From 256ac7e108f017e8637219c5e9d5f55f673d6494 Mon Sep 17 00:00:00 2001 From: wangfenging Date: Sat, 5 Jul 2025 15:11:12 +0800 Subject: [PATCH] Jsoncpp to cJSON conversion Signed-off-by: wangfenging --- modules/sandbox/BUILD.gn | 25 +- .../normal/appspawn_sandbox_manager.cpp | 4 +- modules/sandbox/normal/sandbox_common.cpp | 67 +- modules/sandbox/normal/sandbox_common.h | 7 +- modules/sandbox/normal/sandbox_core.cpp | 1447 +++++++++++ .../sandbox_core.h} | 201 +- modules/sandbox/normal/sandbox_def.h | 4 +- .../sandbox/normal/sandbox_shared_mount.cpp | 26 +- modules/sandbox/normal/sandbox_shared_mount.h | 2 - modules/sandbox/sandbox_shared_mount.cpp | 635 ----- modules/sandbox/sandbox_shared_mount.h | 69 - modules/sandbox/sandbox_utils.cpp | 2276 ----------------- test/moduletest/BUILD.gn | 2 +- .../unittest/app_spawn_standard_test/BUILD.gn | 27 +- .../app_spawn_sandbox_test.cpp | 972 ++++--- 15 files changed, 2184 insertions(+), 3580 deletions(-) create mode 100644 modules/sandbox/normal/sandbox_core.cpp rename modules/sandbox/{sandbox_utils.h => normal/sandbox_core.h} (39%) mode change 100755 => 100644 delete mode 100644 modules/sandbox/sandbox_shared_mount.cpp delete mode 100644 modules/sandbox/sandbox_shared_mount.h delete mode 100644 modules/sandbox/sandbox_utils.cpp diff --git a/modules/sandbox/BUILD.gn b/modules/sandbox/BUILD.gn index 1edc7021..4e314e0d 100644 --- a/modules/sandbox/BUILD.gn +++ b/modules/sandbox/BUILD.gn @@ -17,17 +17,17 @@ import("//build/ohos.gni") if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) { ohos_shared_library("appspawn_sandbox") { sources = [ - "appspawn_mount_template.c", + "modern/appspawn_mount_template.c", + "modern/appspawn_sandbox.c", + "modern/sandbox_adapter.cpp", + "modern/sandbox_cfgvar.c", + "modern/sandbox_debug_mode.c", + "modern/sandbox_expand.c", + "modern/sandbox_load.c", + "modern/sandbox_manager.c", + "modern/sandbox_shared.c", "appspawn_permission.c", - "appspawn_sandbox.c", - "sandbox_adapter.cpp", - "sandbox_cfgvar.c", - "sandbox_debug_mode.c", "sandbox_dec.c", - "sandbox_expand.c", - "sandbox_load.c", - "sandbox_manager.c", - "sandbox_shared.c", ] include_dirs = [ @@ -82,12 +82,15 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) { "${appspawn_innerkits_path}/permission/appspawn_mount_permission.c", "appspawn_permission.c", "sandbox_dec.c", - "sandbox_shared_mount.cpp", - "sandbox_utils.cpp", + "normal/sandbox_shared_mount.cpp", + "normal/appspawn_sandbox_manager.cpp", + "normal/sandbox_common.cpp", + "normal/sandbox_core.cpp" ] include_dirs = [ ".", + "./normal", "${appspawn_path}/common", "${appspawn_path}/standard", "${appspawn_innerkits_path}/client", diff --git a/modules/sandbox/normal/appspawn_sandbox_manager.cpp b/modules/sandbox/normal/appspawn_sandbox_manager.cpp index db71f08f..aa9224b2 100644 --- a/modules/sandbox/normal/appspawn_sandbox_manager.cpp +++ b/modules/sandbox/normal/appspawn_sandbox_manager.cpp @@ -24,8 +24,8 @@ int32_t SetAppSandboxProperty(AppSpawnMgr *content, AppSpawningCtx *property) { - APPSPAWN_CHECK(property != nullptr, return -1, "Invalid appspwn client"); - APPSPAWN_CHECK(content != nullptr, return -1, "Invalid appspwn content"); + APPSPAWN_CHECK(property != nullptr, return -1, "Invalid appspawn client"); + APPSPAWN_CHECK(content != nullptr, return -1, "Invalid appspawn content"); // clear g_mountInfo in the child process std::map* mapPtr = static_cast*>(GetEl1BundleMountCount()); if (mapPtr == nullptr) { diff --git a/modules/sandbox/normal/sandbox_common.cpp b/modules/sandbox/normal/sandbox_common.cpp index 1b6b2a4e..efe6d560 100644 --- a/modules/sandbox/normal/sandbox_common.cpp +++ b/modules/sandbox/normal/sandbox_common.cpp @@ -41,7 +41,7 @@ namespace OHOS { namespace AppSpawn { int32_t SandboxCommon::deviceTypeEnable_ = -1; -std::map> appSandboxCJsonConfig_ = {}; +std::map> SandboxCommon::appSandboxCJsonConfig_ = {}; // 加载配置文件 uint32_t SandboxCommon::GetSandboxNsFlags(bool isNweb) @@ -89,7 +89,7 @@ uint32_t SandboxCommon::GetSandboxNsFlags(bool isNweb) return 0; }; - for (auto& config : GetJsonConfig(SandboxCommonDef::SANBOX_APP_JSON_CONFIG)) { + for (auto& config : GetCJsonConfig(SandboxCommonDef::SANDBOX_APP_JSON_CONFIG)) { // 获取 "individual" 数组 cJSON *individual = cJSON_GetObjectItemCaseSensitive(config, prefixStr); if (!individual || !cJSON_IsArray(individual)) { @@ -155,14 +155,14 @@ int SandboxCommon::LoadAppSandboxConfigCJson(AppSpawnMgr *content) sandboxCJsonRoot = GetJsonObjFromFile(appPath.c_str()); APPSPAWN_CHECK((sandboxCJsonRoot != nullptr && cJSON_IsObject(sandboxCJsonRoot)), continue, "Failed to load app data sandbox config %{public}s", appPath.c_str()); - StoreCJsonConfig(sandboxCJsonRoot, SandboxCommonDef::SANBOX_APP_JSON_CONFIG); + StoreCJsonConfig(sandboxCJsonRoot, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); std::string isolatedPath = path + SandboxCommonDef::APP_ISOLATED_JSON_CONFIG; APPSPAWN_LOGI("LoadAppSandboxConfig %{public}s", isolatedPath.c_str()); - sandboxCJsonRoot = GetJsonObjFromFile(appPath.c_str()); + sandboxCJsonRoot = GetJsonObjFromFile(isolatedPath.c_str()); APPSPAWN_CHECK((sandboxCJsonRoot != nullptr && cJSON_IsObject(sandboxCJsonRoot)), continue, - "Failed to load app data sandbox config %{public}s", appPath.c_str()); - StoreCJsonConfig(sandboxCJsonRoot, SandboxCommonDef::SANBOX_ISOLATED_JSON_CONFIG); + "Failed to load app data sandbox config %{public}s", isolatedPath.c_str()); + StoreCJsonConfig(sandboxCJsonRoot, SandboxCommonDef::SANDBOX_ISOLATED_JSON_CONFIG); } FreeCfgFiles(files); @@ -174,18 +174,19 @@ int SandboxCommon::LoadAppSandboxConfigCJson(AppSpawnMgr *content) return 0; } -void SandboxCommon::FreeAppSandboxConfigCJson(AppSpawnMgr *content) +int SandboxCommon::FreeAppSandboxConfigCJson(AppSpawnMgr *content) { UNUSED(content); - std::vector normalJsonVec = GetCJsonConfig(SandboxCommonDef::SANBOX_APP_JSON_CONFIG); + std::vector normalJsonVec = GetCJsonConfig(SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); for (auto& normal : normalJsonVec) { cJSON_Delete(normal); } - std::vector isolatedJsonVec = GetCJsonConfig(SandboxCommonDef::SANBOX_APP_JSON_CONFIG); + std::vector isolatedJsonVec = GetCJsonConfig(SandboxCommonDef::SANDBOX_ISOLATED_JSON_CONFIG); for (auto& isolated : normalJsonVec) { cJSON_Delete(isolated); } + return 0; } std::vector &SandboxCommon::GetCJsonConfig(SandboxCommonDef::SandboxConfigType type) @@ -226,7 +227,7 @@ std::string SandboxCommon::GetSandboxRootPath(const AppSpawningCtx *appProperty, } const std::string variableSandboxRoot = SandboxCommonDef::g_sandBoxRootDir + std::to_string(dacInfo->uid / UID_BASE) + "/" + isolatedFlagText.c_str() + tmpBundlePath; - + const char *sandboxRootChr = GetStringFromJsonObj(config, SandboxCommonDef::g_sandboxRootPrefix); if (sandboxRootChr != nullptr) { sandboxRoot = sandboxRootChr; @@ -378,7 +379,7 @@ bool SandboxCommon::IsDacOverrideEnabled(cJSON *config) // GetSandboxDacOverride bool SandboxCommon::GetSwitchStatus(cJSON *config) // GetSbxSwitchStatusByConfig { // if not find sandbox-switch node, default switch status is true - return GetBoolValueFromJsonObj(config, SandboxCommonDef::g_sbxSwitchCheck, true); + return GetBoolValueFromJsonObj(config, SandboxCommonDef::g_sandBoxSwitchPrefix, true); } uint32_t SandboxCommon::ConvertFlagStr(const std::string &flagStr) @@ -401,7 +402,11 @@ unsigned long SandboxCommon::GetMountFlags(cJSON *config) // GetSandboxMountFlag std::vector vec; cJSON *customizedFlags = IsDacOverrideEnabled(config) ? cJSON_GetObjectItemCaseSensitive(config, SandboxCommonDef::g_sandBoxFlagsCustomized) : - cJSON_GetObjectItemCaseSensitive(config, SandboxCommonDef::g_sandBoxFlags) + cJSON_GetObjectItemCaseSensitive(config, SandboxCommonDef::g_sandBoxFlags); + + if (!customizedFlags) { + customizedFlags = cJSON_GetObjectItemCaseSensitive(config, SandboxCommonDef::g_sandBoxFlags); + } if (customizedFlags == nullptr || !cJSON_IsArray(customizedFlags)) { return mountFlags; } @@ -413,7 +418,7 @@ unsigned long SandboxCommon::GetMountFlags(cJSON *config) // GetSandboxMountFlag } vec.emplace_back(strItem); return 0; - } + }; if (HandleArrayForeach(customizedFlags, processor) != 0) { return mountFlags; @@ -445,7 +450,7 @@ std::string SandboxCommon::GetOptions(const AppSpawningCtx *appProperty, cJSON * return options; } options = optionsChr; - options += ",user_id=" + std::to_string(dacInfo->uid /UID_BASE); + options += ",user_id=" + std::to_string(dacInfo->uid / UID_BASE); return options; } @@ -480,7 +485,7 @@ std::vector SandboxCommon::GetDecPath(const AppSpawningCtx *appProp bool SandboxCommon::IsCreateSandboxPathEnabled(cJSON *json, std::string srcPath) // GetCreateSandboxPath { bool isRet = GetBoolValueFromJsonObj(json, SandboxCommonDef::CREATE_SANDBOX_PATH, false); - if (!isRet && access(srcPath.c_str(), F_OK) != 0) { + if (isRet && access(srcPath.c_str(), F_OK) != 0) { return false; } return true; @@ -489,9 +494,9 @@ bool SandboxCommon::IsCreateSandboxPathEnabled(cJSON *json, std::string srcPath) bool SandboxCommon::IsTotalSandboxEnabled(const AppSpawningCtx *appProperty) // CheckTotalSandboxSwitchStatus { SandboxCommonDef::SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? - SandboxCommonDef::SANBOX_ISOLATED_JSON_CONFIG : SandboxCommonDef::SANBOX_APP_JSON_CONFIG; + SandboxCommonDef::SANDBOX_ISOLATED_JSON_CONFIG : SandboxCommonDef::SANDBOX_APP_JSON_CONFIG; - for (auto& wholeConfig : GetJsonConfig(type)) { + for (auto& wholeConfig : GetCJsonConfig(type)) { // 获取 "common" 数组 cJSON *common = cJSON_GetObjectItemCaseSensitive(wholeConfig, SandboxCommonDef::g_commonPrefix); if (!common || !cJSON_IsArray(common)) { @@ -511,9 +516,10 @@ bool SandboxCommon::IsTotalSandboxEnabled(const AppSpawningCtx *appProperty) // bool SandboxCommon::IsAppSandboxEnabled(const AppSpawningCtx *appProperty) // CheckAppSandboxSwitchStatus { SandboxCommonDef::SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? - SandboxCommonDef::SANBOX_ISOLATED_JSON_CONFIG : SandboxCommonDef::SANBOX_APP_JSON_CONFIG; + SandboxCommonDef::SANDBOX_ISOLATED_JSON_CONFIG : SandboxCommonDef::SANDBOX_APP_JSON_CONFIG; - for (auto& wholeConfig : GetJsonConfig(type)) { + bool ret = true; + for (auto& wholeConfig : GetCJsonConfig(type)) { // 获取 "individual" 数组 cJSON *individual = cJSON_GetObjectItemCaseSensitive(wholeConfig, SandboxCommonDef::g_privatePrefix); if (!individual || !cJSON_IsArray(individual)) { @@ -528,16 +534,21 @@ bool SandboxCommon::IsAppSandboxEnabled(const AppSpawningCtx *appProperty) // Ch if (!firstCommon) { continue; } - return GetSwitchStatus(firstCommon); + ret = GetSwitchStatus(firstCommon); + if (ret) { + break; + } } // default sandbox switch is on - return true; + return ret; } void SandboxCommon::GetSandboxMountConfig(const AppSpawningCtx *appProperty, const std::string §ion, cJSON *mntPoint, SandboxMountConfig &mountConfig) { - if (section.compare(SandboxCommonDef::g_permissionPrefix) == 0) { + if (section.compare(SandboxCommonDef::g_permissionPrefix) == 0 || + section.compare(SandboxCommonDef::g_flagePoint) == 0 || + section.compare(SandboxCommonDef::g_debughap) == 0) { mountConfig.optionsPoint = GetOptions(appProperty, mntPoint); mountConfig.fsType = GetFsType(mntPoint); mountConfig.decPaths = GetDecPath(appProperty, mntPoint); @@ -630,9 +641,9 @@ bool SandboxCommon::IsPrivateSharedStatus(const std::string &bundleName, AppSpaw { bool result = false; SandboxCommonDef::SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? - SandboxCommonDef::SANBOX_ISOLATED_JSON_CONFIG : SandboxCommonDef::SANBOX_APP_JSON_CONFIG; + SandboxCommonDef::SANDBOX_ISOLATED_JSON_CONFIG : SandboxCommonDef::SANDBOX_APP_JSON_CONFIG; - for (auto& config : GetJsonConfig(type)) { + for (auto& config : GetCJsonConfig(type)) { // 获取 "individual" 数组 cJSON *individual = cJSON_GetObjectItemCaseSensitive(config, SandboxCommonDef::g_privatePrefix); if (!individual || !cJSON_IsArray(individual)) { @@ -805,7 +816,7 @@ std::string SandboxCommon::ReplaceVariablePackageName(const AppSpawningCtx *appP variablePackageName << "+auid-" << accountId << "+" << bundleInfo->bundleName; std::string atomicServicePath = path; atomicServicePath = ReplaceAllVariables(atomicServicePath, SandboxCommonDef::g_variablePackageName, - variablePackageName.str()); + variablePackageName.str()); MakeAtomicServiceDir(appProperty, atomicServicePath, variablePackageName.str()); break; } @@ -813,8 +824,7 @@ std::string SandboxCommon::ReplaceVariablePackageName(const AppSpawningCtx *appP variablePackageName << bundleInfo->bundleName; break; } - tmpSandboxPath = ReplaceAllVariables(tmpSandboxPath, SandboxCommonDef::g_variablePackageName, - variablePackageName.str()); + tmpSandboxPath = ReplaceAllVariables(tmpSandboxPath, SandboxCommonDef::g_variablePackageName, variablePackageName.str()); APPSPAWN_LOGV("tmpSandboxPath %{public}s", tmpSandboxPath.c_str()); return tmpSandboxPath; } @@ -960,8 +970,7 @@ int32_t SandboxCommon::DoAppSandboxMountOnce(const AppSpawningCtx *appProperty, struct timespec mountEnd = {0}; clock_gettime(CLOCK_MONOTONIC_COARSE, &mountEnd); uint64_t diff = DiffTime(&mountStart, &mountEnd); - APPSPAWN_CHECK_ONLY_LOG(diff < SandboxCommonDef::MAX_MOUNT_TIME, "mount %{public}s time %{public}" PRId64 " us", - arg->srcPath, diff); + APPSPAWN_CHECK_ONLY_LOG(diff < SandboxCommonDef::MAX_MOUNT_TIME, "mount %{public}s time %{public}" PRId64 " us", arg->srcPath, diff); #ifdef APPSPAWN_HISYSEVENT APPSPAWN_CHECK_ONLY_EXPER(diff < FUNC_REPORT_DURATION, ReportAbnormalDuration("MOUNT", diff)); #endif diff --git a/modules/sandbox/normal/sandbox_common.h b/modules/sandbox/normal/sandbox_common.h index 19947f6c..2bdee646 100644 --- a/modules/sandbox/normal/sandbox_common.h +++ b/modules/sandbox/normal/sandbox_common.h @@ -50,12 +50,13 @@ typedef struct MountPointProcessParams { using ArrayItemProcessor = std::function; class SandboxCommon { + public: // 加载配置文件 static int LoadAppSandboxConfigCJson(AppSpawnMgr *content); - static void FreeAppSandboxConfigCJson(AppSpawnMgr *content); + static int FreeAppSandboxConfigCJson(AppSpawnMgr *content); static void StoreJsonConfig(cJSON *appSandboxConfig, SandboxCommonDef::SandboxConfigType type); - static std::vector &GetCJsonConfig(SandboxCommonDef::SandboxConfigType type); + static std::vector &GetCJsonConfig(SandboxCommonDef::SandboxConfigType type); // GetJsonConfig static int32_t HandleArrayForeach(cJSON *arrayJson, ArrayItemProcessor processor); @@ -129,7 +130,7 @@ private: private: static int32_t deviceTypeEnable_; - static std::map> appSandboxCJsonConfig_; // sandboxManager + static std::map> appSandboxCJsonConfig_; typedef enum { SANDBOX_PACKAGENAME_DEFAULT = 0, SANDBOX_PACKAGENAME_CLONE, diff --git a/modules/sandbox/normal/sandbox_core.cpp b/modules/sandbox/normal/sandbox_core.cpp new file mode 100644 index 00000000..033213f9 --- /dev/null +++ b/modules/sandbox/normal/sandbox_core.cpp @@ -0,0 +1,1447 @@ +/* + * Copyright (C) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "sandbox_core.h" + +#include +#include +#include +#include +#include +#include +#include "securec.h" +#include "appspawn_manager.h" +#include "appspawn_trace.h" +#include "appspawn_utils.h" +#include "sandbox_dec.h" +#include "sandbox_def.h" +#ifdef APPSPAWN_HISYSEVENT +#include "hisysevent_adapter.h" +#endif + +#ifdef WITH_DLP +#include "dlp_fuse_fd.h" +#endif + +namespace OHOS { +namespace AppSpawn { + +bool SandboxCore::NeedNetworkIsolated(AppSpawningCtx *property) +{ + int developerMode = IsDeveloperModeOpen(); + if (CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX) && !developerMode) { + return true; + } + + if (CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_NETWORK)) { + std::string extensionType = SandboxCommon::GetExtraInfoByType(property, MSG_EXT_NAME_EXTENSION_TYPE); + if (extensionType.length() == 0 || !developerMode) { + return true; + } + } + + return false; +} + +int SandboxCore::EnableSandboxNamespace(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags) +{ +#ifdef APPSPAWN_HISYSEVENT + struct timespec startClock = {0}; + clock_gettime(CLOCK_MONOTONIC, &startClock); +#endif + int rc = unshare(sandboxNsFlags); +#ifdef APPSPAWN_HISYSEVENT + struct timespec endClock = {0}; + clock_gettime(CLOCK_MONOTONIC, &endClock); + uint64_t diff = DiffTime(&startClock, &endClock); + APPSPAWN_CHECK_ONLY_EXPER(diff < FUNC_REPORT_DURATION, ReportAbnormalDuration("unshare", diff)); +#endif + APPSPAWN_CHECK(rc == 0, return rc, "unshare %{public}s failed, err %{public}d", GetBundleName(appProperty), errno); + + if ((sandboxNsFlags & CLONE_NEWNET) == CLONE_NEWNET) { + rc = EnableNewNetNamespace(); + APPSPAWN_CHECK(rc == 0, return rc, "Set %{public}s new netnamespace failed", GetBundleName(appProperty)); + } + return 0; +} + +uint32_t SandboxCore::GetAppMsgFlags(const AppSpawningCtx *property) +{ + APPSPAWN_CHECK(property != nullptr && property->message != nullptr, + return 0, "Invalid property for name %{public}u", TLV_MSG_FLAGS); + AppSpawnMsgFlags *msgFlags = (AppSpawnMsgFlags *)GetAppSpawnMsgInfo(property->message, TLV_MSG_FLAGS); + APPSPAWN_CHECK(msgFlags != nullptr, + return 0, "No TLV_MSG_FLAGS in msg %{public}s", property->message->msgHeader.processName); + return msgFlags->flags[0]; +} + +bool SandboxCore::CheckMountFlag(const AppSpawningCtx *appProperty, const std::string bundleName, + cJSON *appConfig) +{ + const char *flagChr = GetStringFromJsonObj(appConfig, SandboxCommonDef::g_flags); + if (flagChr == nullptr) { + return false; + } + std::string flagStr(flagChr); + if (((SandboxCommon::ConvertFlagStr(flagStr) & GetAppMsgFlags(appProperty)) != 0) && + bundleName.find("wps") != std::string::npos) { + return true; + } + return false; +} + +void SandboxCore::UpdateMsgFlagsWithPermission(AppSpawningCtx *appProperty) +{ + int32_t processIndex = GetPermissionIndex(nullptr, SandboxCommonDef::GET_ALL_PROCESSES_MODE.c_str()); + if ((CheckAppPermissionFlagSet(appProperty, static_cast(processIndex)) == 0)) { + APPSPAWN_LOGV("Don't need set GET_ALL_PROCESSES_MODE flag"); + return; + } + + int ret = SetAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_GET_ALL_PROCESSES); + if (ret != 0) { + APPSPAWN_LOGV("Set GET_ALL_PROCESSES_MODE flag failed"); + } +} + +int32_t SandboxCore::UpdatePermissionFlags(AppSpawningCtx *appProperty) +{ + int32_t index = 0; + int32_t appFullMountStatus = SandboxCommon::CheckAppFullMountEnable(); + if (appFullMountStatus == SandboxCommonDef::FILE_CROSS_APP_STATUS) { + index = GetPermissionIndex(nullptr, SandboxCommonDef::FILE_CROSS_APP_MODE.c_str()); + } else if (appFullMountStatus == SandboxCommonDef::FILE_ACCESS_COMMON_DIR_STATUS) { + index = GetPermissionIndex(nullptr, SandboxCommonDef::FILE_ACCESS_COMMON_DIR_MODE.c_str()); + } + int32_t fileMgrIndex = GetPermissionIndex(nullptr, SandboxCommonDef::FILE_ACCESS_MANAGER_MODE.c_str()); + if (index > 0 && (CheckAppPermissionFlagSet(appProperty, static_cast(fileMgrIndex)) == 0)) { + return SetAppPermissionFlags(appProperty, index); + } + return 0; +} + +std::string SandboxCore::GetSandboxPath(const AppSpawningCtx *appProperty, cJSON *mntPoint, + const std::string §ion, std::string sandboxRoot) +{ + std::string sandboxPath = ""; + const char *tmpSandboxPathChr = GetStringFromJsonObj(mntPoint, SandboxCommonDef::g_sandBoxPath); + if (tmpSandboxPathChr == nullptr) { + return ""; + } + std::string tmpSandboxPath(tmpSandboxPathChr); + if (section.compare(SandboxCommonDef::g_permissionPrefix) == 0) { + sandboxPath = sandboxRoot + SandboxCommon::ConvertToRealPathWithPermission(appProperty, tmpSandboxPath); + } else { + sandboxPath = sandboxRoot + SandboxCommon::ConvertToRealPath(appProperty, tmpSandboxPath); + } + return sandboxPath; +} + +int32_t SandboxCore::DoDlpAppMountStrategy(const AppSpawningCtx *appProperty, const std::string &srcPath, + const std::string &sandboxPath, const std::string &fsType, unsigned long mountFlags) +{ + AppSpawnMsgDacInfo *dacInfo = reinterpret_cast(GetAppProperty(appProperty, TLV_DAC_INFO)); + if (dacInfo == nullptr) { + return -1; + } + + // umount fuse path, make sure that sandbox path is not a mount point + umount2(sandboxPath.c_str(), MNT_DETACH); + + int fd = open("/dev/fuse", O_RDWR); + APPSPAWN_CHECK(fd != -1, return -EINVAL, "open /dev/fuse failed, errno is %{public}d", errno); + + char options[SandboxCommonDef::OPTIONS_MAX_LEN]; + (void)sprintf_s(options, sizeof(options), "fd=%d," + "rootmode=40000,user_id=%u,group_id=%u,allow_other," + "context=\"u:object_r:dlp_fuse_file:s0\"," + "fscontext=u:object_r:dlp_fuse_file:s0", + fd, dacInfo->uid, dacInfo->gid); + + // To make sure destinationPath exist + (void)SandboxCommon::CreateDirRecursive(sandboxPath, SandboxCommonDef::FILE_MODE); + + int ret = 0; +#ifndef APPSPAWN_TEST + APPSPAWN_LOGV("Bind mount %{public}s to %{public}s '%{public}s' '%{public}lu' '%{public}s'", + srcPath.c_str(), sandboxPath.c_str(), fsType.c_str(), mountFlags, options); + ret = mount(srcPath.c_str(), sandboxPath.c_str(), fsType.c_str(), mountFlags, options); + APPSPAWN_CHECK(ret == 0, close(fd); + return ret, "DoDlpAppMountStrategy failed, bind mount %{public}s to %{public}s failed %{public}d", + srcPath.c_str(), sandboxPath.c_str(), errno); + + ret = mount(nullptr, sandboxPath.c_str(), nullptr, MS_SHARED, nullptr); + APPSPAWN_CHECK(ret == 0, close(fd); + return ret, "errno is: %{public}d, private mount to %{public}s failed", errno, sandboxPath.c_str()); +#endif + /* set DLP_FUSE_FD */ +#ifdef WITH_DLP + SetDlpFuseFd(fd); +#endif + return fd; +} + +int32_t SandboxCore::HandleSpecialAppMount(const AppSpawningCtx *appProperty, const std::string &srcPath, + const std::string &sandboxPath, const std::string &fsType, unsigned long mountFlags) +{ + std::string bundleName = GetBundleName(appProperty); + std::string processName = GetProcessName(appProperty); + /* dlp application mount strategy */ + /* dlp is an example, we should change to real bundle name later */ + if (bundleName.find(SandboxCommonDef::g_dlpBundleName) != std::string::npos && + processName.compare(SandboxCommonDef::g_dlpBundleName) == 0) { + if (!fsType.empty()) { + return DoDlpAppMountStrategy(appProperty, srcPath, sandboxPath, fsType, mountFlags); + } + } + return -1; +} + +cJSON *SandboxCore::GetPrivateJsonInfo(const AppSpawningCtx *appProperty, cJSON *wholeConfig) +{ + cJSON *firstPrivate = GetFirstCommonConfig(wholeConfig, SandboxCommonDef::g_privatePrefix); + if (!firstPrivate) { + return nullptr; + } + + const char *bundleName = GetBundleName(appProperty); + return GetFirstSubConfig(firstPrivate, bundleName); +} + +int32_t SandboxCore::DoSandboxFilePrivateBind(const AppSpawningCtx *appProperty, cJSON *wholeConfig) +{ + cJSON *bundleNameInfo = GetPrivateJsonInfo(appProperty, wholeConfig); + if (bundleNameInfo == nullptr) { + return 0; + } + (void)DoAddGid((AppSpawningCtx *)appProperty, bundleNameInfo, "", SandboxCommonDef::g_privatePrefix); + return DoAllMntPointsMount(appProperty, bundleNameInfo, nullptr, SandboxCommonDef::g_privatePrefix); +} + +int32_t SandboxCore::DoSandboxFilePrivateSymlink(const AppSpawningCtx *appProperty, cJSON *wholeConfig) +{ + cJSON *bundleNameInfo = GetPrivateJsonInfo(appProperty, wholeConfig); + if (bundleNameInfo == nullptr) { + return 0; + } + return DoAllSymlinkPointslink(appProperty, bundleNameInfo); +} + +int32_t SandboxCore::DoSandboxFilePrivateFlagsPointHandle(const AppSpawningCtx *appProperty, cJSON *wholeConfig) +{ + cJSON *bundleNameInfo = GetPrivateJsonInfo(appProperty, wholeConfig); + if (bundleNameInfo == nullptr) { + return 0; + } + return HandleFlagsPoint(appProperty, bundleNameInfo); +} + +int32_t SandboxCore::SetPrivateAppSandboxProperty_(const AppSpawningCtx *appProperty, cJSON *config) +{ + int ret = DoSandboxFilePrivateBind(appProperty, config); + APPSPAWN_CHECK(ret == 0, return ret, "DoSandboxFilePrivateBind failed"); + + ret = DoSandboxFilePrivateSymlink(appProperty, config); + APPSPAWN_CHECK_ONLY_LOG(ret == 0, "DoSandboxFilePrivateSymlink failed"); + + ret = DoSandboxFilePrivateFlagsPointHandle(appProperty, config); + APPSPAWN_CHECK_ONLY_LOG(ret == 0, "DoSandboxFilePrivateFlagsPointHandle failed"); + + return ret; +} + +int32_t SandboxCore::DoSandboxFilePermissionBind(AppSpawningCtx *appProperty, cJSON *wholeConfig) +{ + cJSON *permission = cJSON_GetObjectItemCaseSensitive(wholeConfig, SandboxCommonDef::g_permissionPrefix); + if (!permission || !cJSON_IsArray(permission)) { + return 0; + } + + auto processor = [&appProperty](cJSON *item) { + cJSON *permissionChild = item->child; + while (permissionChild != nullptr) { + int index = GetPermissionIndex(nullptr, permissionChild->string); + APPSPAWN_LOGV("DoSandboxFilePermissionBind %{public}s index %{public}d", permissionChild->string, index); + if (CheckAppPermissionFlagSet(appProperty, static_cast(index)) == 0) { + permissionChild = permissionChild->next; + continue; + } + DoAddGid(appProperty, permissionChild, permissionChild->string, SandboxCommonDef::g_permissionPrefix); + cJSON *permissionMountPaths = cJSON_GetArrayItem(permissionChild, 0); + if (!permissionMountPaths) { + permissionChild = permissionChild->next; + continue; + } + DoAddGid(appProperty, permissionMountPaths, permissionChild->string, SandboxCommonDef::g_permissionPrefix); + DoAllMntPointsMount(appProperty, permissionMountPaths, permissionChild->string, + SandboxCommonDef::g_permissionPrefix); + + permissionChild = permissionChild->next; + } + return 0; + }; + + return SandboxCommon::HandleArrayForeach(permission, processor); +} + +int32_t SandboxCore::SetPermissionAppSandboxProperty_(AppSpawningCtx *appProperty, cJSON *config) +{ + int ret = DoSandboxFilePermissionBind(appProperty, config); + APPSPAWN_CHECK(ret == 0, return ret, "DoSandboxFilePermissionBind failed"); + return ret; +} + +cJSON *SandboxCore::GetFirstCommonConfig(cJSON *wholeConfig, const char *prefix) +{ + cJSON *commonConfig = cJSON_GetObjectItemCaseSensitive(wholeConfig, prefix); + if (!commonConfig || !cJSON_IsArray(commonConfig)) { + return nullptr; + } + + return cJSON_GetArrayItem(commonConfig, 0); +} + +cJSON *SandboxCore::GetFirstSubConfig(cJSON *parent, const char *key) +{ + cJSON *config = cJSON_GetObjectItemCaseSensitive(parent, key); + if (!config || !cJSON_IsArray(config)) { + return nullptr; + } + + return cJSON_GetArrayItem(config, 0); +} + +int32_t SandboxCore::DoSandboxFileCommonBind(const AppSpawningCtx *appProperty, cJSON *wholeConfig) +{ + cJSON *firstCommon = GetFirstCommonConfig(wholeConfig, SandboxCommonDef::g_commonPrefix); + if (!firstCommon) { + return 0; + } + + cJSON *appBaseConfig = GetFirstSubConfig(firstCommon, SandboxCommonDef::g_appBase); + if (!appBaseConfig) { + return 0; + } + + int ret = DoAllMntPointsMount(appProperty, appBaseConfig, nullptr, SandboxCommonDef::g_appBase); + if (ret) { + return ret; + } + + cJSON *appResourcesConfig = GetFirstSubConfig(firstCommon, SandboxCommonDef::g_appResources); + if (!appResourcesConfig) { + return 0; + } + ret = DoAllMntPointsMount(appProperty, appResourcesConfig, nullptr, SandboxCommonDef::g_appResources); + return ret; +} + +int32_t SandboxCore::DoSandboxFileCommonSymlink(const AppSpawningCtx *appProperty, cJSON *wholeConfig) +{ + cJSON *firstCommon = GetFirstCommonConfig(wholeConfig, SandboxCommonDef::g_commonPrefix); + if (!firstCommon) { + return 0; + } + + cJSON *appBaseConfig = GetFirstSubConfig(firstCommon, SandboxCommonDef::g_appBase); + if (!appBaseConfig) { + return 0; + } + + int ret = DoAllSymlinkPointslink(appProperty, appBaseConfig); + if (ret) { + return ret; + } + + cJSON *appResourcesConfig = GetFirstSubConfig(firstCommon, SandboxCommonDef::g_appResources); + if (!appResourcesConfig) { + return 0; + } + ret = DoAllSymlinkPointslink(appProperty, appResourcesConfig); + return ret; +} + +int32_t SandboxCore::DoSandboxFileCommonFlagsPointHandle(const AppSpawningCtx *appProperty, cJSON *wholeConfig) +{ + cJSON *firstCommon = GetFirstCommonConfig(wholeConfig, SandboxCommonDef::g_commonPrefix); + if (!firstCommon) { + return 0; + } + + cJSON *appResoucesConfig = GetFirstSubConfig(firstCommon, SandboxCommonDef::g_appResources); + if (!appResoucesConfig) { + return 0; + } + + return HandleFlagsPoint(appProperty, appResoucesConfig); +} + +int32_t SandboxCore::SetCommonAppSandboxProperty_(const AppSpawningCtx *appProperty, cJSON *config) +{ + int rc = 0; + rc = DoSandboxFileCommonBind(appProperty, config); + APPSPAWN_CHECK(rc == 0, return rc, "DoSandboxFileCommonBind failed, %{public}s", GetBundleName(appProperty)); + + // if sandbox switch is off, don't do symlink work again + if (SandboxCommon::IsAppSandboxEnabled(appProperty) == true && + (SandboxCommon::IsTotalSandboxEnabled(appProperty) == true)) { + rc = DoSandboxFileCommonSymlink(appProperty, config); + APPSPAWN_CHECK(rc == 0, return rc, "DoSandboxFileCommonSymlink failed, %{public}s", GetBundleName(appProperty)); + } + + rc = DoSandboxFileCommonFlagsPointHandle(appProperty, config); + APPSPAWN_CHECK_ONLY_LOG(rc == 0, "DoSandboxFilePrivateFlagsPointHandle failed"); + + return rc; +} + +static inline bool CheckPath(const std::string& name) +{ + return !name.empty() && name != "." && name != ".." && name.find("/") == std::string::npos; +} + +static inline cJSON *GetJsonObjFromProperty(const AppSpawningCtx *appProperty, const char *name) +{ + uint32_t size = 0; + const char *extInfo = (char *)(GetAppSpawnMsgExtInfo(appProperty->message, name, &size)); + if (size == 0 || extInfo == nullptr) { + return nullptr; + } + APPSPAWN_LOGV("Get json name %{public}s value %{public}s", name, extInfo); + cJSON *root = cJSON_Parse(extInfo); + APPSPAWN_CHECK(root != nullptr, return nullptr, "Invalid ext info %{public}s for %{public}s", extInfo, name); + return root; +} + +int32_t SandboxCore::MountAllHsp(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath) +{ + if (appProperty == nullptr || sandboxPackagePath == "") { + return 0; + } + int ret = 0; + cJSON *hspRoot = GetJsonObjFromProperty(appProperty, SandboxCommonDef::HSPLIST_SOCKET_TYPE.c_str()); + APPSPAWN_CHECK_ONLY_EXPER(hspRoot != nullptr && cJSON_IsObject(hspRoot), return 0); + + cJSON *bundles = cJSON_GetObjectItemCaseSensitive(hspRoot, "bundles"); + cJSON *modules = cJSON_GetObjectItemCaseSensitive(hspRoot, "modules"); + cJSON *versions = cJSON_GetObjectItemCaseSensitive(hspRoot, "versions"); + APPSPAWN_CHECK(bundles != nullptr && cJSON_IsArray(bundles), return -1, "MountAllHsp: invalid bundles"); + APPSPAWN_CHECK(modules != nullptr && cJSON_IsArray(modules), return -1, "MountAllHsp: invalid modules"); + APPSPAWN_CHECK(versions != nullptr && cJSON_IsArray(versions), return -1, "MountAllHsp: invalid versions"); + int count = cJSON_GetArraySize(bundles); + APPSPAWN_CHECK(count == cJSON_GetArraySize(modules), return -1, "MountAllHsp: sizes are not same"); + APPSPAWN_CHECK(count == cJSON_GetArraySize(versions), return -1, "MountAllHsp: sizes are not same"); + + APPSPAWN_LOGI("MountAllHsp app: %{public}s, count: %{public}d", GetBundleName(appProperty), count); + for (int i = 0; i < count; i++) { + if (!(cJSON_IsString(cJSON_GetArrayItem(bundles, i)) && cJSON_IsString(cJSON_GetArrayItem(modules, i)) && + cJSON_IsString(cJSON_GetArrayItem(versions, i)))) { + return -1; + } + const char *libBundleName = cJSON_GetStringValue(cJSON_GetArrayItem(bundles, i)); + const char *libModuleName = cJSON_GetStringValue(cJSON_GetArrayItem(modules, i)); + const char *libVersion = cJSON_GetStringValue(cJSON_GetArrayItem(versions, i)); + APPSPAWN_CHECK(libBundleName != nullptr && libModuleName != nullptr && libVersion != nullptr, + return -1, "MountAllHsp: config error"); + APPSPAWN_CHECK(CheckPath(libBundleName) && CheckPath(libModuleName) && CheckPath(libVersion), + return -1, "MountAllHsp: path error"); + + std::string libPhysicalPath = SandboxCommonDef::g_physicalAppInstallPath + libBundleName + "/" + + libVersion + "/" + libModuleName; + std::string mntPath = + sandboxPackagePath + SandboxCommonDef::g_sandboxHspInstallPath + libBundleName + "/" + libModuleName; + SharedMountArgs arg = { + .srcPath = libPhysicalPath.c_str(), + .destPath = mntPath.c_str() + }; + ret = SandboxCommon::DoAppSandboxMountOnce(appProperty, &arg); + APPSPAWN_CHECK(ret == 0, return 0, "mount library failed %{public}d", ret); + } + cJSON_Delete(hspRoot); + return 0; +} + +int32_t SandboxCore::MountAllGroup(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath) +{ + if (appProperty == nullptr || sandboxPackagePath == "") { + return 0; + } + cJSON *dataGroupRoot = GetJsonObjFromProperty(appProperty, SandboxCommonDef::DATA_GROUP_SOCKET_TYPE.c_str()); + APPSPAWN_CHECK_ONLY_EXPER(dataGroupRoot != nullptr, return 0); + + mode_t mountSharedFlag = MS_SLAVE; + if (CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX)) { + APPSPAWN_LOGV("Data group flags is isolated"); + mountSharedFlag |= MS_REMOUNT | MS_NODEV | MS_RDONLY | MS_BIND; + } + + auto processor = [&appProperty, &sandboxPackagePath, &mountSharedFlag](cJSON *item) { + APPSPAWN_CHECK(IsValidDataGroupItem(item), return -1, "MountAllGroup: data group item error"); + const char *srcPathChr = GetStringFromJsonObj(item, SandboxCommonDef::g_groupList_key_dir.c_str()); + if (srcPathChr == nullptr) { + return 0; + } + std::string srcPath(srcPathChr); + APPSPAWN_CHECK(!CheckPath(srcPath), return -1, "MountAllGroup: path error"); + const char *uuidChr = GetStringFromJsonObj(item, SandboxCommonDef::g_groupList_key_uuid.c_str()); + if (uuidChr == nullptr) { + return 0; + } + std::string uuidStr(uuidChr); + + int elxValue = GetElxInfoFromDir(srcPath.c_str()); + APPSPAWN_CHECK((elxValue >= EL2 && elxValue < ELX_MAX), return -1, "Get elx value failed"); + + const DataGroupSandboxPathTemplate *templateItem = GetDataGroupArgTemplate(elxValue); + APPSPAWN_CHECK(templateItem != nullptr, return -1, "Get data group arg template failed"); + + // If permission isn't null, need check permission flag + if (templateItem->permission != nullptr) { + int index = GetPermissionIndex(nullptr, templateItem->permission); + APPSPAWN_LOGV("mount dir no lock mount permission flag %{public}d", index); + if (CheckAppPermissionFlagSet(appProperty, static_cast(index)) == 0) { + return 0; + } + } + + std::string mntPath = sandboxPackagePath + templateItem->sandboxPath + uuidStr; + SharedMountArgs arg = { + .srcPath = srcPath.c_str(), + .destPath = mntPath.c_str(), + .mountSharedFlag = mountSharedFlag + }; + int result = SandboxCommon::DoAppSandboxMountOnce(appProperty, &arg); + if (result != 0) { + APPSPAWN_LOGE("mount el%{public}d datagroup failed", elxValue); + } + return 0; + }; + int ret = SandboxCommon::HandleArrayForeach(dataGroupRoot, processor); + cJSON_Delete(dataGroupRoot); + return ret; +} + +int32_t SandboxCore::ProcessMountPoint(cJSON *mntPoint, MountPointProcessParams ¶ms) +{ + APPSPAWN_CHECK_ONLY_EXPER(SandboxCommon::IsValidMountConfig(mntPoint, params.appProperty, params.checkFlag), + return 0); + const char *srcPathChr = GetStringFromJsonObj(mntPoint, SandboxCommonDef::g_srcPath); + const char *sandboxPathChr = GetStringFromJsonObj(mntPoint, SandboxCommonDef::g_sandBoxPath); + if (srcPathChr == nullptr || sandboxPathChr == nullptr) { + return 0; + } + std::string srcPath(srcPathChr); + std::string sandboxPath(sandboxPathChr); + srcPath = SandboxCommon::ConvertToRealPath(params.appProperty, srcPath); + APPSPAWN_CHECK_ONLY_EXPER(SandboxCommon::IsCreateSandboxPathEnabled(mntPoint, srcPath), return 0); + sandboxPath = GetSandboxPath(params.appProperty, mntPoint, params.section, params.sandboxRoot); + SandboxMountConfig mountConfig = {0}; + SandboxCommon::GetSandboxMountConfig(params.appProperty, params.section, mntPoint, mountConfig); + SharedMountArgs arg = { + .srcPath = srcPath.c_str(), + .destPath = sandboxPath.c_str(), + .fsType = mountConfig.fsType.c_str(), + .mountFlags = SandboxCommon::GetMountFlags(mntPoint), + .options = mountConfig.optionsPoint.c_str(), + .mountSharedFlag = + GetBoolValueFromJsonObj(mntPoint, SandboxCommonDef::g_mountSharedFlag, false) ? MS_SHARED : MS_SLAVE + }; + + /* if app mount failed for special strategy, we need deal with common mount config */ + int ret = HandleSpecialAppMount(params.appProperty, arg.srcPath, arg.destPath, arg.fsType, arg.mountFlags); + if (ret < 0) { + ret = SandboxCommon::DoAppSandboxMountOnce(params.appProperty, &arg); + } + APPSPAWN_CHECK(ret == 0 || !SandboxCommon::IsMountSuccessful(mntPoint), +#ifdef APPSPAWN_HISYSEVENT + ReportMountFail(params.bundleName.c_str(), arg.srcPath, arg.destPath, errno); + ret = APPSPAWN_SANDBOX_MOUNT_FAIL; +#endif + return ret, + "DoAppSandboxMountOnce section %{public}s failed, %{public}s", params.section.c_str(), arg.destPath); + SetDecPolicyWithPermission(params.appProperty, mountConfig); + SandboxCommon::SetSandboxPathChmod(mntPoint, params.sandboxRoot); + return 0; +} + +int32_t SandboxCore::DoAllMntPointsMount(const AppSpawningCtx *appProperty, cJSON *appConfig, + const char *typeName, const std::string §ion) +{ + std::string bundleName = GetBundleName(appProperty); + cJSON *mountPoints = cJSON_GetObjectItemCaseSensitive(appConfig, SandboxCommonDef::g_mountPrefix); + if (mountPoints == nullptr || !cJSON_IsArray(mountPoints)) { + APPSPAWN_LOGI("mount config is not found in %{public}s, app name is %{public}s", + section.c_str(), bundleName.c_str()); + return 0; + } + + std::string sandboxRoot = SandboxCommon::GetSandboxRootPath(appProperty, appConfig); + bool checkFlag = CheckMountFlag(appProperty, bundleName, appConfig); + MountPointProcessParams mountPointParams = { + .appProperty = appProperty, + .checkFlag = checkFlag, + .section = section, + .sandboxRoot = sandboxRoot, + .bundleName = bundleName + }; + + auto processor = [&mountPointParams](cJSON *mntPoint) { + return ProcessMountPoint(mntPoint, mountPointParams); + }; + + return SandboxCommon::HandleArrayForeach(mountPoints, processor); +} + +int32_t SandboxCore::DoAddGid(AppSpawningCtx *appProperty, cJSON *appConfig, + const char *permissionName, const std::string §ion) +{ + AppSpawnMsgDacInfo *dacInfo = reinterpret_cast(GetAppProperty(appProperty, TLV_DAC_INFO)); + if (dacInfo == nullptr) { + return 0; + } + + cJSON *mountPoints = cJSON_GetObjectItemCaseSensitive(appConfig, SandboxCommonDef::g_gidPrefix); + if (mountPoints == nullptr || !cJSON_IsArray(mountPoints)) { + return 0; + } + + std::string bundleName = GetBundleName(appProperty); + auto processor = [&dacInfo](cJSON *item) { + gid_t gid = 0; + if (cJSON_IsNumber(item)) { + gid = (gid_t)cJSON_GetNumberValue(item); + } + if (gid <= 0) { + return 0; + } + if (dacInfo->gidCount < APP_MAX_GIDS) { + dacInfo->gidTable[dacInfo->gidCount++] = gid; + } + return 0; + }; + + return SandboxCommon::HandleArrayForeach(mountPoints, processor); +} + +int32_t SandboxCore::DoAllSymlinkPointslink(const AppSpawningCtx *appProperty, cJSON *appConfig) +{ + cJSON *symlinkPoints = cJSON_GetObjectItemCaseSensitive(appConfig, SandboxCommonDef::g_symlinkPrefix); + if (symlinkPoints == nullptr || !cJSON_IsArray(symlinkPoints)) { + APPSPAWN_LOGV("symlink config is not found"); + return 0; + } + + std::string sandboxRoot = SandboxCommon::GetSandboxRootPath(appProperty, appConfig); + auto processor = [&appProperty, &sandboxRoot](cJSON *item) { + const char *targetNameChr = GetStringFromJsonObj(item, SandboxCommonDef::g_targetName); + const char *linkNameChr = GetStringFromJsonObj(item, SandboxCommonDef::g_linkName); + if (targetNameChr == nullptr || linkNameChr == nullptr) { + return 0; + } + std::string targetName(targetNameChr); + std::string linkName(linkNameChr); + targetName = SandboxCommon::ConvertToRealPath(appProperty, targetName); + linkName = sandboxRoot + SandboxCommon::ConvertToRealPath(appProperty, linkName); + int ret = symlink(targetName.c_str(), linkName.c_str()); + if (ret && errno != EEXIST && SandboxCommon::IsMountSuccessful(item)) { + APPSPAWN_LOGE("errno is %{public}d, symlink failed, %{public}s", errno, linkName.c_str()); + return -1; + } + SandboxCommon::SetSandboxPathChmod(item, sandboxRoot); + return 0; + }; + + return SandboxCommon::HandleArrayForeach(symlinkPoints, processor); +} + +int32_t SandboxCore::DoSandboxRootFolderCreateAdapt(std::string &sandboxPackagePath) +{ +#ifndef APPSPAWN_TEST + int rc = mount(nullptr, "/", nullptr, MS_REC | MS_SLAVE, nullptr); + APPSPAWN_CHECK(rc == 0, return rc, "set propagation slave failed"); +#endif + (void)SandboxCommon::CreateDirRecursive(sandboxPackagePath, SandboxCommonDef::FILE_MODE); + + // bind mount "/" to /mnt/sandbox// path + // rootfs: to do more resources bind mount here to get more strict resources constraints +#ifndef APPSPAWN_TEST + rc = mount("/", sandboxPackagePath.c_str(), nullptr, SandboxCommonDef::BASIC_MOUNT_FLAGS, nullptr); + APPSPAWN_CHECK(rc == 0, return rc, "mount bind / failed, %{public}d", errno); +#endif + return 0; +} + +int32_t SandboxCore::DoSandboxRootFolderCreate(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath) +{ +#ifndef APPSPAWN_TEST + int rc = mount(nullptr, "/", nullptr, MS_REC | MS_SLAVE, nullptr); + if (rc) { + return rc; + } +#endif + SharedMountArgs arg = { + .srcPath = sandboxPackagePath.c_str(), + .destPath = sandboxPackagePath.c_str() + }; + SandboxCommon::DoAppSandboxMountOnce(appProperty, &arg); + + return 0; +} + +int32_t SandboxCore::HandleFlagsPoint(const AppSpawningCtx *appProperty, cJSON *appConfig) +{ + cJSON *flagsPoints = cJSON_GetObjectItemCaseSensitive(appConfig, SandboxCommonDef::g_flagePoint); + if (flagsPoints == nullptr || !cJSON_IsArray(flagsPoints)) { + APPSPAWN_LOGV("flag points config is not found"); + return 0; + } + + auto processor = [&appProperty](cJSON *item) { + const char *flagsChr = GetStringFromJsonObj(item, SandboxCommonDef::g_flags); + if (flagsChr == nullptr) { + return 0; + } + std::string flagsStr(flagsChr); + uint32_t flag = SandboxCommon::ConvertFlagStr(flagsStr); + if ((GetAppMsgFlags(appProperty) & flag) == 0) { + return 0; + } + return DoAllMntPointsMount(appProperty, item, nullptr, SandboxCommonDef::g_flagePoint); + }; + return SandboxCommon::HandleArrayForeach(flagsPoints, processor); +} + +int32_t SandboxCore::SetOverlayAppSandboxProperty(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath) +{ + int ret = 0; + if (!CheckAppMsgFlagsSet(appProperty, APP_FLAGS_OVERLAY)) { + return ret; + } + + std::string overlayInfo = SandboxCommon::GetExtraInfoByType(appProperty, SandboxCommonDef::OVERLAY_SOCKET_TYPE); + std::set mountedSrcSet; + std::vector splits = SandboxCommon::SplitString(overlayInfo, SandboxCommonDef::g_overlayDecollator); + std::string sandboxOverlayPath = sandboxPackagePath + SandboxCommonDef::g_overlayPath; + for (auto hapPath : splits) { + size_t pathIndex = hapPath.find_last_of(SandboxCommonDef::g_fileSeparator); + if (pathIndex == std::string::npos) { + continue; + } + std::string srcPath = hapPath.substr(0, pathIndex); + if (mountedSrcSet.find(srcPath) != mountedSrcSet.end()) { + APPSPAWN_LOGV("%{public}s have mounted before, no need to mount twice.", srcPath.c_str()); + continue; + } + + auto bundleNameIndex = srcPath.find_last_of(SandboxCommonDef::g_fileSeparator); + std::string destPath = sandboxOverlayPath + srcPath.substr(bundleNameIndex + 1, srcPath.length()); + SharedMountArgs arg = { + .srcPath = srcPath.c_str(), + .destPath = destPath.c_str() + }; + int32_t retMount = SandboxCommon::DoAppSandboxMountOnce(appProperty, &arg); + if (retMount != 0) { + APPSPAWN_LOGE("fail to mount overlay path, src is %{public}s.", hapPath.c_str()); + ret = retMount; + } + + mountedSrcSet.emplace(srcPath); + } + return ret; +} + +int32_t SandboxCore::SetBundleResourceAppSandboxProperty(const AppSpawningCtx *appProperty, + std::string &sandboxPackagePath) +{ + if (!CheckAppMsgFlagsSet(appProperty, APP_FLAGS_BUNDLE_RESOURCES)) { + return 0; + } + + std::string destPath = sandboxPackagePath + SandboxCommonDef::g_bundleResourceDestPath; + SharedMountArgs arg = { + .srcPath = SandboxCommonDef::g_bundleResourceSrcPath.c_str(), + .destPath = destPath.c_str() + }; + return SandboxCommon::DoAppSandboxMountOnce(appProperty, &arg); +} + +int32_t SandboxCore::SetCommonAppSandboxProperty(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath) +{ + int ret = 0; + SandboxCommonDef::SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? + SandboxCommonDef::SANDBOX_ISOLATED_JSON_CONFIG : SandboxCommonDef::SANDBOX_APP_JSON_CONFIG; + + for (auto& jsonConfig : SandboxCommon::GetCJsonConfig(type)) { + ret = SetCommonAppSandboxProperty_(appProperty, jsonConfig); + APPSPAWN_CHECK(ret == 0, return ret, + "parse appdata config for common failed, %{public}s", sandboxPackagePath.c_str()); + } + + ret = MountAllHsp(appProperty, sandboxPackagePath); + APPSPAWN_CHECK(ret == 0, return ret, "mount extraInfo failed, %{public}s", sandboxPackagePath.c_str()); + + ret = MountAllGroup(appProperty, sandboxPackagePath); + APPSPAWN_CHECK(ret == 0, return ret, "mount groupList failed, %{public}s", sandboxPackagePath.c_str()); + + AppSpawnMsgDomainInfo *info = + reinterpret_cast(GetAppProperty(appProperty, TLV_DOMAIN_INFO)); + APPSPAWN_CHECK(info != nullptr, return -1, "No domain info %{public}s", sandboxPackagePath.c_str()); + if (strcmp(info->apl, SandboxCommonDef::APL_SYSTEM_BASIC.data()) == 0 || + strcmp(info->apl, SandboxCommonDef::APL_SYSTEM_CORE.data()) == 0 || + CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ACCESS_BUNDLE_DIR)) { + // need permission check for system app here + std::string destbundlesPath = sandboxPackagePath + SandboxCommonDef::g_dataBundles; + SharedMountArgs arg = { + .srcPath = SandboxCommonDef::g_physicalAppInstallPath.c_str(), + .destPath = destbundlesPath.c_str() + }; + SandboxCommon::DoAppSandboxMountOnce(appProperty, &arg); + } + + return 0; +} + +int32_t SandboxCore::SetPrivateAppSandboxProperty(const AppSpawningCtx *appProperty) +{ + int ret = 0; + SandboxCommonDef::SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? + SandboxCommonDef::SANDBOX_ISOLATED_JSON_CONFIG : SandboxCommonDef::SANDBOX_APP_JSON_CONFIG; + + for (auto& config : SandboxCommon::GetCJsonConfig(type)) { + ret = SetPrivateAppSandboxProperty_(appProperty, config); + APPSPAWN_CHECK(ret == 0, return ret, "parse adddata-sandbox config failed"); + } + return ret; +} + +int32_t SandboxCore::SetPermissionAppSandboxProperty(AppSpawningCtx *appProperty) +{ + int ret = 0; + SandboxCommonDef::SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? + SandboxCommonDef::SANDBOX_ISOLATED_JSON_CONFIG : SandboxCommonDef::SANDBOX_APP_JSON_CONFIG; + + for (auto& config : SandboxCommon::GetCJsonConfig(type)) { + ret = SetPermissionAppSandboxProperty_(appProperty, config); + APPSPAWN_CHECK(ret == 0, return ret, "parse permission config failed"); + } + return ret; +} + +int32_t SandboxCore::SetSandboxProperty(AppSpawningCtx *appProperty, std::string &sandboxPackagePath) +{ + int32_t ret = 0; + const std::string bundleName = GetBundleName(appProperty); + ret = SetCommonAppSandboxProperty(appProperty, sandboxPackagePath); + APPSPAWN_CHECK(ret == 0, return ret, "SetCommonAppSandboxProperty failed, packagename is %{public}s", + bundleName.c_str()); + if (SandboxCommon::HasPrivateInBundleName(bundleName)) { + ret = SetPrivateAppSandboxProperty(appProperty); + APPSPAWN_CHECK(ret == 0, return ret, "SetPrivateAppSandboxProperty failed, packagename is %{public}s", + bundleName.c_str()); + } + ret = SetPermissionAppSandboxProperty(appProperty); + APPSPAWN_CHECK(ret == 0, return ret, "SetPermissionAppSandboxProperty failed, packagename is %{public}s", + bundleName.c_str()); + + ret = SetOverlayAppSandboxProperty(appProperty, sandboxPackagePath); + APPSPAWN_CHECK(ret == 0, return ret, "SetOverlayAppSandboxProperty failed, packagename is %{public}s", + bundleName.c_str()); + + ret = SetBundleResourceAppSandboxProperty(appProperty, sandboxPackagePath); + APPSPAWN_CHECK(ret == 0, return ret, "SetBundleResourceAppSandboxProperty failed, packagename is %{public}s", + bundleName.c_str()); + APPSPAWN_LOGV("Set appsandbox property success"); + return ret; +} + +int32_t SandboxCore::SetAppSandboxProperty(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags) +{ + APPSPAWN_CHECK(appProperty != nullptr, return -1, "Invalid appspawn client"); + if (SandboxCommon::CheckBundleName(GetBundleName(appProperty)) != 0) { + return -1; + } + AppSpawnMsgDacInfo *dacInfo = reinterpret_cast(GetAppProperty(appProperty, TLV_DAC_INFO)); + if (dacInfo == nullptr) { + return -1; + } + + const std::string bundleName = GetBundleName(appProperty); + cJSON *tmpJson = nullptr; + std::string sandboxPackagePath = SandboxCommon::GetSandboxRootPath(appProperty, tmpJson); + SandboxCommon::CreateDirRecursiveWithClock(sandboxPackagePath.c_str(), SandboxCommonDef::FILE_MODE); + bool sandboxSharedStatus = SandboxCommon::IsPrivateSharedStatus(bundleName, appProperty) || + (CheckAppPermissionFlagSet(appProperty, static_cast(GetPermissionIndex(nullptr, + SandboxCommonDef::ACCESS_DLP_FILE_MODE.c_str()))) != 0); + + // add pid to a new mnt namespace + int rc = EnableSandboxNamespace(appProperty, sandboxNsFlags); + APPSPAWN_CHECK(rc == 0, return rc, "unshare failed, packagename is %{public}s", bundleName.c_str()); + if (UpdatePermissionFlags(appProperty) != 0) { + APPSPAWN_LOGW("Set app permission flag fail."); + return -1; + } + UpdateMsgFlagsWithPermission(appProperty); + // check app sandbox switch + if ((SandboxCommon::IsTotalSandboxEnabled(appProperty) == false) || + (SandboxCommon::IsAppSandboxEnabled(appProperty) == false)) { + rc = DoSandboxRootFolderCreateAdapt(sandboxPackagePath); + } else if (!sandboxSharedStatus) { + rc = DoSandboxRootFolderCreate(appProperty, sandboxPackagePath); + } + APPSPAWN_CHECK(rc == 0, return rc, "DoSandboxRootFolderCreate failed, %{public}s", bundleName.c_str()); + rc = SetSandboxProperty(appProperty, sandboxPackagePath); + APPSPAWN_CHECK(rc == 0, return rc, "SetSandboxProperty failed, %{public}s", bundleName.c_str()); + +#ifdef APPSPAWN_MOUNT_TMPSHM + MountDevShmPath(sandboxPackagePath); +#endif + +#ifndef APPSPAWN_TEST + rc = ChangeCurrentDir(sandboxPackagePath, bundleName, sandboxSharedStatus); + APPSPAWN_CHECK(rc == 0, return rc, "change current dir failed"); + APPSPAWN_LOGV("Change root dir success"); +#endif + SetDecWithDir(appProperty, dacInfo->uid / UID_BASE); + SetDecDenyWithDir(appProperty); + SetDecPolicy(); +#if defined(APPSPAWN_MOUNT_TMPSHM) && defined(WITH_SELINUX) + Restorecon(DEV_SHM_DIR); +#endif + return 0; +} + +int32_t SandboxCore::SetRenderSandboxPropertyNweb(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath) +{ + char *processType = (char *)(GetAppSpawnMsgExtInfo(appProperty->message, MSG_EXT_NAME_PROCESS_TYPE, nullptr)); + APPSPAWN_CHECK(processType != nullptr, return -1, "Invalid processType data"); + SandboxCommonDef::SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? + SandboxCommonDef::SANDBOX_ISOLATED_JSON_CONFIG : SandboxCommonDef::SANDBOX_APP_JSON_CONFIG; + + int ret = 0; + const char *bundleName = GetBundleName(appProperty); + for (auto& config : SandboxCommon::GetCJsonConfig(type)) { + cJSON *firstIndividual = GetFirstCommonConfig(config, SandboxCommonDef::g_privatePrefix); + if (!firstIndividual) { + continue; + } + if (strcmp(processType, "render") == 0) { + cJSON *renderInfo = GetFirstSubConfig(firstIndividual, SandboxCommonDef::g_ohosRender.c_str()); + if (!renderInfo) { + continue; + } + ret = DoAllMntPointsMount(appProperty, renderInfo, nullptr, SandboxCommonDef::g_ohosRender); + APPSPAWN_CHECK(ret == 0, return ret, "DoAllMntPointsMount failed, %{public}s", bundleName); + + ret = DoAllSymlinkPointslink(appProperty, renderInfo); + APPSPAWN_CHECK(ret == 0, return ret, "DoAllSymlinkPointslink failed, %{public}s", bundleName); + + ret = HandleFlagsPoint(appProperty, renderInfo); + APPSPAWN_CHECK_ONLY_LOG(ret == 0, "HandleFlagsPoint for render-sandbox failed, %{public}s", bundleName); + } else if (strcmp(processType, "gpu") == 0) { + cJSON *gpuInfo = GetFirstSubConfig(firstIndividual, SandboxCommonDef::g_ohosGpu.c_str()); + if (!gpuInfo) { + continue; + } + ret = DoAllMntPointsMount(appProperty, gpuInfo, nullptr, SandboxCommonDef::g_ohosGpu); + APPSPAWN_CHECK(ret == 0, return ret, "DoAllMntPointsMount failed, %{public}s", bundleName); + + ret = DoAllSymlinkPointslink(appProperty, gpuInfo); + APPSPAWN_CHECK(ret == 0, return ret, "DoAllSymlinkPointslink failed, %{public}s", bundleName); + + ret = HandleFlagsPoint(appProperty, gpuInfo); + APPSPAWN_CHECK_ONLY_LOG(ret == 0, "HandleFlagsPoint for gpu-sandbox failed, %{public}s", bundleName); + } + } + + return 0; +} + +int32_t SandboxCore::SetAppSandboxPropertyNweb(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags) +{ + APPSPAWN_CHECK(appProperty != nullptr, return -1, "Invalid appspawn client"); + if (SandboxCommon::CheckBundleName(GetBundleName(appProperty)) != 0) { + return -1; + } + std::string sandboxPackagePath = SandboxCommonDef::g_sandBoxRootDirNweb; + const std::string bundleName = GetBundleName(appProperty); + bool sandboxSharedStatus = SandboxCommon::IsPrivateSharedStatus(bundleName, appProperty); + sandboxPackagePath += bundleName; + SandboxCommon::CreateDirRecursiveWithClock(sandboxPackagePath.c_str(), SandboxCommonDef::FILE_MODE); + + // add pid to a new mnt namespace + int rc = EnableSandboxNamespace(appProperty, sandboxNsFlags); + APPSPAWN_CHECK(rc == 0, return rc, "unshare failed, packagename is %{public}s", bundleName.c_str()); + + // check app sandbox switch + if ((SandboxCommon::IsTotalSandboxEnabled(appProperty) == false) || + (SandboxCommon::IsAppSandboxEnabled(appProperty) == false)) { + rc = DoSandboxRootFolderCreateAdapt(sandboxPackagePath); + } else if (!sandboxSharedStatus) { + rc = DoSandboxRootFolderCreate(appProperty, sandboxPackagePath); + } + APPSPAWN_CHECK(rc == 0, return rc, "DoSandboxRootFolderCreate failed, %{public}s", bundleName.c_str()); + // rendering process can be created by different apps, + // and the bundle names of these apps are different, + // so we can't use the method SetPrivateAppSandboxProperty + // which mount dirs by using bundle name. + rc = SetRenderSandboxPropertyNweb(appProperty, sandboxPackagePath); + APPSPAWN_CHECK(rc == 0, return rc, "SetRenderSandboxPropertyNweb for %{public}s failed", bundleName.c_str()); + + rc = SetOverlayAppSandboxProperty(appProperty, sandboxPackagePath); + APPSPAWN_CHECK(rc == 0, return rc, "SetOverlayAppSandboxProperty for %{public}s failed", bundleName.c_str()); + + rc = SetBundleResourceAppSandboxProperty(appProperty, sandboxPackagePath); + APPSPAWN_CHECK(rc == 0, return rc, "SetBundleResourceAppSandboxProperty for %{public}s failed", bundleName.c_str()); + +#ifndef APPSPAWN_TEST + rc = chdir(sandboxPackagePath.c_str()); + APPSPAWN_CHECK(rc == 0, return rc, "chdir %{public}s failed, err %{public}d", sandboxPackagePath.c_str(), errno); + + if (sandboxSharedStatus) { + rc = chroot(sandboxPackagePath.c_str()); + APPSPAWN_CHECK(rc == 0, return rc, "chroot %{public}s failed, err %{public}d", + sandboxPackagePath.c_str(), errno); + return 0; + } + + rc = syscall(SYS_pivot_root, sandboxPackagePath.c_str(), sandboxPackagePath.c_str()); + APPSPAWN_CHECK(rc == 0, return rc, "pivot %{public}s failed, err %{public}d", sandboxPackagePath.c_str(), errno); + + rc = umount2(".", MNT_DETACH); + APPSPAWN_CHECK(rc == 0, return rc, "MNT_DETACH failed, packagename is %{public}s", bundleName.c_str()); +#endif + return 0; +} + +int32_t SandboxCore::ChangeCurrentDir(std::string &sandboxPackagePath, const std::string &bundleName, + bool sandboxSharedStatus) +{ + int32_t ret = 0; + ret = chdir(sandboxPackagePath.c_str()); + APPSPAWN_CHECK(ret == 0, return ret, "chdir %{public}s failed, err %{public}d", sandboxPackagePath.c_str(), errno); + + if (sandboxSharedStatus) { + ret = chroot(sandboxPackagePath.c_str()); + APPSPAWN_CHECK(ret == 0, return ret, "chroot %{public}s failed, err %{public}d", + sandboxPackagePath.c_str(), errno); + return ret; + } + + ret = syscall(SYS_pivot_root, sandboxPackagePath.c_str(), sandboxPackagePath.c_str()); + APPSPAWN_CHECK(ret == 0, return ret, "pivot %{public}s failed, err %{public}d", sandboxPackagePath.c_str(), errno); + + ret = umount2(".", MNT_DETACH); + APPSPAWN_CHECK(ret == 0, return ret, "MNT_DETACH failed, packagename is %{public}s", bundleName.c_str()); + return ret; +} + + + +static const DecDenyPathTemplate DEC_DENY_PATH_MAP[] = { + {"ohos.permission.READ_WRITE_DOWNLOAD_DIRECTORY", "/storage/Users/currentUser/Download"}, + {"ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", "/storage/Users/currentUser/Desktop"}, + {"ohos.permission.READ_WRITE_DOCUMENTS_DIRECTORY", "/storage/Users/currentUser/Documents"}, +}; + +int32_t SandboxCore::SetDecWithDir(const AppSpawningCtx *appProperty, uint32_t userId) +{ + AppSpawnMsgAccessToken *tokenInfo = + reinterpret_cast(GetAppProperty(appProperty, TLV_ACCESS_TOKEN_INFO)); + APPSPAWN_CHECK(tokenInfo != nullptr, return APPSPAWN_MSG_INVALID, "Get token id failed."); + + AppSpawnMsgBundleInfo *bundleInfo = + reinterpret_cast(GetAppProperty(appProperty, TLV_BUNDLE_INFO)); + APPSPAWN_CHECK(bundleInfo != nullptr, return APPSPAWN_MSG_INVALID, "No bundle info in msg %{public}s", + GetBundleName(appProperty)); + + uint32_t flags = CheckAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_ATOMIC_SERVICE) ? 0x4 : 0; + if (flags == 0) { + flags = (CheckAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_CLONE_ENABLE) && + bundleInfo->bundleIndex > 0) ? 0x1 : 0; + } + std::ostringstream clonePackageName; + if (flags == 1) { + clonePackageName << "+clone-" << bundleInfo->bundleIndex << "+" << bundleInfo->bundleName; + } else { + clonePackageName << bundleInfo->bundleName; + } + std::string dir = "/storage/Users/currentUser/Download/" + clonePackageName.str(); + DecPolicyInfo decPolicyInfo = {0}; + decPolicyInfo.pathNum = 1; + PathInfo pathInfo = {0}; + pathInfo.path = strdup(dir.c_str()); + if (pathInfo.path == nullptr) { + APPSPAWN_LOGE("strdup %{public}s failed, err %{public}d", dir.c_str(), errno); + return APPSPAWN_MSG_INVALID; + } + pathInfo.pathLen = static_cast(strlen(pathInfo.path)); + pathInfo.mode = SANDBOX_MODE_WRITE | SANDBOX_MODE_READ; + decPolicyInfo.path[0] = pathInfo; + decPolicyInfo.tokenId = tokenInfo->accessTokenIdEx; + decPolicyInfo.flag = true; + SetDecPolicyInfos(&decPolicyInfo); + + if (decPolicyInfo.path[0].path) { + free(decPolicyInfo.path[0].path); + decPolicyInfo.path[0].path = nullptr; + } + return 0; +} + +int32_t SandboxCore::SetDecPolicyWithPermission(const AppSpawningCtx *appProperty, SandboxMountConfig &mountConfig) +{ + if (mountConfig.decPaths.size() == 0) { + return 0; + } + AppSpawnMsgAccessToken *tokenInfo = + reinterpret_cast(GetAppProperty(appProperty, TLV_ACCESS_TOKEN_INFO)); + APPSPAWN_CHECK(tokenInfo != nullptr, return APPSPAWN_MSG_INVALID, "Get token id failed."); + + DecPolicyInfo decPolicyInfo = {0}; + decPolicyInfo.pathNum = mountConfig.decPaths.size(); + int ret = 0; + for (uint32_t i = 0; i < decPolicyInfo.pathNum; i++) { + PathInfo pathInfo = {0}; + pathInfo.path = strdup(mountConfig.decPaths[i].c_str()); + if (pathInfo.path == nullptr) { + APPSPAWN_LOGE("strdup %{public}s failed, err %{public}d", mountConfig.decPaths[i].c_str(), errno); + ret = APPSPAWN_ERROR_UTILS_MEM_FAIL; + goto EXIT; + } + pathInfo.pathLen = static_cast(strlen(pathInfo.path)); + pathInfo.mode = SANDBOX_MODE_WRITE | SANDBOX_MODE_READ; + decPolicyInfo.path[i] = pathInfo; + } + decPolicyInfo.tokenId = tokenInfo->accessTokenIdEx; + decPolicyInfo.flag = true; + SetDecPolicyInfos(&decPolicyInfo); +EXIT: + for (uint32_t i = 0; i < decPolicyInfo.pathNum; i++) { + if (decPolicyInfo.path[i].path) { + free(decPolicyInfo.path[i].path); + decPolicyInfo.path[i].path = nullptr; + } + } + return ret; +} + +void SandboxCore::SetDecDenyWithDir(const AppSpawningCtx *appProperty) +{ + int32_t userFileIndex = GetPermissionIndex(nullptr, SandboxCommonDef::READ_WRITE_USER_FILE_MODE.c_str()); + if (CheckAppPermissionFlagSet(appProperty, static_cast(userFileIndex)) == 0) { + APPSPAWN_LOGV("The app doesn't have %{public}s, no need to set deny rules", + SandboxCommonDef::READ_WRITE_USER_FILE_MODE.c_str()); + return; + } + + AppSpawnMsgAccessToken *tokenInfo = + reinterpret_cast(GetAppProperty(appProperty, TLV_ACCESS_TOKEN_INFO)); + APPSPAWN_CHECK(tokenInfo != nullptr, return, "Get token id failed"); + + DecPolicyInfo decPolicyInfo = {0}; + decPolicyInfo.pathNum = 0; + uint32_t count = ARRAY_LENGTH(DEC_DENY_PATH_MAP); + for (uint32_t i = 0, j = 0; i < count; i++) { + int32_t index = GetPermissionIndex(nullptr, DEC_DENY_PATH_MAP[i].permission); + if (CheckAppPermissionFlagSet(appProperty, static_cast(index))) { + continue; + } + PathInfo pathInfo = {0}; + pathInfo.path = const_cast(DEC_DENY_PATH_MAP[i].decPath); + pathInfo.pathLen = static_cast(strlen(pathInfo.path)); + pathInfo.mode = DEC_MODE_DENY_READ | DEC_MODE_DENY_WRITE; + decPolicyInfo.path[j++] = pathInfo; + decPolicyInfo.pathNum += 1; + } + decPolicyInfo.tokenId = tokenInfo->accessTokenIdEx; + decPolicyInfo.flag = true; + SetDecPolicyInfos(&decPolicyInfo); +} + +std::string SandboxCore::ConvertDebugRealPath(const AppSpawningCtx *appProperty, std::string path) +{ + AppSpawnMsgBundleInfo *info = + reinterpret_cast(GetAppProperty(appProperty, TLV_BUNDLE_INFO)); + AppSpawnMsgDacInfo *dacInfo = reinterpret_cast(GetAppProperty(appProperty, TLV_DAC_INFO)); + if (info == nullptr || dacInfo == nullptr) { + return ""; + } + if (CheckAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_ATOMIC_SERVICE)) { + path = SandboxCommon::ReplaceAllVariables(path, SandboxCommonDef::g_variablePackageName, info->bundleName); + } + return SandboxCommon::ConvertToRealPath(appProperty, path); +} + +void SandboxCore::DoUninstallDebugSandbox(std::vector &bundleList, cJSON *config) +{ + cJSON *mountPoints = cJSON_GetObjectItemCaseSensitive(config, SandboxCommonDef::g_mountPrefix); + if (mountPoints == nullptr || !cJSON_IsArray(mountPoints)) { + APPSPAWN_LOGI("Invalid mountPoints"); + return; + } + + auto processor = [&bundleList](cJSON *mntPoint) { + const char *srcPathChr = GetStringFromJsonObj(mntPoint, SandboxCommonDef::g_srcPath); + const char *sandboxPathChr = GetStringFromJsonObj(mntPoint, SandboxCommonDef::g_sandBoxPath); + if (srcPathChr == nullptr || sandboxPathChr == nullptr) { + return 0; + } + std::string sandboxPath(sandboxPathChr); + for (const auto& currentBundle : bundleList) { + sandboxPath = currentBundle + sandboxPath; + APPSPAWN_LOGV("DoUninstallDebugSandbox with path %{public}s", sandboxPath.c_str()); + APPSPAWN_CHECK(access(sandboxPath.c_str(), F_OK) == 0, return 0, + "Invalid path %{public}s", sandboxPath.c_str()); + int ret = umount2(sandboxPath.c_str(), MNT_DETACH); + APPSPAWN_CHECK_ONLY_LOG(ret == 0, "umount failed %{public}d %{public}d", ret, errno); + ret = rmdir(sandboxPath.c_str()); + APPSPAWN_CHECK_ONLY_LOG(ret == 0, "rmdir failed %{public}d %{public}d", ret, errno); + } + return 0; + }; + + (void)SandboxCommon::HandleArrayForeach(mountPoints, processor); +} + +int32_t SandboxCore::GetPackageList(AppSpawningCtx *property, std::vector &bundleList, bool tmp) +{ + APPSPAWN_CHECK(property != nullptr, return APPSPAWN_ARG_INVALID, "Invalid property"); + AppDacInfo *info = reinterpret_cast(GetAppProperty(property, TLV_DAC_INFO)); + if (GetBundleName(property) == nullptr ||SandboxCommon::CheckBundleName(GetBundleName(property)) != 0 || + info == nullptr) { + std::string uid; + char *userId = (char *)GetAppSpawnMsgExtInfo(property->message, MSG_EXT_NAME_USERID, nullptr); + if (userId != nullptr) { + uid = std::string(userId); + } else { + APPSPAWN_CHECK(info != nullptr, return APPSPAWN_ARG_INVALID, "Invalid dacInfo"); + uid = std::to_string(info->uid / UID_BASE); + } + std::string defaultSandboxRoot = (tmp ? SandboxCommonDef::g_mntTmpRoot : SandboxCommonDef::g_mntShareRoot) + + uid + "/debug_hap"; + APPSPAWN_CHECK(access(defaultSandboxRoot.c_str(), F_OK) == 0, return APPSPAWN_ARG_INVALID, + "Failed to access %{public}s, err %{public}d", defaultSandboxRoot.c_str(), errno); + + DIR *dir = opendir(defaultSandboxRoot.c_str()); + if (dir == nullptr) { + APPSPAWN_LOGE("Failed to open %{public}s, err %{public}d", defaultSandboxRoot.c_str(), errno); + return APPSPAWN_SYSTEM_ERROR; + } + struct dirent *entry; + while ((entry = readdir(dir)) != nullptr) { + if (entry->d_name[0] == '.') { + continue; + } + std::string packagePath = defaultSandboxRoot + "/" + std::string(entry->d_name); + APPSPAWN_LOGV("GetPackageList %{public}s", packagePath.c_str()); + bundleList.push_back(packagePath); + } + closedir(dir); + } else { + bundleList.push_back(ConvertDebugRealPath(property, tmp ? SandboxCommonDef::g_mntTmpSandboxRoot : + SandboxCommonDef::g_mntShareSandboxRoot)); + } + return 0; +} + +int32_t SandboxCore::UninstallDebugSandbox(AppSpawnMgr *content, AppSpawningCtx *property) +{ + APPSPAWN_CHECK(property != nullptr && content != nullptr, return APPSPAWN_ARG_INVALID, "Invalid property"); + + std::vector bundleList; + int ret = GetPackageList(property, bundleList, true); + APPSPAWN_CHECK(ret == 0, return -1, "GetPackageList failed"); + SandboxCommonDef::SandboxConfigType type = CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? + SandboxCommonDef::SANDBOX_ISOLATED_JSON_CONFIG : SandboxCommonDef::SANDBOX_APP_JSON_CONFIG; + for (auto& wholeConfig : SandboxCommon::GetCJsonConfig(type)) { + cJSON *debugJson = GetFirstCommonConfig(wholeConfig, SandboxCommonDef::g_debughap); + if (!debugJson) { + continue; + } + cJSON *debugCommonConfig = GetFirstSubConfig(debugJson, SandboxCommonDef::g_commonPrefix); + if (!debugCommonConfig) { + continue; + } + DoUninstallDebugSandbox(bundleList, debugCommonConfig); + + cJSON *debugPermissionConfig = GetFirstSubConfig(debugJson, SandboxCommonDef::g_permissionPrefix); + if (!debugPermissionConfig) { + continue; + } + + cJSON *permissionChild = debugPermissionConfig->child; + while (permissionChild != nullptr) { + DoUninstallDebugSandbox(bundleList, permissionChild); + permissionChild = permissionChild->next; + } + } + bundleList.clear(); + ret = GetPackageList(property, bundleList, false); + APPSPAWN_CHECK(ret == 0, return -1, "GetPackageList failed"); + for (const auto& currentBundle : bundleList) { + std::string sandboxPath = currentBundle; + APPSPAWN_LOGV("UninstallDebugSandbox with path %{public}s", sandboxPath.c_str()); + APPSPAWN_CHECK(access(sandboxPath.c_str(), F_OK) == 0, continue, + "Invalid path %{public}s", sandboxPath.c_str()); + ret = umount2(sandboxPath.c_str(), MNT_DETACH); + APPSPAWN_CHECK_ONLY_LOG(ret == 0, "umount failed %{public}d %{public}d", ret, errno); + ret = rmdir(sandboxPath.c_str()); + APPSPAWN_CHECK_ONLY_LOG(ret == 0, "rmdir failed %{public}d %{public}d", ret, errno); + } + + return 0; +} + +int32_t SandboxCore::DoMountDebugPoints(const AppSpawningCtx *appProperty, cJSON *appConfig) +{ + std::string bundleName = GetBundleName(appProperty); + cJSON *mountPoints = cJSON_GetObjectItemCaseSensitive(appConfig, SandboxCommonDef::g_mountPrefix); + if (mountPoints == nullptr || !cJSON_IsArray(mountPoints)) { + APPSPAWN_LOGI("mount config is not found, app name is %{public}s", bundleName.c_str()); + return 0; + } + + std::string sandboxRoot = ConvertDebugRealPath(appProperty, SandboxCommonDef::g_mntTmpSandboxRoot); + int atomicService = CheckAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_ATOMIC_SERVICE); + + auto processor = [&sandboxRoot, &atomicService, &appProperty](cJSON *mntPoint) { + const char *srcPathChr = GetStringFromJsonObj(mntPoint, SandboxCommonDef::g_srcPath); + const char *sandboxPathChr = GetStringFromJsonObj(mntPoint, SandboxCommonDef::g_sandBoxPath); + if (srcPathChr == nullptr || sandboxPathChr == nullptr) { + return 0; + } + std::string srcPath(srcPathChr); + std::string sandboxPath(sandboxPathChr); + srcPath = SandboxCommon::ConvertToRealPath(appProperty, srcPath); + sandboxPath = GetSandboxPath(appProperty, mntPoint, SandboxCommonDef::g_debughap, sandboxRoot); + if (access(sandboxPath.c_str(), F_OK) == 0) { + APPSPAWN_CHECK(atomicService, return 0, "sandbox path already exist"); + APPSPAWN_CHECK(umount2(sandboxPath.c_str(), MNT_DETACH) == 0, return 0, + "umount sandbox path failed, errno is %{public}d %{public}s", errno, sandboxPath.c_str()); + } + SandboxMountConfig mountConfig = {0}; + SandboxCommon::GetSandboxMountConfig(appProperty, SandboxCommonDef::g_debughap, mntPoint, mountConfig); + SharedMountArgs arg = { + .srcPath = srcPath.c_str(), + .destPath = sandboxPath.c_str(), + .fsType = mountConfig.fsType.c_str(), + .mountFlags = SandboxCommon::GetMountFlags(mntPoint), + .options = mountConfig.optionsPoint.c_str(), + .mountSharedFlag = + GetBoolValueFromJsonObj(mntPoint, SandboxCommonDef::g_mountSharedFlag, false) ? MS_SHARED : MS_SLAVE + }; + int ret = SandboxCommon::DoAppSandboxMountOnce(appProperty, &arg); + APPSPAWN_CHECK(ret == 0 || !SandboxCommon::IsMountSuccessful(mntPoint), return ret, + "DoMountDebugPoints %{public}s failed", arg.destPath); + return ret; + }; + + (void)SandboxCommon::HandleArrayForeach(mountPoints, processor); + return 0; +} + +int32_t SandboxCore::MountDebugSharefs(const AppSpawningCtx *property, const char *src, const char *target) +{ + char dataPath[SandboxCommonDef::OPTIONS_MAX_LEN] = {0}; + int ret = snprintf_s(dataPath, SandboxCommonDef::OPTIONS_MAX_LEN, SandboxCommonDef::OPTIONS_MAX_LEN - 1, + "%s/data", target); + if (ret >= 0 && access(dataPath, F_OK) == 0) { + return 0; + } + + ret = MakeDirRec(target, SandboxCommonDef::FILE_MODE, 1); + if (ret != 0) { + return APPSPAWN_SANDBOX_ERROR_MKDIR_FAIL; + } + + AppDacInfo *info = reinterpret_cast(GetAppProperty(property, TLV_DAC_INFO)); + if (info == nullptr) { + return APPSPAWN_ARG_INVALID; + } + char options[SandboxCommonDef::OPTIONS_MAX_LEN] = {0}; + ret = snprintf_s(options, SandboxCommonDef::OPTIONS_MAX_LEN, SandboxCommonDef::OPTIONS_MAX_LEN - 1, + "override_support_delete,user_id=%u", info->uid / UID_BASE); + if (ret <= 0) { + return APPSPAWN_ERROR_UTILS_MEM_FAIL; + } + + if (mount(src, target, "sharefs", MS_NODEV, options) != 0) { + APPSPAWN_LOGE("sharefs mount %{public}s to %{public}s failed, errno %{public}d", src, target, errno); + return APPSPAWN_SANDBOX_ERROR_MOUNT_FAIL; + } + if (mount(nullptr, target, nullptr, MS_SHARED, nullptr) != 0) { + APPSPAWN_LOGE("mount path %{public}s to shared failed, errno %{public}d", target, errno); + return APPSPAWN_SANDBOX_ERROR_MOUNT_FAIL; + } + + return 0; +} + +int32_t SandboxCore::InstallDebugSandbox(AppSpawnMgr *content, AppSpawningCtx *property) +{ + if (!IsDeveloperModeOn(property)) { + return 0; + } + + uint32_t len = 0; + char *provisionType = reinterpret_cast(GetAppPropertyExt(property, + MSG_EXT_NAME_PROVISION_TYPE, &len)); + if (provisionType == nullptr || len == 0 || strcmp(provisionType, "debug") != 0) { + return 0; + } + + SandboxCommonDef::SandboxConfigType type = CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? + SandboxCommonDef::SANDBOX_ISOLATED_JSON_CONFIG : SandboxCommonDef::SANDBOX_APP_JSON_CONFIG; + + for (auto& wholeConfig : SandboxCommon::GetCJsonConfig(type)) { + cJSON *debugJson = GetFirstCommonConfig(wholeConfig, SandboxCommonDef::g_debughap); + if (!debugJson) { + continue; + } + cJSON *debugCommonConfig = GetFirstSubConfig(debugJson, SandboxCommonDef::g_commonPrefix); + if (!debugCommonConfig) { + continue; + } + DoMountDebugPoints(property, debugCommonConfig); + + cJSON *debugPermissionConfig = GetFirstSubConfig(debugJson, SandboxCommonDef::g_permissionPrefix); + if (!debugPermissionConfig) { + continue; + } + + cJSON *permissionChild = debugPermissionConfig->child; + while (permissionChild != nullptr) { + int index = GetPermissionIndex(nullptr, permissionChild->string); + if (CheckAppPermissionFlagSet(property, static_cast(index)) == 0) { + permissionChild = permissionChild->next; + continue; + } + cJSON *permissionMountPaths = cJSON_GetArrayItem(permissionChild, 0); + if (!permissionMountPaths) { + permissionChild = permissionChild->next; + continue; + } + DoMountDebugPoints(property, permissionMountPaths); + + permissionChild = permissionChild->next; + } + } + + MountDebugSharefs(property, ConvertDebugRealPath(property, SandboxCommonDef::g_mntTmpSandboxRoot).c_str(), + ConvertDebugRealPath(property, SandboxCommonDef::g_mntShareSandboxRoot).c_str()); + return 0; +} +} // namespace AppSpawn +} // namespace OHOS diff --git a/modules/sandbox/sandbox_utils.h b/modules/sandbox/normal/sandbox_core.h old mode 100755 new mode 100644 similarity index 39% rename from modules/sandbox/sandbox_utils.h rename to modules/sandbox/normal/sandbox_core.h index a5d1b7e1..9f379b72 --- a/modules/sandbox/sandbox_utils.h +++ b/modules/sandbox/normal/sandbox_core.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2022-2023 Huawei Device Co., Ltd. + * Copyright (C) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,131 +13,116 @@ * limitations under the License. */ -#ifndef SANDBOX_UTILS_H -#define SANDBOX_UTILS_H +#ifndef SANDBOX_CORE_H +#define SANDBOX_CORE_H -#include #include -#include -#include #include - -#include "sandbox_shared_mount.h" +#include +#include "sandbox_def.h" +#include "appspawn_msg.h" #include "appspawn_server.h" #include "appspawn_manager.h" - -typedef enum { - SANBOX_APP_JSON_CONFIG, - SANBOX_ISOLATED_JSON_CONFIG -} SandboxConfigType; +#include "sandbox_shared_mount.h" +#include "sandbox_common.h" namespace OHOS { namespace AppSpawn { -class SandboxUtils { + +class SandboxCore { public: - static void StoreJsonConfig(nlohmann::json &appSandboxConfig, SandboxConfigType type); - static std::vector &GetJsonConfig(SandboxConfigType type); - static int32_t SetAppSandboxProperty(AppSpawningCtx *client, uint32_t sandboxNsFlags = CLONE_NEWNS); - static int32_t SetAppSandboxPropertyNweb(AppSpawningCtx *client, uint32_t sandboxNsFlags = CLONE_NEWNS); - static uint32_t GetSandboxNsFlags(bool isNweb); - static std::set GetMountPermissionNames(); - static std::string GetExtraInfoByType(const AppSpawningCtx *appProperty, const std::string &type); - typedef struct { - unsigned long mountFlags; - std::string optionsPoint; - std::string fsType; - std::string sandboxPath; - std::vector decPaths; - } SandboxMountConfig; - -#ifndef APPSPAWN_TEST -private: -#endif - static int32_t DoAppSandboxMountOnce(const AppSpawningCtx *appProperty, const SharedMountArgs *arg); - static int32_t DoSandboxFileCommonBind(const AppSpawningCtx *appProperty, nlohmann::json &wholeConfig); - static int32_t DoSandboxFileCommonSymlink(const AppSpawningCtx *appProperty, - nlohmann::json &wholeConfig); - static int32_t DoSandboxFilePrivateBind(const AppSpawningCtx *appProperty, nlohmann::json &wholeConfig); - static int32_t DoSandboxFilePrivateSymlink(const AppSpawningCtx *appProperty, - nlohmann::json &wholeConfig); - static int32_t DoSandboxFilePrivateFlagsPointHandle(const AppSpawningCtx *appProperty, - nlohmann::json &wholeConfig); - static int32_t DoSandboxFileCommonFlagsPointHandle(const AppSpawningCtx *appProperty, - nlohmann::json &wholeConfig); - static int32_t HandleFlagsPoint(const AppSpawningCtx *appProperty, - nlohmann::json &wholeConfig); - static int32_t SetPrivateAppSandboxProperty(const AppSpawningCtx *appProperty); - static int32_t SetCommonAppSandboxProperty(const AppSpawningCtx *appProperty, - std::string &sandboxPackagePath); - static int32_t MountAllHsp(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath); - static int32_t MountAllGroup(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath); + // 沙箱挂载公共处理 + static int32_t DoAllMntPointsMount(const AppSpawningCtx *appProperty, cJSON *appConfig, + const char *typeName, const std::string §ion = "app-base"); + static int32_t DoAddGid(AppSpawningCtx *appProperty, cJSON *appConfig, + const char* permissionName, const std::string §ion); + static int32_t DoAllSymlinkPointslink(const AppSpawningCtx *appProperty, cJSON *appConfig); + static int32_t DoSandboxRootFolderCreate(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath); static int32_t DoSandboxRootFolderCreateAdapt(std::string &sandboxPackagePath); - static int32_t DoSandboxRootFolderCreate(const AppSpawningCtx *appProperty, - std::string &sandboxPackagePath); - static int32_t SetDecPolicyWithPermission(const AppSpawningCtx *appProperty, SandboxMountConfig &mountConfig); - static int32_t SetDecWithDir(const AppSpawningCtx *appProperty, uint32_t userId); - static void SetDecDenyWithDir(const AppSpawningCtx *appProperty); - static void DoSandboxChmod(nlohmann::json jsonConfig, std::string &sandboxRoot); - static int DoAllMntPointsMount(const AppSpawningCtx *appProperty, - nlohmann::json &appConfig, const char *typeName, const std::string §ion = "app-base"); - static int DoAllSymlinkPointslink(const AppSpawningCtx *appProperty, nlohmann::json &appConfig); - static std::string ConvertToRealPath(const AppSpawningCtx *appProperty, std::string path); - static std::string ConvertToRealPathWithPermission(const AppSpawningCtx *appProperty, std::string path); - static std::string GetSbxPathByConfig(const AppSpawningCtx *appProperty, nlohmann::json &config); - static bool CheckTotalSandboxSwitchStatus(const AppSpawningCtx *appProperty); - static bool CheckAppSandboxSwitchStatus(const AppSpawningCtx *appProperty); - static bool CheckBundleNameForPrivate(const std::string &bundleName); - static bool GetSbxSwitchStatusByConfig(nlohmann::json &config); - static unsigned long GetMountFlagsFromConfig(const std::vector &vec); - static int32_t SetCommonAppSandboxProperty_(const AppSpawningCtx *appProperty, - nlohmann::json &config); - static int32_t SetPrivateAppSandboxProperty_(const AppSpawningCtx *appProperty, - nlohmann::json &config); - static int32_t SetRenderSandboxProperty(const AppSpawningCtx *appProperty, - std::string &sandboxPackagePath); - static int32_t SetRenderSandboxPropertyNweb(const AppSpawningCtx *appProperty, - std::string &sandboxPackagePath); - static int32_t SetOverlayAppSandboxProperty(const AppSpawningCtx *appProperty, - std::string &sandboxPackagePath); + static int32_t HandleFlagsPoint(const AppSpawningCtx *appProperty, cJSON *appConfig); + static int32_t SetOverlayAppSandboxProperty(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath); static int32_t SetBundleResourceAppSandboxProperty(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath); - static int32_t DoSandboxFilePermissionBind(AppSpawningCtx *appProperty, - nlohmann::json &wholeConfig); - static int32_t SetPermissionAppSandboxProperty_(AppSpawningCtx *appProperty, - nlohmann::json &config); + static bool NeedNetworkIsolated(AppSpawningCtx *property); + + // 处理应用沙箱挂载 + static int32_t SetCommonAppSandboxProperty(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath); + static int32_t SetPrivateAppSandboxProperty(const AppSpawningCtx *appProperty); static int32_t SetPermissionAppSandboxProperty(AppSpawningCtx *appProperty); - static int32_t DoAddGid(AppSpawningCtx *appProperty, nlohmann::json &appConfig, - const char* permissionName, const std::string §ion); - static int32_t CheckAppFullMountEnable(); - static void UpdateMsgFlagsWithPermission(AppSpawningCtx *appProperty); - static int32_t UpdatePermissionFlags(AppSpawningCtx *appProperty); static int32_t SetSandboxProperty(AppSpawningCtx *appProperty, std::string &sandboxPackagePath); + static int32_t SetAppSandboxProperty(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags = CLONE_NEWNS); + + static int32_t SetRenderSandboxPropertyNweb(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath); + static int32_t SetAppSandboxPropertyNweb(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags = CLONE_NEWNS); + + // 沙箱目录切根 static int32_t ChangeCurrentDir(std::string &sandboxPackagePath, const std::string &bundleName, bool sandboxSharedStatus); - static int32_t GetMountPermissionFlags(const std::string permissionName); - static bool GetSandboxDacOverrideEnable(nlohmann::json &config); - static unsigned long GetSandboxMountFlags(nlohmann::json &config); - static std::string GetSandboxFsType(nlohmann::json &config); - static std::string GetSandboxOptions(const AppSpawningCtx *appProperty, nlohmann::json &config); - static std::vector GetSandboxDecPath(const AppSpawningCtx *appProperty, nlohmann::json &config); - static std::string GetSandboxPath(const AppSpawningCtx *appProperty, nlohmann::json &mntPoint, + + // 设置DEC规则 + static int32_t SetDecWithDir(const AppSpawningCtx *appProperty, uint32_t userId); + static int32_t SetDecPolicyWithPermission(const AppSpawningCtx *appProperty, SandboxMountConfig &mountConfig); + static void SetDecDenyWithDir(const AppSpawningCtx *appProperty); + + // debug hap + static int32_t UninstallDebugSandbox(AppSpawnMgr *content, AppSpawningCtx *property); + static int32_t InstallDebugSandbox(AppSpawnMgr *content, AppSpawningCtx *property); + +private: + // 获取应用信息 + static int EnableSandboxNamespace(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags); + static uint32_t GetAppMsgFlags(const AppSpawningCtx *property); + static bool CheckMountFlag(const AppSpawningCtx *appProperty, const std::string bundleName, + cJSON *appConfig); + static void UpdateMsgFlagsWithPermission(AppSpawningCtx *appProperty); + static int32_t UpdatePermissionFlags(AppSpawningCtx *appProperty); + static std::string GetSandboxPath(const AppSpawningCtx *appProperty, cJSON *mntPoint, const std::string §ion, std::string sandboxRoot); - static void GetSandboxMountConfig(const AppSpawningCtx *appProperty, const std::string §ion, - nlohmann::json &mntPoint, SandboxMountConfig &mountConfig); -#ifdef APPSPAWN_MOUNT_TMPSHM - static void MountDevShmPath(std::string &sandboxPath); -#endif - static std::map> appSandboxConfig_; - static int32_t deviceTypeEnable_; -}; -class JsonUtils { -public: - static bool GetJsonObjFromJson(nlohmann::json &jsonObj, const std::string &jsonPath); - static bool GetStringFromJson(const nlohmann::json &json, const std::string &key, std::string &value); + + // 解析挂载信息公共函数 + static cJSON *GetFirstCommonConfig(cJSON *wholeConfig, const char *prefix); + static cJSON *GetFirstSubConfig(cJSON *parent, const char *key); + + // 处理dlpmanager挂载 + static int32_t DoDlpAppMountStrategy(const AppSpawningCtx *appProperty, const std::string &srcPath, + const std::string &sandboxPath, const std::string &fsType, unsigned long mountFlags); + static int32_t HandleSpecialAppMount(const AppSpawningCtx *appProperty, const std::string &srcPath, + const std::string &sandboxPath, const std::string &fsType, unsigned long mountFlags); + + // 处理应用私有挂载 + static cJSON *GetPrivateJsonInfo(const AppSpawningCtx *appProperty, cJSON *wholeConfig); + static int32_t DoSandboxFilePrivateBind(const AppSpawningCtx *appProperty, cJSON *wholeConfig); + static int32_t DoSandboxFilePrivateSymlink(const AppSpawningCtx *appProperty, cJSON *wholeConfig); + static int32_t DoSandboxFilePrivateFlagsPointHandle(const AppSpawningCtx *appProperty, cJSON *wholeConfig); + static int32_t SetPrivateAppSandboxProperty_(const AppSpawningCtx *appProperty, cJSON *config); + + // 处理应用基于权限挂载 + static int32_t DoSandboxFilePermissionBind(AppSpawningCtx *appProperty, cJSON *wholeConfig); + static int32_t SetPermissionAppSandboxProperty_(AppSpawningCtx *appProperty, cJSON *config); + + // 处理应用公共挂载 + static int32_t DoSandboxFileCommonBind(const AppSpawningCtx *appProperty, cJSON *wholeConfig); + static int32_t DoSandboxFileCommonSymlink(const AppSpawningCtx *appProperty, cJSON *wholeConfig); + static int32_t DoSandboxFileCommonFlagsPointHandle(const AppSpawningCtx *appProperty, cJSON *wholeConfig); + static int32_t SetCommonAppSandboxProperty_(const AppSpawningCtx *appProperty, cJSON *config); + + // 处理可变参数的挂载 + static int32_t MountAllHsp(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath); + static int32_t MountAllGroup(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath); + + // 沙箱回调函数 + static int32_t ProcessMountPoint(cJSON *mntPoint, MountPointProcessParams ¶ms); + + // debug hap + static std::string ConvertDebugRealPath(const AppSpawningCtx *appProperty, std::string path); + static void DoUninstallDebugSandbox(std::vector &bundleList, cJSON *mountPoints); + static int32_t GetPackageList(AppSpawningCtx *property, std::vector &bundleList, bool tmp); + + static int32_t DoMountDebugPoints(const AppSpawningCtx *appProperty, cJSON *appConfig); + static int32_t MountDebugSharefs(const AppSpawningCtx *property, const char *src, const char *target); }; + } // namespace AppSpawn } // namespace OHOS -int LoadAppSandboxConfig(AppSpawnMgr *content); - -#endif // SANDBOX_UTILS_H +#endif // SANDBOX_CORE_H diff --git a/modules/sandbox/normal/sandbox_def.h b/modules/sandbox/normal/sandbox_def.h index f3ddb728..2762d14b 100644 --- a/modules/sandbox/normal/sandbox_def.h +++ b/modules/sandbox/normal/sandbox_def.h @@ -150,8 +150,8 @@ const std::string ARK_WEB_PERSIST_PACKAGE_NAME = "persist.arkwebcore.package_nam // 枚举类型 enum SandboxConfigType { - SANBOX_APP_JSON_CONFIG, - SANBOX_ISOLATED_JSON_CONFIG + SANDBOX_APP_JSON_CONFIG, + SANDBOX_ISOLATED_JSON_CONFIG }; } // namespace SandboxCommonDef diff --git a/modules/sandbox/normal/sandbox_shared_mount.cpp b/modules/sandbox/normal/sandbox_shared_mount.cpp index ee824179..fe9f1453 100644 --- a/modules/sandbox/normal/sandbox_shared_mount.cpp +++ b/modules/sandbox/normal/sandbox_shared_mount.cpp @@ -302,7 +302,16 @@ static int MountWithOther(const AppSpawningCtx *property, const AppDacInfo *info APPSPAWN_LOGE("snprintf options failed, errno %{public}d", errno); return APPSPAWN_ERROR_UTILS_MEM_FAIL; } - +#ifdef APPSPAWN_SUPPORT_NOSHAREFS + SharedMountArgs arg = { + .srcPath = sharefsDocsDir, + .destPath = storageUserPath, + .fsType = nullptr, + .mountFlags = MS_BIND | MS_REC, + .options = nullptr, + .mountSharedFlag = MS_SHARED + }; +#else SharedMountArgs arg = { .srcPath = sharefsDocsDir, .destPath = storageUserPath, @@ -311,6 +320,7 @@ static int MountWithOther(const AppSpawningCtx *property, const AppDacInfo *info .options = options, .mountSharedFlag = MS_SHARED }; +#endif ret = DoSharedMount(&arg); if (ret != 0) { APPSPAWN_LOGE("mount %{public}s shared failed, ret %{public}d", storageUserPath, ret); @@ -478,14 +488,14 @@ static int ParseDataGroupList(AppSpawnMgr *content, const AppSpawningCtx *proper const char *varBundleName) { int ret = 0; - const char *dataGroupList = (char *)GetJsonObjFromExtInfo(property, DATA_GROUP_SOCKET_TYPE); + cJSON *dataGroupList = GetJsonObjFromExtInfo(property, DATA_GROUP_SOCKET_TYPE); if (dataGroupList == nullptr || !cJSON_IsArray(dataGroupList)) { APPSPAWN_LOGE("dataGroupList is empty"); return APPSPAWN_ARG_INVALID; } // Iterate through the array (assuming groups is an array) - cJSON *item = NULL; + cJSON *item = nullptr; cJSON_ArrayForEach(item, dataGroupList) { // Check if the item is valid APPSPAWN_CHECK((item != nullptr && IsValidDataGroupItem(item)), break, @@ -493,7 +503,7 @@ static int ParseDataGroupList(AppSpawnMgr *content, const AppSpawningCtx *proper cJSON *dirItem = cJSON_GetObjectItemCaseSensitive(item, "dir"); cJSON *uuidItem = cJSON_GetObjectItemCaseSensitive(item, "uuid"); - if (dirItem == NULL || !cJSON_IsString(dirItem) || uuidItem == NULL || !cJSON_IsString(uuidItem)) { + if (dirItem == nullptr || !cJSON_IsString(dirItem) || uuidItem == nullptr || !cJSON_IsString(uuidItem)) { APPSPAWN_LOGE("Data group element is invalid"); break; } @@ -505,10 +515,10 @@ static int ParseDataGroupList(AppSpawnMgr *content, const AppSpawningCtx *proper APPSPAWN_CHECK((elxValue >= EL2 && elxValue < ELX_MAX), break, "Get elx value failed"); const DataGroupSandboxPathTemplate *templateItem = GetDataGroupArgTemplate(elxValue); - APPSPAWN_CHECK(templateItem != NULL, break, "Get data group arg template failed"); + APPSPAWN_CHECK(templateItem != nullptr, break, "Get data group arg template failed"); // If permission isn't null, need check permission flag - if (templateItem->permission != NULL) { + if (templateItem->permission != nullptr) { int index = GetPermissionIndex(nullptr, templateItem->permission); APPSPAWN_LOGV("mount dir no lock mount permission flag %{public}d", index); if (CheckAppPermissionFlagSet(property, static_cast(index)) == 0) { @@ -520,9 +530,11 @@ static int ParseDataGroupList(AppSpawnMgr *content, const AppSpawningCtx *proper + templateItem->sandboxPath; ret = AddDataGroupItemToQueue(content, srcPath, sandboxPath, uuidItem->valuestring); + if (ret != 0) { APPSPAWN_LOGE("Add datagroup item to dataGroupCtxQueue failed, el%{public}d", elxValue); OH_ListRemoveAll(&content->dataGroupCtxQueue, nullptr); - break;; + break; + } } cJSON_Delete(dataGroupList); diff --git a/modules/sandbox/normal/sandbox_shared_mount.h b/modules/sandbox/normal/sandbox_shared_mount.h index 0a09a3eb..c90efcdb 100644 --- a/modules/sandbox/normal/sandbox_shared_mount.h +++ b/modules/sandbox/normal/sandbox_shared_mount.h @@ -16,8 +16,6 @@ #ifndef SANDBOX_SHARED_MOUNT_H #define SANDBOX_SHARED_MOUNT_H -#include "nlohmann/json.hpp" - #include "appspawn.h" #include "appspawn_hook.h" #include "appspawn_manager.h" diff --git a/modules/sandbox/sandbox_shared_mount.cpp b/modules/sandbox/sandbox_shared_mount.cpp deleted file mode 100644 index e8dfa70d..00000000 --- a/modules/sandbox/sandbox_shared_mount.cpp +++ /dev/null @@ -1,635 +0,0 @@ -/* - * Copyright (C) 2025 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "securec.h" - -#include "sandbox_shared_mount.h" -#include "appspawn_mount_permission.h" -#include "appspawn_utils.h" -#include "parameter.h" - -#define USER_ID_SIZE 16 -#define DIR_MODE 0711 -#define LOCK_STATUS_SIZE 16 - -#define DATA_GROUP_SOCKET_TYPE "DataGroup" -#define GROUPLIST_KEY_DATAGROUPID "dataGroupId" -#define GROUPLIST_KEY_GID "gid" -#define GROUPLIST_KEY_DIR "dir" -#define GROUPLIST_KEY_UUID "uuid" - -static const MountSharedTemplate MOUNT_SHARED_MAP[] = { - {"/data/storage/el2", nullptr}, - {"/data/storage/el3", nullptr}, - {"/data/storage/el4", nullptr}, - {"/data/storage/el5", "ohos.permission.PROTECT_SCREEN_LOCK_DATA"}, -}; - -static const DataGroupSandboxPathTemplate DATA_GROUP_SANDBOX_PATH_MAP[] = { - {"el2", EL2, "/data/storage/el2/group/", nullptr}, - {"el3", EL3, "/data/storage/el3/group/", nullptr}, - {"el4", EL4, "/data/storage/el4/group/", nullptr}, - {"el5", EL5, "/data/storage/el5/group/", "ohos.permission.PROTECT_SCREEN_LOCK_DATA"}, -}; - -static std::map g_mountInfoMap; - -int GetElxInfoFromDir(const char *path) -{ - int ret = ELX_MAX; - if (path == nullptr) { - return ret; - } - uint32_t count = ARRAY_LENGTH(DATA_GROUP_SANDBOX_PATH_MAP); - for (uint32_t i = 0; i < count; ++i) { - if (strstr(path, DATA_GROUP_SANDBOX_PATH_MAP[i].elxName) != nullptr) { - return DATA_GROUP_SANDBOX_PATH_MAP[i].category; - } - } - APPSPAWN_LOGE("Get elx info from dir failed, path %{public}s", path); - return ret; -} - -const DataGroupSandboxPathTemplate *GetDataGroupArgTemplate(uint32_t category) -{ - uint32_t count = ARRAY_LENGTH(DATA_GROUP_SANDBOX_PATH_MAP); - if (category > count) { - APPSPAWN_LOGE("category %{public}d is out of range", category); - return nullptr; - } - for (uint32_t i = 0; i < count; ++i) { - if (DATA_GROUP_SANDBOX_PATH_MAP[i].category == category) { - return &DATA_GROUP_SANDBOX_PATH_MAP[i]; - } - } - return nullptr; -} - -bool IsValidDataGroupItem(nlohmann::json &item) -{ - // Check if the item contains the specified key and if the value corresponding to the key is a string - if (item.contains(GROUPLIST_KEY_DATAGROUPID) && item[GROUPLIST_KEY_DATAGROUPID].is_string() && - item.contains(GROUPLIST_KEY_GID) && item[GROUPLIST_KEY_GID].is_string() && - item.contains(GROUPLIST_KEY_DIR) && item[GROUPLIST_KEY_DIR].is_string() && - item.contains(GROUPLIST_KEY_UUID) && item[GROUPLIST_KEY_UUID].is_string()) { - return true; - } - return false; -} - -void *GetEl1BundleMountCount(void) -{ - return static_cast(&g_mountInfoMap); -} - -#ifndef APPSPAWN_SANDBOX_NEW -static bool IsUnlockStatus(uint32_t uid) -{ - const int userIdBase = UID_BASE; - uid = uid / userIdBase; - if (uid == 0) { - return true; - } - std::string lockStatusParam = "startup.appspawn.lockstatus_" + std::to_string(uid); - char userLockStatus[LOCK_STATUS_SIZE] = {0}; - int ret = GetParameter(lockStatusParam.c_str(), "1", userLockStatus, sizeof(userLockStatus)); - APPSPAWN_LOGI("lockStatus %{public}u %{public}s", uid, userLockStatus); - if (ret > 0 && (strcmp(userLockStatus, "0") == 0)) { // 0:unlock status 1:lock status - return true; - } - return false; -} - -static int DoSharedMount(const SharedMountArgs *arg) -{ - if (arg == nullptr || arg->srcPath == nullptr || arg->destPath == nullptr) { - APPSPAWN_LOGE("Invalid arg"); - return APPSPAWN_ARG_INVALID; - } - - APPSPAWN_LOGV("Mount arg: '%{public}s' '%{public}s' %{public}lu '%{public}s' %{public}s => %{public}s", - arg->fsType, arg->mountSharedFlag == MS_SHARED ? "MS_SHARED" : "MS_SLAVE", - arg->mountFlags, arg->options, arg->srcPath, arg->destPath); - - int ret = mount(arg->srcPath, arg->destPath, arg->fsType, arg->mountFlags, arg->options); - if (ret != 0) { - APPSPAWN_LOGE("mount %{public}s to %{public}s failed, errno %{public}d", - arg->srcPath, arg->destPath, errno); - return ret; - } - ret = mount(nullptr, arg->destPath, nullptr, arg->mountSharedFlag, nullptr); - if (ret != 0) { - APPSPAWN_LOGE("mount path %{public}s to shared failed, errno %{public}d", arg->destPath, errno); - return ret; - } - APPSPAWN_LOGI("mount path %{public}s to shared success", arg->destPath); - return 0; -} - -static bool SetSandboxPathShared(const std::string &sandboxPath) -{ - int ret = mount(nullptr, sandboxPath.c_str(), nullptr, MS_SHARED, nullptr); - if (ret != 0) { - APPSPAWN_LOGW("Need to mount %{public}s to shared, errno %{public}d", sandboxPath.c_str(), errno); - return false; - } - return true; -} - -static int MountEl1Bundle(const AppSpawningCtx *property, const AppDacInfo *info, const char *varBundleName) -{ - /* /data/app/el1/bundle/public/ */ - AppSpawnMsgBundleInfo *bundleInfo = - reinterpret_cast(GetAppProperty(property, TLV_BUNDLE_INFO)); - if (bundleInfo == nullptr) { - return APPSPAWN_SANDBOX_INVALID; - } - char sourcePath[PATH_MAX_LEN] = {0}; - int ret = snprintf_s(sourcePath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "/data/app/el1/bundle/public/%s", - bundleInfo->bundleName); - if (ret <= 0) { - APPSPAWN_LOGE("snprintf data/app/el1/bundle/public/%{public}s failed, errno %{public}d", - bundleInfo->bundleName, errno); - return APPSPAWN_ERROR_UTILS_MEM_FAIL; - } - - /* /mnt/sandbox///data/storage/el1/bundle */ - char targetPath[PATH_MAX_LEN] = {0}; - ret = snprintf_s(targetPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "/mnt/sandbox/%u/%s/data/storage/el1/bundle", - info->uid/ UID_BASE, varBundleName); - if (ret <= 0) { - APPSPAWN_LOGE("snprintf el1 bundle sandbox path failed, errno %{public}d", errno); - return APPSPAWN_ERROR_UTILS_MEM_FAIL; - } - - ret = MakeDirRec(targetPath, DIR_MODE, 1); - if (ret != 0) { - APPSPAWN_LOGE("mkdir %{public}s failed, errno %{public}d", targetPath, errno); - return APPSPAWN_SANDBOX_ERROR_MKDIR_FAIL; - } - - ret = umount2(targetPath, MNT_DETACH); - if (ret != 0) { - APPSPAWN_LOGE("umount2 %{public}s failed, errno %{public}d", targetPath, errno); - } - - SharedMountArgs arg = { - .srcPath = sourcePath, - .destPath = targetPath, - .fsType = nullptr, - .mountFlags = MS_BIND | MS_REC, - .options = nullptr, - .mountSharedFlag = MS_SHARED - }; - ret = DoSharedMount(&arg); - if (ret != 0) { - APPSPAWN_LOGE("mount %{public}s shared failed, ret %{public}d", targetPath, ret); - } - std::string key = std::to_string(info->uid / UID_BASE) + "-" + std::string(varBundleName); - g_mountInfoMap[key]++; - return ret; -} - -static int MountWithFileMgr(const AppSpawningCtx *property, const AppDacInfo *info, const char *varBundleName) -{ - /* /mnt/user//nosharefs/docs */ - char nosharefsDocsDir[PATH_MAX_LEN] = {0}; - int ret = snprintf_s(nosharefsDocsDir, PATH_MAX_LEN, PATH_MAX_LEN - 1, "/mnt/user/%u/nosharefs/docs", - info->uid / UID_BASE); - if (ret <= 0) { - APPSPAWN_LOGE("snprintf nosharefsDocsDir failed, errno %{public}d", errno); - return APPSPAWN_ERROR_UTILS_MEM_FAIL; - } - - /* /mnt/sandbox//storage/Users */ - char storageUserPath[PATH_MAX_LEN] = {0}; - ret = snprintf_s(storageUserPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "/mnt/sandbox/%u/%s/storage/Users", - info->uid / UID_BASE, varBundleName); - if (ret <= 0) { - APPSPAWN_LOGE("snprintf storageUserPath failed, errno %{public}d", errno); - return APPSPAWN_ERROR_UTILS_MEM_FAIL; - } - - // Check whether the directory is a shared mount point - if (SetSandboxPathShared(storageUserPath)) { - APPSPAWN_LOGV("shared mountpoint is exist"); - return 0; - } - - ret = MakeDirRec(storageUserPath, DIR_MODE, 1); - if (ret != 0) { - APPSPAWN_LOGE("mkdir %{public}s failed, errno %{public}d", storageUserPath, errno); - return APPSPAWN_SANDBOX_ERROR_MKDIR_FAIL; - } - - SharedMountArgs arg = { - .srcPath = nosharefsDocsDir, - .destPath = storageUserPath, - .fsType = nullptr, - .mountFlags = MS_BIND | MS_REC, - .options = nullptr, - .mountSharedFlag = MS_SHARED - }; - ret = DoSharedMount(&arg); - if (ret != 0) { - APPSPAWN_LOGE("mount %{public}s shared failed, ret %{public}d", storageUserPath, ret); - } - return ret; -} - -static int MountWithOther(const AppSpawningCtx *property, const AppDacInfo *info, const char *varBundleName) -{ - /* /mnt/user//sharefs/docs */ - char sharefsDocsDir[PATH_MAX_LEN] = {0}; - int ret = snprintf_s(sharefsDocsDir, PATH_MAX_LEN, PATH_MAX_LEN - 1, "/mnt/user/%u/sharefs/docs", - info->uid / UID_BASE); - if (ret <= 0) { - APPSPAWN_LOGE("snprintf sharefsDocsDir failed, errno %{public}d", errno); - return APPSPAWN_ERROR_UTILS_MEM_FAIL; - } - - /* /mnt/sandbox//storage/Users */ - char storageUserPath[PATH_MAX_LEN] = {0}; - ret = snprintf_s(storageUserPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "/mnt/sandbox/%u/%s/storage/Users", - info->uid / UID_BASE, varBundleName); - if (ret <= 0) { - APPSPAWN_LOGE("snprintf storageUserPath failed, errno %{public}d", errno); - return APPSPAWN_ERROR_UTILS_MEM_FAIL; - } - - // Check whether the directory is a shared mount point - if (SetSandboxPathShared(storageUserPath)) { - APPSPAWN_LOGV("shared mountpoint is exist"); - return 0; - } - - ret = MakeDirRec(storageUserPath, DIR_MODE, 1); - if (ret != 0) { - APPSPAWN_LOGE("mkdir %{public}s failed, errno %{public}d", storageUserPath, errno); - return APPSPAWN_SANDBOX_ERROR_MKDIR_FAIL; - } - - char options[PATH_MAX_LEN] = {0}; - ret = snprintf_s(options, PATH_MAX_LEN, PATH_MAX_LEN - 1, "override_support_delete,user_id=%u", - info->uid / UID_BASE); - if (ret <= 0) { - APPSPAWN_LOGE("snprintf options failed, errno %{public}d", errno); - return APPSPAWN_ERROR_UTILS_MEM_FAIL; - } -#ifdef APPSPAWN_SUPPORT_NOSHAREFS - SharedMountArgs arg = { - .srcPath = sharefsDocsDir, - .destPath = storageUserPath, - .fsType = nullptr, - .mountFlags = MS_BIND | MS_REC, - .options = nullptr, - .mountSharedFlag = MS_SHARED - }; -#else - SharedMountArgs arg = { - .srcPath = sharefsDocsDir, - .destPath = storageUserPath, - .fsType = "sharefs", - .mountFlags = MS_NODEV, - .options = options, - .mountSharedFlag = MS_SHARED - }; -#endif - ret = DoSharedMount(&arg); - if (ret != 0) { - APPSPAWN_LOGE("mount %{public}s shared failed, ret %{public}d", storageUserPath, ret); - } - return ret; -} - -static void MountStorageUsers(const AppSpawningCtx *property, const AppDacInfo *info, const char *varBundleName) -{ - int ret = 0; - int index = GetPermissionIndex(nullptr, "ohos.permission.FILE_ACCESS_MANAGER"); - int checkRes = CheckAppPermissionFlagSet(property, static_cast(index)); - if (checkRes == 0) { - /* mount /mnt/user//sharefs/docs to /mnt/sandbox///storage/Users */ - ret = MountWithOther(property, info, varBundleName); - } else { - /* mount /mnt/user//nosharefs/docs to /mnt/sandbox///storage/Users - */ - ret = MountWithFileMgr(property, info, varBundleName); - } - if (ret != 0) { - APPSPAWN_LOGE("Update %{public}s storage dir failed, ret %{public}d", - checkRes == 0 ? "sharefs dir" : "no sharefs dir", ret); - } else { - APPSPAWN_LOGI("Update %{public}s storage dir success", checkRes == 0 ? "sharefs dir" : "no sharefs dir"); - } -} - -static int MountSharedMapItem(const AppSpawningCtx *property, const AppDacInfo *info, const char *varBundleName, - const char *sandboxPathItem) -{ - /* /mnt/sandbox///data/storage/el */ - char sandboxPath[PATH_MAX_LEN] = {0}; - int ret = snprintf_s(sandboxPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "/mnt/sandbox/%u/%s%s", - info->uid / UID_BASE, varBundleName, sandboxPathItem); - if (ret <= 0) { - APPSPAWN_LOGE("snprintf sandboxPath failed, errno %{public}d", errno); - return APPSPAWN_ERROR_UTILS_MEM_FAIL; - } - - // Check whether the directory is a shared mount point - if (SetSandboxPathShared(sandboxPath)) { - APPSPAWN_LOGV("shared mountpoint is exist"); - return 0; - } - - ret = MakeDirRec(sandboxPath, DIR_MODE, 1); - if (ret != 0) { - APPSPAWN_LOGE("mkdir %{public}s failed, errno %{public}d", sandboxPath, errno); - return APPSPAWN_SANDBOX_ERROR_MKDIR_FAIL; - } - - SharedMountArgs arg = { - .srcPath = sandboxPath, - .destPath = sandboxPath, - .fsType = nullptr, - .mountFlags = MS_BIND | MS_REC, - .options = nullptr, - .mountSharedFlag = MS_SHARED - }; - ret = DoSharedMount(&arg); - if (ret != 0) { - APPSPAWN_LOGE("mount %{public}s shared failed, ret %{public}d", sandboxPath, ret); - } - return ret; -} - -static void MountSharedMap(const AppSpawningCtx *property, const AppDacInfo *info, const char *varBundleName) -{ - int length = sizeof(MOUNT_SHARED_MAP) / sizeof(MOUNT_SHARED_MAP[0]); - for (int i = 0; i < length; i++) { - if (MOUNT_SHARED_MAP[i].permission == nullptr) { - MountSharedMapItem(property, info, varBundleName, MOUNT_SHARED_MAP[i].sandboxPath); - } else { - int index = GetPermissionIndex(nullptr, MOUNT_SHARED_MAP[i].permission); - APPSPAWN_LOGV("mount dir on lock mountPermissionFlags %{public}d", index); - if (CheckAppPermissionFlagSet(property, static_cast(index))) { - MountSharedMapItem(property, info, varBundleName, MOUNT_SHARED_MAP[i].sandboxPath); - } - } - } - APPSPAWN_LOGI("mount shared map success"); -} - -static inline bool CheckPath(const std::string& name) -{ - return !name.empty() && name != "." && name != ".." && name.find("/") == std::string::npos; -} - -static int DataGroupCtxNodeCompare(ListNode *node, void *data) -{ - DataGroupCtx *existingNode = (DataGroupCtx *)ListEntry(node, DataGroupCtx, node); - DataGroupCtx *newNode = (DataGroupCtx *)data; - if (existingNode == nullptr || newNode == nullptr) { - APPSPAWN_LOGE("Invalid param"); - return APPSPAWN_ARG_INVALID; - } - - // compare src path and sandbox path - bool isSrcPathEqual = (strcmp(existingNode->srcPath.path, newNode->srcPath.path) == 0); - bool isDestPathEqual = (strcmp(existingNode->destPath.path, newNode->destPath.path) == 0); - - return (isSrcPathEqual && isDestPathEqual) ? 0 : 1; -} - -static int AddDataGroupItemToQueue(AppSpawnMgr *content, const std::string &srcPath, const std::string &destPath, - const std::string &dataGroupUuid) -{ - DataGroupCtx *dataGroupNode = (DataGroupCtx *)calloc(1, sizeof(DataGroupCtx)); - APPSPAWN_CHECK(dataGroupNode != nullptr, return APPSPAWN_ERROR_UTILS_MEM_FAIL, "Calloc dataGroupNode failed"); - if (strcpy_s(dataGroupNode->srcPath.path, PATH_MAX_LEN - 1, srcPath.c_str()) != EOK || - strcpy_s(dataGroupNode->destPath.path, PATH_MAX_LEN - 1, destPath.c_str()) != EOK || - strcpy_s(dataGroupNode->dataGroupUuid, UUID_MAX_LEN, dataGroupUuid.c_str()) != EOK) { - APPSPAWN_LOGE("strcpy dataGroupNode->srcPath failed"); - free(dataGroupNode); - return APPSPAWN_ERROR_UTILS_MEM_FAIL; - } - dataGroupNode->srcPath.pathLen = strlen(dataGroupNode->srcPath.path); - dataGroupNode->destPath.pathLen = strlen(dataGroupNode->destPath.path); - ListNode *node = OH_ListFind(&content->dataGroupCtxQueue, (void *)dataGroupNode, DataGroupCtxNodeCompare); - if (node != nullptr) { - APPSPAWN_LOGI("DataGroupCtxNode %{public}s is exist", dataGroupNode->srcPath.path); - free(dataGroupNode); - dataGroupNode = nullptr; - return 0; - } - OH_ListInit(&dataGroupNode->node); - OH_ListAddTail(&content->dataGroupCtxQueue, &dataGroupNode->node); - return 0; -} - -static std::string GetExtraInfoByType(const AppSpawningCtx *appPropery, const std::string &type) -{ - uint32_t len = 0; - char *info = reinterpret_cast(GetAppPropertyExt(appPropery, type.c_str(), &len)); - if (info == nullptr) { - return ""; - } - return std::string(info, len); -} - -static void DumpDataGroupCtxQueue(const ListNode *front) -{ - if (front == nullptr) { - return; - } - - uint32_t count = 0; - ListNode *node = front->next; - while (node != front) { - DataGroupCtx *dataGroupNode = (DataGroupCtx *)ListEntry(node, DataGroupCtx, node); - count++; - APPSPAWN_LOGV(" ************************************** %{public}d", count); - APPSPAWN_LOGV(" srcPath: %{public}s", dataGroupNode->srcPath.path); - APPSPAWN_LOGV(" destPath: %{public}s", dataGroupNode->destPath.path); - APPSPAWN_LOGV(" uuid: %{public}s", dataGroupNode->dataGroupUuid); - node = node->next; - } -} - -static int ParseDataGroupList(AppSpawnMgr *content, const AppSpawningCtx *property, AppDacInfo *info, - const char *varBundleName) -{ - int ret = 0; - std::string dataGroupList = GetExtraInfoByType(property, DATA_GROUP_SOCKET_TYPE); - if (dataGroupList.length() == 0) { - APPSPAWN_LOGE("dataGroupList is empty"); - return APPSPAWN_ARG_INVALID; - } - - nlohmann::json dataGroupJson = nlohmann::json::parse(dataGroupList.c_str(), nullptr, false); - if (dataGroupJson.is_discarded() && dataGroupJson.contains(GROUPLIST_KEY_DATAGROUPID) && - dataGroupJson.contains(GROUPLIST_KEY_GID) && dataGroupJson.contains(GROUPLIST_KEY_DIR) && - dataGroupJson.contains(GROUPLIST_KEY_UUID)) { - APPSPAWN_LOGE("dataGroupJson is discarded"); - return APPSPAWN_ARG_INVALID; - } - for (auto &item : dataGroupJson) { - APPSPAWN_CHECK(IsValidDataGroupItem(item), return -1, "Element is not a valid data group item"); - std::string srcPath = item[GROUPLIST_KEY_DIR]; - APPSPAWN_CHECK(!CheckPath(srcPath), return -1, "src path %{public}s is invalid", srcPath.c_str()); - - int elxValue = GetElxInfoFromDir(srcPath.c_str()); - APPSPAWN_CHECK((elxValue >= EL2 && elxValue < ELX_MAX), return -1, "Get elx value failed"); - - const DataGroupSandboxPathTemplate *templateItem = GetDataGroupArgTemplate(elxValue); - APPSPAWN_CHECK(templateItem != nullptr, return -1, "Get data group arg template failed"); - - // If permission isn't null, need check permission flag - if (templateItem->permission != nullptr) { - int index = GetPermissionIndex(nullptr, templateItem->permission); - APPSPAWN_LOGV("mount dir no lock mount permission flag %{public}d", index); - if (CheckAppPermissionFlagSet(property, static_cast(index)) == 0) { - continue; - } - } - - // sandboxPath: /mnt/sandbox///data/storage/el/group - std::string sandboxPath = "/mnt/sandbox/" + std::to_string(info->uid / UID_BASE) + "/" + varBundleName - + templateItem->sandboxPath; - - ret = AddDataGroupItemToQueue(content, srcPath, sandboxPath, item[GROUPLIST_KEY_UUID]); - if (ret != 0) { - APPSPAWN_LOGE("Add datagroup item to dataGroupCtxQueue failed, el%{public}d", elxValue); - OH_ListRemoveAll(&content->dataGroupCtxQueue, nullptr); - return -1; - } - } - - DumpDataGroupCtxQueue(&content->dataGroupCtxQueue); - return ret; -} - -int UpdateDataGroupDirs(AppSpawnMgr *content) -{ - if (content == nullptr) { - return APPSPAWN_ARG_INVALID; - } - - ListNode *node = content->dataGroupCtxQueue.next; - while (node != &content->dataGroupCtxQueue) { - DataGroupCtx *dataGroupNode = (DataGroupCtx *)ListEntry(node, DataGroupCtx, node); - char sandboxPath[PATH_MAX_LEN] = {0}; - int ret = snprintf_s(sandboxPath, PATH_MAX_LEN, PATH_MAX_LEN - 1, "%s%s", dataGroupNode->destPath.path, - dataGroupNode->dataGroupUuid); - if (ret <= 0) { - APPSPAWN_LOGE("snprintf_s sandboxPath: %{public}s failed, errno %{public}d", - dataGroupNode->destPath.path, errno); - return APPSPAWN_ERROR_UTILS_MEM_FAIL; - } - - SharedMountArgs args = { - .srcPath = dataGroupNode->srcPath.path, - .destPath = sandboxPath, - .fsType = nullptr, - .mountFlags = MS_BIND | MS_REC, - .options = nullptr, - .mountSharedFlag = MS_SHARED - }; - ret = DoSharedMount(&args); - if (ret != 0) { - APPSPAWN_LOGE("Shared mount %{public}s to %{public}s failed, errno %{public}d", args.srcPath, - sandboxPath, ret); - } - node = node->next; - } - OH_ListRemoveAll(&content->dataGroupCtxQueue, NULL); - return 0; -} - -static std::string ReplaceVarBundleName(const AppSpawningCtx *property) -{ - AppSpawnMsgBundleInfo *bundleInfo = - reinterpret_cast(GetAppProperty(property, TLV_BUNDLE_INFO)); - if (bundleInfo == nullptr) { - return ""; - } - - std::string tmpBundlePath = bundleInfo->bundleName; - std::ostringstream variablePackageName; - if (CheckAppSpawnMsgFlag(property->message, TLV_MSG_FLAGS, APP_FLAGS_CLONE_ENABLE)) { - variablePackageName << "+clone-" << bundleInfo->bundleIndex << "+" << bundleInfo->bundleName; - tmpBundlePath = variablePackageName.str(); - } - return tmpBundlePath; -} - -static void MountDirToShared(AppSpawnMgr *content, const AppSpawningCtx *property) -{ - if (property == nullptr) { - return; - } - - AppDacInfo *info = reinterpret_cast(GetAppProperty(property, TLV_DAC_INFO)); - std::string varBundleName = ReplaceVarBundleName(property); - if (info == NULL || varBundleName == "") { - APPSPAWN_LOGE("Invalid app dac info or varBundleName"); - return; - } - - MountEl1Bundle(property, info, varBundleName.c_str()); - - if (IsUnlockStatus(info->uid)) { - SetAppSpawnMsgFlag(property->message, TLV_MSG_FLAGS, APP_FLAGS_UNLOCKED_STATUS); - return; - } - - MountSharedMap(property, info, varBundleName.c_str()); - MountStorageUsers(property, info, varBundleName.c_str()); - ParseDataGroupList(content, property, info, varBundleName.c_str()); - - std::string lockSbxPathStamp = "/mnt/sandbox/" + std::to_string(info->uid / UID_BASE) + "/"; - lockSbxPathStamp += CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? "isolated/" : ""; - lockSbxPathStamp += varBundleName; - lockSbxPathStamp += "_locked"; - int ret = MakeDirRec(lockSbxPathStamp.c_str(), DIR_MODE, 1); - if (ret != 0) { - APPSPAWN_LOGE("mkdir %{public}s failed, errno %{public}d", lockSbxPathStamp.c_str(), errno); - } -} -#endif - -int MountToShared(AppSpawnMgr *content, const AppSpawningCtx *property) -{ -#ifndef APPSPAWN_SANDBOX_NEW - // mount dynamic directory to shared - MountDirToShared(content, property); -#endif - return 0; -} - -MODULE_CONSTRUCTOR(void) -{ -#ifndef APPSPAWN_SANDBOX_NEW - (void)AddServerStageHook(STAGE_SERVER_LOCK, HOOK_PRIO_COMMON, UpdateDataGroupDirs); -#endif -} diff --git a/modules/sandbox/sandbox_shared_mount.h b/modules/sandbox/sandbox_shared_mount.h deleted file mode 100644 index 1a24f2cc..00000000 --- a/modules/sandbox/sandbox_shared_mount.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (C) 2025 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef SANDBOX_SHARED_MOUNT_H -#define SANDBOX_SHARED_MOUNT_H - -#include "nlohmann/json.hpp" - -#include "appspawn.h" -#include "appspawn_hook.h" -#include "appspawn_manager.h" -#include "appspawn_utils.h" -#include "list.h" - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct MountSharedTemplate { - const char *sandboxPath; - const char *permission; -} MountSharedTemplate; - -enum { - EL2 = 0, - EL3, - EL4, - EL5, - ELX_MAX -}; - -typedef struct DataGroupSandboxPathTemplate { - const char *elxName; - uint32_t category; - const char *sandboxPath; - const char *permission; -} DataGroupSandboxPathTemplate; - -struct SharedMountArgs { - const char *srcPath; - const char *destPath; - const char *fsType = ""; - unsigned long mountFlags = MS_REC | MS_BIND; - const char *options = ""; - mode_t mountSharedFlag = MS_SLAVE; -}; - -bool IsValidDataGroupItem(nlohmann::json &item); -int GetElxInfoFromDir(const char *path); -const DataGroupSandboxPathTemplate *GetDataGroupArgTemplate(uint32_t category); -void *GetEl1BundleMountCount(void); -int MountToShared(AppSpawnMgr *content, const AppSpawningCtx *property); - -#ifdef __cplusplus -} -#endif -#endif // SANDBOX_SHARED_MOUNT_H diff --git a/modules/sandbox/sandbox_utils.cpp b/modules/sandbox/sandbox_utils.cpp deleted file mode 100644 index 7463cc22..00000000 --- a/modules/sandbox/sandbox_utils.cpp +++ /dev/null @@ -1,2276 +0,0 @@ -/* - * Copyright (C) 2024-2025 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "sandbox_utils.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "appspawn_hook.h" -#include "appspawn_mount_permission.h" -#include "appspawn_msg.h" -#include "appspawn_server.h" -#include "appspawn_service.h" -#include "appspawn_utils.h" -#include "config_policy_utils.h" -#ifdef WITH_DLP -#include "dlp_fuse_fd.h" -#endif -#include "init_param.h" -#include "init_utils.h" -#include "parameter.h" -#include "parameters.h" -#include "sandbox_dec.h" -#include "securec.h" -#ifdef APPSPAWN_HISYSEVENT -#include "hisysevent_adapter.h" -#endif - -#ifdef WITH_SELINUX -#include "hap_restorecon.h" -#ifdef APPSPAWN_MOUNT_TMPSHM -#include "policycoreutils.h" -#endif // APPSPAWN_MOUNT_TMPSHM -#endif // WITH_SELINUX - -#define MAX_MOUNT_TIME 500 // 500us -#define LOCK_STATUS_SIZE 16 -#define DEV_SHM_DIR "/dev/shm/" - -using namespace std; -using namespace OHOS; - -namespace OHOS { -namespace AppSpawn { -namespace { - constexpr int32_t OPTIONS_MAX_LEN = 256; - constexpr int32_t FILE_ACCESS_COMMON_DIR_STATUS = 0; - constexpr int32_t FILE_CROSS_APP_STATUS = 1; - constexpr static mode_t FILE_MODE = 0711; - constexpr static mode_t BASIC_MOUNT_FLAGS = MS_REC | MS_BIND; - constexpr std::string_view APL_SYSTEM_CORE("system_core"); - constexpr std::string_view APL_SYSTEM_BASIC("system_basic"); - const std::string APP_JSON_CONFIG("/appdata-sandbox.json"); - const std::string APP_ISOLATED_JSON_CONFIG("/appdata-sandbox-isolated.json"); - const std::string g_physicalAppInstallPath = "/data/app/el1/bundle/public/"; - const std::string g_sandboxGroupPath = "/data/storage/el2/group/"; - const std::string g_sandboxHspInstallPath = "/data/storage/el1/bundle/"; - const std::string g_sandBoxAppInstallPath = "/data/accounts/account_0/applications/"; - const std::string g_bundleResourceSrcPath = "/data/service/el1/public/bms/bundle_resources/"; - const std::string g_bundleResourceDestPath = "/data/storage/bundle_resources/"; - const std::string g_dataBundles = "/data/bundles/"; - const std::string g_userId = ""; - const std::string g_packageName = ""; - const std::string g_packageNameIndex = ""; - const std::string g_variablePackageName = ""; - const std::string g_clonePackageName = ""; - const std::string g_arkWebPackageName = ""; - const std::string g_hostUserId = ""; - const std::string g_sandBoxDir = "/mnt/sandbox/"; - const std::string g_statusCheck = "true"; - const std::string g_sbxSwitchCheck = "ON"; - const std::string g_dlpBundleName = "com.ohos.dlpmanager"; - const std::string g_internal = "__internal__"; - const std::string g_hspList_key_bundles = "bundles"; - const std::string g_hspList_key_modules = "modules"; - const std::string g_hspList_key_versions = "versions"; - const std::string g_overlayPath = "/data/storage/overlay/"; - const std::string g_groupList_key_dataGroupId = "dataGroupId"; - const std::string g_groupList_key_gid = "gid"; - const std::string g_groupList_key_dir = "dir"; - const std::string g_groupList_key_uuid = "uuid"; - const std::string HSPLIST_SOCKET_TYPE = "HspList"; - const std::string OVERLAY_SOCKET_TYPE = "Overlay"; - const std::string DATA_GROUP_SOCKET_TYPE = "DataGroup"; - const char *g_actionStatuc = "check-action-status"; - const char *g_appBase = "app-base"; - const char *g_appResources = "app-resources"; - const char *g_appAplName = "app-apl-name"; - const char *g_commonPrefix = "common"; - const char *g_destMode = "dest-mode"; - const char *g_fsType = "fs-type"; - const char *g_linkName = "link-name"; - const char *g_mountPrefix = "mount-paths"; - const char *g_gidPrefix = "gids"; - const char *g_privatePrefix = "individual"; - const char *g_permissionPrefix = "permission"; - const char *g_srcPath = "src-path"; - const char *g_sandBoxPath = "sandbox-path"; - const char *g_sandBoxFlags = "sandbox-flags"; - const char *g_sandBoxFlagsCustomized = "sandbox-flags-customized"; - const char *g_sandBoxOptions = "options"; - const char *g_dacOverrideSensitive = "dac-override-sensitive"; - const char *g_sandBoxShared = "sandbox-shared"; - const char *g_sandBoxSwitchPrefix = "sandbox-switch"; - const char *g_sandBoxDecPath = "dec-paths"; - const char *g_symlinkPrefix = "symbol-links"; - const char *g_sandboxRootPrefix = "sandbox-root"; - const char *g_topSandBoxSwitchPrefix = "top-sandbox-switch"; - const char *g_targetName = "target-name"; - const char *g_flagePoint = "flags-point"; - const char *g_mountSharedFlag = "mount-shared-flag"; - const char *g_flags = "flags"; - const char *g_sandBoxNsFlags = "sandbox-ns-flags"; - const char* g_fileSeparator = "/"; - const char* g_overlayDecollator = "|"; - const char *CREATE_SANDBOX_PATH = "create-sandbox-path"; - const std::string g_sandBoxRootDir = "/mnt/sandbox/"; - const std::string g_ohosGpu = "__internal__.com.ohos.gpu"; - const std::string g_ohosRender = "__internal__.com.ohos.render"; - const std::string g_sandBoxRootDirNweb = "/mnt/sandbox/com.ohos.render/"; - const std::string FILE_CROSS_APP_MODE = "ohos.permission.FILE_CROSS_APP"; - const std::string FILE_ACCESS_COMMON_DIR_MODE = "ohos.permission.FILE_ACCESS_COMMON_DIR"; - const std::string ACCESS_DLP_FILE_MODE = "ohos.permission.ACCESS_DLP_FILE"; - const std::string FILE_ACCESS_MANAGER_MODE = "ohos.permission.FILE_ACCESS_MANAGER"; - const std::string READ_WRITE_USER_FILE_MODE = "ohos.permission.READ_WRITE_USER_FILE"; - const std::string GET_ALL_PROCESSES_MODE = "ohos.permission.GET_ALL_PROCESSES"; - const std::string ARK_WEB_PERSIST_PACKAGE_NAME = "persist.arkwebcore.package_name"; - - const std::string& getArkWebPackageName() - { - static std::string arkWebPackageName; - if (arkWebPackageName.empty()) { - arkWebPackageName = system::GetParameter(ARK_WEB_PERSIST_PACKAGE_NAME, ""); - } - return arkWebPackageName; - } -} - -static uint32_t GetAppMsgFlags(const AppSpawningCtx *property) -{ - APPSPAWN_CHECK(property != nullptr && property->message != nullptr, - return 0, "Invalid property for name %{public}u", TLV_MSG_FLAGS); - AppSpawnMsgFlags *msgFlags = (AppSpawnMsgFlags *)GetAppSpawnMsgInfo(property->message, TLV_MSG_FLAGS); - APPSPAWN_CHECK(msgFlags != nullptr, - return 0, "No TLV_MSG_FLAGS in msg %{public}s", property->message->msgHeader.processName); - return msgFlags->flags[0]; -} - -bool JsonUtils::GetJsonObjFromJson(nlohmann::json &jsonObj, const std::string &jsonPath) -{ - APPSPAWN_CHECK(jsonPath.length() <= PATH_MAX, return false, "jsonPath is too long"); - std::ifstream jsonFileStream; - jsonFileStream.open(jsonPath.c_str(), std::ios::in); - APPSPAWN_CHECK_ONLY_EXPER(jsonFileStream.is_open(), return false); - std::ostringstream buf; - char ch; - while (buf && jsonFileStream.get(ch)) { - buf.put(ch); - } - jsonFileStream.close(); - jsonObj = nlohmann::json::parse(buf.str(), nullptr, false); - APPSPAWN_CHECK(!jsonObj.is_discarded() && jsonObj.is_structured(), return false, "Parse json file failed"); - return true; -} - -bool JsonUtils::GetStringFromJson(const nlohmann::json &json, const std::string &key, std::string &value) -{ - APPSPAWN_CHECK(json != nullptr && json.is_object(), return false, "json is not object."); - bool isRet = json.find(key) != json.end() && json.at(key).is_string(); - if (isRet) { - value = json.at(key).get(); - APPSPAWN_LOGV("Find key[%{public}s] : %{public}s successful.", key.c_str(), value.c_str()); - } - return isRet; -} - -std::map> SandboxUtils::appSandboxConfig_ = {}; -int32_t SandboxUtils::deviceTypeEnable_ = -1; - -void SandboxUtils::StoreJsonConfig(nlohmann::json &appSandboxConfig, SandboxConfigType type) -{ - SandboxUtils::appSandboxConfig_[type].push_back(appSandboxConfig); -} - -std::vector &SandboxUtils::GetJsonConfig(SandboxConfigType type) -{ - return SandboxUtils::appSandboxConfig_[type]; -} - -static void MakeDirRecursive(const std::string &path, mode_t mode) -{ - size_t size = path.size(); - if (size == 0) { - return; - } - - size_t index = 0; - do { - size_t pathIndex = path.find_first_of('/', index); - index = pathIndex == std::string::npos ? size : pathIndex + 1; - std::string dir = path.substr(0, index); -#ifndef APPSPAWN_TEST - APPSPAWN_CHECK(!(access(dir.c_str(), F_OK) < 0 && mkdir(dir.c_str(), mode) < 0), - return, "errno is %{public}d, mkdir %{public}s failed", errno, dir.c_str()); -#endif - } while (index < size); -} - -static void MakeDirRecursiveWithClock(const std::string &path, mode_t mode) -{ - size_t size = path.size(); - if (size == 0) { - return; - } -#ifdef APPSPAWN_HISYSEVENT - struct timespec startClock = {0}; - clock_gettime(CLOCK_MONOTONIC, &startClock); -#endif - size_t index = 0; - do { - size_t pathIndex = path.find_first_of('/', index); - index = pathIndex == std::string::npos ? size : pathIndex + 1; - std::string dir = path.substr(0, index); -#ifndef APPSPAWN_TEST - APPSPAWN_CHECK(!(access(dir.c_str(), F_OK) < 0 && mkdir(dir.c_str(), mode) < 0), - return, "errno is %{public}d, mkdir %{public}s failed", errno, dir.c_str()); -#endif - } while (index < size); - -#ifdef APPSPAWN_HISYSEVENT - struct timespec endClock = {0}; - clock_gettime(CLOCK_MONOTONIC, &endClock); - uint64_t diff = DiffTime(&startClock, &endClock); - - APPSPAWN_CHECK_ONLY_EXPER(diff < FUNC_REPORT_DURATION, - ReportAbnormalDuration("MakeDirRecursive", diff)); -#endif -} - -static bool CheckDirRecursive(const std::string &path) -{ - size_t size = path.size(); - if (size == 0) { - return false; - } - size_t index = 0; - do { - size_t pathIndex = path.find_first_of('/', index); - index = pathIndex == std::string::npos ? size : pathIndex + 1; - std::string dir = path.substr(0, index); -#ifndef APPSPAWN_TEST - APPSPAWN_CHECK(access(dir.c_str(), F_OK) == 0, - return false, "check dir %{public}s failed, strerror: %{public}s", dir.c_str(), strerror(errno)); -#endif - } while (index < size); - return true; -} - -static void CheckAndCreatFile(const char *file) -{ - if (access(file, F_OK) == 0) { - APPSPAWN_LOGI("file %{public}s already exist", file); - return; - } - std::string path = file; - auto pos = path.find_last_of('/'); - APPSPAWN_CHECK(pos != std::string::npos, return, "file %{public}s error", file); - std::string dir = path.substr(0, pos); - MakeDirRecursive(dir, FILE_MODE); - int fd = open(file, O_CREAT, FILE_MODE); - if (fd < 0) { - APPSPAWN_LOGW("failed create %{public}s, err=%{public}d", file, errno); - } else { - close(fd); - } - return; -} - -static void CheckMountStatus(const std::string &path) -{ - std::ifstream file("/proc/self/mountinfo"); - if (!file.is_open()) { - APPSPAWN_LOGE("Failed to open /proc/self/mountinfo errno %{public}d", errno); - return; - } - - bool flag = false; - std::string line; - while (std::getline(file, line)) { - if (line.find(path) != std::string::npos) { - flag = true; - APPSPAWN_LOGI("Current mountinfo %{public}s", line.c_str()); - } - } - file.close(); - APPSPAWN_CHECK_ONLY_LOG(flag, "Mountinfo not contains %{public}s", path.c_str()); -} - -static bool IsNeededCheckPathStatus(const AppSpawningCtx *appProperty, const char *path) -{ - if (strstr(path, "data/app/el1/") || strstr(path, "data/app/el2/")) { - return true; - } - if ((strstr(path, "data/app/el3/") || strstr(path, "data/app/el4/") || strstr(path, "data/app/el5/")) && - CheckAppMsgFlagsSet(appProperty, APP_FLAGS_UNLOCKED_STATUS)) { - return true; - } - return false; -} - -int32_t SandboxUtils::DoAppSandboxMountOnce(const AppSpawningCtx *appProperty, const SharedMountArgs *arg) -{ - if (!(arg && arg->srcPath && arg->destPath && arg->srcPath[0] != '\0' && arg->destPath[0] != '\0')) { - return 0; - } - if (strstr(arg->srcPath, "system/etc/hosts") != nullptr || strstr(arg->srcPath, "system/etc/profile") != nullptr) { - CheckAndCreatFile(arg->destPath); - } else { - MakeDirRecursive(arg->destPath, FILE_MODE); - } - - int ret = 0; - // to mount fs and bind mount files or directory - struct timespec mountStart = {0}; - clock_gettime(CLOCK_MONOTONIC_COARSE, &mountStart); - APPSPAWN_LOGV("Bind mount %{public}s to %{public}s '%{public}s' '%{public}lu' '%{public}s' '%{public}u'", - arg->srcPath, arg->destPath, arg->fsType, arg->mountFlags, arg->options, arg->mountSharedFlag); - ret = mount(arg->srcPath, arg->destPath, arg->fsType, arg->mountFlags, arg->options); - struct timespec mountEnd = {0}; - clock_gettime(CLOCK_MONOTONIC_COARSE, &mountEnd); - uint64_t diff = DiffTime(&mountStart, &mountEnd); - APPSPAWN_CHECK_ONLY_LOG(diff < MAX_MOUNT_TIME, "mount %{public}s time %{public}" PRId64 " us", arg->srcPath, diff); -#ifdef APPSPAWN_HISYSEVENT - APPSPAWN_CHECK_ONLY_EXPER(diff < FUNC_REPORT_DURATION, ReportAbnormalDuration("MOUNT", diff)); -#endif - if (ret != 0) { - APPSPAWN_LOGI("errno is: %{public}d, bind mount %{public}s to %{public}s", errno, arg->srcPath, arg->destPath); - if (errno == ENOENT && IsNeededCheckPathStatus(appProperty, arg->srcPath)) { - CheckDirRecursive(arg->srcPath); - } - return ret; - } - - ret = mount(nullptr, arg->destPath, nullptr, arg->mountSharedFlag, nullptr); - if (ret != 0) { - APPSPAWN_LOGI("errno is: %{public}d, private mount to %{public}s '%{public}u' failed", - errno, arg->destPath, arg->mountSharedFlag); - if (errno == EINVAL) { - CheckMountStatus(arg->destPath); - } - return ret; - } - return 0; -} - -static std::string& replace_all(std::string& str, const std::string& old_value, const std::string& new_value) -{ - while (true) { - std::string::size_type pos(0); - if ((pos = str.find(old_value)) != std::string::npos) { - str.replace(pos, old_value.length(), new_value); - } else { - break; - } - } - return str; -} - -static std::vector split(std::string &str, const std::string &pattern) -{ - std::string::size_type pos; - std::vector result; - str += pattern; - size_t size = str.size(); - - for (unsigned int i = 0; i < size; i++) { - pos = str.find(pattern, i); - if (pos < size) { - std::string s = str.substr(i, pos - i); - result.push_back(s); - i = pos + pattern.size() - 1; - } - } - - return result; -} - -void SandboxUtils::DoSandboxChmod(nlohmann::json jsonConfig, std::string &sandboxRoot) -{ - const std::map modeMap = {{"S_IRUSR", S_IRUSR}, {"S_IWUSR", S_IWUSR}, {"S_IXUSR", S_IXUSR}, - {"S_IRGRP", S_IRGRP}, {"S_IWGRP", S_IWGRP}, {"S_IXGRP", S_IXGRP}, - {"S_IROTH", S_IROTH}, {"S_IWOTH", S_IWOTH}, {"S_IXOTH", S_IXOTH}, - {"S_IRWXU", S_IRWXU}, {"S_IRWXG", S_IRWXG}, {"S_IRWXO", S_IRWXO}}; - std::string fileModeStr; - mode_t mode = 0; - - bool rc = JsonUtils::GetStringFromJson(jsonConfig, g_destMode, fileModeStr); - if (rc == false) { - return; - } - - std::vector modeVec = split(fileModeStr, "|"); - for (unsigned int i = 0; i < modeVec.size(); i++) { - if (modeMap.count(modeVec[i])) { - mode |= modeMap.at(modeVec[i]); - } - } - - chmod(sandboxRoot.c_str(), mode); -} - -unsigned long SandboxUtils::GetMountFlagsFromConfig(const std::vector &vec) -{ - const std::map MountFlagsMap = { {"rec", MS_REC}, {"MS_REC", MS_REC}, - {"bind", MS_BIND}, {"MS_BIND", MS_BIND}, - {"move", MS_MOVE}, {"MS_MOVE", MS_MOVE}, - {"slave", MS_SLAVE}, {"MS_SLAVE", MS_SLAVE}, - {"rdonly", MS_RDONLY}, {"MS_RDONLY", MS_RDONLY}, - {"shared", MS_SHARED}, {"MS_SHARED", MS_SHARED}, - {"unbindable", MS_UNBINDABLE}, - {"MS_UNBINDABLE", MS_UNBINDABLE}, - {"remount", MS_REMOUNT}, {"MS_REMOUNT", MS_REMOUNT}, - {"nosuid", MS_NOSUID}, {"MS_NOSUID", MS_NOSUID}, - {"nodev", MS_NODEV}, {"MS_NODEV", MS_NODEV}, - {"noexec", MS_NOEXEC}, {"MS_NOEXEC", MS_NOEXEC}, - {"noatime", MS_NOATIME}, {"MS_NOATIME", MS_NOATIME}, - {"lazytime", MS_LAZYTIME}, {"MS_LAZYTIME", MS_LAZYTIME}}; - unsigned long mountFlags = 0; - - for (unsigned int i = 0; i < vec.size(); i++) { - if (MountFlagsMap.count(vec[i])) { - mountFlags |= MountFlagsMap.at(vec[i]); - } - } - - return mountFlags; -} - -static void MakeAtomicServiceDir(const AppSpawningCtx *appProperty, std::string path, std::string variablePackageName) -{ - AppSpawnMsgDacInfo *dacInfo = reinterpret_cast(GetAppProperty(appProperty, TLV_DAC_INFO)); - APPSPAWN_CHECK(dacInfo != NULL, return, "No dac info in msg app property"); - if (path.find("/mnt/share") != std::string::npos) { - path = "/data/service/el2/" + std::to_string(dacInfo->uid / UID_BASE) + "/share/" + variablePackageName; - } - struct stat st = {}; - if (stat(path.c_str(), &st) == 0 && S_ISDIR(st.st_mode)) { - return; - } - - int ret = mkdir(path.c_str(), S_IRWXU); - APPSPAWN_CHECK(ret == 0, return, "mkdir %{public}s failed, errno %{public}d", path.c_str(), errno); - - if (path.find("/database") != std::string::npos || path.find("/data/service/el2") != std::string::npos) { - ret = chmod(path.c_str(), S_IRWXU | S_IRWXG | S_ISGID); - } else if (path.find("/log") != std::string::npos) { - ret = chmod(path.c_str(), S_IRWXU | S_IRWXG); - } - APPSPAWN_CHECK(ret == 0, return, "chmod %{public}s failed, errno %{public}d", path.c_str(), errno); - -#ifdef WITH_SELINUX - AppSpawnMsgDomainInfo *msgDomainInfo = - reinterpret_cast(GetAppProperty(appProperty, TLV_DOMAIN_INFO)); - APPSPAWN_CHECK(msgDomainInfo != NULL, return, "No domain info for %{public}s", GetProcessName(appProperty)); - HapContext hapContext; - HapFileInfo hapFileInfo; - hapFileInfo.pathNameOrig.push_back(path); - hapFileInfo.apl = msgDomainInfo->apl; - hapFileInfo.packageName = GetBundleName(appProperty); - hapFileInfo.hapFlags = msgDomainInfo->hapFlags; - if (CheckAppMsgFlagsSet(appProperty, APP_FLAGS_DEBUGGABLE)) { - hapFileInfo.hapFlags |= SELINUX_HAP_DEBUGGABLE; - } - if ((path.find("/base") != std::string::npos) || (path.find("/database") != std::string::npos)) { - ret = hapContext.HapFileRestorecon(hapFileInfo); - APPSPAWN_CHECK(ret == 0, return, "set dir %{public}s selinuxLabel failed, apl %{public}s, ret %{public}d", - path.c_str(), hapFileInfo.apl.c_str(), ret); - } -#endif - if (path.find("/base") != std::string::npos || path.find("/data/service/el2") != std::string::npos) { - ret = chown(path.c_str(), dacInfo->uid, dacInfo->gid); - } else if (path.find("/database") != std::string::npos) { - ret = chown(path.c_str(), dacInfo->uid, DecodeGid("ddms")); - } else if (path.find("/log") != std::string::npos) { - ret = chown(path.c_str(), dacInfo->uid, DecodeGid("log")); - } - APPSPAWN_CHECK(ret == 0, return, "chown %{public}s failed, errno %{public}d", path.c_str(), errno); - return; -} - -static std::string ReplaceVariablePackageName(const AppSpawningCtx *appProperty, const std::string &path) -{ - std::string tmpSandboxPath = path; - AppSpawnMsgBundleInfo *bundleInfo = - reinterpret_cast(GetAppProperty(appProperty, TLV_BUNDLE_INFO)); - APPSPAWN_CHECK(bundleInfo != NULL, return "", "No bundle info in msg %{public}s", GetBundleName(appProperty)); - - char *extension; - uint32_t flags = CheckAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_ATOMIC_SERVICE) ? 0x4 : 0; - if (flags == 0) { - flags = (CheckAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_CLONE_ENABLE) && - bundleInfo->bundleIndex > 0) ? 0x1 : 0; - flags |= CheckAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_EXTENSION_SANDBOX) ? 0x2 : 0; - extension = reinterpret_cast( - GetAppSpawnMsgExtInfo(appProperty->message, MSG_EXT_NAME_APP_EXTENSION, NULL)); - } - std::ostringstream variablePackageName; - switch (flags) { - case 0: // 0 default - variablePackageName << bundleInfo->bundleName; - break; - case 1: // 1 +clone-bundleIndex+packageName - variablePackageName << "+clone-" << bundleInfo->bundleIndex << "+" << bundleInfo->bundleName; - break; - case 2: { // 2 +extension-+packageName - APPSPAWN_CHECK(extension != NULL, return "", "Invalid extension data "); - variablePackageName << "+extension-" << extension << "+" << bundleInfo->bundleName; - break; - } - case 3: { // 3 +clone-bundleIndex+extension-+packageName - APPSPAWN_CHECK(extension != NULL, return "", "Invalid extension data "); - variablePackageName << "+clone-" << bundleInfo->bundleIndex << "+extension" << "-" << - extension << "+" << bundleInfo->bundleName; - break; - } - case 4: { // 4 +auid-+packageName - std::string accountId = SandboxUtils::GetExtraInfoByType(appProperty, MSG_EXT_NAME_ACCOUNT_ID); - variablePackageName << "+auid-" << accountId << "+" << bundleInfo->bundleName; - std::string atomicServicePath = path; - atomicServicePath = replace_all(atomicServicePath, g_variablePackageName, variablePackageName.str()); - MakeAtomicServiceDir(appProperty, atomicServicePath, variablePackageName.str()); - break; - } - default: - variablePackageName << bundleInfo->bundleName; - break; - } - tmpSandboxPath = replace_all(tmpSandboxPath, g_variablePackageName, variablePackageName.str()); - APPSPAWN_LOGV("tmpSandboxPath %{public}s", tmpSandboxPath.c_str()); - return tmpSandboxPath; -} - -static std::string ReplaceHostUserId(const AppSpawningCtx *appProperty, const std::string &path) -{ - std::string tmpSandboxPath = path; - int32_t uid = 0; - const char *userId = - (const char *)(GetAppSpawnMsgExtInfo(appProperty->message, MSG_EXT_NAME_PARENT_UID, NULL)); - if (userId != nullptr) { - uid = atoi(userId); - } - tmpSandboxPath = replace_all(tmpSandboxPath, g_hostUserId, std::to_string(uid / UID_BASE)); - APPSPAWN_LOGV("tmpSandboxPath %{public}s", tmpSandboxPath.c_str()); - return tmpSandboxPath; -} - -static std::string ReplaceClonePackageName(const AppSpawningCtx *appProperty, const std::string &path) -{ - std::string tmpSandboxPath = path; - AppSpawnMsgBundleInfo *bundleInfo = - reinterpret_cast(GetAppProperty(appProperty, TLV_BUNDLE_INFO)); - APPSPAWN_CHECK(bundleInfo != NULL, return "", "No bundle info in msg %{public}s", GetBundleName(appProperty)); - - std::string tmpBundlePath = bundleInfo->bundleName; - std::ostringstream variablePackageName; - if (CheckAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_CLONE_ENABLE)) { - variablePackageName << "+clone-" << bundleInfo->bundleIndex << "+" << bundleInfo->bundleName; - tmpBundlePath = variablePackageName.str(); - } - - tmpSandboxPath = replace_all(tmpSandboxPath, g_clonePackageName, tmpBundlePath); - APPSPAWN_LOGV("tmpSandboxPath %{public}s", tmpSandboxPath.c_str()); - return tmpSandboxPath; -} - -string SandboxUtils::ConvertToRealPath(const AppSpawningCtx *appProperty, std::string path) -{ - AppSpawnMsgBundleInfo *info = - reinterpret_cast(GetAppProperty(appProperty, TLV_BUNDLE_INFO)); - AppSpawnMsgDacInfo *dacInfo = reinterpret_cast(GetAppProperty(appProperty, TLV_DAC_INFO)); - if (info == nullptr || dacInfo == nullptr) { - return ""; - } - if (path.find(g_packageNameIndex) != std::string::npos) { - std::string bundleNameWithIndex = info->bundleName; - if (info->bundleIndex != 0) { - bundleNameWithIndex = std::to_string(info->bundleIndex) + "_" + bundleNameWithIndex; - } - path = replace_all(path, g_packageNameIndex, bundleNameWithIndex); - } - - if (path.find(g_packageName) != std::string::npos) { - path = replace_all(path, g_packageName, info->bundleName); - } - - if (path.find(g_userId) != std::string::npos) { - path = replace_all(path, g_userId, std::to_string(dacInfo->uid / UID_BASE)); - } - - if (path.find(g_hostUserId) != std::string::npos) { - path = ReplaceHostUserId(appProperty, path); - } - - if (path.find(g_variablePackageName) != std::string::npos) { - path = ReplaceVariablePackageName(appProperty, path); - } - - if (path.find(g_clonePackageName) != std::string::npos) { - path = ReplaceClonePackageName(appProperty, path); - } - - if (path.find(g_arkWebPackageName) != std::string::npos) { - path = replace_all(path, g_arkWebPackageName, getArkWebPackageName()); - APPSPAWN_LOGV( - "arkWeb sandbox, path %{public}s, package:%{public}s", - path.c_str(), getArkWebPackageName().c_str()); - } - - return path; -} - -std::string SandboxUtils::ConvertToRealPathWithPermission(const AppSpawningCtx *appProperty, - std::string path) -{ - AppSpawnMsgBundleInfo *info = - reinterpret_cast(GetAppProperty(appProperty, TLV_BUNDLE_INFO)); - if (info == nullptr) { - return ""; - } - if (path.find(g_packageNameIndex) != std::string::npos) { - std::string bundleNameWithIndex = info->bundleName; - if (info->bundleIndex != 0) { - bundleNameWithIndex = std::to_string(info->bundleIndex) + "_" + bundleNameWithIndex; - } - path = replace_all(path, g_packageNameIndex, bundleNameWithIndex); - } - - if (path.find(g_packageName) != std::string::npos) { - path = replace_all(path, g_packageName, info->bundleName); - } - - if (path.find(g_userId) != std::string::npos) { - if (deviceTypeEnable_ == FILE_CROSS_APP_STATUS) { - path = replace_all(path, g_userId, "currentUser"); - } else if (deviceTypeEnable_ == FILE_ACCESS_COMMON_DIR_STATUS) { - path = replace_all(path, g_userId, "currentUser"); - } else { - return ""; - } - } - return path; -} - -bool SandboxUtils::GetSandboxDacOverrideEnable(nlohmann::json &config) -{ - std::string dacOverrideSensitive = ""; - if (config.find(g_dacOverrideSensitive) == config.end()) { - return false; - } - dacOverrideSensitive = config[g_dacOverrideSensitive].get(); - if (dacOverrideSensitive.compare("true") == 0) { - return true; - } - return false; -} - -std::string SandboxUtils::GetSbxPathByConfig(const AppSpawningCtx *appProperty, nlohmann::json &config) -{ - AppSpawnMsgDacInfo *dacInfo = reinterpret_cast(GetAppProperty(appProperty, TLV_DAC_INFO)); - if (dacInfo == nullptr) { - return ""; - } - - std::string sandboxRoot = ""; - const std::string sandboxRootPathTemplate = "/mnt/sandbox//"; - const std::string originSandboxPath = "/mnt/sandbox/"; - std::string isolatedFlagText = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? "isolated/" : ""; - AppSpawnMsgBundleInfo *bundleInfo = - reinterpret_cast(GetAppProperty(appProperty, TLV_BUNDLE_INFO)); - if (bundleInfo == nullptr) { - return ""; - } - std::string tmpBundlePath = bundleInfo->bundleName; - std::ostringstream variablePackageName; - if (CheckAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_CLONE_ENABLE)) { - variablePackageName << "+clone-" << bundleInfo->bundleIndex << "+" << bundleInfo->bundleName; - tmpBundlePath = variablePackageName.str(); - } - const std::string variableSandboxRoot = g_sandBoxDir + to_string(dacInfo->uid / UID_BASE) + - "/" + isolatedFlagText.c_str() + tmpBundlePath; - if (config.find(g_sandboxRootPrefix) != config.end()) { - sandboxRoot = config[g_sandboxRootPrefix].get(); - if (sandboxRoot == originSandboxPath || sandboxRoot == sandboxRootPathTemplate) { - sandboxRoot = variableSandboxRoot; - } else { - sandboxRoot = ConvertToRealPath(appProperty, sandboxRoot); - APPSPAWN_LOGV("set sandbox-root name is %{public}s", sandboxRoot.c_str()); - } - } else { - sandboxRoot = variableSandboxRoot; - APPSPAWN_LOGV("set sandbox-root to default rootapp name is %{public}s", GetBundleName(appProperty)); - } - - return sandboxRoot; -} - -bool SandboxUtils::GetSbxSwitchStatusByConfig(nlohmann::json &config) -{ - if (config.find(g_sandBoxSwitchPrefix) != config.end()) { - std::string switchStatus = config[g_sandBoxSwitchPrefix].get(); - if (switchStatus == g_sbxSwitchCheck) { - return true; - } else { - return false; - } - } - - // if not find sandbox-switch node, default switch status is true - return true; -} - -static bool CheckMountConfig(nlohmann::json &mntPoint, const AppSpawningCtx *appProperty, - bool checkFlag) -{ - bool istrue = mntPoint.find(g_srcPath) == mntPoint.end() || (!mntPoint[g_srcPath].is_string()) || - mntPoint.find(g_sandBoxPath) == mntPoint.end() || (!mntPoint[g_sandBoxPath].is_string()) || - ((mntPoint.find(g_sandBoxFlags) == mntPoint.end()) && - (mntPoint.find(g_sandBoxFlagsCustomized) == mntPoint.end())); - APPSPAWN_CHECK(!istrue, return false, - "read mount config failed, app name is %{public}s", GetBundleName(appProperty)); - - AppSpawnMsgDomainInfo *info = - reinterpret_cast(GetAppProperty(appProperty, TLV_DOMAIN_INFO)); - APPSPAWN_CHECK(info != nullptr, return false, "Filed to get domain info %{public}s", GetBundleName(appProperty)); - - if (mntPoint[g_appAplName] != nullptr) { - std::string app_apl_name = mntPoint[g_appAplName].get(); - const char *p_app_apl = nullptr; - p_app_apl = app_apl_name.c_str(); - if (!strcmp(p_app_apl, info->apl)) { - return false; - } - } - - const std::string configSrcPath = mntPoint[g_srcPath].get(); - // special handle wps and don't use /data/app/xxx/ config - if (checkFlag && (configSrcPath.find("/data/app") != std::string::npos && - (configSrcPath.find("/base") != std::string::npos || - configSrcPath.find("/database") != std::string::npos - ) && configSrcPath.find(g_packageName) != std::string::npos)) { - return false; - } - - return true; -} - -static int32_t DoDlpAppMountStrategy(const AppSpawningCtx *appProperty, - const std::string &srcPath, const std::string &sandboxPath, - const std::string &fsType, unsigned long mountFlags) -{ - AppSpawnMsgDacInfo *dacInfo = reinterpret_cast(GetAppProperty(appProperty, TLV_DAC_INFO)); - if (dacInfo == nullptr) { - return -1; - } - - // umount fuse path, make sure that sandbox path is not a mount point - umount2(sandboxPath.c_str(), MNT_DETACH); - - int fd = open("/dev/fuse", O_RDWR); - APPSPAWN_CHECK(fd != -1, return -EINVAL, "open /dev/fuse failed, errno is %{public}d", errno); - - char options[OPTIONS_MAX_LEN]; - (void)sprintf_s(options, sizeof(options), "fd=%d," - "rootmode=40000,user_id=%u,group_id=%u,allow_other," - "context=\"u:object_r:dlp_fuse_file:s0\"," - "fscontext=u:object_r:dlp_fuse_file:s0", - fd, dacInfo->uid, dacInfo->gid); - - // To make sure destinationPath exist - MakeDirRecursive(sandboxPath, FILE_MODE); - - int ret = 0; -#ifndef APPSPAWN_TEST - APPSPAWN_LOGV("Bind mount %{public}s to %{public}s '%{public}s' '%{public}lu' '%{public}s'", - srcPath.c_str(), sandboxPath.c_str(), fsType.c_str(), mountFlags, options); - ret = mount(srcPath.c_str(), sandboxPath.c_str(), fsType.c_str(), mountFlags, options); - APPSPAWN_CHECK(ret == 0, close(fd); - return ret, "DoDlpAppMountStrategy failed, bind mount %{public}s to %{public}s failed %{public}d", - srcPath.c_str(), sandboxPath.c_str(), errno); - - ret = mount(nullptr, sandboxPath.c_str(), nullptr, MS_SHARED, nullptr); - APPSPAWN_CHECK(ret == 0, close(fd); - return ret, "errno is: %{public}d, private mount to %{public}s failed", errno, sandboxPath.c_str()); -#endif - /* set DLP_FUSE_FD */ -#ifdef WITH_DLP - SetDlpFuseFd(fd); -#endif - ret = fd; - return ret; -} - -static int32_t HandleSpecialAppMount(const AppSpawningCtx *appProperty, - const std::string &srcPath, const std::string &sandboxPath, const std::string &fsType, unsigned long mountFlags) -{ - std::string bundleName = GetBundleName(appProperty); - std::string processName = GetProcessName(appProperty); - /* dlp application mount strategy */ - /* dlp is an example, we should change to real bundle name later */ - if (bundleName.find(g_dlpBundleName) != std::string::npos && - processName.compare(g_dlpBundleName) == 0) { - if (!fsType.empty()) { - return DoDlpAppMountStrategy(appProperty, srcPath, sandboxPath, fsType, mountFlags); - } - } - return -1; -} - -static uint32_t ConvertFlagStr(const std::string &flagStr) -{ - const std::map flagsMap = {{"0", 0}, {"START_FLAGS_BACKUP", 1}, - {"DLP_MANAGER", 2}, - {"DEVELOPER_MODE", 17}, - {"PREINSTALLED_HAP", 29}, - {"CUSTOM_SANDBOX_HAP", 31}}; - - if (flagsMap.count(flagStr)) { - return 1 << flagsMap.at(flagStr); - } - - return 0; -} - -unsigned long SandboxUtils::GetSandboxMountFlags(nlohmann::json &config) -{ - unsigned long mountFlags = BASIC_MOUNT_FLAGS; - if (GetSandboxDacOverrideEnable(config) && (config.find(g_sandBoxFlagsCustomized) != config.end())) { - mountFlags = GetMountFlagsFromConfig(config[g_sandBoxFlagsCustomized].get>()); - } else if (config.find(g_sandBoxFlags) != config.end()) { - mountFlags = GetMountFlagsFromConfig(config[g_sandBoxFlags].get>()); - } - return mountFlags; -} - -std::string SandboxUtils::GetSandboxFsType(nlohmann::json &config) -{ - std::string fsType = ""; - if (GetSandboxDacOverrideEnable(config) && (config.find(g_fsType) != config.end())) { - fsType = config[g_fsType].get(); - } - return fsType; -} - -std::string SandboxUtils::GetSandboxOptions(const AppSpawningCtx *appProperty, nlohmann::json &config) -{ - AppSpawnMsgDacInfo *dacInfo = reinterpret_cast(GetAppProperty(appProperty, TLV_DAC_INFO)); - if (dacInfo == nullptr) { - return ""; - } - - std::string options = ""; - const int userIdBase = UID_BASE; - if (GetSandboxDacOverrideEnable(config) && (config.find(g_sandBoxOptions) != config.end())) { - options = config[g_sandBoxOptions].get() + ",user_id="; - options += std::to_string(dacInfo->uid / userIdBase); - } - return options; -} - -std::vector SandboxUtils::GetSandboxDecPath(const AppSpawningCtx *appProperty, nlohmann::json &config) -{ - AppSpawnMsgDacInfo *dacInfo = reinterpret_cast(GetAppProperty(appProperty, TLV_DAC_INFO)); - if (dacInfo == nullptr) { - return {}; - } - - std::vector decPaths = {}; - if (config.find(g_sandBoxDecPath) != config.end()) { - for (auto decPath : config[g_sandBoxDecPath].get>()) { - decPath = ConvertToRealPathWithPermission(appProperty, decPath); - decPaths.push_back(decPath); - } - } - return decPaths; -} - -void SandboxUtils::GetSandboxMountConfig(const AppSpawningCtx *appProperty, const std::string §ion, - nlohmann::json &mntPoint, SandboxMountConfig &mountConfig) -{ - if (section.compare(g_permissionPrefix) == 0) { - mountConfig.optionsPoint = GetSandboxOptions(appProperty, mntPoint); - mountConfig.fsType = GetSandboxFsType(mntPoint); - mountConfig.decPaths = GetSandboxDecPath(appProperty, mntPoint); - } else { - mountConfig.fsType = (mntPoint.find(g_fsType) != mntPoint.end()) ? mntPoint[g_fsType].get() : ""; - mountConfig.optionsPoint = ""; - mountConfig.decPaths = {}; - } - return; -} - -std::string SandboxUtils::GetSandboxPath(const AppSpawningCtx *appProperty, nlohmann::json &mntPoint, - const std::string §ion, std::string sandboxRoot) -{ - std::string sandboxPath = ""; - std::string tmpSandboxPath = mntPoint[g_sandBoxPath].get(); - if (section.compare(g_permissionPrefix) == 0) { - sandboxPath = sandboxRoot + ConvertToRealPathWithPermission(appProperty, tmpSandboxPath); - } else { - sandboxPath = sandboxRoot + ConvertToRealPath(appProperty, tmpSandboxPath); - } - return sandboxPath; -} - -static bool CheckMountFlag(const AppSpawningCtx *appProperty, const std::string bundleName, nlohmann::json &appConfig) -{ - if (appConfig.find(g_flags) != appConfig.end()) { - if (((ConvertFlagStr(appConfig[g_flags].get()) & GetAppMsgFlags(appProperty)) != 0) && - bundleName.find("wps") != std::string::npos) { - return true; - } - } - return false; -} - -int32_t SandboxUtils::SetDecWithDir(const AppSpawningCtx *appProperty, uint32_t userId) -{ - AppSpawnMsgAccessToken *tokenInfo = - reinterpret_cast(GetAppProperty(appProperty, TLV_ACCESS_TOKEN_INFO)); - APPSPAWN_CHECK(tokenInfo != NULL, return APPSPAWN_MSG_INVALID, "Get token id failed."); - - AppSpawnMsgBundleInfo *bundleInfo = - reinterpret_cast(GetAppProperty(appProperty, TLV_BUNDLE_INFO)); - APPSPAWN_CHECK(bundleInfo != NULL, return APPSPAWN_MSG_INVALID, "No bundle info in msg %{public}s", - GetBundleName(appProperty)); - - uint32_t flags = CheckAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_ATOMIC_SERVICE) ? 0x4 : 0; - if (flags == 0) { - flags = (CheckAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_CLONE_ENABLE) && - bundleInfo->bundleIndex > 0) ? 0x1 : 0; - } - std::ostringstream clonePackageName; - if (flags == 1) { - clonePackageName << "+clone-" << bundleInfo->bundleIndex << "+" << bundleInfo->bundleName; - } else { - clonePackageName << bundleInfo->bundleName; - } - std::string dir = "/storage/Users/currentUser/Download/" + clonePackageName.str(); - DecPolicyInfo decPolicyInfo = {0}; - decPolicyInfo.pathNum = 1; - PathInfo pathInfo = {0}; - pathInfo.path = strdup(dir.c_str()); - if (pathInfo.path == nullptr) { - APPSPAWN_LOGE("strdup %{public}s failed, err %{public}d", dir.c_str(), errno); - return APPSPAWN_MSG_INVALID; - } - pathInfo.pathLen = static_cast(strlen(pathInfo.path)); - pathInfo.mode = SANDBOX_MODE_WRITE | SANDBOX_MODE_READ; - decPolicyInfo.path[0] = pathInfo; - decPolicyInfo.tokenId = tokenInfo->accessTokenIdEx; - decPolicyInfo.flag = true; - SetDecPolicyInfos(&decPolicyInfo); - - if (decPolicyInfo.path[0].path) { - free(decPolicyInfo.path[0].path); - decPolicyInfo.path[0].path = nullptr; - } - return 0; -} - -int32_t SandboxUtils::SetDecPolicyWithPermission(const AppSpawningCtx *appProperty, SandboxMountConfig &mountConfig) -{ - if (mountConfig.decPaths.size() == 0) { - return 0; - } - AppSpawnMsgAccessToken *tokenInfo = - reinterpret_cast(GetAppProperty(appProperty, TLV_ACCESS_TOKEN_INFO)); - APPSPAWN_CHECK(tokenInfo != NULL, return APPSPAWN_MSG_INVALID, "Get token id failed."); - - DecPolicyInfo decPolicyInfo = {0}; - decPolicyInfo.pathNum = mountConfig.decPaths.size(); - int ret = 0; - for (uint32_t i = 0; i < decPolicyInfo.pathNum; i++) { - PathInfo pathInfo = {0}; - pathInfo.path = strdup(mountConfig.decPaths[i].c_str()); - if (pathInfo.path == nullptr) { - APPSPAWN_LOGE("strdup %{public}s failed, err %{public}d", mountConfig.decPaths[i].c_str(), errno); - ret = APPSPAWN_ERROR_UTILS_MEM_FAIL; - goto EXIT; - } - pathInfo.pathLen = static_cast(strlen(pathInfo.path)); - pathInfo.mode = SANDBOX_MODE_WRITE | SANDBOX_MODE_READ; - decPolicyInfo.path[i] = pathInfo; - } - decPolicyInfo.tokenId = tokenInfo->accessTokenIdEx; - decPolicyInfo.flag = true; - SetDecPolicyInfos(&decPolicyInfo); -EXIT: - for (uint32_t i = 0; i < decPolicyInfo.pathNum; i++) { - if (decPolicyInfo.path[i].path) { - free(decPolicyInfo.path[i].path); - decPolicyInfo.path[i].path = nullptr; - } - } - return ret; -} - -static const DecDenyPathTemplate DEC_DENY_PATH_MAP[] = { - {"ohos.permission.READ_WRITE_DOWNLOAD_DIRECTORY", "/storage/Users/currentUser/Download"}, - {"ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", "/storage/Users/currentUser/Desktop"}, - {"ohos.permission.READ_WRITE_DOCUMENTS_DIRECTORY", "/storage/Users/currentUser/Documents"}, -}; -void SandboxUtils::SetDecDenyWithDir(const AppSpawningCtx *appProperty) -{ - int32_t userFileIndex = GetPermissionIndex(nullptr, READ_WRITE_USER_FILE_MODE.c_str()); - if (CheckAppPermissionFlagSet(appProperty, static_cast(userFileIndex)) == 0) { - APPSPAWN_LOGV("The app doesn't have %{public}s, no need to set deny rules", READ_WRITE_USER_FILE_MODE.c_str()); - return; - } - - AppSpawnMsgAccessToken *tokenInfo = - reinterpret_cast(GetAppProperty(appProperty, TLV_ACCESS_TOKEN_INFO)); - APPSPAWN_CHECK(tokenInfo != NULL, return, "Get token id failed"); - - DecPolicyInfo decPolicyInfo = {0}; - decPolicyInfo.pathNum = 0; - uint32_t count = ARRAY_LENGTH(DEC_DENY_PATH_MAP); - for (uint32_t i = 0, j = 0; i < count; i++) { - int32_t index = GetPermissionIndex(nullptr, DEC_DENY_PATH_MAP[i].permission); - if (CheckAppPermissionFlagSet(appProperty, static_cast(index))) { - continue; - } - PathInfo pathInfo = {0}; - pathInfo.path = const_cast(DEC_DENY_PATH_MAP[i].decPath); - pathInfo.pathLen = static_cast(strlen(pathInfo.path)); - pathInfo.mode = DEC_MODE_DENY_READ | DEC_MODE_DENY_WRITE; - decPolicyInfo.path[j++] = pathInfo; - decPolicyInfo.pathNum += 1; - } - decPolicyInfo.tokenId = tokenInfo->accessTokenIdEx; - decPolicyInfo.flag = true; - SetDecPolicyInfos(&decPolicyInfo); -} - -static bool GetCheckStatus(nlohmann::json &mntPoint) -{ - std::string value = g_statusCheck; - (void)JsonUtils::GetStringFromJson(mntPoint, g_actionStatuc, value); - if (value == g_statusCheck) { - return true; - } - return false; -} - -static bool GetCreateSandboxPath(nlohmann::json &json, std::string srcPath) -{ - APPSPAWN_CHECK(json != nullptr && json.is_object(), return true, "json is not object."); - bool isRet = json.find(CREATE_SANDBOX_PATH) != json.end() && json.at(CREATE_SANDBOX_PATH).is_string(); - if (isRet) { - std::string value = json.at(CREATE_SANDBOX_PATH).get(); - APPSPAWN_LOGV("Find create-sandbox-path: %{public}s successful.", value.c_str()); - if (value == "false" && access(srcPath.c_str(), F_OK) != 0) { - return false; - } - } - return true; -} - -int SandboxUtils::DoAllMntPointsMount(const AppSpawningCtx *appProperty, - nlohmann::json &appConfig, const char *typeName, const std::string §ion) -{ - std::string bundleName = GetBundleName(appProperty); - if (appConfig.find(g_mountPrefix) == appConfig.end()) { - APPSPAWN_LOGV("mount config is not found in %{public}s, app name is %{public}s", - section.c_str(), bundleName.c_str()); - return 0; - } - std::string sandboxRoot = GetSbxPathByConfig(appProperty, appConfig); - bool checkFlag = CheckMountFlag(appProperty, bundleName, appConfig); - nlohmann::json& mountPoints = appConfig[g_mountPrefix]; - unsigned int mountPointSize = mountPoints.size(); - for (unsigned int i = 0; i < mountPointSize; i++) { - nlohmann::json& mntPoint = mountPoints[i]; - APPSPAWN_CHECK_ONLY_EXPER(CheckMountConfig(mntPoint, appProperty, checkFlag), continue); - - std::string srcPath = ConvertToRealPath(appProperty, mntPoint[g_srcPath].get()); - APPSPAWN_CHECK_ONLY_EXPER(GetCreateSandboxPath(mntPoint, srcPath), continue); - std::string sandboxPath = GetSandboxPath(appProperty, mntPoint, section, sandboxRoot); - SandboxMountConfig mountConfig = {0}; - GetSandboxMountConfig(appProperty, section, mntPoint, mountConfig); - SharedMountArgs arg = { - .srcPath = srcPath.c_str(), - .destPath = sandboxPath.c_str(), - .fsType = mountConfig.fsType.c_str(), - .mountFlags = GetSandboxMountFlags(mntPoint), - .options = mountConfig.optionsPoint.c_str(), - .mountSharedFlag = (mntPoint.find(g_mountSharedFlag) != mntPoint.end()) ? MS_SHARED : MS_SLAVE - }; - - /* if app mount failed for special strategy, we need deal with common mount config */ - int ret = HandleSpecialAppMount(appProperty, arg.srcPath, arg.destPath, arg.fsType, arg.mountFlags); - if (ret < 0) { - ret = DoAppSandboxMountOnce(appProperty, &arg); - } - APPSPAWN_CHECK(ret == 0 || !GetCheckStatus(mntPoint), -#ifdef APPSPAWN_HISYSEVENT - ReportMountFail(bundleName.c_str(), arg.srcPath, arg.destPath, errno); - ret = APPSPAWN_SANDBOX_MOUNT_FAIL; -#endif - return ret, - "DoAppSandboxMountOnce section %{public}s failed, %{public}s", section.c_str(), arg.destPath); - SetDecPolicyWithPermission(appProperty, mountConfig); - DoSandboxChmod(mntPoint, sandboxRoot); - } - return 0; -} - -int32_t SandboxUtils::DoAddGid(AppSpawningCtx *appProperty, nlohmann::json &appConfig, - const char* permissionName, const std::string §ion) -{ - std::string bundleName = GetBundleName(appProperty); - if (appConfig.find(g_gidPrefix) == appConfig.end()) { - return 0; - } - AppSpawnMsgDacInfo *dacInfo = reinterpret_cast(GetAppProperty(appProperty, TLV_DAC_INFO)); - if (dacInfo == nullptr) { - return 0; - } - - nlohmann::json& gids = appConfig[g_gidPrefix]; - unsigned int gidSize = gids.size(); - for (unsigned int i = 0; i < gidSize; i++) { - if (dacInfo->gidCount < APP_MAX_GIDS) { - APPSPAWN_LOGI("add gid to gitTable in %{public}s, permission is %{public}s, gid:%{public}u", - bundleName.c_str(), permissionName, gids[i].get()); - dacInfo->gidTable[dacInfo->gidCount++] = gids[i].get(); - } - } - return 0; -} - -int SandboxUtils::DoAllSymlinkPointslink(const AppSpawningCtx *appProperty, nlohmann::json &appConfig) -{ - APPSPAWN_CHECK(appConfig.find(g_symlinkPrefix) != appConfig.end(), return 0, "symlink config is not found," - "maybe result sandbox launch failed app name is %{public}s", GetBundleName(appProperty)); - - nlohmann::json& symlinkPoints = appConfig[g_symlinkPrefix]; - std::string sandboxRoot = GetSbxPathByConfig(appProperty, appConfig); - unsigned int symlinkPointSize = symlinkPoints.size(); - - for (unsigned int i = 0; i < symlinkPointSize; i++) { - nlohmann::json& symPoint = symlinkPoints[i]; - - // Check the validity of the symlink configuration - if (symPoint.find(g_targetName) == symPoint.end() || (!symPoint[g_targetName].is_string()) || - symPoint.find(g_linkName) == symPoint.end() || (!symPoint[g_linkName].is_string())) { - APPSPAWN_LOGE("read symlink config failed, app name is %{public}s", GetBundleName(appProperty)); - continue; - } - - std::string targetName = ConvertToRealPath(appProperty, symPoint[g_targetName].get()); - std::string linkName = sandboxRoot + ConvertToRealPath(appProperty, symPoint[g_linkName].get()); - APPSPAWN_LOGV("symlink, from %{public}s to %{public}s", targetName.c_str(), linkName.c_str()); - - int ret = symlink(targetName.c_str(), linkName.c_str()); - if (ret && errno != EEXIST) { - APPSPAWN_LOGE("errno is %{public}d, symlink failed, %{public}s", errno, linkName.c_str()); - - std::string actionStatus = g_statusCheck; - (void)JsonUtils::GetStringFromJson(symPoint, g_actionStatuc, actionStatus); - if (actionStatus == g_statusCheck) { - return ret; - } - } - - DoSandboxChmod(symPoint, sandboxRoot); - } - - return 0; -} - -int32_t SandboxUtils::DoSandboxFilePrivateBind(const AppSpawningCtx *appProperty, - nlohmann::json &wholeConfig) -{ - const char *bundleName = GetBundleName(appProperty); - nlohmann::json& privateAppConfig = wholeConfig[g_privatePrefix][0]; - if (privateAppConfig.find(bundleName) != privateAppConfig.end()) { - APPSPAWN_LOGV("DoSandboxFilePrivateBind %{public}s", bundleName); - DoAddGid((AppSpawningCtx *)appProperty, privateAppConfig[bundleName][0], "", g_privatePrefix); - return DoAllMntPointsMount(appProperty, privateAppConfig[bundleName][0], nullptr, g_privatePrefix); - } - - return 0; -} - -int32_t SandboxUtils::DoSandboxFilePermissionBind(AppSpawningCtx *appProperty, - nlohmann::json &wholeConfig) -{ - if (wholeConfig.find(g_permissionPrefix) == wholeConfig.end()) { - APPSPAWN_LOGV("DoSandboxFilePermissionBind not found permission information in config file"); - return 0; - } - nlohmann::json& permissionAppConfig = wholeConfig[g_permissionPrefix][0]; - for (nlohmann::json::iterator it = permissionAppConfig.begin(); it != permissionAppConfig.end(); ++it) { - const std::string permission = it.key(); - int index = GetPermissionIndex(nullptr, permission.c_str()); - APPSPAWN_LOGV("DoSandboxFilePermissionBind mountPermissionFlags %{public}d", index); - if (CheckAppPermissionFlagSet(appProperty, static_cast(index))) { - DoAddGid(appProperty, permissionAppConfig[permission][0], permission.c_str(), g_permissionPrefix); - DoAllMntPointsMount(appProperty, permissionAppConfig[permission][0], permission.c_str(), - g_permissionPrefix); - } else { - APPSPAWN_LOGV("DoSandboxFilePermissionBind false %{public}s permission %{public}s", - GetBundleName(appProperty), permission.c_str()); - } - } - return 0; -} - -std::set SandboxUtils::GetMountPermissionNames() -{ - std::set permissionSet; - for (auto& config : SandboxUtils::GetJsonConfig(SANBOX_APP_JSON_CONFIG)) { - if (config.find(g_permissionPrefix) == config.end()) { - continue; - } - nlohmann::json& permissionAppConfig = config[g_permissionPrefix][0]; - for (auto it = permissionAppConfig.begin(); it != permissionAppConfig.end(); it++) { - permissionSet.insert(it.key()); - } - } - APPSPAWN_LOGI("GetMountPermissionNames size: %{public}lu", static_cast(permissionSet.size())); - return permissionSet; -} - -int32_t SandboxUtils::DoSandboxFilePrivateSymlink(const AppSpawningCtx *appProperty, - nlohmann::json &wholeConfig) -{ - const char *bundleName = GetBundleName(appProperty); - nlohmann::json& privateAppConfig = wholeConfig[g_privatePrefix][0]; - if (privateAppConfig.find(bundleName) != privateAppConfig.end()) { - return DoAllSymlinkPointslink(appProperty, privateAppConfig[bundleName][0]); - } - - return 0; -} - -int32_t SandboxUtils::HandleFlagsPoint(const AppSpawningCtx *appProperty, - nlohmann::json &appConfig) -{ - if (appConfig.find(g_flagePoint) == appConfig.end()) { - return 0; - } - - nlohmann::json& flagsPoints = appConfig[g_flagePoint]; - unsigned int flagsPointSize = flagsPoints.size(); - - for (unsigned int i = 0; i < flagsPointSize; i++) { - nlohmann::json& flagPoint = flagsPoints[i]; - - if (flagPoint.find(g_flags) != flagPoint.end() && flagPoint[g_flags].is_string()) { - std::string flagsStr = flagPoint[g_flags].get(); - uint32_t flag = ConvertFlagStr(flagsStr); - if ((GetAppMsgFlags(appProperty) & flag) == 0) { - continue; - } - int ret = DoAllMntPointsMount(appProperty, flagPoint, nullptr, g_flagePoint); - if (ret != 0) { - APPSPAWN_LOGE("DoAllMntPointsMount failed ret: %{public}d", ret); - } - } else { - APPSPAWN_LOGE("read flags config failed, app name is %{public}s", GetBundleName(appProperty)); - } - } - - return 0; -} - -int32_t SandboxUtils::DoSandboxFilePrivateFlagsPointHandle(const AppSpawningCtx *appProperty, - nlohmann::json &wholeConfig) -{ - const char *bundleName = GetBundleName(appProperty); - nlohmann::json& privateAppConfig = wholeConfig[g_privatePrefix][0]; - if (privateAppConfig.find(bundleName) != privateAppConfig.end()) { - return HandleFlagsPoint(appProperty, privateAppConfig[bundleName][0]); - } - - return 0; -} - -int32_t SandboxUtils::DoSandboxFileCommonFlagsPointHandle(const AppSpawningCtx *appProperty, - nlohmann::json &wholeConfig) -{ - nlohmann::json& commonConfig = wholeConfig[g_commonPrefix][0]; - if (commonConfig.find(g_appResources) != commonConfig.end()) { - return HandleFlagsPoint(appProperty, commonConfig[g_appResources][0]); - } - - return 0; -} - -int32_t SandboxUtils::DoSandboxFileCommonBind(const AppSpawningCtx *appProperty, nlohmann::json &wholeConfig) -{ - nlohmann::json& commonConfig = wholeConfig[g_commonPrefix][0]; - int ret = 0; - - if (commonConfig.find(g_appBase) != commonConfig.end()) { - ret = DoAllMntPointsMount(appProperty, commonConfig[g_appBase][0], nullptr, g_appBase); - if (ret) { - return ret; - } - } - - if (commonConfig.find(g_appResources) != commonConfig.end()) { - ret = DoAllMntPointsMount(appProperty, commonConfig[g_appResources][0], nullptr, g_appResources); - } - - return ret; -} - -int32_t SandboxUtils::DoSandboxFileCommonSymlink(const AppSpawningCtx *appProperty, - nlohmann::json &wholeConfig) -{ - nlohmann::json& commonConfig = wholeConfig[g_commonPrefix][0]; - int ret = 0; - - if (commonConfig.find(g_appBase) != commonConfig.end()) { - ret = DoAllSymlinkPointslink(appProperty, commonConfig[g_appBase][0]); - if (ret) { - return ret; - } - } - - if (commonConfig.find(g_appResources) != commonConfig.end()) { - ret = DoAllSymlinkPointslink(appProperty, commonConfig[g_appResources][0]); - } - - return ret; -} - -int32_t SandboxUtils::SetPrivateAppSandboxProperty_(const AppSpawningCtx *appProperty, - nlohmann::json &config) -{ - int ret = DoSandboxFilePrivateBind(appProperty, config); - APPSPAWN_CHECK(ret == 0, return ret, "DoSandboxFilePrivateBind failed"); - - ret = DoSandboxFilePrivateSymlink(appProperty, config); - APPSPAWN_CHECK_ONLY_LOG(ret == 0, "DoSandboxFilePrivateSymlink failed"); - - ret = DoSandboxFilePrivateFlagsPointHandle(appProperty, config); - APPSPAWN_CHECK_ONLY_LOG(ret == 0, "DoSandboxFilePrivateFlagsPointHandle failed"); - - return ret; -} - -int32_t SandboxUtils::SetPermissionAppSandboxProperty_(AppSpawningCtx *appProperty, - nlohmann::json &config) -{ - int ret = DoSandboxFilePermissionBind(appProperty, config); - APPSPAWN_CHECK(ret == 0, return ret, "DoSandboxFilePermissionBind failed"); - return ret; -} - - -int32_t SandboxUtils::SetRenderSandboxProperty(const AppSpawningCtx *appProperty, - std::string &sandboxPackagePath) -{ - return 0; -} - -int32_t SandboxUtils::SetRenderSandboxPropertyNweb(const AppSpawningCtx *appProperty, - std::string &sandboxPackagePath) -{ - SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? - SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; - - for (auto& config : SandboxUtils::GetJsonConfig(type)) { - nlohmann::json& privateAppConfig = config[g_privatePrefix][0]; - char *processType = (char *)(GetAppSpawnMsgExtInfo(appProperty->message, MSG_EXT_NAME_PROCESS_TYPE, NULL)); - APPSPAWN_CHECK(processType != NULL, return -1, "Invalid processType data"); - - if (strcmp(processType, "render") == 0 && privateAppConfig.find(g_ohosRender) != privateAppConfig.end()) { - int ret = DoAllMntPointsMount(appProperty, privateAppConfig[g_ohosRender][0], nullptr, g_ohosRender); - APPSPAWN_CHECK(ret == 0, return ret, "DoAllMntPointsMount failed, %{public}s", - GetBundleName(appProperty)); - ret = DoAllSymlinkPointslink(appProperty, privateAppConfig[g_ohosRender][0]); - APPSPAWN_CHECK(ret == 0, return ret, "DoAllSymlinkPointslink failed, %{public}s", - GetBundleName(appProperty)); - ret = HandleFlagsPoint(appProperty, privateAppConfig[g_ohosRender][0]); - APPSPAWN_CHECK_ONLY_LOG(ret == 0, "HandleFlagsPoint for render-sandbox failed, %{public}s", - GetBundleName(appProperty)); - } else if (strcmp(processType, "gpu") == 0 && privateAppConfig.find(g_ohosGpu) != privateAppConfig.end()) { - int ret = DoAllMntPointsMount(appProperty, privateAppConfig[g_ohosGpu][0], nullptr, g_ohosGpu); - APPSPAWN_CHECK(ret == 0, return ret, "DoAllMntPointsMount failed, %{public}s", - GetBundleName(appProperty)); - ret = DoAllSymlinkPointslink(appProperty, privateAppConfig[g_ohosGpu][0]); - APPSPAWN_CHECK(ret == 0, return ret, "DoAllSymlinkPointslink failed, %{public}s", - GetBundleName(appProperty)); - ret = HandleFlagsPoint(appProperty, privateAppConfig[g_ohosGpu][0]); - APPSPAWN_CHECK_ONLY_LOG(ret == 0, "HandleFlagsPoint for render-sandbox failed, %{public}s", - GetBundleName(appProperty)); - } - } - return 0; -} - -int32_t SandboxUtils::SetPrivateAppSandboxProperty(const AppSpawningCtx *appProperty) -{ - int ret = 0; - SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? - SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; - - for (auto& config : SandboxUtils::GetJsonConfig(type)) { - ret = SetPrivateAppSandboxProperty_(appProperty, config); - APPSPAWN_CHECK(ret == 0, return ret, "parse adddata-sandbox config failed"); - } - return ret; -} - -static bool GetSandboxPrivateSharedStatus(const string &bundleName, AppSpawningCtx *appProperty) -{ - bool result = false; - SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? - SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; - - for (auto& config : SandboxUtils::GetJsonConfig(type)) { - nlohmann::json& privateAppConfig = config[g_privatePrefix][0]; - if (privateAppConfig.find(bundleName) != privateAppConfig.end() && - privateAppConfig[bundleName][0].find(g_sandBoxShared) != - privateAppConfig[bundleName][0].end()) { - string sandboxSharedStatus = - privateAppConfig[bundleName][0][g_sandBoxShared].get(); - if (sandboxSharedStatus == g_statusCheck) { - result = true; - } - } - } - return result; -} - -int32_t SandboxUtils::SetPermissionAppSandboxProperty(AppSpawningCtx *appProperty) -{ - int ret = 0; - SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? - SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; - - for (auto& config : SandboxUtils::GetJsonConfig(type)) { - ret = SetPermissionAppSandboxProperty_(appProperty, config); - APPSPAWN_CHECK(ret == 0, return ret, "parse adddata-sandbox config failed"); - } - return ret; -} - - -int32_t SandboxUtils::SetCommonAppSandboxProperty_(const AppSpawningCtx *appProperty, - nlohmann::json &config) -{ - int rc = 0; - - rc = DoSandboxFileCommonBind(appProperty, config); - APPSPAWN_CHECK(rc == 0, return rc, "DoSandboxFileCommonBind failed, %{public}s", GetBundleName(appProperty)); - - // if sandbox switch is off, don't do symlink work again - if (CheckAppSandboxSwitchStatus(appProperty) == true && (CheckTotalSandboxSwitchStatus(appProperty) == true)) { - rc = DoSandboxFileCommonSymlink(appProperty, config); - APPSPAWN_CHECK(rc == 0, return rc, "DoSandboxFileCommonSymlink failed, %{public}s", GetBundleName(appProperty)); - } - - rc = DoSandboxFileCommonFlagsPointHandle(appProperty, config); - APPSPAWN_CHECK_ONLY_LOG(rc == 0, "DoSandboxFilePrivateFlagsPointHandle failed"); - - return rc; -} - -int32_t SandboxUtils::SetCommonAppSandboxProperty(const AppSpawningCtx *appProperty, - std::string &sandboxPackagePath) -{ - int ret = 0; - SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? - SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; - - for (auto& jsonConfig : SandboxUtils::GetJsonConfig(type)) { - ret = SetCommonAppSandboxProperty_(appProperty, jsonConfig); - APPSPAWN_CHECK(ret == 0, return ret, - "parse appdata config for common failed, %{public}s", sandboxPackagePath.c_str()); - } - - ret = MountAllHsp(appProperty, sandboxPackagePath); - APPSPAWN_CHECK(ret == 0, return ret, "mount extraInfo failed, %{public}s", sandboxPackagePath.c_str()); - - ret = MountAllGroup(appProperty, sandboxPackagePath); - APPSPAWN_CHECK(ret == 0, return ret, "mount groupList failed, %{public}s", sandboxPackagePath.c_str()); - - AppSpawnMsgDomainInfo *info = - reinterpret_cast(GetAppProperty(appProperty, TLV_DOMAIN_INFO)); - APPSPAWN_CHECK(info != nullptr, return -1, "No domain info %{public}s", sandboxPackagePath.c_str()); - if (strcmp(info->apl, APL_SYSTEM_BASIC.data()) == 0 || strcmp(info->apl, APL_SYSTEM_CORE.data()) == 0 || - CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ACCESS_BUNDLE_DIR)) { - // need permission check for system app here - std::string destbundlesPath = sandboxPackagePath + g_dataBundles; - SharedMountArgs arg = { - .srcPath = g_physicalAppInstallPath.c_str(), - .destPath = destbundlesPath.c_str() - }; - DoAppSandboxMountOnce(appProperty, &arg); - } - - return 0; -} - -static inline bool CheckPath(const std::string& name) -{ - return !name.empty() && name != "." && name != ".." && name.find("/") == std::string::npos; -} - -std::string SandboxUtils::GetExtraInfoByType(const AppSpawningCtx *appProperty, const std::string &type) -{ - uint32_t len = 0; - char *info = reinterpret_cast(GetAppPropertyExt(appProperty, type.c_str(), &len)); - if (info == nullptr) { - return ""; - } - return std::string(info, len); -} - -int32_t SandboxUtils::MountAllHsp(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath) -{ - int ret = 0; - string hspListInfo = GetExtraInfoByType(appProperty, HSPLIST_SOCKET_TYPE); - if (hspListInfo.length() == 0) { - return ret; - } - - nlohmann::json hsps = nlohmann::json::parse(hspListInfo.c_str(), nullptr, false); - APPSPAWN_CHECK(!hsps.is_discarded() && hsps.contains(g_hspList_key_bundles) && hsps.contains(g_hspList_key_modules) - && hsps.contains(g_hspList_key_versions), return -1, "MountAllHsp: json parse failed"); - - nlohmann::json& bundles = hsps[g_hspList_key_bundles]; - nlohmann::json& modules = hsps[g_hspList_key_modules]; - nlohmann::json& versions = hsps[g_hspList_key_versions]; - APPSPAWN_CHECK(bundles.is_array() && modules.is_array() && versions.is_array() && bundles.size() == modules.size() - && bundles.size() == versions.size(), return -1, "MountAllHsp: value is not arrary or sizes are not same"); - - APPSPAWN_LOGV("MountAllHsp: app = %{public}s, cnt = %{public}lu", - GetBundleName(appProperty), static_cast(bundles.size())); - for (uint32_t i = 0; i < bundles.size(); i++) { - // elements in json arrary can be different type - APPSPAWN_CHECK(bundles[i].is_string() && modules[i].is_string() && versions[i].is_string(), - return -1, "MountAllHsp: element type error"); - - std::string libBundleName = bundles[i]; - std::string libModuleName = modules[i]; - std::string libVersion = versions[i]; - APPSPAWN_CHECK(CheckPath(libBundleName) && CheckPath(libModuleName) && CheckPath(libVersion), - return -1, "MountAllHsp: path error"); - - std::string libPhysicalPath = g_physicalAppInstallPath + libBundleName + "/" + libVersion + "/" + libModuleName; - std::string mntPath = sandboxPackagePath + g_sandboxHspInstallPath + libBundleName + "/" + libModuleName; - SharedMountArgs arg = { - .srcPath = libPhysicalPath.c_str(), - .destPath = mntPath.c_str() - }; - ret = DoAppSandboxMountOnce(appProperty, &arg); - APPSPAWN_CHECK(ret == 0, return ret, "mount library failed %{public}d", ret); - } - return ret; -} - -int32_t SandboxUtils::DoSandboxRootFolderCreateAdapt(std::string &sandboxPackagePath) -{ -#ifndef APPSPAWN_TEST - int rc = mount(nullptr, "/", nullptr, MS_REC | MS_SLAVE, nullptr); - APPSPAWN_CHECK(rc == 0, return rc, "set propagation slave failed"); -#endif - MakeDirRecursive(sandboxPackagePath, FILE_MODE); - - // bind mount "/" to /mnt/sandbox// path - // rootfs: to do more resources bind mount here to get more strict resources constraints -#ifndef APPSPAWN_TEST - rc = mount("/", sandboxPackagePath.c_str(), nullptr, BASIC_MOUNT_FLAGS, nullptr); - APPSPAWN_CHECK(rc == 0, return rc, "mount bind / failed, %{public}d", errno); -#endif - return 0; -} - -int32_t SandboxUtils::MountAllGroup(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath) -{ - int ret = 0; - string dataGroupInfo = GetExtraInfoByType(appProperty, DATA_GROUP_SOCKET_TYPE); - if (dataGroupInfo.length() == 0) { - return ret; - } - - nlohmann::json groups = nlohmann::json::parse(dataGroupInfo.c_str(), nullptr, false); - if (groups.is_discarded() && groups.contains(g_groupList_key_dataGroupId) && groups.contains(g_groupList_key_dir) && - groups.contains(g_groupList_key_gid) && groups.contains(g_groupList_key_uuid)) { - APPSPAWN_LOGE("dataGroupJson is discarded"); - return APPSPAWN_ARG_INVALID; - } - - for (auto& item : groups) { - // elements in json arrary can be different type - APPSPAWN_CHECK(IsValidDataGroupItem(item), return -1, "MountAllGroup: data group item error"); - std::string srcPath = item[g_groupList_key_dir]; - APPSPAWN_CHECK(!CheckPath(srcPath), return -1, "MountAllGroup: path error"); - - int elxValue = GetElxInfoFromDir(srcPath.c_str()); - APPSPAWN_CHECK((elxValue >= EL2 && elxValue < ELX_MAX), return -1, "Get elx value failed"); - - const DataGroupSandboxPathTemplate *templateItem = GetDataGroupArgTemplate(elxValue); - APPSPAWN_CHECK(templateItem != nullptr, return -1, "Get data group arg template failed"); - - // If permission isn't null, need check permission flag - if (templateItem->permission != nullptr) { - int index = GetPermissionIndex(nullptr, templateItem->permission); - APPSPAWN_LOGV("mount dir no lock mount permission flag %{public}d", index); - if (CheckAppPermissionFlagSet(appProperty, static_cast(index)) == 0) { - continue; - } - } - - std::string dataGroupUuid = item[g_groupList_key_uuid]; - std::string mntPath = sandboxPackagePath + templateItem->sandboxPath + dataGroupUuid; - mode_t mountSharedFlag = MS_SLAVE; - if (CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX)) { - mountSharedFlag |= MS_REMOUNT | MS_NODEV | MS_RDONLY | MS_BIND; - } - SharedMountArgs arg = { - .srcPath = srcPath.c_str(), - .destPath = mntPath.c_str(), - .mountSharedFlag = mountSharedFlag - }; - ret = DoAppSandboxMountOnce(appProperty, &arg); - if (ret != 0) { - APPSPAWN_LOGE("mount el%{public}d datagroup failed", elxValue); - } - } - return 0; -} - -int32_t SandboxUtils::DoSandboxRootFolderCreate(const AppSpawningCtx *appProperty, - std::string &sandboxPackagePath) -{ -#ifndef APPSPAWN_TEST - int rc = mount(nullptr, "/", nullptr, MS_REC | MS_SLAVE, nullptr); - if (rc) { - return rc; - } -#endif - SharedMountArgs arg = { - .srcPath = sandboxPackagePath.c_str(), - .destPath = sandboxPackagePath.c_str() - }; - DoAppSandboxMountOnce(appProperty, &arg); - - return 0; -} - -uint32_t SandboxUtils::GetSandboxNsFlags(bool isNweb) -{ - uint32_t nsFlags = 0; - nlohmann::json appConfig; - const std::map NamespaceFlagsMap = { {"pid", CLONE_NEWPID}, - {"net", CLONE_NEWNET} }; - - if (!CheckTotalSandboxSwitchStatus(nullptr)) { - return nsFlags; - } - - for (auto& config : SandboxUtils::GetJsonConfig(SANBOX_APP_JSON_CONFIG)) { - if (isNweb) { - nlohmann::json& privateAppConfig = config[g_privatePrefix][0]; - if (privateAppConfig.find(g_ohosRender) == privateAppConfig.end()) { - continue; - } - appConfig = privateAppConfig[g_ohosRender][0]; - } else { - nlohmann::json& baseConfig = config[g_commonPrefix][0]; - if (baseConfig.find(g_appBase) == baseConfig.end()) { - continue; - } - appConfig = baseConfig[g_appBase][0]; - } - if (appConfig.find(g_sandBoxNsFlags) == appConfig.end()) { - continue; - } - const auto vec = appConfig[g_sandBoxNsFlags].get>(); - for (unsigned int j = 0; j < vec.size(); j++) { - if (NamespaceFlagsMap.count(vec[j])) { - nsFlags |= NamespaceFlagsMap.at(vec[j]); - } - } - } - - if (!nsFlags) { - APPSPAWN_LOGE("config is not found %{public}s ns config", isNweb ? "Nweb" : "App"); - } - return nsFlags; -} - -bool SandboxUtils::CheckBundleNameForPrivate(const std::string &bundleName) -{ - if (bundleName.find(g_internal) != std::string::npos) { - return false; - } - return true; -} - -bool SandboxUtils::CheckTotalSandboxSwitchStatus(const AppSpawningCtx *appProperty) -{ - SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? - SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; - - for (auto& wholeConfig : SandboxUtils::GetJsonConfig(type)) { - if (wholeConfig.find(g_commonPrefix) == wholeConfig.end()) { - continue; - } - nlohmann::json& commonAppConfig = wholeConfig[g_commonPrefix][0]; - if (commonAppConfig.find(g_topSandBoxSwitchPrefix) != commonAppConfig.end()) { - std::string switchStatus = commonAppConfig[g_topSandBoxSwitchPrefix].get(); - return switchStatus == g_sbxSwitchCheck; - } - } - // default sandbox switch is on - return true; -} - -bool SandboxUtils::CheckAppSandboxSwitchStatus(const AppSpawningCtx *appProperty) -{ - bool rc = true; - SandboxConfigType type = CheckAppMsgFlagsSet(appProperty, APP_FLAGS_ISOLATED_SANDBOX_TYPE) ? - SANBOX_ISOLATED_JSON_CONFIG : SANBOX_APP_JSON_CONFIG; - - for (auto& wholeConfig : SandboxUtils::GetJsonConfig(type)) { - if (wholeConfig.find(g_privatePrefix) == wholeConfig.end()) { - continue; - } - nlohmann::json& privateAppConfig = wholeConfig[g_privatePrefix][0]; - if (privateAppConfig.find(GetBundleName(appProperty)) != privateAppConfig.end()) { - nlohmann::json& appConfig = privateAppConfig[GetBundleName(appProperty)][0]; - rc = GetSbxSwitchStatusByConfig(appConfig); - if (rc) { - break; - } - } - } - // default sandbox switch is on - return rc; -} - -static int CheckBundleName(const std::string &bundleName) -{ - if (bundleName.empty() || bundleName.size() > APP_LEN_BUNDLE_NAME) { - return -1; - } - if (bundleName.find('\\') != std::string::npos || bundleName.find('/') != std::string::npos) { - return -1; - } - return 0; -} - -int32_t SandboxUtils::SetOverlayAppSandboxProperty(const AppSpawningCtx *appProperty, - string &sandboxPackagePath) -{ - int ret = 0; - if (!CheckAppMsgFlagsSet(appProperty, APP_FLAGS_OVERLAY)) { - return ret; - } - - string overlayInfo = GetExtraInfoByType(appProperty, OVERLAY_SOCKET_TYPE); - set mountedSrcSet; - vector splits = split(overlayInfo, g_overlayDecollator); - string sandboxOverlayPath = sandboxPackagePath + g_overlayPath; - for (auto hapPath : splits) { - size_t pathIndex = hapPath.find_last_of(g_fileSeparator); - if (pathIndex == string::npos) { - continue; - } - std::string srcPath = hapPath.substr(0, pathIndex); - if (mountedSrcSet.find(srcPath) != mountedSrcSet.end()) { - APPSPAWN_LOGV("%{public}s have mounted before, no need to mount twice.", srcPath.c_str()); - continue; - } - - auto bundleNameIndex = srcPath.find_last_of(g_fileSeparator); - string destPath = sandboxOverlayPath + srcPath.substr(bundleNameIndex + 1, srcPath.length()); - SharedMountArgs arg = { - .srcPath = srcPath.c_str(), - .destPath = destPath.c_str() - }; - int32_t retMount = DoAppSandboxMountOnce(appProperty, &arg); - if (retMount != 0) { - APPSPAWN_LOGE("fail to mount overlay path, src is %{public}s.", hapPath.c_str()); - ret = retMount; - } - - mountedSrcSet.emplace(srcPath); - } - return ret; -} - -int32_t SandboxUtils::SetBundleResourceAppSandboxProperty(const AppSpawningCtx *appProperty, - string &sandboxPackagePath) -{ - if (!CheckAppMsgFlagsSet(appProperty, APP_FLAGS_BUNDLE_RESOURCES)) { - return 0; - } - - string destPath = sandboxPackagePath + g_bundleResourceDestPath; - SharedMountArgs arg = { - .srcPath = g_bundleResourceSrcPath.c_str(), - .destPath = destPath.c_str() - }; - return DoAppSandboxMountOnce(appProperty, &arg); -} - -int32_t SandboxUtils::CheckAppFullMountEnable() -{ - if (deviceTypeEnable_ != -1) { - return deviceTypeEnable_; - } - - char value[] = "false"; - int32_t ret = GetParameter("const.filemanager.full_mount.enable", "false", value, sizeof(value)); - if (ret > 0 && (strcmp(value, "true")) == 0) { - deviceTypeEnable_ = FILE_CROSS_APP_STATUS; - } else if (ret > 0 && (strcmp(value, "false")) == 0) { - deviceTypeEnable_ = FILE_ACCESS_COMMON_DIR_STATUS; - } else { - deviceTypeEnable_ = -1; - } - - return deviceTypeEnable_; -} - -int32_t SandboxUtils::SetSandboxProperty(AppSpawningCtx *appProperty, std::string &sandboxPackagePath) -{ - int32_t ret = 0; - const std::string bundleName = GetBundleName(appProperty); - ret = SetCommonAppSandboxProperty(appProperty, sandboxPackagePath); - APPSPAWN_CHECK(ret == 0, return ret, "SetCommonAppSandboxProperty failed, packagename is %{public}s", - bundleName.c_str()); - if (CheckBundleNameForPrivate(bundleName)) { - ret = SetPrivateAppSandboxProperty(appProperty); - APPSPAWN_CHECK(ret == 0, return ret, "SetPrivateAppSandboxProperty failed, packagename is %{public}s", - bundleName.c_str()); - } - ret = SetPermissionAppSandboxProperty(appProperty); - APPSPAWN_CHECK(ret == 0, return ret, "SetPermissionAppSandboxProperty failed, packagename is %{public}s", - bundleName.c_str()); - - ret = SetOverlayAppSandboxProperty(appProperty, sandboxPackagePath); - APPSPAWN_CHECK(ret == 0, return ret, "SetOverlayAppSandboxProperty failed, packagename is %{public}s", - bundleName.c_str()); - - ret = SetBundleResourceAppSandboxProperty(appProperty, sandboxPackagePath); - APPSPAWN_CHECK(ret == 0, return ret, "SetBundleResourceAppSandboxProperty failed, packagename is %{public}s", - bundleName.c_str()); - APPSPAWN_LOGV("Set appsandbox property success"); - return ret; -} - -int32_t SandboxUtils::ChangeCurrentDir(std::string &sandboxPackagePath, const std::string &bundleName, - bool sandboxSharedStatus) -{ - int32_t ret = 0; - ret = chdir(sandboxPackagePath.c_str()); - APPSPAWN_CHECK(ret == 0, return ret, "chdir failed, packagename is %{public}s, path is %{public}s", - bundleName.c_str(), sandboxPackagePath.c_str()); - - if (sandboxSharedStatus) { - ret = chroot(sandboxPackagePath.c_str()); - APPSPAWN_CHECK(ret == 0, return ret, "chroot failed, path is %{public}s errno is %{public}d", - sandboxPackagePath.c_str(), errno); - return ret; - } - - ret = syscall(SYS_pivot_root, sandboxPackagePath.c_str(), sandboxPackagePath.c_str()); - APPSPAWN_CHECK(ret == 0, return ret, "errno is %{public}d, pivot root failed, packagename is %{public}s", - errno, bundleName.c_str()); - - ret = umount2(".", MNT_DETACH); - APPSPAWN_CHECK(ret == 0, return ret, "MNT_DETACH failed, packagename is %{public}s", bundleName.c_str()); - return ret; -} - -static int EnableSandboxNamespace(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags) -{ -#ifdef APPSPAWN_HISYSEVENT - struct timespec startClock = {0}; - clock_gettime(CLOCK_MONOTONIC, &startClock); -#endif - int rc = unshare(sandboxNsFlags); -#ifdef APPSPAWN_HISYSEVENT - struct timespec endClock = {0}; - clock_gettime(CLOCK_MONOTONIC, &endClock); - uint64_t diff = DiffTime(&startClock, &endClock); - APPSPAWN_CHECK_ONLY_EXPER(diff < FUNC_REPORT_DURATION, ReportAbnormalDuration("unshare", diff)); -#endif - APPSPAWN_CHECK(rc == 0, return rc, "unshare failed, packagename is %{public}s", GetBundleName(appProperty)); - - if ((sandboxNsFlags & CLONE_NEWNET) == CLONE_NEWNET) { - rc = EnableNewNetNamespace(); - APPSPAWN_CHECK(rc == 0, return rc, "Set new netnamespace failed %{public}s", GetBundleName(appProperty)); - } - return 0; -} - -void SandboxUtils::UpdateMsgFlagsWithPermission(AppSpawningCtx *appProperty) -{ - int32_t processIndex = GetPermissionIndex(nullptr, GET_ALL_PROCESSES_MODE.c_str()); - if ((CheckAppPermissionFlagSet(appProperty, static_cast(processIndex)) == 0)) { - APPSPAWN_LOGV("Don't need set GET_ALL_PROCESSES_MODE flag"); - return; - } - - int ret = SetAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_GET_ALL_PROCESSES); - if (ret != 0) { - APPSPAWN_LOGV("Set GET_ALL_PROCESSES_MODE flag failed"); - } -} - -int32_t SandboxUtils::UpdatePermissionFlags(AppSpawningCtx *appProperty) -{ - int32_t index = 0; - int32_t appFullMountStatus = CheckAppFullMountEnable(); - if (appFullMountStatus == FILE_CROSS_APP_STATUS) { - index = GetPermissionIndex(nullptr, FILE_CROSS_APP_MODE.c_str()); - } else if (appFullMountStatus == FILE_ACCESS_COMMON_DIR_STATUS) { - index = GetPermissionIndex(nullptr, FILE_ACCESS_COMMON_DIR_MODE.c_str()); - } - int32_t fileMgrIndex = GetPermissionIndex(nullptr, FILE_ACCESS_MANAGER_MODE.c_str()); - if (index > 0 && (CheckAppPermissionFlagSet(appProperty, static_cast(fileMgrIndex)) == 0)) { - return SetAppPermissionFlags(appProperty, index); - } - return 0; -} - -#ifdef APPSPAWN_MOUNT_TMPSHM -void SandboxUtils::MountDevShmPath(std::string &sandboxPath) -{ - std::string sandboxDevShmPath = sandboxPath + DEV_SHM_DIR; - int result = mount("tmpfs", sandboxDevShmPath.c_str(), "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV, "size=32M"); - if (result != 0) { - APPSPAWN_LOGW("Error mounting %{public}s to tmpfs, errno %{public}d", sandboxDevShmPath.c_str(), errno); - } -} -#endif - -int32_t SandboxUtils::SetAppSandboxProperty(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags) -{ - APPSPAWN_CHECK(appProperty != nullptr, return -1, "Invalid appspwn client"); - if (CheckBundleName(GetBundleName(appProperty)) != 0) { - return -1; - } - AppSpawnMsgDacInfo *dacInfo = reinterpret_cast(GetAppProperty(appProperty, TLV_DAC_INFO)); - if (dacInfo == nullptr) { - return -1; - } - - const std::string bundleName = GetBundleName(appProperty); - nlohmann::json tmpJson = {}; - std::string sandboxPackagePath = GetSbxPathByConfig(appProperty, tmpJson); - MakeDirRecursiveWithClock(sandboxPackagePath.c_str(), FILE_MODE); - bool sandboxSharedStatus = GetSandboxPrivateSharedStatus(bundleName, appProperty) || - (CheckAppPermissionFlagSet(appProperty, static_cast(GetPermissionIndex(nullptr, - ACCESS_DLP_FILE_MODE.c_str()))) != 0); - - // add pid to a new mnt namespace - int rc = EnableSandboxNamespace(appProperty, sandboxNsFlags); - APPSPAWN_CHECK(rc == 0, return rc, "unshare failed, packagename is %{public}s", bundleName.c_str()); - if (UpdatePermissionFlags(appProperty) != 0) { - APPSPAWN_LOGW("Set app permission flag fail."); - return -1; - } - UpdateMsgFlagsWithPermission(appProperty); - // check app sandbox switch - if ((CheckTotalSandboxSwitchStatus(appProperty) == false) || - (CheckAppSandboxSwitchStatus(appProperty) == false)) { - rc = DoSandboxRootFolderCreateAdapt(sandboxPackagePath); - } else if (!sandboxSharedStatus) { - rc = DoSandboxRootFolderCreate(appProperty, sandboxPackagePath); - } - APPSPAWN_CHECK(rc == 0, return rc, "DoSandboxRootFolderCreate failed, %{public}s", bundleName.c_str()); - rc = SetSandboxProperty(appProperty, sandboxPackagePath); - APPSPAWN_CHECK(rc == 0, return rc, "SetSandboxProperty failed, %{public}s", bundleName.c_str()); - -#ifdef APPSPAWN_MOUNT_TMPSHM - MountDevShmPath(sandboxPackagePath); -#endif - -#ifndef APPSPAWN_TEST - rc = ChangeCurrentDir(sandboxPackagePath, bundleName, sandboxSharedStatus); - APPSPAWN_CHECK(rc == 0, return rc, "change current dir failed"); - APPSPAWN_LOGV("Change root dir success"); -#endif - SetDecWithDir(appProperty, dacInfo->uid / UID_BASE); - SetDecDenyWithDir(appProperty); - SetDecPolicy(); -#if defined(APPSPAWN_MOUNT_TMPSHM) && defined(WITH_SELINUX) - Restorecon(DEV_SHM_DIR); -#endif - return 0; -} - -int32_t SandboxUtils::SetAppSandboxPropertyNweb(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags) -{ - APPSPAWN_CHECK(appProperty != nullptr, return -1, "Invalid appspwn client"); - if (CheckBundleName(GetBundleName(appProperty)) != 0) { - return -1; - } - std::string sandboxPackagePath = g_sandBoxRootDirNweb; - const std::string bundleName = GetBundleName(appProperty); - bool sandboxSharedStatus = GetSandboxPrivateSharedStatus(bundleName, appProperty); - sandboxPackagePath += bundleName; - MakeDirRecursiveWithClock(sandboxPackagePath.c_str(), FILE_MODE); - - // add pid to a new mnt namespace - int rc = EnableSandboxNamespace(appProperty, sandboxNsFlags); - APPSPAWN_CHECK(rc == 0, return rc, "unshare failed, packagename is %{public}s", bundleName.c_str()); - - // check app sandbox switch - if ((CheckTotalSandboxSwitchStatus(appProperty) == false) || - (CheckAppSandboxSwitchStatus(appProperty) == false)) { - rc = DoSandboxRootFolderCreateAdapt(sandboxPackagePath); - } else if (!sandboxSharedStatus) { - rc = DoSandboxRootFolderCreate(appProperty, sandboxPackagePath); - } - APPSPAWN_CHECK(rc == 0, return rc, "DoSandboxRootFolderCreate failed, %{public}s", bundleName.c_str()); - // rendering process can be created by different apps, - // and the bundle names of these apps are different, - // so we can't use the method SetPrivateAppSandboxProperty - // which mount dirs by using bundle name. - rc = SetRenderSandboxPropertyNweb(appProperty, sandboxPackagePath); - APPSPAWN_CHECK(rc == 0, return rc, "SetRenderSandboxPropertyNweb failed, packagename is %{public}s", - sandboxPackagePath.c_str()); - - rc = SetOverlayAppSandboxProperty(appProperty, sandboxPackagePath); - APPSPAWN_CHECK(rc == 0, return rc, "SetOverlayAppSandboxProperty failed, packagename is %{public}s", - bundleName.c_str()); - - rc = SetBundleResourceAppSandboxProperty(appProperty, sandboxPackagePath); - APPSPAWN_CHECK(rc == 0, return rc, "SetBundleResourceAppSandboxProperty failed, packagename is %{public}s", - bundleName.c_str()); - -#ifndef APPSPAWN_TEST - rc = chdir(sandboxPackagePath.c_str()); - APPSPAWN_CHECK(rc == 0, return rc, "chdir failed, packagename is %{public}s, path is %{public}s", - bundleName.c_str(), sandboxPackagePath.c_str()); - - if (sandboxSharedStatus) { - rc = chroot(sandboxPackagePath.c_str()); - APPSPAWN_CHECK(rc == 0, return rc, "chroot failed, path is %{public}s errno is %{public}d", - sandboxPackagePath.c_str(), errno); - return 0; - } - - rc = syscall(SYS_pivot_root, sandboxPackagePath.c_str(), sandboxPackagePath.c_str()); - APPSPAWN_CHECK(rc == 0, return rc, "errno is %{public}d, pivot root failed, packagename is %{public}s", - errno, bundleName.c_str()); - - rc = umount2(".", MNT_DETACH); - APPSPAWN_CHECK(rc == 0, return rc, "MNT_DETACH failed, packagename is %{public}s", bundleName.c_str()); -#endif - return 0; -} -} // namespace AppSpawn -} // namespace OHOS - -static bool AppSandboxPidNsIsSupport(void) -{ - char buffer[10] = {0}; - uint32_t buffSize = sizeof(buffer); - - if (SystemGetParameter("const.sandbox.pidns.support", buffer, &buffSize) != 0) { - return true; - } - if (!strcmp(buffer, "false")) { - return false; - } - return true; -} - -int LoadAppSandboxConfig(AppSpawnMgr *content) -{ - bool rc = true; - // load sandbox config - nlohmann::json appSandboxConfig; - CfgFiles *files = GetCfgFiles("etc/sandbox"); - for (int i = 0; (files != nullptr) && (i < MAX_CFG_POLICY_DIRS_CNT); ++i) { - if (files->paths[i] == nullptr) { - continue; - } - std::string path = files->paths[i]; - std::string appPath = path + OHOS::AppSpawn::APP_JSON_CONFIG; - APPSPAWN_LOGI("LoadAppSandboxConfig %{public}s", appPath.c_str()); - rc = OHOS::AppSpawn::JsonUtils::GetJsonObjFromJson(appSandboxConfig, appPath); - APPSPAWN_CHECK(rc, continue, "Failed to load app data sandbox config %{public}s", appPath.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(appSandboxConfig, SANBOX_APP_JSON_CONFIG); - - std::string isolatedPath = path + OHOS::AppSpawn::APP_ISOLATED_JSON_CONFIG; - APPSPAWN_LOGI("LoadAppSandboxConfig %{public}s", isolatedPath.c_str()); - rc = OHOS::AppSpawn::JsonUtils::GetJsonObjFromJson(appSandboxConfig, isolatedPath); - APPSPAWN_CHECK(rc, continue, "Failed to load app data sandbox config %{public}s", isolatedPath.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(appSandboxConfig, SANBOX_ISOLATED_JSON_CONFIG); - } - FreeCfgFiles(files); - bool isNweb = IsNWebSpawnMode(content); - if (!isNweb && !AppSandboxPidNsIsSupport()) { - return 0; - } - content->content.sandboxNsFlags = OHOS::AppSpawn::SandboxUtils::GetSandboxNsFlags(isNweb); - return 0; -} - -static bool NeedNetworkIsolated(AppSpawningCtx *property) -{ - int developerMode = IsDeveloperModeOpen(); - if (CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_SANDBOX) && !developerMode) { - return true; - } - - if (CheckAppMsgFlagsSet(property, APP_FLAGS_ISOLATED_NETWORK)) { - std::string extensionType = - OHOS::AppSpawn::SandboxUtils::GetExtraInfoByType(property, MSG_EXT_NAME_EXTENSION_TYPE); - if (extensionType.length() == 0 || !developerMode) { - return true; - } - } - - return false; -} - -int32_t SetAppSandboxProperty(AppSpawnMgr *content, AppSpawningCtx *property) -{ - APPSPAWN_CHECK(property != nullptr, return -1, "Invalid appspwn client"); - APPSPAWN_CHECK(content != nullptr, return -1, "Invalid appspwn content"); - // clear g_mountInfo in the child process - std::map* mapPtr = static_cast*>(GetEl1BundleMountCount()); - if (mapPtr == nullptr) { - APPSPAWN_LOGE("Get el1 bundle mount count failed"); - return APPSPAWN_ARG_INVALID; - } - mapPtr->clear(); - int ret = 0; - // no sandbox - if (CheckAppMsgFlagsSet(property, APP_FLAGS_NO_SANDBOX)) { - return 0; - } - if ((content->content.sandboxNsFlags & CLONE_NEWPID) == CLONE_NEWPID) { - ret = getprocpid(); - if (ret < 0) { - return ret; - } - } - uint32_t sandboxNsFlags = CLONE_NEWNS; - - if (NeedNetworkIsolated(property)) { - sandboxNsFlags |= content->content.sandboxNsFlags & CLONE_NEWNET ? CLONE_NEWNET : 0; - } - - APPSPAWN_LOGV("SetAppSandboxProperty sandboxNsFlags 0x%{public}x", sandboxNsFlags); - - if (IsNWebSpawnMode(content)) { - ret = OHOS::AppSpawn::SandboxUtils::SetAppSandboxPropertyNweb(property, sandboxNsFlags); - } else { - ret = OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(property, sandboxNsFlags); - } - // for module test do not create sandbox, use APP_FLAGS_IGNORE_SANDBOX to ignore sandbox result - if (CheckAppMsgFlagsSet(property, APP_FLAGS_IGNORE_SANDBOX)) { - APPSPAWN_LOGW("Do not care sandbox result %{public}d", ret); - return 0; - } - return ret; -} - -#define USER_ID_SIZE 16 -#define DIR_MODE 0711 - -static int SpawnMountDirToShared(AppSpawnMgr *content, AppSpawningCtx *property) -{ -#ifndef APPSPAWN_SANDBOX_NEW - if (!IsNWebSpawnMode(content)) { - // mount dynamic directory - MountToShared(content, property); - } -#endif - return 0; -} - -static void UmountDir(const char *rootPath, const char *targetPath, const AppSpawnedProcessInfo *appInfo) -{ - size_t allPathSize = strlen(rootPath) + USER_ID_SIZE + strlen(appInfo->name) + strlen(targetPath) + 2; - char *path = reinterpret_cast(malloc(sizeof(char) * (allPathSize))); - APPSPAWN_CHECK(path != NULL, return, "Failed to malloc path"); - - int ret = sprintf_s(path, allPathSize, "%s%u/%s%s", rootPath, appInfo->uid / UID_BASE, - appInfo->name, targetPath); - APPSPAWN_CHECK(ret > 0 && ((size_t)ret < allPathSize), free(path); - return, "Failed to get sandbox path errno %{public}d", errno); - - ret = umount2(path, MNT_DETACH); - if (ret == 0) { - APPSPAWN_LOGI("Umount2 sandbox path %{public}s success", path); - } else { - APPSPAWN_LOGW("Failed to umount2 sandbox path %{public}s errno %{public}d", path, errno); - } - free(path); -} - -static int UmountSandboxPath(const AppSpawnMgr *content, const AppSpawnedProcessInfo *appInfo) -{ - APPSPAWN_CHECK(content != NULL && appInfo != NULL && appInfo->name != NULL, - return -1, "Invalid content or appInfo"); - if (!IsAppSpawnMode(content)) { - return 0; - } - APPSPAWN_LOGV("UmountSandboxPath name %{public}s pid %{public}d", appInfo->name, appInfo->pid); - const char rootPath[] = "/mnt/sandbox/"; - const char el1Path[] = "/data/storage/el1/bundle"; - - std::string varBundleName = std::string(appInfo->name); - if (appInfo->appIndex > 0) { - varBundleName = "+clone-" + std::to_string(appInfo->appIndex) + "+" + varBundleName; - } - - uint32_t userId = appInfo->uid / UID_BASE; - std::string key = std::to_string(userId) + "-" + varBundleName; - map *el1BundleCountMap = static_cast*>(GetEl1BundleMountCount()); - if (el1BundleCountMap == nullptr || el1BundleCountMap->find(key) == el1BundleCountMap->end()) { - return 0; - } - (*el1BundleCountMap)[key]--; - if ((*el1BundleCountMap)[key] == 0) { - APPSPAWN_LOGV("no app %{public}s use it in userId %{public}u, need umount", appInfo->name, userId); - UmountDir(rootPath, el1Path, appInfo); - el1BundleCountMap->erase(key); - } else { - APPSPAWN_LOGV("app %{public}s use it mount times %{public}d in userId %{public}u, not need umount", - appInfo->name, (*el1BundleCountMap)[key], userId); - } - return 0; -} - -#ifndef APPSPAWN_SANDBOX_NEW -MODULE_CONSTRUCTOR(void) -{ - APPSPAWN_LOGV("Load sandbox module ..."); - (void)AddServerStageHook(STAGE_SERVER_PRELOAD, HOOK_PRIO_SANDBOX, LoadAppSandboxConfig); - (void)AddAppSpawnHook(STAGE_PARENT_PRE_FORK, HOOK_PRIO_COMMON, SpawnMountDirToShared); - (void)AddAppSpawnHook(STAGE_CHILD_EXECUTE, HOOK_PRIO_SANDBOX, SetAppSandboxProperty); - (void)AddProcessMgrHook(STAGE_SERVER_APP_UMOUNT, HOOK_PRIO_SANDBOX, UmountSandboxPath); -} -#endif diff --git a/test/moduletest/BUILD.gn b/test/moduletest/BUILD.gn index 79f39b12..2eb10a4a 100644 --- a/test/moduletest/BUILD.gn +++ b/test/moduletest/BUILD.gn @@ -61,7 +61,7 @@ ohos_moduletest("AppSpawnModuleTest") { sources = [ "${appspawn_path}/test/moduletest/appspawn_client_test.cpp", - "${appspawn_path}/test/moduletest/appspawn_module_test.cpp", + #"${appspawn_path}/test/moduletest/appspawn_module_test.cpp", "${appspawn_path}/test/moduletest/appspawn_test_cmder.cpp", ] diff --git a/test/unittest/app_spawn_standard_test/BUILD.gn b/test/unittest/app_spawn_standard_test/BUILD.gn index 370e4c54..282108e4 100644 --- a/test/unittest/app_spawn_standard_test/BUILD.gn +++ b/test/unittest/app_spawn_standard_test/BUILD.gn @@ -16,8 +16,9 @@ import("//build/test.gni") ohos_unittest("AppSpawn_ut") { module_out_path = "appspawn/appspawn" + cflags = [ "-Dprivate=public" ] if (appspawn_unittest_coverage) { - cflags = [ "--coverage" ] + cflags += [ "--coverage" ] ldflags = [ "--coverage" ] cflags_cc = [ "--coverage" ] } @@ -150,8 +151,10 @@ ohos_unittest("AppSpawn_ut") { defines += [ "APPSPAWN_SANDBOX_NEW" ] } else { sources += [ - "${appspawn_path}/modules/sandbox/sandbox_shared_mount.cpp", - "${appspawn_path}/modules/sandbox/sandbox_utils.cpp", + "${appspawn_path}/modules/sandbox/normal/sandbox_shared_mount.cpp", + "${appspawn_path}/modules/sandbox/normal/sandbox_core.cpp", + "${appspawn_path}/modules/sandbox/normal/sandbox_common.cpp", + "${appspawn_path}/modules/sandbox/normal/appspawn_sandbox_manager.cpp", "${appspawn_path}/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp", ] } @@ -226,8 +229,9 @@ ohos_unittest("AppSpawn_ut") { ohos_unittest("AppSpawn_coldrun_ut") { module_out_path = "appspawn/appspawn" + cflags = [ "-Dprivate=public" ] if (appspawn_unittest_coverage) { - cflags = [ "--coverage" ] + cflags += [ "--coverage" ] ldflags = [ "--coverage" ] cflags_cc = [ "--coverage" ] } @@ -350,8 +354,10 @@ ohos_unittest("AppSpawn_coldrun_ut") { sources += [ "${appspawn_path}/modules/sandbox/sandbox_shared.c" ] } else { sources += [ - "${appspawn_path}/modules/sandbox/sandbox_shared_mount.cpp", - "${appspawn_path}/modules/sandbox/sandbox_utils.cpp", + "${appspawn_path}/modules/sandbox/normal/sandbox_shared_mount.cpp", + "${appspawn_path}/modules/sandbox/normal/sandbox_core.cpp", + "${appspawn_path}/modules/sandbox/normal/sandbox_common.cpp", + "${appspawn_path}/modules/sandbox/normal/appspawn_sandbox_manager.cpp", ] } @@ -419,8 +425,9 @@ ohos_unittest("AppSpawn_coldrun_ut") { ohos_unittest("AppSpawn_common_ut") { module_out_path = "appspawn/appspawn" + cflags = [ "-Dprivate=public" ] if (appspawn_unittest_coverage) { - cflags = [ "--coverage" ] + cflags += [ "--coverage" ] ldflags = [ "--coverage" ] cflags_cc = [ "--coverage" ] } @@ -540,8 +547,10 @@ ohos_unittest("AppSpawn_common_ut") { sources += [ "${appspawn_path}/modules/sandbox/sandbox_shared.c" ] } else { sources += [ - "${appspawn_path}/modules/sandbox/sandbox_shared_mount.cpp", - "${appspawn_path}/modules/sandbox/sandbox_utils.cpp", + "${appspawn_path}/modules/sandbox/normal/sandbox_shared_mount.cpp", + "${appspawn_path}/modules/sandbox/normal/sandbox_core.cpp", + "${appspawn_path}/modules/sandbox/normal/sandbox_common.cpp", + "${appspawn_path}/modules/sandbox/normal/appspawn_sandbox_manager.cpp", ] } diff --git a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp index a8d6bb9f..d0e46d92 100644 --- a/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp +++ b/test/unittest/app_spawn_standard_test/app_spawn_sandbox_test.cpp @@ -23,7 +23,9 @@ #include "appspawn_service.h" #include "json_utils.h" #include "parameter.h" -#include "sandbox_utils.h" +#include "sandbox_def.h" +#include "sandbox_core.h" +#include "sandbox_common.h" #include "securec.h" #include "app_spawn_stub.h" @@ -34,7 +36,6 @@ using namespace testing; using namespace testing::ext; using namespace OHOS::AppSpawn; -using nlohmann::json; namespace OHOS { AppSpawnTestHelper g_testHelper; @@ -51,9 +52,33 @@ void AppSpawnSandboxTest::SetUpTestCase() {} void AppSpawnSandboxTest::TearDownTestCase() {} -void AppSpawnSandboxTest::SetUp() {} +void AppSpawnSandboxTest::SetUp() { + const TestInfo *info = UnitTest::GetInstance()->current_test_info(); + GTEST_LOG_(INFO) << info->test_suite_name() << "." << info->name() << " start"; + APPSPAWN_LOGI("%{public}s.%{public}s start", info->test_suite_name(), info->name()); -void AppSpawnSandboxTest::TearDown() {} + std::vector &appVec = + AppSpawn::SandboxCommon::GetCJsonConfig(SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); + appVec.erase(appVec.begin(), appVec.end()); + + std::vector &isolatedVec = + AppSpawn::SandboxCommon::GetCJsonConfig(SandboxCommonDef::SANDBOX_ISOLATED_JSON_CONFIG); + isolatedVec.erase(isolatedVec.begin(), isolatedVec.end()); +} + +void AppSpawnSandboxTest::TearDown() { + std::vector &appVec = + AppSpawn::SandboxCommon::GetCJsonConfig(SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); + appVec.erase(appVec.begin(), appVec.end()); + + std::vector &isolatedVec = + AppSpawn::SandboxCommon::GetCJsonConfig(SandboxCommonDef::SANDBOX_ISOLATED_JSON_CONFIG); + isolatedVec.erase(isolatedVec.begin(), isolatedVec.end()); + + const TestInfo *info = UnitTest::GetInstance()->current_test_info(); + GTEST_LOG_(INFO) << info->test_suite_name() << "." << info->name() << " end"; + APPSPAWN_LOGI("%{public}s.%{public}s end", info->test_suite_name(), info->name()); +} static AppSpawningCtx *GetTestAppProperty() { @@ -85,14 +110,14 @@ static AppSpawningCtx *GetTestAppPropertyWithExtInfo(const char *name, const cha */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_08, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_08 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("ohos.samples.ecg"); AppSpawningCtx *appProperty = GetTestAppProperty(); - OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty); + int32_t ret = AppSpawn::SandboxCore::SetAppSandboxProperty(appProperty, CLONE_NEWPID); + EXPECT_EQ(ret, 0); + DeleteAppSpawningCtx(appProperty); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_08 end"; } /** @@ -104,70 +129,62 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_08, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_09, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_09 start"; g_testHelper.SetProcessName("com.ohos.dlpmanager"); g_testHelper.SetTestApl("normal"); AppSpawningCtx *appProperty = GetTestAppProperty(); - OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty); + int32_t ret = AppSpawn::SandboxCore::SetAppSandboxProperty(appProperty, CLONE_NEWPID); + EXPECT_EQ(ret, 0); + DeleteAppSpawningCtx(appProperty); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_09 end"; } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_09_1, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_09_1 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("com.ohos.dlpmanager"); g_testHelper.SetTestApl("normal"); - AppSpawningCtx *appProperty = GetTestAppProperty(); - int ret = OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(nullptr); + int32_t ret = AppSpawn::SandboxCore::SetAppSandboxProperty(nullptr, CLONE_NEWPID); EXPECT_NE(ret, 0); - DeleteAppSpawningCtx(appProperty); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_09_1 end"; } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_09_2, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_09_1 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName(""); g_testHelper.SetTestApl("normal"); AppSpawningCtx *appProperty = GetTestAppProperty(); - - int ret = OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty); + int32_t ret = AppSpawn::SandboxCore::SetAppSandboxProperty(appProperty, CLONE_NEWPID); EXPECT_NE(ret, 0); + DeleteAppSpawningCtx(appProperty); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_09_1 end"; } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_09_3, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_09_1 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("com.\\ohos.dlpmanager"); g_testHelper.SetTestApl("normal"); AppSpawningCtx *appProperty = GetTestAppProperty(); - int ret = OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty); + int32_t ret = AppSpawn::SandboxCore::SetAppSandboxProperty(appProperty, CLONE_NEWPID); EXPECT_NE(ret, 0); + DeleteAppSpawningCtx(appProperty); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_09_1 end"; } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_09_4, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_09_1 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("com./ohos.dlpmanager"); g_testHelper.SetTestApl("normal"); AppSpawningCtx *appProperty = GetTestAppProperty(); - int ret = OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty); + int32_t ret = AppSpawn::SandboxCore::SetAppSandboxProperty(appProperty, CLONE_NEWPID); EXPECT_NE(ret, 0); + DeleteAppSpawningCtx(appProperty); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_09_1 end"; } /** @@ -179,7 +196,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_09_4, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_10, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_10 start"; std::string mJsconfig = "{ \ \"common\":[{ \ \"top-sandbox-switch\": \"ON\", \ @@ -197,19 +213,20 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_10, TestSize.Level0) }], \ \"individual\": [] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); - GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("test.appspawn"); g_testHelper.SetTestApl("normal"); AppSpawningCtx *appProperty = GetTestAppProperty(); - GTEST_LOG_(INFO) << "SetAppSandboxProperty section 2" << std::endl; - OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty); + int32_t ret = AppSpawn::SandboxCore::SetAppSandboxProperty(appProperty, CLONE_NEWPID); + EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config); DeleteAppSpawningCtx(appProperty); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_10 end"; } /** @@ -221,7 +238,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_10, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_13, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_13 start"; std::string mJsconfig = "{ \ \"common\":[{ \ \"app-base\":[{ \ @@ -238,19 +254,20 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_13, TestSize.Level0) }], \ \"individual\": [] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); - GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("test.appspawn"); g_testHelper.SetTestApl("normal"); AppSpawningCtx *appProperty = GetTestAppProperty(); - OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty); + int32_t ret = AppSpawn::SandboxCore::SetAppSandboxProperty(appProperty, CLONE_NEWPID); + EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config); DeleteAppSpawningCtx(appProperty); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_13 end"; } /** @@ -262,7 +279,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_13, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_14, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_14 start"; std::string mJsconfig = "{ \ \"common\":[{ \ \"app-base\":[{ \ @@ -278,22 +294,20 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_14, TestSize.Level0) }], \ \"individual\": [] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); - - GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl; + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("test.appspawn"); g_testHelper.SetTestApl("normal"); AppSpawningCtx *appProperty = GetTestAppProperty(); + int32_t ret = AppSpawn::SandboxCore::SetAppSandboxProperty(appProperty, CLONE_NEWPID); + EXPECT_EQ(ret, 0); - GTEST_LOG_(INFO) << "SetAppSandboxProperty section 2" << std::endl; - OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty); + cJSON_Delete(j_config); DeleteAppSpawningCtx(appProperty); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_14 end"; } /** @@ -305,7 +319,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_14, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_15, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_15 start"; std::string mJsconfig = "{ \ \"common\":[{ \ \"app-base\":[{ \ @@ -322,20 +335,20 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_15, TestSize.Level0) }], \ \"individual\": [] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); - - GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("test.appspawn"); g_testHelper.SetTestApl("normal"); AppSpawningCtx *appProperty = GetTestAppProperty(); - GTEST_LOG_(INFO) << "SetAppSandboxProperty section 2" << std::endl; - OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty); + int32_t ret = AppSpawn::SandboxCore::SetAppSandboxProperty(appProperty, CLONE_NEWPID); + EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config); DeleteAppSpawningCtx(appProperty); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_15 end"; } /** @@ -347,7 +360,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_15, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_16, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_16 start"; std::string mJsconfig = "{ \ \"common\":[{ \ \"app-base\":[{ \ @@ -357,30 +369,30 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_16, TestSize.Level0) }], \ \"individual\": [] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); - - GTEST_LOG_(INFO) << "SetAppSandboxProperty start" << std::endl; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("test.appspawn"); g_testHelper.SetTestApl("normal"); AppSpawningCtx *appProperty = GetTestAppProperty(); - OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty); + int32_t ret = AppSpawn::SandboxCore::SetAppSandboxProperty(appProperty, CLONE_NEWPID); + EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config); DeleteAppSpawningCtx(appProperty); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_16 end"; } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_17, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_09 start"; - nlohmann::json appSandboxConfig; - bool rc = JsonUtils::GetJsonObjFromJson(appSandboxConfig, ""); - EXPECT_FALSE(rc); + cJSON *appSandboxConfig = GetJsonObjFromFile(""); + EXPECT_EQ(appSandboxConfig, nullptr); + std::string path(256, 'w'); // 256 test - rc = JsonUtils::GetJsonObjFromJson(appSandboxConfig, path); - EXPECT_FALSE(rc); + appSandboxConfig = GetJsonObjFromFile(path.c_str()); + EXPECT_EQ(appSandboxConfig, nullptr); std::string mJsconfig = "{ \ \"common\":[{ \ @@ -391,45 +403,51 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_17, TestSize.Level0) }], \ \"individual\": [] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); + + const char *value = GetStringFromJsonObj(j_config, "common"); + EXPECT_EQ(value, nullptr); - std::string value; - rc = JsonUtils::GetStringFromJson(j_config, "common", value); - EXPECT_FALSE(rc); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_09 end"; + cJSON_Delete(j_config); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_18, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_18 start"; std::string mJsconfig1 = "{ \ \"sandbox-switch\": \"ON\", \ \"sandbox-root\" : \"/mnt/sandbox//\" \ }"; - nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str()); - bool ret = OHOS::AppSpawn::SandboxUtils::GetSbxSwitchStatusByConfig(j_config1); + cJSON *j_config1 = cJSON_Parse(mJsconfig1.c_str()); + ASSERT_NE(j_config1, nullptr); + bool ret = AppSpawn::SandboxCommon::GetSwitchStatus(j_config1); EXPECT_TRUE(ret); std::string mJsconfig2 = "{ \ \"sandbox-switch\": \"OFF\", \ \"sandbox-root\" : \"/mnt/sandbox//\" \ }"; - nlohmann::json j_config2 = nlohmann::json::parse(mJsconfig2.c_str()); - ret = OHOS::AppSpawn::SandboxUtils::GetSbxSwitchStatusByConfig(j_config2); + cJSON *j_config2 = cJSON_Parse(mJsconfig2.c_str()); + ASSERT_NE(j_config2, nullptr); + ret = AppSpawn::SandboxCommon::GetSwitchStatus(j_config2); EXPECT_FALSE(ret); std::string mJsconfig3 = "{ \ \"sandbox-root\" : \"/mnt/sandbox//\" \ }"; - nlohmann::json j_config3 = nlohmann::json::parse(mJsconfig3.c_str()); - ret = OHOS::AppSpawn::SandboxUtils::GetSbxSwitchStatusByConfig(j_config3); + cJSON *j_config3 = cJSON_Parse(mJsconfig3.c_str()); + ASSERT_NE(j_config3, nullptr); + ret = AppSpawn::SandboxCommon::GetSwitchStatus(j_config3); EXPECT_TRUE(ret); + + cJSON_Delete(j_config1); + cJSON_Delete(j_config2); + cJSON_Delete(j_config3); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_20, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_20 start"; std::string mJsconfig = "{ \ \"common\":[{ \ \"top-sandbox-switch\": \"OFF\", \ @@ -440,16 +458,17 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_20, TestSize.Level0) }], \ \"individual\": [] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("test.appspawn"); g_testHelper.SetTestApl("normal"); AppSpawningCtx *appProperty = GetTestAppProperty(); - - OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty); + int32_t ret = AppSpawn::SandboxCore::SetAppSandboxProperty(appProperty, CLONE_NEWPID); + EXPECT_EQ(ret, 0); std::string mJsconfig1 = "{ \ \"common\":[{ \ @@ -465,29 +484,33 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_20, TestSize.Level0) }] \ }] \ }"; - nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config1, SANBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::SetAppSandboxProperty(appProperty); + cJSON *j_config1 = cJSON_Parse(mJsconfig1.c_str()); + ASSERT_NE(j_config1, nullptr); + + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config1, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); + ret = AppSpawn::SandboxCore::SetAppSandboxProperty(appProperty, CLONE_NEWPID); + EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config); + cJSON_Delete(j_config1); DeleteAppSpawningCtx(appProperty); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_21, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_21 start"; - - bool ret = OHOS::AppSpawn::SandboxUtils::CheckBundleNameForPrivate(std::string("__internal__")); + bool ret = AppSpawn::SandboxCommon::HasPrivateInBundleName(std::string("__internal__")); EXPECT_FALSE(ret); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_22, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_22 start"; std::string mJsconfig1 = "{ \ \"common\":[], \ \"individual\": [] \ }"; - nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config1, SANBOX_APP_JSON_CONFIG); + cJSON *j_config = cJSON_Parse(mJsconfig1.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test @@ -497,24 +520,15 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_22, TestSize.Level0) const char *strl1 = "/mnt/sandbox/100/test.bundle1"; std::string testBundle = strl1; - int ret = OHOS::AppSpawn::SandboxUtils::SetCommonAppSandboxProperty(appProperty, testBundle); - DeleteAppSpawningCtx(appProperty); + int32_t ret = AppSpawn::SandboxCore::SetCommonAppSandboxProperty(appProperty, testBundle); EXPECT_EQ(ret, 0); -} -HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_23, TestSize.Level0) -{ - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_23 start"; - const char *strl1 = "/mnt/sandbox/100/test.bundle1"; - std::string testBundle = strl1; - int ret = OHOS::AppSpawn::SandboxUtils::SetRenderSandboxProperty(nullptr, testBundle); - EXPECT_EQ(ret, 0); + cJSON_Delete(j_config); + DeleteAppSpawningCtx(appProperty); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_24, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_24 start"; - g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("test.bundle.name1"); @@ -542,8 +556,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_24, TestSize.Level0) }] \ }] \ }"; - nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str()); - int ret = OHOS::AppSpawn::SandboxUtils::DoSandboxFileCommonSymlink(appProperty, j_config1); + cJSON *j_config1 = cJSON_Parse(mJsconfig1.c_str()); + ASSERT_NE(j_config1, nullptr); + int32_t ret = AppSpawn::SandboxCore::DoSandboxFileCommonSymlink(appProperty, j_config1); EXPECT_EQ(ret, 0); std::string mJsconfig2 = "{ \ @@ -558,15 +573,18 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_24, TestSize.Level0) }] \ }] \ }"; - nlohmann::json j_config2 = nlohmann::json::parse(mJsconfig2.c_str()); - ret = OHOS::AppSpawn::SandboxUtils::DoSandboxFileCommonSymlink(appProperty, j_config2); - DeleteAppSpawningCtx(appProperty); + cJSON *j_config2 = cJSON_Parse(mJsconfig2.c_str()); + ASSERT_NE(j_config2, nullptr); + ret = AppSpawn::SandboxCore::DoSandboxFileCommonSymlink(appProperty, j_config2); EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config1); + cJSON_Delete(j_config2); + DeleteAppSpawningCtx(appProperty); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_25, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_25 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("test.bundle.wps"); @@ -596,23 +614,26 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_25, TestSize.Level0) }] \ }] \ }"; - nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str()); - int ret = OHOS::AppSpawn::SandboxUtils::DoSandboxFileCommonBind(appProperty, j_config1); + cJSON *j_config1 = cJSON_Parse(mJsconfig1.c_str()); + ASSERT_NE(j_config1, nullptr); + int32_t ret = AppSpawn::SandboxCore::DoSandboxFileCommonBind(appProperty, j_config1); EXPECT_EQ(ret, 0); - ret = OHOS::AppSpawn::SandboxUtils::DoSandboxFileCommonFlagsPointHandle(appProperty, j_config1); - DeleteAppSpawningCtx(appProperty); + ret = AppSpawn::SandboxCore::DoSandboxFileCommonFlagsPointHandle(appProperty, j_config1); EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config1); + DeleteAppSpawningCtx(appProperty); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_26, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_26 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("com.ohos.dlpmanager"); g_testHelper.SetTestApl("system_basic"); AppSpawningCtx *appProperty = GetTestAppProperty(); + std::string mJsconfig2 = "{ \ \"common\":[{ \ \"app-base\" : [{ \ @@ -627,15 +648,17 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_26, TestSize.Level0) }] \ }] \ }"; - nlohmann::json j_config2 = nlohmann::json::parse(mJsconfig2.c_str()); - int ret = OHOS::AppSpawn::SandboxUtils::DoSandboxFileCommonBind(appProperty, j_config2); - DeleteAppSpawningCtx(appProperty); + cJSON *j_config2 = cJSON_Parse(mJsconfig2.c_str()); + ASSERT_NE(j_config2, nullptr); + int32_t ret = AppSpawn::SandboxCore::DoSandboxFileCommonBind(appProperty, j_config2); EXPECT_NE(ret, 0); + + cJSON_Delete(j_config2); + DeleteAppSpawningCtx(appProperty); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_27, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_27 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("test.bundle.name"); @@ -650,8 +673,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_27, TestSize.Level0) }] \ }] \ }"; - nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str()); - int ret = OHOS::AppSpawn::SandboxUtils::DoSandboxFilePrivateFlagsPointHandle(appProperty, j_config1); + cJSON *j_config1 = cJSON_Parse(mJsconfig1.c_str()); + ASSERT_NE(j_config1, nullptr); + int32_t ret = AppSpawn::SandboxCore::DoSandboxFilePrivateFlagsPointHandle(appProperty, j_config1); EXPECT_EQ(ret, 0); std::string mJsconfig2 = "{ \ @@ -671,15 +695,18 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_27, TestSize.Level0) }] \ }] \ }"; - nlohmann::json j_config2 = nlohmann::json::parse(mJsconfig2.c_str()); - ret = OHOS::AppSpawn::SandboxUtils::DoSandboxFilePrivateFlagsPointHandle(appProperty, j_config2); - DeleteAppSpawningCtx(appProperty); + cJSON *j_config2 = cJSON_Parse(mJsconfig2.c_str()); + ASSERT_NE(j_config2, nullptr); + ret = AppSpawn::SandboxCore::DoSandboxFilePrivateFlagsPointHandle(appProperty, j_config2); EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config1); + cJSON_Delete(j_config2); + DeleteAppSpawningCtx(appProperty); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_28, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_28 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("test.bundle.name"); @@ -705,15 +732,17 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_28, TestSize.Level0) }] \ }] \ }"; - nlohmann::json j_config3 = nlohmann::json::parse(mJsconfig3.c_str()); - int ret = OHOS::AppSpawn::SandboxUtils::DoSandboxFilePrivateFlagsPointHandle(appProperty, j_config3); - DeleteAppSpawningCtx(appProperty); + cJSON *j_config3 = cJSON_Parse(mJsconfig3.c_str()); + ASSERT_NE(j_config3, nullptr); + int ret = AppSpawn::SandboxCore::DoSandboxFilePrivateFlagsPointHandle(appProperty, j_config3); EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config3); + DeleteAppSpawningCtx(appProperty); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_29, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_29 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("test.bundle.name"); @@ -739,15 +768,17 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_29, TestSize.Level0) }] \ }] \ }"; - nlohmann::json j_config3 = nlohmann::json::parse(mJsconfig3.c_str()); - int ret = OHOS::AppSpawn::SandboxUtils::DoSandboxFilePrivateFlagsPointHandle(appProperty, j_config3); - DeleteAppSpawningCtx(appProperty); + cJSON *j_config3 = cJSON_Parse(mJsconfig3.c_str()); + ASSERT_NE(j_config3, nullptr); + int ret = AppSpawn::SandboxCore::DoSandboxFilePrivateFlagsPointHandle(appProperty, j_config3); EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config3); + DeleteAppSpawningCtx(appProperty); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_30, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_30 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("com.ohos.wps"); @@ -765,8 +796,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_30, TestSize.Level0) \"check-action-status\": \"false\" \ }] \ }"; - nlohmann::json j_config3 = nlohmann::json::parse(mJsconfig3.c_str()); - int ret = OHOS::AppSpawn::SandboxUtils::DoAllMntPointsMount(appProperty, j_config3, nullptr); + cJSON *j_config3 = cJSON_Parse(mJsconfig3.c_str()); + ASSERT_NE(j_config3, nullptr); + int32_t ret = AppSpawn::SandboxCore::DoAllMntPointsMount(appProperty, j_config3, nullptr); EXPECT_EQ(ret, 0); std::string mJsconfig4 = "{ \ @@ -779,15 +811,18 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_30, TestSize.Level0) \"check-action-status\": \"false\" \ }] \ }"; - nlohmann::json j_config4 = nlohmann::json::parse(mJsconfig4.c_str()); - ret = OHOS::AppSpawn::SandboxUtils::DoAllMntPointsMount(appProperty, j_config4, nullptr); - DeleteAppSpawningCtx(appProperty); + cJSON *j_config4 = cJSON_Parse(mJsconfig4.c_str()); + ASSERT_NE(j_config4, nullptr); + ret = AppSpawn::SandboxCore::DoAllMntPointsMount(appProperty, j_config4, nullptr); EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config3); + cJSON_Delete(j_config4); + DeleteAppSpawningCtx(appProperty); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_31, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_31 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("com.ohos.dlpmanager"); @@ -804,8 +839,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_31, TestSize.Level0) \"check-action-status\": \"false\" \ }] \ }"; - nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str()); - int ret = OHOS::AppSpawn::SandboxUtils::DoAllMntPointsMount(appProperty, j_config1, nullptr); + cJSON *j_config1 = cJSON_Parse(mJsconfig1.c_str()); + ASSERT_NE(j_config1, nullptr); + int32_t ret = AppSpawn::SandboxCore::DoAllMntPointsMount(appProperty, j_config1, nullptr); EXPECT_EQ(ret, 0); std::string mJsconfig2 = "{ \ @@ -826,32 +862,36 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_31, TestSize.Level0) \"check-action-status\": \"true\" \ }] \ }"; + cJSON *j_config2 = cJSON_Parse(mJsconfig2.c_str()); + ASSERT_NE(j_config2, nullptr); + ret = AppSpawn::SandboxCore::DoAllMntPointsMount(appProperty, j_config2, nullptr); + EXPECT_NE(ret, 0); - nlohmann::json j_config2 = nlohmann::json::parse(mJsconfig2.c_str()); - ret = OHOS::AppSpawn::SandboxUtils::DoAllMntPointsMount(appProperty, j_config2, nullptr); + cJSON_Delete(j_config1); + cJSON_Delete(j_config2); DeleteAppSpawningCtx(appProperty); - EXPECT_TRUE(ret != 0); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_32, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_32 start"; - int ret = OHOS::AppSpawn::SandboxUtils::DoAppSandboxMountOnce(nullptr, nullptr); + int32_t ret = AppSpawn::SandboxCommon::DoAppSandboxMountOnce(nullptr, nullptr); EXPECT_EQ(ret, 0); std::string mJsconfig1 = "{ \ \"dest-mode\" : \"S_IRUSR|S_IWUSR|S_IXUSR\" \ }"; - nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str()); + cJSON *j_config1 = cJSON_Parse(mJsconfig1.c_str()); + ASSERT_NE(j_config1, nullptr); std::string sandboxRoot; const char *str = "/data/test11122"; sandboxRoot = str; - OHOS::AppSpawn::SandboxUtils::DoSandboxChmod(j_config1, sandboxRoot); + AppSpawn::SandboxCommon::SetSandboxPathChmod(j_config1, sandboxRoot); + + cJSON_Delete(j_config1); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_34, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_34 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("com.ohos.dlpmanager"); @@ -865,19 +905,19 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_34, TestSize.Level0) \"versions\":[\"v10001\", \"v10002\"] \ }"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); + EXPECT_EQ(ret, 0); + DeleteAppSpawningCtx(appProperty); - EXPECT_EQ(0, ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_34 end"; } static void InvalidJsonTest(std::string &testBundle) { char hspListStr[] = "{"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); DeleteAppSpawningCtx(appProperty); - EXPECT_NE(0, ret); + EXPECT_EQ(ret, 0); } static void NoBundleTest(std::string &testBundle) @@ -887,9 +927,9 @@ static void NoBundleTest(std::string &testBundle) \"versions\":[\"v10001\", \"v10002\"] \ }"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); DeleteAppSpawningCtx(appProperty); - EXPECT_NE(0, ret); + EXPECT_NE(ret, 0); } static void NoModulesTest(std::string &testBundle) @@ -900,9 +940,9 @@ static void NoModulesTest(std::string &testBundle) }"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); DeleteAppSpawningCtx(appProperty); - EXPECT_NE(0, ret); + EXPECT_NE(ret, 0); } static void NoVersionsTest(std::string &testBundle) @@ -912,9 +952,9 @@ static void NoVersionsTest(std::string &testBundle) \"modules\":[\"module1\", \"module2\"] \ }"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); DeleteAppSpawningCtx(appProperty); - EXPECT_NE(0, ret); + EXPECT_NE(ret, 0); } static void ListSizeNotSameTest(std::string &testBundle) @@ -925,9 +965,9 @@ static void ListSizeNotSameTest(std::string &testBundle) \"versions\":[\"v10001\", \"v10002\"] \ }"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); DeleteAppSpawningCtx(appProperty); - EXPECT_NE(0, ret); + EXPECT_NE(ret, 0); } static void ValueTypeIsNotArraryTest(std::string &testBundle) @@ -938,9 +978,9 @@ static void ValueTypeIsNotArraryTest(std::string &testBundle) \"versions\": 1001 \ }"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); DeleteAppSpawningCtx(appProperty); - EXPECT_NE(0, ret); + EXPECT_NE(ret, 0); } static void ElementTypeIsNotStringTest(std::string &testBundle) @@ -951,9 +991,9 @@ static void ElementTypeIsNotStringTest(std::string &testBundle) \"versions\": [1001, 1002] \ }"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); DeleteAppSpawningCtx(appProperty); - EXPECT_NE(0, ret); + EXPECT_NE(ret, 0); } static void ElementTypeIsNotSameTestSN(std::string &testBundle) @@ -965,9 +1005,9 @@ static void ElementTypeIsNotSameTestSN(std::string &testBundle) \"versions\": [\"v10001\", 1002] \ }"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); DeleteAppSpawningCtx(appProperty); - EXPECT_NE(0, ret); + EXPECT_NE(ret, 0); } static void ElementTypeIsNotSameTestNS(std::string &testBundle) @@ -979,14 +1019,13 @@ static void ElementTypeIsNotSameTestNS(std::string &testBundle) \"versions\": [1001, \"v10002\"] \ }"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); DeleteAppSpawningCtx(appProperty); - EXPECT_NE(0, ret); + EXPECT_NE(ret, 0); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_35, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_35 start"; const char *strl1 = "/mnt/sandbox/100/test.bundle1"; std::string testBundle = strl1; InvalidJsonTest(testBundle); @@ -998,12 +1037,10 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_35, TestSize.Level0) ElementTypeIsNotStringTest(testBundle); ElementTypeIsNotSameTestSN(testBundle); ElementTypeIsNotSameTestNS(testBundle); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_35 end"; } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_36, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_36 start"; const char *strl1 = "/mnt/sandbox/100/test.bundle1"; std::string testBundle = strl1; @@ -1014,9 +1051,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_36, TestSize.Level0) \"versions\":[\"v10001\", \"v10002\"] \ }"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); DeleteAppSpawningCtx(appProperty); - EXPECT_NE(0, ret); + EXPECT_NE(ret, 0); } { // name is . char hspListStr[] = "{ \ @@ -1025,9 +1062,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_36, TestSize.Level0) \"versions\":[\"v10001\", \"v10002\"] \ }"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); DeleteAppSpawningCtx(appProperty); - EXPECT_NE(0, ret); + EXPECT_NE(ret, 0); } { // name is .. char hspListStr[] = "{ \ @@ -1036,9 +1073,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_36, TestSize.Level0) \"versions\":[\"v10001\", \"v10002\"] \ }"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); DeleteAppSpawningCtx(appProperty); - EXPECT_NE(0, ret); + EXPECT_NE(ret, 0); } { // name contains / char hspListStr[] = "{ \ @@ -1047,16 +1084,14 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_36, TestSize.Level0) \"versions\":[\"v10001\", \"v10002\"] \ }"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("HspList", hspListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllHsp(appProperty, testBundle); + int32_t ret = AppSpawn::SandboxCore::MountAllHsp(appProperty, testBundle); DeleteAppSpawningCtx(appProperty); - EXPECT_NE(0, ret); + EXPECT_NE(ret, 0); } - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_36 end"; } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_37, TestSize.Level0) { - APPSPAWN_LOGI("App_Spawn_Sandbox_37 start"); g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("ohos.samples.xxx"); @@ -1064,22 +1099,21 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_37, TestSize.Level0) AppSpawningCtx *appProperty = GetTestAppProperty(); AppSpawnMgr content; - LoadAppSandboxConfig(&content); + AppSpawn::SandboxCommon::LoadAppSandboxConfigCJson(&content); std::string sandboxPackagePath = "/mnt/sandbox/100/"; const std::string bundleName = GetBundleName(appProperty); sandboxPackagePath += bundleName; - int ret = SandboxUtils::SetPrivateAppSandboxProperty(appProperty); - EXPECT_EQ(0, ret); - ret = SandboxUtils::SetCommonAppSandboxProperty(appProperty, sandboxPackagePath); + int32_t ret = AppSpawn::SandboxCore::SetPrivateAppSandboxProperty(appProperty); + EXPECT_EQ(ret, 0); + ret = AppSpawn::SandboxCore::SetCommonAppSandboxProperty(appProperty, sandboxPackagePath); + EXPECT_EQ(ret, 0); + DeleteAppSpawningCtx(appProperty); - EXPECT_EQ(0, ret); - APPSPAWN_LOGI("App_Spawn_Sandbox_37 end"); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_38, TestSize.Level0) { - APPSPAWN_LOGI("App_Spawn_Sandbox_38 start"); g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("com.example.deviceinfo"); @@ -1108,19 +1142,20 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_38, TestSize.Level0) }] \ }] \ }"; - - nlohmann::json p_config1 = nlohmann::json::parse(pJsconfig1.c_str()); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(p_config1, SANBOX_APP_JSON_CONFIG); + cJSON *j_config = cJSON_Parse(pJsconfig1.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); std::string sandboxPackagePath = "/mnt/sandbox/100/"; const std::string bundleName = GetBundleName(appProperty); sandboxPackagePath += bundleName; - int ret = SandboxUtils::SetPrivateAppSandboxProperty(appProperty); - EXPECT_EQ(0, ret); - ret = SandboxUtils::SetCommonAppSandboxProperty(appProperty, sandboxPackagePath); + int32_t ret = AppSpawn::SandboxCore::SetPrivateAppSandboxProperty(appProperty); + EXPECT_EQ(ret, 0); + ret = AppSpawn::SandboxCore::SetCommonAppSandboxProperty(appProperty, sandboxPackagePath); + EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config); DeleteAppSpawningCtx(appProperty); - EXPECT_EQ(0, ret); - APPSPAWN_LOGI("App_Spawn_Sandbox_38 end"); } /** @@ -1132,7 +1167,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_38, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_39, TestSize.Level0) { - APPSPAWN_LOGI("App_Spawn_Sandbox_39 start"); g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("com.ohos.demo"); @@ -1143,11 +1177,12 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_39, TestSize.Level0) overlayInfo += "/data/app/el1/bundle/public/com.ohos.demo/feature.hsp|"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("Overlay", overlayInfo.c_str()); std::string sandBoxRootDir = "/mnt/sandbox/100/com.ohos.demo"; - int32_t ret = OHOS::AppSpawn::SandboxUtils::SetOverlayAppSandboxProperty(appProperty, sandBoxRootDir); + int32_t ret = AppSpawn::SandboxCore::SetOverlayAppSandboxProperty(appProperty, sandBoxRootDir); + EXPECT_EQ(ret, 0); + DeleteAppSpawningCtx(appProperty); - EXPECT_EQ(0, ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_39 end"; } + /** * @tc.name: App_Spawn_Sandbox_40 * @tc.desc: load group info config SetAppSandboxProperty @@ -1157,7 +1192,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_39, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_40, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_40 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("com.ohos.demo"); @@ -1179,22 +1213,21 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_40, TestSize.Level0) } ])"; AppSpawningCtx *appProperty = GetTestAppPropertyWithExtInfo("DataGroup", dataGroupInfoListStr); - int ret = OHOS::AppSpawn::SandboxUtils::MountAllGroup(appProperty, sandboxPrefix); + int32_t ret = AppSpawn::SandboxCore::MountAllGroup(appProperty, sandboxPrefix); + EXPECT_EQ(ret, 0); + DeleteAppSpawningCtx(appProperty); - EXPECT_EQ(0, ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_40 end"; } /** * @tc.name: App_Spawn_Sandbox_41 - * @tc.desc: parse namespace config. + * @tc.desc: parse namespace config * @tc.type: FUNC * @tc.require:issueI8B63M * @tc.author: */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_41, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_41 start"; std::string mJsconfig = "{ \ \"common\":[{ \ \"top-sandbox-switch\": \"ON\", \ @@ -1214,29 +1247,28 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_41, TestSize.Level0) }] \ }] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); - uint32_t cloneFlags = OHOS::AppSpawn::SandboxUtils::GetSandboxNsFlags(false); + uint32_t cloneFlags = AppSpawn::SandboxCommon::GetSandboxNsFlags(false); EXPECT_EQ(!!(cloneFlags & CLONE_NEWPID), true); - cloneFlags = OHOS::AppSpawn::SandboxUtils::GetSandboxNsFlags(true); + cloneFlags = AppSpawn::SandboxCommon::GetSandboxNsFlags(true); EXPECT_EQ(!!(cloneFlags & (CLONE_NEWPID | CLONE_NEWNET)), true); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_41 end"; + cJSON_Delete(j_config); } /** * @tc.name: App_Spawn_Sandbox_42 - * @tc.desc: parse config file for fstype . + * @tc.desc: parse config file for fstype * @tc.type: FUNC * @tc.require: https://gitee.com/openharmony/startup_appspawn/issues/I8OF9K * @tc.author: */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_42, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_42 start"; std::string mJsconfig = "{ \ \"mount-paths\": [{ \ \"src-path\": \"/data/app/el1//base\", \ @@ -1247,16 +1279,26 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_42, TestSize.Level0) \"options\": \"support_overwrite=1\" \ }] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - const char *mountPath = "mount-paths"; - nlohmann::json j_secondConfig = j_config[mountPath][0]; - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); - - std::string fsType = OHOS::AppSpawn::SandboxUtils::GetSandboxFsType(j_secondConfig); - int ret = strcmp(fsType.c_str(), "sharefs"); - EXPECT_EQ(ret, 0); + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); + + int ret = 0; + do { + cJSON *mountPoints = cJSON_GetObjectItemCaseSensitive(j_config, "mount-paths"); + APPSPAWN_CHECK(mountPoints != nullptr || cJSON_IsArray(mountPoints), ret = -1; + break, "Invalid mountPaths config"); + + for (int i = 0; i < cJSON_GetArraySize(mountPoints); ++i) { + cJSON *mntPoint = cJSON_GetArrayItem(mountPoints, i); + APPSPAWN_CHECK(mntPoint != nullptr, ret = -2; break, "Invalid mountPoint config"); + std::string fsType = AppSpawn::SandboxCommon::GetFsType(mntPoint); + ret = strcmp(fsType.c_str(), "sharefs"); + } + EXPECT_EQ(ret, 0); + } while (0); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_42 end"; + cJSON_Delete(j_config); } /** @@ -1268,7 +1310,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_42, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_43, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_43 start"; std::string mJsconfig = "{ \ \"mount-paths\": [{ \ \"src-path\": \"/data/app/el1//base\", \ @@ -1279,18 +1320,29 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_43, TestSize.Level0) \"options\": \"support_overwrite=1\" \ }] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - const char *mountPath = "mount-paths"; - nlohmann::json j_secondConfig = j_config[mountPath][0]; + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::SandboxMountConfig mountConfig; - std::string section = "common"; + int ret = 0; AppSpawningCtx *appProperty = GetTestAppProperty(); - OHOS::AppSpawn::SandboxUtils::GetSandboxMountConfig(appProperty, section, j_secondConfig, mountConfig); - int ret = strcmp(mountConfig.fsType.c_str(), "sharefs"); - EXPECT_EQ(ret, 0); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_43 end"; + do { + cJSON *mountPoints = cJSON_GetObjectItemCaseSensitive(j_config, "mount-paths"); + APPSPAWN_CHECK(mountPoints != nullptr || cJSON_IsArray(mountPoints), ret = -1; + break, "Invalid mountPaths config"); + + for (int i = 0; i < cJSON_GetArraySize(mountPoints); ++i) { + cJSON *mntPoint = cJSON_GetArrayItem(mountPoints, i); + APPSPAWN_CHECK(mntPoint != nullptr, ret = -2; break, "Invalid mntPoint config"); + SandboxMountConfig mountConfig = {0}; + AppSpawn::SandboxCommon::GetSandboxMountConfig(appProperty, "common", mntPoint, mountConfig); + ret = strcmp(mountConfig.fsType.c_str(), "sharefs"); + } + EXPECT_EQ(ret, 0); + } while (0); + + cJSON_Delete(j_config); + DeleteAppSpawningCtx(appProperty); } /** @@ -1302,7 +1354,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_43, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_44, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_44 start"; std::string mJsconfig = "{ \ \"mount-paths\": [{ \ \"src-path\": \"/data/app/el1//base\", \ @@ -1313,18 +1364,29 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_44, TestSize.Level0) \"options\": \"support_overwrite=1\" \ }] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - const char *mountPath = "mount-paths"; - nlohmann::json j_secondConfig = j_config[mountPath][0]; + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::SandboxMountConfig mountConfig; - std::string section = "permission"; + int ret = 0; AppSpawningCtx *appProperty = GetTestAppProperty(); - OHOS::AppSpawn::SandboxUtils::GetSandboxMountConfig(appProperty, section, j_secondConfig, mountConfig); - int ret = strcmp(mountConfig.fsType.c_str(), "sharefs"); - EXPECT_EQ(ret, 0); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_44 end"; + do { + cJSON *mountPoints = cJSON_GetObjectItemCaseSensitive(j_config, "mount-paths"); + APPSPAWN_CHECK(mountPoints != nullptr || cJSON_IsArray(mountPoints), ret = -1; + break, "Invalid mountPaths config"); + + for (int i = 0; i < cJSON_GetArraySize(mountPoints); ++i) { + cJSON *mntPoint = cJSON_GetArrayItem(mountPoints, i); + APPSPAWN_CHECK(mntPoint != nullptr, ret = -2; break, "Invalid mntPoint config"); + SandboxMountConfig mountConfig = {0}; + AppSpawn::SandboxCommon::GetSandboxMountConfig(appProperty, "permission", mntPoint, mountConfig); + ret = strcmp(mountConfig.fsType.c_str(), "sharefs"); + } + EXPECT_EQ(ret, 0); + } while (0); + + cJSON_Delete(j_config); + DeleteAppSpawningCtx(appProperty); } /** @@ -1336,7 +1398,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_44, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_45, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_45 start"; std::string mJsconfig = "{ \ \"mount-paths\": [{ \ \"src-path\": \"/data/app/el1//base\", \ @@ -1347,21 +1408,32 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_45, TestSize.Level0) \"options\": \"support_overwrite=1\" \ }] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - const char *mountPath = "mount-paths"; - nlohmann::json j_secondConfig = j_config[mountPath][0]; + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); + int ret = 0; AppSpawningCtx *appProperty = GetTestAppProperty(); - std::string options = OHOS::AppSpawn::SandboxUtils::GetSandboxOptions(appProperty, j_secondConfig); - int ret = strcmp(options.c_str(), "support_overwrite=1,user_id=100"); - EXPECT_EQ(ret, 0); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_45 end"; + do { + cJSON *mountPoints = cJSON_GetObjectItemCaseSensitive(j_config, "mount-paths"); + APPSPAWN_CHECK(mountPoints != nullptr || cJSON_IsArray(mountPoints), ret = -1; + break, "Invalid mountPaths config"); + + for (int i = 0; i < cJSON_GetArraySize(mountPoints); ++i) { + cJSON *mntPoint = cJSON_GetArrayItem(mountPoints, i); + APPSPAWN_CHECK(mntPoint != nullptr, ret = -2; break, "Invalid mountPoint config"); + std::string options = AppSpawn::SandboxCommon::GetOptions(appProperty, mntPoint); + ret = strcmp(options.c_str(), "support_overwrite=1,user_id=100"); + } + EXPECT_EQ(ret, 0); + } while (0); + + cJSON_Delete(j_config); + DeleteAppSpawningCtx(appProperty); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_46, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_46 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("com.example.myapplication"); @@ -1378,8 +1450,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_46, TestSize.Level0) \"check-action-status\": \"false\" \ }] \ }"; - nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str()); - int ret = OHOS::AppSpawn::SandboxUtils::DoAllMntPointsMount(appProperty, j_config1, nullptr); + cJSON *j_config1 = cJSON_Parse(mJsconfig1.c_str()); + ASSERT_NE(j_config1, nullptr); + int32_t ret = AppSpawn::SandboxCore::DoAllMntPointsMount(appProperty, j_config1, nullptr); EXPECT_EQ(ret, 0); std::string mJsconfig2 = "{ \ @@ -1392,15 +1465,18 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_46, TestSize.Level0) \"create-sandbox-path\": \"true\" \ }] \ }"; - nlohmann::json j_config2 = nlohmann::json::parse(mJsconfig2.c_str()); - ret = OHOS::AppSpawn::SandboxUtils::DoAllMntPointsMount(appProperty, j_config2, nullptr); - DeleteAppSpawningCtx(appProperty); + cJSON *j_config2 = cJSON_Parse(mJsconfig2.c_str()); + ASSERT_NE(j_config2, nullptr); + ret = AppSpawn::SandboxCore::DoAllMntPointsMount(appProperty, j_config2, nullptr); EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config1); + cJSON_Delete(j_config2); + DeleteAppSpawningCtx(appProperty); } HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_47, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_47 start"; g_testHelper.SetTestUid(1000); // 1000 test g_testHelper.SetTestGid(1000); // 1000 test g_testHelper.SetProcessName("com.example.myapplication"); @@ -1417,8 +1493,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_47, TestSize.Level0) \"check-action-status\": \"false\" \ }] \ }"; - nlohmann::json j_config1 = nlohmann::json::parse(mJsconfig1.c_str()); - int ret = OHOS::AppSpawn::SandboxUtils::DoAllMntPointsMount(appProperty, j_config1, nullptr); + cJSON *j_config1 = cJSON_Parse(mJsconfig1.c_str()); + ASSERT_NE(j_config1, nullptr); + int32_t ret = AppSpawn::SandboxCore::DoAllMntPointsMount(appProperty, j_config1, nullptr); EXPECT_EQ(ret, 0); std::string mJsconfig2 = "{ \ @@ -1431,10 +1508,14 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_47, TestSize.Level0) \"create-sandbox-path\": \"false\" \ }] \ }"; - nlohmann::json j_config2 = nlohmann::json::parse(mJsconfig2.c_str()); - ret = OHOS::AppSpawn::SandboxUtils::DoAllMntPointsMount(appProperty, j_config2, nullptr); - DeleteAppSpawningCtx(appProperty); + cJSON *j_config2 = cJSON_Parse(mJsconfig2.c_str()); + ASSERT_NE(j_config2, nullptr); + ret = AppSpawn::SandboxCore::DoAllMntPointsMount(appProperty, j_config2, nullptr); EXPECT_EQ(ret, 0); + + cJSON_Delete(j_config1); + cJSON_Delete(j_config2); + DeleteAppSpawningCtx(appProperty); } /** * @brief 测试app extension @@ -1443,10 +1524,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_47, TestSize.Level0) HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_004, TestSize.Level0) { AppSpawningCtx *spawningCtx = GetTestAppProperty(); - std::string path = SandboxUtils::ConvertToRealPath(spawningCtx, "/system//module"); - APPSPAWN_LOGV("path %{public}s", path.c_str()); - ASSERT_EQ(path.c_str() != nullptr, 1); - ASSERT_EQ(strcmp(path.c_str(), "/system/com.example.myapplication/module") == 0, 1); + std::string path = AppSpawn::SandboxCommon::ConvertToRealPath(spawningCtx, "/system//module"); + ASSERT_NE(path.c_str(), nullptr); + ASSERT_EQ(strcmp(path.c_str(), "/system/com.example.myapplication/module"), 0); DeleteAppSpawningCtx(spawningCtx); } @@ -1457,10 +1537,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_005, TestSize.Level int ret = SetAppSpawnMsgFlag(spawningCtx->message, TLV_MSG_FLAGS, APP_FLAGS_CLONE_ENABLE); ASSERT_EQ(ret, 0); - std::string path = SandboxUtils::ConvertToRealPath(spawningCtx, "/system//module"); - APPSPAWN_LOGV("path %{public}s", path.c_str()); - ASSERT_EQ(path.c_str() != nullptr, 1); // +clone-bundleIndex+packageName - ASSERT_EQ(strcmp(path.c_str(), "/system/+clone-100+com.example.myapplication/module") == 0, 1); + std::string path = AppSpawn::SandboxCommon::ConvertToRealPath(spawningCtx, "/system//module"); + ASSERT_NE(path.c_str(), nullptr); // +clone-bundleIndex+packageName + ASSERT_EQ(strcmp(path.c_str(), "/system/+clone-100+com.example.myapplication/module"), 0); DeleteAppSpawningCtx(spawningCtx); } @@ -1478,10 +1557,10 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_006, TestSize.Level AppSpawningCtx *spawningCtx = g_testHelper.GetAppProperty(clientHandle, reqHandle); ASSERT_EQ(spawningCtx != nullptr, 1); - std::string path = SandboxUtils::ConvertToRealPath(spawningCtx, "/system//module"); - APPSPAWN_LOGV("path %{public}s", path.c_str()); - ASSERT_EQ(path.c_str() != nullptr, 1); // +extension-+packageName - ASSERT_EQ(strcmp(path.c_str(), "/system/+extension-test001+com.example.myapplication/module") == 0, 1); + std::string path = AppSpawn::SandboxCommon::ConvertToRealPath(spawningCtx, "/system//module"); + ASSERT_NE(path.c_str(), nullptr); // +extension-+packageName + ASSERT_EQ(strcmp(path.c_str(), "/system/+extension-test001+com.example.myapplication/module"), 0); + DeleteAppSpawningCtx(spawningCtx); AppSpawnClientDestroy(clientHandle); } @@ -1502,11 +1581,10 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_007, TestSize.Level AppSpawningCtx *spawningCtx = g_testHelper.GetAppProperty(clientHandle, reqHandle); ASSERT_EQ(spawningCtx != nullptr, 1); - std::string path = SandboxUtils::ConvertToRealPath(spawningCtx, "/system//module"); - APPSPAWN_LOGV("path %{public}s", path.c_str()); - ASSERT_EQ(path.c_str() != nullptr, 1); // +clone-bundleIndex+extension-+packageName + std::string path = AppSpawn::SandboxCommon::ConvertToRealPath(spawningCtx, "/system//module"); + ASSERT_NE(path.c_str(), nullptr); // +clone-bundleIndex+extension-+packageName + ASSERT_EQ(strcmp(path.c_str(), "/system/+clone-100+extension-test001+com.example.myapplication/module"), 0); - ASSERT_EQ(strcmp(path.c_str(), "/system/+clone-100+extension-test001+com.example.myapplication/module") == 0, 1); DeleteAppSpawningCtx(spawningCtx); AppSpawnClientDestroy(clientHandle); } @@ -1525,8 +1603,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_008, TestSize.Level AppSpawningCtx *spawningCtx = g_testHelper.GetAppProperty(clientHandle, reqHandle); ASSERT_EQ(spawningCtx != nullptr, 1); - std::string path = SandboxUtils::ConvertToRealPath(spawningCtx, "/system//module"); - APPSPAWN_LOGV("path %{public}s", path.c_str()); + std::string path = AppSpawn::SandboxCommon::ConvertToRealPath(spawningCtx, "/system//module"); ASSERT_STREQ(path.c_str(), ""); DeleteAppSpawningCtx(spawningCtx); @@ -1545,8 +1622,7 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_009, TestSize.Level AppSpawningCtx *spawningCtx = g_testHelper.GetAppProperty(clientHandle, reqHandle); ASSERT_EQ(spawningCtx != nullptr, 1); - std::string path = SandboxUtils::ConvertToRealPath(spawningCtx, "/system//module"); - APPSPAWN_LOGV("path %{public}s", path.c_str()); + std::string path = AppSpawn::SandboxCommon::ConvertToRealPath(spawningCtx, "/system//module"); ASSERT_STREQ(path.c_str(), ""); DeleteAppSpawningCtx(spawningCtx); @@ -1562,7 +1638,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_AppExtension_009, TestSize.Level #define DEC_PATH_SIZE 3 HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_01, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_dec_01 start"; std::string mJsconfig = "{ \ \"mount-paths\": [{ \ \"src-path\": \"\", \ @@ -1571,23 +1646,34 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_01, TestSize.Level0) \"dec-paths\": [ \"/storage/Users\", \"/storage/External\", \"/storage/test\" ] \ }] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - const char *mountPath = "mount-paths"; - nlohmann::json j_secondConfig = j_config[mountPath][0]; - std::string section = "permission"; - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::SandboxMountConfig mountConfig; + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); + + int ret = 0; AppSpawningCtx *appProperty = GetTestAppProperty(); - OHOS::AppSpawn::SandboxUtils::GetSandboxMountConfig(appProperty, section, j_secondConfig, mountConfig); - int decPathSize = mountConfig.decPaths.size(); - EXPECT_EQ(decPathSize, DEC_PATH_SIZE); - int ret = strcmp(mountConfig.decPaths[0].c_str(), "/storage/Users"); - EXPECT_EQ(ret, 0); - ret = strcmp(mountConfig.decPaths[1].c_str(), "/storage/External"); - EXPECT_EQ(ret, 0); - ret = strcmp(mountConfig.decPaths[2].c_str(), "/storage/test"); - EXPECT_EQ(ret, 0); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_dec_01 end"; + do { + cJSON *mountPoints = cJSON_GetObjectItemCaseSensitive(j_config, "mount-paths"); + APPSPAWN_CHECK(mountPoints != nullptr || cJSON_IsArray(mountPoints), ret = -1; + break, "Invalid mountPaths config"); + + for (int i = 0; i < cJSON_GetArraySize(mountPoints); ++i) { + cJSON *mntPoint = cJSON_GetArrayItem(mountPoints, i); + APPSPAWN_CHECK(mntPoint != nullptr, ret = -2; break, "Invalid mntPoint config"); + SandboxMountConfig mountConfig = {0}; + AppSpawn::SandboxCommon::GetSandboxMountConfig(appProperty, "permission", mntPoint, mountConfig); + + int decPathSize = mountConfig.decPaths.size(); + ASSERT_EQ(decPathSize, DEC_PATH_SIZE); + ret = strcmp(mountConfig.decPaths[0].c_str(), "/storage/Users") || + strcmp(mountConfig.decPaths[1].c_str(), "/storage/External") || + strcmp(mountConfig.decPaths[2].c_str(), "/storage/test"); + } + EXPECT_EQ(ret, 0); + } while (0); + + cJSON_Delete(j_config); + DeleteAppSpawningCtx(appProperty); } /** @@ -1598,7 +1684,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_01, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_02, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_dec_02 start"; std::string mJsconfig = "{ \ \"mount-paths\": [{ \ \"src-path\": \"\", \ @@ -1607,18 +1692,31 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_02, TestSize.Level0) \"dec-paths\": [ ] \ }] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - const char *mountPath = "mount-paths"; - nlohmann::json j_secondConfig = j_config[mountPath][0]; - std::string section = "permission"; - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::SandboxMountConfig mountConfig; + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); + + int ret = 0; AppSpawningCtx *appProperty = GetTestAppProperty(); - OHOS::AppSpawn::SandboxUtils::GetSandboxMountConfig(appProperty, section, j_secondConfig, mountConfig); - int decPathSize = mountConfig.decPaths.size(); - EXPECT_EQ(decPathSize, 0); + do { + cJSON *mountPoints = cJSON_GetObjectItemCaseSensitive(j_config, "mount-paths"); + APPSPAWN_CHECK(mountPoints != nullptr || cJSON_IsArray(mountPoints), ret = -1; + break, "Invalid mountPaths config"); + + for (int i = 0; i < cJSON_GetArraySize(mountPoints); ++i) { + cJSON *mntPoint = cJSON_GetArrayItem(mountPoints, i); + APPSPAWN_CHECK(mntPoint != nullptr, ret = -2; break, "Invalid mntPoint config"); + SandboxMountConfig mountConfig = {0}; + AppSpawn::SandboxCommon::GetSandboxMountConfig(appProperty, "permission", mntPoint, mountConfig); + + int decPathSize = mountConfig.decPaths.size(); + EXPECT_EQ(decPathSize, 0); + } + EXPECT_EQ(ret, 0); + } while (0); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_dec_02 end"; + cJSON_Delete(j_config); + DeleteAppSpawningCtx(appProperty); } /** @@ -1629,7 +1727,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_02, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_03, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_dec_03 start"; std::string mJsconfig = "{ \ \"mount-paths\": [{ \ \"src-path\": \"\", \ @@ -1638,18 +1735,32 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_03, TestSize.Level0) \"dec-paths\": [ \"/storage/Users\", \"/storage/External\", \"/storage/test\" ] \ }] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - const char *mountPath = "mount-paths"; - nlohmann::json j_secondConfig = j_config[mountPath][0]; - std::string section = "permission"; - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::SandboxMountConfig mountConfig; + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); + + int ret = 0; AppSpawningCtx *appProperty = GetTestAppProperty(); - OHOS::AppSpawn::SandboxUtils::GetSandboxMountConfig(appProperty, section, j_secondConfig, mountConfig); - int decPathSize = mountConfig.decPaths.size(); - EXPECT_EQ(decPathSize, DEC_PATH_SIZE); - OHOS::AppSpawn::SandboxUtils::SetDecPolicyWithPermission(appProperty, mountConfig); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_dec_03 end"; + do { + cJSON *mountPoints = cJSON_GetObjectItemCaseSensitive(j_config, "mount-paths"); + APPSPAWN_CHECK(mountPoints != nullptr || cJSON_IsArray(mountPoints), ret = -1; + break, "Invalid mountPaths config"); + + for (int i = 0; i < cJSON_GetArraySize(mountPoints); ++i) { + cJSON *mntPoint = cJSON_GetArrayItem(mountPoints, i); + APPSPAWN_CHECK(mntPoint != nullptr, ret = -2; break, "Invalid mntPoint config"); + SandboxMountConfig mountConfig = {0}; + AppSpawn::SandboxCommon::GetSandboxMountConfig(appProperty, "permission", mntPoint, mountConfig); + + int decPathSize = mountConfig.decPaths.size(); + EXPECT_EQ(decPathSize, DEC_PATH_SIZE); + ret = AppSpawn::SandboxCore::SetDecPolicyWithPermission(appProperty, mountConfig); + } + EXPECT_EQ(ret, 0); + } while (0); + + cJSON_Delete(j_config); + DeleteAppSpawningCtx(appProperty); } /** @@ -1660,7 +1771,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_03, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_04, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_dec_04 start"; std::string mJsconfig = "{ \ \"mount-paths\": [{ \ \"src-path\": \"\", \ @@ -1669,21 +1779,33 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_04, TestSize.Level0) \"dec-paths\": [ \"/storage/Users\", \"/storage/External\", \"/storage/test\" ] \ }] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - const char *mountPath = "mount-paths"; - nlohmann::json j_secondConfig = j_config[mountPath][0]; - std::string section = "permission"; - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::SandboxMountConfig mountConfig; - AppSpawningCtx *appProperty = GetTestAppProperty(); - OHOS::AppSpawn::SandboxUtils::GetSandboxMountConfig(appProperty, section, j_secondConfig, mountConfig); - int decPathSize = mountConfig.decPaths.size(); - EXPECT_EQ(decPathSize, DEC_PATH_SIZE); + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); - int ret = OHOS::AppSpawn::SandboxUtils::DoAllMntPointsMount(appProperty, j_config, nullptr, "permission"); + int ret = 0; + AppSpawningCtx *appProperty = GetTestAppProperty(); + do { + cJSON *mountPoints = cJSON_GetObjectItemCaseSensitive(j_config, "mount-paths"); + APPSPAWN_CHECK(mountPoints != nullptr || cJSON_IsArray(mountPoints), ret = -1; + break, "Invalid mountPaths config"); + + for (int i = 0; i < cJSON_GetArraySize(mountPoints); ++i) { + cJSON *mntPoint = cJSON_GetArrayItem(mountPoints, i); + APPSPAWN_CHECK(mntPoint != nullptr, ret = -2; break, "Invalid mntPoint config"); + SandboxMountConfig mountConfig = {0}; + AppSpawn::SandboxCommon::GetSandboxMountConfig(appProperty, "permission", mntPoint, mountConfig); + + int decPathSize = mountConfig.decPaths.size(); + EXPECT_EQ(decPathSize, DEC_PATH_SIZE); + } + EXPECT_EQ(ret, 0); + } while (0); + ret = AppSpawn::SandboxCore::DoAllMntPointsMount(appProperty, j_config, nullptr, "permission"); EXPECT_EQ(ret, 0); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_dec_04 end"; + cJSON_Delete(j_config); + DeleteAppSpawningCtx(appProperty); } /** @@ -1694,7 +1816,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_04, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_05, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_dec_05 start"; std::string mJsconfig = "{ \ \"mount-paths\": [{ \ \"src-path\": \"\", \ @@ -1703,21 +1824,33 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_05, TestSize.Level0) \"dec-paths\": [ \"/storage/Users//Download\" ] \ }] \ }"; - nlohmann::json j_config = nlohmann::json::parse(mJsconfig.c_str()); - const char *mountPath = "mount-paths"; - nlohmann::json j_secondConfig = j_config[mountPath][0]; - std::string section = "permission"; - OHOS::AppSpawn::SandboxUtils::StoreJsonConfig(j_config, SANBOX_APP_JSON_CONFIG); - OHOS::AppSpawn::SandboxUtils::SandboxMountConfig mountConfig; - AppSpawningCtx *appProperty = GetTestAppProperty(); - OHOS::AppSpawn::SandboxUtils::GetSandboxMountConfig(appProperty, section, j_secondConfig, mountConfig); - int decPathSize = mountConfig.decPaths.size(); - EXPECT_EQ(decPathSize, 1); + cJSON *j_config = cJSON_Parse(mJsconfig.c_str()); + ASSERT_NE(j_config, nullptr); + AppSpawn::SandboxCommon::StoreCJsonConfig(j_config, SandboxCommonDef::SANDBOX_APP_JSON_CONFIG); - int ret = OHOS::AppSpawn::SandboxUtils::DoAllMntPointsMount(appProperty, j_config, nullptr, "permission"); + int ret = 0; + AppSpawningCtx *appProperty = GetTestAppProperty(); + do { + cJSON *mountPoints = cJSON_GetObjectItemCaseSensitive(j_config, "mount-paths"); + APPSPAWN_CHECK(mountPoints != nullptr || cJSON_IsArray(mountPoints), ret = -1; + break, "Invalid mountPaths config"); + + for (int i = 0; i < cJSON_GetArraySize(mountPoints); ++i) { + cJSON *mntPoint = cJSON_GetArrayItem(mountPoints, i); + APPSPAWN_CHECK(mntPoint != nullptr, ret = -2; break, "Invalid mntPoint config"); + SandboxMountConfig mountConfig = {0}; + AppSpawn::SandboxCommon::GetSandboxMountConfig(appProperty, "permission", mntPoint, mountConfig); + + int decPathSize = mountConfig.decPaths.size(); + EXPECT_EQ(decPathSize, 1); + } + EXPECT_EQ(ret, 0); + } while (0); + ret = AppSpawn::SandboxCore::DoAllMntPointsMount(appProperty, j_config, nullptr, "permission"); EXPECT_EQ(ret, 0); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_dec_05 end"; + cJSON_Delete(j_config); + DeleteAppSpawningCtx(appProperty); } /** @@ -1728,24 +1861,22 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_05, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_06, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_dec_06 start"; AppSpawningCtx *appProperty = GetTestAppProperty(); - OHOS::AppSpawn::SandboxUtils::SetDecDenyWithDir(appProperty); + AppSpawn::SandboxCore::SetDecDenyWithDir(appProperty); int32_t userFileIndex = GetPermissionIndex(nullptr, "ohos.permission.READ_WRITE_USER_FILE"); ASSERT_NE(userFileIndex, 0); int ret = SetAppPermissionFlags(appProperty, userFileIndex); ASSERT_EQ(ret, 0); - OHOS::AppSpawn::SandboxUtils::SetDecDenyWithDir(appProperty); + AppSpawn::SandboxCore::SetDecDenyWithDir(appProperty); int32_t downloadIndex = GetPermissionIndex(nullptr, "ohos.permission.READ_WRITE_DOWNLOAD_DIRECTORY"); ASSERT_NE(downloadIndex, 0); ret = SetAppPermissionFlags(appProperty, downloadIndex); ASSERT_EQ(ret, 0); - OHOS::AppSpawn::SandboxUtils::SetDecDenyWithDir(appProperty); + AppSpawn::SandboxCore::SetDecDenyWithDir(appProperty); DeleteAppSpawningCtx(appProperty); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_dec_06 end"; } /** @@ -1756,7 +1887,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_dec_06, TestSize.Level0) */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_01, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_01 start"; char dataGroupInfoListStr[] = R"( { "gid": "1002", @@ -1765,10 +1895,12 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_01, TestSize.Level0 "uuid": "49c016e6-065a-abd1-5867-b1f91114f840" } )"; - nlohmann::json j_config = nlohmann::json::parse(dataGroupInfoListStr); + cJSON *j_config = cJSON_Parse(dataGroupInfoListStr); + ASSERT_NE(j_config, nullptr); bool ret = IsValidDataGroupItem(j_config); EXPECT_TRUE(ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_01 end"; + + cJSON_Delete(j_config); } /** @@ -1779,7 +1911,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_01, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_02, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_02 start"; char dataGroupInfoListStr[] = R"([ { "gid": "1002", @@ -1794,16 +1925,19 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_02, TestSize.Level0 "uuid": "49c016e6-065a-abd1-5867-b1f91114f840" } ])"; - nlohmann::json j_config = nlohmann::json::parse(dataGroupInfoListStr); + cJSON *j_config = cJSON_Parse(dataGroupInfoListStr); + ASSERT_NE(j_config, nullptr); bool ret = false; - for (auto& item : j_config) { - ret = IsValidDataGroupItem(item); - if (ret != true) { + cJSON *child = nullptr; + cJSON_ArrayForEach(child, j_config) { + ret = IsValidDataGroupItem(child); + if (!ret) { break; } } EXPECT_TRUE(ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_02 end"; + + cJSON_Delete(j_config); } /** @@ -1814,7 +1948,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_02, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_03, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_03 start"; char dataGroupInfoListStr[] = R"( { "gid": "1002", @@ -1823,10 +1956,12 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_03, TestSize.Level0 "uuid": "49c016e6-065a-abd1-5867-b1f91114f840" } )"; - nlohmann::json j_config = nlohmann::json::parse(dataGroupInfoListStr); + cJSON *j_config = cJSON_Parse(dataGroupInfoListStr); + ASSERT_NE(j_config, nullptr); bool ret = IsValidDataGroupItem(j_config); EXPECT_FALSE(ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_03 end"; + + cJSON_Delete(j_config); } /** @@ -1837,7 +1972,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_03, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_04, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_04 start"; char dataGroupInfoListStr[] = R"( { "gid": 1002, @@ -1846,10 +1980,12 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_04, TestSize.Level0 "uuid": "49c016e6-065a-abd1-5867-b1f91114f840" } )"; - nlohmann::json j_config = nlohmann::json::parse(dataGroupInfoListStr); + cJSON *j_config = cJSON_Parse(dataGroupInfoListStr); + ASSERT_NE(j_config, nullptr); bool ret = IsValidDataGroupItem(j_config); EXPECT_FALSE(ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_04 end"; + + cJSON_Delete(j_config); } /** @@ -1860,7 +1996,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_04, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_05, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_05 start"; char dataGroupInfoListStr[] = R"( { "gid": "1002", @@ -1869,10 +2004,12 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_05, TestSize.Level0 "uuid": "49c016e6-065a-abd1-5867-b1f91114f840" } )"; - nlohmann::json j_config = nlohmann::json::parse(dataGroupInfoListStr); + cJSON *j_config = cJSON_Parse(dataGroupInfoListStr); + ASSERT_NE(j_config, nullptr); bool ret = IsValidDataGroupItem(j_config); EXPECT_FALSE(ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_05 end"; + + cJSON_Delete(j_config); } /** @@ -1883,7 +2020,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_05, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_06, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_06 start"; char dataGroupInfoListStr[] = R"( { "gid": "1002", @@ -1892,10 +2028,12 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_06, TestSize.Level0 "uuid": 124 } )"; - nlohmann::json j_config = nlohmann::json::parse(dataGroupInfoListStr); + cJSON *j_config = cJSON_Parse(dataGroupInfoListStr); + ASSERT_NE(j_config, nullptr); bool ret = IsValidDataGroupItem(j_config); EXPECT_FALSE(ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_06 end"; + + cJSON_Delete(j_config); } /** @@ -1906,7 +2044,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_06, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_07, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_07 start"; char dataGroupInfoListStr[] = R"( { "gid": 1002, @@ -1915,10 +2052,12 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_07, TestSize.Level0 "uuid": "49c016e6-065a-abd1-5867-b1f91114f840" } )"; - nlohmann::json j_config = nlohmann::json::parse(dataGroupInfoListStr); + cJSON *j_config = cJSON_Parse(dataGroupInfoListStr); + ASSERT_NE(j_config, nullptr); bool ret = IsValidDataGroupItem(j_config); EXPECT_FALSE(ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_07 end"; + + cJSON_Delete(j_config); } /** @@ -1929,7 +2068,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_07, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_08, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_08 start"; char dataGroupInfoListStr[] = R"( { "gid": "1002", @@ -1938,10 +2076,12 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_08, TestSize.Level0 "uuid": "49c016e6-065a-abd1-5867-b1f91114f840" } )"; - nlohmann::json j_config = nlohmann::json::parse(dataGroupInfoListStr); + cJSON *j_config = cJSON_Parse(dataGroupInfoListStr); + ASSERT_NE(j_config, nullptr); bool ret = IsValidDataGroupItem(j_config); EXPECT_FALSE(ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_08 end"; + + cJSON_Delete(j_config); } /** @@ -1952,7 +2092,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_08, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_09, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_09 start"; char dataGroupInfoListStr[] = R"( { "gid": "1002", @@ -1961,10 +2100,12 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_09, TestSize.Level0 "uuid": 124 } )"; - nlohmann::json j_config = nlohmann::json::parse(dataGroupInfoListStr); + cJSON *j_config = cJSON_Parse(dataGroupInfoListStr); + ASSERT_NE(j_config, nullptr); bool ret = IsValidDataGroupItem(j_config); EXPECT_FALSE(ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_09 end"; + + cJSON_Delete(j_config); } /** @@ -1975,7 +2116,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_09, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_10, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_10 start"; char dataGroupInfoListStr[] = R"( { "gid": 1002, @@ -1984,10 +2124,12 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_10, TestSize.Level0 "uuid": "49c016e6-065a-abd1-5867-b1f91114f840" } )"; - nlohmann::json j_config = nlohmann::json::parse(dataGroupInfoListStr); + cJSON *j_config = cJSON_Parse(dataGroupInfoListStr); + ASSERT_NE(j_config, nullptr); bool ret = IsValidDataGroupItem(j_config); EXPECT_FALSE(ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_10 end"; + + cJSON_Delete(j_config); } /** @@ -1998,7 +2140,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_10, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_11, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_11 start"; char dataGroupInfoListStr[] = R"( { "gid": 1002, @@ -2007,10 +2148,12 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_11, TestSize.Level0 "uuid": 124 } )"; - nlohmann::json j_config = nlohmann::json::parse(dataGroupInfoListStr); + cJSON *j_config = cJSON_Parse(dataGroupInfoListStr); + ASSERT_NE(j_config, nullptr); bool ret = IsValidDataGroupItem(j_config); EXPECT_FALSE(ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_11 end"; + + cJSON_Delete(j_config); } /** @@ -2021,7 +2164,6 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_11, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_12, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_12 start"; char dataGroupInfoListStr[] = R"( { "gid": "1002", @@ -2030,10 +2172,12 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_12, TestSize.Level0 "uuid": 124 } )"; - nlohmann::json j_config = nlohmann::json::parse(dataGroupInfoListStr); + cJSON *j_config = cJSON_Parse(dataGroupInfoListStr); + ASSERT_NE(j_config, nullptr); bool ret = IsValidDataGroupItem(j_config); EXPECT_FALSE(ret); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_12 end"; + + cJSON_Delete(j_config); } /** @@ -2044,11 +2188,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_12, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_13, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_13 start"; std::string str = "/data/storage/el2/group/"; int res = GetElxInfoFromDir(str.c_str()); EXPECT_EQ(res, EL2); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_13 end"; } /** @@ -2059,11 +2201,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_13, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_14, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_14 start"; std::string str = "/data/storage/el3/group/"; int res = GetElxInfoFromDir(str.c_str()); EXPECT_EQ(res, EL3); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_14 end"; } /** @@ -2074,11 +2214,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_14, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_15, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_15 start"; std::string str = "/data/storage/el4/group/"; int res = GetElxInfoFromDir(str.c_str()); EXPECT_EQ(res, EL4); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_15 end"; } /** @@ -2089,11 +2227,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_15, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_16, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_16 start"; std::string str = "/data/storage/el5/group/"; int res = GetElxInfoFromDir(str.c_str()); EXPECT_EQ(res, EL5); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_16 end"; } /** @@ -2104,11 +2240,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_16, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_17, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_17 start"; std::string str = "/data/storage/el0/group/"; int res = GetElxInfoFromDir(str.c_str()); EXPECT_EQ(res, ELX_MAX); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_17 end"; } /** @@ -2119,11 +2253,9 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_17, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_18, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_18 start"; std::string str = "/data/storage/el6/group/"; int res = GetElxInfoFromDir(str.c_str()); EXPECT_EQ(res, ELX_MAX); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_18 end"; } /** @@ -2134,10 +2266,8 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_18, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_19, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_19 start"; int res = GetElxInfoFromDir(nullptr); EXPECT_EQ(res, ELX_MAX); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_19 end"; } /** @@ -2148,12 +2278,10 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_19, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_20, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_20 start"; const DataGroupSandboxPathTemplate *templateItem = GetDataGroupArgTemplate(EL2); ASSERT_EQ(templateItem != nullptr, 1); int res = strcmp(templateItem->elxName, "el2"); EXPECT_EQ(res, 0); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_20 end"; } /** @@ -2164,12 +2292,10 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_20, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_21, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_21 start"; const DataGroupSandboxPathTemplate *templateItem = GetDataGroupArgTemplate(EL3); ASSERT_EQ(templateItem != nullptr, 1); int res = strcmp(templateItem->elxName, "el3"); EXPECT_EQ(res, 0); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_21 end"; } /** @@ -2180,12 +2306,10 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_21, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_22, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_22 start"; const DataGroupSandboxPathTemplate *templateItem = GetDataGroupArgTemplate(EL4); ASSERT_EQ(templateItem != nullptr, 1); int res = strcmp(templateItem->elxName, "el4"); EXPECT_EQ(res, 0); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_22 end"; } /** @@ -2196,12 +2320,10 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_22, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_23, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_23 start"; const DataGroupSandboxPathTemplate *templateItem = GetDataGroupArgTemplate(EL5); ASSERT_EQ(templateItem != nullptr, 1); int res = strcmp(templateItem->elxName, "el5"); EXPECT_EQ(res, 0); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_23 end"; } /** @@ -2212,13 +2334,11 @@ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_23, TestSize.Level0 */ HWTEST_F(AppSpawnSandboxTest, App_Spawn_Sandbox_Shared_Mount_24, TestSize.Level0) { - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_24 start"; const DataGroupSandboxPathTemplate *templateItem = GetDataGroupArgTemplate(6); int res = -1; if (templateItem == nullptr) { res = 0; } EXPECT_EQ(res, 0); - GTEST_LOG_(INFO) << "App_Spawn_Sandbox_Shared_Mount_24 end"; } } // namespace OHOS -- Gitee