diff --git a/interfaces/innerkits/client/BUILD.gn b/interfaces/innerkits/client/BUILD.gn index 7af0658db4af9a2e10f85c32ae9f3df60578c609..dbbc9c09b2c0df7be3754fad0e7d78a165ab3f31 100644 --- a/interfaces/innerkits/client/BUILD.gn +++ b/interfaces/innerkits/client/BUILD.gn @@ -23,7 +23,7 @@ if (!defined(ohos_lite)) { ohos_shared_library("appspawn_client") { branch_protector_ret = "pac_ret" sources = [ - "${appspawn_path}/modules/sandbox/appspawn_permission.c", + # "${appspawn_path}/modules/sandbox/appspawn_permission.c", "../permission/appspawn_mount_permission.c", "appspawn_client.c", "appspawn_msg.c", @@ -45,6 +45,9 @@ if (!defined(ohos_lite)) { if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) { defines += [ "APPSPAWN_SANDBOX_NEW" ] + sources += [ "${appspawn_path}/modules/sandbox/modern/sandbox_modern_permission.c" ] + } else { + sources += [ "${appspawn_path}/modules/sandbox/normal/sandbox_normal_permission.c" ] } if (is_asan) { defines += [ "APPSPAWN_ASAN" ] diff --git a/interfaces/innerkits/permission/appspawn_mount_permission.c b/interfaces/innerkits/permission/appspawn_mount_permission.c index ed04c48c118e65ad03e0f72900d68fe458cd8ecb..739c1c9e2e6569173df050a314d5952ed0d9a0cb 100644 --- a/interfaces/innerkits/permission/appspawn_mount_permission.c +++ b/interfaces/innerkits/permission/appspawn_mount_permission.c @@ -15,9 +15,11 @@ #include #include -#ifndef APPSPAWN_CLIENT -#include "appspawn_sandbox.h" -#endif +// #ifndef APPSPAWN_CLIENT +// // #include "appspawn_sandbox.h" +// #include "sandbox_common_def.h" +// #endif + #include "appspawn_client.h" #include "appspawn_mount_permission.h" #include "appspawn_msg.h" diff --git a/interfaces/innerkits/permission/appspawn_mount_permission.h b/interfaces/innerkits/permission/appspawn_mount_permission.h index ae09a292b92163249dd4f4d1c12c130620afd45d..a7be388e4d223060c8f007a7eac2d157bc35fb43 100644 --- a/interfaces/innerkits/permission/appspawn_mount_permission.h +++ b/interfaces/innerkits/permission/appspawn_mount_permission.h @@ -25,22 +25,22 @@ extern "C" { #endif -#ifdef APPSPAWN_CLIENT -typedef struct TagSandboxQueue { - struct ListNode front; - uint32_t type; -} SandboxQueue; - -typedef struct { - struct ListNode node; -} SandboxMountNode; - -typedef struct TagPermissionNode { - SandboxMountNode sandboxNode; - uint32_t permissionIndex; - char name[0]; -} SandboxPermissionNode; -#endif +// #ifdef APPSPAWN_CLIENT +// typedef struct TagSandboxQueue { +// struct ListNode front; +// uint32_t type; +// } SandboxQueue; + +// typedef struct { +// struct ListNode node; +// } SandboxMountNode; + +// typedef struct TagPermissionNode { +// SandboxMountNode sandboxNode; +// uint32_t permissionIndex; +// char name[0]; +// } SandboxPermissionNode; +// #endif #ifdef APPSPAWN_CLIENT #define PERMISSION_NAME(node) (node) == NULL ? NULL : (node)->name diff --git a/modules/sandbox/appspawn_permission.c b/modules/sandbox/appspawn_permission.c index 4d130f36841a3eb15bd288ff4732083a79ec11a9..b54e4b837ca0dc183f8d9c35185f3d079b59955a 100644 --- a/modules/sandbox/appspawn_permission.c +++ b/modules/sandbox/appspawn_permission.c @@ -16,7 +16,8 @@ #ifdef APPSPAWN_CLIENT #include "appspawn_mount_permission.h" #else -#include "appspawn_sandbox.h" +// #include "appspawn_sandbox.h" +#include "sandbox_common_def.h" #endif #include "appspawn_msg.h" #include "appspawn_utils.h" diff --git a/modules/sandbox/appspawn_permission.h b/modules/sandbox/appspawn_permission.h index aacd5866e3d5f3d94a36db7aa55699f85131c248..d62802a7ae0202cb711bce205fddd417a14ecaec 100644 --- a/modules/sandbox/appspawn_permission.h +++ b/modules/sandbox/appspawn_permission.h @@ -18,6 +18,7 @@ #include #include #include +#include "sandbox_common_def.h" #include "list.h" @@ -25,16 +26,16 @@ extern "C" { #endif -#ifdef APPSPAWN_SANDBOX_NEW -#define APP_SANDBOX_FILE_NAME "/appdata-sandbox-app.json" -#else -#define APP_SANDBOX_FILE_NAME "/appdata-sandbox.json" -#endif +// #ifdef APPSPAWN_SANDBOX_NEW +// #define APP_SANDBOX_FILE_NAME "/appdata-sandbox-app.json" +// #else +// #define APP_SANDBOX_FILE_NAME "/appdata-sandbox.json" +// #endif -#define RENDER_SANDBOX_FILE_NAME "/appdata-sandbox-render.json" -#define GPU_SANDBOX_FILE_NAME "/appdata-sandbox-gpu.json" -#define ISOLATED_SANDBOX_FILE_NAME "/appdata-sandbox-isolated-new.json" -#define DEBUG_SANDBOX_FILE_NAME "/appdata-sandbox-debug.json" +// #define RENDER_SANDBOX_FILE_NAME "/appdata-sandbox-render.json" +// #define GPU_SANDBOX_FILE_NAME "/appdata-sandbox-gpu.json" +// #define ISOLATED_SANDBOX_FILE_NAME "/appdata-sandbox-isolated-new.json" +// #define DEBUG_SANDBOX_FILE_NAME "/appdata-sandbox-debug.json" typedef struct TagSandboxQueue SandboxQueue; typedef struct TagPermissionNode SandboxPermissionNode; diff --git a/modules/sandbox/modern/appspawn_sandbox.c b/modules/sandbox/modern/appspawn_sandbox.c index 6c5e795cdedb8539d75e129c29ce3e7e337a777b..388126685732507cc2559c13b296acf7b63a1e0e 100644 --- a/modules/sandbox/modern/appspawn_sandbox.c +++ b/modules/sandbox/modern/appspawn_sandbox.c @@ -32,6 +32,7 @@ #include "appspawn_msg.h" #include "appspawn_utils.h" +#include "sandbox_common_def.h" #ifdef WITH_DLP #include "dlp_fuse_fd.h" #endif diff --git a/modules/sandbox/modern/appspawn_sandbox.h b/modules/sandbox/modern/appspawn_sandbox.h index 74a2b2ff64adb99a4c8d093fbc2b11af4d3c82b8..d88e90be60260cc350e364b3dcb3b9e1e915dc13 100644 --- a/modules/sandbox/modern/appspawn_sandbox.h +++ b/modules/sandbox/modern/appspawn_sandbox.h @@ -100,15 +100,15 @@ typedef enum { SANDBOX_PACKAGENAME_ATOMIC_SERVICE, } SandboxVarPackageNameType; -typedef struct { - struct ListNode node; - uint32_t type; -} SandboxMountNode; +// typedef struct { +// struct ListNode node; +// uint32_t type; +// } SandboxMountNode; -typedef struct TagSandboxQueue { - struct ListNode front; - uint32_t type; -} SandboxQueue; +// typedef struct TagSandboxQueue { +// struct ListNode front; +// uint32_t type; +// } SandboxQueue; /* "create-on-demand": { @@ -180,10 +180,10 @@ typedef struct TagSandboxGroupNode { uint32_t depMounted : 1; // 是否执行了挂载 } SandboxNameGroupNode; -typedef struct TagPermissionNode { - SandboxSection section; - int32_t permissionIndex; -} SandboxPermissionNode; +// typedef struct TagPermissionNode { +// SandboxSection section; +// int32_t permissionIndex; +// } SandboxPermissionNode; typedef struct TagAppSpawnSandboxCfg { AppSpawnExtData extData; diff --git a/modules/sandbox/modern/sandbox_modern_permission.c b/modules/sandbox/modern/sandbox_modern_permission.c new file mode 100644 index 0000000000000000000000000000000000000000..bee177df6b48b85aaa91cdf9d2671bf246693f21 --- /dev/null +++ b/modules/sandbox/modern/sandbox_modern_permission.c @@ -0,0 +1,122 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "sandbox_modern_permission.h" +#include "appspawn_permission.h" + +// #include "appspawn_sandbox.h" +#include "sandbox_common_def.h" + +#include "appspawn_msg.h" +#include "appspawn_utils.h" +#include "securec.h" + +static int PermissionNodeCompareIndex(ListNode *node, void *data) +{ + SandboxPermissionNode *permissionNode = (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); + return permissionNode->permissionIndex - *(int32_t *)data; +} + +static int PermissionNodeCompareName(ListNode *node, void *data) +{ + SandboxPermissionNode *permissionNode = (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); + return strcmp(permissionNode->section.name, (char *)data); +} + +static int PermissionNodeCompareProc(ListNode *node, ListNode *newNode) +{ + SandboxPermissionNode *permissionNode = (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); + SandboxPermissionNode *newPermissionNode = (SandboxPermissionNode *)ListEntry(newNode, SandboxMountNode, node); + return strcmp(permissionNode->section.name, newPermissionNode->section.name); +} + +int AddSandboxPermissionNode(const char *name, SandboxQueue *queue) +{ + APPSPAWN_CHECK_ONLY_EXPER(name != NULL && queue != NULL, return APPSPAWN_ARG_INVALID); + APPSPAWN_LOGV("Add permission name %{public}s ", name); + if (GetPermissionNodeInQueue(queue, name) != NULL) { + APPSPAWN_LOGW("Permission name %{public}s has been exist", name); + return 0; + } + + size_t len = sizeof(SandboxPermissionNode); + SandboxPermissionNode *node = (SandboxPermissionNode *)CreateSandboxSection( + name, len, SANDBOX_TAG_PERMISSION); + APPSPAWN_CHECK(node != NULL, return APPSPAWN_SYSTEM_ERROR, "Failed to create permission node"); + node->permissionIndex = 0; + OH_ListAddWithOrder(&queue->front, &node->section.sandboxNode.node, PermissionNodeCompareProc); + return 0; +} + +int32_t DeleteSandboxPermissions(SandboxQueue *queue) +{ + APPSPAWN_CHECK_ONLY_EXPER(queue != NULL, return APPSPAWN_ARG_INVALID); + ListNode *node = queue->front.next; + while (node != &queue->front) { + SandboxMountNode *sandboxNode = (SandboxMountNode *)ListEntry(node, SandboxMountNode, node); + OH_ListRemove(&sandboxNode->node); + OH_ListInit(&sandboxNode->node); + DeleteSandboxSection((SandboxSection *)sandboxNode); + // get first + node = queue->front.next; + } + return 0; +} + +int32_t PermissionRenumber(SandboxQueue *queue) +{ + APPSPAWN_CHECK_ONLY_EXPER(queue != NULL, return -1); + ListNode *node = queue->front.next; + int index = -1; + while (node != &queue->front) { + SandboxPermissionNode *permissionNode = (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); + permissionNode->permissionIndex = ++index; + APPSPAWN_LOGV("Permission index %{public}d name %{public}s", + permissionNode->permissionIndex, permissionNode->section.name); + node = node->next; + } + return index + 1; +} + +const SandboxPermissionNode *GetPermissionNodeInQueue(const SandboxQueue *queue, const char *permission) +{ + if (queue == NULL || permission == NULL) { + return NULL; + } + ListNode *node = OH_ListFind(&queue->front, (void *)permission, PermissionNodeCompareName); + if (node == NULL) { + return NULL; + } + return (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); +} + +const SandboxPermissionNode *GetPermissionNodeInQueueByIndex(const SandboxQueue *queue, int32_t index) +{ + if (queue == NULL) { + return NULL; + } + ListNode *node = OH_ListFind(&queue->front, (void *)&index, PermissionNodeCompareIndex); + if (node == NULL) { + return NULL; + } + return (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); +} + +int32_t GetPermissionIndexInQueue(const SandboxQueue *queue, const char *permission) +{ + APPSPAWN_CHECK_ONLY_EXPER(queue != NULL && permission != NULL, return INVALID_PERMISSION_INDEX); + const SandboxPermissionNode *permissionNode = GetPermissionNodeInQueue(queue, permission); + return permissionNode == NULL ? INVALID_PERMISSION_INDEX : permissionNode->permissionIndex; +} \ No newline at end of file diff --git a/modules/sandbox/modern/sandbox_modern_permission.h b/modules/sandbox/modern/sandbox_modern_permission.h new file mode 100644 index 0000000000000000000000000000000000000000..77217f49ed1dcc208c88afa9856cdf44d1a374cc --- /dev/null +++ b/modules/sandbox/modern/sandbox_modern_permission.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SANDBOX_MODERN_PERMISSION_H +#define SANDBOX_MODERN_PERMISSION_H +#include +#include +#include + +#include "list.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define APP_SANDBOX_FILE_NAME "/appdata-sandbox-app.json" +#define RENDER_SANDBOX_FILE_NAME "/appdata-sandbox-render.json" +#define GPU_SANDBOX_FILE_NAME "/appdata-sandbox-gpu.json" +#define ISOLATED_SANDBOX_FILE_NAME "/appdata-sandbox-isolated-new.json" +#define DEBUG_SANDBOX_FILE_NAME "/appdata-sandbox-debug.json" + +// typedef struct TagSandboxQueue SandboxQueue; +// typedef struct TagPermissionNode SandboxPermissionNode; + +// int32_t AddSandboxPermissionNode(const char *name, SandboxQueue *queue); +// int32_t DeleteSandboxPermissions(SandboxQueue *queue); +// int32_t GetPermissionIndexInQueue(const SandboxQueue *queue, const char *permission); +// const SandboxPermissionNode *GetPermissionNodeInQueue(const SandboxQueue *queue, const char *permission); +// const SandboxPermissionNode *GetPermissionNodeInQueueByIndex(const SandboxQueue *queue, int32_t index); +// int32_t PermissionRenumber(SandboxQueue *queue); + +#ifdef __cplusplus +} +#endif +#endif // SANDBOX_MODERN_PERMISSION_H diff --git a/modules/sandbox/normal/sandbox_core.cpp b/modules/sandbox/normal/sandbox_core.cpp index 0959eafb09bd6c6ba8a3b285c4bc94d53f2db71f..adda2da32e2f5be8feb38f580d4beb75b3b9fe02 100644 --- a/modules/sandbox/normal/sandbox_core.cpp +++ b/modules/sandbox/normal/sandbox_core.cpp @@ -1056,8 +1056,6 @@ int32_t SandboxCore::ChangeCurrentDir(std::string &sandboxPackagePath, const std return ret; } - - static const DecDenyPathTemplate DEC_DENY_PATH_MAP[] = { {"ohos.permission.READ_WRITE_DOWNLOAD_DIRECTORY", "/storage/Users/currentUser/Download"}, {"ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", "/storage/Users/currentUser/Desktop"}, diff --git a/modules/sandbox/normal/sandbox_normal_permission.c b/modules/sandbox/normal/sandbox_normal_permission.c new file mode 100644 index 0000000000000000000000000000000000000000..b404d06e397bfcd64561cb09edced67a8a8c3054 --- /dev/null +++ b/modules/sandbox/normal/sandbox_normal_permission.c @@ -0,0 +1,71 @@ +#include "sandbox_normal_permission.h" +#include "appspawn_permission.h" + +// #include "appspawn_mount_permission.h" +#include "appspawn_msg.h" +#include "appspawn_utils.h" +#include "securec.h" + +static int PermissionNodeCompareName(ListNode *node, void *data) +{ + SandboxPermissionNode *permissionNode = (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); + return strcmp(permissionNode->name, (char *)data); +} + +static int PermissionNodeCompareProc(ListNode *node, ListNode *newNode) +{ + SandboxPermissionNode *permissionNode = (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); + SandboxPermissionNode *newPermissionNode = (SandboxPermissionNode *)ListEntry(newNode, SandboxMountNode, node); + return strcmp(permissionNode->name, newPermissionNode->name); +} + +int AddSandboxPermissionNode(const char *name, SandboxQueue *queue) +{ + APPSPAWN_CHECK_ONLY_EXPER(name != NULL && queue != NULL, return APPSPAWN_ARG_INVALID); + APPSPAWN_LOGV("Add permission name %{public}s ", name); + if (GetPermissionNodeInQueue(queue, name) != NULL) { + APPSPAWN_LOGW("Permission name %{public}s has been exist", name); + return 0; + } + + size_t len = APPSPAWN_ALIGN(strlen(name) + 1) + sizeof(SandboxPermissionNode); + SandboxPermissionNode *node = (SandboxPermissionNode *)calloc(1, len); + APPSPAWN_CHECK(node != NULL, return APPSPAWN_SYSTEM_ERROR, "Failed to create permission node"); + OH_ListInit(&node->sandboxNode.node); + node->permissionIndex = 0; + int ret = strcpy_s(node->name, len, name); + APPSPAWN_CHECK(ret == 0, free(node); + return APPSPAWN_SYSTEM_ERROR, "Failed to copy name"); + OH_ListAddWithOrder(&queue->front, &node->sandboxNode.node, PermissionNodeCompareProc); + return 0; +} + +int32_t DeleteSandboxPermissions(SandboxQueue *queue) +{ + APPSPAWN_CHECK_ONLY_EXPER(queue != NULL, return APPSPAWN_ARG_INVALID); + ListNode *node = queue->front.next; + while (node != &queue->front) { + SandboxMountNode *sandboxNode = (SandboxMountNode *)ListEntry(node, SandboxMountNode, node); + OH_ListRemove(&sandboxNode->node); + OH_ListInit(&sandboxNode->node); + free(sandboxNode); + // get first + node = queue->front.next; + } + return 0; +} + +int32_t PermissionRenumber(SandboxQueue *queue) +{ + APPSPAWN_CHECK_ONLY_EXPER(queue != NULL, return -1); + ListNode *node = queue->front.next; + int index = -1; + while (node != &queue->front) { + SandboxPermissionNode *permissionNode = (SandboxPermissionNode *)ListEntry(node, SandboxMountNode, node); + permissionNode->permissionIndex = ++index; + APPSPAWN_LOGV("Permission index %{public}d name %{public}s", + permissionNode->permissionIndex, permissionNode->name); + node = node->next; + } + return index + 1; +} \ No newline at end of file diff --git a/modules/sandbox/normal/sandbox_normal_permission.h b/modules/sandbox/normal/sandbox_normal_permission.h new file mode 100644 index 0000000000000000000000000000000000000000..064ac3a97634698ce93fdb150b68853e343c95a6 --- /dev/null +++ b/modules/sandbox/normal/sandbox_normal_permission.h @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SANDBOX_NORMAL_PERMISSION_H +#define SANDBOX_NORMAL_PERMISSION_H +#include +#include +#include + +#include "list.h" + +#ifdef __cplusplus +extern "C" { +#endif + + +#define APP_SANDBOX_FILE_NAME "/appdata-sandbox.json" + +// typedef struct TagSandboxQueue SandboxQueue; +// typedef struct TagPermissionNode SandboxPermissionNode; + +// int32_t AddSandboxPermissionNode(const char *name, SandboxQueue *queue); +// int32_t DeleteSandboxPermissions(SandboxQueue *queue); +// int32_t GetPermissionIndexInQueue(const SandboxQueue *queue, const char *permission); +// const SandboxPermissionNode *GetPermissionNodeInQueue(const SandboxQueue *queue, const char *permission); +// const SandboxPermissionNode *GetPermissionNodeInQueueByIndex(const SandboxQueue *queue, int32_t index); +// int32_t PermissionRenumber(SandboxQueue *queue); + +#ifdef __cplusplus +} +#endif +#endif // SANDBOX_NORMAL_PERMISSION_H \ No newline at end of file diff --git a/modules/sandbox/normal/sandbox_shared_mount.cpp b/modules/sandbox/normal/sandbox_shared_mount.cpp index 63a023775d60d38b0c4fcb29105da543e48a4238..fae454c27f6d4ddee6785702a06d66f143d69e2c 100644 --- a/modules/sandbox/normal/sandbox_shared_mount.cpp +++ b/modules/sandbox/normal/sandbox_shared_mount.cpp @@ -489,9 +489,15 @@ static int ParseDataGroupList(AppSpawnMgr *content, const AppSpawningCtx *proper { int ret = 0; cJSON *dataGroupList = GetJsonObjFromExtInfo(property, DATA_GROUP_SOCKET_TYPE); - APPSPAWN_CHECK(dataGroupList != nullptr, return APPSPAWN_ARG_INVALID, "dataGroupList is empty"); - APPSPAWN_CHECK(cJSON_IsArray(dataGroupList), cJSON_Delete(dataGroupList); - return APPSPAWN_ARG_INVALID, "dataGroupList is not Array"); + if (dataGroupList == nullptr) { + APPSPAWN_LOGE("dataGroupList is empty"); + return APPSPAWN_ARG_INVALID; + } + + if (!cJSON_IsArray(dataGroupList)) { + cJSON_Delete(dataGroupList); + return APPSPAWN_ARG_INVALID; + } // Iterate through the array (assuming groups is an array) cJSON *item = nullptr; diff --git a/modules/sandbox/sandbox.gni b/modules/sandbox/sandbox.gni index bf26ed0c16e9f4da4428f64432bef8d6a0fb044f..3a8bb1e1c2360311a26e8c8676511a51a4ce688e 100644 --- a/modules/sandbox/sandbox.gni +++ b/modules/sandbox/sandbox.gni @@ -17,7 +17,7 @@ appspawn_sandbox_inc = [ appspawn_sandbox_src = [ "//base/startup/appspawn/modules/sandbox/sandbox_dec.c", - "//base/startup/appspawn/modules/sandbox/appspawn_permission.c", + # "//base/startup/appspawn/modules/sandbox/appspawn_permission.c", ] if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) { @@ -35,6 +35,7 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) { "//base/startup/appspawn/modules/sandbox/modern/sandbox_load.c", "//base/startup/appspawn/modules/sandbox/modern/sandbox_manager.c", "//base/startup/appspawn/modules/sandbox/modern/sandbox_shared.c", + "//base/startup/appspawn/modules/sandbox/modern/sandbox_modern_permission.c", ] } else { appspawn_sandbox_inc += [ @@ -44,6 +45,7 @@ if (defined(appspawn_sandbox_new) && appspawn_sandbox_new) { appspawn_sandbox_src += [ "//base/startup/appspawn/modules/sandbox/normal/sandbox_shared_mount.cpp", "//base/startup/appspawn/modules/sandbox/normal/appspawn_sandbox_manager.cpp", + "//base/startup/appspawn/modules/sandbox/normal/sandbox_normal_permission.c", "//base/startup/appspawn/modules/sandbox/normal/sandbox_common.cpp", "//base/startup/appspawn/modules/sandbox/normal/sandbox_core.cpp" ] diff --git a/modules/sandbox/sandbox_common_def.h b/modules/sandbox/sandbox_common_def.h new file mode 100644 index 0000000000000000000000000000000000000000..37f2368e889a52b4f2ca87776979709ccdb597ec --- /dev/null +++ b/modules/sandbox/sandbox_common_def.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "appspawn.h" +#include "appspawn_utils.h" +#include "list.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef SANDBOX_COMMON_DEF_H +#define SANDBOX_COMMON_DEF_H + +typedef struct { + struct ListNode node; + uint32_t type; +} SandboxMountNode; + +typedef struct TagSandboxQueue { + struct ListNode front; + uint32_t type; +} SandboxQueue; + +typedef struct TagSandboxSection { + SandboxMountNode sandboxNode; + struct ListNode front; // mount-path + char *name; + uint32_t number : 16; + uint32_t gidCount : 16; + gid_t *gidTable; // "gids": [1006, 1008], + uint32_t sandboxSwitch : 1; // "sandbox-switch": "ON", + uint32_t sandboxShared : 1; // "sandbox-switch": "ON", + SandboxMountNode **nameGroups; +} SandboxSection; + +typedef struct TagPermissionNode { + SandboxSection section; + int32_t permissionIndex; +} SandboxPermissionNode; + +#ifdef __cplusplus +} +#endif +#endif // SANDBOX_COMMON_DEF_H \ No newline at end of file diff --git a/test/BUILD.gn b/test/BUILD.gn index bfb189b8a27475925fed3ede238ccca8be707db1..a5b92d57b247f4b52e744b19c6b8930faf89bbb0 100644 --- a/test/BUILD.gn +++ b/test/BUILD.gn @@ -29,6 +29,7 @@ group("unittest") { deps += [ "unittest/app_spawn_standard_test:AppSpawn_ut" ] deps += [ "unittest/app_spawn_standard_test:AppSpawn_common_ut" ] deps += [ "unittest/app_spawn_standard_test:AppSpawn_coldrun_ut" ] + deps += [ "unittest/sandbox_normal_test:SandboxUtTest" ] } deps += [ "unittest/hnp_test:HnpTest" ] deps += [ "unittest/single_test/hnp_installer:hnp_installer_test" ] diff --git a/test/unittest/app_spawn_standard_test/app_spawn_appmgr_test.cpp b/test/unittest/app_spawn_standard_test/app_spawn_appmgr_test.cpp index fa70b18659e8b559304d511413df94d0d33c1546..1d3895aeaf608811d043a596816567ec5d5837f8 100644 --- a/test/unittest/app_spawn_standard_test/app_spawn_appmgr_test.cpp +++ b/test/unittest/app_spawn_standard_test/app_spawn_appmgr_test.cpp @@ -25,6 +25,8 @@ #include "appspawn_manager.h" #include "appspawn_modulemgr.h" #include "appspawn_permission.h" +// #include "appspawn_sandbox.h" +#include "sandbox_common_def.h" #include "appspawn_utils.h" #include "securec.h" diff --git a/test/unittest/app_spawn_standard_test/app_spawn_module_interface_test.cpp b/test/unittest/app_spawn_standard_test/app_spawn_module_interface_test.cpp index a8821f6086dfd925b086d38c58ba107917851d24..282b40c076cb2d285c29f440d6c69af02e689978 100644 --- a/test/unittest/app_spawn_standard_test/app_spawn_module_interface_test.cpp +++ b/test/unittest/app_spawn_standard_test/app_spawn_module_interface_test.cpp @@ -25,6 +25,8 @@ #include "appspawn_manager.h" #include "appspawn_modulemgr.h" #include "appspawn_permission.h" +// #include "appspawn_sandbox.h" +#include "sandbox_common_def.h" #include "appspawn_utils.h" #include "cJSON.h" #include "json_utils.h" diff --git a/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp b/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp index 1f736325f2171b9ff1fdf2ce2baa5a075843f295..aec62b11dea564811aeab3ad10eba66050e61102 100644 --- a/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp +++ b/test/unittest/app_spawn_standard_test/app_spawn_sandboxmgr_test.cpp @@ -25,7 +25,8 @@ #include "appspawn_manager.h" #include "appspawn_modulemgr.h" #include "appspawn_permission.h" -#include "appspawn_sandbox.h" +// #include "appspawn_sandbox.h" +#include "sandbox_common_def.h" #include "appspawn_utils.h" #include "securec.h" diff --git a/test/unittest/sandbox_normal_test/BUILD.gn b/test/unittest/sandbox_normal_test/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..94493533c32bf152831707bf574a1a39f339ec2b --- /dev/null +++ b/test/unittest/sandbox_normal_test/BUILD.gn @@ -0,0 +1,103 @@ +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +import("//base/startup/appspawn/appspawn.gni") +import("//base/startup/appspawn/modules/sandbox/sandbox.gni") +import("//build/test.gni") + +if (!defined(ohos_lite)) { + ohos_unittest("SandboxUtTest") { + module_out_path = "appspawn/appspawn" + cflags = [ + "-Wno-implicit-fallthrough", + "-Wno-unused-function", + "-Dprivate=public", + "-Dprotected=public", + ] + + cflags_cc = [ + "-Wno-implicit-fallthrough", + "-fexceptions", + ] + + if (appspawn_unittest_coverage) { + cflags += [ "--coverage" ] + ldflags = [ "--coverage" ] + cflags_cc += [ "--coverage" ] + } + + include_dirs = appspawn_sandbox_inc + include_dirs += [ + "${appspawn_path}/common", + "${appspawn_path}/standard", + "${appspawn_innerkits_path}/client", + "${appspawn_innerkits_path}/permission", + ] + + sources = appspawn_sandbox_src + + defines = [ + "APPSPAWN_TEST", + "APPSPAWN_BASE_DIR=\"/data/appspawn_ut\"", + "APPSPAWN_LABEL=\"APPSPAWN_UT\"", + "APPSPAWN_DEBUG", + ] + + configs = [ "${appspawn_path}:appspawn_config" ] + + deps = [ "${appspawn_path}/util:libappspawn_util" ] + + external_deps = [ + "bounds_checking_function:libsec_shared", + "cJSON:cjson", + "hilog:libhilog", + "init:libbegetutil", + ] + + if (appspawn_support_code_signature) { + external_deps += [ "code_signature:libcode_sign_utils" ] + } + + if (target_cpu == "arm64" || target_cpu == "x86_64" || + target_cpu == "riscv64") { + defines += [ "APPSPAWN_64" ] + } + + if (dlp_permission_enable) { + cflags_cc += [ "-DWITH_DLP" ] + external_deps += [ "dlp_permission_service:libdlp_fuse" ] + } + + if (build_selinux) { + defines += [ "WITH_SELINUX" ] + external_deps += [ "selinux_adapter:libhap_restorecon" ] + } + + if (appspawn_mount_tmpshm) { + defines += [ "APPSPAWN_MOUNT_TMPSHM" ] + if (build_selinux) { + external_deps += [ "selinux_adapter:librestorecon" ] + } + } + + if (appspawn_report_event) { + defines += [ "APPSPAWN_HISYSEVENT" ] + external_deps += [ "hisysevent:libhisysevent" ] + include_dirs += [ "${appspawn_path}/modules/sysevent" ] + sources += [ "${appspawn_path}/modules/sysevent/hisysevent_adapter.cpp" ] + } + + if (appspawn_support_nosharefs) { + defines += [ "APPSPAWN_SUPPORT_NOSHAREFS" ] + } + } +} diff --git a/test/unittest/sandbox_normal_test/sandbox_common_test.cpp b/test/unittest/sandbox_normal_test/sandbox_common_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..8bd1f4a0583c888322425f3cd911ee2e8409e8bc --- /dev/null +++ b/test/unittest/sandbox_normal_test/sandbox_common_test.cpp @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "appspawn_utils.h" +#include "parameter.h" + + +using namespace testing; +using namespace testing::ext; + +#ifdef __cplusplus + extern "C" { +#endif + + +#ifdef __cplusplus + } +#endif + +namespace OHOS { +class SandboxCommonTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; + +void HnpInstallerTest::SetUpTestCase() +{ + GTEST_LOG_(INFO) << "Sandbox_Common_TEST SetUpTestCase"; +} + +void HnpInstallerTest::TearDownTestCase() +{ + GTEST_LOG_(INFO) << "Sandbox_Common_TEST TearDownTestCase"; +} + +void HnpInstallerTest::SetUp() +{ + GTEST_LOG_(INFO) << "Sandbox_Common_TEST SetUp"; +} + +void HnpInstallerTest::TearDown() +{ + GTEST_LOG_(INFO) << "Sandbox_Common_TEST TearDown"; +} + +} \ No newline at end of file diff --git a/test/unittest/sandbox_normal_test/sandbox_core_test.cpp b/test/unittest/sandbox_normal_test/sandbox_core_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..329a09e3a1f82b1c9e116662ea42f6b03f9abfad --- /dev/null +++ b/test/unittest/sandbox_normal_test/sandbox_core_test.cpp @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "appspawn_utils.h" +#include "parameter.h" + + +using namespace testing; +using namespace testing::ext; + +#ifdef __cplusplus + extern "C" { +#endif + + +#ifdef __cplusplus + } +#endif + +namespace OHOS { +class SandboxCoreTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; + +void HnpInstallerTest::SetUpTestCase() +{ + GTEST_LOG_(INFO) << "Sandbox_Core_TEST SetUpTestCase"; +} + +void HnpInstallerTest::TearDownTestCase() +{ + GTEST_LOG_(INFO) << "Sandbox_Core_TEST TearDownTestCase"; +} + +void HnpInstallerTest::SetUp() +{ + GTEST_LOG_(INFO) << "Sandbox_Core_TEST SetUp"; +} + +void HnpInstallerTest::TearDown() +{ + GTEST_LOG_(INFO) << "Sandbox_Core_TEST TearDown"; +} + +} \ No newline at end of file diff --git a/test/unittest/sandbox_normal_test/sandbox_manager.cpp b/test/unittest/sandbox_normal_test/sandbox_manager.cpp new file mode 100644 index 0000000000000000000000000000000000000000..22e68acb4e16a328caba029fadba9d2778cd0a48 --- /dev/null +++ b/test/unittest/sandbox_normal_test/sandbox_manager.cpp @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "appspawn_utils.h" +#include "parameter.h" + + +using namespace testing; +using namespace testing::ext; + +#ifdef __cplusplus + extern "C" { +#endif + + +#ifdef __cplusplus + } +#endif + +namespace OHOS { +class SandboxManagerTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; + +void HnpInstallerTest::SetUpTestCase() +{ + GTEST_LOG_(INFO) << "Sandbox_Manager_TEST SetUpTestCase"; +} + +void HnpInstallerTest::TearDownTestCase() +{ + GTEST_LOG_(INFO) << "Sandbox_Manager_TEST TearDownTestCase"; +} + +void HnpInstallerTest::SetUp() +{ + GTEST_LOG_(INFO) << "Sandbox_Manager_TEST SetUp"; +} + +void HnpInstallerTest::TearDown() +{ + GTEST_LOG_(INFO) << "Sandbox_Manager_TEST TearDown"; +} + +} \ No newline at end of file