1 /*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "appspawn_adapter.h"
17
18 #include <string>
19 #include "appspawn_service.h"
20 #include "config_policy_utils.h"
21 #include "json_utils.h"
22 #include "sandbox_utils.h"
23
24 using namespace std;
25 using namespace OHOS;
26 using namespace OHOS::AppSpawn;
27
28 namespace {
29 const std::string MODULE_TEST_BUNDLE_NAME("moduleTestProcessName");
30 const std::string NAMESPACE_JSON_CONFIG("/system/etc/sandbox/sandbox-config.json");
31 const std::string APP_JSON_CONFIG("/appdata-sandbox.json");
32 }
33
LoadAppSandboxConfig(void)34 void LoadAppSandboxConfig(void)
35 {
36 bool rc = true;
37 // load sandbox config
38 nlohmann::json appSandboxConfig;
39 CfgFiles *files = GetCfgFiles("etc/sandbox");
40 for (int i = 0; (files != nullptr) && (i < MAX_CFG_POLICY_DIRS_CNT); ++i) {
41 if (files->paths[i] == nullptr) {
42 continue;
43 }
44 std::string path = files->paths[i];
45 path += APP_JSON_CONFIG;
46 APPSPAWN_LOGI("LoadAppSandboxConfig %{public}s", path.c_str());
47 rc = JsonUtils::GetJsonObjFromJson(appSandboxConfig, path);
48 APPSPAWN_CHECK(rc, continue, "Failed to load app data sandbox config %{public}s", path.c_str());
49 SandboxUtils::StoreJsonConfig(appSandboxConfig);
50 }
51 FreeCfgFiles(files);
52
53 nlohmann::json appNamespaceConfig;
54 rc = JsonUtils::GetJsonObjFromJson(appNamespaceConfig, NAMESPACE_JSON_CONFIG);
55 APPSPAWN_CHECK_ONLY_LOG(rc, "AppSpawnServer::Failed to load app sandbox namespace config");
56 SandboxUtils::StoreNamespaceJsonConfig(appNamespaceConfig);
57 }
58
SetAppSandboxProperty(struct AppSpawnContent_ * content,AppSpawnClient * client)59 int32_t SetAppSandboxProperty(struct AppSpawnContent_ *content, AppSpawnClient *client)
60 {
61 APPSPAWN_CHECK(client != NULL, return -1, "Invalid appspwn client");
62 AppSpawnClientExt *clientExt = reinterpret_cast<AppSpawnClientExt *>(client);
63 // no sandbox
64 if (clientExt->property.flags & APP_NO_SANDBOX) {
65 return 0;
66 }
67 // no news
68 if ((client->cloneFlags & CLONE_NEWNS) != CLONE_NEWNS) {
69 return 0;
70 }
71 int ret = 0;
72 if (content->isNweb) {
73 ret = SandboxUtils::SetAppSandboxPropertyNweb(client);
74 } else {
75 ret = SandboxUtils::SetAppSandboxProperty(client);
76 }
77
78 // free HspList
79 if (clientExt->property.hspList.data != nullptr) {
80 free(clientExt->property.hspList.data);
81 clientExt->property.hspList = {};
82 }
83 // free OverlayInfo
84 if (clientExt->property.overlayInfo.data != nullptr) {
85 free(clientExt->property.overlayInfo.data);
86 clientExt->property.overlayInfo = {};
87 }
88 // free dataGroupInfoList
89 if (clientExt->property.dataGroupInfoList.data != nullptr) {
90 free(clientExt->property.dataGroupInfoList.data);
91 clientExt->property.dataGroupInfoList = {};
92 }
93 // for module test do not create sandbox
94 if (strncmp(clientExt->property.bundleName,
95 MODULE_TEST_BUNDLE_NAME.c_str(), MODULE_TEST_BUNDLE_NAME.size()) == 0) {
96 return 0;
97 }
98 return ret;
99 }
100
GetAppNamespaceFlags(const char * bundleName)101 uint32_t GetAppNamespaceFlags(const char *bundleName)
102 {
103 return SandboxUtils::GetNamespaceFlagsFromConfig(bundleName);
104 }
105