diff --git a/modules/sandbox/appspawn_sandbox.c b/modules/sandbox/appspawn_sandbox.c index e5203aa32e0ba489c17d00ab4be2163389c3f01c..6a117c116267ee9892ca200577af8f3cbb2d80bf 100644 --- a/modules/sandbox/appspawn_sandbox.c +++ b/modules/sandbox/appspawn_sandbox.c @@ -272,6 +272,12 @@ APPSPAWN_STATIC int CheckSandboxMountNode(const SandboxContext *context, APPSPAWN_LOGW("Invalid mount config section %{public}s", section->name); return 0; } + + if (sandboxNode->createSandboxPath == 0 && access(sandboxNode->source, F_OK) != 0) { + APPSPAWN_LOGW("Invalid mount config source %{public}s", sandboxNode->source); + return 0; + } + // special handle wps and don't use /data/app/xxx/ config if (CHECK_FLAGS_BY_INDEX(operation, SANDBOX_TAG_SPAWN_FLAGS)) { // flags-point if (context->bundleHasWps && diff --git a/modules/sandbox/appspawn_sandbox.h b/modules/sandbox/appspawn_sandbox.h index 6c6b31d01072484d95434d45ee453d094cc55492..13537f9cfa485e1c1bd6c609200f40f3fd5d88ed 100644 --- a/modules/sandbox/appspawn_sandbox.h +++ b/modules/sandbox/appspawn_sandbox.h @@ -123,10 +123,11 @@ typedef struct { typedef struct TagPathMountNode { SandboxMountNode sandboxNode; - char *source; // source 目录,一般是全局的fs 目录 - char *target; // 沙盒化后的目录 - mode_t destMode; // "dest-mode": "S_IRUSR | S_IWOTH | S_IRWXU " 默认值:0 - uint32_t mountSharedFlag : 1; // "mount-shared-flag" : "true", 默认值:false + char *source; // source 目录,一般是全局的fs 目录 + char *target; // 沙盒化后的目录 + mode_t destMode; // "dest-mode": "S_IRUSR | S_IWOTH | S_IRWXU " 默认值:0 + uint32_t mountSharedFlag : 1; // "mount-shared-flag" : "true", 默认值:false + uint32_t createSandboxPath : 1; // "create-sandbox-path" : "true", 默认值 : true uint32_t createDemand : 1; uint32_t checkErrorFlag : 1; uint32_t category; diff --git a/modules/sandbox/sandbox_load.c b/modules/sandbox/sandbox_load.c index 5b783924cfae0345b0ad7eb8c2d4dafbb4ff1036..529c1f427e3268cb1be4afb74408477329fefeb7 100644 --- a/modules/sandbox/sandbox_load.c +++ b/modules/sandbox/sandbox_load.c @@ -228,7 +228,7 @@ static PathMountNode *DecodeMountPathConfig(const SandboxSection *section, const sandboxNode->destMode = GetChmodFromJson(config); sandboxNode->mountSharedFlag = GetBoolValueFromJsonObj(config, "mount-shared-flag", false); sandboxNode->checkErrorFlag = GetBoolValueFromJsonObj(config, "check-action-status", false); - + sandboxNode->createSandboxPath = GetBoolValueFromJsonObj(config, "create-sandbox-path", true); sandboxNode->category = GetMountCategory(GetStringFromJsonObj(config, "category")); const char *value = GetStringFromJsonObj(config, "app-apl-name"); if (value != NULL) { diff --git a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_new_test.cpp b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_new_test.cpp index a41201daa6f857f5f89c4d0927556e67bdb20048..5d8e0ea5b093fe77a7c5257db6e93de7f952f405 100644 --- a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_new_test.cpp +++ b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_new_test.cpp @@ -2268,13 +2268,13 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_sandbox, TestSize.Level0) SandboxMountNode node = {}; char source[] = {"/data/app/el5//database/"}; char target[] = {"/data/storage/el1/database"}; - const PathMountNode sandboxNode = {node, nullptr, nullptr, 0, false, 1, 1, 0, nullptr, {}}; + const PathMountNode sandboxNode = {node, nullptr, nullptr, 0, false, 1, 1, 1, 0, nullptr, {}}; const MountArg args = {"/data/xxx/xxx", nullptr, nullptr, 0, nullptr, 0}; CreateDemandSrc(contextTest, &sandboxNode, &args); char apl[] = "apl"; - const PathMountNode sandboxNode1 = {node, source, nullptr, 0, false, 1, 1, 0, nullptr, {}}; - const PathMountNode sandboxNode2 = {node, nullptr, target, 0, false, 1, 1, 0, nullptr, {}}; - const PathMountNode sandboxNode3 = {node, source, target, 0, false, 1, 1, 0, apl, {}}; + const PathMountNode sandboxNode1 = {node, source, nullptr, 0, false, 1, 1, 1, 0, nullptr, {}}; + const PathMountNode sandboxNode2 = {node, nullptr, target, 0, false, 1, 1, 1, 0, nullptr, {}}; + const PathMountNode sandboxNode3 = {node, source, target, 0, false, 1, 1, 1, 0, apl, {}}; struct ListNode front; char name[] = {"test"}; const SandboxSection section = {node, front, name, 16, 16, nullptr, 1, 1, nullptr}; @@ -2302,7 +2302,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_sandbox_001, TestSize.Level0) SandboxContext context1 = {{{}}, "test.example.ohos.com", nullptr, 1, 1, 1, 1, 1, 1, 1, rootPath}; char source1[] = {"/xxx/xxx/xxx"}; uint32_t operation = 0x1 << SANDBOX_TAG_SPAWN_FLAGS; - const PathMountNode sandboxNode4 = {node, source1, target, 0, false, 1, 1, 0, apl, {}}; + const PathMountNode sandboxNode4 = {node, source1, target, 0, false, 1, 1, 1, 0, apl, {}}; context1.bundleHasWps = 1; int res = CheckSandboxMountNode(&context1, §ion, &sandboxNode4, operation); EXPECT_EQ(res, 1); @@ -2311,17 +2311,17 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_sandbox_001, TestSize.Level0) EXPECT_EQ(res, 1); char source2[] = "/data/app/xxx"; - const PathMountNode sandboxNode5 = {node, source2, target, 0, false, 1, 1, 0, apl, {}}; + const PathMountNode sandboxNode5 = {node, source2, target, 0, false, 1, 1, 1, 0, apl, {}}; res = CheckSandboxMountNode(&context1, §ion, &sandboxNode5, operation); EXPECT_EQ(res, 1); char source3[] = "/data/app/base"; - const PathMountNode sandboxNode6 = {node, source3, target, 0, false, 1, 1, 0, apl, {}}; + const PathMountNode sandboxNode6 = {node, source3, target, 0, false, 1, 1, 1, 0, apl, {}}; res = CheckSandboxMountNode(&context1, §ion, &sandboxNode6, operation); EXPECT_EQ(res, 1); char source4[] = "/data/app/"; - const PathMountNode sandboxNode7 = {node, source4, target, 0, false, 1, 1, 0, apl, {}}; + const PathMountNode sandboxNode7 = {node, source4, target, 0, false, 1, 1, 1, 0, apl, {}}; res = CheckSandboxMountNode(&context1, §ion, &sandboxNode7, operation); EXPECT_EQ(res, 1); }