169570cc8Sopenharmony_ci/*
269570cc8Sopenharmony_ci * Copyright (C) 2022-2023 Huawei Device Co., Ltd.
369570cc8Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License");
469570cc8Sopenharmony_ci * you may not use this file except in compliance with the License.
569570cc8Sopenharmony_ci * You may obtain a copy of the License at
669570cc8Sopenharmony_ci *
769570cc8Sopenharmony_ci *     http://www.apache.org/licenses/LICENSE-2.0
869570cc8Sopenharmony_ci *
969570cc8Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software
1069570cc8Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS,
1169570cc8Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1269570cc8Sopenharmony_ci * See the License for the specific language governing permissions and
1369570cc8Sopenharmony_ci * limitations under the License.
1469570cc8Sopenharmony_ci */
1569570cc8Sopenharmony_ci
1669570cc8Sopenharmony_ci#ifndef SANDBOX_UTILS_H
1769570cc8Sopenharmony_ci#define SANDBOX_UTILS_H
1869570cc8Sopenharmony_ci
1969570cc8Sopenharmony_ci#include <set>
2069570cc8Sopenharmony_ci#include <string>
2169570cc8Sopenharmony_ci#include <sys/mount.h>
2269570cc8Sopenharmony_ci#include <sys/types.h>
2369570cc8Sopenharmony_ci#include <vector>
2469570cc8Sopenharmony_ci
2569570cc8Sopenharmony_ci#include "nlohmann/json.hpp"
2669570cc8Sopenharmony_ci#include "appspawn_server.h"
2769570cc8Sopenharmony_ci#include "appspawn_manager.h"
2869570cc8Sopenharmony_ci
2969570cc8Sopenharmony_citypedef enum {
3069570cc8Sopenharmony_ci    SANBOX_APP_JSON_CONFIG,
3169570cc8Sopenharmony_ci    SANBOX_ISOLATED_JSON_CONFIG
3269570cc8Sopenharmony_ci} SandboxConfigType;
3369570cc8Sopenharmony_ci
3469570cc8Sopenharmony_cinamespace OHOS {
3569570cc8Sopenharmony_cinamespace AppSpawn {
3669570cc8Sopenharmony_ciclass SandboxUtils {
3769570cc8Sopenharmony_cipublic:
3869570cc8Sopenharmony_ci    static void StoreJsonConfig(nlohmann::json &appSandboxConfig, SandboxConfigType type);
3969570cc8Sopenharmony_ci    static std::vector<nlohmann::json> &GetJsonConfig(SandboxConfigType type);
4069570cc8Sopenharmony_ci    static int32_t SetAppSandboxProperty(AppSpawningCtx *client, uint32_t sandboxNsFlags = CLONE_NEWNS);
4169570cc8Sopenharmony_ci    static int32_t SetAppSandboxPropertyNweb(AppSpawningCtx *client, uint32_t sandboxNsFlags = CLONE_NEWNS);
4269570cc8Sopenharmony_ci    static uint32_t GetSandboxNsFlags(bool isNweb);
4369570cc8Sopenharmony_ci    static std::set<std::string> GetMountPermissionNames();
4469570cc8Sopenharmony_ci    static std::string GetExtraInfoByType(const AppSpawningCtx *appProperty, const std::string &type);
4569570cc8Sopenharmony_ci    typedef struct {
4669570cc8Sopenharmony_ci        unsigned long mountFlags;
4769570cc8Sopenharmony_ci        std::string optionsPoint;
4869570cc8Sopenharmony_ci        std::string fsType;
4969570cc8Sopenharmony_ci        std::string sandboxPath;
5069570cc8Sopenharmony_ci    } SandboxMountConfig;
5169570cc8Sopenharmony_ci
5269570cc8Sopenharmony_ci#ifndef APPSPAWN_TEST
5369570cc8Sopenharmony_ciprivate:
5469570cc8Sopenharmony_ci#endif
5569570cc8Sopenharmony_ci    static int32_t DoAppSandboxMountOnce(const char *originPath, const char *destinationPath,
5669570cc8Sopenharmony_ci                                         const char *fsType, unsigned long mountFlags,
5769570cc8Sopenharmony_ci                                         const char *options, mode_t mountSharedFlag = MS_SLAVE);
5869570cc8Sopenharmony_ci    static int32_t DoSandboxFileCommonBind(const AppSpawningCtx *appProperty, nlohmann::json &wholeConfig);
5969570cc8Sopenharmony_ci    static int32_t DoSandboxFileCommonSymlink(const AppSpawningCtx *appProperty,
6069570cc8Sopenharmony_ci                                              nlohmann::json &wholeConfig);
6169570cc8Sopenharmony_ci    static int32_t DoSandboxFilePrivateBind(const AppSpawningCtx *appProperty, nlohmann::json &wholeConfig);
6269570cc8Sopenharmony_ci    static int32_t DoSandboxFilePrivateSymlink(const AppSpawningCtx *appProperty,
6369570cc8Sopenharmony_ci                                               nlohmann::json &wholeConfig);
6469570cc8Sopenharmony_ci    static int32_t DoSandboxFilePrivateFlagsPointHandle(const AppSpawningCtx *appProperty,
6569570cc8Sopenharmony_ci                                                        nlohmann::json &wholeConfig);
6669570cc8Sopenharmony_ci    static int32_t DoSandboxFileCommonFlagsPointHandle(const AppSpawningCtx *appProperty,
6769570cc8Sopenharmony_ci                                                       nlohmann::json &wholeConfig);
6869570cc8Sopenharmony_ci    static int32_t HandleFlagsPoint(const AppSpawningCtx *appProperty,
6969570cc8Sopenharmony_ci                                           nlohmann::json &wholeConfig);
7069570cc8Sopenharmony_ci    static int32_t SetPrivateAppSandboxProperty(const AppSpawningCtx *appProperty);
7169570cc8Sopenharmony_ci    static int32_t SetCommonAppSandboxProperty(const AppSpawningCtx *appProperty,
7269570cc8Sopenharmony_ci                                                      std::string &sandboxPackagePath);
7369570cc8Sopenharmony_ci    static int32_t MountAllHsp(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath);
7469570cc8Sopenharmony_ci    static int32_t MountAllGroup(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath);
7569570cc8Sopenharmony_ci    static int32_t DoSandboxRootFolderCreateAdapt(std::string &sandboxPackagePath);
7669570cc8Sopenharmony_ci    static int32_t DoSandboxRootFolderCreate(const AppSpawningCtx *appProperty,
7769570cc8Sopenharmony_ci                                             std::string &sandboxPackagePath);
7869570cc8Sopenharmony_ci    static void DoSandboxChmod(nlohmann::json jsonConfig, std::string &sandboxRoot);
7969570cc8Sopenharmony_ci    static int DoAllMntPointsMount(const AppSpawningCtx *appProperty,
8069570cc8Sopenharmony_ci        nlohmann::json &appConfig, const char *typeName, const std::string &section = "app-base");
8169570cc8Sopenharmony_ci    static int DoAllSymlinkPointslink(const AppSpawningCtx *appProperty, nlohmann::json &appConfig);
8269570cc8Sopenharmony_ci    static std::string ConvertToRealPath(const AppSpawningCtx *appProperty, std::string path);
8369570cc8Sopenharmony_ci    static std::string ConvertToRealPathWithPermission(const AppSpawningCtx *appProperty, std::string path);
8469570cc8Sopenharmony_ci    static std::string GetSbxPathByConfig(const AppSpawningCtx *appProperty, nlohmann::json &config);
8569570cc8Sopenharmony_ci    static bool CheckTotalSandboxSwitchStatus(const AppSpawningCtx *appProperty);
8669570cc8Sopenharmony_ci    static bool CheckAppSandboxSwitchStatus(const AppSpawningCtx *appProperty);
8769570cc8Sopenharmony_ci    static bool CheckBundleNameForPrivate(const std::string &bundleName);
8869570cc8Sopenharmony_ci    static bool GetSbxSwitchStatusByConfig(nlohmann::json &config);
8969570cc8Sopenharmony_ci    static unsigned long GetMountFlagsFromConfig(const std::vector<std::string> &vec);
9069570cc8Sopenharmony_ci    static int32_t SetCommonAppSandboxProperty_(const AppSpawningCtx *appProperty,
9169570cc8Sopenharmony_ci                                                nlohmann::json &config);
9269570cc8Sopenharmony_ci    static int32_t SetPrivateAppSandboxProperty_(const AppSpawningCtx *appProperty,
9369570cc8Sopenharmony_ci                                                 nlohmann::json &config);
9469570cc8Sopenharmony_ci    static int32_t SetRenderSandboxProperty(const AppSpawningCtx *appProperty,
9569570cc8Sopenharmony_ci                                            std::string &sandboxPackagePath);
9669570cc8Sopenharmony_ci    static int32_t SetRenderSandboxPropertyNweb(const AppSpawningCtx *appProperty,
9769570cc8Sopenharmony_ci                                                std::string &sandboxPackagePath);
9869570cc8Sopenharmony_ci    static int32_t SetOverlayAppSandboxProperty(const AppSpawningCtx *appProperty,
9969570cc8Sopenharmony_ci                                                std::string &sandboxPackagePath);
10069570cc8Sopenharmony_ci    static int32_t SetBundleResourceAppSandboxProperty(const AppSpawningCtx *appProperty,
10169570cc8Sopenharmony_ci                                                       std::string &sandboxPackagePath);
10269570cc8Sopenharmony_ci    static int32_t DoSandboxFilePermissionBind(AppSpawningCtx *appProperty,
10369570cc8Sopenharmony_ci                                               nlohmann::json &wholeConfig);
10469570cc8Sopenharmony_ci    static int32_t SetPermissionAppSandboxProperty_(AppSpawningCtx *appProperty,
10569570cc8Sopenharmony_ci                                                    nlohmann::json &config);
10669570cc8Sopenharmony_ci    static int32_t SetPermissionAppSandboxProperty(AppSpawningCtx *appProperty);
10769570cc8Sopenharmony_ci    static int32_t DoAddGid(AppSpawningCtx *appProperty, nlohmann::json &appConfig,
10869570cc8Sopenharmony_ci                            const char* permissionName, const std::string &section);
10969570cc8Sopenharmony_ci    static int32_t CheckAppFullMountEnable();
11069570cc8Sopenharmony_ci    static int32_t SetPermissionWithParam(AppSpawningCtx *appProperty);
11169570cc8Sopenharmony_ci    static int32_t SetSandboxProperty(AppSpawningCtx *appProperty, std::string &sandboxPackagePath);
11269570cc8Sopenharmony_ci    static int32_t ChangeCurrentDir(std::string &sandboxPackagePath, const std::string &bundleName,
11369570cc8Sopenharmony_ci                                    bool sandboxSharedStatus);
11469570cc8Sopenharmony_ci    static int32_t GetMountPermissionFlags(const std::string permissionName);
11569570cc8Sopenharmony_ci    static bool GetSandboxDacOverrideEnable(nlohmann::json &config);
11669570cc8Sopenharmony_ci    static unsigned long GetSandboxMountFlags(nlohmann::json &config);
11769570cc8Sopenharmony_ci    static std::string GetSandboxFsType(nlohmann::json &config);
11869570cc8Sopenharmony_ci    static std::string GetSandboxOptions(const AppSpawningCtx *appProperty, nlohmann::json &config);
11969570cc8Sopenharmony_ci    static std::string GetSandboxPath(const AppSpawningCtx *appProperty, nlohmann::json &mntPoint,
12069570cc8Sopenharmony_ci                                      const std::string &section, std::string sandboxRoot);
12169570cc8Sopenharmony_ci    static void GetSandboxMountConfig(const AppSpawningCtx *appProperty, const std::string &section,
12269570cc8Sopenharmony_ci                                      nlohmann::json &mntPoint,SandboxMountConfig &mountConfig);
12369570cc8Sopenharmony_ci#ifdef APPSPAWN_MOUNT_TMPSHM
12469570cc8Sopenharmony_ci    static void MountDevShmPath(std::string &sandboxPath);
12569570cc8Sopenharmony_ci#endif
12669570cc8Sopenharmony_ci    static std::map<SandboxConfigType, std::vector<nlohmann::json>> appSandboxConfig_;
12769570cc8Sopenharmony_ci    static int32_t deviceTypeEnable_;
12869570cc8Sopenharmony_ci};
12969570cc8Sopenharmony_ciclass JsonUtils {
13069570cc8Sopenharmony_cipublic:
13169570cc8Sopenharmony_ci    static bool GetJsonObjFromJson(nlohmann::json &jsonObj, const std::string &jsonPath);
13269570cc8Sopenharmony_ci    static bool GetStringFromJson(const nlohmann::json &json, const std::string &key, std::string &value);
13369570cc8Sopenharmony_ci};
13469570cc8Sopenharmony_ci} // namespace AppSpawn
13569570cc8Sopenharmony_ci} // namespace OHOS
13669570cc8Sopenharmony_ci
13769570cc8Sopenharmony_ciint LoadAppSandboxConfig(AppSpawnMgr *content);
13869570cc8Sopenharmony_ci
13969570cc8Sopenharmony_citypedef struct {
14069570cc8Sopenharmony_ci    const char *sandboxPath;
14169570cc8Sopenharmony_ci    const char *permission;
14269570cc8Sopenharmony_ci} MountSharedTemplate;
14369570cc8Sopenharmony_ci
14469570cc8Sopenharmony_ci#endif  // SANDBOX_UTILS_H
145