mirror of
https://gitee.com/openharmony/startup_init
synced 2024-10-07 06:03:32 +00:00
dac 空间不足拦截
Signed-off-by: zhongning5 <zhongning5@huawei.com>
This commit is contained in:
parent
0af68c1d5d
commit
3d6020e0ba
@ -33,8 +33,6 @@ declare_args() {
|
||||
|
||||
startup_init_feature_decode_group_file = false
|
||||
|
||||
startup_init_test_performance = true
|
||||
|
||||
# log display control
|
||||
config_ohos_startup_init_lite_no_log = false
|
||||
|
||||
|
@ -176,17 +176,18 @@ static int LoadOneParam_(const uint32_t *context, const char *name, const char *
|
||||
auditData->memberNum = 1;
|
||||
auditData->members[0] = auditData->dacData.gid;
|
||||
}
|
||||
AddSecurityLabel(auditData);
|
||||
return 0;
|
||||
|
||||
return AddSecurityLabel(auditData);
|
||||
}
|
||||
|
||||
static int LoadParamLabels(const char *fileName)
|
||||
{
|
||||
int result = -1;
|
||||
ParamAuditData *auditData = (ParamAuditData *)calloc(1,
|
||||
sizeof(ParamAuditData) + sizeof(uid_t) * MAX_MEMBER_IN_GROUP);
|
||||
if (auditData == NULL) {
|
||||
PARAM_LOGE("Failed to alloc memory %s", fileName);
|
||||
return 0;
|
||||
return result;
|
||||
}
|
||||
uint32_t infoCount = 0;
|
||||
FILE *fp = fopen(fileName, "r");
|
||||
@ -194,14 +195,18 @@ static int LoadParamLabels(const char *fileName)
|
||||
char *buff = (char *)calloc(1, buffSize);
|
||||
while (fp != NULL && buff != NULL && fgets(buff, buffSize, fp) != NULL) {
|
||||
buff[buffSize - 1] = '\0';
|
||||
int ret = SplitParamString(buff, NULL, 0, LoadOneParam_, (const uint32_t *)auditData);
|
||||
if (ret != 0) {
|
||||
PARAM_LOGE("Failed to split string %s fileName %s", buff, fileName);
|
||||
continue;
|
||||
result = SplitParamString(buff, NULL, 0, LoadOneParam_, (const uint32_t *)auditData);
|
||||
if (result != 0) {
|
||||
PARAM_LOGE("Failed to split string %s fileName %s, result is:%d", buff, fileName, result);
|
||||
break;
|
||||
}
|
||||
infoCount++;
|
||||
}
|
||||
PARAM_LOGI("Load parameter label total %u success %s", infoCount, fileName);
|
||||
|
||||
if (result == 0) {
|
||||
PARAM_LOGI("Load parameter label total %u success %s", infoCount, fileName);
|
||||
}
|
||||
|
||||
if (fp != NULL) {
|
||||
(void)fclose(fp);
|
||||
}
|
||||
@ -211,7 +216,7 @@ static int LoadParamLabels(const char *fileName)
|
||||
if (auditData != NULL) {
|
||||
free(auditData);
|
||||
}
|
||||
return 0;
|
||||
return result;
|
||||
}
|
||||
|
||||
static int ProcessParamFile(const char *fileName, void *context)
|
||||
@ -255,7 +260,10 @@ static int DacGetParamSecurityLabel(const char *path)
|
||||
}
|
||||
if ((stat(fileName, &st) == 0) && !S_ISDIR(st.st_mode)) {
|
||||
count++;
|
||||
ProcessParamFile(fileName, NULL);
|
||||
ret = ProcessParamFile(fileName, NULL);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
};
|
||||
}
|
||||
}
|
||||
PARAM_LOGV("Get parameter security label dac number is %d, from %s.", count, path);
|
||||
|
@ -119,9 +119,6 @@ if (defined(ohos_lite)) {
|
||||
defines += [ "__MUSL__" ]
|
||||
}
|
||||
|
||||
if (startup_init_test_performance) {
|
||||
defines += [ "PARAM_TEST_PERFORMANCE" ]
|
||||
}
|
||||
if (!startup_init_with_param_base) {
|
||||
ldflags = [ "-nostdlib" ]
|
||||
configs -= inherited_configs
|
||||
@ -162,7 +159,10 @@ if (defined(ohos_lite)) {
|
||||
defines = [ "_GNU_SOURCE" ]
|
||||
deps = []
|
||||
|
||||
include_dirs += [ "//third_party/bounds_checking_function/include" ]
|
||||
include_dirs += [
|
||||
"//base/startup/init/services/init/include",
|
||||
"//third_party/bounds_checking_function/include",
|
||||
]
|
||||
if (build_selinux) {
|
||||
include_dirs += [
|
||||
"//third_party/selinux/libselinux/include/",
|
||||
|
@ -363,7 +363,7 @@ INIT_LOCAL_API int AddParamEntry(uint32_t index, uint8_t type, const char *name,
|
||||
ParamNode *entry = (ParamNode *)GetTrieNode(workSpace, node->dataIndex);
|
||||
if (entry == NULL) {
|
||||
uint32_t offset = AddParamNode(workSpace, type, name, strlen(name), value, strlen(value));
|
||||
PARAM_CHECK(offset != 0, return PARAM_CODE_MEMORY_NOT_ENOUGH, "Failed to allocate name %s", name);
|
||||
PARAM_CHECK(offset > 0, return PARAM_CODE_REACHED_MAX, "Failed to allocate name %s", name);
|
||||
SaveIndex(&node->dataIndex, offset);
|
||||
}
|
||||
return 0;
|
||||
@ -385,7 +385,7 @@ INIT_LOCAL_API int AddSecurityLabel(const ParamAuditData *auditData)
|
||||
uint32_t offset = node->labelIndex;
|
||||
if (node->labelIndex == 0) { // can not support update for label
|
||||
offset = AddParamSecurityNode(workSpace, auditData);
|
||||
PARAM_CHECK(offset != 0, return PARAM_CODE_MEMORY_NOT_ENOUGH, "Failed to add label");
|
||||
PARAM_CHECK(offset > 0, return PARAM_CODE_REACHED_MAX, "Failed to add label");
|
||||
SaveIndex(&node->labelIndex, offset);
|
||||
} else {
|
||||
ParamSecurityNode *label = (ParamSecurityNode *)GetTrieNode(workSpace, node->labelIndex);
|
||||
|
@ -85,11 +85,7 @@ extern "C" {
|
||||
#define PARAM_WORKSPACE_DEF PARAM_WORKSPACE_MAX
|
||||
#else // __LITEOS_A__
|
||||
#define DAC_DEFAULT_MODE 0774
|
||||
#ifdef PARAM_TEST_PERFORMANCE
|
||||
#define PARAM_WORKSPACE_MAX (1024 * 1024 * 10)
|
||||
#else
|
||||
#define PARAM_WORKSPACE_MAX (80 * 1024)
|
||||
#endif
|
||||
#define PARAM_WORKSPACE_SMALL (1024 * 10)
|
||||
#define PARAM_WORKSPACE_DEF (1024 * 30)
|
||||
#define PARAM_WORKSPACE_DAC (1024 * 20)
|
||||
|
@ -470,6 +470,7 @@ static int UpdateParam(const WorkSpace *workSpace, uint32_t *dataIndex, const ch
|
||||
|
||||
INIT_LOCAL_API int WriteParam(const char *name, const char *value, uint32_t *dataIndex, int mode)
|
||||
{
|
||||
int flag = 0;
|
||||
PARAM_LOGV("WriteParam %s", name);
|
||||
ParamWorkSpace *paramSpace = GetParamWorkSpace();
|
||||
PARAM_CHECK(paramSpace != NULL, return PARAM_WORKSPACE_NOT_INIT, "Invalid paramSpace");
|
||||
@ -477,6 +478,11 @@ INIT_LOCAL_API int WriteParam(const char *name, const char *value, uint32_t *dat
|
||||
PARAM_CHECK(value != NULL && name != NULL, return PARAM_CODE_INVALID_PARAM, "Invalid name or value");
|
||||
WorkSpace *workSpace = GetWorkSpaceByName(name);
|
||||
PARAM_CHECK(workSpace != NULL, return PARAM_CODE_INVALID_PARAM, "Invalid workSpace");
|
||||
#ifdef PARAM_SUPPORT_SELINUX
|
||||
if (strcmp(workSpace->fileName, WORKSPACE_NAME_DEF_SELINUX) == 0) {
|
||||
flag = 1;
|
||||
}
|
||||
#endif
|
||||
ParamTrieNode *node = FindTrieNode(workSpace, name, strlen(name), NULL);
|
||||
int ret = 0;
|
||||
if (node != NULL && node->dataIndex != 0) {
|
||||
@ -501,6 +507,11 @@ INIT_LOCAL_API int WriteParam(const char *name, const char *value, uint32_t *dat
|
||||
PARAM_CHECK(ret == 0, return ret, "Invalid param value param: %s=%s", name, value);
|
||||
PARAMSPACE_AREA_RW_LOCK(workSpace);
|
||||
ret = AddParam((WorkSpace *)workSpace, type, name, value, dataIndex);
|
||||
if ((ret == PARAM_CODE_REACHED_MAX) && (flag == 1)) {
|
||||
PARAM_LOGE("Add node %s to space %s failed! memory is not enough, system reboot!",
|
||||
name, workSpace->fileName);
|
||||
ExecReboot("panic");
|
||||
}
|
||||
PARAMSPACE_AREA_RW_UNLOCK(workSpace);
|
||||
}
|
||||
return ret;
|
||||
|
@ -22,6 +22,8 @@
|
||||
#include "init_module_engine.h"
|
||||
#endif
|
||||
#include "securec.h"
|
||||
#include "init_cmds.h"
|
||||
#include "init_param.h"
|
||||
|
||||
/**
|
||||
* Loading system parameter from /proc/cmdline by the following rules:
|
||||
@ -257,7 +259,10 @@ static int LoadSecurityLabel(const char *fileName)
|
||||
// load security label
|
||||
ParamSecurityOps *ops = GetParamSecurityOps(PARAM_SECURITY_DAC);
|
||||
if (ops != NULL && ops->securityGetLabel != NULL) {
|
||||
ops->securityGetLabel(fileName);
|
||||
if (ops->securityGetLabel(fileName) == PARAM_CODE_REACHED_MAX) {
|
||||
PARAM_LOGE("Load Security Lable failed! system reboot!");
|
||||
ExecReboot("panic");
|
||||
};
|
||||
}
|
||||
#endif
|
||||
return 0;
|
||||
|
Loading…
Reference in New Issue
Block a user