openharmony/startup_init
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_init synced 2024-12-02 16:06:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

clear init cap

Browse Source 
Signed-off-by: renwei <renwei8@huawei.com>
Change-Id: I43705587af285cd2011de4f1b4f3e1a80069249c
This commit is contained in:
renwei 2022-08-19 14:41:23 +08:00
parent a856c2c15a
commit 426368f9b7
4 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
services/param/adapter/param_selinux.c
View File

@ -216,14 +216,16 @@ static int SelinuxCheckParamPermission(const ParamSecurityLabel *srcLabel, const
SelinuxSpace *selinuxSpace = &GetParamWorkSpace()->selinuxSpace;
int ret = DAC_RESULT_FORBIDED;
// check
SrcInfo info = { 0 };
struct ucred uc;
uc.pid = srcLabel->cred.pid;
uc.uid = srcLabel->cred.uid;
uc.gid = srcLabel->cred.gid;
info.uc.pid = srcLabel->cred.pid;
info.uc.uid = srcLabel->cred.uid;
info.uc.gid = srcLabel->cred.gid;
info.sockFd = srcLabel->sockFd;
if (mode == DAC_WRITE) {
PARAM_CHECK(selinuxSpace->setParamCheck != NULL, return ret, "Invalid setParamCheck");
const char *context = GetSelinuxContent(name);
ret = selinuxSpace->setParamCheck(name, context, &uc);
ret = selinuxSpace->setParamCheck(name, context, &info);
} else {
#ifndef STARTUP_INIT_TEST
ret = SelinuxReadParamCheck(name);
@ -232,7 +234,7 @@ static int SelinuxCheckParamPermission(const ParamSecurityLabel *srcLabel, const
#endif
}
if (ret != 0) {
PARAM_LOGW("Selinux check name %s pid %d uid %d %d result %d", name, uc.pid, uc.uid, uc.gid, ret);
PARAM_LOGW("Selinux check name %s pid %d uid %d %d result %d", name, info.uc.pid, info.uc.uid, info.uc.gid, ret);
ret = DAC_RESULT_FORBIDED;
} else {
ret = DAC_RESULT_PERMISSION;

5
services/param/include/param_security.h
View File

@ -66,6 +66,7 @@ typedef enum {
} ParamSecurityType;
typedef struct {
int32_t sockFd;
UserCred cred;
uint32_t flags[PARAM_SECURITY_MAX];
} ParamSecurityLabel;
@ -96,11 +97,11 @@ typedef struct {
} ParamSecurityOps;
typedef int (*RegisterSecurityOpsPtr)(ParamSecurityOps *ops, int isInit);
typedef int (*SelinuxSetParamCheck)(const char *paraName, const char *destContext, struct ucred *uc);
typedef int (*SelinuxSetParamCheck)(const char *paraName, const char *destContext, int32_t sockFd, struct ucred *uc);
typedef struct SelinuxSpace_ {
void *selinuxHandle;
void (*setSelinuxLogCallback)(void);
int (*setParamCheck)(const char *paraName, const char *destContext, struct ucred *uc);
int (*setParamCheck)(const char *paraName, const char *destContext, const SrcInfo *info);
const char *(*getParamLabel)(const char *paraName);
int (*initParamSelinux)(void);
int (*readParamCheck)(const char *paraName);

1
services/param/linux/param_service.c
View File

@ -168,6 +168,7 @@ static int HandleParamSet(const ParamTaskPtr worker, const ParamMessage *msg)
PARAM_LOGE("Failed to get opt %d", errno);
return SendResponseMsg(worker, msg, -1);
}
srcLabel.sockFd = LE_GetSocketFd(worker);
srcLabel.cred.uid = cr.uid;
srcLabel.cred.pid = cr.pid;
srcLabel.cred.gid = cr.gid;

2
test/unittest/param/param_stub.cpp
View File

@ -61,7 +61,7 @@ static const char *forbitWriteParamName[] = {
"test.persmission.watch"
};
static int TestSetParamCheck(const char *paraName, const char *context, struct ucred *uc)
static int TestSetParamCheck(const char *paraName, const char *context, const SrcInfo *info)
{
// forbid to read ohos.servicectrl.
for (size_t i = 0; i < ARRAY_LENGTH(forbitWriteParamName); i++) {