xref: /base/startup/appspawn/modules/sandbox/sandbox_load.c

205 static PathMountNode *DecodeMountPathConfig(const SandboxSection *section, const cJSON *config, uint32_t type)
213     PathMountNode *tmp = GetPathMountNode(section, type, srcPath, dstPath);
246     const cJSON *mountConfigs, SandboxSection *section, uint32_t type)
256         PathMountNode *sandboxNode = DecodeMountPathConfig(section, mntJson, type);
258         AddSandboxMountNode(&sandboxNode->sandboxNode, section);
263 static SymbolLinkNode *DecodeSymbolLinksConfig(const SandboxSection *section, const cJSON *config)
271     SymbolLinkNode *tmp = GetSymbolLinkNode(section, target, linkName);
292     SandboxSection *section)
301         SymbolLinkNode *node = DecodeSymbolLinksConfig(section, symConfig);
303         AddSandboxMountNode(&node->sandboxNode, section);
308 APPSPAWN_STATIC int ParseGidTableConfig(AppSpawnSandboxCfg *sandbox, const cJSON *configs, SandboxSection *section)
316     if (section->gidTable) {
317         free(section->gidTable);
318         section->gidTable = NULL;
319         section->gidCount = 0;
321     section->gidTable = (gid_t *)calloc(1, sizeof(gid_t) * arrayLen);
322     APPSPAWN_CHECK(section->gidTable != NULL, return APPSPAWN_SYSTEM_ERROR, "Failed to alloc memory.");
336         section->gidTable[section->gidCount++] = gid;
341 static int ParseMountGroupsConfig(AppSpawnSandboxCfg *sandbox, const cJSON *groupConfig, SandboxSection *section)
344         return APPSPAWN_SANDBOX_INVALID, "Invalid mount-groups config %{public}s", section->name);
348     APPSPAWN_LOGV("mount-group in section %{public}s  %{public}u", section->name, count);
350     count += section->number;
356     for (j = 0; j < section->number; j++) { // copy old
357         if (section->nameGroups[j] == NULL) {
360         nameGroups[number++] = section->nameGroups[j];
374         if (strcmp(section->name, "system-const") == 0 && mountNode->destType != SANDBOX_TAG_SYSTEM_CONST) {
379         for (j = 0; j < section->number; j++) {
380             if (section->nameGroups[j] != NULL && section->nameGroups[j] == (SandboxMountNode *)mountNode) {
385         if (j < section->number) {
389         APPSPAWN_LOGV("Name-group %{public}d %{public}s set", section->number, name);
391     if (section->nameGroups != NULL) {
392         free(section->nameGroups);
394     section->nameGroups = nameGroups;
395     section->number = number;
396     APPSPAWN_LOGV("mount-group in section %{public}s  %{public}u", section->name, section->number);
400 static int ParseBaseConfig(AppSpawnSandboxCfg *sandbox, SandboxSection *section, const cJSON *configs)
404         return APPSPAWN_SANDBOX_INVALID, "Invalid config %{public}s", section->name);
405     APPSPAWN_LOGV("Parse sandbox %{public}s", section->name);
408     section->sandboxSwitch = GetBoolValueFromJsonObj(configs, "sandbox-switch", true);
410     section->sandboxShared = GetBoolValueFromJsonObj(configs, "sandbox-shared", false);
415         ret = ParseGidTableConfig(sandbox, gidTabJson, section);
416         APPSPAWN_CHECK(ret == 0, return ret, "Parse gids for %{public}s", section->name);
421         ret = ParseMountPathsConfig(sandbox, pathConfigs, section, SANDBOX_TAG_MOUNT_PATH);
422         APPSPAWN_CHECK(ret == 0, return ret, "Parse mount-paths for %{public}s", section->name);
427         ret = ParseMountPathsConfig(sandbox, pathConfigs, section, SANDBOX_TAG_MOUNT_FILE);
428         APPSPAWN_CHECK(ret == 0, return ret, "Parse mount-paths for %{public}s", section->name);
433         ret = ParseSymbolLinksConfig(sandbox, pathConfigs, section);
434         APPSPAWN_CHECK(ret == 0, return ret, "Parse symbol-links for %{public}s", section->name);
439         ret = ParseMountGroupsConfig(sandbox, groupConfig, section);
440         APPSPAWN_CHECK(ret == 0, return ret, "Parse mount-groups for %{public}s", section->name);
454     int ret = ParseBaseConfig(sandbox, &node->section, packageNameConfigs);
459     // success, insert section
460     AddSandboxSection(&node->section, &sandbox->packageNameQueue);
475     int ret = ParseBaseConfig(sandbox, &node->section, flagsConfig);
480     // success, insert section
481     AddSandboxSection(&node->section, &sandbox->spawnFlagsQueue);
494     int ret = ParseBaseConfig(sandbox, &node->section, permissionConfig);
499     // success, insert section
500     AddSandboxSection(&node->section, &sandbox->permissionQueue);
529     int ret = ParseBaseConfig(sandbox, &node->section, groupConfig);
538     // success, insert section
539     AddSandboxSection(&node->section, &sandbox->nameGroupsQueue);
630             SandboxSection *section = GetSandboxSection(&sandbox->requiredQueue, config->string);
631             if (section == NULL) {
632                 section = CreateSandboxSection(config->string, sizeof(SandboxSection), SANDBOX_TAG_REQUIRED);
634             APPSPAWN_CHECK_ONLY_EXPER(section != NULL, return -1);
636             ret = ParseBaseConfig(sandbox, section, config);
638                 DeleteSandboxSection(section);
641             // success, insert section
642             AddSandboxSection(section, &sandbox->requiredQueue);

Indexes created Thu Nov 07 10:32:03 CST 2024