1# appspawn Module<a name="EN-US_TOPIC_0000001063680582"></a> 2 3## Overview 4 5### Introduction 6 7 The appspawn module spawns application processes upon receiving commands from the application framework, configures permissions for new processes, and calls the entry function of the application framework. 8 9### Basic Concepts 10 11 **appspawn** is a registered service name. The appspawn process receives requests from the client by listening to messages over the local socket. The message type is an **AppParameter** structure. It is defined in **interfaces/innerkits/include/appspawn_msg.h**. 12 13 **Table 1** Field description 14 | Field| Description| 15 | -------- | -------- | 16 | processName | Name of the service process to be started. The value contains a maximum of 256 bytes.| 17 | bundleName | Bundle name of the application to be started. The value contains a maximum of 256 bytes.| 18 | soPath | Path of the dynamic library specified by the application. The value contains a maximum of 256 bytes.| 19 | uid | UID of the application process to be started.| 20 | gid | GID of the application process to be started.| 21 | gidTable | Information about the application process group to be started. Its length is specified by **gidCount**. A maximum of 64 process groups are supported. The value must be a positive number.| 22 | gidCount | Number of application process groups to be started.| 23 | accessTokenId | Token ID for application process permission control.| 24 | apl | APL for application process permission control. The value contains a maximum of 32 bytes.| 25 | renderCmd | Image rendering command. The value contains a maximum of 1024 bytes.| 26 | flags | Cold start flag.| 27 | pid | PID of the rendering process, which is used to query the process exit status.| 28 | AppOperateType | Application operation type. The value **0** means to obtain the default status, and the value **1** means to obtain the rendering termination status.| 29 30### Constraints 31The appspawn module is used only for the standard system. 32 33## Development Guidelines 34 35### Use Cases 36 37- Application security control based on SELinux tags 38 39 40 41 Example code: 42 ```c++ 43 AppSpawnClientExt *appProperty = (AppSpawnClientExt *)client; 44 HapContext hapContext; 45 ret = hapContext.HapDomainSetcontext(appProperty->property.apl, appProperty->property.processName); 46 if (ret != 0) { 47 APPSPAWN_LOGE("AppSpawnServer::Failed to hap domain set context, errno = %d %s", 48 errno, appProperty->property.apl); 49 } else { 50 APPSPAWN_LOGI("AppSpawnServer::Success to hap domain set context, ret = %d", ret); 51 } 52 ``` 53- Application process control 54 55 - Support for setting of AccessToken for applications 56 - Support for simultaneous stopping of all spawn application processes (after stopping of the appspawn process and before a restart) 57 58 Example code: 59 ``` 60 AppSpawnClientExt *appProperty = (AppSpawnClientExt *)client; 61 int32_t ret = SetSelfTokenID(appProperty->property.accessTokenId); 62 APPSPAWN_LOGI("AppSpawnServer::set access token id = %d, ret = %d %d", appProperty->property.accessTokenId, ret, getuid()); 63 ``` 64 65- Support for cold start of applications by using the aa command 66 67 68 ``` 69 param set startup.appspawn.cold.boot 1 // Enable the cold start function. 70 aa start -d 12345 -a $name -b $package -C 71 Reference command: 72 aa start -d 12345 -a ohos.acts.startup.sysparam.function.MainAbility -b ohos.acts.startup.sysparam.function -C 73 ``` 74 75- Application sandbox 76 77 Applications run independently in their own sandbox environments. In an application sandbox, only necessary libraries or files of applications are retained and data of different applications is isolated. 78 79### Available APIs 80 81 The API definitions are provided in **/base/startup/appspawn/interfaces/innerkits/include/client_socket.h**. Table 2 is a list of available APIs. 82 83 **Table 2** API description 84 | API| Description| 85 | -------- | -------- | 86 | CreateClient | Creates a client.| 87 | CloseClient | Closes a client.| 88 | ConnectSocket | Sends a connection request to the appspawn service.| 89 | WriteSocketMessage | Sends a message to the appspawn service.| 90 | ReadSocketMessage | Receives a message from the appspawn service.| 91 92### How to Develop 93 94 Sandbox configuration description: 95 96 ``` 97 { 98 "common" : [{ // Common mount options of the application sandbox 99 "top-sandbox-switch": "ON", // Application sandbox switch. The value ON means to enable the applicable sandbox, and the value OFF means the opposite. 100 "app-base" : [{ 101 "sandbox-root" : "/mnt/sandbox/<PackageName>", // Root path of the application sandbox 102 "mount-paths" : [{ 103 "src-path" : "/config", // Source mount path 104 "sandbox-path" : "/config", // Sandbox mount path 105 "sandbox-flags" : [ "bind", "rec" ], // Mount mode 106 "check-action-status": "false" // Whether to check the mount result. The value true means to check the mount result, and the value false means the opposite. 107 } 108 ], 109 "symbol-links" : [{ // Link path 110 "target-name" : "/system/bin", // Source link path 111 "link-name" : "/bin", // Link name 112 "check-action-status": "false" 113 } 114 ] 115 }], 116 // Reference application-specific configuration 117 "individual" : [{ // Independent mount options of an application 118 "com.ohos.medialibrary.MediaLibraryDataA" : [{ // Application name 119 "sandbox-switch": "ON", // Application sandbox switch. The value ON means to enable the applicable sandbox, and the value OFF means the opposite. 120 "sandbox-root" : "/mnt/sandbox/<PackageName>", // Root path of the application sandbox 121 "mount-paths" : [{ 122 "src-path" : "/storage/media/<currentUserId>", 123 "sandbox-path" : "/storage/media", 124 "sandbox-flags" : [ "bind", "rec" ], 125 "check-action-status": "false" 126 } 127 ], 128 "symbol-links" : [] 129 }] 130 }] 131 } 132 ``` 133 134 Modify configuration files by referring to the sandbox configuration description. 135 136 - On the device, go to **/system/etc/sandbox/**, modify the sandbox configuration files, and restart the device. 137 - In the code path, go to **base/startup/appspawn**, and modify the sandbox configuration files. 138 139 **Table 3** Description of sandbox configuration files 140 141 | Sandbox Configuration File| Description| 142 | -------- | -------- | 143 | appdata-sandbox-app.json | Mount point configuration for applications in the new feature sandbox.| 144 | appdata-sandbox-asan.json | Additional mount point configuration for applications in the new feature sandbox of the ASan version.| 145 | appdata-sandbox-isolated-new.json | Mount point configuration for native processes in the new feature sandbox. | 146 | appdata-sandbox-isolated.json | Mount point configuration for native processes in the sandbox.| 147 | appdata-sandbox-nweb.json | Mount point configuration for rendering processes in the new feature sandbox.| 148 | appdata-sandbox.json | Sandbox configuration for the 32-bit OS.| 149 | appdata-sandbox64.json | Sandbox configuration for the 64-bit OS.| 150 | appspawn_preload.json | Preloading configuration.| 151 152### Development Example 153The following is the sample code for adding product-specific configuration for the launcher application: 154 ```c++ 155 "com.ohos.launcher" : [{ 156 "sandbox-switch": "ON", 157 "sandbox-root" : "/mnt/sandbox/<PackageName>", 158 "mount-paths" : [{ 159 "src-path" : "/data/app/el1/bundle/public/", 160 "sandbox-path" : "/data/bundles/", 161 "sandbox-flags" : [ "bind", "rec" ], 162 "check-action-status": "true" 163 } 164 ], 165 "symbol-links" : [] 166 }], 167 ``` 168 169## FAQ 170 171### Cold Start of Applications Failed 172 173 **Symptom** 174 <br>Applications fail to be started by running the cold start command. 175 176 **Solution** 177 <br>  1. Set **param set startup.appspawn.cold.boot 1** for cold start to take effect. 178 <br>  2. Make sure that the cold start command is correct. 179