<feat>

增强DFX能力，进程被seccomp机制拦截而崩溃时，留下上下文信息在relase版本的root版本增加系统参数，用于控制seccomp机制的开关，release的user版本不支持seccomp开关能力 Signed-off-by: N xiacong <xiacong4@huawei.com> Change-Id: I57efe5d4b25f60ca6cd07373aa147a1f4f2af234 Signed-off-by: N xiacong <xiacong4@huawei.com>

<feat>
增强DFX能力，进程被seccomp机制拦截而崩溃时，留下上下文信息在relase版本的root版本增加系统参数，用于控制seccomp机制的开关，release的user版本不支持seccomp开关能力 Signed-off-by: N xiacong <xiacong4@huawei.com> Change-Id: I57efe5d4b25f60ca6cd07373aa147a1f4f2af234 Signed-off-by: N xiacong <xiacong4@huawei.com>
1090e04e · xiacong · dc9404e2 · 1090e04e · 1090e04e · 1090e04e
14 changed file
--- a/interfaces/innerkits/seccomp/BUILD.gn
+++ b/interfaces/innerkits/seccomp/BUILD.gn
@@ -18,6 +18,12 @@ config("seccomp_public_config") {
 }
 if (defined(build_seccomp) && build_seccomp) {
+  if (build_variant == "root") {
+    seccomp_enable_debug = true
+  } else {
+    seccomp_enable_debug = false
+  }
  ohos_shared_library("seccomp") {
    sources =
        [ "//base/startup/init/services/modules/seccomp/seccomp_policy.c" ]
@@ -31,6 +37,15 @@ if (defined(build_seccomp) && build_seccomp) {
      "//third_party/bounds_checking_function/include",
    ]
+    if (seccomp_enable_debug) {
+      include_dirs += [
+        "../../../services/include",
+        "../../../services/include/param",
+      ]
+      defines = [ "WITH_SECCOMP_DEBUG" ]
+    }
    deps = [
      "//base/startup/init/interfaces/innerkits:libbegetutil",
      "//third_party/bounds_checking_function:libsec_shared",

--- a/services/init/init_common_service.c
+++ b/services/init/init_common_service.c
@@ -73,7 +73,7 @@ static int SetAllAmbientCapability(void)
 static void SetSystemSeccompPolicy(const Service *service)
 {
 #ifdef WITH_SECCOMP
-    if (strncmp(APPSPAWN_NAME, service->name, strlen(APPSPAWN_NAME)) \
+    if (strncmp(APPSPAWN_NAME, service->name, strlen(APPSPAWN_NAME))
        && strncmp(NWEBSPAWN_NAME, service->name, strlen(NWEBSPAWN_NAME))
        && !strncmp(SA_MAIN_PATH, service->pathArgs.argv[0], strlen(SA_MAIN_PATH))) {
        PluginExecCmdByName("SetSeccompPolicy", "start");

--- a/services/modules/seccomp/BUILD.gn
+++ b/services/modules/seccomp/BUILD.gn
@@ -11,7 +11,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-import("//base/startup/init/begetd.gni")
 import(
    "//base/startup/init/services/modules/seccomp/scripts/seccomp_policy_fixer.gni")
 import("//build/config/clang/clang.gni")
@@ -20,6 +19,12 @@ import("//build/ohos/kernel/kernel.gni")
 INIT_PART = "init"
+if (build_variant == "root") {
+  seccomp_enable_debug = true
+} else {
+  seccomp_enable_debug = false
+}
 action("syscall_to_nr_arm") {
  script = "${clang_base_path}/bin/clang"
  output_dir = target_gen_dir + "/libsyscall_to_nr_arm"
@@ -145,6 +150,15 @@ config("libseccomp_static_config") {
    "//base/startup/init/interfaces/innerkits/seccomp/include",
    "//third_party/bounds_checking_function/include",
  ]
+  if (seccomp_enable_debug) {
+    include_dirs += [
+      "../../../services/include",
+      "../../../services/include/param",
+    ]
+    defines = [ "WITH_SECCOMP_DEBUG" ]
+  }
 }
 ohos_source_set("libseccomp_static") {

--- a/services/modules/seccomp/scripts/generate_code_from_policy.py
+++ b/services/modules/seccomp/scripts/generate_code_from_policy.py
@@ -44,6 +44,7 @@ operation = ['<', '<=', '!=', '==', '>', '>=', '&']
 ret_str_to_bpf = {
    'KILL_PROCESS': 'SECCOMP_RET_KILL_PROCESS',
    'KILL_THREAD': 'SECCOMP_RET_KILL_THREAD',
+    'TRAP': 'SECCOMP_RET_TRAP',
    'LOG' : 'SECCOMP_RET_LOG',
    'ALLOW': 'SECCOMP_RET_ALLOW'
 }
@@ -691,13 +692,13 @@ class GenBpfPolicy:
            bpf_policy.append(BPF_JEQ.format('AUDIT_ARCH_AARCH64', 3, 0))
            bpf_policy.append(BPF_JEQ.format('AUDIT_ARCH_ARM', 0, 1))
            bpf_policy.append(BPF_JA.format(skip_step))
-            bpf_policy.append(BPF_RET_VALUE.format('SECCOMP_RET_KILL_PROCESS'))
+            bpf_policy.append(BPF_RET_VALUE.format('SECCOMP_RET_TRAP'))
        elif 'arm' in arches:
            bpf_policy.append(BPF_JEQ.format('AUDIT_ARCH_ARM', 1, 0))
-            bpf_policy.append(BPF_RET_VALUE.format('SECCOMP_RET_KILL_PROCESS'))
+            bpf_policy.append(BPF_RET_VALUE.format('SECCOMP_RET_TRAP'))
        elif 'arm64' in arches:
            bpf_policy.append(BPF_JEQ.format('AUDIT_ARCH_AARCH64', 1, 0))
-            bpf_policy.append(BPF_RET_VALUE.format('SECCOMP_RET_KILL_PROCESS'))
+            bpf_policy.append(BPF_RET_VALUE.format('SECCOMP_RET_TRAP'))
        else:
            self.bpf_policy = []

--- a/services/modules/seccomp/seccomp_policy.c
+++ b/services/modules/seccomp/seccomp_policy.c
@@ -17,6 +17,11 @@
 #include "plugin_adapter.h"
 #include "securec.h"
+#ifdef WITH_SECCOMP_DEBUG
+#include "init_utils.h"
+#include "sys_param.h"
+#endif
 #include <dlfcn.h>
 #include <sys/syscall.h>
 #include <unistd.h>
@@ -169,12 +174,34 @@ static int GetSeccompPolicy(const char *filterName, int **handler,
    return ret;
 }
+#ifdef WITH_SECCOMP_DEBUG
+static bool IsEnableSeccomp(void)
+{
+    char value[MAX_BUFFER_LEN] = {0};
+    unsigned int len = MAX_BUFFER_LEN;
+    bool isEnableSeccompFlag = true;
+    if (SystemReadParam("persist.init.debug.seccomp.enable", value, &len) == 0) {
+        if (strncmp(value, "0", len) == 0) {
+            isEnableSeccompFlag = false;
+        }
+    }
+    return isEnableSeccompFlag;
+}
+#endif
 bool SetSeccompPolicyWithName(const char *filterName)
 {
    if (filterName == NULL) {
        return false;
    }
+#ifdef WITH_SECCOMP_DEBUG
+    if (!IsEnableSeccomp()) {
+        return true;
+    }
+#endif
    void *handler = NULL;
    char *filterLibRealPath = NULL;
    struct sock_fprog prog;

--- a/services/modules/seccomp/seccomp_policy/app_arm.seccomp.policy
+++ b/services/modules/seccomp/seccomp_policy/app_arm.seccomp.policy
@@ -15,7 +15,7 @@
 arm
 @returnValue
-KILL_PROCESS
+TRAP
 @priority
 ioctl

--- a/services/modules/seccomp/seccomp_policy/app_arm64.seccomp.policy
+++ b/services/modules/seccomp/seccomp_policy/app_arm64.seccomp.policy
@@ -15,7 +15,7 @@
 arm64
 @returnValue
-KILL_PROCESS
+TRAP
 @priority
 ioctl

--- a/services/modules/seccomp/seccomp_policy/renderer_arm.seccomp.policy
+++ b/services/modules/seccomp/seccomp_policy/renderer_arm.seccomp.policy
@@ -15,7 +15,7 @@
 arm
 @returnValue
-KILL_PROCESS
+TRAP
 @headFiles
 "time.h"
@@ -175,9 +175,9 @@ ptrace
 membarrier
 @allowListWithArgs
-getrusage:if arg0 == RUSAGE_SELF || arg0 == RUSAGE_THREAD; return ALLOW; else return KILL_PROCESS;
+getrusage:if arg0 == RUSAGE_SELF || arg0 == RUSAGE_THREAD; return ALLOW; else return TRAP;
-clock_getres:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return KILL_PROCESS;
+clock_getres:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return TRAP;
-clock_gettime:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return KILL_PROCESS;
+clock_gettime:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return TRAP;
-clock_nanosleep:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return KILL_PROCESS;
+clock_nanosleep:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return TRAP;
-socketpair:if arg0 == AF_UNIX; return ALLOW; else return KILL_PROCESS;
+socketpair:if arg0 == AF_UNIX; return ALLOW; else return TRAP;
-getsockopt:if arg1 == SOL_SOCKET || arg2 == SO_PEEK_OFF; return ALLOW; else return KILL_PROCESS;
+getsockopt:if arg1 == SOL_SOCKET || arg2 == SO_PEEK_OFF; return ALLOW; else return TRAP;
--- a/services/modules/seccomp/seccomp_policy/renderer_arm64.seccomp.policy
+++ b/services/modules/seccomp/seccomp_policy/renderer_arm64.seccomp.policy
@@ -15,7 +15,7 @@
 arm64
 @returnValue
-KILL_PROCESS
+TRAP
 @headFiles
 "time.h"
@@ -144,9 +144,9 @@ ptrace
 membarrier
 @allowListWithArgs
-getrusage:if arg0 == RUSAGE_SELF || arg0 == RUSAGE_THREAD; return ALLOW; else return KILL_PROCESS;
+getrusage:if arg0 == RUSAGE_SELF || arg0 == RUSAGE_THREAD; return ALLOW; else return TRAP;
-clock_getres:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return KILL_PROCESS;
+clock_getres:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return TRAP;
-clock_gettime:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return KILL_PROCESS;
+clock_gettime:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return TRAP;
-clock_nanosleep:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return KILL_PROCESS;
+clock_nanosleep:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return TRAP;
-socketpair:if arg0 == AF_UNIX; return ALLOW; else return KILL_PROCESS;
+socketpair:if arg0 == AF_UNIX; return ALLOW; else return TRAP;
-getsockopt:if arg1 == SOL_SOCKET || arg2 == SO_PEEK_OFF; return ALLOW; else return KILL_PROCESS;
+getsockopt:if arg1 == SOL_SOCKET || arg2 == SO_PEEK_OFF; return ALLOW; else return TRAP;
--- a/services/modules/seccomp/seccomp_policy/spawn_arm.seccomp.policy
+++ b/services/modules/seccomp/seccomp_policy/spawn_arm.seccomp.policy
@@ -15,11 +15,11 @@
 arm
 @returnValue
-KILL_PROCESS
+TRAP
 @mode
 ONLY_CHECK_ARGS
 @allowListWithArgs
-setresuid32: if arg0 >= 1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return KILL_PROCESS;
+setresuid32: if arg0 >= 1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return TRAP;
-setresgid32: if arg0 >= 1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return KILL_PROCESS;
+setresgid32: if arg0 >= 1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return TRAP;
--- a/services/modules/seccomp/seccomp_policy/spawn_arm64.seccomp.policy
+++ b/services/modules/seccomp/seccomp_policy/spawn_arm64.seccomp.policy
@@ -14,11 +14,11 @@
 arm64
 @returnValue
-KILL_PROCESS
+TRAP
 @mode
 ONLY_CHECK_ARGS
 @allowListWithArgs
-setresuid: if arg0 >= 1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return KILL_PROCESS;
+setresuid: if arg0 >= 1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return TRAP;
-setresgid: if arg0 >= 1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return KILL_PROCESS;
+setresgid: if arg0 >= 1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return TRAP;
--- a/services/modules/seccomp/seccomp_policy/system_arm.seccomp.policy
+++ b/services/modules/seccomp/seccomp_policy/system_arm.seccomp.policy
@@ -15,7 +15,7 @@
 arm
 @returnValue
-KILL_PROCESS
+TRAP
 @allowList
 restart_syscall

--- a/services/modules/seccomp/seccomp_policy/system_arm64.seccomp.policy
+++ b/services/modules/seccomp/seccomp_policy/system_arm64.seccomp.policy
@@ -15,7 +15,7 @@
 arm64
 @returnValue
-KILL_PROCESS
+TRAP
 @allowList
 io_setup

--- a/test/unittest/seccomp/seccomp_unittest.cpp
+++ b/test/unittest/seccomp/seccomp_unittest.cpp
@@ -15,8 +15,6 @@
 #include <gtest/gtest.h>
-#include <gtest/gtest.h>
 #include <cstdlib>
 #include <unistd.h>
 #include <sys/wait.h>
@@ -35,7 +33,8 @@
 #include "seccomp_policy.h"
 using SyscallFunc = bool (*)(void);
-constexpr int SLEEP_TIME = 100000; // 100ms
+constexpr int SLEEP_TIME_100MS = 100000; // 100ms
+constexpr int SLEEP_TIME_1S = 1;
 using namespace testing::ext;
 using namespace std;
@@ -47,9 +46,20 @@ public:
    virtual ~SeccompUnitTest() {};
    static void SetUpTestCase() {};
    static void TearDownTestCase() {};
-    void SetUp() {};
+    void SetUp()
+    {
+        /*
+         * Wait for 1 second to prevent the generated crash file
+         * from being overwritten because the crash interval is too short
+         * and the crash file's name is constructed by time stamp.
+         */
+        sleep(SLEEP_TIME_1S);
+    };
    void TearDown() {};
    void TestBody(void) {};
    static void Handler(int s)
    {
    }
@@ -62,6 +72,7 @@ public:
                std::cout << "PR_SET_NO_NEW_PRIVS set fail " << std::endl;
                exit(EXIT_FAILURE);
            }
            if (!SetSeccompPolicyWithName(filterName)) {
                std::cout << "SetSeccompPolicy set fail fiterName is " << filterName << std::endl;
                exit(EXIT_FAILURE);
@@ -97,7 +108,7 @@ public:
        /* Sleeping for avoiding influencing child proccess wait for other threads
         * which were created by other unittests to release global rwlock. The global
         * rwlock will be used by function dlopen in child process */
-        usleep(SLEEP_TIME);
+        usleep(SLEEP_TIME_100MS);
        pid = StartChild(filterName, func);
        if (pid == -1) {
@@ -333,7 +344,7 @@ HWTEST_F(SeccompUnitTest, TestSystemSycall, TestSize.Level1)
 /**
 * @tc.name: TestSetUidGidFilter
- * @tc.desc: Verify the system seccomp policy.
+ * @tc.desc: Verify the uid gid seccomp policy.
 * @tc.type: FUNC
 * @tc.require: issueI5IUWJ
 */
@@ -344,8 +355,8 @@ HWTEST_F(SeccompUnitTest, TestSetUidGidFilter, TestSize.Level1)
 }
 /**
- * @tc.name: TestSystemSycall
+ * @tc.name: TestAppSycall
- * @tc.desc: Verify the system seccomp policy.
+ * @tc.desc: Verify the app seccomp policy.
 * @tc.type: FUNC
 * @tc.require: issueI5MUXD
 */