1 /*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "appspawn_adapter.h"
17
18 #include <string>
19 #include "appspawn_service.h"
20 #include "config_policy_utils.h"
21 #include "json_utils.h"
22 #include "sandbox_utils.h"
23 #include "init_param.h"
24
25 using namespace std;
26 using namespace OHOS;
27 using namespace OHOS::AppSpawn;
28
29 namespace {
30 const std::string MODULE_TEST_BUNDLE_NAME("moduleTestProcessName");
31 const std::string APP_JSON_CONFIG("/appdata-sandbox.json");
32 }
33
AppSandboxPidNsIsSupport(void)34 static bool AppSandboxPidNsIsSupport(void)
35 {
36 char buffer[10] = {0};
37 uint32_t buffSize = sizeof(buffer);
38
39 if (SystemGetParameter("const.sandbox.pidns.support", buffer, &buffSize) != 0) {
40 return true;
41 }
42 if (!strcmp(buffer, "false")) {
43 return false;
44 }
45 return true;
46 }
47
LoadAppSandboxConfig(AppSpawnContent * content)48 void LoadAppSandboxConfig(AppSpawnContent *content)
49 {
50 bool rc = true;
51 // load sandbox config
52 nlohmann::json appSandboxConfig;
53 CfgFiles *files = GetCfgFiles("etc/sandbox");
54 for (int i = 0; (files != nullptr) && (i < MAX_CFG_POLICY_DIRS_CNT); ++i) {
55 if (files->paths[i] == nullptr) {
56 continue;
57 }
58 std::string path = files->paths[i];
59 path += APP_JSON_CONFIG;
60 APPSPAWN_LOGI("LoadAppSandboxConfig %{public}s", path.c_str());
61 rc = JsonUtils::GetJsonObjFromJson(appSandboxConfig, path);
62 APPSPAWN_CHECK(rc, continue, "Failed to load app data sandbox config %{public}s", path.c_str());
63 SandboxUtils::StoreJsonConfig(appSandboxConfig);
64 }
65 FreeCfgFiles(files);
66
67 if (!content->isNweb && !AppSandboxPidNsIsSupport()) {
68 return;
69 }
70 content->sandboxNsFlags = SandboxUtils::GetSandboxNsFlags(content->isNweb);
71 }
72
SetAppSandboxProperty(struct AppSpawnContent_ * content,AppSpawnClient * client)73 int32_t SetAppSandboxProperty(struct AppSpawnContent_ *content, AppSpawnClient *client)
74 {
75 APPSPAWN_CHECK(client != NULL, return -1, "Invalid appspwn client");
76 AppSpawnClientExt *clientExt = reinterpret_cast<AppSpawnClientExt *>(client);
77 // no sandbox
78 if (clientExt->property.flags & APP_NO_SANDBOX) {
79 return 0;
80 }
81
82 int ret = 0;
83 if (client->cloneFlags & CLONE_NEWPID) {
84 ret = getprocpid();
85 if (ret < 0) {
86 return ret;
87 }
88 }
89 if (content->isNweb) {
90 ret = SandboxUtils::SetAppSandboxPropertyNweb(client);
91 } else {
92 ret = SandboxUtils::SetAppSandboxProperty(client);
93 }
94
95 // free ExtraInfo
96 if (clientExt->property.extraInfo.data != nullptr) {
97 free(clientExt->property.extraInfo.data);
98 clientExt->property.extraInfo = {};
99 }
100
101 // for module test do not create sandbox
102 if (strncmp(clientExt->property.bundleName,
103 MODULE_TEST_BUNDLE_NAME.c_str(), MODULE_TEST_BUNDLE_NAME.size()) == 0) {
104 return 0;
105 }
106 return ret;
107 }
108