• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include "nwebspawn_lancher.h"
16 #include "appspawn_server.h"
17 #ifdef CODE_SIGNATURE_ENABLE
18 #include "code_sign_attr_utils.h"
19 #endif
20 
21 #define NWEB_UID 3081
22 #define NWEB_GID 3081
23 #define NWEB_NAME "nwebspawn"
24 #define CAP_NUM 2
25 #define BITLEN32 32
26 
27 int g_nwebspawnpid = 0;
NwebSpawnLanch()28 pid_t NwebSpawnLanch()
29 {
30     pid_t ret = fork();
31     if (ret == 0) {
32 #ifdef CODE_SIGNATURE_ENABLE
33         // ownerId must been set before setcon & setuid
34         (void)SetXpmOwnerId(PROCESS_OWNERID_EXTEND, NULL);
35 #endif
36         setcon("u:r:nwebspawn:s0");
37         pid_t pid = getpid();
38         setpriority(PRIO_PROCESS, pid, 0);
39         struct  __user_cap_header_struct capHeader;
40         capHeader.version = _LINUX_CAPABILITY_VERSION_3;
41         capHeader.pid = 0;
42         const uint64_t inheriTable = 0x2000c0;
43         const uint64_t permitted = 0x2000c0;
44         const uint64_t effective = 0x2000c0;
45         struct __user_cap_data_struct capData[CAP_NUM] = {};
46         for (int j = 0; j < CAP_NUM; ++j) {
47             capData[0].inheritable = (__u32)(inheriTable);
48             capData[1].inheritable = (__u32)(inheriTable >> BITLEN32);
49             capData[0].permitted = (__u32)(permitted);
50             capData[1].permitted = (__u32)(permitted >> BITLEN32);
51             capData[0].effective = (__u32)(effective);
52             capData[1].effective = (__u32)(effective >> BITLEN32);
53         }
54         capset(&capHeader, capData);
55 
56         for (int i = 0; i <= CAP_LAST_CAP; ++i) {
57             prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, i, 0, 0);
58         }
59         (void)prctl(PR_SET_NAME, NWEB_NAME);
60         setuid(NWEB_UID);
61         setgid(NWEB_GID);
62         APPSPAWN_LOGI("nwebspawn fork success");
63     } else {
64         g_nwebspawnpid = ret;
65     }
66     return ret;
67 }