mirror of
https://gitee.com/openharmony/startup_init
synced 2024-11-24 00:30:12 +00:00
fix code error
Signed-off-by: GengYinzong <gengyinzong@huawei.com> Change-Id: I7396f54c37f8abd27c9b9b5d9144f54870f626ae
This commit is contained in:
parent
d2b059b8b9
commit
afc51f5f3f
@ -155,7 +155,7 @@ def gen_syscall_nr_table(file_name, func_name_nr_table):
|
||||
|
||||
|
||||
class SeccompPolicyParam:
|
||||
def __init__(self, arch, function_name_nr_table):
|
||||
def __init__(self, arch, function_name_nr_table, is_debug):
|
||||
self.arch = arch
|
||||
self.priority = set()
|
||||
self.allow_list = set()
|
||||
@ -170,6 +170,7 @@ class SeccompPolicyParam:
|
||||
self.final_allow_list_with_args = set()
|
||||
self.return_value = ''
|
||||
self.mode = 'DEFAULT'
|
||||
self.is_debug = is_debug
|
||||
self.function_name_nr_table = function_name_nr_table
|
||||
self.value_function = {
|
||||
'priority': self.update_priority,
|
||||
@ -242,6 +243,8 @@ class SeccompPolicyParam:
|
||||
|
||||
def update_return_value(self, return_str):
|
||||
if return_str in ret_str_to_bpf:
|
||||
if self.is_debug == 'false' and return_str == 'LOG':
|
||||
raise ValidateError("LOG return value is not allowed in user mode")
|
||||
self.return_value = return_str
|
||||
return True
|
||||
|
||||
@ -803,6 +806,13 @@ class SeccompPolicyParser:
|
||||
self.seccomp_policy_param = dict()
|
||||
self.reduced_block_list_parm = dict()
|
||||
self.key_process_flag = False
|
||||
self.is_debug = False
|
||||
|
||||
def update_is_debug(self, is_debug):
|
||||
if is_debug == 'false':
|
||||
self.is_debug = False
|
||||
else:
|
||||
self.is_debug = True
|
||||
|
||||
def update_arch(self, target_cpu):
|
||||
if target_cpu == "arm":
|
||||
@ -898,6 +908,9 @@ class SeccompPolicyParser:
|
||||
cur_policy_param.mode, cur_policy_param.return_value)
|
||||
|
||||
self.bpf_generator.add_return_value(cur_policy_param.return_value)
|
||||
for line in self.bpf_generator.bpf_policy:
|
||||
if 'SECCOMP_RET_LOG' in line and self.is_debug == False:
|
||||
raise ValidateError("LOG return value is not allowed in user mode")
|
||||
|
||||
def gen_seccomp_policy(self):
|
||||
arches = sorted(list(self.arches))
|
||||
@ -960,13 +973,14 @@ class SeccompPolicyParser:
|
||||
|
||||
for arch in supported_architecture:
|
||||
self.seccomp_policy_param.update(
|
||||
{arch: SeccompPolicyParam(arch, function_name_nr_table_dict.get(arch))})
|
||||
{arch: SeccompPolicyParam(arch, function_name_nr_table_dict.get(arch), args.is_debug)})
|
||||
self.reduced_block_list_parm.update(
|
||||
{arch: AllowBlockList(args.filter_name, arch, function_name_nr_table_dict.get(arch))})
|
||||
|
||||
self.bpf_generator.update_function_name_nr_table(function_name_nr_table_dict)
|
||||
|
||||
self.update_arch(args.target_cpu)
|
||||
self.update_is_debug(args.is_debug)
|
||||
|
||||
for file_name in args.blocklist_file:
|
||||
if file_name.lower().endswith('blocklist.seccomp.policy'):
|
||||
@ -1012,6 +1026,9 @@ def main():
|
||||
parser.add_argument('--target-cpu', type=str,
|
||||
help=('please input target cpu arm or arm64\n'))
|
||||
|
||||
parser.add_argument('--is-debug', type=str,
|
||||
help=('please input is_debug true or false\n'))
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
generator = SeccompPolicyParser()
|
||||
|
@ -91,6 +91,12 @@ template("ohos_prebuilt_seccomp") {
|
||||
":${_syscall_to_nr_arm_name}",
|
||||
]
|
||||
|
||||
if (build_variant == "root") {
|
||||
seccomp_is_debug = "true"
|
||||
} else {
|
||||
seccomp_is_debug = "false"
|
||||
}
|
||||
|
||||
args = []
|
||||
foreach(source, sources) {
|
||||
args += [
|
||||
@ -109,6 +115,8 @@ template("ohos_prebuilt_seccomp") {
|
||||
invoker.target_cpu,
|
||||
"--keyprocess-file",
|
||||
rebase_path(_key_process_file_name),
|
||||
"--is-debug",
|
||||
seccomp_is_debug,
|
||||
]
|
||||
|
||||
outputs = [ _seccomp_filter_file ]
|
||||
|
Loading…
Reference in New Issue
Block a user