Lines Matching refs:sandbox
16 #include "sandbox.h"
34 #define SANDBOX_ROOT_TAG "sandbox-root"
38 #define SANDBOX_TARGET "sandbox-path"
39 #define SANDBOX_FLAGS "sandbox-flags"
45 #define SANDBOX_SYSTEM_CONFIG_FILE "etc/sandbox/system-sandbox.json"
46 #define SANDBOX_CHIPSET_CONFIG_FILE "etc/sandbox/chipset-sandbox.json"
49 #define SANDBOX_TEST_CONFIG_FILE "/data/init_ut/test-sandbox.json"
89 sandbox_t *sandbox;
96 .sandbox = &g_systemSandbox,
101 .sandbox = &g_chipsetSandbox,
107 .sandbox = &g_testSandbox,
222 typedef int (*AddInfoToSandboxCallback)(sandbox_t *sandbox, cJSON *item, const char *type);
224 static int AddMountInfoToSandbox(sandbox_t *sandbox, cJSON *item, const char *type)
226 BEGET_CHECK(sandbox != NULL && item != NULL && type != NULL, return -1);
230 BEGET_INFO_CHECK(dstPath != NULL, return 0, "Get sandbox-path is null");
232 BEGET_INFO_CHECK(obj != NULL, return 0, "Get sandbox-flags is null");
236 BEGET_INFO_CHECK(count > 0, return 0, "Get sandbox-flags array size is zero");
257 RemoveOldSandboxMountListNode(&sandbox->pathMountsHead, dstPath);
258 OH_ListAddTail(&sandbox->pathMountsHead, &tmpMount->node);
261 RemoveOldSandboxMountListNode(&sandbox->fileMountsHead, dstPath);
262 OH_ListAddTail(&sandbox->fileMountsHead, &tmpMount->node);
267 static int AddSymbolLinksToSandbox(sandbox_t *sandbox, cJSON *item, const char *type)
269 BEGET_CHECK(!(sandbox == NULL || item == NULL || type == NULL), return -1);
270 BEGET_ERROR_CHECK(strcmp(type, SANDBOX_SYMLINK_TAG) == 0, return -1, "Type is not sandbox symbolLink.");
282 RemoveOldSandboxLinkListNode(&sandbox->linksHead, tmpLink->linkName);
283 OH_ListAddTail(&sandbox->linksHead, &tmpLink->node);
287 static int GetSandboxInfo(sandbox_t *sandbox, cJSON *root, const char *itemName)
289 BEGET_ERROR_CHECK(!(sandbox == NULL || root == NULL || itemName == NULL), return -1,
290 "Get sandbox mount info with invalid argument");
292 BEGET_WARNING_CHECK(obj != NULL, return 0, "Cannot find item \' %s \' in sandbox config", itemName);
311 BEGET_ERROR_CHECK(func(sandbox, item, itemName) == 0, return -1, "Failed add info to sandbox.");
316 static int ParseSandboxConfig(cJSON *root, sandbox_t *sandbox)
318 BEGET_ERROR_CHECK(!(root == NULL || sandbox == NULL), return -1, "Invalid parameter.");
319 // sandbox rootpath must initialize according to the system configuration, and it can only be initialized once.
320 if (sandbox->rootPath == NULL) {
323 "Cannot find item \' %s \' in sandbox config", SANDBOX_ROOT_TAG);
327 sandbox->rootPath = strdup(rootdir);
328 BEGET_ERROR_CHECK(sandbox->rootPath != NULL, return -1,
329 "Get sandbox root path out of memory");
332 BEGET_ERROR_CHECK(GetSandboxInfo(sandbox, root, SANDBOX_MOUNT_PATH_TAG) == 0, return -1,
334 BEGET_ERROR_CHECK(GetSandboxInfo(sandbox, root, SANDBOX_MOUNT_FILE_TAG) == 0, return -1,
336 BEGET_ERROR_CHECK(GetSandboxInfo(sandbox, root, SANDBOX_SYMLINK_TAG) == 0, return -1,
353 static int ParseInitSandboxConfigFile(sandbox_t *sandbox, const char *sandboxConfigFile, const char *name)
361 BEGET_ERROR_CHECK(root != NULL, return -1, "Parse sandbox config \' %s \' failed", sandboxConfigFile);
362 int ret = ParseSandboxConfig(root, sandbox);
371 static void ParseInitSandboxConfigPath(sandbox_t *sandbox, const char *sandboxConfig, const char *name)
376 BEGET_LOGI("Parse sandbox cfg file is %s", files->paths[i]);
377 if (ParseInitSandboxConfigFile(sandbox, files->paths[i], name) < 0) {
385 static void InitSandbox(sandbox_t *sandbox, const char *sandboxConfig, const char *name)
387 BEGET_ERROR_CHECK(!(sandbox == NULL || sandboxConfig == NULL || name == NULL), return,
388 "Init sandbox with invalid arguments");
389 if (sandbox->isCreated) {
396 sandbox->ns = GetNamespaceFd("/proc/self/ns/mnt");
397 BEGET_ERROR_CHECK(!(sandbox->ns < 0), return, "Get sandbox namespace fd is failed");
399 BEGET_ERROR_CHECK(strcpy_s(sandbox->name, MAX_BUFFER_LEN - 1, name) == 0, return, "Failed to copy sandbox name");
400 OH_ListInit(&sandbox->pathMountsHead);
401 OH_ListInit(&sandbox->fileMountsHead);
402 OH_ListInit(&sandbox->linksHead);
405 (void)ParseInitSandboxConfigFile(sandbox, sandboxConfig, name);
407 ParseInitSandboxConfigPath(sandbox, sandboxConfig, name);
463 static bool IsValidSandbox(sandbox_t *sandbox)
465 BEGET_ERROR_CHECK(sandbox != NULL, return false, "preparing sandbox with invalid argument");
467 if (sandbox->rootPath == NULL) {
536 BEGET_ERROR_CHECK(name != NULL, return -1, "Prepare sandbox name is NULL.");
539 BEGET_ERROR_CHECK(map != NULL, return -1, "Cannot get sandbox map by name %s.", name);
540 sandbox_t *sandbox = map->sandbox;
541 BEGET_CHECK(IsValidSandbox(sandbox) == true, return -1);
542 BEGET_INFO_CHECK(sandbox->isCreated == false, return 0, "Sandbox %s already created", sandbox->name);
543 BEGET_CHECK(sandbox->rootPath != NULL, return -1);
545 BEGET_ERROR_CHECK(CheckAndMakeDir(sandbox->rootPath, mode) == 0, return -1, "Failed root %s.", sandbox->rootPath);
548 rc = BindMount(sandbox->rootPath, sandbox->rootPath, MS_BIND | MS_REC, SANDBOX_TAG_MOUNT_PATH);
552 rc = MountSandboxInfo(&sandbox->pathMountsHead, sandbox->rootPath, SANDBOX_TAG_MOUNT_PATH);
555 rc = MountSandboxInfo(&sandbox->fileMountsHead, sandbox->rootPath, SANDBOX_TAG_MOUNT_FILE);
559 rc = LinkSandboxInfo(&sandbox->linksHead, sandbox->rootPath);
562 BEGET_ERROR_CHECK(chdir(sandbox->rootPath) == 0, return -1, "Change to %s, err = %d", sandbox->rootPath, errno);
563 BEGET_ERROR_CHECK(syscall(SYS_pivot_root, sandbox->rootPath, sandbox->rootPath) == 0, return -1,
566 sandbox->isCreated = true;
574 BEGET_LOGE("Init sandbox name is NULL.");
579 InitSandbox(map->sandbox, map->configfile, name);
584 BEGET_LOGE("Cannot find sandbox with name %s.", name);
592 BEGET_LOGE("Destroy sandbox name is NULL.");
597 BEGET_LOGE("Cannot get sandbox map by name %s.", name);
600 sandbox_t *sandbox = map->sandbox;
602 BEGET_CHECK(sandbox != NULL, return);
604 if (sandbox->rootPath != NULL) {
605 free(sandbox->rootPath);
606 sandbox->rootPath = NULL;
608 OH_ListRemoveAll(&sandbox->linksHead, FreeSandboxLinkInfo);
609 OH_ListRemoveAll(&sandbox->fileMountsHead, FreeSandboxMountInfo);
610 OH_ListRemoveAll(&sandbox->pathMountsHead, FreeSandboxMountInfo);
612 if (sandbox->ns > 0) {
613 (void)close(sandbox->ns);
615 sandbox->isCreated = false;
627 BEGET_LOGE("Cannot get sandbox map by name %s.", name);
630 sandbox_t *sandbox = map->sandbox;
632 BEGET_CHECK(sandbox != NULL, return -1);
633 if (sandbox->isCreated == false) {
637 if (sandbox->ns > 0) {
638 BEGET_ERROR_CHECK(!(SetNamespace(sandbox->ns, CLONE_NEWNS) < 0), return -1,
639 "Cannot enter mount namespace for sandbox \' %s \', err=%d.", name, errno);
684 BEGET_LOGE("Init sandbox name is NULL.");
693 printf("Sandbox name: %s. \n", map->sandbox->name);
694 printf("Sandbox root path is %s. \n", map->sandbox->rootPath);
696 OH_ListTraversal(&map->sandbox->pathMountsHead, NULL, DumpSandboxMountInfo, 0);
697 OH_ListTraversal(&map->sandbox->fileMountsHead, NULL, DumpSandboxMountInfo, 0);
699 OH_ListTraversal(&map->sandbox->linksHead, NULL, DumpSandboxLinkInfo, 0);