mirror of
https://gitee.com/openharmony/startup_init
synced 2024-10-07 06:03:32 +00:00
dac 空间不足拦截
Signed-off-by: zhongning5 <zhongning5@huawei.com>
This commit is contained in:
parent
0af68c1d5d
commit
3d6020e0ba
@ -33,8 +33,6 @@ declare_args() {
|
|||||||
|
|
||||||
startup_init_feature_decode_group_file = false
|
startup_init_feature_decode_group_file = false
|
||||||
|
|
||||||
startup_init_test_performance = true
|
|
||||||
|
|
||||||
# log display control
|
# log display control
|
||||||
config_ohos_startup_init_lite_no_log = false
|
config_ohos_startup_init_lite_no_log = false
|
||||||
|
|
||||||
|
@ -176,17 +176,18 @@ static int LoadOneParam_(const uint32_t *context, const char *name, const char *
|
|||||||
auditData->memberNum = 1;
|
auditData->memberNum = 1;
|
||||||
auditData->members[0] = auditData->dacData.gid;
|
auditData->members[0] = auditData->dacData.gid;
|
||||||
}
|
}
|
||||||
AddSecurityLabel(auditData);
|
|
||||||
return 0;
|
return AddSecurityLabel(auditData);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int LoadParamLabels(const char *fileName)
|
static int LoadParamLabels(const char *fileName)
|
||||||
{
|
{
|
||||||
|
int result = -1;
|
||||||
ParamAuditData *auditData = (ParamAuditData *)calloc(1,
|
ParamAuditData *auditData = (ParamAuditData *)calloc(1,
|
||||||
sizeof(ParamAuditData) + sizeof(uid_t) * MAX_MEMBER_IN_GROUP);
|
sizeof(ParamAuditData) + sizeof(uid_t) * MAX_MEMBER_IN_GROUP);
|
||||||
if (auditData == NULL) {
|
if (auditData == NULL) {
|
||||||
PARAM_LOGE("Failed to alloc memory %s", fileName);
|
PARAM_LOGE("Failed to alloc memory %s", fileName);
|
||||||
return 0;
|
return result;
|
||||||
}
|
}
|
||||||
uint32_t infoCount = 0;
|
uint32_t infoCount = 0;
|
||||||
FILE *fp = fopen(fileName, "r");
|
FILE *fp = fopen(fileName, "r");
|
||||||
@ -194,14 +195,18 @@ static int LoadParamLabels(const char *fileName)
|
|||||||
char *buff = (char *)calloc(1, buffSize);
|
char *buff = (char *)calloc(1, buffSize);
|
||||||
while (fp != NULL && buff != NULL && fgets(buff, buffSize, fp) != NULL) {
|
while (fp != NULL && buff != NULL && fgets(buff, buffSize, fp) != NULL) {
|
||||||
buff[buffSize - 1] = '\0';
|
buff[buffSize - 1] = '\0';
|
||||||
int ret = SplitParamString(buff, NULL, 0, LoadOneParam_, (const uint32_t *)auditData);
|
result = SplitParamString(buff, NULL, 0, LoadOneParam_, (const uint32_t *)auditData);
|
||||||
if (ret != 0) {
|
if (result != 0) {
|
||||||
PARAM_LOGE("Failed to split string %s fileName %s", buff, fileName);
|
PARAM_LOGE("Failed to split string %s fileName %s, result is:%d", buff, fileName, result);
|
||||||
continue;
|
break;
|
||||||
}
|
}
|
||||||
infoCount++;
|
infoCount++;
|
||||||
}
|
}
|
||||||
PARAM_LOGI("Load parameter label total %u success %s", infoCount, fileName);
|
|
||||||
|
if (result == 0) {
|
||||||
|
PARAM_LOGI("Load parameter label total %u success %s", infoCount, fileName);
|
||||||
|
}
|
||||||
|
|
||||||
if (fp != NULL) {
|
if (fp != NULL) {
|
||||||
(void)fclose(fp);
|
(void)fclose(fp);
|
||||||
}
|
}
|
||||||
@ -211,7 +216,7 @@ static int LoadParamLabels(const char *fileName)
|
|||||||
if (auditData != NULL) {
|
if (auditData != NULL) {
|
||||||
free(auditData);
|
free(auditData);
|
||||||
}
|
}
|
||||||
return 0;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ProcessParamFile(const char *fileName, void *context)
|
static int ProcessParamFile(const char *fileName, void *context)
|
||||||
@ -255,7 +260,10 @@ static int DacGetParamSecurityLabel(const char *path)
|
|||||||
}
|
}
|
||||||
if ((stat(fileName, &st) == 0) && !S_ISDIR(st.st_mode)) {
|
if ((stat(fileName, &st) == 0) && !S_ISDIR(st.st_mode)) {
|
||||||
count++;
|
count++;
|
||||||
ProcessParamFile(fileName, NULL);
|
ret = ProcessParamFile(fileName, NULL);
|
||||||
|
if (ret != 0) {
|
||||||
|
return ret;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
PARAM_LOGV("Get parameter security label dac number is %d, from %s.", count, path);
|
PARAM_LOGV("Get parameter security label dac number is %d, from %s.", count, path);
|
||||||
|
@ -119,9 +119,6 @@ if (defined(ohos_lite)) {
|
|||||||
defines += [ "__MUSL__" ]
|
defines += [ "__MUSL__" ]
|
||||||
}
|
}
|
||||||
|
|
||||||
if (startup_init_test_performance) {
|
|
||||||
defines += [ "PARAM_TEST_PERFORMANCE" ]
|
|
||||||
}
|
|
||||||
if (!startup_init_with_param_base) {
|
if (!startup_init_with_param_base) {
|
||||||
ldflags = [ "-nostdlib" ]
|
ldflags = [ "-nostdlib" ]
|
||||||
configs -= inherited_configs
|
configs -= inherited_configs
|
||||||
@ -162,7 +159,10 @@ if (defined(ohos_lite)) {
|
|||||||
defines = [ "_GNU_SOURCE" ]
|
defines = [ "_GNU_SOURCE" ]
|
||||||
deps = []
|
deps = []
|
||||||
|
|
||||||
include_dirs += [ "//third_party/bounds_checking_function/include" ]
|
include_dirs += [
|
||||||
|
"//base/startup/init/services/init/include",
|
||||||
|
"//third_party/bounds_checking_function/include",
|
||||||
|
]
|
||||||
if (build_selinux) {
|
if (build_selinux) {
|
||||||
include_dirs += [
|
include_dirs += [
|
||||||
"//third_party/selinux/libselinux/include/",
|
"//third_party/selinux/libselinux/include/",
|
||||||
|
@ -363,7 +363,7 @@ INIT_LOCAL_API int AddParamEntry(uint32_t index, uint8_t type, const char *name,
|
|||||||
ParamNode *entry = (ParamNode *)GetTrieNode(workSpace, node->dataIndex);
|
ParamNode *entry = (ParamNode *)GetTrieNode(workSpace, node->dataIndex);
|
||||||
if (entry == NULL) {
|
if (entry == NULL) {
|
||||||
uint32_t offset = AddParamNode(workSpace, type, name, strlen(name), value, strlen(value));
|
uint32_t offset = AddParamNode(workSpace, type, name, strlen(name), value, strlen(value));
|
||||||
PARAM_CHECK(offset != 0, return PARAM_CODE_MEMORY_NOT_ENOUGH, "Failed to allocate name %s", name);
|
PARAM_CHECK(offset > 0, return PARAM_CODE_REACHED_MAX, "Failed to allocate name %s", name);
|
||||||
SaveIndex(&node->dataIndex, offset);
|
SaveIndex(&node->dataIndex, offset);
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
@ -385,7 +385,7 @@ INIT_LOCAL_API int AddSecurityLabel(const ParamAuditData *auditData)
|
|||||||
uint32_t offset = node->labelIndex;
|
uint32_t offset = node->labelIndex;
|
||||||
if (node->labelIndex == 0) { // can not support update for label
|
if (node->labelIndex == 0) { // can not support update for label
|
||||||
offset = AddParamSecurityNode(workSpace, auditData);
|
offset = AddParamSecurityNode(workSpace, auditData);
|
||||||
PARAM_CHECK(offset != 0, return PARAM_CODE_MEMORY_NOT_ENOUGH, "Failed to add label");
|
PARAM_CHECK(offset > 0, return PARAM_CODE_REACHED_MAX, "Failed to add label");
|
||||||
SaveIndex(&node->labelIndex, offset);
|
SaveIndex(&node->labelIndex, offset);
|
||||||
} else {
|
} else {
|
||||||
ParamSecurityNode *label = (ParamSecurityNode *)GetTrieNode(workSpace, node->labelIndex);
|
ParamSecurityNode *label = (ParamSecurityNode *)GetTrieNode(workSpace, node->labelIndex);
|
||||||
|
@ -85,11 +85,7 @@ extern "C" {
|
|||||||
#define PARAM_WORKSPACE_DEF PARAM_WORKSPACE_MAX
|
#define PARAM_WORKSPACE_DEF PARAM_WORKSPACE_MAX
|
||||||
#else // __LITEOS_A__
|
#else // __LITEOS_A__
|
||||||
#define DAC_DEFAULT_MODE 0774
|
#define DAC_DEFAULT_MODE 0774
|
||||||
#ifdef PARAM_TEST_PERFORMANCE
|
|
||||||
#define PARAM_WORKSPACE_MAX (1024 * 1024 * 10)
|
|
||||||
#else
|
|
||||||
#define PARAM_WORKSPACE_MAX (80 * 1024)
|
#define PARAM_WORKSPACE_MAX (80 * 1024)
|
||||||
#endif
|
|
||||||
#define PARAM_WORKSPACE_SMALL (1024 * 10)
|
#define PARAM_WORKSPACE_SMALL (1024 * 10)
|
||||||
#define PARAM_WORKSPACE_DEF (1024 * 30)
|
#define PARAM_WORKSPACE_DEF (1024 * 30)
|
||||||
#define PARAM_WORKSPACE_DAC (1024 * 20)
|
#define PARAM_WORKSPACE_DAC (1024 * 20)
|
||||||
|
@ -470,6 +470,7 @@ static int UpdateParam(const WorkSpace *workSpace, uint32_t *dataIndex, const ch
|
|||||||
|
|
||||||
INIT_LOCAL_API int WriteParam(const char *name, const char *value, uint32_t *dataIndex, int mode)
|
INIT_LOCAL_API int WriteParam(const char *name, const char *value, uint32_t *dataIndex, int mode)
|
||||||
{
|
{
|
||||||
|
int flag = 0;
|
||||||
PARAM_LOGV("WriteParam %s", name);
|
PARAM_LOGV("WriteParam %s", name);
|
||||||
ParamWorkSpace *paramSpace = GetParamWorkSpace();
|
ParamWorkSpace *paramSpace = GetParamWorkSpace();
|
||||||
PARAM_CHECK(paramSpace != NULL, return PARAM_WORKSPACE_NOT_INIT, "Invalid paramSpace");
|
PARAM_CHECK(paramSpace != NULL, return PARAM_WORKSPACE_NOT_INIT, "Invalid paramSpace");
|
||||||
@ -477,6 +478,11 @@ INIT_LOCAL_API int WriteParam(const char *name, const char *value, uint32_t *dat
|
|||||||
PARAM_CHECK(value != NULL && name != NULL, return PARAM_CODE_INVALID_PARAM, "Invalid name or value");
|
PARAM_CHECK(value != NULL && name != NULL, return PARAM_CODE_INVALID_PARAM, "Invalid name or value");
|
||||||
WorkSpace *workSpace = GetWorkSpaceByName(name);
|
WorkSpace *workSpace = GetWorkSpaceByName(name);
|
||||||
PARAM_CHECK(workSpace != NULL, return PARAM_CODE_INVALID_PARAM, "Invalid workSpace");
|
PARAM_CHECK(workSpace != NULL, return PARAM_CODE_INVALID_PARAM, "Invalid workSpace");
|
||||||
|
#ifdef PARAM_SUPPORT_SELINUX
|
||||||
|
if (strcmp(workSpace->fileName, WORKSPACE_NAME_DEF_SELINUX) == 0) {
|
||||||
|
flag = 1;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
ParamTrieNode *node = FindTrieNode(workSpace, name, strlen(name), NULL);
|
ParamTrieNode *node = FindTrieNode(workSpace, name, strlen(name), NULL);
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
if (node != NULL && node->dataIndex != 0) {
|
if (node != NULL && node->dataIndex != 0) {
|
||||||
@ -501,6 +507,11 @@ INIT_LOCAL_API int WriteParam(const char *name, const char *value, uint32_t *dat
|
|||||||
PARAM_CHECK(ret == 0, return ret, "Invalid param value param: %s=%s", name, value);
|
PARAM_CHECK(ret == 0, return ret, "Invalid param value param: %s=%s", name, value);
|
||||||
PARAMSPACE_AREA_RW_LOCK(workSpace);
|
PARAMSPACE_AREA_RW_LOCK(workSpace);
|
||||||
ret = AddParam((WorkSpace *)workSpace, type, name, value, dataIndex);
|
ret = AddParam((WorkSpace *)workSpace, type, name, value, dataIndex);
|
||||||
|
if ((ret == PARAM_CODE_REACHED_MAX) && (flag == 1)) {
|
||||||
|
PARAM_LOGE("Add node %s to space %s failed! memory is not enough, system reboot!",
|
||||||
|
name, workSpace->fileName);
|
||||||
|
ExecReboot("panic");
|
||||||
|
}
|
||||||
PARAMSPACE_AREA_RW_UNLOCK(workSpace);
|
PARAMSPACE_AREA_RW_UNLOCK(workSpace);
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -22,6 +22,8 @@
|
|||||||
#include "init_module_engine.h"
|
#include "init_module_engine.h"
|
||||||
#endif
|
#endif
|
||||||
#include "securec.h"
|
#include "securec.h"
|
||||||
|
#include "init_cmds.h"
|
||||||
|
#include "init_param.h"
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Loading system parameter from /proc/cmdline by the following rules:
|
* Loading system parameter from /proc/cmdline by the following rules:
|
||||||
@ -257,7 +259,10 @@ static int LoadSecurityLabel(const char *fileName)
|
|||||||
// load security label
|
// load security label
|
||||||
ParamSecurityOps *ops = GetParamSecurityOps(PARAM_SECURITY_DAC);
|
ParamSecurityOps *ops = GetParamSecurityOps(PARAM_SECURITY_DAC);
|
||||||
if (ops != NULL && ops->securityGetLabel != NULL) {
|
if (ops != NULL && ops->securityGetLabel != NULL) {
|
||||||
ops->securityGetLabel(fileName);
|
if (ops->securityGetLabel(fileName) == PARAM_CODE_REACHED_MAX) {
|
||||||
|
PARAM_LOGE("Load Security Lable failed! system reboot!");
|
||||||
|
ExecReboot("panic");
|
||||||
|
};
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
return 0;
|
return 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user