harmony 鸿蒙appspawn Module

  • 2022-08-09
  • 浏览 (896)

appspawn Module

Overview

Introduction

The appspawn module spawns application processes upon receiving commands from the application framework, configures permissions for new processes, and calls the entry function of the application framework.

Basic Concepts

appspawn is a registered service name. The appspawn process receives requests from the client by listening to messages over the local socket. The message type is an AppParameter structure. It is defined in interfaces/innerkits/include/appspawn_msg.h.

Table 1 Field description |Field|Description| |——–|——–| |processName|Name of the service process to be started. The value contains a maximum of 256 bytes.| |bundleName|Bundle name of the application to be started. The value contains a maximum of 256 bytes.| |soPath|Path of the dynamic library specified by the application. The value contains a maximum of 256 bytes.| |uid|UID of the application process to be started.| |gid|GID of the application process to be started.| |gidTable|Information about the application process group to be started. Its length is specified by gidCount. A maximum of 64 process groups are supported. The value must be a positive number.| |gidCount|Number of application process groups to be started.| |accessTokenId|Token ID for application process permission control.| |apl|APL for application process permission control. The value contains a maximum of 32 bytes.| |renderCmd|Image rendering command. The value contains a maximum of 1024 bytes.| |flags|Cold start flag.| |pid|PID of the rendering process, which is used to query the process exit status.| |AppOperateType|Application operation type. The value 0 means to obtain the default status, and the value 1 means to obtain the rendering termination status.|

Constraints

The appspawn module is used only for the standard system.

Development Guidelines

Use Cases

  • Application security control based on SELinux tags

Example code: c++ AppSpawnClientExt *appProperty = (AppSpawnClientExt *)client; HapContext hapContext; ret = hapContext.HapDomainSetcontext(appProperty->property.apl, appProperty->property.processName); if (ret != 0) { APPSPAWN_LOGE("AppSpawnServer::Failed to hap domain set context, errno = %d %s", errno, appProperty->property.apl); } else { APPSPAWN_LOGI("AppSpawnServer::Success to hap domain set context, ret = %d", ret); } - Application process control

  • Support for setting of AccessToken for applications
  • Support for simultaneous stopping of all spawn application processes (after stopping of the appspawn process and before a restart)

Example code: AppSpawnClientExt *appProperty = (AppSpawnClientExt *)client; int32_t ret = SetSelfTokenID(appProperty->property.accessTokenId); APPSPAWN_LOGI("AppSpawnServer::set access token id = %d, ret = %d %d", appProperty->property.accessTokenId, ret, getuid());

  • Support for cold start of applications by using the aa command

    param set startup.appspawn.cold.boot 1 // Enable cold start.
    aa start -d 12345 -a $name -b $package -C
    Reference command:
    aa start -d 12345 -a ohos.acts.startup.sysparam.function.MainAbility -b ohos.acts.startup.sysparam.function -C
    
  • Application sandbox

Applications run independently in their own sandbox environments. In an application sandbox, only necessary libraries or files of applications are retained and data of different applications is isolated.

Available APIs

The API definitions are provided in /interfaces/innerkits/include/client_socket.h. Table 2 is a list of available APIs.

Table 2 API description |API|Description| |——–|——–| |CreateClient|Creates a client.| |CloseClient|Closes a client.| |ConnectSocket|Sends a connection request to the appspawn service.| |WriteSocketMessage|Sends a message to the appspawn service.| |ReadSocketMessage|Receives a message from the appspawn service.|

How to Develop

Sandbox configuration description:

    {
        "common" : [{                                           // Common mount options of the application sandbox
            "top-sandbox-switch": "ON",                         // Application sandbox switch. The value ON means to enable the applicable sandbox, and the value OFF means the opposite.
            "app-base" : [{
                "sandbox-root" : "/mnt/sandbox/<PackageName>",  // Root path of the application sandbox
                "mount-paths" : [{
                        "src-path" : "/config",                 // Source mount path
                        "sandbox-path" : "/config",             // Sandbox mount path
                        "sandbox-flags" : [ "bind", "rec" ],    // Mount mode
                        "check-action-status": "false"          // Whether to check the mount result. The value true means to check the mount result, and the value false means the opposite.
                    }
                ],
                "symbol-links" : [{                             // Link path
                        "target-name" : "/system/bin",          // Source link path
                        "link-name" : "/bin",                   // Link name
                        "check-action-status": "false"
                    }
                ]
            }],
        // Reference application-specific configuration
        "individual" : [{                                        // Independent mount options of an application
            "com.ohos.medialibrary.MediaLibraryDataA" : [{       // Application name
                "sandbox-switch": "ON",                          // Application sandbox switch. The value ON means to enable the applicable sandbox, and the value OFF means the opposite.
                "sandbox-root" : "/mnt/sandbox/<PackageName>",   // Root path of the application sandbox
                "mount-paths" : [{
                        "src-path" : "/storage/media/<currentUserId>",
                        "sandbox-path" : "/storage/media",
                        "sandbox-flags" : [ "bind", "rec" ],
                        "check-action-status": "false"
                    }
                ],
                "symbol-links" : []
            }]
        }]
    }

Modify configuration files by referring to the sandbox configuration description.

  • On the device, go to /system/etc/sandbox/, modify the sandbox configuration files, and restart the device.
  • In the code path, go to base/startup/appspawn_standard, and modify the sandbox configuration files.

Table 3 Description of sandbox configuration files

Sandbox Configuration File Description
appdata-sandbox64.json Sandbox configuration for the 64-bit OS
appdata-sandbox.json Sandbox configuration for the 32-bit OS
product-sandbox.json Product-specific configuration for the application sandbox

Development Example

The following is the sample code for adding product-specific configuration for the launcher application:

  "com.ohos.launcher" : [{
      "sandbox-switch": "ON",
      "sandbox-root" : "/mnt/sandbox/<PackageName>",
      "mount-paths" : [{
              "src-path" : "/data/app/el1/bundle/public/",
              "sandbox-path" : "/data/bundles/",
              "sandbox-flags" : [ "bind", "rec" ],
              "check-action-status": "true"
          }
      ],
      "symbol-links" : []
  }],

FAQ

Cold Start of Applications Failed

Symptom
Applications fail to be started by running the cold start command.

Solution
1. Enable cold start by setting param set startup.appspawn.cold.boot 1.
2. Make sure that the cold start command is correct.

你可能感兴趣的鸿蒙文章

harmony 鸿蒙Subsystems

harmony 鸿蒙AI Framework Development Guide

harmony 鸿蒙NNRt Access Adaptation

harmony 鸿蒙Application Privilege Configuration

harmony 鸿蒙Development Example

harmony 鸿蒙Setting Up a Development Environment

harmony 鸿蒙Development Guidelines

harmony 鸿蒙Application Framework Overview

harmony 鸿蒙ArkCompiler Development

harmony 鸿蒙Custom Window Title Bar Development

0  赞