fix sandbox codex

Signed-off-by: N cheng_jinsong <chengjinsong2@huawei.com>

fix sandbox codex
Signed-off-by: N cheng_jinsong <chengjinsong2@huawei.com>
40658ceb · cheng_jinsong · f9ff0c09 · 40658ceb · 40658ceb · 40658ceb
7 changed file
--- a/services/init/include/init.h
+++ b/services/init/include/init.h
@@ -43,7 +43,6 @@ void SystemExecuteRcs(void);

 void ReadConfig(void);
 void SignalInit(void);
-void SetServiceEnterSandbox(const char *path, unsigned int attribute);

 #ifdef __cplusplus
 #if __cplusplus

--- a/services/init/include/init_service.h
+++ b/services/init/include/init_service.h
@@ -178,7 +178,9 @@ int SetAccessToken(const Service *service);
 void GetAccessToken(void);
 void ServiceStopTimer(Service *service);
 void ServiceStartTimer(Service *service, uint64_t timeout);
+void IsEnableSandbox(void);
 void EnterServiceSandbox(Service *service);
+void SetServiceEnterSandbox(const char *execPath, unsigned int attribute);
 #ifdef __cplusplus
 #if __cplusplus
 }

--- a/services/init/init_common_service.c
+++ b/services/init/init_common_service.c
@@ -291,7 +291,7 @@ static void ClearEnvironment(Service *service)
    return;
 }

-static int InitServicePropertys(Service *service)
+static int InitServiceProperties(Service *service)
 {
    INIT_ERROR_CHECK(service != NULL, return -1, "Invalid parameter.");
    SetServiceEnterSandbox(service->pathArgs.argv[0], service->attribute);
@@ -331,7 +331,7 @@ static int InitServicePropertys(Service *service)

 void EnterServiceSandbox(Service *service)
 {
-    INIT_ERROR_CHECK(InitServicePropertys(service) == 0, return, "Failed init service property");
+    INIT_ERROR_CHECK(InitServiceProperties(service) == 0, return, "Failed init service property");
    if (service->importance != 0) {
        if (setpriority(PRIO_PROCESS, 0, service->importance) != 0) {
            INIT_LOGE("setpriority failed for %s, importance = %d, err=%d",
@@ -374,7 +374,7 @@ int ServiceStart(Service *service)
    int pid = fork();
    if (pid == 0) {
        // fail must exit sub process
-        INIT_ERROR_CHECK(InitServicePropertys(service) == 0,
+        INIT_ERROR_CHECK(InitServiceProperties(service) == 0,
            _exit(PROCESS_EXIT_CODE), "Failed init service property");
        ServiceExec(service);
        _exit(PROCESS_EXIT_CODE);

--- a/services/init/lite/init.c
+++ b/services/init/lite/init.c
@@ -96,10 +96,3 @@ void SystemRun(void)
    }
 #endif
 }
-
-void SetServiceEnterSandbox(const char *path, unsigned int attribute)
-{
-    UNUSED(path);
-    UNUSED(attribute);
-    return;
-}
--- a/services/init/lite/init_service.c
+++ b/services/init/lite/init_service.c
@@ -95,3 +95,15 @@ void GetAccessToken(void)
 {
    return;
 }
+
+void IsEnableSandbox(void)
+{
+    return;
+}
+
+void SetServiceEnterSandbox(const char *path, unsigned int attribute)
+{
+    UNUSED(path);
+    UNUSED(attribute);
+    return;
+}
--- a/services/init/standard/init.c
+++ b/services/init/standard/init.c
@@ -43,12 +43,8 @@
 #include "ueventd.h"
 #include "ueventd_socket.h"
 #include "fd_holder_internal.h"
-#include "sandbox.h"
-#include "sandbox_namespace.h"
 #include "bootstage.h"

-static bool g_enableSandbox;
-
 static int FdHolderSockInit(void)
 {
    int sock = -1;
@@ -263,24 +259,6 @@ static void BootStateChange(const char *content)
    }
 }

-static void IsEnableSandbox(void)
-{
-    const char *name = "const.sandbox";
-    char value[MAX_BUFFER_LEN] = {0};
-    unsigned int len = MAX_BUFFER_LEN;
-    if (SystemReadParam(name, value, &len) != 0) {
-        INIT_LOGE("Failed read param.");
-        g_enableSandbox = false;
-    }
-    if (strcmp(value, "enable") == 0) {
-        INIT_LOGI("Enable sandbox.");
-        g_enableSandbox = true;
-    } else {
-        INIT_LOGI("Disable sandbox.");
-        g_enableSandbox = false;
-    }
-}
-
 static void InitLoadParamFiles(void)
 {
    if (InUpdaterMode() != 0) {
@@ -372,31 +350,3 @@ void SystemRun(void)
 {
    StartParamService();
 }
-
-void SetServiceEnterSandbox(const char *execPath, unsigned int attribute)
-{
-    if (g_enableSandbox == false) {
-        return;
-    }
-    if ((attribute & SERVICE_ATTR_WITHOUT_SANDBOX) == SERVICE_ATTR_WITHOUT_SANDBOX) {
-        return;
-    }
-    INIT_ERROR_CHECK(execPath != NULL, return, "Service path is null.");
-    if (strncmp(execPath, "/system/bin/", strlen("/system/bin/")) == 0) {
-        if (strcmp(execPath, "/system/bin/appspawn") == 0) {
-            INIT_LOGI("Appspawn skip enter sandbox.");
-        } else if (strcmp(execPath, "/system/bin/hilogd") == 0) {
-            INIT_LOGI("Hilogd skip enter sandbox.");
-        } else {
-            INIT_INFO_CHECK(EnterSandbox("system") == 0, return,
-                "Service %s skip enter sandbox system.", execPath);
-        }
-    } else if (strncmp(execPath, "/vendor/bin/", strlen("/vendor/bin/")) == 0) {
-        // chipset sandbox will be implemented later.
-        INIT_INFO_CHECK(EnterSandbox("chipset") == 0, return,
-            "Service %s skip enter sandbox system.", execPath);
-    } else {
-        INIT_LOGI("Service %s does not enter sandbox", execPath);
-    }
-    return;
-}
--- a/services/init/standard/init_service.c
+++ b/services/init/standard/init_service.c
@@ -29,11 +29,15 @@
 #include "securec.h"
 #include "token_setproc.h"
 #include "nativetoken_kit.h"
+#include "sandbox.h"
+#include "sandbox_namespace.h"
 #include "service_control.h"

 #define MIN_IMPORTANT_LEVEL (-20)
 #define MAX_IMPORTANT_LEVEL 19

+static bool g_enableSandbox = false;
+
 void NotifyServiceChange(Service *service, int status)
 {
    INIT_LOGI("NotifyServiceChange %s %d to %d", service->name, service->status, status);
@@ -130,3 +134,35 @@ void GetAccessToken(void)
        node = GetNextGroupNode(NODE_TYPE_SERVICES, node);
    }
 }
+
+void IsEnableSandbox(void)
+{
+    char value[MAX_BUFFER_LEN] = {0};
+    unsigned int len = MAX_BUFFER_LEN;
+    if (SystemReadParam("const.sandbox", value, &len) == 0) {
+        if (strcmp(value, "enable") == 0) {
+            g_enableSandbox = true;
+        }
+    }
+}
+
+void SetServiceEnterSandbox(const char *execPath, unsigned int attribute)
+{
+    if (g_enableSandbox == false) {
+        return;
+    }
+    if ((attribute & SERVICE_ATTR_WITHOUT_SANDBOX) == SERVICE_ATTR_WITHOUT_SANDBOX) {
+        return;
+    }
+    INIT_ERROR_CHECK(execPath != NULL, return, "Service path is null.");
+    if (strncmp(execPath, "/system/bin/", strlen("/system/bin/")) == 0) {
+        INIT_INFO_CHECK(EnterSandbox("system") == 0, return,
+            "Service %s skip enter system sandbox.", execPath);
+    } else if (strncmp(execPath, "/vendor/bin/", strlen("/vendor/bin/")) == 0) {
+        INIT_INFO_CHECK(EnterSandbox("chipset") == 0, return,
+            "Service %s skip enter chipset sandbox.", execPath);
+    } else {
+        INIT_LOGI("Service %s does not enter sandbox", execPath);
+    }
+    return;
+}