1# appspawn Module<a name="EN-US_TOPIC_0000001063680582"></a> 2 3## Overview 4 5### Introduction 6 7 The appspawn module spawns application processes upon receiving commands from the application framework, configures permissions for new processes, and calls the entry function of the application framework. 8 9### Basic Concepts 10 11 **appspawn** is a registered service name. The appspawn process receives requests from the client by listening to messages over the local socket. The message type is an **AppParameter** structure. It is defined in **interfaces/innerkits/include/appspawn_msg.h**. 12 13 **Table 1** Field description 14 | Field| Description| 15 | -------- | -------- | 16 | processName | Name of the service process to be started. The value contains a maximum of 256 bytes.| 17 | bundleName | Bundle name of the application to be started. The value contains a maximum of 256 bytes.| 18 | soPath | Path of the dynamic library specified by the application. The value contains a maximum of 256 bytes.| 19 | uid | UID of the application process to be started.| 20 | gid | GID of the application process to be started.| 21 | gidTable | Information about the application process group to be started. Its length is specified by **gidCount**. A maximum of 64 process groups are supported. The value must be a positive number.| 22 | gidCount | Number of application process groups to be started.| 23 | accessTokenId | Token ID for application process permission control.| 24 | apl | APL for application process permission control. The value contains a maximum of 32 bytes.| 25 | renderCmd | Image rendering command. The value contains a maximum of 1024 bytes.| 26 | flags | Cold start flag.| 27 | pid | PID of the rendering process, which is used to query the process exit status.| 28 | AppOperateType | Application operation type. The value **0** means to obtain the default status, and the value **1** means to obtain the rendering termination status.| 29 30### Constraints 31The appspawn module is used only for the standard system. 32 33## Development Guidelines 34 35### Use Cases 36 37- Application security control based on SELinux tags 38 39 Example code: 40 ```c++ 41 AppSpawnClientExt *appProperty = (AppSpawnClientExt *)client; 42 HapContext hapContext; 43 ret = hapContext.HapDomainSetcontext(appProperty->property.apl, appProperty->property.processName); 44 if (ret != 0) { 45 APPSPAWN_LOGE("AppSpawnServer::Failed to hap domain set context, errno = %d %s", 46 errno, appProperty->property.apl); 47 } else { 48 APPSPAWN_LOGI("AppSpawnServer::Success to hap domain set context, ret = %d", ret); 49 } 50 ``` 51- Application process control 52 53 - Support for setting of AccessToken for applications 54 - Support for simultaneous stopping of all spawn application processes (after stopping of the appspawn process and before a restart) 55 56 Example code: 57 ``` 58 AppSpawnClientExt *appProperty = (AppSpawnClientExt *)client; 59 int32_t ret = SetSelfTokenID(appProperty->property.accessTokenId); 60 APPSPAWN_LOGI("AppSpawnServer::set access token id = %d, ret = %d %d", appProperty->property.accessTokenId, ret, getuid()); 61 ``` 62 63- Support for cold start of applications by using the aa command 64 65 ``` 66 param set startup.appspawn.cold.boot 1 // Enable cold start. 67 aa start -d 12345 -a $name -b $package -C 68 Reference command: 69 aa start -d 12345 -a ohos.acts.startup.sysparam.function.MainAbility -b ohos.acts.startup.sysparam.function -C 70 ``` 71 72- Application sandbox 73 74 Applications run independently in their own sandbox environments. In an application sandbox, only necessary libraries or files of applications are retained and data of different applications is isolated. 75 76### Available APIs 77 78 The API definitions are provided in **/interfaces/innerkits/include/client_socket.h**. Table 2 is a list of available APIs. 79 80 **Table 2** API description 81 | API| Description| 82 | -------- | -------- | 83 | CreateClient | Creates a client.| 84 | CloseClient | Closes a client.| 85 | ConnectSocket | Sends a connection request to the appspawn service.| 86 | WriteSocketMessage | Sends a message to the appspawn service.| 87 | ReadSocketMessage | Receives a message from the appspawn service.| 88 89### How to Develop 90 91 Sandbox configuration description: 92 93 ``` 94 { 95 "common" : [{ // Common mount options of the application sandbox 96 "top-sandbox-switch": "ON", // Application sandbox switch. The value ON means to enable the applicable sandbox, and the value OFF means the opposite. 97 "app-base" : [{ 98 "sandbox-root" : "/mnt/sandbox/<PackageName>", // Root path of the application sandbox 99 "mount-paths" : [{ 100 "src-path" : "/config", // Source mount path 101 "sandbox-path" : "/config", // Sandbox mount path 102 "sandbox-flags" : [ "bind", "rec" ], // Mount mode 103 "check-action-status": "false" // Whether to check the mount result. The value true means to check the mount result, and the value false means the opposite. 104 } 105 ], 106 "symbol-links" : [{ // Link path 107 "target-name" : "/system/bin", // Source link path 108 "link-name" : "/bin", // Link name 109 "check-action-status": "false" 110 } 111 ] 112 }], 113 // Reference application-specific configuration 114 "individual" : [{ // Independent mount options of an application 115 "com.ohos.medialibrary.MediaLibraryDataA" : [{ // Application name 116 "sandbox-switch": "ON", // Application sandbox switch. The value ON means to enable the applicable sandbox, and the value OFF means the opposite. 117 "sandbox-root" : "/mnt/sandbox/<PackageName>", // Root path of the application sandbox 118 "mount-paths" : [{ 119 "src-path" : "/storage/media/<currentUserId>", 120 "sandbox-path" : "/storage/media", 121 "sandbox-flags" : [ "bind", "rec" ], 122 "check-action-status": "false" 123 } 124 ], 125 "symbol-links" : [] 126 }] 127 }] 128 } 129 ``` 130 131 Modify configuration files by referring to the sandbox configuration description. 132 133 - On the device, go to **/system/etc/sandbox/**, modify the sandbox configuration files, and restart the device. 134 - In the code path, go to **base/startup/appspawn_standard**, and modify the sandbox configuration files. 135 136 **Table 3** Description of sandbox configuration files 137 138 | Sandbox Configuration File| Description| 139 | -------- | -------- | 140 | appdata-sandbox64.json | Sandbox configuration for the 64-bit OS| 141 | appdata-sandbox.json | Sandbox configuration for the 32-bit OS| 142 | product-sandbox.json | Product-specific configuration for the application sandbox| 143 144### Development Example 145The following is the sample code for adding product-specific configuration for the launcher application: 146 ```c++ 147 "com.ohos.launcher" : [{ 148 "sandbox-switch": "ON", 149 "sandbox-root" : "/mnt/sandbox/<PackageName>", 150 "mount-paths" : [{ 151 "src-path" : "/data/app/el1/bundle/public/", 152 "sandbox-path" : "/data/bundles/", 153 "sandbox-flags" : [ "bind", "rec" ], 154 "check-action-status": "true" 155 } 156 ], 157 "symbol-links" : [] 158 }], 159 ``` 160 161## FAQ 162 163### Cold Start of Applications Failed 164 165 **Symptom** 166 <br>Applications fail to be started by running the cold start command. 167 168 **Solution** 169 <br>1. Enable cold start by setting **param set startup.appspawn.cold.boot 1**. 170 <br>2. Make sure that the cold start command is correct. 171