1/* 2 * Copyright (C) 2022-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#ifndef SANDBOX_UTILS_H 17#define SANDBOX_UTILS_H 18 19#include <set> 20#include <string> 21#include <sys/mount.h> 22#include <sys/types.h> 23#include <vector> 24 25#include "nlohmann/json.hpp" 26#include "appspawn_server.h" 27#include "appspawn_manager.h" 28 29typedef enum { 30 SANBOX_APP_JSON_CONFIG, 31 SANBOX_ISOLATED_JSON_CONFIG 32} SandboxConfigType; 33 34namespace OHOS { 35namespace AppSpawn { 36class SandboxUtils { 37public: 38 static void StoreJsonConfig(nlohmann::json &appSandboxConfig, SandboxConfigType type); 39 static std::vector<nlohmann::json> &GetJsonConfig(SandboxConfigType type); 40 static int32_t SetAppSandboxProperty(AppSpawningCtx *client, uint32_t sandboxNsFlags = CLONE_NEWNS); 41 static int32_t SetAppSandboxPropertyNweb(AppSpawningCtx *client, uint32_t sandboxNsFlags = CLONE_NEWNS); 42 static uint32_t GetSandboxNsFlags(bool isNweb); 43 static std::set<std::string> GetMountPermissionNames(); 44 static std::string GetExtraInfoByType(const AppSpawningCtx *appProperty, const std::string &type); 45 typedef struct { 46 unsigned long mountFlags; 47 std::string optionsPoint; 48 std::string fsType; 49 std::string sandboxPath; 50 } SandboxMountConfig; 51 52#ifndef APPSPAWN_TEST 53private: 54#endif 55 static int32_t DoAppSandboxMountOnce(const char *originPath, const char *destinationPath, 56 const char *fsType, unsigned long mountFlags, 57 const char *options, mode_t mountSharedFlag = MS_SLAVE); 58 static int32_t DoSandboxFileCommonBind(const AppSpawningCtx *appProperty, nlohmann::json &wholeConfig); 59 static int32_t DoSandboxFileCommonSymlink(const AppSpawningCtx *appProperty, 60 nlohmann::json &wholeConfig); 61 static int32_t DoSandboxFilePrivateBind(const AppSpawningCtx *appProperty, nlohmann::json &wholeConfig); 62 static int32_t DoSandboxFilePrivateSymlink(const AppSpawningCtx *appProperty, 63 nlohmann::json &wholeConfig); 64 static int32_t DoSandboxFilePrivateFlagsPointHandle(const AppSpawningCtx *appProperty, 65 nlohmann::json &wholeConfig); 66 static int32_t DoSandboxFileCommonFlagsPointHandle(const AppSpawningCtx *appProperty, 67 nlohmann::json &wholeConfig); 68 static int32_t HandleFlagsPoint(const AppSpawningCtx *appProperty, 69 nlohmann::json &wholeConfig); 70 static int32_t SetPrivateAppSandboxProperty(const AppSpawningCtx *appProperty); 71 static int32_t SetCommonAppSandboxProperty(const AppSpawningCtx *appProperty, 72 std::string &sandboxPackagePath); 73 static int32_t MountAllHsp(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath); 74 static int32_t MountAllGroup(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath); 75 static int32_t DoSandboxRootFolderCreateAdapt(std::string &sandboxPackagePath); 76 static int32_t DoSandboxRootFolderCreate(const AppSpawningCtx *appProperty, 77 std::string &sandboxPackagePath); 78 static void DoSandboxChmod(nlohmann::json jsonConfig, std::string &sandboxRoot); 79 static int DoAllMntPointsMount(const AppSpawningCtx *appProperty, 80 nlohmann::json &appConfig, const char *typeName, const std::string §ion = "app-base"); 81 static int DoAllSymlinkPointslink(const AppSpawningCtx *appProperty, nlohmann::json &appConfig); 82 static std::string ConvertToRealPath(const AppSpawningCtx *appProperty, std::string path); 83 static std::string ConvertToRealPathWithPermission(const AppSpawningCtx *appProperty, std::string path); 84 static std::string GetSbxPathByConfig(const AppSpawningCtx *appProperty, nlohmann::json &config); 85 static bool CheckTotalSandboxSwitchStatus(const AppSpawningCtx *appProperty); 86 static bool CheckAppSandboxSwitchStatus(const AppSpawningCtx *appProperty); 87 static bool CheckBundleNameForPrivate(const std::string &bundleName); 88 static bool GetSbxSwitchStatusByConfig(nlohmann::json &config); 89 static unsigned long GetMountFlagsFromConfig(const std::vector<std::string> &vec); 90 static int32_t SetCommonAppSandboxProperty_(const AppSpawningCtx *appProperty, 91 nlohmann::json &config); 92 static int32_t SetPrivateAppSandboxProperty_(const AppSpawningCtx *appProperty, 93 nlohmann::json &config); 94 static int32_t SetRenderSandboxProperty(const AppSpawningCtx *appProperty, 95 std::string &sandboxPackagePath); 96 static int32_t SetRenderSandboxPropertyNweb(const AppSpawningCtx *appProperty, 97 std::string &sandboxPackagePath); 98 static int32_t SetOverlayAppSandboxProperty(const AppSpawningCtx *appProperty, 99 std::string &sandboxPackagePath); 100 static int32_t SetBundleResourceAppSandboxProperty(const AppSpawningCtx *appProperty, 101 std::string &sandboxPackagePath); 102 static int32_t DoSandboxFilePermissionBind(AppSpawningCtx *appProperty, 103 nlohmann::json &wholeConfig); 104 static int32_t SetPermissionAppSandboxProperty_(AppSpawningCtx *appProperty, 105 nlohmann::json &config); 106 static int32_t SetPermissionAppSandboxProperty(AppSpawningCtx *appProperty); 107 static int32_t DoAddGid(AppSpawningCtx *appProperty, nlohmann::json &appConfig, 108 const char* permissionName, const std::string §ion); 109 static int32_t CheckAppFullMountEnable(); 110 static int32_t SetPermissionWithParam(AppSpawningCtx *appProperty); 111 static int32_t SetSandboxProperty(AppSpawningCtx *appProperty, std::string &sandboxPackagePath); 112 static int32_t ChangeCurrentDir(std::string &sandboxPackagePath, const std::string &bundleName, 113 bool sandboxSharedStatus); 114 static int32_t GetMountPermissionFlags(const std::string permissionName); 115 static bool GetSandboxDacOverrideEnable(nlohmann::json &config); 116 static unsigned long GetSandboxMountFlags(nlohmann::json &config); 117 static std::string GetSandboxFsType(nlohmann::json &config); 118 static std::string GetSandboxOptions(const AppSpawningCtx *appProperty, nlohmann::json &config); 119 static std::string GetSandboxPath(const AppSpawningCtx *appProperty, nlohmann::json &mntPoint, 120 const std::string §ion, std::string sandboxRoot); 121 static void GetSandboxMountConfig(const AppSpawningCtx *appProperty, const std::string §ion, 122 nlohmann::json &mntPoint,SandboxMountConfig &mountConfig); 123#ifdef APPSPAWN_MOUNT_TMPSHM 124 static void MountDevShmPath(std::string &sandboxPath); 125#endif 126 static std::map<SandboxConfigType, std::vector<nlohmann::json>> appSandboxConfig_; 127 static int32_t deviceTypeEnable_; 128}; 129class JsonUtils { 130public: 131 static bool GetJsonObjFromJson(nlohmann::json &jsonObj, const std::string &jsonPath); 132 static bool GetStringFromJson(const nlohmann::json &json, const std::string &key, std::string &value); 133}; 134} // namespace AppSpawn 135} // namespace OHOS 136 137int LoadAppSandboxConfig(AppSpawnMgr *content); 138 139typedef struct { 140 const char *sandboxPath; 141 const char *permission; 142} MountSharedTemplate; 143 144#endif // SANDBOX_UTILS_H 145