From a55449163497154e2995b27fd8653cfff6f21dc5 Mon Sep 17 00:00:00 2001 From: woohoa Date: Tue, 9 Dec 2025 20:29:40 +0800 Subject: [PATCH] add path selinux Signed-off-by: woohoa --- bundle.json | 3 +- .../app_domain_verify_mgr_service.h | 3 +- services/BUILD.gn | 1 + .../core/app_domain_verify_mgr_service.cpp | 32 ++++++++++++++++++- .../BUILD.gn | 1 + 5 files changed, 37 insertions(+), 3 deletions(-) diff --git a/bundle.json b/bundle.json index fd5db97..15f20ca 100644 --- a/bundle.json +++ b/bundle.json @@ -50,7 +50,8 @@ "netmanager_base", "memmgr", "runtime_core", - "common_event_service" + "common_event_service", + "selinux_adapter" ], "third_party": [ "openssl" diff --git a/interfaces/inner_api/client/include/sa_interface/app_domain_verify_mgr_service.h b/interfaces/inner_api/client/include/sa_interface/app_domain_verify_mgr_service.h index f65c745..5ea1757 100644 --- a/interfaces/inner_api/client/include/sa_interface/app_domain_verify_mgr_service.h +++ b/interfaces/inner_api/client/include/sa_interface/app_domain_verify_mgr_service.h @@ -81,7 +81,8 @@ private: void FilterAbilitiesInner(std::string hostVerifyKey, const std::vector& originAbilityInfos, std::vector& filteredAbilityInfos); - + bool ResetDBSecurityByPath(); + bool IsExistDir(const std::string& dirPath); private: std::shared_ptr appDetailsDataMgr_ = nullptr; bool InitConfigMgr(); diff --git a/services/BUILD.gn b/services/BUILD.gn index 62d0fd6..13a6d79 100644 --- a/services/BUILD.gn +++ b/services/BUILD.gn @@ -105,6 +105,7 @@ ohos_shared_library("app_domain_verify_mgr_service") { "relational_store:native_rdb", "safwk:system_ability_fwk", "samgr:samgr_proxy", + "selinux_adapter:librestorecon" ] sanitize = { diff --git a/services/src/manager/core/app_domain_verify_mgr_service.cpp b/services/src/manager/core/app_domain_verify_mgr_service.cpp index daa618e..de70b12 100644 --- a/services/src/manager/core/app_domain_verify_mgr_service.cpp +++ b/services/src/manager/core/app_domain_verify_mgr_service.cpp @@ -29,7 +29,9 @@ #include "sa_interface/app_domain_verify_mgr_service.h" #include "common_event_manager.h" #include "common_event_support.h" - +#include "policycoreutils.h" +#include +#include namespace OHOS { namespace AppDomainVerify { constexpr const char* GET_DOMAIN_VERIFY_INFO = "ohos.permission.GET_APP_DOMAIN_BUNDLE_INFO"; @@ -43,8 +45,36 @@ const int32_t SUBSCRIBER_UID = 7996; AppDomainVerifyMgrService::AppDomainVerifyMgrService() : SystemAbility(APP_DOMAIN_VERIFY_MANAGER_SA_ID, true) { APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "new instance create."); + ResetDBSecurityByPath(); appDetailsDataMgr_ = std::make_shared(); } +bool AppDomainVerifyMgrService::IsExistDir(const std::string& dirPath) +{ + APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "IsExistDir."); + if (dirPath.empty()) { + return false; + } + + struct stat result = {}; + if (stat(dirPath.c_str(), &result) != 0) { + APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "fail stat errno %{public}d", errno); + return false; + } + + return S_ISDIR(result.st_mode); +} +bool AppDomainVerifyMgrService::ResetDBSecurityByPath() +{ + if (!IsExistDir(Constants::SERVICE_PATH)) { + APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, + "ResetDBSecurityByPath %{public}s does not existed", Constants::SERVICE_PATH); + return false; + } + + auto ret = RestoreconRecurse(Constants::SERVICE_PATH); + APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "RestoreconRecurse %{public}d.", ret); + return ERR_OK; +} AppDomainVerifyMgrService::~AppDomainVerifyMgrService() { diff --git a/test/unittest/services/app_domain_verify_mgr_service_test/BUILD.gn b/test/unittest/services/app_domain_verify_mgr_service_test/BUILD.gn index 41169b7..5e14b7c 100644 --- a/test/unittest/services/app_domain_verify_mgr_service_test/BUILD.gn +++ b/test/unittest/services/app_domain_verify_mgr_service_test/BUILD.gn @@ -97,6 +97,7 @@ ohos_unittest("app_domain_verify_mgr_service_test") { "samgr:dynamic_cache", "samgr:samgr_common", "samgr:samgr_proxy", + "selinux_adapter:librestorecon", ] defines = [ "API_EXPORT=__attribute__((visibility (\"default\")))" ]