From e4a03e85e950671a064acc49437f2c4d72150fa7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=A8=E6=B5=A9?= Date: Wed, 23 Jul 2025 10:16:34 +0800 Subject: [PATCH] add fowner MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 杨浩 --- interfaces/innerkits/include/appspawn.h | 1 + .../innerkits/permission/appspawn_mount_permission.c | 9 +++++++++ modules/common/appspawn_common.c | 4 ++++ 3 files changed, 14 insertions(+) diff --git a/interfaces/innerkits/include/appspawn.h b/interfaces/innerkits/include/appspawn.h index 8a53fdc7..a1c7a0f5 100644 --- a/interfaces/innerkits/include/appspawn.h +++ b/interfaces/innerkits/include/appspawn.h @@ -201,6 +201,7 @@ typedef enum { APP_FLAGS_PRE_INSTALLED_HAP = 29, APP_FLAGS_GET_ALL_PROCESSES = 30, APP_FLAGS_CUSTOM_SANDBOX = 31, + APP_FLAGS_SET_CAPS_FOWNER, APP_FLAGS_ALLOW_IOURING = 33, APP_FLAGS_UNLOCKED_STATUS = 34, MAX_FLAGS_INDEX = 63, diff --git a/interfaces/innerkits/permission/appspawn_mount_permission.c b/interfaces/innerkits/permission/appspawn_mount_permission.c index dfa39914..ed04c48c 100644 --- a/interfaces/innerkits/permission/appspawn_mount_permission.c +++ b/interfaces/innerkits/permission/appspawn_mount_permission.c @@ -26,6 +26,11 @@ #include "json_utils.h" #include "securec.h" +static const char *g_staticPermission[] = { + "ohos.permission.FOWNER", + "ohos.permission.ALLOW_IOURING" +}; + typedef struct TagParseJsonContext { SandboxQueue permissionQueue; int32_t maxPermissionIndex; @@ -107,6 +112,10 @@ static int LoadPermissionConfig(PermissionManager *mgr) (void)ParseJsonConfig("etc/sandbox", mgr->type == CLIENT_FOR_APPSPAWN ? APP_SANDBOX_FILE_NAME : RENDER_SANDBOX_FILE_NAME, ParseAppSandboxConfig, mgr); + size_t count = sizeof(g_staticPermission) / sizeof(g_staticPermission[0]); + for (size_t i = 0; i < count; i++) { + AddSandboxPermissionNode(g_staticPermission[i], &mgr->permissionQueue); + } mgr->maxPermissionIndex = PermissionRenumber(&mgr->permissionQueue); return 0; } diff --git a/modules/common/appspawn_common.c b/modules/common/appspawn_common.c index 06565357..b3820bed 100644 --- a/modules/common/appspawn_common.c +++ b/modules/common/appspawn_common.c @@ -173,6 +173,10 @@ APPSPAWN_STATIC int SetCapabilities(const AppSpawnMgr *content, const AppSpawnin baseCaps = CAP_TO_MASK(CAP_DAC_OVERRIDE) | CAP_TO_MASK(CAP_DAC_READ_SEARCH) | CAP_TO_MASK(CAP_FOWNER) | CAP_TO_MASK(CAP_KILL); } +#else + if (IsAppSpawnMode(content)) { + baseCaps = CheckAppMsgFlagsSet(property, APP_FLAGS_SET_CAPS_FOWNER) ? (1 << CAP_FOWNER) : 0; + } #endif const uint64_t inheriTable = baseCaps; const uint64_t permitted = baseCaps; -- Gitee