!2035 需求：系统/芯片沙盒资源最小化

Merge pull request !2035 from cheng_jinsong/fly0609

!2035 需求：系统/芯片沙盒资源最小化
Merge pull request !2035 from cheng_jinsong/fly0609
55627ee6 · openharmony_ci · Gitee · 0fc3f0ef · b99e49df · 55627ee6
隐藏空白更改
内联并排

Showing with 58 addition and 35 deletion

services/sandbox/chipset-sandbox.json services/sandbox/chipset-sandbox.json +42 -27

services/sandbox/system-sandbox.json services/sandbox/system-sandbox.json +16 -8

未找到文件。
--- a/services/sandbox/chipset-sandbox.json
+++ b/services/sandbox/chipset-sandbox.json
 {
    "sandbox-root" : "/mnt/sandbox/chipset",
-    "mount-bind-paths" : [{
+    "mount-bind-paths" : [
+        {
            "src-path" : "/system/bin",
            "sandbox-path" : "/system/bin",
            "sandbox-flags" : [ "bind", "rec", "private" ]
        }, {
-            "src-path" : "/system/etc",
-            "sandbox-path" : "/system/etc",
+            "src-path" : "/system/etc/selinux",
+            "sandbox-path" : "/system/etc/selinux",
            "sandbox-flags" : [ "bind", "rec", "private" ]
        }, {
-            "src-path" : "/system/lib",
-            "sandbox-path" : "/system/lib",
+            "src-path" : "/system/lib/chipset-pub-sdk",
+            "sandbox-path" : "/system/lib/chipset-pub-sdk",
            "sandbox-flags" : [ "bind", "rec", "private" ]
        }, {
-            "src-path" : "/system/profile",
-            "sandbox-path" : "/system/profile",
+            "src-path" : "/system/lib/chipset-sdk",
+            "sandbox-path" : "/system/lib/chipset-sdk",
            "sandbox-flags" : [ "bind", "rec", "private" ]
        }, {
-            "src-path" : "/system/app",
-            "sandbox-path" : "/system/app",
-            "sandbox-flags" : [ "bind", "rec", "private" ],
-            "ignore": 1
-        }, {
-            "src-path" : "/system/fonts",
-            "sandbox-path" : "/system/fonts",
-            "sandbox-flags" : [ "bind", "rec", "private" ],
-            "ignore": 1
-        }, {
-            "src-path" : "/system/usr",
-            "sandbox-path" : "/system/usr",
-            "sandbox-flags" : [ "bind", "rec", "private" ],
-            "ignore": 1
+            "src-path" : "/system/lib/ndk",
+            "sandbox-path" : "/system/lib/ndk",
+            "sandbox-flags" : [ "bind", "rec", "private" ]
        }, {
            "src-path" : "/vendor",
            "sandbox-path" : "/vendor",
@@ -72,18 +62,43 @@
            "src-path" : "/storage",
            "sandbox-path" : "/storage",
            "sandbox-flags" : [ "bind", "rec", "private" ]
-        }, {
-            "src-path" : "/sys_prod",
-            "sandbox-path" : "/sys_prod",
-            "sandbox-flags" : [ "bind", "rec", "private" ]
        }, {
            "src-path" : "/chip_prod",
            "sandbox-path" : "/chip_prod",
            "sandbox-flags" : [ "bind", "rec", "private" ]
        }
    ],
-    "mount-bind-files" : [{
-    }],
+    "mount-bind-files" : [
+        {
+            "src-path" : "/system/etc/ld-musl-arm.path",
+            "sandbox-path" : "/system/etc/ld-musl-arm.path",
+            "sandbox-flags" : [ "bind", "rec", "private" ]
+        }, {
+            "src-path" : "/system/etc/ld-musl-namespace-arm.ini",
+            "sandbox-path" : "/system/etc/ld-musl-namespace-arm.ini",
+            "sandbox-flags" : [ "bind", "rec", "private" ]
+        }, {
+            "src-path" : "/system/lib/ld-musl-arm.so.1",
+            "sandbox-path" : "/system/lib/ld-musl-arm.so.1",
+            "sandbox-flags" : [ "bind", "rec", "private" ]
+        }, {
+            "src-path" : "/system/lib/libc.so",
+            "sandbox-path" : "/system/lib/libc.so",
+            "sandbox-flags" : [ "bind", "rec", "private" ]
+        }, {
+            "src-path" : "/system/lib/libc++.so",
+            "sandbox-path" : "/system/lib/libc++.so",
+            "sandbox-flags" : [ "bind", "rec", "private" ]
+        }, {
+            "src-path" : "/system/lib/libdisplay_buffer_proxy_1.0.z.so",
+            "sandbox-path" : "/system/lib/libdisplay_buffer_proxy_1.0.z.so",
+            "sandbox-flags" : [ "bind", "rec", "private" ]
+        }, {
+            "src-path" : "/system/lib/libclang_rt.ubsan_minimal.so",
+            "sandbox-path" : "/system/lib/libclang_rt.ubsan_minimal.so",
+            "sandbox-flags" : [ "bind", "rec", "private" ]
+        }
+    ],
    "symbol-links" : [{
            "target-name" : "/system/lib",
            "link-name" : "/lib"

--- a/services/sandbox/system-sandbox.json
+++ b/services/sandbox/system-sandbox.json
@@ -32,8 +32,12 @@
            "sandbox-flags" : [ "bind", "rec", "private" ],
            "ignore": 1
        }, {
-            "src-path" : "/vendor",
-            "sandbox-path" : "/vendor",
+            "src-path" : "/vendor/lib/chipsetsdk",
+            "sandbox-path" : "/vendor/lib/chipsetsdk",
+            "sandbox-flags" : [ "bind", "rec", "private" ]
+        }, {
+            "src-path" : "/vendor/lib/chipset-sdk",
+            "sandbox-path" : "/vendor/lib/chipset-sdk",
            "sandbox-flags" : [ "bind", "rec", "private" ]
        }, {
            "src-path" : "/dev",
@@ -74,17 +78,21 @@
            "sandbox-path" : "/sys_prod",
            "sandbox-flags" : [ "bind", "rec", "private" ]
        }, {
-            "src-path" : "/vendor",
-            "sandbox-path" : "/chipset",
+            "src-path" : "/vendor/etc",
+            "sandbox-path" : "/vendor/etc",
+            "sandbox-flags" : [ "bind", "rec", "private" ]
+        }
+    ],
+    "mount-bind-files" : [{
+            "src-path" : "/vendor/lib/libmapper_service_1.0.z.so",
+            "sandbox-path" : "/vendor/lib/libmapper_service_1.0.z.so",
            "sandbox-flags" : [ "bind", "rec", "private" ]
        }, {
-            "src-path" : "/chip_prod",
-            "sandbox-path" : "/chip_prod",
+            "src-path" : "/vendor/lib/libinput_interfaces_service_1.0.z.so",
+            "sandbox-path" : "/vendor/lib/libinput_interfaces_service_1.0.z.so",
            "sandbox-flags" : [ "bind", "rec", "private" ]
        }
    ],
-    "mount-bind-files" : [{
-    }],
    "symbol-links" : [{
            "target-name" : "/system/lib",
            "link-name" : "/lib"