add path selinux

Signed-off-by: woohoa <wanghuan36@huawei.com>
This commit is contained in:
woohoa
2025-12-09 20:29:40 +08:00
parent 59f1238a7e
commit a554491634
5 changed files with 37 additions and 3 deletions
+2 -1
View File
@@ -50,7 +50,8 @@
"netmanager_base",
"memmgr",
"runtime_core",
"common_event_service"
"common_event_service",
"selinux_adapter"
],
"third_party": [
"openssl"
@@ -81,7 +81,8 @@ private:
void FilterAbilitiesInner(std::string hostVerifyKey,
const std::vector<OHOS::AppExecFwk::AbilityInfo>& originAbilityInfos,
std::vector<OHOS::AppExecFwk::AbilityInfo>& filteredAbilityInfos);
bool ResetDBSecurityByPath();
bool IsExistDir(const std::string& dirPath);
private:
std::shared_ptr<AppDetailsDataMgr> appDetailsDataMgr_ = nullptr;
bool InitConfigMgr();
+1
View File
@@ -105,6 +105,7 @@ ohos_shared_library("app_domain_verify_mgr_service") {
"relational_store:native_rdb",
"safwk:system_ability_fwk",
"samgr:samgr_proxy",
"selinux_adapter:librestorecon"
]
sanitize = {
@@ -29,7 +29,9 @@
#include "sa_interface/app_domain_verify_mgr_service.h"
#include "common_event_manager.h"
#include "common_event_support.h"
#include "policycoreutils.h"
#include <sys/stat.h>
#include <unistd.h>
namespace OHOS {
namespace AppDomainVerify {
constexpr const char* GET_DOMAIN_VERIFY_INFO = "ohos.permission.GET_APP_DOMAIN_BUNDLE_INFO";
@@ -43,8 +45,36 @@ const int32_t SUBSCRIBER_UID = 7996;
AppDomainVerifyMgrService::AppDomainVerifyMgrService() : SystemAbility(APP_DOMAIN_VERIFY_MANAGER_SA_ID, true)
{
APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "new instance create.");
ResetDBSecurityByPath();
appDetailsDataMgr_ = std::make_shared<AppDetailsDataMgr>();
}
bool AppDomainVerifyMgrService::IsExistDir(const std::string& dirPath)
{
APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "IsExistDir.");
if (dirPath.empty()) {
return false;
}
struct stat result = {};
if (stat(dirPath.c_str(), &result) != 0) {
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "fail stat errno %{public}d", errno);
return false;
}
return S_ISDIR(result.st_mode);
}
bool AppDomainVerifyMgrService::ResetDBSecurityByPath()
{
if (!IsExistDir(Constants::SERVICE_PATH)) {
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE,
"ResetDBSecurityByPath %{public}s does not existed", Constants::SERVICE_PATH);
return false;
}
auto ret = RestoreconRecurse(Constants::SERVICE_PATH);
APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "RestoreconRecurse %{public}d.", ret);
return ERR_OK;
}
AppDomainVerifyMgrService::~AppDomainVerifyMgrService()
{
@@ -97,6 +97,7 @@ ohos_unittest("app_domain_verify_mgr_service_test") {
"samgr:dynamic_cache",
"samgr:samgr_common",
"samgr:samgr_proxy",
"selinux_adapter:librestorecon",
]
defines = [ "API_EXPORT=__attribute__((visibility (\"default\")))" ]