• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef SANDBOX_CORE_H
17 #define SANDBOX_CORE_H
18 
19 #include <string>
20 #include <vector>
21 #include <map>
22 #include "sandbox_def.h"
23 #include "appspawn_msg.h"
24 #include "appspawn_server.h"
25 #include "appspawn_manager.h"
26 #include "sandbox_shared_mount.h"
27 #include "sandbox_common.h"
28 
29 namespace OHOS {
30 namespace AppSpawn {
31 
32 class SandboxCore {
33 public:
34     // 沙箱挂载公共处理
35     static int32_t DoAllMntPointsMount(const AppSpawningCtx *appProperty, cJSON *appConfig,
36         const char *typeName, const std::string &section = "app-base");
37     static int32_t DoAddGid(AppSpawningCtx *appProperty, cJSON *appConfig,
38                             const char* permissionName, const std::string &section);
39     static int32_t DoAllSymlinkPointslink(const AppSpawningCtx *appProperty, cJSON *appConfig);
40     static int32_t DoSandboxRootFolderCreate(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath);
41     static int32_t DoSandboxRootFolderCreateAdapt(std::string &sandboxPackagePath);
42     static int32_t HandleFlagsPoint(const AppSpawningCtx *appProperty, cJSON *appConfig);
43     static int32_t SetOverlayAppSandboxProperty(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath);
44     static int32_t SetBundleResourceAppSandboxProperty(const AppSpawningCtx *appProperty,
45                                                        std::string &sandboxPackagePath);
46     static bool NeedNetworkIsolated(AppSpawningCtx *property);
47 
48     // 处理应用沙箱挂载
49     static int32_t SetCommonAppSandboxProperty(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath);
50     static int32_t SetPrivateAppSandboxProperty(const AppSpawningCtx *appProperty);
51     static int32_t SetPermissionAppSandboxProperty(AppSpawningCtx *appProperty);
52     static int32_t SetSandboxProperty(AppSpawningCtx *appProperty, std::string &sandboxPackagePath);
53     static int32_t SetAppSandboxProperty(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags = CLONE_NEWNS);
54 
55     static int32_t SetRenderSandboxPropertyNweb(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath);
56     static int32_t SetAppSandboxPropertyNweb(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags = CLONE_NEWNS);
57 
58     // 沙箱目录切根
59     static int32_t ChangeCurrentDir(std::string &sandboxPackagePath, const std::string &bundleName,
60                                     bool sandboxSharedStatus);
61 
62     // 设置DEC规则
63     static int32_t SetDecWithDir(const AppSpawningCtx *appProperty, uint32_t userId);
64     static int32_t SetDecPolicyWithPermission(const AppSpawningCtx *appProperty, SandboxMountConfig &mountConfig);
65     static void SetDecDenyWithDir(const AppSpawningCtx *appProperty);
66 
67     // debug hap
68     static int32_t UninstallDebugSandbox(AppSpawnMgr *content, AppSpawningCtx *property);
69     static int32_t InstallDebugSandbox(AppSpawnMgr *content, AppSpawningCtx *property);
70 
71 private:
72     // 获取应用信息
73     static int EnableSandboxNamespace(AppSpawningCtx *appProperty, uint32_t sandboxNsFlags);
74     static uint32_t GetAppMsgFlags(const AppSpawningCtx *property);
75     static bool CheckMountFlag(const AppSpawningCtx *appProperty, const std::string bundleName,
76                                cJSON *appConfig);
77     static void UpdateMsgFlagsWithPermission(AppSpawningCtx *appProperty, const std::string &permissionMode,
78                                              uint32_t flag);
79     static int32_t UpdatePointFlags(AppSpawningCtx *appProperty);
80     static std::string GetSandboxPath(const AppSpawningCtx *appProperty, cJSON *mntPoint,
81                                       const std::string &section, std::string sandboxRoot);
82 
83     // 解析挂载信息公共函数
84     static cJSON *GetFirstCommonConfig(cJSON *wholeConfig, const char *prefix);
85     static cJSON *GetFirstSubConfig(cJSON *parent, const char *key);
86 
87     // 处理dlpmanager挂载
88     static int32_t DoDlpAppMountStrategy(const AppSpawningCtx *appProperty, const std::string &srcPath,
89         const std::string &sandboxPath, const std::string &fsType, unsigned long mountFlags);
90     static int32_t HandleSpecialAppMount(const AppSpawningCtx *appProperty, const std::string &srcPath,
91         const std::string &sandboxPath, const std::string &fsType, unsigned long mountFlags);
92 
93     // 处理应用私有挂载
94     static cJSON *GetPrivateJsonInfo(const AppSpawningCtx *appProperty, cJSON *wholeConfig);
95     static int32_t DoSandboxFilePrivateBind(const AppSpawningCtx *appProperty, cJSON *wholeConfig);
96     static int32_t DoSandboxFilePrivateSymlink(const AppSpawningCtx *appProperty, cJSON *wholeConfig);
97     static int32_t DoSandboxFilePrivateFlagsPointHandle(const AppSpawningCtx *appProperty, cJSON *wholeConfig);
98     static int32_t SetPrivateAppSandboxProperty_(const AppSpawningCtx *appProperty, cJSON *config);
99 
100     // 处理应用基于权限挂载
101     static int32_t DoSandboxFilePermissionBind(AppSpawningCtx *appProperty, cJSON *wholeConfig);
102     static int32_t SetPermissionAppSandboxProperty_(AppSpawningCtx *appProperty, cJSON *config);
103 
104     // 处理应用公共挂载
105     static int32_t DoSandboxFileCommonBind(const AppSpawningCtx *appProperty, cJSON *wholeConfig);
106     static int32_t DoSandboxFileCommonSymlink(const AppSpawningCtx *appProperty, cJSON *wholeConfig);
107     static int32_t DoSandboxFileCommonFlagsPointHandle(const AppSpawningCtx *appProperty, cJSON *wholeConfig);
108     static int32_t SetCommonAppSandboxProperty_(const AppSpawningCtx *appProperty, cJSON *config);
109 
110     // 处理可变参数的挂载
111     static int32_t MountAllHsp(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath, cJSON *hspRoot);
112     static int32_t MountAllGroup(const AppSpawningCtx *appProperty, std::string &sandboxPackagePath);
113 
114     // 沙箱回调函数
115     static int32_t ProcessMountPoint(cJSON *mntPoint, MountPointProcessParams &params);
116 
117     // debug hap
118     static std::string ConvertDebugRealPath(const AppSpawningCtx *appProperty, std::string path);
119     static void DoUninstallDebugSandbox(std::vector<std::string> &bundleList, cJSON *mountPoints);
120     static int32_t GetPackageList(AppSpawningCtx *property, std::vector<std::string> &bundleList, bool tmp);
121 
122     static int32_t DoMountDebugPoints(const AppSpawningCtx *appProperty, cJSON *appConfig);
123     static int32_t MountDebugSharefs(const AppSpawningCtx *property, const char *src, const char *target);
124 
125     // 处理拥有沙箱权限应用的挂载
126     static void GetSpecialMountCondition(bool &isPreInstalled, bool &isHaveSandBoxPermission,
127                                          const AppSpawningCtx *appProperty);
128     static int32_t MountNonShellPreInstallHap(const AppSpawningCtx *appProperty, cJSON *item);
129     static int32_t MountShellPreInstallHap(const AppSpawningCtx *appProperty, cJSON *item);
130 };
131 
132 } // namespace AppSpawn
133 } // namespace OHOS
134 
135 #endif // SANDBOX_CORE_H
136