mirror of
https://gitee.com/openharmony/startup_appspawn
synced 2024-11-23 07:00:17 +00:00
06878b80be
issue: https://gitee.com/openharmony/third_party_musl/issues/IAVWEZ Test: Build & Boot devices & xts Signed-off-by: zzulilyw <liuyawei10@huawei.com>
99 lines
3.0 KiB
C
99 lines
3.0 KiB
C
/*
|
|
* Copyright (c) 2024 Huawei Device Co., Ltd.
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
#include <sched.h>
|
|
#include <signal.h>
|
|
#include <stdbool.h>
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
|
|
#include <sys/capability.h>
|
|
#include <sys/prctl.h>
|
|
#include <sys/resource.h>
|
|
|
|
#include "appspawn.h"
|
|
#include "appspawn_modulemgr.h"
|
|
#include "appspawn_msg.h"
|
|
#include "appspawn_server.h"
|
|
#include "appspawn_service.h"
|
|
#include "appspawn_utils.h"
|
|
#include "parameter.h"
|
|
#include "securec.h"
|
|
|
|
#ifdef CODE_SIGNATURE_ENABLE
|
|
#include "code_sign_attr_utils.h"
|
|
#endif
|
|
#ifdef WITH_SELINUX
|
|
#include "selinux/selinux.h"
|
|
#endif
|
|
|
|
#define NWEB_UID 3081
|
|
#define NWEB_GID 3081
|
|
#define NWEB_NAME "nwebspawn"
|
|
#define NATIVE_NAME "nativespawn"
|
|
#define CAP_NUM 2
|
|
#define BITLEN32 32
|
|
|
|
void NWebSpawnInit(void)
|
|
{
|
|
APPSPAWN_LOGI("NWebSpawnInit");
|
|
#ifdef CODE_SIGNATURE_ENABLE
|
|
// ownerId must been set before setcon & setuid
|
|
(void)SetXpmOwnerId(PROCESS_OWNERID_NWEB, NULL);
|
|
#endif
|
|
#ifdef WITH_SELINUX
|
|
setcon("u:r:nwebspawn:s0");
|
|
#endif
|
|
pid_t pid = getpid();
|
|
setpriority(PRIO_PROCESS, pid, 0);
|
|
struct __user_cap_header_struct capHeader;
|
|
capHeader.version = _LINUX_CAPABILITY_VERSION_3;
|
|
capHeader.pid = 0;
|
|
// old CAP_SYS_ADMIN | CAP_SETGID | CAP_SETUID
|
|
const uint64_t inheriTable = CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SETGID) |
|
|
CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_KILL);
|
|
const uint64_t permitted = inheriTable;
|
|
const uint64_t effective = inheriTable;
|
|
struct __user_cap_data_struct capData[CAP_NUM] = {};
|
|
for (int j = 0; j < CAP_NUM; ++j) {
|
|
capData[0].inheritable = (__u32)(inheriTable);
|
|
capData[1].inheritable = (__u32)(inheriTable >> BITLEN32);
|
|
capData[0].permitted = (__u32)(permitted);
|
|
capData[1].permitted = (__u32)(permitted >> BITLEN32);
|
|
capData[0].effective = (__u32)(effective);
|
|
capData[1].effective = (__u32)(effective >> BITLEN32);
|
|
}
|
|
capset(&capHeader, capData);
|
|
for (int i = 0; i <= CAP_LAST_CAP; ++i) {
|
|
prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, i, 0, 0);
|
|
}
|
|
#ifndef APPSPAWN_TEST
|
|
(void)prctl(PR_SET_NAME, NWEB_NAME);
|
|
#endif
|
|
setuid(NWEB_UID);
|
|
setgid(NWEB_GID);
|
|
}
|
|
|
|
pid_t NWebSpawnLaunch(void)
|
|
{
|
|
enum fdsan_error_level errorLevel = fdsan_get_error_level();
|
|
pid_t ret = fork();
|
|
if (ret == 0) {
|
|
// Inherit the error level of the original process
|
|
(void)fdsan_set_error_level(errorLevel);
|
|
NWebSpawnInit();
|
|
}
|
|
APPSPAWN_LOGI("nwebspawn fork success pid: %{public}d", ret);
|
|
return ret;
|
|
} |