1 /* 2 * Copyright (C) 2025 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef SANDBOX_DEC_H 17 #define SANDBOX_DEC_H 18 19 #include <sys/ioctl.h> 20 #include <stdint.h> 21 #include <stdbool.h> 22 #include <stdio.h> 23 #include <stdlib.h> 24 #include "appspawn_hook.h" 25 26 #ifdef __cplusplus 27 #if __cplusplus 28 extern "C" { 29 #endif 30 #endif 31 32 #define DEV_DEC_MINOR 0x25 33 #define HM_DEC_IOCTL_BASE 's' 34 #define HM_SET_POLICY_ID 1 35 #define HM_DEL_POLICY_ID 2 36 #define HM_QUERY_POLICY_ID 3 37 #define HM_CHECK_POLICY_ID 4 38 #define HM_DESTORY_POLICY_ID 5 39 #define HM_CONSTRAINT_POLICY_ID 6 40 #define HM_DENY_POLICY_ID 7 41 #define HM_SET_PREFIX_ID 8 42 43 #define SET_DEC_POLICY_CMD _IOWR(HM_DEC_IOCTL_BASE, HM_SET_POLICY_ID, DecPolicyInfo) 44 #define DEL_DEC_POLICY_CMD _IOWR(HM_DEC_IOCTL_BASE, HM_DEL_POLICY_ID, DecPolicyInfo) // 忽略flag和mode 45 #define CHECK_DEC_POLICY_CMD _IOWR(HM_DEC_IOCTL_BASE, HM_CHECK_POLICY_ID, DecPolicyInfo) // 忽略flag 46 #define DESTORY_DEC_POLICY_CMD _IOW(HM_DEC_IOCTL_BASE, HM_DESTORY_POLICY_ID, uint64_t) 47 #define CONSTRAINT_DEC_POLICY_CMD _IOW(HM_DEC_IOCTL_BASE, HM_CONSTRAINT_POLICY_ID, DecPolicyInfo) 48 #define DENY_DEC_POLICY_CMD _IOWR(HM_DEC_IOCTL_BASE, HM_DENY_POLICY_ID, DecPolicyInfo) // 忽略tokenid/flag/mode 49 #define SET_DEC_PREFIX_CMD _IOWR(HM_DEC_IOCTL_BASE, HM_SET_PREFIX_ID, DecPolicyInfo) 50 51 #define MAX_POLICY_NUM 8 52 #define SANDBOX_MODE_READ 0x00000001 53 #define SANDBOX_MODE_WRITE (SANDBOX_MODE_READ << 1) 54 #define DEC_MODE_DENY_INHERIT (1 << 9) 55 56 #define DEC_POLICY_HEADER_RESERVED 64 57 58 typedef struct PathInfo { 59 char *path; 60 uint32_t pathLen; 61 uint32_t mode; 62 bool flag; 63 } PathInfo; 64 65 typedef struct DecPolicyInfo { 66 uint64_t tokenId; 67 uint64_t timestamp; 68 PathInfo path[MAX_POLICY_NUM]; 69 uint32_t pathNum; 70 int32_t userId; 71 uint64_t reserved[DEC_POLICY_HEADER_RESERVED]; 72 bool flag; 73 } DecPolicyInfo; 74 75 typedef struct DecDenyPathTemplate { 76 const char *permission; 77 const char *decPath; 78 } DecDenyPathTemplate; 79 80 void SetDecPolicyInfos(DecPolicyInfo *decPolicyInfos); 81 void DestroyDecPolicyInfos(DecPolicyInfo *decPolicyInfos); 82 void SetDecPolicy(void); 83 84 #ifdef __cplusplus 85 #if __cplusplus 86 } 87 #endif 88 #endif 89 #endif 90