp = NULL;
#ifdef CJAPP_SPAWN
argTemp = &g_appCJSpawnStartArgTemplate[CJPROCESS_FOR_APP_SPAWN];
if (argc > MODE_VALUE_INDEX) {
argTemp = GetAppSpawnStartArg(argv[MODE_VALUE_INDEX], PROCESS_TYPE_CJAPPSPAWN);
}
AppSpawnContent *content = StartSpawnService(&arg, argvSize, argc, argv);
#else
arg.mode = MODE_FOR_APP_SPAWN;
arg.socketName = CJAPPSPAWN_SOCKET_NAME;
arg.serviceName = CJAPPSPAWN_SERVER_NAME;
arg.moduleType = MODULE_APPSPAWN;
arg.initArg = 1;
// cold start in cjappspawn is for ide-sanitizers (asan/tsan/hwasan)
if (strcmp(argv[MODE_VALUE_INDEX], "app_cold") == 0) { // cold start
APPSPAWN_CHECK(argc >= ARG_NULL, return 0, "Invalid arg for cold start %{public}d", argc);
arg.mode = MODE_FOR_APP_COLD_RUN;
arg.initArg = 0;
argTemp = &g_appSpawnStartArgTemplate[PROCESS_FOR_APP_SPAWN];
if (argc > MODE_VALUE_INDEX) {
argTemp = GetAppSpawnStartArg(argv[MODE_VALUE_INDEX], PROCESS_TYPE_APPSPAWN);
}
AppSpawnContent *content = StartCJSpawnService(&arg, argvSize, argc, argv);
#endif
arg = &argTemp->arg;
if (arg->initArg == 0) {
APPSPAWN_CHECK(argc >= ARG_NULL, return 0, "Invalid arg for cold start %{public}d", argc);
} else {
if (strcmp(argTemp->serverName, NWEBSPAWN_RESTART) == 0) { // nweb spawn restart
APPSPAWN_CHECK_ONLY_EXPER(argvSize >= APP_LEN_PROC_NAME, argvSize = APP_LEN_PROC_NAME);
} else {
APPSPAWN_CHECK(argvSize >= APP_LEN_PROC_NAME, return 0, "Invalid arg size for service %{public}s",
arg->serviceName);
}
}
AppSpawnContent *content = StartSpawnService(arg, argvSize, argc, argv);
if (content != NULL) {
if (arg.moduleType == MODULE_APPSPAWN) {
if (arg->moduleType == MODULE_APPSPAWN) {
AppSpawnKickDogStart(content);
}
content->runAppSpawn(content, argc, argv);

5
standard/appspawn_manager.h
View File

@ -187,6 +187,11 @@ APPSPAWN_INLINE int IsNWebSpawnMode(const AppSpawnMgr *content)
(content->content.mode == MODE_FOR_NWEB_SPAWN || content->content.mode == MODE_FOR_NWEB_COLD_RUN);
}
APPSPAWN_INLINE int IsNativeSpawnMode(const AppSpawnMgr *content)
{
return (content != NULL) && (content->content.mode == MODE_FOR_NATIVE_SPAWN);
}
APPSPAWN_INLINE int IsColdRunMode(const AppSpawnMgr *content)
{
return (content != NULL) &&

92
standard/appspawn_service.c
View File

@ -117,6 +117,16 @@ static void StopAppSpawn(void)
OH_ListInit(&appInfo->node);
free(appInfo);
}
// delete nativespawn, and wait exit. Otherwise, the process of nativespawn spawning will become zombie
appInfo = GetSpawnedProcessByName(NATIVESPAWN_SERVER_NAME);
if (appInfo != NULL) {
APPSPAWN_LOGI("kill %{public}s pid: %{public}d", appInfo->name, appInfo->pid);
int exitStatus = 0;
KillAndWaitStatus(appInfo->pid, SIGTERM, &exitStatus);
OH_ListRemove(&appInfo->node);
OH_ListInit(&appInfo->node);
free(appInfo);
}
TraversalSpawnedProcess(AppQueueDestroyProc, NULL);
APPSPAWN_LOGI("StopAppSpawn ");
#ifdef APPSPAWN_HISYSEVENT
@ -962,25 +972,54 @@ AppSpawnContent *AppSpawnCreateContent(const char *socketName, char *longProcNam
return &appSpawnContent->content;
}
#ifndef CJAPP_SPAWN
APPSPAWN_STATIC void AppSpawnArgSet(RunMode mode, AppSpawnStartArg *arg)
{
if (mode == MODE_FOR_NWEB_SPAWN) {
arg->socketName = NWEBSPAWN_SOCKET_NAME;
arg->serviceName = NWEBSPAWN_SERVER_NAME;
arg->moduleType = MODULE_NWEBSPAWN;
arg->mode = MODE_FOR_NWEB_SPAWN;
arg->initArg = 1;
} else if (mode == MODE_FOR_NATIVE_SPAWN) {
arg->socketName = NATIVESPAWN_SOCKET_NAME;
arg->serviceName = NATIVESPAWN_SERVER_NAME;
arg->moduleType = MODULE_APPSPAWN;
arg->mode = MODE_FOR_NATIVE_SPAWN;
arg->initArg = 1;
}
return;
}
APPSPAWN_STATIC void AppSpawnStartServiceEnd(pid_t nwebSpawnPid, pid_t NativeSpawnPid)
{
AddSpawnedProcess(nwebSpawnPid, NWEBSPAWN_SERVER_NAME);
AddSpawnedProcess(NativeSpawnPid, NATIVESPAWN_SERVER_NAME);
SetParameter("bootevent.appspawn.started", "true");
}
AppSpawnContent *StartSpawnService(const AppSpawnStartArg *startArg, uint32_t argvSize, int argc, char *const argv[])
{
APPSPAWN_CHECK(startArg != NULL && argv != NULL, return NULL, "Invalid start arg");
pid_t pid = 0;
pid_t NativeSpawnPid = 0;
AppSpawnStartArg *arg = (AppSpawnStartArg *)startArg;
APPSPAWN_LOGV("Start appspawn argvSize %{public}d mode %{public}d service %{public}s",
argvSize, arg->mode, arg->serviceName);
if (arg->mode == MODE_FOR_APP_SPAWN) {
pid = NWebSpawnLaunch();
if (pid == 0) {
arg->socketName = NWEBSPAWN_SOCKET_NAME;
arg->serviceName = NWEBSPAWN_SERVER_NAME;
arg->moduleType = MODULE_NWEBSPAWN;
arg->mode = MODE_FOR_NWEB_SPAWN;
arg->initArg = 1;
AppSpawnArgSet(MODE_FOR_NWEB_SPAWN, arg);
} else {
NativeSpawnPid = NativeSpawnLaunch();
if (NativeSpawnPid == 0) {
AppSpawnArgSet(MODE_FOR_NATIVE_SPAWN, arg);
}
}
} else if (arg->mode == MODE_FOR_NWEB_SPAWN && getuid() == 0) {
NWebSpawnInit();
} else if (arg->mode == MODE_FOR_NATIVE_SPAWN && getuid() == 0) {
NativeSpawnInit();
}
if (arg->initArg) {
int ret = memset_s(argv[0], argvSize, 0, (size_t)argvSize);
@ -1007,12 +1046,10 @@ AppSpawnContent *StartSpawnService(const AppSpawnStartArg *startArg, uint32_t ar
#endif
AddAppSpawnHook(STAGE_CHILD_PRE_RUN, HOOK_PRIO_LOWEST, AppSpawnClearEnv);
if (arg->mode == MODE_FOR_APP_SPAWN) {
AddSpawnedProcess(pid, NWEBSPAWN_SERVER_NAME);
SetParameter("bootevent.appspawn.started", "true");
AppSpawnStartServiceEnd(pid, NativeSpawnPid);
}
return content;
}
#endif
static AppSpawnMsgNode *ProcessSpawnBegetctlMsg(AppSpawnConnection *connection, AppSpawnMsgNode *message)
{
@ -1212,40 +1249,3 @@ static void ProcessRecvMsg(AppSpawnConnection *connection, AppSpawnMsgNode *mess
break;
}
}
// To support cjappspawn
#ifdef CJAPP_SPAWN
AppSpawnContent *StartCJSpawnService(const AppSpawnStartArg *startArg, uint32_t argvSize, int argc, char *const argv[])
{
APPSPAWN_LOGI("Start CJ Spawn Service ...");
APPSPAWN_CHECK(startArg != NULL && argv != NULL, return NULL, "Invalid start arg");
AppSpawnStartArg *arg = (AppSpawnStartArg *)startArg;
APPSPAWN_LOGV("Start appspawn argvSize %{public}d mode %{public}d service %{public}s",
argvSize, arg->mode, arg->serviceName);
if (arg->initArg) {
int ret = memset_s(argv[0], argvSize, 0, (size_t)argvSize);
APPSPAWN_CHECK(ret == EOK, return NULL, "Failed to memset argv[0]");
ret = strncpy_s(argv[0], argvSize, arg->serviceName, strlen(arg->serviceName));
APPSPAWN_CHECK(ret == EOK, return NULL, "Failed to copy service name %{public}s", arg->serviceName);
}
// load module appspawn/common
AppSpawnLoadAutoRunModules(MODULE_COMMON);
AppSpawnModuleMgrInstall(ASAN_MODULE_PATH);
APPSPAWN_CHECK(LE_GetDefaultLoop() != NULL, return NULL, "Invalid default loop");
AppSpawnContent *content = AppSpawnCreateContent(arg->socketName, argv[0], argvSize, arg->mode);
APPSPAWN_CHECK(content != NULL, return NULL, "Failed to create content for %{public}s", arg->socketName);
AppSpawnLoadAutoRunModules(arg->moduleType); // load corresponding plugin according to startup mode
int ret = ServerStageHookExecute(STAGE_SERVER_PRELOAD, content); // Preload, prase the sandbox
APPSPAWN_CHECK(ret == 0, AppSpawnDestroyContent(content);
return NULL, "Failed to prepare load %{public}s result: %{public}d", arg->serviceName, ret);
#ifndef APPSPAWN_TEST
APPSPAWN_CHECK(content->runChildProcessor != NULL, AppSpawnDestroyContent(content);
return NULL, "No child processor %{public}s result: %{public}d", arg->serviceName, ret);
#endif
AddAppSpawnHook(STAGE_CHILD_PRE_RUN, HOOK_PRIO_LOWEST, AppSpawnClearEnv);
return content;
}
#endif

7
standard/appspawn_service.h
View File

@ -64,8 +64,15 @@ typedef struct TagAppSpawnStartArg {
uint32_t initArg : 1;
} AppSpawnStartArg;
typedef struct {
char *serverName;
AppSpawnStartArg arg;
} AppSpawnStartArgTemplate;
pid_t NWebSpawnLaunch(void);
void NWebSpawnInit(void);
pid_t NativeSpawnLaunch(void);
void NativeSpawnInit(void);
AppSpawnContent *StartSpawnService(const AppSpawnStartArg *arg, uint32_t argvSize, int argc, char *const argv[]);
#ifdef CJAPP_SPAWN
AppSpawnContent *StartCJSpawnService(const AppSpawnStartArg *arg, uint32_t argvSize, int argc, char *const argv[]);

27
standard/nwebspawn_launcher.c
View File

@ -41,6 +41,9 @@
#define NWEB_UID 3081
#define NWEB_GID 3081
#define NWEB_NAME "nwebspawn"
#define NATIVE_UID 3082
#define NATIVE_GID 3082
#define NATIVE_NAME "nativespawn"
#define CAP_NUM 2
#define BITLEN32 32
@ -93,3 +96,27 @@ pid_t NWebSpawnLaunch(void)
APPSPAWN_LOGI("nwebspawn fork success pid: %{public}d", ret);
return ret;
}
void NativeSpawnInit(void)
{
APPSPAWN_LOGI("NativeSpawnInit");
#ifdef WITH_SELINUX
int ret = setcon("u:r:nativespawn:s0");
APPSPAWN_CHECK_ONLY_LOG(ret == 0, "Setcon failed, errno: %{public}d", errno);
#endif
pid_t pid = getpid();
setpriority(PRIO_PROCESS, pid, 0);
#ifndef APPSPAWN_TEST
(void)prctl(PR_SET_NAME, NATIVE_NAME);
#endif
}
pid_t NativeSpawnLaunch(void)
{
pid_t pid = fork();
if (pid == 0) {
NativeSpawnInit();
}
APPSPAWN_LOGI("Nativespawn fork success pid: %{public}d", pid);
return pid;
}

29
test/moduletest/appspawn_client_test.cpp
View File

@ -16,6 +16,7 @@
#include "appspawn.h"
#include "appspawn_utils.h"
#include "securec.h"
#include "appspawn_server.h"
#include <gtest/gtest.h>
@ -32,7 +33,7 @@ public:
void TearDown() {}
};
static AppSpawnReqMsgHandle CreateMsg(AppSpawnClientHandle handle, const char *bundleName)
static AppSpawnReqMsgHandle CreateMsg(AppSpawnClientHandle handle, const char *bundleName, RunMode mode)
{
AppSpawnReqMsgHandle reqHandle = 0;
int ret = AppSpawnReqMsgCreate(MSG_APP_SPAWN, bundleName, &reqHandle);
@ -52,6 +53,14 @@ static AppSpawnReqMsgHandle CreateMsg(AppSpawnClientHandle handle, const char *b
APPSPAWN_CHECK(ret == 0, break, "Failed to add dac %{public}s", APPSPAWN_SERVER_NAME);
AppSpawnReqMsgSetAppFlag(reqHandle, static_cast<AppFlagsIndex>(10)); // 10 test
if (mode == MODE_FOR_NATIVE_SPAWN) {
AppSpawnReqMsgSetAppFlag(reqHandle, static_cast<AppFlagsIndex>(23)); // 23 APP_FLAGS_ISOLATED_SANDBOX_TYPE
AppSpawnReqMsgSetAppFlag(reqHandle, static_cast<AppFlagsIndex>(26)); // 26 APP_FLAGS_ISOLATED_NETWORK
}
const char *apl = "normal";
ret = AppSpawnReqMsgSetAppDomainInfo(reqHandle, 1, apl);
APPSPAWN_CHECK(ret == 0, break, "Failed to add domain %{public}s", APPSPAWN_SERVER_NAME);
ret = AppSpawnReqMsgSetAppAccessToken(reqHandle, 12345678); // 12345678
APPSPAWN_CHECK(ret == 0, break, "Failed to add access token %{public}s", APPSPAWN_SERVER_NAME);
@ -85,7 +94,7 @@ HWTEST_F(AppSpawnClientTest, AppSpawn_Client_test001, TestSize.Level0)
{
AppSpawnClientHandle clientHandle = CreateClient(APPSPAWN_SERVER_NAME);
ASSERT_EQ(clientHandle != NULL, 1);
AppSpawnReqMsgHandle reqHandle = CreateMsg(clientHandle, "ohos.samples.clock");
AppSpawnReqMsgHandle reqHandle = CreateMsg(clientHandle, "ohos.samples.clock", MODE_FOR_APP_SPAWN);
ASSERT_EQ(reqHandle != INVALID_REQ_HANDLE, 1);
AppSpawnResult result = {};
@ -95,5 +104,21 @@ HWTEST_F(AppSpawnClientTest, AppSpawn_Client_test001, TestSize.Level0)
}
AppSpawnClientDestroy(clientHandle);
}
HWTEST_F(AppSpawnClientTest, AppSpawn_Client_test002, TestSize.Level0)
{
AppSpawnClientHandle clientHandle = CreateClient(NATIVESPAWN_SERVER_NAME);
ASSERT_EQ(clientHandle != NULL, 1);
AppSpawnReqMsgHandle reqHandle = CreateMsg(clientHandle, "ohos.samples.clock", MODE_FOR_NATIVE_SPAWN);
ASSERT_EQ(reqHandle != INVALID_REQ_HANDLE, 1);
AppSpawnResult result = {};
int ret = AppSpawnClientSendMsg(clientHandle, reqHandle, &result);
if (ret == 0 && result.pid > 0) {
kill(result.pid, SIGKILL);
}
AppSpawnClientDestroy(clientHandle);
}
} // namespace AppSpawn
} // namespace OHOS

17
test/moduletest/appspawn_test_cmder.cpp
View File

@ -88,7 +88,8 @@ static const char *APPSPAWN_TEST_USAGE = "usage: AppSpawnTest <options> \n"
" --thread xx use multi-thread to send message\n"
" --type xx send msg type \n"
" --pid xx render terminate pid\n"
" --mode nwebspawn send message to nwebspawn service\n";
" --mode nwebspawn send message to nwebspawn service\n"
" --mode nativespawn send message to nativespawn service\n";
int AppSpawnTestCommander::ProcessArgs(int argc, char *const argv[])
{
@ -111,7 +112,13 @@ int AppSpawnTestCommander::ProcessArgs(int argc, char *const argv[])
sendMsg = 1;
} else if (strcmp(argv[i], "--mode") == 0 && ((i + 1) < argc)) {
i++;
appSpawn_ = strcmp(argv[i], "nwebspawn") == 0 ? 0 : 1;
if (strcmp(argv[i], "nwebspawn") == 0) {
appSpawn_ = 0;
} else if (strcmp(argv[i], "nativespawn") == 0) {
appSpawn_ = 2;
} else {
appSpawn_ = 1;
}
sendMsg = 1;
} else if (strcmp(argv[i], "--type") == 0 && ((i + 1) < argc)) {
i++;
@ -380,7 +387,8 @@ int AppSpawnTestCommander::CreateMsg(AppSpawnReqMsgHandle &reqHandle,
int AppSpawnTestCommander::SendMsg()
{
const char *server = appSpawn_ ? APPSPAWN_SERVER_NAME : NWEBSPAWN_SERVER_NAME;
const char *server = appSpawn_ == 1 ? APPSPAWN_SERVER_NAME : (appSpawn_ == 2 ? NATIVESPAWN_SERVER_NAME :
NWEBSPAWN_SERVER_NAME);
printf("Send msg to server '%s' \n", server);
AppSpawnReqMsgHandle reqHandle = INVALID_REQ_HANDLE;
int ret = 0;
@ -547,7 +555,8 @@ void AppSpawnTestCommander::DumpThread(ThreadTaskHandle handle, const ThreadCont
int AppSpawnTestCommander::Run()
{
int ret = 0;
const char *name = appSpawn_ ? APPSPAWN_SERVER_NAME : NWEBSPAWN_SERVER_NAME;
const char *name = appSpawn_ == 1 ? APPSPAWN_SERVER_NAME : (appSpawn_ == 2 ? NATIVESPAWN_SERVER_NAME :
NWEBSPAWN_SERVER_NAME);
if (clientHandle_ == NULL) {
ret = AppSpawnClientInit(name, &clientHandle_);
APPSPAWN_CHECK(ret == 0, return -1, "Failed to create client %{public}s", name);

2
test/moduletest/appspawn_test_cmder.h
View File

@ -101,7 +101,7 @@ private:
int ptyFd_{-1};
uint32_t dumpFlags : 1;
uint32_t exit_ : 1;
uint32_t appSpawn_ : 1;
uint32_t appSpawn_ : 2;
uint32_t msgType_;
pid_t terminatePid_;
uint32_t threadCount_{1};

30
test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp
View File

@ -197,7 +197,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_10, TestSize.Level0)
}";
nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG);
GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl;
g_testHelper.SetTestUid(1000); // 1000 test
g_testHelper.SetTestGid(1000); // 1000 test
@ -238,7 +238,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_13, TestSize.Level0)
}";
nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG);
GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl;
g_testHelper.SetTestUid(1000); // 1000 test
@ -278,7 +278,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_14, TestSize.Level0)
}";
nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG);
GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl;
@ -322,7 +322,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_15, TestSize.Level0)
}";
nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG);
GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl;
g_testHelper.SetTestUid(1000); // 1000 test
@ -357,7 +357,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_16, TestSize.Level0)
}";
nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG);
GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl;
g_testHelper.SetTestUid(1000); // 1000 test
@ -390,7 +390,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_17, TestSize.Level0)
\"individual\": [] \
}";
nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG);
std::string value;
rc = JsonUtils::GetStringFromJson(j_config, "common", value);
@ -439,7 +439,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_20, TestSize.Level0)
\"individual\": [] \
}";
nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG);
g_testHelper.SetTestUid(1000); // 1000 test
g_testHelper.SetTestGid(1000); // 1000 test
@ -464,7 +464,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_20, TestSize.Level0)
}] \
}";
nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config1);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config1, SANBOX_APP_JSON_CONFIG);
OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty);
DeleteAppSpawningCtx(appProperty);
}
@ -485,7 +485,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_22, TestSize.Level0)
\"individual\": [] \
}";
nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config1);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config1, SANBOX_APP_JSON_CONFIG);
g_testHelper.SetTestUid(1000); // 1000 test
g_testHelper.SetTestGid(1000); // 1000 test
@ -1108,7 +1108,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_38, TestSize.Level0)
}";
nlohmann::json p_config1 = nlohmann::json::parse(pJsconfig1.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(p_config1);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(p_config1, SANBOX_APP_JSON_CONFIG);
std::string sandboxPackagePath = "/mnt/sandbox/100/";
const std::string bundleName = GetBundleName(appProperty);
@ -1206,7 +1206,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_41, TestSize.Level0)
}";
nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str());
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG);
uint32_t cloneFlags = OHOS::AppSpawn::SandboxUtils::GetSandboxNsFlags(false);
EXPECT_EQ(!!(cloneFlags & CLONE_NEWPID), true);
@ -1240,7 +1240,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_42, TestSize.Level0)
nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str());
const char *mountPath = "mount-paths";
nlohmann::json j_secondConfig = j_config[mountPath][0];
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG);
std::string fsType = OHOS::AppSpawn::SandboxUtils::GetSandboxFsType(j_secondConfig);
int ret = strcmp(fsType.c_str(), "sharefs");
@ -1273,7 +1273,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_43, TestSize.Level0)
const char *mountPath = "mount-paths";
nlohmann::json j_secondConfig = j_config[mountPath][0];
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG);
OHOS::AppSpawn::SandboxUtils::SandboxMountConfig mountConfig;
std::string section = "common";
AppSpawningCtx *appProperty = GetTestAppProperty();
@ -1307,7 +1307,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_44, TestSize.Level0)
const char *mountPath = "mount-paths";
nlohmann::json j_secondConfig = j_config[mountPath][0];
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG);
OHOS::AppSpawn::SandboxUtils::SandboxMountConfig mountConfig;
std::string section = "permission";
AppSpawningCtx *appProperty = GetTestAppProperty();
@ -1341,7 +1341,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_45, TestSize.Level0)
const char *mountPath = "mount-paths";
nlohmann::json j_secondConfig = j_config[mountPath][0];
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config);
OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG);
AppSpawningCtx *appProperty = GetTestAppProperty();
std::string options = OHOS::AppSpawn::SandboxUtils::GetSandboxOptions(appProperty, j_secondConfig);
int ret = strcmp(options.c_str(), "support_overwrite=1,user_id=100");

18
test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp
View File

@ -88,15 +88,15 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_AppSpawnSandboxCfg_002, TestSize.Leve
OH_ListAddTail(&sandbox->extData.node, &mgr->extData);
// for appspawn
int ret = LoadAppSandboxConfig(sandbox, 0);
int ret = LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN);
EXPECT_EQ(ret, 0);
ret = LoadAppSandboxConfig(sandbox, 0); // 重复load
ret = LoadAppSandboxConfig(sandbox, MODE_FOR_APP_SPAWN); // 重复load
EXPECT_EQ(ret, 0);
DeleteAppSpawnSandbox(sandbox);
DeleteAppSpawnMgr(mgr);
ret = LoadAppSandboxConfig(nullptr, 0);
ret = LoadAppSandboxConfig(nullptr, MODE_FOR_APP_SPAWN);
EXPECT_NE(ret, 0);
}
@ -111,23 +111,23 @@ HWTEST_F(AppSpawnSandboxMgrTest, App_Spawn_AppSpawnSandboxCfg_003, TestSize.Leve
int ret = 0;
#ifdef APPSPAWN_SANDBOX_NEW
// for nwebspawn
ret = LoadAppSandboxConfig(sandbox, 1);
ret = LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN);
EXPECT_EQ(ret, 0);
ret = LoadAppSandboxConfig(sandbox, 1); // 重复load
ret = LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN); // 重复load
EXPECT_EQ(ret, 0);
ret = LoadAppSandboxConfig(sandbox, 2); // 重复load
ret = LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN); // 重复load
EXPECT_EQ(ret, 0);
#else
// for nwebspawn
ret = LoadAppSandboxConfig(sandbox, 0);
ret = LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN);
EXPECT_EQ(ret, 0);
ret = LoadAppSandboxConfig(sandbox, 0); // 重复load
ret = LoadAppSandboxConfig(sandbox, MODE_FOR_NWEB_SPAWN); // 重复load
EXPECT_EQ(ret, 0);
#endif
DeleteAppSpawnSandbox(sandbox);
DeleteAppSpawnMgr(mgr);
ret = LoadAppSandboxConfig(nullptr, 1);
ret = LoadAppSandboxConfig(nullptr, MODE_FOR_NWEB_SPAWN);
EXPECT_NE(ret, 0);
}