diff --git a/appdata-sandbox.json b/appdata-sandbox.json old mode 100644 new mode 100755 index 5994d20f6a27f0475067bdb6f81174d7c10bd2e4..74594647bb2e508351e255b3359194906ad00d62 --- a/appdata-sandbox.json +++ b/appdata-sandbox.json @@ -162,6 +162,16 @@ "check-action-status": "false" } ], + "flags-point" : [{ + "flags": "NOT_SUPPORTED", + "mount-paths" : [{ + "src-path" : "/data/app/el1/bundle/public/", + "sandbox-path" : "/data/bundles/", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + } + ]} + ], "symbol-links" : [ ] }] @@ -228,14 +238,26 @@ "symbol-links" : [] }], "ohos.samples.ecg" : [{ - "sandbox-switch": "OFF", + "sandbox-switch": "ON", "sandbox-root" : "/mnt/sandbox/", - "mount-paths" : [{ - "src-path" : "/data/app/el1/bundle/public/", - "sandbox-path" : "/data/bundles/", - "sandbox-flags" : [ "bind", "rec" ], - "check-action-status": "true" - } + "mount-paths" : [], + "flags-point" : [{ + "flags": "NOT_SUPPORTED", + "mount-paths" : [{ + "src-path" : "/data/app/el1/bundle/public/", + "sandbox-path" : "/data/bundles/", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + } + ]}, { + "flags": "START_FLAGS_BACKUP", + "mount-paths" : [{ + "src-path" : "/data/app/el1/bundle/public/", + "sandbox-path" : "/data/bundles/", + "sandbox-flags" : [ "bind", "rec" ], + "check-action-status": "true" + } + ]} ], "symbol-links" : [] }], diff --git a/util/include/sandbox_utils.h b/util/include/sandbox_utils.h index e0961508bde456265bf95633c330ca984067387e..b5c7ad3d6c798a92ae10dd3047518e02b9dd9e51 100755 --- a/util/include/sandbox_utils.h +++ b/util/include/sandbox_utils.h @@ -42,6 +42,12 @@ private: static int32_t DoSandboxFilePrivateBind(const ClientSocket::AppProperty *appProperty, nlohmann::json &wholeConfig); static int32_t DoSandboxFilePrivateSymlink(const ClientSocket::AppProperty *appProperty, nlohmann::json &wholeConfig); + static int32_t DoSandboxFilePrivateFlagsPointHandle(const ClientSocket::AppProperty *appProperty, + nlohmann::json &wholeConfig); + static int32_t DoSandboxFileCommonFlagsPointHandle(const ClientSocket::AppProperty *appProperty, + nlohmann::json &wholeConfig); + static int32_t HandleFlagsPoint(const ClientSocket::AppProperty *appProperty, + nlohmann::json &wholeConfig); static int32_t SetPrivateAppSandboxProperty(const ClientSocket::AppProperty *appProperty); static int32_t SetCommonAppSandboxProperty(const ClientSocket::AppProperty *appProperty, std::string &sandboxPackagePath); @@ -68,4 +74,4 @@ private: }; } // namespace AppSpawn } // namespace OHOS -#endif // SANDBOX_UTILS_H \ No newline at end of file +#endif // SANDBOX_UTILS_H diff --git a/util/src/sandbox_utils.cpp b/util/src/sandbox_utils.cpp old mode 100644 new mode 100755 index c53862dc1ecb59bd3cb9afc56e2cb178c0953464..32bfec3eaf57b708c0cb28a6c3f0fd391a9d189a --- a/util/src/sandbox_utils.cpp +++ b/util/src/sandbox_utils.cpp @@ -76,6 +76,8 @@ namespace { const char *SANDBOX_ROOT_PREFIX = "sandbox-root"; const char *TOP_SANDBOX_SWITCH_PREFIX = "top-sandbox-switch"; const char *TARGET_NAME = "target-name"; + const char *FLAGS_POINT = "flags-point"; + const char *FLAGS = "flags"; const char *WARGNAR_DEVICE_PATH = "/3rdmodem"; } @@ -469,6 +471,66 @@ int32_t SandboxUtils::DoSandboxFilePrivateSymlink(const ClientSocket::AppPropert return 0; } +static int ConvertFlagStr(const std::string &flagStr) +{ + const std::map flagsMap = {{"0", 0}, {"START_FLAGS_BACKUP", 1}}; + + if (flagsMap.count(flagStr)) { + return flagsMap.at(flagStr); + } + + return -1; +} + +int32_t SandboxUtils::HandleFlagsPoint(const ClientSocket::AppProperty *appProperty, + nlohmann::json &appConfig) +{ + if (appConfig.find(FLAGS_POINT) == appConfig.end()) { + return 0; + } + + nlohmann::json flagsPoints = appConfig[FLAGS_POINT]; + unsigned int flagsPointSize = flagsPoints.size(); + + for (unsigned int i = 0; i < flagsPointSize; i++) { + nlohmann::json flagPoint = flagsPoints[i]; + + if (flagPoint.find(FLAGS) != flagPoint.end()) { + std::string flagsStr = flagPoint[FLAGS].get(); + int flag = ConvertFlagStr(flagsStr); + if (appProperty->flags == flag) { + return DoAllMntPointsMount(appProperty, flagPoint); + } + } else { + HiLog::Error(LABEL, "read flags config failed, app name is %{public}s", appProperty->bundleName); + } + } + + return 0; +} + +int32_t SandboxUtils::DoSandboxFilePrivateFlagsPointHandle(const ClientSocket::AppProperty *appProperty, + nlohmann::json &wholeConfig) +{ + nlohmann::json privateAppConfig = wholeConfig[PRIVATE_PREFIX][0]; + if (privateAppConfig.find(appProperty->bundleName) != privateAppConfig.end()) { + return HandleFlagsPoint(appProperty, privateAppConfig[appProperty->bundleName][0]); + } + + return 0; +} + +int32_t SandboxUtils::DoSandboxFileCommonFlagsPointHandle(const ClientSocket::AppProperty *appProperty, + nlohmann::json &wholeConfig) +{ + nlohmann::json commonConfig = wholeConfig[COMMON_PREFIX][0]; + if (commonConfig.find(APP_RESOURCES) != commonConfig.end()) { + return HandleFlagsPoint(appProperty, commonConfig[APP_RESOURCES][0]); + } + + return 0; +} + int32_t SandboxUtils::DoSandboxFileCommonBind(const ClientSocket::AppProperty *appProperty, nlohmann::json &wholeConfig) { nlohmann::json commonConfig = wholeConfig[COMMON_PREFIX][0]; @@ -524,6 +586,11 @@ int32_t SandboxUtils::SetPrivateAppSandboxProperty_(const ClientSocket::AppPrope HiLog::Error(LABEL, "DoSandboxFilePrivateSymlink failed"); } + ret = DoSandboxFilePrivateFlagsPointHandle(appProperty, config); + if (ret) { + HiLog::Error(LABEL, "DoSandboxFilePrivateFlagsPointHandle failed"); + } + return ret; } @@ -563,9 +630,15 @@ int32_t SandboxUtils::SetCommonAppSandboxProperty_(const ClientSocket::AppProper rc = DoSandboxFileCommonSymlink(appProperty, config); if (rc) { HiLog::Error(LABEL, "DoSandboxFileCommonSymlink failed, %{public}s", appProperty->bundleName); + return rc; } } + rc = DoSandboxFileCommonFlagsPointHandle(appProperty, config); + if (rc) { + HiLog::Error(LABEL, "DoSandboxFilePrivateFlagsPointHandle failed"); + } + return rc; }