Skip to content

S
Startup Init Lite

OpenHarmony / Startup Init Lite
大约 1 年 前同步成功

通知 3
Star 37
Fork 0
S
Startup Init Lite

体验新版 GitCode,发现更多精彩内容 >>

未验证 提交 2a001ae8 编写于 作者: O openharmony_ci 提交者: Gitee
浏览文件
操作

!694 修复64位沙盒配置json文件 

Merge pull request !694 from Mupceet/init525_1
上级 dc00e1c8 a566ca3f
隐藏空白更改
内联 并排
Showing with 21 addition and 333 deletion
interfaces/innerkits/sandbox/BUILD.gn
浏览文件 @ 2a001ae8
......@@ -20,6 +20,9 @@ config("exported_header_files") {
}
ohos_shared_library("libsandbox") {
if (target_cpu == "arm64") {
defines = [ "SUPPORT_64BIT" ]
}
sources = [
"sandbox.c",
"sandbox_namespace.c",
......
interfaces/innerkits/sandbox/app-sandbox.json 已删除 100644 → 0
浏览文件 @ dc00e1c8
{
"sandbox-root" : "/mnt/sandbox/app",
"mount-bind-paths" : [{
"src-path" : "/mnt",
"sandbox-path" : "/mnt",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/system/bin",
"sandbox-path" : "/system/bin",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/system/lib",
"sandbox-path" : "/system/lib",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/system/lib/module",
"sandbox-path" : "/system/lib/module",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/system/etc",
"sandbox-path" : "/system/etc",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/sys/kernel/debug/tracing",
"sandbox-path" : "/sys/kernel/debug/tracing",
"sandbox-flags" : [ "bind", "private" ]
}, {
"src-path" : "/sys/kernel/debug",
"sandbox-path" : "/sys/kernel/debug",
"sandbox-flags" : [ "bind", "private" ]
}, {
"src-path" : "/sys",
"sandbox-path" : "/sys",
"sandbox-flags" : [ "bind", "private" ]
}, {
"src-path" : "/proc",
"sandbox-path" : "/proc",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/dev",
"sandbox-path" : "/dev",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/data",
"sandbox-path" : "/data",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/system/fonts",
"sandbox-path" : "/system/fonts",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/config",
"sandbox-path" : "/config",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/sys_prod",
"sandbox-path" : "/sys_prod",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/storage",
"sandbox-path" : "/storage",
"sandbox-flags" : [ "bind", "rec", "private" ]
}
],
"mount-bind-files" : [{
}],
"symbol-links" : [{
"target-name" : "/system/bin",
"link-name" : "/bin"
}, {
"target-name" : "/system/lib",
"link-name" : "/lib"
}, {
"target-name" : "/system/etc",
"link-name" : "/etc"
}
]
}
interfaces/innerkits/sandbox/app-sandbox64.json 已删除 100644 → 0
浏览文件 @ dc00e1c8
{
"sandbox-root" : "/mnt/sandbox/app",
"mount-bind-paths" : [{
"src-path" : "/mnt",
"sandbox-path" : "/mnt",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/system/bin",
"sandbox-path" : "/system/bin",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/system/lib64",
"sandbox-path" : "/system/lib64",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/system/lib64/module",
"sandbox-path" : "/system/lib64/module",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/system/etc",
"sandbox-path" : "/system/etc",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/sys/kernel/debug/tracing",
"sandbox-path" : "/sys/kernel/debug/tracing",
"sandbox-flags" : [ "bind", "private" ]
}, {
"src-path" : "/sys/kernel/debug",
"sandbox-path" : "/sys/kernel/debug",
"sandbox-flags" : [ "bind", "private" ]
}, {
"src-path" : "/sys",
"sandbox-path" : "/sys",
"sandbox-flags" : [ "bind", "private" ]
}, {
"src-path" : "/proc",
"sandbox-path" : "/proc",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/dev",
"sandbox-path" : "/dev",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/data",
"sandbox-path" : "/data",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/system/fonts",
"sandbox-path" : "/system/fonts",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/config",
"sandbox-path" : "/config",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/sys_prod",
"sandbox-path" : "/sys_prod",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/storage",
"sandbox-path" : "/storage",
"sandbox-flags" : [ "bind", "rec", "private" ]
}
],
"mount-bind-files" : [{
}],
"symbol-links" : [{
"target-name" : "/system/bin",
"link-name" : "/bin"
}, {
"target-name" : "/system/lib64",
"link-name" : "/lib64"
}, {
"target-name" : "/system/etc",
"link-name" : "/etc"
}
]
}
interfaces/innerkits/sandbox/include/sandbox.h
浏览文件 @ 2a001ae8
......@@ -56,7 +56,6 @@ bool InitSandboxWithName(const char *name);
int PrepareSandbox(const char *name);
int EnterSandbox(const char *name);
void DestroySandbox(const char *name);
int CheckSupportSandbox(void);
void DumpSandboxByName(const char *name);
#ifdef __cplusplus
}
......
interfaces/innerkits/sandbox/include/sandbox_namespace.h
浏览文件 @ 2a001ae8
......@@ -23,7 +23,7 @@ extern "C" {
int GetNamespaceFd(const char *nsPath);
int UnshareNamespace(int nsType);
int SetNamespce(int nsFd, int nsType);
int SetNamespace(int nsFd, int nsType);
void InitDefaultNamespace(void);
int EnterDefaultNamespace(void);
void CloseDefaultNamespace(void);
......@@ -33,4 +33,5 @@ void CloseDefaultNamespace(void);
}
#endif
#endif
#endif
\ No newline at end of file
#endif
interfaces/innerkits/sandbox/privapp-sandbox.json 已删除 100644 → 0
浏览文件 @ dc00e1c8
{
"sandbox-root" : "/mnt/sandbox/priv-app",
"mount-bind-paths" : [{
"src-path" : "/mnt",
"sandbox-path" : "/mnt",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/system/bin",
"sandbox-path" : "/system/bin",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/system/bin",
"sandbox-path" : "/system/common/bin",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/system/lib",
"sandbox-path" : "/system/lib",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/system/lib/module",
"sandbox-path" : "/system/lib/module",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/system/etc",
"sandbox-path" : "/system/etc",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/sys/kernel/debug/tracing",
"sandbox-path" : "/sys/kernel/debug/tracing",
"sandbox-flags" : [ "bind", "private" ]
}, {
"src-path" : "/sys/kernel/debug",
"sandbox-path" : "/sys/kernel/debug",
"sandbox-flags" : [ "bind", "private" ]
}, {
"src-path" : "/sys",
"sandbox-path" : "/sys",
"sandbox-flags" : [ "bind", "private" ]
}, {
"src-path" : "/proc",
"sandbox-path" : "/proc",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/dev",
"sandbox-path" : "/dev",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/data",
"sandbox-path" : "/data",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/system/fonts",
"sandbox-path" : "/system/fonts",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/config",
"sandbox-path" : "/config",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/sys_prod",
"sandbox-path" : "/sys_prod",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/storage",
"sandbox-path" : "/storage",
"sandbox-flags" : [ "bind", "rec", "private" ]
}
],
"mount-bind-files": [{
}],
"symbol-links": [{
"target-name" : "/system/bin",
"link-name" : "/bin"
}, {
"target-name" : "/system/lib",
"link-name" : "/lib"
}, {
"target-name" : "/system/etc",
"link-name" : "/etc"
}
]
}
interfaces/innerkits/sandbox/privapp-sandbox64.json 已删除 100644 → 0
浏览文件 @ dc00e1c8
{
"sandbox-root" : "/mnt/sandbox/priv-app",
"mount-bind-paths" : [{
"src-path" : "/mnt",
"sandbox-path" : "/mnt",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/system/bin",
"sandbox-path" : "/system/bin",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/system/bin",
"sandbox-path" : "/system/common/bin",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/system/lib64",
"sandbox-path" : "/system/lib64",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/system/lib64/module",
"sandbox-path" : "/system/lib64/module",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/system/etc",
"sandbox-path" : "/system/etc",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/sys/kernel/debug/tracing",
"sandbox-path" : "/sys/kernel/debug/tracing",
"sandbox-flags" : [ "bind", "private" ]
}, {
"src-path" : "/sys/kernel/debug",
"sandbox-path" : "/sys/kernel/debug",
"sandbox-flags" : [ "bind", "private" ]
}, {
"src-path" : "/sys",
"sandbox-path" : "/sys",
"sandbox-flags" : [ "bind", "private" ]
}, {
"src-path" : "/proc",
"sandbox-path" : "/proc",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/dev",
"sandbox-path" : "/dev",
"sandbox-flags" : [ "bind", "rec" ]
}, {
"src-path" : "/data",
"sandbox-path" : "/data",
"sandbox-flags" : [ "bind", "rec" ]
},{
"src-path" : "/storage",
"sandbox-path" : "/storage",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/system/fonts",
"sandbox-path" : "/system/fonts",
"sandbox-flags" : [ "bind", "rec", "private" ]
}
],
"mount-bind-files": [{
}],
"symbol-links": [{
"target-name" : "/system/bin",
"link-name" : "/bin"
}, {
"target-name" : "/system/lib64",
"link-name" : "/lib64"
}, {
"target-name" : "/system/etc",
"link-name" : "/etc"
}
]
}
interfaces/innerkits/sandbox/sandbox.c 100755 → 100644
浏览文件 @ 2a001ae8
......@@ -38,10 +38,13 @@
#define SANDBOX_SYMLINK_TARGET "target-name"
#define SANDBOX_SYMLINK_NAME "link-name"
#ifndef SUPPORT_64BIT
#define SANDBOX_SYSTEM_CONFIG_FILE "/system/etc/sandbox/system-sandbox.json"
#define SANDBOX_CHIPSET_CONFIG_FILE "/system/etc/sandbox/chipset-sandbox.json"
#define SANDBOX_PRIVAPP_CONFIG_FILE "/system/etc/sandbox/privapp-sandbox.json"
#define SANDBOX_APP_CONFIG_FILE "/system/etc/sandbox/app-sandbox.json"
#else
#define SANDBOX_SYSTEM_CONFIG_FILE "/system/etc/sandbox/system-sandbox64.json"
#define SANDBOX_CHIPSET_CONFIG_FILE "/system/etc/sandbox/chipset-sandbox64.json"
#endif
#define SANDBOX_MOUNT_FLAGS_MS_BIND "bind"
#define SANDBOX_MOUNT_FLAGS_MS_PRIVATE "private"
......@@ -72,11 +75,8 @@ static const struct SandboxMountFlags g_flags[] = {
}
};
static sandbox_t g_systemSandbox;
static sandbox_t g_chipsetSandbox;
static sandbox_t g_privAppSandbox;
static sandbox_t g_appSandbox;
struct SandboxMap {
const char *name;
......@@ -94,16 +94,6 @@ static const struct SandboxMap g_map[] = {
.name = "chipset",
.sandbox = &g_chipsetSandbox,
.configfile = SANDBOX_CHIPSET_CONFIG_FILE,
},
{
.name = "priv-app",
.sandbox = &g_privAppSandbox,
.configfile = SANDBOX_PRIVAPP_CONFIG_FILE,
},
{
.name = "app",
.sandbox = &g_appSandbox,
.configfile = SANDBOX_APP_CONFIG_FILE,
}
};
......@@ -612,7 +602,7 @@ int EnterSandbox(const char *name)
return -1;
}
if (sandbox->ns > 0) {
if (SetNamespce(sandbox->ns, CLONE_NEWNS) < 0) {
if (SetNamespace(sandbox->ns, CLONE_NEWNS) < 0) {
BEGET_LOGE("Failed to enter mount namespace for sandbox \' %s \', err=%d.", name, errno);
return -1;
}
......
interfaces/innerkits/sandbox/sandbox_namespace.c
浏览文件 @ 2a001ae8
......@@ -51,7 +51,7 @@ int UnshareNamespace(int nsType)
}
}
int SetNamespce(int nsFd, int nsType)
int SetNamespace(int nsFd, int nsType)
{
if (nsFd < 0) {
BEGET_LOGE("Failed get namespace fd");
......@@ -78,7 +78,7 @@ int EnterDefaultNamespace(void)
if (g_defaultNs < 0) {
return -1;
}
return SetNamespce(g_defaultNs, CLONE_NEWNS);
return SetNamespace(g_defaultNs, CLONE_NEWNS);
}
void CloseDefaultNamespace(void)
......
interfaces/innerkits/sandbox/system-sandbox64.json
浏览文件 @ 2a001ae8
......@@ -12,6 +12,10 @@
"src-path" : "/system/lib64",
"sandbox-path" : "/system/lib64",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/system/lib",
"sandbox-path" : "/system/lib",
"sandbox-flags" : [ "bind", "rec", "private" ]
}, {
"src-path" : "/system/profile",
"sandbox-path" : "/system/profile",
......@@ -79,6 +83,9 @@
"symbol-links" : [{
"target-name" : "/system/lib64",
"link-name" : "/lib64"
}, {
"target-name" : "/system/lib",
"link-name" : "/lib"
}, {
"target-name" : "/system/bin",
"link-name" : "/bin"
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册