1 /* 2 * Copyright (C) 2022-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef SANDBOX_UTILS_H 17 #define SANDBOX_UTILS_H 18 19 #include <set> 20 #include <string> 21 #include <sys/mount.h> 22 #include <sys/types.h> 23 #include <vector> 24 25 #include "nlohmann/json.hpp" 26 #include "client_socket.h" 27 #include "appspawn_server.h" 28 29 namespace OHOS { 30 namespace AppSpawn { 31 class SandboxUtils { 32 public: 33 static void StoreNamespaceJsonConfig(nlohmann::json &appNamespaceConfig); 34 static nlohmann::json GetNamespaceJsonConfig(void); 35 static void StoreJsonConfig(nlohmann::json &appSandboxConfig); 36 static std::vector<nlohmann::json> &GetJsonConfig(); 37 static int32_t SetAppSandboxProperty(AppSpawnClient *client); 38 static int32_t SetAppSandboxPropertyNweb(AppSpawnClient *client); 39 static uint32_t GetNamespaceFlagsFromConfig(const char *bundleName); 40 static std::set<std::string> GetMountPermissionNames(); 41 42 private: 43 static int32_t DoAppSandboxMountOnce(const char *originPath, const char *destinationPath, 44 const char *fsType, unsigned long mountFlags, 45 const char *options, mode_t mountSharedFlag = MS_SLAVE); 46 static int32_t DoSandboxFileCommonBind(const ClientSocket::AppProperty *appProperty, nlohmann::json &wholeConfig); 47 static int32_t DoSandboxFileCommonSymlink(const ClientSocket::AppProperty *appProperty, 48 nlohmann::json &wholeConfig); 49 static int32_t DoSandboxFilePrivateBind(const ClientSocket::AppProperty *appProperty, nlohmann::json &wholeConfig); 50 static int32_t DoSandboxFilePrivateSymlink(const ClientSocket::AppProperty *appProperty, 51 nlohmann::json &wholeConfig); 52 static int32_t DoSandboxFilePrivateFlagsPointHandle(const ClientSocket::AppProperty *appProperty, 53 nlohmann::json &wholeConfig); 54 static int32_t DoSandboxFileCommonFlagsPointHandle(const ClientSocket::AppProperty *appProperty, 55 nlohmann::json &wholeConfig); 56 static int32_t HandleFlagsPoint(const ClientSocket::AppProperty *appProperty, 57 nlohmann::json &wholeConfig); 58 static int32_t SetPrivateAppSandboxProperty(const ClientSocket::AppProperty *appProperty); 59 static int32_t SetCommonAppSandboxProperty(const ClientSocket::AppProperty *appProperty, 60 std::string &sandboxPackagePath); 61 static int32_t MountAllHsp(const ClientSocket::AppProperty *appProperty, std::string &sandboxPackagePath); 62 static int32_t MountAllGroup(const ClientSocket::AppProperty *appProperty, std::string &sandboxPackagePath); 63 static int32_t DoSandboxRootFolderCreateAdapt(std::string &sandboxPackagePath); 64 static int32_t DoSandboxRootFolderCreate(const ClientSocket::AppProperty *appProperty, 65 std::string &sandboxPackagePath); 66 static void DoSandboxChmod(nlohmann::json jsonConfig, std::string &sandboxRoot); 67 static int DoAllMntPointsMount(const ClientSocket::AppProperty *appProperty, 68 nlohmann::json &appConfig, const std::string §ion = "app-base"); 69 static int DoAllSymlinkPointslink(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig); 70 static std::string ConvertToRealPath(const ClientSocket::AppProperty *appProperty, std::string sandboxRoot); 71 static std::string GetSbxPathByConfig(const ClientSocket::AppProperty *appProperty, nlohmann::json &config); 72 static bool CheckTotalSandboxSwitchStatus(const ClientSocket::AppProperty *appProperty); 73 static bool CheckAppSandboxSwitchStatus(const ClientSocket::AppProperty *appProperty); 74 static bool CheckBundleNameForPrivate(const std::string &bundleName); 75 static bool GetSbxSwitchStatusByConfig(nlohmann::json &config); 76 static unsigned long GetMountFlagsFromConfig(const std::vector<std::string> &vec); 77 static int32_t SetCommonAppSandboxProperty_(const ClientSocket::AppProperty *appProperty, 78 nlohmann::json &config); 79 static int32_t SetPrivateAppSandboxProperty_(const ClientSocket::AppProperty *appProperty, 80 nlohmann::json &config); 81 static int32_t SetRenderSandboxProperty(const ClientSocket::AppProperty *appProperty, 82 std::string &sandboxPackagePath); 83 static int32_t SetRenderSandboxPropertyNweb(const ClientSocket::AppProperty *appProperty, 84 std::string &sandboxPackagePath); 85 static int32_t SetOverlayAppSandboxProperty(const ClientSocket::AppProperty *appProperty, 86 std::string &sandboxPackagePath); 87 static int32_t DoSandboxFilePermissionBind(ClientSocket::AppProperty *appProperty, 88 nlohmann::json &wholeConfig); 89 static int32_t SetPermissionAppSandboxProperty_(ClientSocket::AppProperty *appProperty, 90 nlohmann::json &config); 91 static int32_t SetPermissionAppSandboxProperty(ClientSocket::AppProperty *appProperty); 92 static int32_t DoAddGid(ClientSocket::AppProperty *appProperty, 93 nlohmann::json &appConfig, const char* permissionName, const std::string §ion); 94 private: 95 static nlohmann::json appNamespaceConfig_; 96 static std::vector<nlohmann::json> appSandboxConfig_; 97 }; 98 } // namespace AppSpawn 99 } // namespace OHOS 100 #endif // SANDBOX_UTILS_H 101