xref: /base/startup/appspawn/modules/sandbox/sandbox_manager.c

169             APPSPAPWN_DUMP("        sandbox node source: %{public}s", pathNode->source ? pathNode->source : "null");
170             APPSPAPWN_DUMP("        sandbox node target: %{public}s", pathNode->target ? pathNode->target : "null");
172             APPSPAPWN_DUMP("        sandbox node apl: %{public}s",
174             APPSPAPWN_DUMP("        sandbox node checkErrorFlag: %{public}s",
181             APPSPAPWN_DUMP("        sandbox node target: %{public}s", linkNode->target ? linkNode->target : "null");
182             APPSPAPWN_DUMP("        sandbox node linkName: %{public}s",
184             APPSPAPWN_DUMP("        sandbox node destMode: %{public}x", linkNode->destMode);
185             APPSPAPWN_DUMP("        sandbox node checkErrorFlag: %{public}s",
363 void DeleteAppSpawnSandbox(AppSpawnSandboxCfg *sandbox)
365     APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return);
367     OH_ListRemove(&sandbox->extData.node);
368     OH_ListInit(&sandbox->extData.node);
371     SandboxQueueClear(&sandbox->requiredQueue);
372     SandboxQueueClear(&sandbox->permissionQueue);
373     SandboxQueueClear(&sandbox->packageNameQueue);
374     SandboxQueueClear(&sandbox->spawnFlagsQueue);
375     SandboxQueueClear(&sandbox->nameGroupsQueue);
376     if (sandbox->rootPath) {
377         free(sandbox->rootPath);
379     free(sandbox->depGroupNodes);
380     sandbox->depGroupNodes = NULL;
381     free(sandbox);
382     sandbox = NULL;
419     AppSpawnSandboxCfg *sandbox = (AppSpawnSandboxCfg *)data;
420     DumpAppSpawnSandboxCfg(sandbox);
431     AppSpawnSandboxCfg *sandbox = ListEntry(data, AppSpawnSandboxCfg, extData);
433     DeleteAppSpawnSandbox(sandbox);
438     // create sandbox
439     AppSpawnSandboxCfg *sandbox = (AppSpawnSandboxCfg *)calloc(1, sizeof(AppSpawnSandboxCfg));
440     APPSPAWN_CHECK(sandbox != NULL, return NULL, "Failed to create sandbox");
443     OH_ListInit(&sandbox->extData.node);
444     sandbox->extData.dataId = type;
445     sandbox->extData.freeNode = FreeAppSpawnSandbox;
446     sandbox->extData.dumpNode = DumpSandbox;
449     InitSandboxQueue(&sandbox->requiredQueue, SANDBOX_TAG_REQUIRED);
450     InitSandboxQueue(&sandbox->permissionQueue, SANDBOX_TAG_PERMISSION);
451     InitSandboxQueue(&sandbox->packageNameQueue, SANDBOX_TAG_PACKAGE_NAME);
452     InitSandboxQueue(&sandbox->spawnFlagsQueue, SANDBOX_TAG_SPAWN_FLAGS);
453     InitSandboxQueue(&sandbox->nameGroupsQueue, SANDBOX_TAG_NAME_GROUP);
455     sandbox->topSandboxSwitch = 0;
456     sandbox->appFullMountEnable = 0;
457     sandbox->topSandboxSwitch = 0;
458     sandbox->pidNamespaceSupport = 0;
459     sandbox->sandboxNsFlags = 0;
460     sandbox->maxPermissionIndex = -1;
461     sandbox->depNodeCount = 0;
462     sandbox->depGroupNodes = NULL;
466     return sandbox;
469 void DumpAppSpawnSandboxCfg(AppSpawnSandboxCfg *sandbox)
471     APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return);
472     APPSPAPWN_DUMP("Sandbox root path: %{public}s", sandbox->rootPath);
473     APPSPAPWN_DUMP("Sandbox sandboxNsFlags: %{public}x ", sandbox->sandboxNsFlags);
474     APPSPAPWN_DUMP("Sandbox topSandboxSwitch: %{public}s", sandbox->topSandboxSwitch ? "true" : "false");
475     APPSPAPWN_DUMP("Sandbox appFullMountEnable: %{public}s", sandbox->appFullMountEnable ? "true" : "false");
476     APPSPAPWN_DUMP("Sandbox pidNamespaceSupport: %{public}s", sandbox->pidNamespaceSupport ? "true" : "false");
478     DumpSandboxQueue(&sandbox->requiredQueue.front, DumpSandboxSectionNode);
479     DumpSandboxQueue(&sandbox->packageNameQueue.front, DumpSandboxSectionNode);
480     DumpSandboxQueue(&sandbox->permissionQueue.front, DumpSandboxPermission);
481     DumpSandboxQueue(&sandbox->spawnFlagsQueue.front, DumpSandboxSectionNode);
482     DumpSandboxQueue(&sandbox->nameGroupsQueue.front, DumpSandboxNameGroupNode);
491     AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, EXT_DATA_ISOLATED_SANDBOX);
492     APPSPAWN_CHECK(sandbox == NULL, return 0, "Isolated sandbox has been load");
494     sandbox = CreateAppSpawnSandbox(EXT_DATA_ISOLATED_SANDBOX);
495     APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return APPSPAWN_SYSTEM_ERROR);
496     OH_ListAddTail(&content->extData, &sandbox->extData.node);
498     // load app sandbox config
499     LoadAppSandboxConfig(sandbox, MODE_FOR_NATIVE_SPAWN);
500     sandbox->maxPermissionIndex = PermissionRenumber(&sandbox->permissionQueue);
503     if (sandbox->pidNamespaceSupport) {
504         content->content.sandboxNsFlags = sandbox->sandboxNsFlags;
511     AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, EXT_DATA_SANDBOX);
512     APPSPAWN_CHECK(sandbox == NULL, return 0, "Sandbox has been load");
514     sandbox = CreateAppSpawnSandbox(EXT_DATA_SANDBOX);
515     APPSPAWN_CHECK_ONLY_EXPER(sandbox != NULL, return APPSPAWN_SYSTEM_ERROR);
516     OH_ListAddTail(&content->extData, &sandbox->extData.node);
518     // load app sandbox config
519     LoadAppSandboxConfig(sandbox, content->content.mode);
520     sandbox->maxPermissionIndex = PermissionRenumber(&sandbox->permissionQueue);
523     if (IsNWebSpawnMode(content) || sandbox->pidNamespaceSupport) {
524         content->content.sandboxNsFlags = sandbox->sandboxNsFlags;
531     AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, EXT_DATA_ISOLATED_SANDBOX);
532     APPSPAWN_CHECK(sandbox != NULL, return 0, "Isolated sandbox not load");
539     AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, EXT_DATA_SANDBOX);
540     APPSPAWN_CHECK(sandbox != NULL, return 0, "Sandbox not load");
550     APPSPAWN_CHECK(appSandbox != NULL, return -1, "Failed to get sandbox for %{public}s", GetProcessName(property));
551     // no sandbox
565     // for module test do not create sandbox, use APP_FLAGS_IGNORE_SANDBOX to ignore sandbox result
567         APPSPAWN_LOGW("Do not care sandbox result %{public}d", ret);
573 static int AppendPermissionGid(const AppSpawnSandboxCfg *sandbox, AppSpawningCtx *property)
580     ListNode *node = sandbox->permissionQueue.front.next;
581     while (node != &sandbox->permissionQueue.front) {
614 static int AppendPackageNameGids(const AppSpawnSandboxCfg *sandbox, AppSpawningCtx *property)
621         (SandboxPackageNameNode *)GetSandboxSection(&sandbox->packageNameQueue, GetProcessName(property));
650     APPSPAWN_LOGV("Prepare sandbox config %{public}s", GetProcessName(property));
653     AppSpawnSandboxCfg *sandbox = GetAppSpawnSandbox(content, type);
654     APPSPAWN_CHECK(sandbox != NULL, return -1, "Failed to get sandbox for %{public}s", GetProcessName(property));
657     if (sandbox->appFullMountEnable) {
658         index = GetPermissionIndexInQueue(&sandbox->permissionQueue, FILE_CROSS_APP_MODE);
660         index = GetPermissionIndexInQueue(&sandbox->permissionQueue, FILE_ACCESS_COMMON_DIR_MODE);
663     int32_t fileMgrIndex = GetPermissionIndexInQueue(&sandbox->permissionQueue, FILE_ACCESS_MANAGER_MODE);
670     int ret = AppendPermissionGid(sandbox, property);
672     ret = AppendPackageNameGids(sandbox, property);
674     ret = StagedMountSystemConst(sandbox, property, IsNWebSpawnMode(content));
683     AppSpawnSandboxCfg *sandbox = NULL;
686         sandbox = GetAppSpawnSandbox(content, EXT_DATA_ISOLATED_SANDBOX);
688         sandbox = GetAppSpawnSandbox(content, EXT_DATA_SANDBOX);
690     return UnmountDepPaths(sandbox, appInfo->uid);
696     APPSPAWN_LOGV("Load sandbox module ...");

Indexes created Thu Nov 07 10:32:03 CST 2024