1 /* 2 * Copyright (C) 2025 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef SANDBOX_DEF_H 17 #define SANDBOX_DEF_H 18 19 #include <string> 20 #include <sys/mount.h> 21 #include <sys/stat.h> 22 #include <sys/syscall.h> 23 24 namespace OHOS { 25 namespace AppSpawn { 26 namespace SandboxCommonDef { 27 // 全局常量定义 28 constexpr int32_t OPTIONS_MAX_LEN = 256; 29 constexpr int32_t FILE_ACCESS_COMMON_DIR_STATUS = 0; 30 constexpr int32_t FILE_CROSS_APP_STATUS = 1; 31 constexpr static mode_t FILE_MODE = 0711; 32 constexpr static mode_t BASIC_MOUNT_FLAGS = MS_REC | MS_BIND; 33 constexpr int32_t MAX_MOUNT_TIME = 500; // 500us 34 constexpr int32_t LOCK_STATUS_SIZE = 16; 35 36 // 沙盒配置文件 37 const std::string APP_JSON_CONFIG = "/appdata-sandbox.json"; 38 const std::string APP_ISOLATED_JSON_CONFIG = "/appdata-sandbox-isolated.json"; 39 40 /* 沙盒配置文件中关键字 */ 41 // 公共属性 42 constexpr const char *g_sandboxRootPrefix = "sandbox-root"; 43 constexpr const char *g_sandBoxNsFlags = "sandbox-ns-flags"; 44 constexpr const char *g_topSandBoxSwitchPrefix = "top-sandbox-switch"; 45 constexpr const char *g_sandBoxSwitchPrefix = "sandbox-switch"; 46 const std::string g_ohosGpu = "__internal__.com.ohos.gpu"; 47 const std::string g_ohosRender = "__internal__.com.ohos.render"; 48 constexpr const char *g_commonPrefix = "common"; 49 constexpr const char *g_privatePrefix = "individual"; 50 constexpr const char *g_permissionPrefix = "permission"; 51 constexpr const char *g_appBase = "app-base"; 52 constexpr const char *g_appResources = "app-resources"; 53 constexpr const char *g_flagePoint = "flags-point"; 54 const std::string g_internal = "__internal__"; 55 const std::string g_mntTmpRoot = "/mnt/debugtmp/"; 56 const std::string g_mntShareRoot = "/mnt/debug/"; 57 const std::string g_sandboxRootPathTemplate = "/mnt/sandbox/<currentUserId>/<PackageName>"; 58 const std::string g_originSandboxPath = "/mnt/sandbox/<PackageName>"; 59 60 // 挂载目录字段 61 constexpr const char *g_mountPrefix = "mount-paths"; 62 constexpr const char *g_srcPath = "src-path"; 63 constexpr const char *g_sandBoxPath = "sandbox-path"; 64 constexpr const char *g_sandBoxFlags = "sandbox-flags"; 65 constexpr const char *g_fsType = "fs-type"; 66 constexpr const char *g_sandBoxOptions = "options"; 67 constexpr const char *g_actionStatuc = "check-action-status"; 68 constexpr const char *g_destMode = "dest-mode"; 69 constexpr const char *g_flags = "flags"; 70 71 // 挂载可选属性 72 constexpr const char *g_sandBoxShared = "sandbox-shared"; 73 constexpr const char *g_mountSharedFlag = "mount-shared-flag"; 74 constexpr const char *g_dacOverrideSensitive = "dac-override-sensitive"; 75 constexpr const char *g_sandBoxFlagsCustomized = "sandbox-flags-customized"; 76 constexpr const char *g_appAplName = "app-apl-name"; 77 constexpr const char *g_sandBoxDecPath = "dec-paths"; 78 constexpr const char *CREATE_SANDBOX_PATH = "create-sandbox-path"; 79 80 // link目录字段 81 constexpr const char *g_symlinkPrefix = "symbol-links"; 82 constexpr const char *g_targetName = "target-name"; 83 constexpr const char *g_linkName = "link-name"; 84 85 constexpr const char *g_gidPrefix = "gids"; 86 87 // 可变参数 88 const std::string g_userId = "<currentUserId>"; 89 const std::string g_permissionUserId = "<permissionUserId>"; 90 const std::string g_permissionUser = "<permissionUser>"; 91 const std::string g_packageName = "<PackageName>"; 92 const std::string g_packageNameIndex = "<PackageName_index>"; 93 const std::string g_variablePackageName = "<variablePackageName>"; 94 const std::string g_clonePackageName = "<clonePackageName>"; 95 const std::string g_arkWebPackageName = "<arkWebPackageName>"; 96 const std::string g_hostUserId = "<hostUserId>"; 97 const std::string g_devModel = "<devModel>"; 98 99 /* HSP */ 100 const std::string HSPLIST_SOCKET_TYPE = "HspList"; 101 const std::string g_hspList_key_bundles = "bundles"; 102 const std::string g_hspList_key_modules = "modules"; 103 const std::string g_hspList_key_versions = "versions"; 104 const std::string g_sandboxHspInstallPath = "/data/storage/el1/bundle/"; 105 106 /* DataGroup */ 107 const std::string DATA_GROUP_SOCKET_TYPE = "DataGroup"; 108 const std::string g_groupList_key_dataGroupId = "dataGroupId"; 109 const std::string g_groupList_key_gid = "gid"; 110 const std::string g_groupList_key_dir = "dir"; 111 const std::string g_groupList_key_uuid = "uuid"; 112 113 /* Overlay */ 114 const std::string OVERLAY_SOCKET_TYPE = "Overlay"; 115 const std::string g_overlayPath = "/data/storage/overlay/"; 116 117 /* system hap */ 118 const std::string APL_SYSTEM_CORE = "system_core"; 119 const std::string APL_SYSTEM_BASIC = "system_basic"; 120 const std::string g_physicalAppInstallPath = "/data/app/el1/bundle/public/"; 121 const std::string g_dataBundles = "/data/bundles/"; 122 123 /* bundle resource with APP_FLAGS_BUNDLE_RESOURCES */ 124 const std::string g_bundleResourceSrcPath = "/data/service/el1/public/bms/bundle_resources/"; 125 const std::string g_bundleResourceDestPath = "/data/storage/bundle_resources/"; 126 127 /* 配置文件中value校验值 */ 128 const std::string g_sandBoxRootDir = "/mnt/sandbox/"; 129 const std::string g_sandBoxRootDirNweb = "/mnt/sandbox/com.ohos.render/"; 130 const std::string DEV_SHM_DIR = "/dev/shm/"; 131 const std::string g_statusCheck = "true"; 132 const std::string g_sbxSwitchCheck = "ON"; 133 const std::string g_dlpBundleName = "com.ohos.dlpmanager"; 134 135 /* debug hap */ 136 constexpr const char *g_mntTmpSandboxRoot = "/mnt/debugtmp/<currentUserId>/debug_hap/<variablePackageName>"; 137 constexpr const char *g_mntShareSandboxRoot = "/mnt/debug/<currentUserId>/debug_hap/<variablePackageName>"; 138 constexpr const char *g_debughap = "debug"; 139 140 /* 分割符 */ 141 constexpr const char *g_fileSeparator = "/"; 142 constexpr const char *g_overlayDecollator = "|"; 143 144 /* 权限名 */ 145 const std::string FILE_CROSS_APP_MODE = "ohos.permission.FILE_CROSS_APP"; 146 const std::string FILE_ACCESS_COMMON_DIR_MODE = "ohos.permission.FILE_ACCESS_COMMON_DIR"; 147 const std::string ACCESS_DLP_FILE_MODE = "ohos.permission.ACCESS_DLP_FILE"; 148 const std::string FILE_ACCESS_MANAGER_MODE = "ohos.permission.FILE_ACCESS_MANAGER"; 149 const std::string READ_WRITE_USER_FILE_MODE = "ohos.permission.READ_WRITE_USER_FILE"; 150 const std::string GET_ALL_PROCESSES_MODE = "ohos.permission.GET_ALL_PROCESSES"; 151 const std::string APP_ALLOW_IOURING = "ohos.permission.ALLOW_IOURING"; 152 const std::string ARK_WEB_PERSIST_PACKAGE_NAME = "persist.arkwebcore.package_name"; 153 154 /* 系统参数 */ 155 const std::string DEVICE_MODEL_NAME_PARAM = "const.cust.devmodel"; 156 157 // 枚举类型 158 enum SandboxConfigType { 159 SANDBOX_APP_JSON_CONFIG, 160 SANDBOX_ISOLATED_JSON_CONFIG 161 }; 162 163 } // namespace SandboxCommonDef 164 } // namespace AppSpawn 165 } // namespace OHOS 166 167 #endif // SANDBOX_DEF_H