• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "appspawn_adapter.h"
17 
18 #include <cerrno>
19 
20 #include "appspawn_service.h"
21 #ifdef WITH_SELINUX
22 #include "hap_restorecon.h"
23 #endif
24 #include "token_setproc.h"
25 #ifdef WITH_SECCOMP
26 #include "seccomp_policy.h"
27 #endif
28 
29 
SetAppAccessToken(struct AppSpawnContent_ * content,AppSpawnClient * client)30 void SetAppAccessToken(struct AppSpawnContent_ *content, AppSpawnClient *client)
31 {
32     AppSpawnClientExt *appProperty = reinterpret_cast<AppSpawnClientExt *>(client);
33     int32_t ret = SetSelfTokenID(appProperty->property.accessTokenId);
34     APPSPAWN_LOGI("AppSpawnServer::set access token id = %d, ret = %d %d",
35         appProperty->property.accessTokenId, ret, getuid());
36 }
37 
SetSelinuxCon(struct AppSpawnContent_ * content,AppSpawnClient * client)38 void SetSelinuxCon(struct AppSpawnContent_ *content, AppSpawnClient *client)
39 {
40 #ifdef WITH_SELINUX
41     UNUSED(content);
42     AppSpawnClientExt *appProperty = reinterpret_cast<AppSpawnClientExt *>(client);
43     HapContext hapContext;
44     int32_t ret = hapContext.HapDomainSetcontext(appProperty->property.apl, appProperty->property.processName);
45     if (ret != 0) {
46         APPSPAWN_LOGE("AppSpawnServer::Failed to hap domain set context, errno = %d %s",
47             errno, appProperty->property.apl);
48     } else {
49         APPSPAWN_LOGI("AppSpawnServer::Success to hap domain set context, ret = %d", ret);
50     }
51 #endif
52 }
53 
SetUidGidFilter(struct AppSpawnContent_ * content)54 void SetUidGidFilter(struct AppSpawnContent_ *content)
55 {
56 #ifdef WITH_SECCOMP
57     if (!SetSeccompPolicyWithName(APPSPAWN_NAME)) {
58         APPSPAWN_LOGE("AppSpawnServer::Failed to set APPSPAWN seccomp filter");
59     } else {
60         APPSPAWN_LOGI("AppSpawnServer::Success to set APPSPAWN seccomp filter");
61     }
62 #endif
63 }
64 
SetSeccompFilter(struct AppSpawnContent_ * content,AppSpawnClient * client)65 void SetSeccompFilter(struct AppSpawnContent_ *content, AppSpawnClient *client)
66 {
67 #ifdef WITH_SECCOMP
68 #ifdef NWEB_SPAWN
69     if (!SetSeccompPolicyWithName(NWEBSPAWN_NAME)) {
70         APPSPAWN_LOGE("NwebspawnServer::Failed to set NWEBSPAWN seccomp filter");
71     } else {
72         APPSPAWN_LOGI("NwebspawnServer::Success to set NWEBSPAWN seccomp filter");
73     }
74 #else
75     if (!SetSeccompPolicyWithName(APP_NAME)) {
76         APPSPAWN_LOGE("AppSpawnServer::Failed to set APP seccomp filter");
77     } else {
78         APPSPAWN_LOGI("AppSpawnServer::Success to set APP seccomp filter");
79     }
80 #endif
81 #endif
82 }
83