diff --git a/modules/sandbox/normal/sandbox_common.cpp b/modules/sandbox/normal/sandbox_common.cpp index 9eca40fcceac87c6e97377e583ce1b45db680cfa..42a5f5af0d4287dd9702c20abb653f3c93f8c7c4 100644 --- a/modules/sandbox/normal/sandbox_common.cpp +++ b/modules/sandbox/normal/sandbox_common.cpp @@ -41,6 +41,8 @@ namespace OHOS { namespace AppSpawn { int32_t SandboxCommon::deviceTypeEnable_ = -1; +int32_t SandboxCommon::mountFailedCount = 0; +bool SandboxCommon::needReport = true; std::map> SandboxCommon::appSandboxCJsonConfig_ = {}; // 加载配置文件 @@ -607,6 +609,23 @@ void SandboxCommon::CheckMountStatus(const std::string &path) APPSPAWN_CHECK_ONLY_LOG(flag, "Mountinfo not contains %{public}s", path.c_str()); } +std::string SandboxCommon::CollectMountInfo(void) +{ + std::ifstream file("/proc/self/mountinfo"); + if (!file.is_open()) { + APPSPAWN_LOGE("Failed to open /proc/self/mountinfo errno %{public}d", errno); + return ""; + } + + std::string mountInfo; + std::string line; + while (std::getline(file, line)) { + mountInfo += line; + } + file.close(); + return mountInfo; +} + bool SandboxCommon::HasPrivateInBundleName(const std::string &bundleName) // CheckBundleNameForPrivate { if (bundleName.find(SandboxCommonDef::g_internal) != std::string::npos) { @@ -996,13 +1015,24 @@ int32_t SandboxCommon::DoAppSandboxMountOnce(const AppSpawningCtx *appProperty, struct timespec mountEnd = {0}; clock_gettime(CLOCK_MONOTONIC_COARSE, &mountEnd); uint64_t diff = DiffTime(&mountStart, &mountEnd); - APPSPAWN_CHECK_ONLY_LOGW(diff < SandboxCommonDef::MAX_MOUNT_TIME, "mount %{public}s time %{public}" PRId64 " us", - arg->srcPath, diff); + APPSPAWN_CHECK_ONLY_LOGW(diff < SandboxCommonDef::MAX_MOUNT_TIME, + "ret: %{public}d mount %{public}s time %{public}" PRId64 " us", ret, arg->srcPath, diff); #ifdef APPSPAWN_HISYSEVENT APPSPAWN_CHECK_ONLY_EXPER(diff < FUNC_REPORT_DURATION, ReportAbnormalDuration(arg->srcPath, diff)); #endif if (ret != 0) { APPSPAWN_LOGI("errno is: %{public}d, bind mount %{public}s to %{public}s", errno, arg->srcPath, arg->destPath); +#ifdef APPSPAWN_HISYSEVENT + if (errno == EINVAL) { + mountFailedCount++; + if (needReport && mountFailedCount >= SandboxCommonDef::MAX_MOUNT_INVAILD_COUNT) { + std::string mountInfo = CollectMountInfo(); + ReportMountFail("appspawn", "/data/app/el1/mountinfo", mountInfo.c_str(), errno); + needReport = false; + return APPSPAWN_SANDBOX_MOUNT_FULL; + } + } +#endif if (errno == ENOENT && IsNeededCheckPathStatus(appProperty, arg->srcPath)) { VerifyDirRecursive(arg->srcPath); } diff --git a/modules/sandbox/normal/sandbox_common.h b/modules/sandbox/normal/sandbox_common.h index 9d34623d05d1529bb5b6f91003b87e111e65e0b1..95c154e6eab1660a5eaa3ea3dd802602cd5387e5 100644 --- a/modules/sandbox/normal/sandbox_common.h +++ b/modules/sandbox/normal/sandbox_common.h @@ -119,6 +119,7 @@ private: // 校验操作 static bool IsNeededCheckPathStatus(const AppSpawningCtx *appProperty, const char *path); static void CheckMountStatus(const std::string &path); + static std::string CollectMountInfo(void); // 路径处理 static std::string ReplaceVariablePackageName(const AppSpawningCtx *appProperty, const std::string &path); @@ -139,6 +140,9 @@ private: SANDBOX_PACKAGENAME_CLONE_AND_EXTENSION, SANDBOX_PACKAGENAME_ATOMIC_SERVICE, } SandboxVarPackageNameType; + + static int32_t mountFailedCount; + static bool needReport; }; } // namespace AppSpawn diff --git a/modules/sandbox/normal/sandbox_def.h b/modules/sandbox/normal/sandbox_def.h index e0dcfdc8c797c68fd03a01bcf0c69858b0e188bb..f65121bf29a74336d4227276c22d480873531159 100644 --- a/modules/sandbox/normal/sandbox_def.h +++ b/modules/sandbox/normal/sandbox_def.h @@ -32,6 +32,7 @@ constexpr static mode_t FILE_MODE = 0711; constexpr static mode_t BASIC_MOUNT_FLAGS = MS_REC | MS_BIND; constexpr int32_t MAX_MOUNT_TIME = 500; // 500us constexpr int32_t LOCK_STATUS_SIZE = 16; +constexpr int32_t MAX_MOUNT_INVAILD_COUNT = 8; // 沙盒配置文件 const std::string APP_JSON_CONFIG = "/appdata-sandbox.json"; diff --git a/util/include/appspawn_utils.h b/util/include/appspawn_utils.h index 7ce58c6d08016ba393c05b5ef3c1a673960eb954..9fdb7c2fa5a42a36f688d111bc67d09fbabc285c 100644 --- a/util/include/appspawn_utils.h +++ b/util/include/appspawn_utils.h @@ -138,6 +138,7 @@ typedef enum { APPSPAWN_SANDBOX_ERROR_MOUNT_FAIL, APPSPAWN_SANDBOX_ERROR_SET_PERMISSION_FLAG_FAIL, APPSPAWN_NODE_EXIST, + APPSPAWN_SANDBOX_MOUNT_FULL, /* devicedebug errno */ APPSPAWN_DEVICEDEBUG_ERROR_APP_NOT_EXIST, APPSPAWN_DEVICEDEBUG_ERROR_APP_NOT_DEBUGGABLE,