openharmony/security_security_guard
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_security_guard synced 2024-11-23 14:39:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!67 增加sc dlclose 避免句柄泄露

Browse Source 
Merge pull request !67 from 王毅/master
This commit is contained in:
openharmony_ci 2024-10-14 01:25:32 +00:00 committed by Gitee
commit 597e10bbde
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
14 changed files with 43 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
services/data_collect/sa/data_collect_manager_service.cpp
View File

@ -227,7 +227,7 @@ int32_t DataCollectManagerService::RequestRiskData(std::string &devId, std::stri
std::vector<SecEvent> DataCollectManagerService::GetSecEventsFromConditions(RequestCondition &condition)
{
std::vector<SecEvent> events;
std::vector<SecEvent> events {};
if (condition.beginTime.empty() && condition.endTime.empty()) {
(void) DatabaseManager::GetInstance().QueryEventByEventId(RISK_TABLE, condition.riskEvent, events);
} else {

5
services/security_collector/include/data_collection.h
View File

@ -40,6 +40,7 @@ public:
int32_t QuerySecurityEvent(const std::vector<SecurityEventRuler> rulers,
std::vector<SecurityEvent> &events);
bool SecurityGuardSubscribeCollector(const std::vector<int64_t>& eventIds);
void CloseLib();
private:
DataCollection() = default;
ErrorCode LoadCollector(int64_t eventId, std::string path, std::shared_ptr<ICollectorFwk> api);
@ -48,7 +49,9 @@ private:
ErrorCode CheckFileStream(std::ifstream &stream);
bool IsCollectorStarted(int64_t eventId);
std::mutex mutex_;
std::unordered_map<int64_t, std::unique_ptr<LibLoader>> eventIdToLoaderMap_;
std::mutex closeLibmutex_;
std::unordered_map<int64_t, LibLoader> eventIdToLoaderMap_;
std::unordered_map<int64_t, LibLoader> needCloseLibMap_;
};
}
#endif // DATA_COLLECTION_H

4
services/security_collector/include/lib_loader.h
View File

@ -30,11 +30,9 @@ public:
~LibLoader();
ErrorCode LoadLib();
ICollector* CallGetCollector();
private:
void UnLoadLib();
private:
void* m_handle{ nullptr };
std::atomic<bool> m_isLoaded{ false };
const std::string m_libPath;
};
}

32
services/security_collector/src/data_collection.cpp
View File

@ -112,7 +112,7 @@ bool DataCollection::StopCollectors(const std::vector<int64_t>& eventIds)
LOGI("Collector not found, eventId is 0x%{public}" PRIx64, eventId);
continue;
}
ICollector* collector = loader->second->CallGetCollector();
ICollector* collector = loader->second.CallGetCollector();
if (collector == nullptr) {
LOGE("CallGetCollector error");
ret = false;
@ -134,16 +134,28 @@ bool DataCollection::StopCollectors(const std::vector<int64_t>& eventIds)
return ret;
}
void DataCollection::CloseLib()
{
std::lock_guard<std::mutex> lock(closeLibmutex_);
for (auto &it : needCloseLibMap_) {
it.second.UnLoadLib();
}
needCloseLibMap_.clear();
}
ErrorCode DataCollection::LoadCollector(int64_t eventId, std::string path, std::shared_ptr<ICollectorFwk> api)
{
LOGI("Start LoadCollector");
std::unique_ptr<LibLoader> loader = std::make_unique<LibLoader>(path);
ErrorCode ret = loader->LoadLib();
LibLoader loader(path);
ErrorCode ret = loader.LoadLib();
if (ret != SUCCESS) {
LOGE("LoadLib error, ret=%{public}d, path : %{public}s", ret, path.c_str());
return FAILED;
}
ICollector* collector = loader->CallGetCollector();
{
std::lock_guard<std::mutex> lock(closeLibmutex_);
needCloseLibMap_.emplace(eventId, loader);
}
ICollector* collector = loader.CallGetCollector();
if (collector == nullptr) {
LOGE("CallGetCollector error");
return FAILED;
@ -158,7 +170,7 @@ ErrorCode DataCollection::LoadCollector(int64_t eventId, std::string path, std::
return FAILED;
}
std::lock_guard<std::mutex> lock(mutex_);
eventIdToLoaderMap_[eventId] = std::move(loader);
eventIdToLoaderMap_.emplace(eventId, loader);
LOGI("End LoadCollector");
return SUCCESS;
}
@ -280,13 +292,17 @@ ErrorCode DataCollection::LoadCollector(std::string path, const SecurityEventRul
std::vector<SecurityEvent> &events)
{
LOGI("Start LoadCollector");
std::unique_ptr<LibLoader> loader = std::make_unique<LibLoader>(path);
ErrorCode ret = loader->LoadLib();
LibLoader loader(path);
ErrorCode ret = loader.LoadLib();
if (ret != SUCCESS) {
LOGE("LoadLib error, ret=%{public}d", ret);
return FAILED;
}
ICollector* collector = loader->CallGetCollector();
{
std::lock_guard<std::mutex> lock(closeLibmutex_);
needCloseLibMap_.emplace(ruler.GetEventId(), loader);
}
ICollector* collector = loader.CallGetCollector();
if (collector == nullptr) {
LOGE("CallGetCollector error");
return FAILED;

11
services/security_collector/src/lib_loader.cpp
View File

@ -38,37 +38,32 @@ ErrorCode LibLoader::LoadLib()
std::string realPath;
if (!PathToRealPath(m_libPath, realPath) || realPath.find("/system/lib") != 0) {
LOGE("LoadLib m_libPath error, realPath: %{public}s", realPath.c_str());
m_isLoaded = false;
return RET_DLOPEN_LIB_FAIL;
}
m_handle = dlopen(realPath.c_str(), RTLD_LAZY);
if (m_handle == nullptr) {
LOGE("LoadLib m_handle error");
m_isLoaded = false;
return RET_DLOPEN_LIB_FAIL;
}
LOGI("dlopen success");
m_isLoaded = true;
return SUCCESS;
}
void LibLoader::UnLoadLib()
{
LOGI("UnLoadLib start");
if (!m_isLoaded) {
LOGI("lib not found");
return;
if (m_handle != nullptr) {
dlclose(m_handle);
}
// should call dlclose(m_handle)
LOGI("dlclose end");
m_handle = nullptr;
m_isLoaded = false;
}
ICollector* LibLoader::CallGetCollector()
{
LOGI("CallGetCollector start");
if (!m_isLoaded) {
if (m_handle == nullptr) {
LOGE("lib not found");
return nullptr;
}

1
services/security_collector/src/security_collector_manager_service.cpp
View File

@ -85,6 +85,7 @@ void SecurityCollectorManagerService::OnStart()
void SecurityCollectorManagerService::OnStop()
{
DataCollection::GetInstance().CloseLib();
}
int SecurityCollectorManagerService::Dump(int fd, const std::vector<std::u16string>& args)

2
test/unittest/data_collect/sa/security_guard_data_collect_sa_test.cpp
View File

@ -171,7 +171,6 @@ HWTEST_F(SecurityGuardDataCollectSaTest, GetSecEventsFromConditions_NoTimeCondit
DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
std::vector<SecEvent> events = service.GetSecEventsFromConditions(condition);
EXPECT_EQ(events[0].eventId, 1);
EXPECT_EQ(events[1].eventId, 0);
}
HWTEST_F(SecurityGuardDataCollectSaTest, GetSecEventsFromConditions_WithTimeCondition, TestSize.Level1) {
@ -192,7 +191,6 @@ HWTEST_F(SecurityGuardDataCollectSaTest, GetSecEventsFromConditions_WithTimeCond
DataCollectManagerService service(DATA_COLLECT_MANAGER_SA_ID, true);
std::vector<SecEvent> events = service.GetSecEventsFromConditions(condition);
EXPECT_EQ(events[0].eventId, 1);
EXPECT_EQ(events[1].eventId, 0);
}
HWTEST_F(SecurityGuardDataCollectSaTest, QueryEventByRuler_GetEventConfigError001, TestSize.Level1)

1
test/unittest/mock/data_collection/data_collection.h
View File

@ -52,6 +52,7 @@ public:
MOCK_METHOD2(QuerySecurityEvent, int32_t(const std::vector<SecurityEventRuler> rulers,
std::vector<SecurityEvent> &events));
MOCK_METHOD1(QuerySecurityEventConfig, int32_t(std::string &result));
void CloseLib() {};
};
}
#endif // DATA_COLLECTION_MOCK_H

42
test/unittest/model_manager/src/security_guard_model_manager_test.cpp
View File

@ -96,20 +96,6 @@ public:
MOCK_METHOD2(GetEventConfig, bool(int64_t, EventCfg &));
};
static void TestModel001(const char *path)
{
void *handle = dlopen(path, RTLD_LAZY);
EXPECT_FALSE(handle == nullptr);
auto getModelApi = (GetModelApi)dlsym(handle, "GetModelApi");
EXPECT_FALSE(getModelApi == nullptr);
IModel *api = getModelApi();
EXPECT_FALSE(api == nullptr);
int32_t ret = api->Init(nullptr);
EXPECT_EQ(ret, -1);
dlclose(handle);
handle = nullptr;
}
HWTEST_F(SecurityGuardModelManagerTest, TestModelManagerImpl001, TestSize.Level1)
{
auto impl = std::make_shared<ModelManagerImpl>();
@ -202,32 +188,4 @@ HWTEST_F(SecurityGuardModelManagerTest, TestModelManagerInitModel002, TestSize.L
ModelManager::GetInstance().SubscribeResult(9999, nullptr);
ModelManager::GetInstance().Release(9999);
}
HWTEST_F(SecurityGuardModelManagerTest, TestDeviceCompletenessModel001, TestSize.Level1)
{
TestModel001("/system/lib64/libsg_system_risk_detection.z.so");
}
HWTEST_F(SecurityGuardModelManagerTest, TestDeviceCompletenessModel002, TestSize.Level1)
{
void *handle = dlopen("/system/lib64/libsg_system_risk_detection.z.so", RTLD_LAZY);
EXPECT_FALSE(handle == nullptr);
auto getModelApi = (GetModelApi)dlsym(handle, "GetModelApi");
EXPECT_FALSE(getModelApi == nullptr);
IModel *api = getModelApi();
EXPECT_FALSE(api == nullptr);
std::shared_ptr<MockModelManager> mockObj = std::make_shared<MockModelManager>();
std::shared_ptr<MockDbOperate> mockOpt = std::make_shared<MockDbOperate>();
std::shared_ptr<MockConfigOperate> mockCfg = std::make_shared<MockConfigOperate>();
EXPECT_CALL(*mockObj, GetDbOperate).WillOnce(Return(nullptr)).WillRepeatedly(Return(mockOpt));
EXPECT_CALL(*mockObj, GetConfigOperate).WillOnce(Return(nullptr)).WillOnce(Return(mockCfg));
int32_t ret = api->Init(mockObj);
EXPECT_EQ(ret, -1);
ret = api->Init(mockObj);
EXPECT_EQ(ret, -1);
ret = api->Init(mockObj);
EXPECT_EQ(ret, 0);
dlclose(handle);
handle = nullptr;
}
}

5
test/unittest/security_collector/data_collection/include/data_collection.h
View File

@ -40,6 +40,7 @@ public:
virtual int32_t QuerySecurityEvent(const std::vector<SecurityEventRuler> rulers,
std::vector<SecurityEvent> &events);
virtual bool SecurityGuardSubscribeCollector(const std::vector<int64_t>& eventIds);
virtual void CloseLib();
private:
DataCollection() = default;
virtual ErrorCode LoadCollector(int64_t eventId, std::string path, std::shared_ptr<ICollectorFwk> api);
@ -49,7 +50,9 @@ private:
virtual ErrorCode CheckFileStream(std::ifstream &stream);
virtual bool IsCollectorStarted(int64_t eventId);
std::mutex mutex_;
std::unordered_map<int64_t, std::unique_ptr<LibLoader>> eventIdToLoaderMap_;
std::mutex closeLibmutex_;
std::unordered_map<int64_t, LibLoader> eventIdToLoaderMap_;
std::unordered_map<int64_t, LibLoader> needCloseLibMap_;
};
}
#endif // DATA_COLLECTION_H

4
test/unittest/security_collector/data_collection/include/lib_loader.h
View File

@ -30,11 +30,9 @@ public:
~LibLoader();
ErrorCode LoadLib();
ICollector* CallGetCollector();
private:
void UnLoadLib();
private:
void* m_handle{ nullptr };
std::atomic<bool> m_isLoaded{ false };
const std::string m_libPath;
};
}

10
test/unittest/security_collector/data_collection/src/data_collection_test.cpp
View File

@ -145,19 +145,11 @@ HWTEST_F(DataCollectionTest, StopCollectors03, testing::ext::TestSize.Level1)
HWTEST_F(DataCollectionTest, StopCollectors04, testing::ext::TestSize.Level1)
{
DataCollection myOb;
myOb.eventIdToLoaderMap_.insert({1, std::make_unique<LibLoader>("testPath")});
myOb.eventIdToLoaderMap_.emplace(1, LibLoader("testPath"));
std::vector<int64_t> eventIds {1};
EXPECT_FALSE(myOb.StopCollectors(eventIds));
}
HWTEST_F(DataCollectionTest, StopCollectors05, testing::ext::TestSize.Level1)
{
DataCollection myOb;
std::vector<int64_t> eventIds {0x01C000003};
std::shared_ptr<SecurityCollector::ICollectorFwk> api = std::make_shared<TestFwk> ();
EXPECT_TRUE(myOb.StartCollectors(eventIds, api));
EXPECT_TRUE(myOb.StopCollectors(eventIds));
}
class MockMyCheckFileStreamClass : public DataCollection {
public:
MOCK_METHOD1(CheckFileStream, ErrorCode(std::ifstream &stream));

4
test/unittest/security_collector/include/lib_loader.h
View File

@ -30,11 +30,9 @@ public:
~LibLoader();
ErrorCode LoadLib();
ICollector* CallGetCollector();
private:
void UnLoadLib();
private:
void* m_handle{ nullptr };
std::atomic<bool> m_isLoaded{ false };
const std::string m_libPath;
};
}

2
test/unittest/security_collector/src/security_collector_test.cpp
View File

@ -740,7 +740,7 @@ HWTEST_F(SecurityCollectorTest, TestOnRemoteRequestWithCmd16, TestSize.Level1)
HWTEST_F(SecurityCollectorTest, TestLoaderLib001, TestSize.Level1)
{
LibLoader loader("/system/lib64/chipset-pub-sdk/libeventhandler.z.so");
EXPECT_FALSE(loader.LoadLib());
EXPECT_TRUE(loader.LoadLib() == RET_DLOPEN_LIB_FAIL);
EXPECT_FALSE(loader.CallGetCollector() != nullptr);
}