From f8e526b8b7884eb97968f34d6d28b8b3e637e4bb Mon Sep 17 00:00:00 2001
From: zhangkaixiang <zhangkaixiang5@huawei.com>
Date: Sat, 19 Aug 2023 11:32:57 +0800
Subject: [PATCH] add sandbox helper native library

Signed-off-by: zhangkaixiang <zhangkaixiang5@huawei.com>
Change-Id: I20df2b10a9ed26d86ab913ca4fb3fd2d76cf33f3
---
 bundle.json                                   |  9 +++
 interfaces/innerkits/native/BUILD.gn          | 32 ++++++++
 .../native/file_share/src/file_share.cpp      | 74 ++++++++++---------
 3 files changed, 80 insertions(+), 35 deletions(-)

diff --git a/bundle.json b/bundle.json
index 4d5f39cdc..24ea4291b 100644
--- a/bundle.json
+++ b/bundle.json
@@ -93,6 +93,15 @@
                         "header_base": "//foundation/filemanagement/app_file_service/interfaces/innerkits/native/remote_file_share/include"
                     }
                 },
+                {
+                    "name": "//foundation/filemanagement/app_file_service/interfaces/innerkits/native:sandbox_helper_native",
+                    "header": {
+                        "header_files": [
+                            "sandbox_helper.h"
+                        ],
+                        "header_base": "//foundation/filemanagement/app_file_service/interfaces/common/include"
+                    }
+                },
                 {
                     "name": "//foundation/filemanagement/app_file_service/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner",
                     "header": {
diff --git a/interfaces/innerkits/native/BUILD.gn b/interfaces/innerkits/native/BUILD.gn
index 25f54d03c..fed5cfc18 100644
--- a/interfaces/innerkits/native/BUILD.gn
+++ b/interfaces/innerkits/native/BUILD.gn
@@ -118,11 +118,43 @@ ohos_shared_library("remote_file_share_native") {
   subsystem_name = "filemanagement"
 }
 
+config("sandbox_helper_config") {
+  visibility = [ ":*" ]
+  include_dirs = [
+    "include",
+    "${utils_system_safwk_path}/native/include",
+    "//third_party/json/include",
+    "${path_base}/include",
+    "../../common/include",
+    ".",
+  ]
+}
+
+ohos_shared_library("sandbox_helper_native") {
+  sources = [
+    "../../common/src/json_utils.cpp",
+    "../../common/src/sandbox_helper.cpp",
+  ]
+
+  public_configs = [ ":sandbox_helper_config" ]
+
+  external_deps = [
+    "ability_base:zuri",
+    "c_utils:utils",
+    "hilog:libhilog",
+  ]
+
+  innerapi_tags = [ "platformsdk_indirect" ]
+  part_name = "app_file_service"
+  subsystem_name = "filemanagement"
+}
+
 group("app_file_service_native") {
   deps = [
     ":fileshare_native",
     ":fileuri_native",
     ":remote_file_share_native",
+    ":sandbox_helper_native",
   ]
 }
 
diff --git a/interfaces/innerkits/native/file_share/src/file_share.cpp b/interfaces/innerkits/native/file_share/src/file_share.cpp
index 6a2e98b85..f59856995 100644
--- a/interfaces/innerkits/native/file_share/src/file_share.cpp
+++ b/interfaces/innerkits/native/file_share/src/file_share.cpp
@@ -34,6 +34,7 @@ namespace AppFileService {
 #define FILE_MODE (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP)
 #define READ_URI_PERMISSION OHOS::AAFwk::Want::FLAG_AUTH_READ_URI_PERMISSION
 #define WRITE_URI_PERMISSION OHOS::AAFwk::Want::FLAG_AUTH_WRITE_URI_PERMISSION
+#define PERSISTABLE_URI_PERMISSION OHOS::AAFwk::Want::FLAG_AUTH_PERSISTABLE_URI_PERMISSION
 
 enum ShareFileType {
     DIR_TYPE = 0,
@@ -132,7 +133,7 @@ static int32_t GetFileShareInfo(const string &uri, uint32_t tokenId, uint32_t fl
 {
     int32_t ret = 0;
     ret = GetTargetInfo(tokenId, info.targetBundleName_, info.currentUid_);
-    if (ret != 0) {
+    if (ret != 0 || info.currentUid_ == "0") {
         LOGE("Failed to get target info %{public}d", ret);
         return ret;
     }
@@ -188,13 +189,47 @@ static void DeleteExistShareFile(const string &path)
     }
 }
 
-static int32_t PreparePreShareDir(FileShareInfo &info)
+static void DelSharePath(const string &delPath)
+{
+    if (!SandboxHelper::CheckValidPath(delPath)) {
+        LOGE("DelSharePath, umount path is invalid, path = %{private}s", delPath.c_str());
+        return;
+    }
+
+    if (access(delPath.c_str(), F_OK) == 0) {
+        if (umount2(delPath.c_str(), MNT_DETACH) != 0) {
+            LOGE("DelSharePath, umount failed with %{public}d", errno);
+        }
+        remove(delPath.c_str());
+    }
+}
+
+static void UmountDelUris(vector<string> sharePathList, string currentUid, string bundleNameSelf)
+{
+    string delPathPrefix = DATA_APP_EL2_PATH + currentUid + SHARE_PATH + bundleNameSelf;
+    for (size_t i = 0; i < sharePathList.size(); i++) {
+        Uri uri(SandboxHelper::Decode(sharePathList[i]));
+        string path = uri.GetPath();
+        string bundleName = uri.GetAuthority();
+
+        string delRPath = delPathPrefix + SHARE_R_PATH + bundleName + path;
+        DelSharePath(delRPath);
+
+        string delRWPath = delPathPrefix + SHARE_RW_PATH + bundleName + path;
+        DelSharePath(delRWPath);
+    }
+}
+
+static int32_t PreparePreShareDir(FileShareInfo &info, const string &uri)
 {
     if (!SandboxHelper::CheckValidPath(info.providerLowerPath_)) {
         LOGE("Invalid share path with %{private}s", info.providerLowerPath_.c_str());
         return -EINVAL;
     }
 
+    vector<string> sharePathList{ uri };
+    UmountDelUris(sharePathList, info.currentUid_, info.targetBundleName_);
+
     for (size_t i = 0; i < info.sharePath_.size(); i++) {
         if (access(info.sharePath_[i].c_str(), F_OK) != 0) {
             string sharePathDir = info.sharePath_[i];
@@ -218,12 +253,12 @@ int32_t CreateShareFile(const string &uri, uint32_t tokenId, uint32_t flag)
     LOGD("CreateShareFile begin with uri %{private}s decodeUri %{private}s",
          uri.c_str(), decodeUri.c_str());
     int32_t ret = GetFileShareInfo(decodeUri, tokenId, flag, info);
-    if (ret != 0) {
+    if (ret != 0 || info.currentUid_ == "0" || (flag & PERSISTABLE_URI_PERMISSION) != 0) {
         LOGE("Failed to get FileShareInfo with %{public}d", ret);
         return ret;
     }
 
-    if ((ret = PreparePreShareDir(info)) != 0) {
+    if ((ret = PreparePreShareDir(info, uri)) != 0) {
         LOGE("PreparePreShareDir failed");
         return ret;
     }
@@ -250,37 +285,6 @@ int32_t CreateShareFile(const string &uri, uint32_t tokenId, uint32_t flag)
     return 0;
 }
 
-static void DelSharePath(const string &delPath)
-{
-    if (!SandboxHelper::CheckValidPath(delPath)) {
-        LOGE("DelSharePath, umount path is invalid, path = %{private}s", delPath.c_str());
-        return;
-    }
-
-    if (access(delPath.c_str(), F_OK) == 0) {
-        if (umount2(delPath.c_str(), MNT_DETACH) != 0) {
-            LOGE("DelSharePath, umount failed with %{public}d", errno);
-        }
-        remove(delPath.c_str());
-    }
-}
-
-static void UmountDelUris(vector<string> sharePathList, string currentUid, string bundleNameSelf)
-{
-    string delPathPrefix = DATA_APP_EL2_PATH + currentUid + SHARE_PATH + bundleNameSelf;
-    for (size_t i = 0; i < sharePathList.size(); i++) {
-        Uri uri(SandboxHelper::Decode(sharePathList[i]));
-        string path = uri.GetPath();
-        string bundleName = uri.GetAuthority();
-
-        string delRPath = delPathPrefix + SHARE_R_PATH + bundleName + path;
-        DelSharePath(delRPath);
-
-        string delRWPath = delPathPrefix + SHARE_RW_PATH + bundleName + path;
-        DelSharePath(delRWPath);
-    }
-}
-
 int32_t DeleteShareFile(uint32_t tokenId, vector<string> sharePathList)
 {
     string bundleName, currentUid;
-- 
Gitee