openharmony/startup_appspawn
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_appspawn synced 2024-11-23 07:00:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of https://gitee.com/openharmony/startup_appspawn into appspapawn_ut

Browse Source
This commit is contained in:
zhongning5 2024-04-16 21:25:30 +08:00
commit fab33f218a
11 changed files with 97 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etc/BUILD.gn
View File

@ -24,7 +24,7 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
ohos_prebuilt_etc("appdata-sandbox.json") {
source = "../appdata-sandbox-app.json"
output = "appdata-sandbox.json"
symlink_target_name = ["appdata-sandbox.json"]
part_name = "${part_name}"
module_install_dir = "etc/sandbox"
}

4
modules/common/BUILD.gn
View File

@ -62,6 +62,10 @@ ohos_shared_library("appspawn_common") {
external_deps += [ "code_signature:libcode_sign_attr_utils" ]
}
if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) {
defines += [ "APPSPAWN_SANDBOX_NEW" ]
}
subsystem_name = "${subsystem_name}"
part_name = "${part_name}"
install_enable = true

6
modules/common/appspawn_cgroup.c
View File

@ -100,8 +100,10 @@ static void KillProcessesByCGroup(const char *path, AppSpawnMgr *content, const
continue;
}
APPSPAWN_LOGI("Kill app pid %{public}d now ...", pid);
#ifdef APPSPAWN_TEST
kill(pid, SIGKILL);
#ifndef APPSPAWN_TEST
if (kill(pid, SIGKILL) != 0) {
APPSPAWN_LOGE("unable to kill process, pid: %{public}d ret %{public}d", pid, errno);
}
#endif
}
(void)fclose(file);

77
modules/common/appspawn_common.c
View File

@ -59,6 +59,79 @@
#define BITLEN32 32
#define PID_NS_INIT_UID 100000 // reserved for pid_ns_init process, avoid app, render proc, etc.
#define PID_NS_INIT_GID 100000
#define USER_ID_SIZE 16
#define DIR_MODE 0711
#ifndef APPSPAWN_SANDBOX_NEW
static bool IsUnlockStatus(uint32_t uid)
{
const int userIdBase = 200000;
uid = uid / userIdBase;
if (uid == 0) {
return true;
}
const char rootPath[] = "/data/app/el2/";
const char basePath[] = "/base";
size_t allPathSize = strlen(rootPath) + strlen(basePath) + 1 + USER_ID_SIZE;
char *path = malloc(sizeof(char) * allPathSize);
APPSPAWN_CHECK(path != NULL, return true, "Failed to malloc path");
int len = sprintf_s(path, allPathSize, "%s%u%s", rootPath, uid, basePath);
APPSPAWN_CHECK(len > 0 && ((size_t)len < allPathSize), return true, "Failed to get base path");
if (access(path, F_OK) == 0) {
APPSPAWN_LOGI("this is unlock status");
free(path);
return true;
}
free(path);
APPSPAWN_LOGI("this is lock status");
return false;
}
static void MountAppEl2Dir(const AppSpawningCtx *property)
{
const int userIdBase = 200000;
const char rootPath[] = "/mnt/sandbox/";
const char el2Path[] = "/data/storage/el2";
AppDacInfo *info = (AppDacInfo *)GetAppProperty(property, TLV_DAC_INFO);
const char *bundleName = GetBundleName(property);
if (info == NULL || bundleName == NULL) {
return;
}
if (IsUnlockStatus(info->uid)) {
return;
}
size_t allPathSize = strlen(rootPath) + strlen(el2Path) + strlen(bundleName) + 2;
allPathSize += USER_ID_SIZE;
char *path = malloc(sizeof(char) * (allPathSize));
APPSPAWN_CHECK(path != NULL, return, "Failed to malloc path");
int len = sprintf_s(path, allPathSize, "%s%u/%s%s", rootPath, info->uid / userIdBase, bundleName, el2Path);
APPSPAWN_CHECK(len > 0 && ((size_t)len < allPathSize), free(path);
return, "Failed to get el2 path");
if (access(path, F_OK) == 0) {
free(path);
return;
}
MakeDirRec(path, DIR_MODE, 1);
if (mount(path, path, NULL, MS_BIND | MS_REC, NULL) != 0) {
free(path);
APPSPAWN_LOGI("mount el2 path failed!");
return;
}
if (mount(NULL, path, NULL, MS_SHARED, NULL) != 0) {
free(path);
APPSPAWN_LOGI("mount el2 path to shared failed!");
return;
}
APPSPAWN_LOGI("mount el2 path to shared success!");
free(path);
return;
}
#endif
static int SetProcessName(const AppSpawnMgr *content, const AppSpawningCtx *property)
{
@ -432,6 +505,10 @@ static int SpawnGetSpawningFlag(AppSpawnMgr *content, AppSpawningCtx *property)
}
// check developer mode
property->client.flags |= CheckEnabled("const.security.developermode.state", "true") ? APP_DEVELOPER_MODE : 0;
#ifndef APPSPAWN_SANDBOX_NEW
// mount el2 dir
MountAppEl2Dir(property);
#endif
return 0;
}

2
modules/common/appspawn_namespace.c
View File

@ -151,7 +151,9 @@ static int NsInitFunc()
{
setuid(PID_NS_INIT_UID);
setgid(PID_NS_INIT_GID);
#ifdef WITH_SELINUX
setcon("u:r:pid_ns_init:s0");
#endif
char *argv[] = {"/system/bin/pid_ns_init", NULL};
execve("/system/bin/pid_ns_init", argv, NULL);
_exit(0);

2
service/hnp/installer/README_zh.md
View File

@ -11,7 +11,7 @@
| 接口名 | 描述 |
| :----------------------------------------------------------- | :--------------------------------------- |
| [NativeInstallHnp](api_hnp.md#nativeinstallhnp)| 安装Native软件包 |
|[NativeUnInstallHnp]((api_hnp.md#nativeuninstallhnp))| 卸载Native软件包 |
|[NativeUnInstallHnp](api_hnp.md#nativeuninstallhnp)| 卸载Native软件包 |
## 开发步骤

1
standard/appspawn_appmgr.c
View File

@ -190,6 +190,7 @@ int KillAndWaitStatus(pid_t pid, int sig)
int exitStatus = 0;
if (kill(pid, sig) != 0) {
APPSPAWN_LOGE("unable to kill process, pid: %{public}d ret %{public}d", pid, errno);
return -1;
}
pid_t exitPid = waitpid(pid, &exitStatus, 0);

4
standard/appspawn_service.c
View File

@ -62,8 +62,8 @@ static void AppQueueDestroyProc(const AppSpawnMgr *mgr, AppSpawnedProcess *appIn
OH_ListRemove(&appInfo->node);
OH_ListInit(&appInfo->node);
free(appInfo);
if (pid > 0) {
kill(pid, SIGKILL);
if (pid > 0 && kill(pid, SIGKILL) != 0) {
APPSPAWN_LOGE("unable to kill process, pid: %{public}d errno: %{public}d", pid, errno);
}
}

4
standard/nwebspawn_launcher.c
View File

@ -51,7 +51,9 @@ void NWebSpawnInit(void)
// ownerId must been set before setcon & setuid
(void)SetXpmOwnerId(PROCESS_OWNERID_EXTEND, NULL);
#endif
#ifdef WITH_SELINUX
setcon("u:r:nwebspawn:s0");
#endif
pid_t pid = getpid();
setpriority(PRIO_PROCESS, pid, 0);
struct __user_cap_header_struct capHeader;
@ -88,4 +90,4 @@ pid_t NWebSpawnLaunch(void)
}
APPSPAWN_LOGI("nwebspawn fork success pid: %{public}d", ret);
return ret;
}
}

2
standard/pid_ns_init.c
View File

@ -13,10 +13,12 @@
* limitations under the License.
*/
#include <signal.h>
#include <unistd.h>
int main()
{
signal(SIGCHLD, SIG_IGN);
while (1) {
pause();
}

122
util/include/sandbox_utils.h
View File

@ -1,122 +0,0 @@
/*
* Copyright (C) 2022-2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef SANDBOX_UTILS_H
#define SANDBOX_UTILS_H
#include <set>
#include <string>
#include <sys/mount.h>
#include <sys/types.h>
#include <vector>
#include "nlohmann/json.hpp"
#include "client_socket.h"
#include "appspawn_server.h"
namespace OHOS {
namespace AppSpawn {
class SandboxUtils {
public:
static void StoreJsonConfig(nlohmann::json &appSandboxConfig);
static std::vector<nlohmann::json> &GetJsonConfig();
static int32_t SetAppSandboxProperty(AppSpawnClient *client);
static int32_t SetAppSandboxPropertyNweb(AppSpawnClient *client);
static uint32_t GetSandboxNsFlags(bool isNweb);
static std::set<std::string> GetMountPermissionNames();
static std::string GetExtraInfoByType(const ClientSocket::AppProperty *appProperty, const std::string &type);
typedef struct {
unsigned long mountFlags;
std::string optionsPoint;
std::string fsType;
std::string sandboxPath;
} SandboxMountConfig;
private:
static int32_t DoAppSandboxMountOnce(const char *originPath, const char *destinationPath,
const char *fsType, unsigned long mountFlags,
const char *options, mode_t mountSharedFlag = MS_SLAVE);
static int32_t DoSandboxFileCommonBind(const ClientSocket::AppProperty *appProperty, nlohmann::json &wholeConfig);
static int32_t DoSandboxFileCommonSymlink(const ClientSocket::AppProperty *appProperty,
nlohmann::json &wholeConfig);
static int32_t DoSandboxFilePrivateBind(const ClientSocket::AppProperty *appProperty, nlohmann::json &wholeConfig);
static int32_t DoSandboxFilePrivateSymlink(const ClientSocket::AppProperty *appProperty,
nlohmann::json &wholeConfig);
static int32_t DoSandboxFilePrivateFlagsPointHandle(const ClientSocket::AppProperty *appProperty,
nlohmann::json &wholeConfig);
static int32_t DoSandboxFileCommonFlagsPointHandle(const ClientSocket::AppProperty *appProperty,
nlohmann::json &wholeConfig);
static int32_t HandleFlagsPoint(const ClientSocket::AppProperty *appProperty,
nlohmann::json &wholeConfig);
static int32_t SetPrivateAppSandboxProperty(const ClientSocket::AppProperty *appProperty);
static int32_t SetCommonAppSandboxProperty(const ClientSocket::AppProperty *appProperty,
std::string &sandboxPackagePath);
static int32_t MountAllHsp(const ClientSocket::AppProperty *appProperty, std::string &sandboxPackagePath);
static int32_t MountAllGroup(const ClientSocket::AppProperty *appProperty, std::string &sandboxPackagePath);
static int32_t DoSandboxRootFolderCreateAdapt(std::string &sandboxPackagePath);
static int32_t DoSandboxRootFolderCreate(const ClientSocket::AppProperty *appProperty,
std::string &sandboxPackagePath);
static void DoSandboxChmod(nlohmann::json jsonConfig, std::string &sandboxRoot);
static int DoAllMntPointsMount(const ClientSocket::AppProperty *appProperty,
nlohmann::json &appConfig, const std::string &section = "app-base");
static int DoAllSymlinkPointslink(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig);
static std::string ConvertToRealPath(const ClientSocket::AppProperty *appProperty, std::string sandboxRoot);
static std::string ConvertToRealPathWithPermission(const ClientSocket::AppProperty *appProperty,
std::string sandboxRoot);
static std::string GetSbxPathByConfig(const ClientSocket::AppProperty *appProperty, nlohmann::json &config);
static bool CheckTotalSandboxSwitchStatus(const ClientSocket::AppProperty *appProperty);
static bool CheckAppSandboxSwitchStatus(const ClientSocket::AppProperty *appProperty);
static bool CheckBundleNameForPrivate(const std::string &bundleName);
static bool GetSbxSwitchStatusByConfig(nlohmann::json &config);
static unsigned long GetMountFlagsFromConfig(const std::vector<std::string> &vec);
static int32_t SetCommonAppSandboxProperty_(const ClientSocket::AppProperty *appProperty,
nlohmann::json &config);
static int32_t SetPrivateAppSandboxProperty_(const ClientSocket::AppProperty *appProperty,
nlohmann::json &config);
static int32_t SetRenderSandboxProperty(const ClientSocket::AppProperty *appProperty,
std::string &sandboxPackagePath);
static int32_t SetRenderSandboxPropertyNweb(const ClientSocket::AppProperty *appProperty,
std::string &sandboxPackagePath);
static int32_t SetOverlayAppSandboxProperty(const ClientSocket::AppProperty *appProperty,
std::string &sandboxPackagePath);
static int32_t SetBundleResourceAppSandboxProperty(const ClientSocket::AppProperty *appProperty,
std::string &sandboxPackagePath);
static int32_t DoSandboxFilePermissionBind(ClientSocket::AppProperty *appProperty,
nlohmann::json &wholeConfig);
static int32_t SetPermissionAppSandboxProperty_(ClientSocket::AppProperty *appProperty,
nlohmann::json &config);
static int32_t SetPermissionAppSandboxProperty(ClientSocket::AppProperty *appProperty);
static int32_t DoAddGid(ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig,
const char* permissionName, const std::string &section);
static bool CheckAppFullMountEnable();
static int32_t SetSandboxProperty(ClientSocket::AppProperty *appProperty, std::string &sandboxPackagePath);
static int32_t ChangeCurrentDir(std::string &sandboxPackagePath, const std::string &bundleName,
bool sandboxSharedStatus);
static int32_t GetMountPermissionFlags(const std::string permissionName);
static bool GetSandboxDacOverrideEnable(nlohmann::json &config);
static unsigned long GetSandboxMountFlags(nlohmann::json &config);
static std::string GetSandboxFsType(nlohmann::json &config);
static std::string GetSandboxOptions(nlohmann::json &config);
static std::string GetSandboxPath(const ClientSocket::AppProperty *appProperty, nlohmann::json &mntPoint,
const std::string &section, std::string sandboxRoot);
static void GetSandboxMountConfig(const std::string &section, nlohmann::json &mntPoint,
SandboxMountConfig &mountConfig);
private:
static std::vector<nlohmann::json> appSandboxConfig_;
static bool deviceTypeEnable_;
};
} // namespace AppSpawn
} // namespace OHOS
#endif // SANDBOX_UTILS_H