mirror of
https://gitee.com/openharmony/arkcompiler_ets_runtime
synced 2024-10-06 23:54:03 +00:00
Set Security Label For AOT Files
Issue:https://gitee.com/openharmony/arkcompiler_ets_runtime/issues/IAL8CF Signed-off-by: wu_zhang_da <wuzhangda@huawei.com> Change-Id: Ia99bdb47c4e09f943f19a489713b144c1b89cc75
This commit is contained in:
parent
3614686182
commit
019e386c0b
@ -21,6 +21,7 @@
|
||||
#include "ecmascript/pgo_profiler/pgo_profiler_manager.h"
|
||||
#include "ecmascript/platform/code_sign.h"
|
||||
#include "ecmascript/platform/directory.h"
|
||||
#include "ecmascript/platform/os.h"
|
||||
#include "ecmascript/snapshot/mem/snapshot.h"
|
||||
#include "ecmascript/stackmap/ark_stackmap_builder.h"
|
||||
#include "ecmascript/stackmap/llvm/llvm_stackmap_parser.h"
|
||||
@ -665,6 +666,7 @@ bool AOTFileGenerator::SaveAOTFile(const std::string &filename, const std::strin
|
||||
LOG_COMPILER(ERROR) << "Fail to set an file mode:" << filename;
|
||||
return false;
|
||||
}
|
||||
SetSecurityLabel(filename);
|
||||
panda::ecmascript::CodeSignatureForAOTFile(filename, appSignature);
|
||||
return true;
|
||||
}
|
||||
@ -790,6 +792,7 @@ bool AOTFileGenerator::SaveSnapshotFile()
|
||||
LOG_COMPILER(ERROR) << "Fail to set ai file mode:" << aiPath;
|
||||
return false;
|
||||
}
|
||||
SetSecurityLabel(aiPath.c_str());
|
||||
return true;
|
||||
}
|
||||
} // namespace panda::ecmascript::kungfu
|
||||
|
@ -19,6 +19,7 @@
|
||||
#include "ecmascript/compiler/aot_compiler_preprocessor.h"
|
||||
#include "ecmascript/log_wrapper.h"
|
||||
#include "ecmascript/ohos/ohos_pkg_args.h"
|
||||
#include "ecmascript/platform/os.h"
|
||||
|
||||
namespace panda::ecmascript::kungfu {
|
||||
class OhosPgoProcessor {
|
||||
@ -50,6 +51,7 @@ public:
|
||||
ASSERT(mainPkgArgs != nullptr);
|
||||
// all ohos ap(s) merged into the merged ap file.
|
||||
cOptions.profilerIn_ = mainPkgArgs->GetMergedApPath();
|
||||
SetSecurityLabel(cOptions.profilerIn_);
|
||||
ASSERT(!cOptions.profilerIn_.empty());
|
||||
return true;
|
||||
}
|
||||
|
@ -32,6 +32,7 @@
|
||||
#include "ecmascript/platform/file.h"
|
||||
#include "ecmascript/platform/mutex.h"
|
||||
#include "ecmascript/taskpool/taskpool.h"
|
||||
#include "ecmascript/platform/os.h"
|
||||
|
||||
namespace panda::ecmascript::pgo {
|
||||
void PGOProfilerEncoder::Destroy()
|
||||
@ -69,6 +70,9 @@ bool PGOProfilerEncoder::ResetOutPath(const std::string &profileFileName)
|
||||
if (realOutPath_.compare(realOutPath_.length() - suffixLength, suffixLength, ApNameUtils::AP_SUFFIX)) {
|
||||
realOutPath_ += "/" + profileFileName;
|
||||
}
|
||||
|
||||
SetSecurityLabel(realOutPath_);
|
||||
|
||||
LOG_ECMA(INFO) << "Save profiler to file:" << realOutPath_;
|
||||
return true;
|
||||
}
|
||||
|
@ -18,9 +18,13 @@
|
||||
|
||||
#include <cstddef>
|
||||
#include <cstdint>
|
||||
#include <string>
|
||||
#include "ecmascript/common.h"
|
||||
|
||||
namespace panda::ecmascript {
|
||||
const char XATTR_KEY[] = {"user.security"};
|
||||
const std::string DEFAULT_DATA_LEVEL = "s1";
|
||||
const int DEFAULT_DATA_LENGTH = 2;
|
||||
size_t MallocUsableSize(void *p);
|
||||
uint32_t NumberOfCpuCore();
|
||||
size_t PhysicalSize();
|
||||
@ -28,6 +32,7 @@ int PrctlSetVMA(const void *p, const size_t size, const char *tag);
|
||||
long PtracePeektext(int pid, uintptr_t addr);
|
||||
PUBLIC_API void BindSmallCpuCore();
|
||||
PUBLIC_API void BindMidCpuCore();
|
||||
PUBLIC_API void SetSecurityLabel(const std::string& path);
|
||||
void PUBLIC_API *PageMapExecFortSpace(void *addr, size_t size, int prot);
|
||||
} // namespace panda::ecmascript
|
||||
#endif // ECMASCRIPT_PLATFORM_OS_H
|
||||
|
@ -21,6 +21,8 @@
|
||||
#include <sys/prctl.h>
|
||||
#include <sys/ptrace.h>
|
||||
#include <sys/sysinfo.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/xattr.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "ecmascript/log_wrapper.h"
|
||||
@ -100,4 +102,19 @@ void *PageMapExecFortSpace(void *addr, size_t size, int prot)
|
||||
}
|
||||
return res;
|
||||
}
|
||||
|
||||
void SetSecurityLabel(const std::string& path)
|
||||
{
|
||||
const std::string dataLevel = DEFAULT_DATA_LEVEL;
|
||||
auto xattrValueSize = getxattr(path.c_str(), XATTR_KEY, nullptr, 0);
|
||||
if (xattrValueSize == static_cast<ssize_t>(DEFAULT_DATA_LENGTH)) {
|
||||
char xattrValue[DEFAULT_DATA_LENGTH + 1];
|
||||
xattrValueSize = getxattr(path.c_str(), XATTR_KEY, xattrValue, xattrValueSize);
|
||||
xattrValue[DEFAULT_DATA_LENGTH] = '\0';
|
||||
}
|
||||
|
||||
if (setxattr(path.c_str(), XATTR_KEY, dataLevel.c_str(), dataLevel.size(), 0) < 0) {
|
||||
LOG_ECMA(WARN) << "set label failed! level: " << dataLevel << ", file: " << path;
|
||||
}
|
||||
}
|
||||
} // namespace panda::ecmascript
|
||||
|
@ -18,6 +18,8 @@
|
||||
#include <ctime>
|
||||
#include <malloc/malloc.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/xattr.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "ecmascript/log_wrapper.h"
|
||||
@ -41,7 +43,7 @@ size_t PhysicalSize()
|
||||
mib[1] = HW_MEMSIZE;
|
||||
int64_t size = 0;
|
||||
size_t bufferLength = sizeof(size);
|
||||
if (sysctl(mib, MIB_LENGTH, &size, &bufferLength, NULL, 0) != 0) {
|
||||
if (sysctl(mib, MIB_LENGTH, &size, &bufferLength, nullptr, 0) != 0) {
|
||||
LOG_ECMA(FATAL) << "sysctl error";
|
||||
}
|
||||
return static_cast<size_t>(size);
|
||||
@ -72,4 +74,19 @@ void *PageMapExecFortSpace(void *addr, [[maybe_unused]] size_t size, [[maybe_unu
|
||||
// basically no op
|
||||
return addr;
|
||||
}
|
||||
|
||||
void SetSecurityLabel(const std::string& path)
|
||||
{
|
||||
const std::string dataLevel = DEFAULT_DATA_LEVEL;
|
||||
auto xattrValueSize = getxattr(path.c_str(), XATTR_KEY, nullptr, 0, 0, 0);
|
||||
if (xattrValueSize == static_cast<ssize_t>(DEFAULT_DATA_LENGTH)) {
|
||||
char xattrValue[DEFAULT_DATA_LENGTH + 1];
|
||||
xattrValueSize = getxattr(path.c_str(), XATTR_KEY, xattrValue, xattrValueSize, 0, 0);
|
||||
xattrValue[DEFAULT_DATA_LENGTH] = '\0';
|
||||
}
|
||||
|
||||
if (setxattr(path.c_str(), XATTR_KEY, dataLevel.c_str(), dataLevel.size(), 0, 0) < 0) {
|
||||
LOG_ECMA(WARN) << "set label failed! level: " << dataLevel << ", file: " << path;
|
||||
}
|
||||
}
|
||||
} // namespace panda::ecmascript
|
||||
|
@ -68,4 +68,9 @@ void *PageMapExecFortSpace(void *addr, [[maybe_unused]] size_t size, [[maybe_unu
|
||||
// basically no op
|
||||
return addr;
|
||||
}
|
||||
|
||||
void SetSecurityLabel([[maybe_unused]] const std::string& path)
|
||||
{
|
||||
LOG_ECMA(INFO) << "Set Security Label in windows not support";
|
||||
}
|
||||
} // namespace panda::ecmascript
|
||||
|
@ -133,6 +133,7 @@
|
||||
panda::ecmascript::BigInt::Int32ToBigInt*;
|
||||
panda::ecmascript::BindSmallCpuCore*;
|
||||
panda::ecmascript::BindMidCpuCore*;
|
||||
panda::ecmascript::SetSecurityLabel*;
|
||||
panda::ecmascript::ClassHelper::MatchFieldType*;
|
||||
panda::ecmascript::ConstantPool::GetMethodFromCache*;
|
||||
panda::ecmascript::ConstantPool::GetStringFromCacheForJit*;
|
||||
|
Loading…
Reference in New Issue
Block a user