Lines Matching defs:context
57 static inline bool CheckSpawningMsgFlagSet(const SandboxContext *context, uint32_t index)
59 APPSPAWN_CHECK(context->message != NULL, return false, "Invalid property for type %{public}u", TLV_MSG_FLAGS);
60 return CheckAppSpawnMsgFlag(context->message, TLV_MSG_FLAGS, index);
63 APPSPAWN_STATIC inline bool CheckSpawningPermissionFlagSet(const SandboxContext *context, uint32_t index)
65 APPSPAWN_CHECK(context != NULL && context->message != NULL,
67 return CheckAppSpawnMsgFlag(context->message, TLV_PERMISSION, index);
155 SandboxContext *context = calloc(1, MAX_SANDBOX_BUFFER * MAX_BUFFER + sizeof(SandboxContext));
156 APPSPAWN_CHECK(context != NULL, return NULL, "Failed to get mem");
157 char *buffer = (char *)(context + 1);
159 context->buffer[i].bufferLen = MAX_SANDBOX_BUFFER;
160 context->buffer[i].current = 0;
161 context->buffer[i].buffer = buffer + MAX_SANDBOX_BUFFER * i;
163 context->bundleName = NULL;
164 context->bundleHasWps = 0;
165 context->dlpBundle = 0;
166 context->appFullMountEnable = 0;
167 context->sandboxSwitch = 1;
168 context->sandboxShared = false;
169 context->message = NULL;
170 context->rootPath = NULL;
171 g_sandboxContext = context;
176 void DeleteSandboxContext(SandboxContext *context)
178 APPSPAWN_CHECK_ONLY_EXPER(context != NULL, return);
179 if (context->rootPath) {
180 free(context->rootPath);
181 context->rootPath = NULL;
183 if (context == g_sandboxContext) {
186 free(context);
189 static int InitSandboxContext(SandboxContext *context,
195 context->nwebspawn = nwebspawn;
196 context->bundleName = GetBundleName(property);
197 context->bundleHasWps = strstr(context->bundleName, "wps") != NULL;
198 context->dlpBundle = strcmp(GetProcessName(property), "com.ohos.dlpmanager") == 0;
199 context->appFullMountEnable = sandbox->appFullMountEnable;
201 context->sandboxSwitch = 1;
202 context->sandboxShared = false;
204 &sandbox->packageNameQueue, context->bundleName);
206 context->sandboxShared = packageNode->section.sandboxShared;
208 context->message = property->message;
210 context->sandboxNsFlags = CLONE_NEWNS;
211 if ((CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_SANDBOX) && !IsDeveloperModeOpen()) ||
212 CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_NETWORK)) {
213 context->sandboxNsFlags |= sandbox->sandboxNsFlags & CLONE_NEWNET ? CLONE_NEWNET : 0;
222 context->sandboxShared = permissionNode->section.sandboxShared;
227 const char *rootPath = GetSandboxRealVar(context, BUFFER_FOR_SOURCE, sandbox->rootPath, NULL, NULL);
229 context->rootPath = strdup(rootPath);
231 if (context->rootPath == NULL) {
232 DeleteSandboxContext(context);
238 static VarExtraData *GetVarExtraData(const SandboxContext *context, const SandboxSection *section)
250 static uint32_t GetMountArgs(const SandboxContext *context,
265 APPSPAWN_STATIC int CheckSandboxMountNode(const SandboxContext *context,
274 if (context->bundleHasWps &&
284 AppSpawnMsgDomainInfo *msgDomainInfo = (AppSpawnMsgDomainInfo *)GetSpawningMsgInfo(context, TLV_DOMAIN_INFO);
295 static int32_t SandboxMountFusePath(const SandboxContext *context, const MountArg *args)
297 AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSpawningMsgInfo(context, TLV_DAC_INFO);
299 "No tlv %{public}d in msg %{public}s", TLV_DAC_INFO, context->bundleName);
311 "context=\"u:object_r:dlp_fuse_file:s0\","
351 APPSPAWN_STATIC void CreateDemandSrc(const SandboxContext *context, const PathMountNode *sandboxNode,
358 AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSpawningMsgInfo(context, TLV_DAC_INFO);
360 "No tlv %{public}d in msg %{public}s", TLV_DAC_INFO, context->bundleName);
377 APPSPAWN_STATIC const char *GetRealSrcPath(const SandboxContext *context, const char *source, VarExtraData *extraData)
380 extraData->variablePackageName = (char *)context->bundleName;
381 const char *originPath = GetSandboxRealVar(context, BUFFER_FOR_SOURCE, source, NULL, extraData);
385 if (hasPackageName && CheckSpawningMsgFlagSet(context, APP_FLAGS_ATOMIC_SERVICE)) {
386 MakeAtomicServiceDir(context, originPath);
392 static int32_t SetMountArgsOption(const SandboxContext *context, uint32_t category, uint32_t operation, MountArg *args)
398 AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSpawningMsgInfo(context, TLV_DAC_INFO);
415 static int DoSandboxMountByCategory(const SandboxContext *context, const PathMountNode *sandboxNode,
419 uint32_t category = GetMountArgs(context, sandboxNode, operation, args);
422 ret = SetMountArgsOption(context, category, operation, args);
429 ret = SandboxMountFusePath(context, args);
436 static int DoSandboxPathNodeMount(const SandboxContext *context,
439 if (CheckSandboxMountNode(context, section, sandboxNode, operation) == 0) {
444 uint32_t category = GetMountArgs(context, sandboxNode, operation, &args);
445 VarExtraData *extraData = GetVarExtraData(context, section);
446 args.originPath = GetRealSrcPath(context, sandboxNode->source, extraData);
452 args.destinationPath = GetSandboxRealVar(context, BUFFER_FOR_TARGET, sandboxNode->target, NULL, extraData);
454 args.destinationPath = GetSandboxRealVar(context,
455 BUFFER_FOR_TARGET, sandboxNode->target, context->rootPath, extraData);
467 CreateDemandSrc(context, sandboxNode, &args);
474 ret = DoSandboxMountByCategory(context, sandboxNode, &args, operation);
483 static int DoSandboxPathSymLink(const SandboxContext *context,
492 const char *target = GetSandboxRealVar(context, BUFFER_FOR_SOURCE, sandboxNode->target, NULL, NULL);
493 const char *linkName = GetSandboxRealVar(context, BUFFER_FOR_TARGET,
494 sandboxNode->linkName, context->rootPath, NULL);
514 static int DoSandboxNodeMount(const SandboxContext *context, const SandboxSection *section, uint32_t operation)
523 ret = DoSandboxPathNodeMount(context, section, (PathMountNode *)sandboxNode, operation);
529 ret = DoSandboxPathSymLink(context, section, (SymbolLinkNode *)sandboxNode);
612 static void MountDirToShared(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
618 AppSpawnMsgDacInfo *info = (AppSpawnMsgDacInfo *)GetSpawningMsgInfo(context, TLV_DAC_INFO);
619 if (info == NULL || context->bundleName == NULL) {
625 if (IsUnlockStatus(info->uid, context->bundleName, strlen(context->bundleName))) {
632 MountDir(info, context->bundleName, rootPath, MOUNT_SHARED_MAP[i].sandboxPath);
636 if (CheckSpawningPermissionFlagSet(context, index)) {
637 MountDir(info, context->bundleName, rootPath, MOUNT_SHARED_MAP[i].sandboxPath);
643 if (CheckSpawningMsgFlagSet(context, APP_FLAGS_ISOLATED_SANDBOX_TYPE) != 0) {
645 rootPath, info->uid / UID_BASE, context->bundleName);
648 rootPath, info->uid / UID_BASE, context->bundleName);
658 static int UpdateMountPathDepsPath(const SandboxContext *context, SandboxNameGroupNode *groupNode)
661 const char *srcPath = GetSandboxRealVar(context, BUFFER_FOR_SOURCE, depNode->source, NULL, NULL);
662 const char *sandboxPath = GetSandboxRealVar(context, BUFFER_FOR_TARGET, depNode->target, NULL, NULL);
686 static bool CheckAndCreateDepPath(const SandboxContext *context, const SandboxNameGroupNode *groupNode)
694 VarExtraData *extraData = GetVarExtraData(context, &groupNode->section);
695 const char *srcPath = GetSandboxRealVar(context, BUFFER_FOR_SOURCE, mountNode->source, NULL, extraData);
709 static int MountSandboxConfig(const SandboxContext *context,
715 if (context->sandboxSwitch && sandbox->topSandboxSwitch) {
719 int ret = DoSandboxNodeMount(context, section, operation);
721 "Mount sandbox config fail result: %{public}d, app: %{public}s", ret, context->bundleName);
736 ret = DoSandboxNodeMount(context, &groupNode->section, operation);
743 static int SetExpandSandboxConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox)
745 int ret = ProcessExpandAppSandboxConfig(context, sandbox, "HspList");
747 "Set HspList config fail result: %{public}d, app: %{public}s", ret, context->bundleName);
748 ret = ProcessExpandAppSandboxConfig(context, sandbox, "DataGroup");
750 "Set DataGroup config fail result: %{public}d, app: %{public}s", ret, context->bundleName);
753 AppSpawnMsgDomainInfo *msgDomainInfo = (AppSpawnMsgDomainInfo *)GetSpawningMsgInfo(context, TLV_DOMAIN_INFO);
758 if (mountDestBundlePath || (CheckSpawningMsgFlagSet(context, APP_FLAGS_ACCESS_BUNDLE_DIR) != 0)) {
760 const char *destBundlesPath = GetSandboxRealVar(context,
761 BUFFER_FOR_TARGET, "/data/bundles/", context->rootPath, NULL);
770 static int SetSandboxPackageNameConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox)
773 (SandboxPackageNameNode *)GetSandboxSection(&sandbox->packageNameQueue, context->bundleName);
775 int ret = MountSandboxConfig(context, sandbox, &sandboxNode->section, MOUNT_PATH_OP_NONE);
781 static int SetSandboxSpawnFlagsConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox)
787 if (sandboxNode->flagIndex == 0 || !CheckSpawningMsgFlagSet(context, sandboxNode->flagIndex)) {
792 int ret = MountSandboxConfig(context, sandbox, &sandboxNode->section, MOUNT_PATH_OP_NONE);
799 static int SetSandboxPermissionConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox)
805 if (!CheckSpawningPermissionFlagSet(context, permissionNode->permissionIndex)) {
812 int ret = MountSandboxConfig(context, sandbox, &permissionNode->section, MOUNT_PATH_OP_NONE);
819 static int SetOverlayAppSandboxConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox)
821 if (!CheckSpawningMsgFlagSet(context, APP_FLAGS_OVERLAY)) {
824 int ret = ProcessExpandAppSandboxConfig(context, sandbox, "Overlay");
829 static int SetBundleResourceSandboxConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox)
831 if (!CheckSpawningMsgFlagSet(context, APP_FLAGS_BUNDLE_RESOURCES)) {
834 const char *destPath = GetSandboxRealVar(context,
835 BUFFER_FOR_TARGET, "/data/storage/bundle_resources/", context->rootPath, NULL);
844 static int32_t ChangeCurrentDir(const SandboxContext *context)
847 ret = chdir(context->rootPath);
850 context->bundleName, context->rootPath, errno);
852 if (context->sandboxShared) {
853 ret = chroot(context->rootPath);
855 "chroot failed, path: %{public}s errno: %{public}d", context->rootPath, errno);
858 ret = syscall(SYS_pivot_root, context->rootPath, context->rootPath);
860 "pivot root failed, path: %{public}s errno: %{public}d", context->rootPath, errno);
863 "MNT_DETACH failed, path: %{public}s errno: %{public}d", context->rootPath, errno);
864 APPSPAWN_LOGV("ChangeCurrentDir %{public}s ", context->rootPath);
869 const SandboxContext *context, const AppSpawnSandboxCfg *sandbox, bool remountProc)
871 APPSPAWN_LOGV("SandboxRootFolderCreateNoShare %{public}s ", context->rootPath);
874 "set propagation slave failed, app: %{public}s errno: %{public}d", context->rootPath, errno);
876 MountArg arg = {context->rootPath, context->rootPath, NULL, BASIC_MOUNT_FLAGS, NULL, MS_SLAVE};
879 "mount path failed, app: %{public}s errno: %{public}d", context->rootPath, ret);
883 static int SandboxRootFolderCreate(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox)
886 sandbox->topSandboxSwitch, context->sandboxSwitch, context->sandboxShared);
889 if (sandbox->topSandboxSwitch == 0 || context->sandboxSwitch == 0) {
892 "set propagation slave failed, app: %{public}s errno: %{public}d", context->rootPath, errno);
895 ret = mount("/", context->rootPath, NULL, BASIC_MOUNT_FLAGS, NULL);
897 "mount bind / failed, app: %{public}s errno: %{public}d", context->rootPath, errno);
898 } else if (!context->sandboxShared) {
899 bool remountProc = !context->nwebspawn && ((sandbox->sandboxNsFlags & CLONE_NEWPID) == CLONE_NEWPID);
900 ret = SandboxRootFolderCreateNoShare(context, sandbox, remountProc);
949 APPSPAWN_CHECK(sandbox != NULL, return -1, "Invalid sandbox or context");
969 APPSPAWN_CHECK(sandbox != NULL, return -1, "Invalid sandbox or context");
1035 SandboxContext *context = GetSandboxContext();
1036 APPSPAWN_CHECK_ONLY_EXPER(context != NULL, return APPSPAWN_SYSTEM_ERROR);
1037 int ret = InitSandboxContext(context, sandbox, property, nwebspawn);
1040 if (IsSandboxMounted(sandbox, "system-const", context->rootPath) && IsADFPermission(sandbox, property) != true) {
1041 APPSPAWN_LOGV("Sandbox system-const %{public}s has been mount", context->rootPath);
1042 DeleteSandboxContext(context);
1046 APPSPAWN_LOGV("Set sandbox system-const %{public}s", context->rootPath);
1051 ret = MountSandboxConfig(context, sandbox, section, operation);
1053 SetSandboxMounted(sandbox, "system-const", context->rootPath);
1054 DeleteSandboxContext(context);
1058 static int MountDepGroups(const SandboxContext *context, SandboxNameGroupNode *groupNode)
1076 ret = UpdateMountPathDepsPath(context, groupNode);
1079 if (groupNode->depMode == MOUNT_MODE_NOT_EXIST && CheckAndCreateDepPath(context, groupNode)) {
1086 ret = DoSandboxPathNodeMount(context, &groupNode->section, groupNode->depNode, operation);
1093 static int SetSystemConstDepGroups(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
1106 ret = MountDepGroups(context, groupNode);
1112 static int SetAppVariableDepGroups(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
1125 ret = MountDepGroups(context, groupNode);
1131 static int SetSpawnFlagsDepGroups(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
1138 if (sandboxNode->flagIndex == 0 || !CheckSpawningMsgFlagSet(context, sandboxNode->flagIndex)) {
1153 ret = MountDepGroups(context, groupNode);
1161 static int SetPackageNameDepGroups(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
1164 (SandboxPackageNameNode *)GetSandboxSection(&sandbox->packageNameQueue, context->bundleName);
1175 ret = MountDepGroups(context, groupNode);
1181 static int SetPermissionDepGroups(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
1188 if (!CheckSpawningPermissionFlagSet(context, permissionNode->permissionIndex)) {
1203 ret = MountDepGroups(context, groupNode);
1212 static int StagedDepGroupMounts(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
1214 int ret = SetSystemConstDepGroups(context, sandbox);
1217 ret = SetAppVariableDepGroups(context, sandbox);
1220 ret = SetSpawnFlagsDepGroups(context, sandbox);
1223 ret = SetPackageNameDepGroups(context, sandbox);
1226 ret = SetPermissionDepGroups(context, sandbox);
1232 int StagedMountPreUnShare(const SandboxContext *context, AppSpawnSandboxCfg *sandbox)
1234 APPSPAWN_CHECK(sandbox != NULL && context != NULL, return -1, "Invalid sandbox or context");
1237 MountDirToShared(context, sandbox);
1238 int ret = StagedDepGroupMounts(context, sandbox);
1243 static int SetAppVariableConfig(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox)
1266 ret = MountSandboxConfig(context, sandbox, section, operation);
1268 "Set app-variable config fail result: %{public}d, app: %{public}s", ret, context->bundleName);
1272 int StagedMountPostUnshare(const SandboxContext *context, const AppSpawnSandboxCfg *sandbox)
1274 APPSPAWN_CHECK(sandbox != NULL && context != NULL, return -1, "Invalid sandbox or context");
1277 int ret = SetAppVariableConfig(context, sandbox);
1279 if (!context->nwebspawn) {
1280 ret = SetExpandSandboxConfig(context, sandbox);
1284 ret = SetSandboxSpawnFlagsConfig(context, sandbox);
1287 ret = SetSandboxPackageNameConfig(context, sandbox);
1290 ret = SetSandboxPermissionConfig(context, sandbox);
1296 static void MountDevShmPath(SandboxContext *context)
1299 int ret = strcpy_s(sandboxDevShmPath, sizeof(sandboxDevShmPath), context->rootPath);
1315 SandboxContext *context = GetSandboxContext();
1316 APPSPAWN_CHECK_ONLY_EXPER(context != NULL, return APPSPAWN_SYSTEM_ERROR);
1317 int ret = InitSandboxContext(context, sandbox, property, nwebspawn);
1321 context->rootPath, context->sandboxNsFlags);
1323 ret = StagedMountPreUnShare(context, sandbox);
1326 CreateSandboxDir(context->rootPath, FILE_MODE);
1328 ret = unshare(context->sandboxNsFlags);
1330 "unshare failed, app: %{public}s errno: %{public}d", context->bundleName, errno);
1331 if ((context->sandboxNsFlags & CLONE_NEWNET) == CLONE_NEWNET) {
1336 ret = SandboxRootFolderCreate(context, sandbox);
1339 ret = StagedMountPostUnshare(context, sandbox);
1342 ret = SetOverlayAppSandboxConfig(context, sandbox);
1344 ret = SetBundleResourceSandboxConfig(context, sandbox);
1348 MountDevShmPath(context);
1350 ret = ChangeCurrentDir(context);
1355 APPSPAWN_LOGV("Change root dir success %{public}s ", context->rootPath);
1357 DeleteSandboxContext(context);