diff --git a/services/init/include/init.h b/services/init/include/init.h index f3dcc22cec5eff97c12c1199bc353a0e89161533..b7f5e913ed3dc78f912a1c0a3667dcb59c09b820 100644 --- a/services/init/include/init.h +++ b/services/init/include/init.h @@ -43,7 +43,6 @@ void SystemExecuteRcs(void); void ReadConfig(void); void SignalInit(void); -void SetServiceEnterSandbox(const char *path, unsigned int attribute); #ifdef __cplusplus #if __cplusplus diff --git a/services/init/include/init_service.h b/services/init/include/init_service.h index c41d80997638148e3dd70acbc3ce9a99a28fd4c1..8a54952330eaf7e7d3150b1fe8830555b55595d3 100644 --- a/services/init/include/init_service.h +++ b/services/init/include/init_service.h @@ -178,7 +178,9 @@ int SetAccessToken(const Service *service); void GetAccessToken(void); void ServiceStopTimer(Service *service); void ServiceStartTimer(Service *service, uint64_t timeout); +void IsEnableSandbox(void); void EnterServiceSandbox(Service *service); +void SetServiceEnterSandbox(const char *execPath, unsigned int attribute); #ifdef __cplusplus #if __cplusplus } diff --git a/services/init/init_common_service.c b/services/init/init_common_service.c index bc188ec052f1a15185522dd1981a649113a0b37b..601f743cf7dce68b55427d95699b93d8af37c69c 100644 --- a/services/init/init_common_service.c +++ b/services/init/init_common_service.c @@ -291,7 +291,7 @@ static void ClearEnvironment(Service *service) return; } -static int InitServicePropertys(Service *service) +static int InitServiceProperties(Service *service) { INIT_ERROR_CHECK(service != NULL, return -1, "Invalid parameter."); SetServiceEnterSandbox(service->pathArgs.argv[0], service->attribute); @@ -331,7 +331,7 @@ static int InitServicePropertys(Service *service) void EnterServiceSandbox(Service *service) { - INIT_ERROR_CHECK(InitServicePropertys(service) == 0, return, "Failed init service property"); + INIT_ERROR_CHECK(InitServiceProperties(service) == 0, return, "Failed init service property"); if (service->importance != 0) { if (setpriority(PRIO_PROCESS, 0, service->importance) != 0) { INIT_LOGE("setpriority failed for %s, importance = %d, err=%d", @@ -374,7 +374,7 @@ int ServiceStart(Service *service) int pid = fork(); if (pid == 0) { // fail must exit sub process - INIT_ERROR_CHECK(InitServicePropertys(service) == 0, + INIT_ERROR_CHECK(InitServiceProperties(service) == 0, _exit(PROCESS_EXIT_CODE), "Failed init service property"); ServiceExec(service); _exit(PROCESS_EXIT_CODE); diff --git a/services/init/lite/init.c b/services/init/lite/init.c index 2edb217aac5061caa002350045b343a585efb312..2719496b93476d237e8f33815bdb0b132cf30796 100644 --- a/services/init/lite/init.c +++ b/services/init/lite/init.c @@ -96,10 +96,3 @@ void SystemRun(void) } #endif } - -void SetServiceEnterSandbox(const char *path, unsigned int attribute) -{ - UNUSED(path); - UNUSED(attribute); - return; -} diff --git a/services/init/lite/init_service.c b/services/init/lite/init_service.c index b30c415bf53278a176b32bca77c6688f0f4758c2..d1afb61e22176a45ca973da521b05e6c5d08c5c1 100644 --- a/services/init/lite/init_service.c +++ b/services/init/lite/init_service.c @@ -95,3 +95,15 @@ void GetAccessToken(void) { return; } + +void IsEnableSandbox(void) +{ + return; +} + +void SetServiceEnterSandbox(const char *path, unsigned int attribute) +{ + UNUSED(path); + UNUSED(attribute); + return; +} diff --git a/services/init/standard/init.c b/services/init/standard/init.c index 5036fb56b1624d642c5999d06a365f4507ed66ef..ca34ee05d09fda9e0d33fe2c0db04e27d42708da 100755 --- a/services/init/standard/init.c +++ b/services/init/standard/init.c @@ -43,12 +43,8 @@ #include "ueventd.h" #include "ueventd_socket.h" #include "fd_holder_internal.h" -#include "sandbox.h" -#include "sandbox_namespace.h" #include "bootstage.h" -static bool g_enableSandbox; - static int FdHolderSockInit(void) { int sock = -1; @@ -263,24 +259,6 @@ static void BootStateChange(const char *content) } } -static void IsEnableSandbox(void) -{ - const char *name = "const.sandbox"; - char value[MAX_BUFFER_LEN] = {0}; - unsigned int len = MAX_BUFFER_LEN; - if (SystemReadParam(name, value, &len) != 0) { - INIT_LOGE("Failed read param."); - g_enableSandbox = false; - } - if (strcmp(value, "enable") == 0) { - INIT_LOGI("Enable sandbox."); - g_enableSandbox = true; - } else { - INIT_LOGI("Disable sandbox."); - g_enableSandbox = false; - } -} - static void InitLoadParamFiles(void) { if (InUpdaterMode() != 0) { @@ -372,31 +350,3 @@ void SystemRun(void) { StartParamService(); } - -void SetServiceEnterSandbox(const char *execPath, unsigned int attribute) -{ - if (g_enableSandbox == false) { - return; - } - if ((attribute & SERVICE_ATTR_WITHOUT_SANDBOX) == SERVICE_ATTR_WITHOUT_SANDBOX) { - return; - } - INIT_ERROR_CHECK(execPath != NULL, return, "Service path is null."); - if (strncmp(execPath, "/system/bin/", strlen("/system/bin/")) == 0) { - if (strcmp(execPath, "/system/bin/appspawn") == 0) { - INIT_LOGI("Appspawn skip enter sandbox."); - } else if (strcmp(execPath, "/system/bin/hilogd") == 0) { - INIT_LOGI("Hilogd skip enter sandbox."); - } else { - INIT_INFO_CHECK(EnterSandbox("system") == 0, return, - "Service %s skip enter sandbox system.", execPath); - } - } else if (strncmp(execPath, "/vendor/bin/", strlen("/vendor/bin/")) == 0) { - // chipset sandbox will be implemented later. - INIT_INFO_CHECK(EnterSandbox("chipset") == 0, return, - "Service %s skip enter sandbox system.", execPath); - } else { - INIT_LOGI("Service %s does not enter sandbox", execPath); - } - return; -} diff --git a/services/init/standard/init_service.c b/services/init/standard/init_service.c index 4fc0a0f0936aab08478d3727f25d8bee076bfa5b..cd4e8ff4010f59b0327d19caff0e1fd80974e2e1 100644 --- a/services/init/standard/init_service.c +++ b/services/init/standard/init_service.c @@ -29,11 +29,15 @@ #include "securec.h" #include "token_setproc.h" #include "nativetoken_kit.h" +#include "sandbox.h" +#include "sandbox_namespace.h" #include "service_control.h" #define MIN_IMPORTANT_LEVEL (-20) #define MAX_IMPORTANT_LEVEL 19 +static bool g_enableSandbox = false; + void NotifyServiceChange(Service *service, int status) { INIT_LOGI("NotifyServiceChange %s %d to %d", service->name, service->status, status); @@ -130,3 +134,35 @@ void GetAccessToken(void) node = GetNextGroupNode(NODE_TYPE_SERVICES, node); } } + +void IsEnableSandbox(void) +{ + char value[MAX_BUFFER_LEN] = {0}; + unsigned int len = MAX_BUFFER_LEN; + if (SystemReadParam("const.sandbox", value, &len) == 0) { + if (strcmp(value, "enable") == 0) { + g_enableSandbox = true; + } + } +} + +void SetServiceEnterSandbox(const char *execPath, unsigned int attribute) +{ + if (g_enableSandbox == false) { + return; + } + if ((attribute & SERVICE_ATTR_WITHOUT_SANDBOX) == SERVICE_ATTR_WITHOUT_SANDBOX) { + return; + } + INIT_ERROR_CHECK(execPath != NULL, return, "Service path is null."); + if (strncmp(execPath, "/system/bin/", strlen("/system/bin/")) == 0) { + INIT_INFO_CHECK(EnterSandbox("system") == 0, return, + "Service %s skip enter system sandbox.", execPath); + } else if (strncmp(execPath, "/vendor/bin/", strlen("/vendor/bin/")) == 0) { + INIT_INFO_CHECK(EnterSandbox("chipset") == 0, return, + "Service %s skip enter chipset sandbox.", execPath); + } else { + INIT_LOGI("Service %s does not enter sandbox", execPath); + } + return; +}