openharmony/startup_init
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_init synced 2024-12-03 16:34:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix:增加selinux属性校验

Browse Source 
Signed-off-by: xionglei6 <xionglei6@huawei.com>
This commit is contained in:
xionglei6 2022-03-05 14:38:10 +08:00
parent c0e607a07e
commit 9ab3e1f8c8
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
services/param/manager/param_manager.c
View File

@ -236,12 +236,9 @@ int TraversalParam(const ParamWorkSpace *workSpace,
}
#ifdef WITH_SELINUX
void *g_selinuxHandle = NULL;
int CheckParamPermissionWithSelinux(const ParamSecurityLabel *srcLabel, const char *name, uint32_t mode)
static void *g_selinuxHandle = NULL;
static int CheckParamPermissionWithSelinux(const ParamSecurityLabel *srcLabel, const char *name, uint32_t mode)
{
if (srcLabel == NULL || mode != DAC_WRITE) {
return DAC_RESULT_PERMISSION;
}
static void (*setSelinuxLogCallback)();
static int (*setParamCheck)(const char *paraName, struct ucred *uc);
g_selinuxHandle = dlopen("/system/lib/libparaperm_checker.z.so", RTLD_LAZY);
@ -287,9 +284,11 @@ int CheckParamPermission(const ParamWorkSpace *workSpace,
}
PARAM_CHECK(name != NULL && srcLabel != NULL, return -1, "Invalid param");
#ifdef WITH_SELINUX
int ret = CheckParamPermissionWithSelinux(srcLabel, name, mode);
if (ret == DAC_RESULT_PERMISSION) {
return DAC_RESULT_PERMISSION;
if (mode == DAC_WRITE) {
int ret = CheckParamPermissionWithSelinux(srcLabel, name, mode);
if (ret == DAC_RESULT_PERMISSION) {
return DAC_RESULT_PERMISSION;
}
}
#endif
if (workSpace->paramSecurityOps.securityCheckParamPermission == NULL) {