From cd4cbe57b6ae1f24d83a2654624ececbc4713502 Mon Sep 17 00:00:00 2001 From: nianyuu Date: Fri, 13 Jun 2025 17:14:58 +0800 Subject: [PATCH] fix dec diff Signed-off-by: nianyuu --- appdata-sandbox-app.json | 6 +-- appdata-sandbox.json | 8 ++-- modules/sandbox/appspawn_sandbox.c | 13 +++--- modules/sandbox/sandbox_dec.c | 28 ++++++------- modules/sandbox/sandbox_dec.h | 4 +- modules/sandbox/sandbox_load.c | 2 +- modules/sandbox/sandbox_utils.cpp | 42 +++++++++---------- .../app_spawn_sandbox_test.cpp | 6 +-- 8 files changed, 54 insertions(+), 55 deletions(-) diff --git a/appdata-sandbox-app.json b/appdata-sandbox-app.json index df199692..14321a17 100644 --- a/appdata-sandbox-app.json +++ b/appdata-sandbox-app.json @@ -198,7 +198,7 @@ }, { "src-path": "", "sandbox-path": "", - "dec-paths":[ "/storage/Users//appdata/el2/shareFiles" ] + "dec-paths": [ "/storage/Users//appdata/el2/shareFiles" ] }, { "src-path": "/mnt/data//userExternal", "sandbox-path": "/storage/userExternal" @@ -408,14 +408,14 @@ "sandbox-path": "none", "dec-paths": [ "/storage/Users//Download" ] }] - },{ + }, { "name": "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", "mount-paths": [{ "src-path": "none", "sandbox-path": "none", "dec-paths": [ "/storage/Users//Desktop" ] }] - },{ + }, { "name": "ohos.permission.READ_WRITE_DOCUMENTS_DIRECTORY", "mount-paths": [{ "src-path": "none", diff --git a/appdata-sandbox.json b/appdata-sandbox.json index 0aef8d70..68c625e9 100755 --- a/appdata-sandbox.json +++ b/appdata-sandbox.json @@ -928,9 +928,9 @@ "fs-type": "fuse", "check-action-status": "false" }, { - "src-path": "", - "sandbox-path": "", - "sandbox-flags": [], + "src-path" : "", + "sandbox-path" : "", + "sandbox-flags" : [], "dec-paths": [ "/mnt/data/fuse" ] } ] @@ -989,7 +989,7 @@ "check-action-status": "false" } ] - }], + }], "ohos.permission.ACCESS_FILE_CONTENT_SHARE":[{ "sandbox-switch": "ON", "gids": [1006, 1008], diff --git a/modules/sandbox/appspawn_sandbox.c b/modules/sandbox/appspawn_sandbox.c index d8bd7ba3..6c5e795c 100644 --- a/modules/sandbox/appspawn_sandbox.c +++ b/modules/sandbox/appspawn_sandbox.c @@ -455,7 +455,7 @@ static void FreeDecPolicyPaths(DecPolicyInfo *decPolicyInfo) } for (uint32_t i = 0; i < decPolicyInfo->pathNum; i++) { - if (decPolicyInfo->path[i].path) { + if (decPolicyInfo->path[i].path != NULL) { free(decPolicyInfo->path[i].path); } } @@ -463,9 +463,8 @@ static void FreeDecPolicyPaths(DecPolicyInfo *decPolicyInfo) decPolicyInfo->pathNum = 0; } - -static int32_t SetDecPolicyWithCond(const SandboxContext *context, const PathMountNode *sandboxNode, - VarExtraData *extraData) +static int SetDecPolicyWithCond(const SandboxContext *context, const PathMountNode *sandboxNode, + VarExtraData *extraData) { if (sandboxNode == NULL || sandboxNode->decPolicyPaths.decPathCount == 0) { return 0; @@ -478,7 +477,7 @@ static int32_t SetDecPolicyWithCond(const SandboxContext *context, const PathMou decPolicyInfo.pathNum = sandboxNode->decPolicyPaths.decPathCount; for (uint32_t i = 0; i < decPolicyInfo.pathNum; i++) { - const char* realDecPath = GetSandboxRealVar(context, BUFFER_FOR_TARGET, sandboxNode->decPolicyPaths.decPath[i], + const char *realDecPath = GetSandboxRealVar(context, BUFFER_FOR_TARGET, sandboxNode->decPolicyPaths.decPath[i], NULL, extraData); if (realDecPath == NULL) { // Handle the error appropriately if needed @@ -507,7 +506,7 @@ static int SetDecPolicyWithDir(const SandboxContext *context) AppSpawnMsgAccessToken *tokenInfo = (AppSpawnMsgAccessToken *)GetSandboxCtxMsgInfo(context, TLV_ACCESS_TOKEN_INFO); AppSpawnMsgBundleInfo *bundleInfo = (AppSpawnMsgBundleInfo *)GetSandboxCtxMsgInfo(context, TLV_BUNDLE_INFO); APPSPAWN_CHECK(tokenInfo != NULL && bundleInfo != NULL, return APPSPAWN_MSG_INVALID, - "Get token info or bundle info failed."); + "Get token info or bundle info failed."); uint32_t flags = CheckAppSpawnMsgFlag(context->message, TLV_MSG_FLAGS, APP_FLAGS_ATOMIC_SERVICE) ? 0x4 : 0; if (flags == 0) { @@ -530,7 +529,7 @@ static int SetDecPolicyWithDir(const SandboxContext *context) decPolicyInfo.pathNum = 1; PathInfo pathInfo = {0}; pathInfo.path = downloadDir; - pathInfo.pathLen = (uint32_t)(strlen(pathInfo.path)); + pathInfo.pathLen = (uint32_t)strlen(pathInfo.path); pathInfo.mode = SANDBOX_MODE_WRITE | SANDBOX_MODE_READ; decPolicyInfo.path[0] = pathInfo; decPolicyInfo.tokenId = tokenInfo->accessTokenIdEx; diff --git a/modules/sandbox/sandbox_dec.c b/modules/sandbox/sandbox_dec.c index 7c2cb3e6..1a00b622 100644 --- a/modules/sandbox/sandbox_dec.c +++ b/modules/sandbox/sandbox_dec.c @@ -24,12 +24,12 @@ static const char *g_decConstraintDir[] = { "/storage/Users", - "/storage/Externel", + "/storage/External", "/storage/Share", "/storage/hmdfs", "/mnt/data/fuse", "/mnt/debug", - "/storage/userExternel" + "/storage/userExternal" }; static const char *g_decForcedPrefix[] = { @@ -38,7 +38,7 @@ static const char *g_decForcedPrefix[] = { static DecPolicyInfo *g_decPolicyInfos = NULL; -void DestoryDecPolicyInfos(DecPolicyInfo *decPolicyInfos) +void DestroyDecPolicyInfos(DecPolicyInfo *decPolicyInfos) { if (decPolicyInfos == NULL) { return; @@ -72,36 +72,36 @@ void SetDecPolicyInfos(DecPolicyInfo *decPolicyInfos) } APPSPAWN_CHECK(g_decPolicyInfos->pathNum + decPolicyInfos->pathNum <= MAX_POLICY_NUM, - DestoryDecPolicyInfos(g_decPolicyInfos); + DestroyDecPolicyInfos(g_decPolicyInfos); g_decPolicyInfos = NULL; return, "Out of MAX_POLICY_NUM %{public}d, %{public}d", g_decPolicyInfos->pathNum, decPolicyInfos->pathNum); for (uint32_t i = 0; i < decPolicyInfos->pathNum; i++) { PathInfo pathInfo = {0}; if (decPolicyInfos->path[i].path == NULL) { - DestoryDecPolicyInfos(g_decPolicyInfos); + DestroyDecPolicyInfos(g_decPolicyInfos); g_decPolicyInfos = NULL; return; } pathInfo.path = strdup(decPolicyInfos->path[i].path); if (pathInfo.path == NULL) { - DestoryDecPolicyInfos(g_decPolicyInfos); + DestroyDecPolicyInfos(g_decPolicyInfos); g_decPolicyInfos = NULL; return; } pathInfo.pathLen = (uint32_t)strlen(pathInfo.path); pathInfo.mode = SANDBOX_MODE_WRITE | SANDBOX_MODE_READ; - uint32_t index = g_decPolicyInfos->pathNum + 1; + uint32_t index = g_decPolicyInfos->pathNum + i; g_decPolicyInfos->path[index] = pathInfo; } g_decPolicyInfos->tokenId = decPolicyInfos->tokenId; - g_decPolicyInfos->tokenId = decPolicyInfos->pathNum; + g_decPolicyInfos->pathNum += decPolicyInfos->pathNum; g_decPolicyInfos->flag = true; g_decPolicyInfos->userId = 0; } -static int SetDecConstraintDirs(AppSpawnMgr* content) +static int SetDenyConstraintDirs(AppSpawnMgr *content) { - APPSPAWN_LOGI("enter SetDecConstraintDirs sandbox policy success."); + APPSPAWN_LOGI("enter SetDenyConstraintDirs sandbox policy success."); UNUSED(content); const char *decFilename = "/dev/dec"; int fd = open(decFilename, O_RDWR); @@ -133,7 +133,7 @@ static int SetDecConstraintDirs(AppSpawnMgr* content) return 0; } -static int SetForcedPrefixDirs(AppSpawnMgr* content) +static int SetForcedPrefixDirs(AppSpawnMgr *content) { APPSPAWN_LOGI("enter SetForcedPrefixDirs sandbox policy success."); UNUSED(content); @@ -176,7 +176,7 @@ void SetDecPolicy(void) int fd = open(decFilename, O_RDWR); if (fd < 0) { APPSPAWN_LOGE("open dec file fail."); - DestoryDecPolicyInfos(g_decPolicyInfos); + DestroyDecPolicyInfos(g_decPolicyInfos); g_decPolicyInfos = NULL; return; } @@ -195,7 +195,7 @@ void SetDecPolicy(void) } } close(fd); - DestoryDecPolicyInfos(g_decPolicyInfos); + DestroyDecPolicyInfos(g_decPolicyInfos); g_decPolicyInfos = NULL; return; } @@ -203,6 +203,6 @@ void SetDecPolicy(void) MODULE_CONSTRUCTOR(void) { APPSPAWN_LOGI("Load sandbox dec module ..."); - AddPreloadHook(HOOK_PRIO_COMMON, SetDecConstraintDirs); + AddPreloadHook(HOOK_PRIO_COMMON, SetDenyConstraintDirs); AddPreloadHook(HOOK_PRIO_COMMON, SetForcedPrefixDirs); } diff --git a/modules/sandbox/sandbox_dec.h b/modules/sandbox/sandbox_dec.h index 3593ad7c..eda4d839 100644 --- a/modules/sandbox/sandbox_dec.h +++ b/modules/sandbox/sandbox_dec.h @@ -49,7 +49,7 @@ extern "C" { #define SET_DEC_PREFIX_CMD _IOWR(HM_DEC_IOCTL_BASE, HM_SET_PREFIX_ID, DecPolicyInfo) #define MAX_POLICY_NUM 8 -#define SANDBOX_MODE_READ 0x00000001 +#define SANDBOX_MODE_READ 0x00000001 #define SANDBOX_MODE_WRITE (SANDBOX_MODE_READ << 1) #define DEC_POLICY_HEADER_RESERVED 64 @@ -72,7 +72,7 @@ typedef struct DecPolicyInfo { } DecPolicyInfo; void SetDecPolicyInfos(DecPolicyInfo *decPolicyInfos); -void DestoryDecPolicyInfos(DecPolicyInfo *decPolicyInfos); +void DestroyDecPolicyInfos(DecPolicyInfo *decPolicyInfos); void SetDecPolicy(void); #ifdef __cplusplus diff --git a/modules/sandbox/sandbox_load.c b/modules/sandbox/sandbox_load.c index 2a95130e..f7a7d617 100644 --- a/modules/sandbox/sandbox_load.c +++ b/modules/sandbox/sandbox_load.c @@ -207,7 +207,7 @@ static void FillPathDemandInfo(const cJSON *config, PathMountNode *sandboxNode) static int32_t DecodeDecPolicyPaths(const cJSON *config, PathMountNode *sandboxNode) { if (config == NULL || sandboxNode == NULL) { - return APPSPAWN_MSG_INVALID; + return APPSPAWN_ARG_INVALID; } sandboxNode->decPolicyPaths.decPathCount = 0; diff --git a/modules/sandbox/sandbox_utils.cpp b/modules/sandbox/sandbox_utils.cpp index d48f9700..1187e9e4 100644 --- a/modules/sandbox/sandbox_utils.cpp +++ b/modules/sandbox/sandbox_utils.cpp @@ -934,6 +934,17 @@ std::string SandboxUtils::GetSandboxPath(const AppSpawningCtx *appProperty, nloh return sandboxPath; } +static bool CheckMountFlag(const AppSpawningCtx *appProperty, const std::string bundleName, nlohmann::json &appConfig) +{ + if (appConfig.find(g_flags) != appConfig.end()) { + if (((ConvertFlagStr(appConfig[g_flags].get()) & GetAppMsgFlags(appProperty)) != 0) && + bundleName.find("wps") != std::string::npos) { + return true; + } + } + return false; +} + int32_t SandboxUtils::SetDecWithDir(const AppSpawningCtx *appProperty, uint32_t userId) { AppSpawnMsgAccessToken *tokenInfo = @@ -996,33 +1007,32 @@ int32_t SandboxUtils::SetDecPolicyWithPermission(const AppSpawningCtx *appProper pathInfo.path = strdup(mountConfig.decPaths[i].c_str()); if (pathInfo.path == nullptr) { APPSPAWN_LOGE("strdup %{public}s failed, err %{public}d", mountConfig.decPaths[i].c_str(), errno); - ret = APPSPAWN_ERROR_UTILS_MEM_FAIL; + ret = APPSPAWN_ERROR_UTILS_MEM_FAIL; goto EXIT; } pathInfo.pathLen = static_cast(strlen(pathInfo.path)); pathInfo.mode = SANDBOX_MODE_WRITE | SANDBOX_MODE_READ; - decPolicyInfo.path[0] = pathInfo; + decPolicyInfo.path[i] = pathInfo; } decPolicyInfo.tokenId = tokenInfo->accessTokenIdEx; decPolicyInfo.flag = true; SetDecPolicyInfos(&decPolicyInfo); EXIT: for (uint32_t i = 0; i < decPolicyInfo.pathNum; i++) { - if (decPolicyInfo.path[0].path) { - free(decPolicyInfo.path[0].path); - decPolicyInfo.path[0].path = nullptr; + if (decPolicyInfo.path[i].path) { + free(decPolicyInfo.path[i].path); + decPolicyInfo.path[i].path = nullptr; } } return ret; } -static bool CheckMountFlag(const AppSpawningCtx *appProperty, const std::string bundleName, nlohmann::json &appConfig) +static bool GetCheckStatus(nlohmann::json &mntPoint) { - if (appConfig.find(g_flags) != appConfig.end()) { - if (((ConvertFlagStr(appConfig[g_flags].get()) & GetAppMsgFlags(appProperty)) != 0) && - bundleName.find("wps") != std::string::npos) { - return true; - } + std::string value = g_statusCheck; + (void)JsonUtils::GetStringFromJson(mntPoint, g_actionStatuc, value); + if (value == g_statusCheck) { + return true; } return false; } @@ -1041,16 +1051,6 @@ static bool GetCreateSandboxPath(nlohmann::json &json, std::string srcPath) return true; } -static bool GetCheckStatus(nlohmann::json &mntPoint) -{ - std::string value = g_statusCheck; - (void)JsonUtils::GetStringFromJson(mntPoint, g_actionStatuc, value); - if (value == g_statusCheck) { - return true; - } - return false; -} - int SandboxUtils::DoAllMntPointsMount(const AppSpawningCtx *appProperty, nlohmann::json &appConfig, const char *typeName, const std::string §ion) { diff --git a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp index b4abd595..18a7ebdb 100644 --- a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp +++ b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp @@ -1568,7 +1568,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_01, TestSize.Level0) \"src-path\": \"\", \ \"sandbox-path\": \"\", \ \"sandbox-flags-customized\": [ \"MS_NODEV\", \"MS_RDONLY\" ], \ - \"dec-paths\": [ \"/storage/Users\", \"/storage/External\", \"/storage/test\"] \ + \"dec-paths\": [ \"/storage/Users\", \"/storage/External\", \"/storage/test\" ] \ }] \ }"; nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); @@ -1635,7 +1635,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_03, TestSize.Level0) \"src-path\": \"\", \ \"sandbox-path\": \"\", \ \"sandbox-flags-customized\": [ \"MS_NODEV\", \"MS_RDONLY\" ], \ - \"dec-paths\": [ \"/storage/Users\", \"/storage/External\", \"/storage/test\"] \ + \"dec-paths\": [ \"/storage/Users\", \"/storage/External\", \"/storage/test\" ] \ }] \ }"; nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); @@ -1666,7 +1666,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_04, TestSize.Level0) \"src-path\": \"\", \ \"sandbox-path\": \"\", \ \"sandbox-flags-customized\": [ \"MS_NODEV\", \"MS_RDONLY\" ], \ - \"dec-paths\": [ \"/storage/Users\", \"/storage/External\", \"/storage/test\"] \ + \"dec-paths\": [ \"/storage/Users\", \"/storage/External\", \"/storage/test\" ] \ }] \ }"; nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); -- Gitee