修复了代码检查中的一些问题

Signed-off-by: Qin Fandong <qinfd@superred.com.cn>
2024-11-27 07:10:25 +00:00 · 2021-11-02 17:39:09 +08:00 · 2021-11-02 17:39:09 +08:00 · a34d020e6f
commit a34d020e6f
parent 11c1ce1a2b
15 changed files with 248 additions and 106 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,36 @@
+# Temp
+*~
+*.swap
+
+# Prerequisites
+*.d
+
+# Compiled Object files
+*.slo
+*.lo
+*.o
+*.obj
+
+# Precompiled Headers
+*.gch
+*.pch
+
+# Compiled Dynamic libraries
+*.so
+*.dylib
+*.dll
+
+# Fortran module files
+*.mod
+*.smod
+
+# Compiled Static libraries
+*.lai
+*.la
+*.a
+*.lib
+
+# Executables
+*.exe
+*.out
+*.app
--- a/BUILD.gn
+++ b/BUILD.gn
@ -140,6 +140,7 @@ ohos_executable("selinux_test") {
    "-DUSE_PCRE2",
    "-w",
  ]
+  include_dirs = [ "$LIBSELINUX_ROOT_DIR/include/selinux" ]
  deps = [
    "$THIRD_PARTY_PCRE2_DIR:libpcre2",
    "$THIRD_PARTY_SELINUX_DIR:libselinux",
--- a/LICENSE.txt
+++ b/LICENSE.txt
--- a/OAT.xml
+++ b/OAT.xml
@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <oatconfig>
+        <licensefile/>
+        <policylist>
+            <policy name="projectPolicy" desc="">
+                <policyitem type="copyright" name="北京万里红科技有限公司" path=".*" rule="may" group="defaultGroup" filefilter="copyrightPolicyFilter" desc=""/>
+                <!--policyitem type="compatibility" name="GPL-2.0+" path="abc/.*" desc="Process that runs independently, invoked by the X process."/-->
+                <!--policyitem type="license" name="LGPL" path="abc/.*" desc="Dynamically linked by module X"/-->
+                <!--policyitem type="copyright" name="xxx" path="abc/.*" rule="may" group="defaultGroup" filefilter="copyrightPolicyFilter" desc="Developed by X Company"/-->
+            </policy>
+        </policylist>
+        <filefilterlist>
+            <filefilter name="defaultFilter" desc="Files not to check">
+                <!--filteritem type="filename" name="*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="abcdefg/.*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="projectroot/[a-zA-Z0-9]{20,}.sh" desc="Temp files"/-->
+            </filefilter>
+            <filefilter name="defaultPolicyFilter" desc="Filters for compatibility，license header policies">
+                <filteritem type="filename" name="*.cfg" desc="config file,can not add license head"/>
+                <filteritem type="filename" name="passwd" desc="config file,can not add license head"/>
+                <filteritem type="filename" name="group" desc="config file,can not add license head"/>
+            </filefilter>
+            <filefilter name="copyrightPolicyFilter" desc="Filters for copyright header policies">
+                <filteritem type="filename" name="*.cfg" desc="config file,can not add license head"/>
+                <filteritem type="filename" name="passwd" desc="config file,can not add license head"/>
+                <filteritem type="filename" name="group" desc="config file,can not add license head"/>
+            </filefilter>
+            <filefilter name="licenseFileNamePolicyFilter" desc="Filters for LICENSE file policies">
+                <!--filteritem type="filename" name="*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="abcdefg/.*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="projectroot/[a-zA-Z0-9]{20,}.sh" desc="Temp files"/-->
+            </filefilter>
+            <filefilter name="readmeFileNamePolicyFilter" desc="Filters for README file policies">
+                <!--filteritem type="filename" name="*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="abcdefg/.*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="projectroot/[a-zA-Z0-9]{20,}.sh" desc="Temp files"/-->
+            </filefilter>
+            <filefilter name="readmeOpenSourcefileNamePolicyFilter" desc="Filters for README.OpenSource file policies">
+                <!--filteritem type="filename" name="*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="abcdefg/.*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="projectroot/[a-zA-Z0-9]{20,}.sh" desc="Temp files"/-->
+            </filefilter>
+            <filefilter name="binaryFileTypePolicyFilter" desc="Filters for binary file policies">
+                <!--filteritem type="filename" name="*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="abcdefg/.*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="projectroot/[a-zA-Z0-9]{20,}.sh" desc="Temp files"/-->
+                <filteritem type="filname" name="*.jpg|*.png|*.gif|*.pdf" desc="already checked"/>
+                <filteritem type="filepath" name="services/test/unittest/test_data/proc/*" desc="启动功能UT测试的资源文件"/>
+            </filefilter>
+
+        </filefilterlist>
+        <licensematcherlist>
+            <!--licensematcher name="uvwxyz License" desc="If the scanning result is InvalidLicense, you can define matching rules here. Note that quotation marks must be escaped.">
+                <licensetext name="
+                    uvwxyz license textA xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+				 " desc=""/>
+                <licensetext name="
+                    uvwxyz license textB xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+				 " desc=""/>
+            </licensematcher-->
+        </licensematcherlist>
+    </oatconfig>
+</configuration>
--- a/README.md
+++ b/README.md
@ -13,14 +13,14 @@ SELinux （安全增强式 Linux ， Security-Enhanced Linux ）是 Linux 历史

 | 仓库 | 源码目录 | 说明 |
 | --- | --- | --- |
-| [security_selinux](https://gitee.com/openharmony-sig/security_selinux.git) | `base/security/selinux/` | 策略和一些自研接口 |
-| [third_party_selinux](https://gitee.com/openharmony-sig/third_party_selinux.git) | `third_party/selinux/` | SELinux 的主仓库 |
-| [productdefine_common](https://gitee.com/shell_way/productdefine_common.git) | `productdefine/common/` | 添加 SELinux 组件定义 |
-| [third_party_toybox](https://gitee.com/shell_way/third_party_toybox.git) | `third_party/toybox/` | 完善了 `ls` 的 SELinux 支持 |
-| [startup_init_lite](https://gitee.com/shell_way/startup_init_lite.git) | `base/startup/init_lite/` | 系统启动加载策略并分化服务的标签 |
-| [third_party_FreeBSD](https://gitee.com/shell_way/third_party_FreeBSD.git) | `third_party/FreeBSD/` | 提供 fts 库 |
+| [security_selinux](https://gitee.com/openharmony/security_selinux.git) | `base/security/selinux/` | 策略和一些自研接口 |
+| [third_party_selinux](https://gitee.com/openharmony/third_party_selinux.git) | `third_party/selinux/` | SELinux 的主仓库 |
+| [productdefine_common](https://gitee.com/openharmony/productdefine_common.git) | `productdefine/common/` | 添加 SELinux 组件定义 |
+| [third_party_toybox](https://gitee.com/openharmony/third_party_toybox.git) | `third_party/toybox/` | 完善了 `ls` 的 SELinux 支持 |
+| [startup_init_lite](https://gitee.com/openharmony/startup_init_lite.git) | `base/startup/init_lite/` | 系统启动加载策略并分化服务的标签 |
+| [third_party_FreeBSD](https://gitee.com/openharmony/third_party_FreeBSD.git) | `third_party/FreeBSD/` | 提供 fts 库 |
 | [third_party_pcre](https://gitee.com/openharmony-sig/third_party_pcre.git) | `third_party/pcre/` | 提供 pcre2 库 |
-| [build](https://gitee.com/shell_way/build.git) | `build/` | 编译控制 |
+| [build](https://gitee.com/openharmony/build.git) | `build/` | 编译控制 |

 ## 架构

--- a/config/config
+++ b/config/config
@ -1 +1,17 @@
+#
+# Copyright (c) 2021 北京万里红科技有限公司
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 SELINUX=permissive
--- a/interfaces/policycoreutils/include/policycoreutils.h
+++ b/interfaces/policycoreutils/include/policycoreutils.h
@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -19,4 +19,4 @@
 int load_policy(void);
 int restorecon(void);

-#endif  // __POLICYCOREUTILS_H__
+#endif                          // __POLICYCOREUTILS_H__
--- a/interfaces/policycoreutils/src/load_policy.c
+++ b/interfaces/policycoreutils/src/load_policy.c
@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -18,22 +18,23 @@
 #include <sepol/sepol.h>
 #include <stdio.h>

-int load_policy(void) {
-  int ret, enforce = 0;
+int load_policy(void)
+{
+    int ret, enforce = 0;

-  if ((ret = selinux_init_load_policy(&enforce))) {
-    if (enforce > 0) {
-      fprintf(stderr,
-              "Can't load policy and enforcing mode requested:  %s\n",
-              strerror(errno));
-      return -1;
+    if ((ret = selinux_init_load_policy(&enforce))) {
+        if (enforce > 0) {
+            fprintf(stderr,
+                    "Can't load policy and enforcing mode requested:  %s\n",
+                    strerror(errno));
+            return -1;
+        }
    }
-  }

-  if ((ret = selinux_mkload_policy(0)) < 0) {
-    fprintf(stderr, "Can't load policy:  %s\n", strerror(errno));
-    return -1;
-  }
+    if ((ret = selinux_mkload_policy(0)) < 0) {
+        fprintf(stderr, "Can't load policy:  %s\n", strerror(errno));
+        return -1;
+    }

-  return 1;
+    return 1;
 }
--- a/interfaces/policycoreutils/src/restorecon.c
+++ b/interfaces/policycoreutils/src/restorecon.c
@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -24,45 +24,49 @@
 #include <string.h>

 typedef struct restore_opts {
-  unsigned int restorecon_flags;
-  struct selabel_handle *hnd;
+    unsigned int restorecon_flags;
+    struct selabel_handle *hnd;
 } restore_opts_t;

-static int restore_init(restore_opts_t *opts) {
-  struct selinux_opt selinux_opts[] = {
-      {SELABEL_OPT_VALIDATE, NULL},
-      {SELABEL_OPT_PATH, NULL},
-      {SELABEL_OPT_DIGEST, NULL},
-  };
+static int restore_init(restore_opts_t * opts)
+{
+    struct selinux_opt selinux_opts[] = {
+        {SELABEL_OPT_VALIDATE, NULL},
+        {SELABEL_OPT_PATH, NULL},
+        {SELABEL_OPT_DIGEST, NULL},
+    };

-  if (!(opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3))) {
-    return -1;
-  }
+    if (!(opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts,
+                                   sizeof(selinux_opts) /
+                                   sizeof(selinux_opt)))) {
+        return -1;
+    }

-  opts->restorecon_flags = 0;
-  opts->restorecon_flags =
-      SELINUX_RESTORECON_REALPATH | SELINUX_RESTORECON_RECURSE;
+    opts->restorecon_flags = 0;
+    opts->restorecon_flags =
+        SELINUX_RESTORECON_REALPATH | SELINUX_RESTORECON_RECURSE;

-  selinux_restorecon_set_sehandle(opts->hnd);
+    selinux_restorecon_set_sehandle(opts->hnd);
 }

-int restorecon(void) {
-  restore_opts_t opts;
-  int i = 0;
-  int errors = 0;
+int restorecon(void)
+{
+    restore_opts_t opts;
+    int i = 0;
+    int errors = 0;

-  memset(&opts, 0, sizeof(opts));
+    memset_s(&opts, sizeof(opts), 0, sizeof(opts));

-  if (is_selinux_enabled() < 1) {
-    return 1;
-  }
+    if (is_selinux_enabled() < 1) {
+        return 1;
+    }

-  if (!restore_init(&opts)) {
-    return -1;
-  }
+    if (!restore_init(&opts)) {
+        return -1;
+    }

-  errors = selinux_restorecon("/", opts.restorecon_flags);
-  selabel_close(opts.hnd);
+    errors = selinux_restorecon("/", opts.restorecon_flags);
+    selabel_close(opts.hnd);

-  return (errors ? -1 : 1);
+    return (errors ? -1 : 1);
 }
--- a/interfaces/tools/load_policy/load_policy.c
+++ b/interfaces/tools/load_policy/load_policy.c
@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -15,6 +15,7 @@

 #include <policycoreutils.h>

-int main(int argc, char **argv) {
-  return load_policy();
+int main(int argc, char **argv)
+{
+    return load_policy();
 }
--- a/interfaces/tools/restorecon/restorecon.c
+++ b/interfaces/tools/restorecon/restorecon.c
@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -15,6 +15,7 @@

 #include <policycoreutils.h>

-int main(int argc, char **argv) {
-  return restorecon();
+int main(int argc, char **argv)
+{
+    return restorecon();
 }
--- a/scripts/build_policy.sh
+++ b/scripts/build_policy.sh
@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Copyright 2021 北京万里红科技有限公司
+# Copyright (c) 2021 北京万里红科技有限公司
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/test/selinux_test.c
+++ b/test/selinux_test.c
@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -13,60 +13,62 @@
 * limitations under the License.
 */

-#include <ctype.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <limits.h>
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <selinux/selinux.h>

-extern int setcon(const char *con);
+#define BUFFLEN (1000)

-extern int setexeccon(const char *con);
+int main(int argc, char *argv[])
+{
+    FILE *fp = NULL;
+    char buf[BUFFLEN];
+    const sleepSeconds = 5;

-int main(int argc, char *argv[]) {
-  FILE *fp = NULL;
-  char buf[1000];
+    int ret = setcon("u:r:kernel:s0");
+    printf("setcon %d\n", ret);
+    ret = setexeccon("u:r:kernel:s0");
+    printf("setexeccon %d\n", ret);

-  int ret = setcon("u:r:kernel:s0");
-  printf("setcon %d\n", ret);
-  ret = setexeccon("u:r:kernel:s0");
-  printf("setexeccon %d\n", ret);
+    sleep(sleepSeconds);

-  sleep(5);
+    while (1) {
+        sleep(1);
+        fp = fopen("/data/abcd.txt", "r");
+        if (fp != NULL) {
+            if (memset_s(buf, sizeof(buf), 0, BUFFLEN) != 0) {
+                continue;
+            }
+            fread(buf, 1, BUFFLEN, fp);
+            fclose(fp);
+            printf("buf1 %s\n", buf);
+        }

-  while (1) {
-    fp = fopen("/data/abcd.txt", "r");
-    if (fp != NULL) {
-      memset(buf, 0, 1000);
-      fread(buf, 1, 100, fp);
-      fclose(fp);
-      printf("buf1 %s\n", buf);
+        sleep(1);
+        fp = fopen("/data/abcd2.txt", "r");
+        if (fp != NULL) {
+            if (memset_s(buf, sizeof(buf), 0, BUFFLEN) != 0) {
+                continue;
+            }
+            fread(buf, 1, BUFFLEN, fp);
+            fclose(fp);
+            printf("buf2 %s\n", buf);
+        }
+
+        sleep(1);
+        fp = fopen("/data/abcd3.txt", "r");
+        if (fp != NULL) {
+            if (memset_s(buf, sizeof(buf), 0, BUFFLEN) != 0) {
+                continue;
+            }
+            fread(buf, 1, BUFFLEN, fp);
+            fclose(fp);
+            printf("buf3 %s\n", buf);
+        }
    }
-    sleep(1);

-    fp = fopen("/data/abcd2.txt", "r");
-    if (fp != NULL) {
-      memset(buf, 0, 1000);
-      fread(buf, 1, 100, fp);
-      fclose(fp);
-      printf("buf2 %s\n", buf);
-    }
-    sleep(1);
-
-    fp = fopen("/data/abcd3.txt", "r");
-    if (fp != NULL) {
-      memset(buf, 0, 1000);
-      fread(buf, 1, 100, fp);
-      fclose(fp);
-      printf("buf3 %s\n", buf);
-    }
-    sleep(1);
-  }
-
-  return 0;
+    return 0;
 }
--- a/test/selinux_test_helper.sh
+++ b/test/selinux_test_helper.sh
@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Copyright 2021 北京万里红科技有限公司
+# Copyright (c) 2021 北京万里红科技有限公司
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/test/selinux_test_helper_push.bat
+++ b/test/selinux_test_helper_push.bat
@ -1,3 +1,19 @@
+::
+:: Copyright (c) 2021 北京万里红科技有限公司
+::
+:: Licensed under the Apache License, Version 2.0 (the "License");
+:: you may not use this file except in compliance with the License.
+:: You may obtain a copy of the License at
+::
+::     http://www.apache.org/licenses/LICENSE-2.0
+::
+:: Unless required by applicable law or agreed to in writing, software
+:: distributed under the License is distributed on an "AS IS" BASIS,
+:: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+:: See the License for the specific language governing permissions and
+:: limitations under the License.
+::
+
 hdc_std.exe file send selinux_test /bin/
 hdc_std.exe shell chmod 755 /bin/selinux_test