Lines Matching refs:sandbox
114 return GetBoolParameter("const.sandbox.pidns.support", true);
151 cJSON *obj = cJSON_GetObjectItemCaseSensitive(appConfig, "sandbox-ns-flags");
208 char *dstPath = GetStringFromJsonObj(config, "sandbox-path");
245 APPSPAWN_STATIC int ParseMountPathsConfig(AppSpawnSandboxCfg *sandbox,
291 APPSPAWN_STATIC int ParseSymbolLinksConfig(AppSpawnSandboxCfg *sandbox, const cJSON *symbolLinkConfigs,
308 APPSPAWN_STATIC int ParseGidTableConfig(AppSpawnSandboxCfg *sandbox, const cJSON *configs, SandboxSection *section)
341 static int ParseMountGroupsConfig(AppSpawnSandboxCfg *sandbox, const cJSON *groupConfig, SandboxSection *section)
368 mountNode = (SandboxNameGroupNode *)GetSandboxSection(&sandbox->nameGroupsQueue, name);
400 static int ParseBaseConfig(AppSpawnSandboxCfg *sandbox, SandboxSection *section, const cJSON *configs)
405 APPSPAWN_LOGV("Parse sandbox %{public}s", section->name);
407 // "sandbox-switch": "ON", default sandbox switch is on
408 section->sandboxSwitch = GetBoolValueFromJsonObj(configs, "sandbox-switch", true);
409 // "sandbox-shared"
410 section->sandboxShared = GetBoolValueFromJsonObj(configs, "sandbox-shared", false);
415 ret = ParseGidTableConfig(sandbox, gidTabJson, section);
421 ret = ParseMountPathsConfig(sandbox, pathConfigs, section, SANDBOX_TAG_MOUNT_PATH);
427 ret = ParseMountPathsConfig(sandbox, pathConfigs, section, SANDBOX_TAG_MOUNT_FILE);
433 ret = ParseSymbolLinksConfig(sandbox, pathConfigs, section);
439 ret = ParseMountGroupsConfig(sandbox, groupConfig, section);
445 static int ParsePackageNameConfig(AppSpawnSandboxCfg *sandbox, const char *name, const cJSON *packageNameConfigs)
448 SandboxPackageNameNode *node = (SandboxPackageNameNode *)GetSandboxSection(&sandbox->packageNameQueue, name);
454 int ret = ParseBaseConfig(sandbox, &node->section, packageNameConfigs);
460 AddSandboxSection(&node->section, &sandbox->packageNameQueue);
464 static int ParseSpawnFlagsConfig(AppSpawnSandboxCfg *sandbox, const char *name, const cJSON *flagsConfig)
468 SandboxFlagsNode *node = (SandboxFlagsNode *)GetSandboxSection(&sandbox->spawnFlagsQueue, name);
475 int ret = ParseBaseConfig(sandbox, &node->section, flagsConfig);
481 AddSandboxSection(&node->section, &sandbox->spawnFlagsQueue);
485 static int ParsePermissionConfig(AppSpawnSandboxCfg *sandbox, const char *name, const cJSON *permissionConfig)
488 SandboxPermissionNode *node = (SandboxPermissionNode *)GetSandboxSection(&sandbox->permissionQueue, name);
494 int ret = ParseBaseConfig(sandbox, &node->section, permissionConfig);
500 AddSandboxSection(&node->section, &sandbox->permissionQueue);
504 static SandboxNameGroupNode *ParseNameGroup(AppSpawnSandboxCfg *sandbox, const cJSON *groupConfig)
509 SandboxNameGroupNode *node = (SandboxNameGroupNode *)GetSandboxSection(&sandbox->nameGroupsQueue, name);
529 int ret = ParseBaseConfig(sandbox, &node->section, groupConfig);
539 AddSandboxSection(&node->section, &sandbox->nameGroupsQueue);
543 static int ParseNameGroupsConfig(AppSpawnSandboxCfg *sandbox, const cJSON *root)
552 sandbox->depNodeCount = 0;
558 SandboxNameGroupNode *node = ParseNameGroup(sandbox, json);
561 sandbox->depNodeCount++;
564 APPSPAWN_LOGV("ParseNameGroupsConfig depNodeCount %{public}d", sandbox->depNodeCount);
568 static int ParseConditionalConfig(AppSpawnSandboxCfg *sandbox, const cJSON *configs, const char *configName,
569 int (*parseConfig)(AppSpawnSandboxCfg *sandbox, const char *name, const cJSON *configs))
586 ret = parseConfig(sandbox, name, json);
592 static int ParseGlobalSandboxConfig(AppSpawnSandboxCfg *sandbox, const cJSON *root)
596 sandbox->sandboxNsFlags = GetSandboxNsFlags(json);
597 char *rootPath = GetStringFromJsonObj(json, "sandbox-root");
599 if (sandbox->rootPath) {
600 free(sandbox->rootPath);
602 sandbox->rootPath = strdup(rootPath);
603 APPSPAWN_CHECK(sandbox->rootPath != NULL, return APPSPAWN_SYSTEM_ERROR, "Failed to copy root path");
604 sandbox->topSandboxSwitch = GetBoolValueFromJsonObj(json, "top-sandbox-switch", true);
617 AppSpawnSandboxCfg *sandbox = context->sandboxCfg;
618 int ret = ParseGlobalSandboxConfig(sandbox, root); // "global":
620 ret = ParseNameGroupsConfig(sandbox, root); // name-groups
630 SandboxSection *section = GetSandboxSection(&sandbox->requiredQueue, config->string);
636 ret = ParseBaseConfig(sandbox, section, config);
642 AddSandboxSection(section, &sandbox->requiredQueue);
651 ret = ParseConditionalConfig(sandbox, config, "permission", ParsePermissionConfig);
655 ret = ParseConditionalConfig(sandbox, config, "spawn-flag", ParseSpawnFlagsConfig);
659 ret = ParseConditionalConfig(sandbox, config, "package-name", ParsePackageNameConfig);
676 int LoadAppSandboxConfig(AppSpawnSandboxCfg *sandbox, RunMode mode)
678 APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return APPSPAWN_ARG_INVALID);
680 if (sandbox->depGroupNodes != NULL) {
685 context.sandboxCfg = sandbox;
686 int ret = ParseJsonConfig("etc/sandbox", sandboxName, ParseAppSandboxConfig, &context);
688 APPSPAWN_LOGW("No sandbox config");
692 sandbox->pidNamespaceSupport = AppSandboxPidNsIsSupport();
693 sandbox->appFullMountEnable = CheckAppFullMountEnable();
695 sandbox->pidNamespaceSupport, sandbox->appFullMountEnable);
697 uint32_t depNodeCount = sandbox->depNodeCount;
700 sandbox->depGroupNodes = (SandboxNameGroupNode **)calloc(1, sizeof(SandboxNameGroupNode *) * depNodeCount);
701 APPSPAWN_CHECK(sandbox->depGroupNodes != NULL, return APPSPAWN_SYSTEM_ERROR, "Failed alloc memory ");
702 sandbox->depNodeCount = 0;
703 ListNode *node = sandbox->nameGroupsQueue.front.next;
704 while (node != &sandbox->nameGroupsQueue.front) {
707 sandbox->depGroupNodes[sandbox->depNodeCount++] = groupNode;
711 APPSPAWN_LOGI("LoadAppSandboxConfig depNodeCount %{public}d", sandbox->depNodeCount);