openharmony/startup_init
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_init synced 2025-03-04 18:47:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!265 Add: 支持在配置文件中配置服务进程的AccessToken信息

Browse Source 
Merge pull request !265 from 熊磊/0125
This commit is contained in:
openharmony_ci 2022-01-25 12:00:25 +00:00 committed by Gitee
commit 9ad2c6ab94
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
9 changed files with 86 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
services/BUILD.gn
View File

@ -121,6 +121,8 @@ if (defined(ohos_lite)) {
sources += init_common_sources
include_dirs = [
"//base/security/access_token/interfaces/innerkits/token_setproc/include",
"//base/security/access_token/interfaces/innerkits/nativetoken/include",
"//base/startup/init_lite/services/include/param",
"//base/startup/init_lite/services/include",
"//base/startup/init_lite/services/init/include",
@ -134,6 +136,8 @@ if (defined(ohos_lite)) {
"//third_party/bounds_checking_function/include",
]
deps = [
"//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken",
"//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc",
"//base/startup/init_lite/interfaces/innerkits:libfsmanager_static",
"//base/startup/init_lite/services/log:init_log",
"//base/startup/init_lite/services/loopevent:loopevent",

6
services/init/include/init_service.h
View File

@ -15,6 +15,7 @@
#ifndef BASE_STARTUP_INITLITE_SERVICE_H
#define BASE_STARTUP_INITLITE_SERVICE_H
#include <sys/types.h>
#include <stdint.h>
#include "cJSON.h"
#include "init_cmds.h"
@ -114,6 +115,7 @@ typedef struct Service_ {
int importance;
int startMode : 4; // startCondition/ startBoot / startNormal
int endMode : 4; // preFork/ fork / exec / ready
uint64_t tokenId;
char apl[MAX_APL_NAME + 1];
ServiceArgs capsArgs;
Perms servPerm;
@ -140,6 +142,8 @@ int GetServiceCaps(const cJSON *curArrItem, Service *curServ);
int ServiceExec(const Service *service);
void CloseServiceFds(Service *service, bool needFree);
int UpdaterServiceFds(Service *service, int *fds, size_t fdCount);
int SetAccessToken(const Service *service);
void GetAccessToken(void);
#ifdef __cplusplus
#if __cplusplus
@ -147,4 +151,4 @@ int UpdaterServiceFds(Service *service, int *fds, size_t fdCount);
#endif
#endif
#endif // BASE_STARTUP_INITLITE_SERVICE_H
#endif // BASE_STARTUP_INITLITE_SERVICE_H

4
services/init/include/init_service_manager.h
View File

@ -33,6 +33,8 @@ extern "C" {
#define CRITICAL_STR_IN_CFG "critical"
#define DISABLED_STR_IN_CFG "disabled"
#define CONSOLE_STR_IN_CFG "console"
#define D_CAPS_STR_IN_CFG "d-caps"
#define APL_STR_IN_CFG "apl"
#define MAX_SERVICES_CNT_IN_FILE 100
@ -56,7 +58,7 @@ void StopAllServices(int flags);
void ParseAllServices(const cJSON *fileRoot);
void ReleaseService(Service *service);
void StartAllServices(int startMode);
void LoadAccessTokenId(void);
#ifdef OHOS_SERVICE_DUMP
void DumpAllServices();
#endif

30
services/init/init_common_service.c
View File

@ -59,32 +59,6 @@ static int SetAllAmbientCapability(void)
return SERVICE_SUCCESS;
}
int __attribute__((weak)) SetSelfTokenID(uint64_t tokenID)
{
return SERVICE_SUCCESS;
}
uint64_t __attribute__((weak)) GetAccessTokenId(const char *processname, char **dcap, int dacpNum, char *apl)
{
return SERVICE_SUCCESS;
}
static int SetAccessToken(const Service *service)
{
INIT_ERROR_CHECK(service != NULL, return SERVICE_FAILURE, "%s failed", service->name);
INIT_ERROR_CHECK(service->capsArgs.count > 0, return SERVICE_SUCCESS,
"%s invalid, count is %d", service->name, service->capsArgs.count);
WaitForFile("/dev/ioctl_device", WAIT_MAX_SECOND);
uint64_t tokenId = GetAccessTokenId(service->name, service->capsArgs.argv, service->capsArgs.count,
(char *)service->apl);
if (tokenId == 0) {
INIT_LOGE("Set totken id %lld of service \' %s \' failed", service->name, tokenId);
return SERVICE_FAILURE;
}
int ret = SetSelfTokenID(tokenId);
return ret == 0 ? SERVICE_SUCCESS : SERVICE_FAILURE;
}
static int SetPerms(const Service *service)
{
INIT_CHECK_RETURN_VALUE(KeepCapability() == 0, SERVICE_FAILURE);
@ -138,8 +112,6 @@ static int SetPerms(const Service *service)
return SERVICE_FAILURE;
}
}
int ret = SetAccessToken(service);
INIT_CHECK_ONLY_ELOG(ret == 0, "set access token failed for service %s", service->name);
return SERVICE_SUCCESS;
}
@ -273,6 +245,8 @@ int ServiceStart(Service *service)
}
int pid = fork();
if (pid == 0) {
INIT_CHECK_ONLY_ELOG(SetAccessToken(service) == SERVICE_SUCCESS,
"set access token failed for service %s", service->name);
// deal start job
if (service->serviceJobs.jobsName[JOB_ON_START] != NULL) {
DoJobNow(service->serviceJobs.jobsName[JOB_ON_START]);

20
services/init/init_service_manager.c
View File

@ -168,6 +168,7 @@ void ReleaseService(Service *service)
}
FreeServiceArg(&service->pathArgs);
FreeServiceArg(&service->writePidArgs);
FreeServiceArg(&service->capsArgs);
if (service->servPerm.caps != NULL) {
free(service->servPerm.caps);
@ -230,7 +231,12 @@ static int GetServiceArgs(const cJSON *argJson, const char *name, int maxCount,
for (int i = 0; i < count + 1; ++i) {
args->argv[i] = NULL;
}
args->count = count + 1;
// ServiceArgs have a variety of uses, some requiring a NULL ending, some not
if (strcmp(name, D_CAPS_STR_IN_CFG) != 0) {
args->count = count + 1;
} else {
args->count = count;
}
for (int i = 0; i < count; ++i) {
char *curParam = cJSON_GetStringValue(cJSON_GetArrayItem(obj, i));
INIT_ERROR_CHECK(curParam != NULL, return SERVICE_FAILURE, "Invalid arg %d", i);
@ -662,8 +668,9 @@ int ParseOneService(const cJSON *curItem, Service *service)
ret = GetServiceAttr(curItem, service, CONSOLE_STR_IN_CFG, SERVICE_ATTR_CONSOLE, NULL);
INIT_ERROR_CHECK(ret == 0, return SERVICE_FAILURE, "Failed to get console for service %s", service->name);
ret = GetServiceArgs(curItem, "writepid", MAX_WRITEPID_FILES, &service->writePidArgs);
INIT_CHECK_ONLY_ELOG(ret == 0, "No writepid arg for service %s", service->name);
(void)GetServiceArgs(curItem, "writepid", MAX_WRITEPID_FILES, &service->writePidArgs);
(void)GetServiceArgs(curItem, D_CAPS_STR_IN_CFG, MAX_WRITEPID_FILES, &service->capsArgs);
(void)GetStringItem(curItem, APL_STR_IN_CFG, service->apl, MAX_APL_NAME);
ret = GetServiceCaps(curItem, service);
INIT_ERROR_CHECK(ret == 0, return SERVICE_FAILURE, "Failed to get caps for service %s", service->name);
ret = GetDynamicService(curItem, service);
@ -869,4 +876,9 @@ void StartAllServices(int startMode)
}
#endif
INIT_LOGI("StartAllServices %d finsh", startMode);
}
}
void LoadAccessTokenId(void)
{
GetAccessToken();
}

10
services/init/lite/init_service.c
View File

@ -74,3 +74,13 @@ int ServiceExec(const Service *service)
}
return SERVICE_SUCCESS;
}
int SetAccessToken(const Service *service)
{
return SERVICE_SUCCESS;
}
void GetAccessToken(void)
{
return;
}

7
services/init/standard/init_cmds.c
View File

@ -276,6 +276,12 @@ static void DoRestorecon(const struct CmdArgs *ctx)
return;
}
static void DoLoadAccessTokenId(const struct CmdArgs *ctx)
{
INIT_LOGI("load access token id : %s", ctx->argv[0]);
LoadAccessTokenId();
}
static const struct CmdTable g_cmdTable[] = {
{ "exec ", 1, 10, DoExec },
{ "mknode ", 1, 5, DoMakeNode },
@ -286,6 +292,7 @@ static const struct CmdTable g_cmdTable[] = {
{ "setparam ", 2, 2, DoSetParam },
{ "load_persist_params ", 1, 1, DoLoadPersistParams },
{ "load_param ", 1, 2, DoLoadDefaultParams },
{ "load_access_token_id ", 1, 1, DoLoadAccessTokenId },
{ "ifup ", 1, 1, DoIfup },
{ "mount_fstab ", 1, 1, DoMountFstabFile },
{ "umount_fstab ", 1, 1, DoUmountFstabFile },

35
services/init/standard/init_service.c
View File

@ -19,11 +19,14 @@
#include <sys/param.h>
#include <sys/resource.h>
#include "init_group_manager.h"
#include "init.h"
#include "init_log.h"
#include "init_param.h"
#include "init_utils.h"
#include "securec.h"
#include "token_setproc.h"
#include "nativetoken_kit.h"
#define MIN_IMPORTANT_LEVEL (-20)
#define MAX_IMPORTANT_LEVEL 19
@ -79,3 +82,35 @@ int ServiceExec(const Service *service)
}
return SERVICE_SUCCESS;
}
int SetAccessToken(const Service *service)
{
INIT_ERROR_CHECK(service != NULL, return SERVICE_FAILURE, "%s failed", service->name);
int ret = SetSelfTokenID(service->tokenId);
INIT_LOGI("%s: token id %lld, set token id result %d", service->name, service->tokenId, ret);
return ret == 0 ? SERVICE_SUCCESS : SERVICE_FAILURE;
}
void GetAccessToken(void)
{
InitGroupNode *node = GetNextGroupNode(NODE_TYPE_SERVICES, NULL);
while (node != NULL) {
Service *service = node->data.service;
if (service != NULL) {
if (service->capsArgs.count == 0) {
service->capsArgs.argv = NULL;
}
if (strlen(service->apl) == 0) {
(void)strncpy_s(service->apl, sizeof(service->apl),
"system_core", sizeof(service->apl) - 1);
}
uint64_t tokenId = GetAccessTokenId(service->name, (const char **)service->capsArgs.argv,
service->capsArgs.count, service->apl);
if (tokenId == 0) {
INIT_LOGE("Set totken id %lld of service \' %s \' failed", service->name, tokenId);
}
service->tokenId = tokenId;
}
node = GetNextGroupNode(NODE_TYPE_SERVICES, node);
}
}

4
test/unittest/BUILD.gn
View File

@ -162,9 +162,13 @@ ohos_unittest("init_ut") {
"//third_party/bounds_checking_function/include",
"//third_party/libuv/include",
"//third_party/cJSON",
"//base/security/access_token/interfaces/innerkits/token_setproc/include",
"//base/security/access_token/interfaces/innerkits/nativetoken/include",
]
deps = [
"//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken",
"//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc",
"//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
"//third_party/bounds_checking_function:libsec_static",
"//third_party/cJSON:cjson_static",