• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022-2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef SANDBOX_UTILS_H
17 #define SANDBOX_UTILS_H
18 
19 #include <set>
20 #include <string>
21 #include <sys/mount.h>
22 #include <sys/types.h>
23 #include <vector>
24 
25 #include "nlohmann/json.hpp"
26 #include "client_socket.h"
27 #include "appspawn_server.h"
28 
29 namespace OHOS {
30 namespace AppSpawn {
31 class SandboxUtils {
32 public:
33     static void StoreJsonConfig(nlohmann::json &appSandboxConfig);
34     static std::vector<nlohmann::json> &GetJsonConfig();
35     static int32_t SetAppSandboxProperty(AppSpawnClient *client);
36     static int32_t SetAppSandboxPropertyNweb(AppSpawnClient *client);
37     static uint32_t GetSandboxNsFlags(bool isNweb);
38     static std::set<std::string> GetMountPermissionNames();
39     typedef struct {
40         unsigned long mountFlags;
41         const char *optionsPoint;
42         const char *fsTypePoint;
43         std::string fsType;
44         std::string sandboxPath;
45     } SandboxMountConfig;
46 
47 private:
48     static int32_t DoAppSandboxMountOnce(const char *originPath, const char *destinationPath,
49                                          const char *fsType, unsigned long mountFlags,
50                                          const char *options, mode_t mountSharedFlag = MS_SLAVE);
51     static int32_t DoSandboxFileCommonBind(const ClientSocket::AppProperty *appProperty, nlohmann::json &wholeConfig);
52     static int32_t DoSandboxFileCommonSymlink(const ClientSocket::AppProperty *appProperty,
53                                               nlohmann::json &wholeConfig);
54     static int32_t DoSandboxFilePrivateBind(const ClientSocket::AppProperty *appProperty, nlohmann::json &wholeConfig);
55     static int32_t DoSandboxFilePrivateSymlink(const ClientSocket::AppProperty *appProperty,
56                                                nlohmann::json &wholeConfig);
57     static int32_t DoSandboxFilePrivateFlagsPointHandle(const ClientSocket::AppProperty *appProperty,
58                                                         nlohmann::json &wholeConfig);
59     static int32_t DoSandboxFileCommonFlagsPointHandle(const ClientSocket::AppProperty *appProperty,
60                                                        nlohmann::json &wholeConfig);
61     static int32_t HandleFlagsPoint(const ClientSocket::AppProperty *appProperty,
62                                            nlohmann::json &wholeConfig);
63     static int32_t SetPrivateAppSandboxProperty(const ClientSocket::AppProperty *appProperty);
64     static int32_t SetCommonAppSandboxProperty(const ClientSocket::AppProperty *appProperty,
65                                                       std::string &sandboxPackagePath);
66     static int32_t MountAllHsp(const ClientSocket::AppProperty *appProperty, std::string &sandboxPackagePath);
67     static int32_t MountAllGroup(const ClientSocket::AppProperty *appProperty, std::string &sandboxPackagePath);
68     static int32_t DoSandboxRootFolderCreateAdapt(std::string &sandboxPackagePath);
69     static int32_t DoSandboxRootFolderCreate(const ClientSocket::AppProperty *appProperty,
70                                              std::string &sandboxPackagePath);
71     static void DoSandboxChmod(nlohmann::json jsonConfig, std::string &sandboxRoot);
72     static int DoAllMntPointsMount(const ClientSocket::AppProperty *appProperty,
73         nlohmann::json &appConfig, const std::string &section = "app-base");
74     static int DoAllSymlinkPointslink(const ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig);
75     static std::string ConvertToRealPath(const ClientSocket::AppProperty *appProperty, std::string sandboxRoot);
76     static std::string ConvertToRealPathWithPermission(const ClientSocket::AppProperty *appProperty,
77                                                        std::string sandboxRoot);
78     static std::string GetSbxPathByConfig(const ClientSocket::AppProperty *appProperty, nlohmann::json &config);
79     static bool CheckTotalSandboxSwitchStatus(const ClientSocket::AppProperty *appProperty);
80     static bool CheckAppSandboxSwitchStatus(const ClientSocket::AppProperty *appProperty);
81     static bool CheckBundleNameForPrivate(const std::string &bundleName);
82     static bool GetSbxSwitchStatusByConfig(nlohmann::json &config);
83     static unsigned long GetMountFlagsFromConfig(const std::vector<std::string> &vec);
84     static int32_t SetCommonAppSandboxProperty_(const ClientSocket::AppProperty *appProperty,
85                                                 nlohmann::json &config);
86     static int32_t SetPrivateAppSandboxProperty_(const ClientSocket::AppProperty *appProperty,
87                                                  nlohmann::json &config);
88     static int32_t SetRenderSandboxProperty(const ClientSocket::AppProperty *appProperty,
89                                             std::string &sandboxPackagePath);
90     static int32_t SetRenderSandboxPropertyNweb(const ClientSocket::AppProperty *appProperty,
91                                                 std::string &sandboxPackagePath);
92     static int32_t SetOverlayAppSandboxProperty(const ClientSocket::AppProperty *appProperty,
93                                                 std::string &sandboxPackagePath);
94     static int32_t SetBundleResourceAppSandboxProperty(const ClientSocket::AppProperty *appProperty,
95                                                        std::string &sandboxPackagePath);
96     static int32_t DoSandboxFilePermissionBind(ClientSocket::AppProperty *appProperty,
97                                                nlohmann::json &wholeConfig);
98     static int32_t SetPermissionAppSandboxProperty_(ClientSocket::AppProperty *appProperty,
99                                                     nlohmann::json &config);
100     static int32_t SetPermissionAppSandboxProperty(ClientSocket::AppProperty *appProperty);
101     static int32_t DoAddGid(ClientSocket::AppProperty *appProperty, nlohmann::json &appConfig,
102                             const char* permissionName, const std::string &section);
103     static bool GetProductDeviceType();
104     static int32_t SetSandboxProperty(ClientSocket::AppProperty *appProperty, std::string &sandboxPackagePath);
105     static int32_t ChangeCurrentDir(std::string &sandboxPackagePath, const std::string &bundleName,
106                                     bool sandboxSharedStatus);
107     static int32_t GetMountPermissionFlags(const std::string permissionName);
108     static bool GetSandboxDacOverrideEnable(nlohmann::json &config);
109     static unsigned long GetSandboxMountFlags(nlohmann::json &config);
110     static const char *GetSandboxFsType(nlohmann::json &config);
111     static const char *GetSandboxOptions(nlohmann::json &config);
112     static std::string GetSandboxPath(const ClientSocket::AppProperty *appProperty, nlohmann::json &mntPoint,
113                                       const std::string &section, std::string sandboxRoot);
114     static void GetSandboxMountConfig(const std::string &section, nlohmann::json &mntPoint,
115                                          SandboxMountConfig &mountConfig);
116 private:
117     static std::vector<nlohmann::json> appSandboxConfig_;
118     static bool deviceTypeEnable_;
119 };
120 } // namespace AppSpawn
121 } // namespace OHOS
122 #endif  // SANDBOX_UTILS_H
123