Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Startup Init Lite
提交
13347e5c
S
Startup Init Lite
项目概览
OpenHarmony
/
Startup Init Lite
1 年多 前同步成功
通知
3
Star
37
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
Startup Init Lite
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
13347e5c
编写于
9月 01, 2022
作者:
C
cheng_jinsong
提交者:
Gitee
9月 01, 2022
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'master' of gitee.com:openharmony/startup_init_lite into 0825_master
Signed-off-by:
N
cheng_jinsong
<
chengjinsong2@huawei.com
>
上级
309fb3fd
cbf328b1
变更
56
隐藏空白更改
内联
并排
Showing
56 changed file
with
903 addition
and
143 deletion
+903
-143
device_info/device_info.cpp
device_info/device_info.cpp
+1
-0
interfaces/innerkits/fs_manager/fstab_mount.c
interfaces/innerkits/fs_manager/fstab_mount.c
+2
-2
interfaces/innerkits/seccomp/BUILD.gn
interfaces/innerkits/seccomp/BUILD.gn
+1
-1
services/begetctl/bootchart_cmd.c
services/begetctl/bootchart_cmd.c
+1
-1
services/begetctl/dump_service.c
services/begetctl/dump_service.c
+20
-8
services/begetctl/init_cmd_reboot.c
services/begetctl/init_cmd_reboot.c
+1
-1
services/begetctl/misc_daemon.cpp
services/begetctl/misc_daemon.cpp
+1
-1
services/begetctl/modulectl.c
services/begetctl/modulectl.c
+1
-1
services/begetctl/param_cmd.c
services/begetctl/param_cmd.c
+2
-2
services/begetctl/partitionslot.cpp
services/begetctl/partitionslot.cpp
+1
-1
services/begetctl/sandbox.cpp
services/begetctl/sandbox.cpp
+1
-1
services/begetctl/service_control.c
services/begetctl/service_control.c
+1
-1
services/begetctl/shell/shell.h
services/begetctl/shell/shell.h
+1
-1
services/begetctl/shell/shell_bas.c
services/begetctl/shell/shell_bas.c
+2
-2
services/etc/BUILD.gn
services/etc/BUILD.gn
+6
-0
services/etc/group
services/etc/group
+2
-1
services/etc/init.usb.cfg
services/etc/init.usb.cfg
+6
-1
services/etc/param/ohos.para.dac
services/etc/param/ohos.para.dac
+1
-0
services/etc/passwd
services/etc/passwd
+2
-1
services/init/init_service_manager.c
services/init/init_service_manager.c
+6
-0
services/init/standard/init_control_fd_service.c
services/init/standard/init_control_fd_service.c
+7
-0
services/modules/seccomp/BUILD.gn
services/modules/seccomp/BUILD.gn
+24
-15
services/modules/seccomp/scripts/generate_code_from_policy.py
...ices/modules/seccomp/scripts/generate_code_from_policy.py
+34
-11
services/modules/seccomp/seccomp_filters.h
services/modules/seccomp/seccomp_filters.h
+3
-0
services/modules/seccomp/seccomp_policy.c
services/modules/seccomp/seccomp_policy.c
+10
-5
services/modules/seccomp/seccomp_policy/app_arm.seccomp.policy
...ces/modules/seccomp/seccomp_policy/app_arm.seccomp.policy
+315
-0
services/modules/seccomp/seccomp_policy/app_arm64.seccomp.policy
...s/modules/seccomp/seccomp_policy/app_arm64.seccomp.policy
+272
-0
services/modules/seccomp/seccomp_policy/renderer_arm.seccomp.policy
...odules/seccomp/seccomp_policy/renderer_arm.seccomp.policy
+6
-6
services/modules/seccomp/seccomp_policy/renderer_arm64.seccomp.policy
...ules/seccomp/seccomp_policy/renderer_arm64.seccomp.policy
+6
-6
services/modules/seccomp/seccomp_policy/spawn_arm.seccomp.policy
...s/modules/seccomp/seccomp_policy/spawn_arm.seccomp.policy
+2
-2
services/modules/seccomp/seccomp_policy/spawn_arm64.seccomp.policy
...modules/seccomp/seccomp_policy/spawn_arm64.seccomp.policy
+2
-2
services/param/adapter/param_dac.c
services/param/adapter/param_dac.c
+4
-1
services/param/base/BUILD.gn
services/param/base/BUILD.gn
+4
-1
services/param/base/param_comm.c
services/param/base/param_comm.c
+2
-0
services/param/include/param_trie.h
services/param/include/param_trie.h
+1
-1
services/param/include/param_utils.h
services/param/include/param_utils.h
+1
-5
services/param/linux/param_message.c
services/param/linux/param_message.c
+1
-1
services/param/liteos/param_client.c
services/param/liteos/param_client.c
+1
-0
services/param/liteos/param_litedac.c
services/param/liteos/param_litedac.c
+1
-0
services/param/liteos/param_service.c
services/param/liteos/param_service.c
+0
-1
services/param/manager/param_persist.c
services/param/manager/param_persist.c
+2
-2
services/param/trigger/trigger_manager.c
services/param/trigger/trigger_manager.c
+14
-15
test/moduletest/param_test_cmds.c
test/moduletest/param_test_cmds.c
+2
-2
test/moduletest/syspara.cpp
test/moduletest/syspara.cpp
+1
-1
test/unittest/BUILD.gn
test/unittest/BUILD.gn
+3
-0
test/unittest/init/cmds_unittest.cpp
test/unittest/init/cmds_unittest.cpp
+5
-0
test/unittest/init/loopevent_unittest.cpp
test/unittest/init/loopevent_unittest.cpp
+0
-27
test/unittest/init/mount_unittest.cpp
test/unittest/init/mount_unittest.cpp
+2
-0
test/unittest/init/service_unittest.cpp
test/unittest/init/service_unittest.cpp
+1
-5
test/unittest/param/dac_unittest.cpp
test/unittest/param/dac_unittest.cpp
+2
-2
test/unittest/param/param_stub.cpp
test/unittest/param/param_stub.cpp
+1
-1
test/unittest/param/paramservice_unittest.cpp
test/unittest/param/paramservice_unittest.cpp
+12
-1
test/unittest/param/trigger_unittest.cpp
test/unittest/param/trigger_unittest.cpp
+0
-1
test/unittest/param/watcher_agent_unittest.cpp
test/unittest/param/watcher_agent_unittest.cpp
+4
-0
test/unittest/seccomp/seccomp_unittest.cpp
test/unittest/seccomp/seccomp_unittest.cpp
+68
-2
watchdog/init_watchdog.c
watchdog/init_watchdog.c
+31
-1
未找到文件。
device_info/device_info.cpp
浏览文件 @
13347e5c
...
...
@@ -30,6 +30,7 @@ int AclGetDevUdid(char *udid, int size)
if
(
udid
==
nullptr
||
size
<
UDID_LEN
)
{
return
-
1
;
}
(
void
)
memset_s
(
udid
,
size
,
0
,
size
);
#ifdef PARAM_FEATURE_DEVICEINFO
std
::
string
result
=
{};
OHOS
::
device_info
::
DeviceInfoKits
&
instance
=
OHOS
::
device_info
::
DeviceInfoKits
::
GetInstance
();
...
...
interfaces/innerkits/fs_manager/fstab_mount.c
浏览文件 @
13347e5c
...
...
@@ -167,7 +167,7 @@ static int DoResizeF2fs(const char* device, const unsigned long long size)
int
ret
=
0
;
if
(
size
<=
0
)
{
char
*
cmd
[]
=
{
file
,
"-s"
,
(
char
*
)
device
,
NULL
file
,
(
char
*
)
device
,
NULL
};
int
argc
=
ARRAY_LENGTH
(
cmd
);
char
**
argv
=
(
char
**
)
cmd
;
...
...
@@ -178,7 +178,7 @@ static int DoResizeF2fs(const char* device, const unsigned long long size)
char
sizeStr
[
RESIZE_BUFFER_SIZE
]
=
{
0
};
sprintf_s
(
sizeStr
,
RESIZE_BUFFER_SIZE
,
"%llu"
,
realSize
);
char
*
cmd
[]
=
{
file
,
"-
s"
,
"-
t"
,
sizeStr
,
(
char
*
)
device
,
NULL
file
,
"-t"
,
sizeStr
,
(
char
*
)
device
,
NULL
};
int
argc
=
ARRAY_LENGTH
(
cmd
);
char
**
argv
=
(
char
**
)
cmd
;
...
...
interfaces/innerkits/seccomp/BUILD.gn
浏览文件 @
13347e5c
...
...
@@ -33,9 +33,9 @@ if (defined(build_seccomp) && build_seccomp) {
deps = [
"//base/startup/init/interfaces/innerkits:libbegetutil",
"//base/startup/init/services/modules/seccomp:app_filter",
"//base/startup/init/services/modules/seccomp:appspawn_filter",
"//base/startup/init/services/modules/seccomp:nwebspawn_filter",
"//base/startup/init/services/modules/seccomp:system_filter",
]
license_file = "//base/startup/init/LICENSE"
...
...
services/begetctl/bootchart_cmd.c
浏览文件 @
13347e5c
...
...
@@ -74,6 +74,6 @@ MODULE_CONSTRUCTOR(void)
{
"bootchart"
,
bootchartCmdStop
,
"bootchart stop"
,
"bootchart stop"
,
"bootchart stop"
},
};
for
(
size_t
i
=
0
;
i
<
sizeof
(
infos
)
/
sizeof
(
infos
[
0
]);
i
++
)
{
BShellEnvRegi
t
sterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
BShellEnvRegisterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
}
}
services/begetctl/dump_service.c
浏览文件 @
13347e5c
...
...
@@ -30,14 +30,17 @@ static int main_cmd(BShellHandle shell, int argc, char **argv)
printf
(
"dump service info
\n
"
);
CmdClientInit
(
INIT_CONTROL_FD_SOCKET_PATH
,
ACTION_DUMP
,
argv
[
1
]);
}
else
if
(
argc
==
DUMP_SERVICE_BOOTEVENT_CMD_ARGS
)
{
printf
(
"dump service bootevent info
\n
"
);
if
(
strcmp
(
argv
[
1
],
"bootevent"
)
==
0
)
{
printf
(
"dump service bootevent info
\n
"
);
}
else
if
(
strcmp
(
argv
[
1
],
"parameter_service"
)
==
0
)
{
printf
(
"dump parameter service info
\n
"
);
}
size_t
serviceNameLen
=
strlen
(
argv
[
1
])
+
strlen
(
argv
[
2
])
+
2
;
// 2 is \0 and #
char
*
serviceBootevent
=
(
char
*
)
calloc
(
1
,
serviceNameLen
);
BEGET_ERROR_CHECK
(
serviceBootevent
!=
NULL
,
return
0
,
"failed to allocate bootevent memory"
);
BEGET_ERROR_CHECK
(
sprintf_s
(
serviceBootevent
,
serviceNameLen
,
"%s#%s"
,
argv
[
1
],
argv
[
2
])
>=
0
,
free
(
serviceBootevent
);
return
0
,
"dumpservice arg create failed"
);
CmdClientInit
(
INIT_CONTROL_FD_SOCKET_PATH
,
ACTION_DUMP
,
serviceBootevent
);
free
(
serviceBootevent
);
char
*
cmd
=
(
char
*
)
calloc
(
1
,
serviceNameLen
);
BEGET_ERROR_CHECK
(
sprintf_s
(
cmd
,
serviceNameLen
,
"%s#%s"
,
argv
[
1
],
argv
[
2
])
>=
0
,
free
(
cmd
);
return
0
,
"dump service arg create failed"
);
CmdClientInit
(
INIT_CONTROL_FD_SOCKET_PATH
,
ACTION_DUMP
,
cmd
);
free
(
cmd
);
}
else
{
BShellCmdHelp
(
shell
,
argc
,
argv
);
}
...
...
@@ -49,17 +52,26 @@ static int ClearBootEvent(BShellHandle shell, int argc, char **argv)
return
SystemSetParameter
(
"ohos.servicectrl.clear"
,
"bootevent"
);
}
static
int
SaveBootEvent
(
BShellHandle
shell
,
int
argc
,
char
**
argv
)
{
return
SystemSetParameter
(
"ohos.servicectrl.save"
,
"bootevent"
);
}
MODULE_CONSTRUCTOR
(
void
)
{
const
CmdInfo
infos
[]
=
{
{
"dump_service"
,
main_cmd
,
"dump one service info by serviceName"
,
"dump_service serviceName"
,
NULL
},
{
"dump_service"
,
main_cmd
,
"dump one service bootevent"
,
"dump_service serviceName bootevent"
,
NULL
},
{
"dump_service"
,
main_cmd
,
"dump all services info"
,
"dump_service all"
,
NULL
},
{
"dump_service"
,
main_cmd
,
"dump parameter-service trigger"
,
"dump_service parameter_service trigger"
,
"dump_service parameter_service trigger"
},
{
"dump_service"
,
main_cmd
,
"dump all services bootevent"
,
"dump_service all bootevent"
,
NULL
},
{
"service"
,
ClearBootEvent
,
"Clear all services bootevent"
,
"service clear bootevent"
,
"service clear bootevent"
},
{
"service"
,
SaveBootEvent
,
"Save all services bootevent"
,
"service save bootevent"
,
"service save bootevent"
},
};
for
(
size_t
i
=
0
;
i
<
sizeof
(
infos
)
/
sizeof
(
infos
[
0
]);
i
++
)
{
BShellEnvRegi
t
sterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
BShellEnvRegisterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
}
}
services/begetctl/init_cmd_reboot.c
浏览文件 @
13347e5c
...
...
@@ -77,6 +77,6 @@ MODULE_CONSTRUCTOR(void)
#endif
};
for
(
size_t
i
=
sizeof
(
infos
)
/
sizeof
(
infos
[
0
]);
i
>
0
;
i
--
)
{
BShellEnvRegi
t
sterCmd
(
GetShellHandle
(),
&
infos
[
i
-
1
]);
BShellEnvRegisterCmd
(
GetShellHandle
(),
&
infos
[
i
-
1
]);
}
}
services/begetctl/misc_daemon.cpp
浏览文件 @
13347e5c
...
...
@@ -224,6 +224,6 @@ MODULE_CONSTRUCTOR(void)
}
};
for
(
size_t
i
=
0
;
i
<
sizeof
(
infos
)
/
sizeof
(
infos
[
0
]);
i
++
)
{
BShellEnvRegi
t
sterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
BShellEnvRegisterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
}
}
services/begetctl/modulectl.c
浏览文件 @
13347e5c
...
...
@@ -59,6 +59,6 @@ MODULE_CONSTRUCTOR(void)
"modulectl uninstall moduleName"
,
"modulectl uninstall"
},
};
for
(
size_t
i
=
0
;
i
<
sizeof
(
infos
)
/
sizeof
(
infos
[
0
]);
i
++
)
{
BShellEnvRegi
t
sterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
BShellEnvRegisterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
}
}
services/begetctl/param_cmd.c
浏览文件 @
13347e5c
...
...
@@ -435,7 +435,7 @@ static int32_t BShellParamCmdRegForShell(BShellHandle shell)
{
"pwd"
,
BShellParamCmdPwd
,
"display current parameter"
,
"pwd"
,
NULL
},
};
for
(
size_t
i
=
sizeof
(
infos
)
/
sizeof
(
infos
[
0
]);
i
>
0
;
i
--
)
{
BShellEnvRegi
t
sterCmd
(
shell
,
&
infos
[
i
-
1
]);
BShellEnvRegisterCmd
(
shell
,
&
infos
[
i
-
1
]);
}
return
0
;
}
...
...
@@ -451,7 +451,7 @@ static int32_t BShellParamCmdRegForIndepent(BShellHandle shell)
{
"param"
,
BShellParamCmdShell
,
"shell system parameter"
,
"param shell [name]"
,
"param shell"
},
};
for
(
size_t
i
=
sizeof
(
infos
)
/
sizeof
(
infos
[
0
]);
i
>
0
;
i
--
)
{
BShellEnvRegi
t
sterCmd
(
shell
,
&
infos
[
i
-
1
]);
BShellEnvRegisterCmd
(
shell
,
&
infos
[
i
-
1
]);
}
return
0
;
}
...
...
services/begetctl/partitionslot.cpp
浏览文件 @
13347e5c
...
...
@@ -108,6 +108,6 @@ MODULE_CONSTRUCTOR(void)
}
};
for
(
size_t
i
=
sizeof
(
infos
)
/
sizeof
(
infos
[
0
]);
i
>
0
;
i
--
)
{
BShellEnvRegi
t
sterCmd
(
GetShellHandle
(),
&
infos
[
i
-
1
]);
BShellEnvRegisterCmd
(
GetShellHandle
(),
&
infos
[
i
-
1
]);
}
}
services/begetctl/sandbox.cpp
浏览文件 @
13347e5c
...
...
@@ -201,6 +201,6 @@ MODULE_CONSTRUCTOR(void)
}
};
for
(
size_t
i
=
0
;
i
<
ARRAY_LENGTH
(
infos
);
i
++
)
{
BShellEnvRegi
t
sterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
BShellEnvRegisterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
}
}
services/begetctl/service_control.c
浏览文件 @
13347e5c
...
...
@@ -76,6 +76,6 @@ MODULE_CONSTRUCTOR(void)
{
"timer_stop"
,
main_cmd
,
"stop service timer"
,
"timer_stop servicename"
,
""
},
};
for
(
size_t
i
=
0
;
i
<
sizeof
(
infos
)
/
sizeof
(
infos
[
0
]);
i
++
)
{
BShellEnvRegi
t
sterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
BShellEnvRegisterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
}
}
services/begetctl/shell/shell.h
浏览文件 @
13347e5c
...
...
@@ -93,7 +93,7 @@ int BShellEnvInit(BShellHandle *handle, const BShellInfo *info);
int
BShellEnvStart
(
BShellHandle
handle
);
void
BShellEnvDestory
(
BShellHandle
handle
);
int
BShellEnvRegi
t
sterCmd
(
BShellHandle
handle
,
const
CmdInfo
*
cmdInfo
);
int
BShellEnvRegisterCmd
(
BShellHandle
handle
,
const
CmdInfo
*
cmdInfo
);
int
BShellEnvSetParam
(
BShellHandle
handle
,
const
char
*
name
,
const
char
*
desc
,
BShellParamType
type
,
void
*
value
);
const
BShellParam
*
BShellEnvGetParam
(
BShellHandle
handle
,
const
char
*
name
);
int
BShellEnvRegisterKeyHandle
(
BShellHandle
handle
,
uint8_t
code
,
BShellkeyHandle
keyHandle
);
...
...
services/begetctl/shell/shell_bas.c
浏览文件 @
13347e5c
...
...
@@ -436,7 +436,7 @@ int BShellEnvStart(BShellHandle handle)
{
"help"
,
BShellCmdHelp
,
"help command"
,
"help"
}
};
for
(
size_t
i
=
0
;
i
<
sizeof
(
infos
)
/
sizeof
(
infos
[
0
]);
i
++
)
{
BShellEnvRegi
t
sterCmd
(
handle
,
&
infos
[
i
]);
BShellEnvRegisterCmd
(
handle
,
&
infos
[
i
]);
}
return
0
;
}
...
...
@@ -500,7 +500,7 @@ void BShellEnvDestory(BShellHandle handle)
free
(
shell
);
}
int32_t
BShellEnvRegi
t
sterCmd
(
BShellHandle
handle
,
const
CmdInfo
*
cmdInfo
)
int32_t
BShellEnvRegisterCmd
(
BShellHandle
handle
,
const
CmdInfo
*
cmdInfo
)
{
BSH_CHECK
(
handle
!=
NULL
,
return
BSH_INVALID_PARAM
,
"Invalid shell env"
);
BSH_CHECK
(
cmdInfo
!=
NULL
&&
cmdInfo
->
name
!=
NULL
,
return
BSH_INVALID_PARAM
,
"Invalid cmd name"
);
...
...
services/etc/BUILD.gn
浏览文件 @
13347e5c
...
...
@@ -170,6 +170,11 @@ if (defined(ohos_lite)) {
part_name = "init"
}
ohos_prebuilt_etc("features.json") {
source = "${preloader_output_dir}/features.json"
part_name = "init"
}
ohos_prebuilt_etc("system-sandbox.json") {
if (target_cpu == "arm64") {
source = "//base/startup/init/interfaces/innerkits/sandbox/system-sandbox64.json"
...
...
@@ -203,6 +208,7 @@ if (defined(ohos_lite)) {
":charge.group",
":chipset-sandbox.json",
":console.cfg",
":features.json",
":group",
":init.cfg",
":init.reboot",
...
...
services/etc/group
浏览文件 @
13347e5c
...
...
@@ -90,6 +90,7 @@ thermal:x:6669:
sensor:x:6688:
input:x:6696:
msdp:x:6699:
av_session:x:6700:
misc:x:9998:
app:x:10000:
useriam:x:1088:
...
...
@@ -112,5 +113,5 @@ motion_host:x:3065:
uhdf_driver:x:3066:
memmgr:x:1111:
ispserver:x:3821:
appspawn:x:4000:
dfs_share:x:3822:
appspawn:x:4000:
services/etc/init.usb.cfg
浏览文件 @
13347e5c
...
...
@@ -29,11 +29,16 @@
"gid" : "system"
}],
"permission" : [
"ohos.permission.CHANGE_ABILITY_ENABLED_STATE",
"ohos.permission.DUMP",
"ohos.permission.GET_BUNDLE_INFO_PRIVILEGED",
"ohos.permission.INSTALL_BUNDLE",
"ohos.permission.LISTEN_BUNDLE_CHANGE",
"ohos.permission.REMOVE_CACHE_FILES"
"ohos.permission.REMOVE_CACHE_FILES",
"ohos.permission.ACCELEROMETER",
"ohos.permission.CLEAN_BACKGROUND_PROCESSES",
"ohos.permission.START_ABILITIES_FROM_BACKGROUND",
"ohos.permission.PERMISSION_USED_STATS"
],
"permission_acls" : ["ohos.permission.DUMP"],
"sandbox" : 0,
...
...
services/etc/param/ohos.para.dac
浏览文件 @
13347e5c
...
...
@@ -23,6 +23,7 @@ persist.sys.usb.config = root:root:0777
ohos.servicectrl. = system:servicectrl:0775
ohos.startup.powerctrl. = system:powerctrl:0775
ohos.boot. = system:bootctrl:0775
ohos.dev. = ueventd:ueventd:0775
#permission for system
persist.window.boot. = root:system:0775
...
...
services/etc/passwd
浏览文件 @
13347e5c
...
...
@@ -88,6 +88,7 @@ thermal:x:6669:6669:::/bin/false
sensor:x:6688:6688:::/bin/false
input:x:6696:6696:::/bin/false
msdp:x:6699:6699:::/bin/false
av_session:x:6700:6700:::/bin/false
misc:x:9998:9998:::/bin/false
app:x:10000:10000:::/bin/false
useriam:x:1088:1088:::/bin/false
...
...
@@ -109,4 +110,4 @@ accessibility:x:1103:1103:::/bin/false
motion_host:x:3065:3065:::/bin/false
memmgr:x:1111:1111:::/bin/false
ispserver:x:3821:3821:::/bin/false
dfs_share:x:3822:3822:::/bin/false
\ No newline at end of file
dfs_share:x:3822:3822:::/bin/false
services/init/init_service_manager.c
浏览文件 @
13347e5c
...
...
@@ -149,6 +149,12 @@ void ReleaseService(Service *service)
FreeServiceSocket
(
service
->
socketCfg
);
FreeServiceFile
(
service
->
fileCfg
);
for
(
size_t
i
=
0
;
i
<
JOB_ON_MAX
;
i
++
)
{
if
(
service
->
serviceJobs
.
jobsName
[
i
]
!=
NULL
)
{
free
(
service
->
serviceJobs
.
jobsName
[
i
]);
}
service
->
serviceJobs
.
jobsName
[
i
]
=
NULL
;
}
#ifndef OHOS_LITE
// clear ext data
SERVICE_INFO_CTX
ctx
=
{
0
};
...
...
services/init/standard/init_control_fd_service.c
浏览文件 @
13347e5c
...
...
@@ -25,6 +25,7 @@
#include "init_utils.h"
#include "init_log.h"
#include "init_group_manager.h"
#include "init_param.h"
#include "hookmgr.h"
#include "bootstage.h"
...
...
@@ -187,6 +188,12 @@ static void ProcessDumpServiceControlFd(uint16_t type, const char *serviceCmd)
}
return
;
}
if
(
strcmp
(
serviceCmd
,
"parameter_service"
)
==
0
)
{
if
(
cmd
!=
NULL
&&
strcmp
(
cmd
,
"trigger"
)
==
0
)
{
SystemDumpTriggers
(
0
);
}
return
;
}
Service
*
service
=
GetServiceByName
(
serviceCmd
);
if
(
service
!=
NULL
)
{
if
(
cmd
!=
NULL
)
{
...
...
services/modules/seccomp/BUILD.gn
浏览文件 @
13347e5c
...
...
@@ -107,11 +107,7 @@ ohos_prebuilt_seccomp("appspawn_filter") {
subsystem_name = "startup"
install_enable = true
install_images = [
"system",
"ramdisk",
"updater",
]
install_images = [ "system" ]
}
ohos_prebuilt_seccomp("nwebspawn_filter") {
...
...
@@ -127,11 +123,28 @@ ohos_prebuilt_seccomp("nwebspawn_filter") {
subsystem_name = "startup"
install_enable = true
install_images = [
"system",
"ramdisk",
"updater",
]
install_images = [ "system" ]
}
ohos_prebuilt_seccomp("app_filter") {
sources = []
if (target_cpu == "arm") {
sources += [ "seccomp_policy/app_arm.seccomp.policy" ]
} else if (target_cpu == "arm64") {
sources += [
# 64-bit machine also need check use 32-bit syscall
"seccomp_policy/app_arm.seccomp.policy",
"seccomp_policy/app_arm64.seccomp.policy",
]
}
filtername = "g_appSeccompFilter"
include_dirs = [ "." ]
part_name = INIT_PART
subsystem_name = "startup"
install_enable = true
install_images = [ "system" ]
}
ohos_shared_library("seccomp_module") {
...
...
@@ -145,16 +158,12 @@ ohos_shared_library("seccomp_module") {
]
deps = [
":appspawn_filter",
":nwebspawn_filter",
":system_filter",
"//base/startup/init/interfaces/innerkits
:libbegetutil
",
"//base/startup/init/interfaces/innerkits
/init_module_engine:libinit_module_engine
",
]
cflags = [ "-DSECCOMP_PLUGIN" ]
external_deps = [ "init:libinit_module_engine" ]
part_name = "init"
if (target_cpu == "arm64") {
module_install_dir = "lib64/init"
...
...
services/modules/seccomp/scripts/generate_code_from_policy.py
浏览文件 @
13347e5c
...
...
@@ -40,7 +40,8 @@ operation = ['<', '<=', '!=', '==', '>', '>=', '&']
ret_str_to_bpf
=
{
'KILL_PROCESS'
:
'SECCOMP_RET_KILL_PROCESS'
,
'KILL_THREAD'
:
'SECCOMP_RET_KILL_THREAD'
,
'LOG'
:
'SECCOMP_RET_LOG'
'LOG'
:
'SECCOMP_RET_LOG'
,
'ALLOW'
:
'SECCOMP_RET_ALLOW'
}
mode_str
=
{
...
...
@@ -201,6 +202,7 @@ class GenBpfPolicy:
self
.
function_name_nr_table
=
{}
self
.
gen_mode
=
0
self
.
flag
=
True
self
.
return_value
=
''
self
.
operate_func_table
=
{
'<'
:
self
.
gen_bpf_lt
,
'<='
:
self
.
gen_bpf_le
,
...
...
@@ -232,6 +234,13 @@ class GenBpfPolicy:
def
set_gen_mode
(
self
,
mode
):
self
.
gen_mode
=
mode_str
.
get
(
mode
)
def
set_return_value
(
self
,
return_value
):
if
return_value
not
in
ret_str_to_bpf
:
self
.
set_gen_mode
(
False
)
return
self
.
return_value
=
return_value
@
staticmethod
def
gen_bpf_eq32
(
const_str
,
jt
,
jf
):
bpf_policy
=
[]
...
...
@@ -306,9 +315,9 @@ class GenBpfPolicy:
low
=
number
&
0xffffffff
if
digit_flag
and
hight
==
0
:
bpf_policy
.
append
(
BPF_JG
E
.
format
(
'((unsigned long)'
+
const_str
+
') >> 32'
,
jt
+
2
,
0
))
bpf_policy
.
append
(
BPF_JG
T
.
format
(
'((unsigned long)'
+
const_str
+
') >> 32'
,
jt
+
2
,
0
))
else
:
bpf_policy
.
append
(
BPF_JG
E
.
format
(
'((unsigned long)'
+
const_str
+
') >> 32'
,
jt
+
3
,
0
))
bpf_policy
.
append
(
BPF_JG
T
.
format
(
'((unsigned long)'
+
const_str
+
') >> 32'
,
jt
+
3
,
0
))
bpf_policy
.
append
(
BPF_JEQ
.
format
(
'((unsigned long)'
+
const_str
+
') >> 32'
,
0
,
jf
+
2
))
bpf_policy
.
append
(
BPF_LOAD_MEM
.
format
(
0
))
bpf_policy
.
append
(
BPF_JGE
.
format
(
const_str
+
' & 0xffffffff'
,
jt
,
jf
))
...
...
@@ -526,38 +535,52 @@ class GenBpfPolicy:
bpf_policy
=
[]
for
atom
in
reversed
(
atoms
):
bpf_policy
=
self
.
compile_atom
(
atom
,
len
(
bpf_policy
))
+
bpf_policy
bpf_policy
.
append
(
BPF_RET_VALUE
.
format
(
'SECCOMP_RET_ALLOW'
))
return
bpf_policy
def
parse_sub_group
(
self
,
group
):
bpf_policy
=
[]
and_cond_groups
=
group
.
split
(
'||'
)
group_info
=
group
.
split
(
';'
)
operation_part
=
group_info
[
0
]
return_part
=
group_info
[
1
]
if
not
return_part
.
startswith
(
'return'
):
self
.
set_gen_flag
(
False
)
return
bpf_policy
self
.
set_return_value
(
return_part
[
len
(
'return'
):])
and_cond_groups
=
operation_part
.
split
(
'||'
)
for
and_condition_group
in
and_cond_groups
:
bpf_policy
+=
self
.
parse_args_with_condition
(
and_condition_group
)
return
bpf_policy
def
parse_else_part
(
self
,
else_part
):
return_value
=
else_part
.
split
(
';'
)[
0
][
else_part
.
find
(
'return'
)
+
len
(
'return'
):]
self
.
set_return_value
(
return_value
)
def
parse_args
(
self
,
function_name
,
line
,
skip
):
bpf_policy
=
[]
group
=
line
.
split
(
'elif'
)
group_info
=
line
.
split
(
'else'
)
else_part
=
group_info
[
-
1
]
group
=
group_info
[
0
].
split
(
'elif'
)
for
sub_group
in
group
:
bpf_policy
+=
self
.
parse_sub_group
(
sub_group
)
bpf_policy
.
append
(
BPF_RET_VALUE
.
format
(
ret_str_to_bpf
.
get
(
self
.
return_value
)))
self
.
parse_else_part
(
else_part
)
bpf_policy
.
append
(
BPF_RET_VALUE
.
format
(
ret_str_to_bpf
.
get
(
self
.
return_value
)))
syscall_nr
=
self
.
function_name_nr_table
.
get
(
function_name
)
#load syscall nr
bpf_policy
=
self
.
gen_bpf_valid_syscall_nr
(
syscall_nr
,
len
(
bpf_policy
)
-
skip
)
+
bpf_policy
return
bpf_policy
def
gen_bpf_policy_with_args
(
self
,
allow_list_with_args
,
mode
):
def
gen_bpf_policy_with_args
(
self
,
allow_list_with_args
,
mode
,
return_value
):
self
.
set_gen_mode
(
mode
)
skip
=
0
for
line
in
allow_list_with_args
:
if
self
.
gen_mode
==
1
and
line
==
list
(
allow_list_with_args
)[
-
1
]:
skip
=
1
skip
=
2
line
=
line
.
replace
(
' '
,
''
)
pos
=
line
.
find
(
':'
)
function_name
=
line
[:
pos
]
left_line
=
line
[
pos
+
1
:]
left_line
=
line
[
pos
+
1
:]
if
not
left_line
.
startswith
(
'if'
):
continue
...
...
@@ -674,7 +697,7 @@ class SeccompPolicyParser:
self
.
bpf_generator
.
gen_bpf_policy
(
syscall_nr_priority
)
self
.
bpf_generator
.
gen_bpf_policy
(
syscall_nr_allow_list
)
self
.
bpf_generator
.
gen_bpf_policy_with_args
(
self
.
cur_policy_param
.
final_allow_list_with_args
,
\
self
.
cur_policy_param
.
mode
)
self
.
cur_policy_param
.
mode
,
self
.
cur_policy_param
.
return_value
)
self
.
bpf_generator
.
add_return_value
(
self
.
cur_policy_param
.
return_value
)
...
...
services/modules/seccomp/seccomp_filters.h
浏览文件 @
13347e5c
...
...
@@ -34,6 +34,9 @@ extern const size_t g_systemSeccompFilterSize;
extern
const
struct
sock_filter
g_nwebspawnSeccompFilter
[];
extern
const
size_t
g_nwebspawnSeccompFilterSize
;
extern
const
struct
sock_filter
g_appSeccompFilter
[];
extern
const
size_t
g_appSeccompFilterSize
;
#ifdef __cplusplus
#if __cplusplus
}
...
...
services/modules/seccomp/seccomp_policy.c
浏览文件 @
13347e5c
...
...
@@ -69,31 +69,36 @@ static bool InstallSeccompPolicy(const struct sock_filter* filter, size_t filter
return
true
;
}
#ifndef SECCOMP_PLUGIN
bool
SetSeccompPolicy
(
PolicyType
policy
)
{
bool
ret
=
false
;
switch
(
policy
)
{
case
SYSTEM
:
ret
=
InstallSeccompPolicy
(
g_systemSeccompFilter
,
g_systemSeccompFilterSize
,
SECCOMP_FILTER_FLAG_LOG
);
break
;
case
APPSPAWN
:
ret
=
InstallSeccompPolicy
(
g_appspawnSeccompFilter
,
g_appspawnSeccompFilterSize
,
SECCOMP_FILTER_FLAG_LOG
);
break
;
case
NWEBSPAWN
:
ret
=
InstallSeccompPolicy
(
g_nwebspawnSeccompFilter
,
g_nwebspawnSeccompFilterSize
,
SECCOMP_FILTER_FLAG_LOG
);
break
;
case
APP
:
ret
=
InstallSeccompPolicy
(
g_appSeccompFilter
,
g_appSeccompFilterSize
,
SECCOMP_FILTER_FLAG_LOG
);
break
;
default:
ret
=
false
;
}
return
ret
;
}
#else
static
bool
SetSystemSeccompPolicy
(
void
)
{
return
InstallSeccompPolicy
(
g_systemSeccompFilter
,
g_systemSeccompFilterSize
,
SECCOMP_FILTER_FLAG_LOG
);
}
#ifdef SECCOMP_PLUGIN
static
int
DoSetSeccompPolicyStart
(
void
)
{
bool
ret
=
false
;
ret
=
SetS
eccompPolicy
(
SYSTEM
);
ret
=
SetS
ystemSeccompPolicy
(
);
PLUGIN_CHECK
(
ret
==
true
,
return
-
1
,
"SetSeccompPolicy failed"
);
return
0
;
...
...
services/modules/seccomp/seccomp_policy/app_arm.seccomp.policy
0 → 100644
浏览文件 @
13347e5c
# Copyright (c) 2022 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
@arch
arm
@returnValue
KILL_PROCESS
@headFiles
"seccomp_filters.h"
@priority
ioctl
futex
@allowList
restart_syscall
exit
fork
read
write
open
close
creat
unlink
execve
chdir
chmod
lseek
getpid
getuid
ptrace
access
sync
kill
rename
mkdir
dup
pipe
times
brk
ioctl
fcntl
setpgid
umask
dup2
getppid
setsid
sigaction
setrlimit
getrusage
gettimeofday
readlink
munmap
truncate
fchmod
getpriority
setpriority
setitimer
getitimer
stat
wait4
sysinfo
fsync
sigreturn
clone
uname
mprotect
quotactl
getpgid
fchdir
personality
_llseek
getdents
_newselect
flock
msync
readv
writev
getsid
fdatasync
mlock
munlock
mlockall
munlockall
sched_setparam
sched_getparam
sched_setscheduler
sched_getscheduler
sched_yield
sched_get_priority_max
sched_get_priority_min
sched_rr_get_interval
nanosleep
mremap
poll
prctl
rt_sigreturn
rt_sigaction
rt_sigprocmask
rt_sigpending
rt_sigtimedwait
rt_sigqueueinfo
rt_sigsuspend
pread64
pwrite64
getcwd
capget
capset
sigaltstack
sendfile
vfork
ugetrlimit
mmap2
truncate64
ftruncate64
stat64
lstat64
fstat64
getuid32
getgid32
geteuid32
getegid32
getgroups32
setgroups32
fchown32
setresuid32
getresuid32
setresgid32
getresgid32
getdents64
mincore
madvise
fcntl64
gettid
readahead
setxattr
lsetxattr
fsetxattr
getxattr
lgetxattr
fgetxattr
listxattr
llistxattr
flistxattr
removexattr
lremovexattr
fremovexattr
tkill
sendfile64
futex
sched_setaffinity
sched_getaffinity
io_setup
io_destroy
io_getevents
io_submit
io_cancel
exit_group
epoll_create
epoll_ctl
epoll_wait
remap_file_pages
set_tid_address
timer_create
timer_settime
timer_gettime
timer_getoverrun
timer_delete
clock_gettime
clock_getres
clock_nanosleep
statfs64
fstatfs64
tgkill
fadvise64_64
waitid
socket
bind
connect
listen
accept
getsockname
getpeername
socketpair
sendto
recvfrom
shutdown
setsockopt
getsockopt
sendmsg
recvmsg
inotify_init
inotify_add_watch
inotify_rm_watch
openat
mkdirat
mknodat
fchownat
fstatat64
unlinkat
renameat
linkat
symlinkat
readlinkat
fchmodat
faccessat
pselect6
ppoll
unshare
splice
sync_file_range2
tee
vmsplice
getcpu
epoll_pwait
utimensat
timerfd_create
eventfd
fallocate
timerfd_settime
timerfd_gettime
signalfd4
eventfd2
epoll_create1
dup3
pipe2
inotify_init1
preadv
pwritev
rt_tgsigqueueinfo
perf_event_open
recvmmsg
accept4
prlimit64
syncfs
sendmmsg
setns
process_vm_readv
process_vm_writev
finit_module
sched_setattr
sched_getattr
renameat2
seccomp
getrandom
memfd_create
bpf
execveat
userfaultfd
membarrier
mlock2
copy_file_range
preadv2
pwritev2
statx
clock_gettime64
clock_settime64
clock_adjtime64
clock_getres_time64
clock_nanosleep_time64
timer_gettime64
timer_settime64
timerfd_gettime64
timerfd_settime64
utimensat_time64
pselect6_time64
ppoll_time64
recvmmsg_time64
semtimedop_time64
rt_sigtimedwait_time64
futex_time64
sched_rr_get_interval_time64
pidfd_send_signal
pidfd_open
close_range
pidfd_getfd
process_madvise
cacheflush
set_tls
@blockList
mount
acct
umount2
chroot
sethostname
settimeofday
swapon
reboot
syslog
swapoff
setdomainname
adjtimex
init_module
delete_module
setfsuid
setfsgid
setreuid32
setregid32
setuid32
setgid32
clock_settime
clock_adjtime
\ No newline at end of file
services/modules/seccomp/seccomp_policy/app_arm64.seccomp.policy
0 → 100644
浏览文件 @
13347e5c
# Copyright (c) 2022 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
@arch
arm64
@returnValue
KILL_PROCESS
@headFiles
"seccomp_filters.h"
@priority
ioctl
futex
@allowList
io_setup
io_destroy
io_submit
io_cancel
io_getevents
setxattr
lsetxattr
fsetxattr
getxattr
lgetxattr
fgetxattr
listxattr
llistxattr
flistxattr
removexattr
lremovexattr
fremovexattr
getcwd
eventfd2
epoll_create1
epoll_ctl
epoll_pwait
dup
dup3
fcntl
inotify_init1
inotify_add_watch
inotify_rm_watch
ioctl
ioprio_set
ioprio_get
flock
mknodat
mkdirat
unlinkat
symlinkat
linkat
renameat
pivot_root
statfs
fstatfs
truncate
ftruncate
fallocate
faccessat
chdir
fchdir
fchmod
fchmodat
fchownat
fchown
openat
close
pipe2
quotactl
getdents64
lseek
read
write
readv
writev
pread64
pwrite64
preadv
pwritev
sendfile
pselect6
ppoll
signalfd4
vmsplice
splice
tee
readlinkat
newfstatat
fstat
sync
fsync
fdatasync
sync_file_range
timerfd_create
timerfd_settime
timerfd_gettime
utimensat
capget
capset
personality
exit
exit_group
waitid
set_tid_address
unshare
futex
nanosleep
getitimer
setitimer
timer_create
timer_gettime
timer_getoverrun
timer_settime
timer_delete
clock_gettime
clock_getres
clock_nanosleep
ptrace
sched_setparam
sched_setscheduler
sched_getscheduler
sched_getparam
sched_setaffinity
sched_getaffinity
sched_yield
sched_get_priority_max
sched_get_priority_min
sched_rr_get_interval
restart_syscall
kill
tkill
tgkill
sigaltstack
rt_sigsuspend
rt_sigaction
rt_sigprocmask
rt_sigpending
rt_sigtimedwait
rt_sigqueueinfo
rt_sigreturn
setpriority
getpriority
setresuid
getresuid
setresgid
getresgid
times
setpgid
getpgid
getsid
setsid
getgroups
setgroups
uname
getrlimit
setrlimit
getrusage
umask
prctl
getcpu
gettimeofday
getpid
getppid
getuid
geteuid
getgid
getegid
gettid
sysinfo
socket
socketpair
bind
listen
accept
connect
getsockname
getpeername
sendto
recvfrom
setsockopt
getsockopt
shutdown
sendmsg
recvmsg
readahead
brk
munmap
mremap
clone
execve
mmap
fadvise64
mprotect
msync
mlock
munlock
mlockall
munlockall
mincore
madvise
rt_tgsigqueueinfo
perf_event_open
accept4
recvmmsg
wait4
prlimit64
syncfs
setns
sendmmsg
process_vm_readv
process_vm_writev
finit_module
sched_setattr
sched_getattr
renameat2
seccomp
getrandom
memfd_create
bpf
execveat
userfaultfd
membarrier
mlock2
copy_file_range
preadv2
pwritev2
statx
pidfd_send_signal
pidfd_open
close_range
pidfd_getfd
process_madvise
@blockList
umount2
mount
chroot
acct
init_module
delete_module
clock_settime
syslog
reboot
setregid
setgid
setreuid
setuid
setfsuid
setfsgid
sethostname
setdomainname
settimeofday
adjtimex
swapon
swapoff
clock_adjtime
services/modules/seccomp/seccomp_policy/renderer_arm.seccomp.policy
浏览文件 @
13347e5c
...
...
@@ -164,9 +164,9 @@ set_tls
sched_setscheduler
@allowListWithArgs
getrusage:if arg0 == RUSAGE_SELF || arg0 == RUSAGE_THREAD
clock_getres:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME
clock_gettime:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME
clock_nanosleep:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME
socketpair:if arg0 == AF_UNIX
getsockopt:if arg1 == SOL_SOCKET || arg2 == SO_PEEK_OFF
getrusage:if arg0 == RUSAGE_SELF || arg0 == RUSAGE_THREAD
; return ALLOW; else return KILL_PROCESS;
clock_getres:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME
; return ALLOW; else return KILL_PROCESS;
clock_gettime:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME
; return ALLOW; else return KILL_PROCESS;
clock_nanosleep:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME
; return ALLOW; else return KILL_PROCESS;
socketpair:if arg0 == AF_UNIX
; return ALLOW; else return KILL_PROCESS;
getsockopt:if arg1 == SOL_SOCKET || arg2 == SO_PEEK_OFF
; return ALLOW; else return KILL_PROCESS;
services/modules/seccomp/seccomp_policy/renderer_arm64.seccomp.policy
浏览文件 @
13347e5c
...
...
@@ -134,9 +134,9 @@ prlimit64
sched_setscheduler
@allowListWithArgs
getrusage:if arg0 == RUSAGE_SELF || arg0 == RUSAGE_THREAD
clock_getres:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME
clock_gettime:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME
clock_nanosleep:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME
socketpair:if arg0 == AF_UNIX
getsockopt:if arg1 == SOL_SOCKET || arg2 == SO_PEEK_OFF
getrusage:if arg0 == RUSAGE_SELF || arg0 == RUSAGE_THREAD
; return ALLOW; else return KILL_PROCESS;
clock_getres:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME
; return ALLOW; else return KILL_PROCESS;
clock_gettime:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME
; return ALLOW; else return KILL_PROCESS;
clock_nanosleep:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME
; return ALLOW; else return KILL_PROCESS;
socketpair:if arg0 == AF_UNIX
; return ALLOW; else return KILL_PROCESS;
getsockopt:if arg1 == SOL_SOCKET || arg2 == SO_PEEK_OFF
; return ALLOW; else return KILL_PROCESS;
services/modules/seccomp/seccomp_policy/spawn_arm.seccomp.policy
浏览文件 @
13347e5c
...
...
@@ -24,5 +24,5 @@ ONLY_CHECK_ARGS
"seccomp_filters.h"
@allowListWithArgs
setresuid32: if arg0 >=
0 && arg1 >= 0 && arg2 >= 0
setresgid32: if arg0 >=
0 && arg1 >= 0 && arg2 >= 0
setresuid32: if arg0 >=
1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return KILL_PROCESS;
setresgid32: if arg0 >=
1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return KILL_PROCESS;
services/modules/seccomp/seccomp_policy/spawn_arm64.seccomp.policy
浏览文件 @
13347e5c
...
...
@@ -23,5 +23,5 @@ ONLY_CHECK_ARGS
"seccomp_filters.h"
@allowListWithArgs
setresuid: if arg0 >=
0 && arg1 >= 0 && arg2 >= 0
setresgid: if arg0 >=
0 && arg1 >= 0 && arg2 >= 0
setresuid: if arg0 >=
1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return KILL_PROCESS;
setresgid: if arg0 >=
1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return KILL_PROCESS;
services/param/adapter/param_dac.c
浏览文件 @
13347e5c
...
...
@@ -257,9 +257,12 @@ static int DacCheckParamPermission(const ParamSecurityLabel *srcLabel, const cha
}
if
(
ret
!=
DAC_RESULT_PERMISSION
)
{
PARAM_LOGW
(
"Param '%s' label gid:%d uid:%d mode 0%o"
,
name
,
srcLabel
->
cred
.
gid
,
srcLabel
->
cred
.
uid
,
localMode
);
PARAM_LOGW
(
"Cfg label %
d gid:%d uid:%d mode 0%o "
,
labelIndex
,
node
->
gid
,
node
->
uid
,
node
->
mode
);
PARAM_LOGW
(
"Cfg label %
s gid:%d uid:%d mode 0%o "
,
node
->
data
,
node
->
gid
,
node
->
uid
,
node
->
mode
);
#ifndef STARTUP_INIT_TEST
ret
=
DAC_RESULT_PERMISSION
;
#endif
#ifndef __MUSL__ // for wgr, return permission
ret
=
DAC_RESULT_PERMISSION
;
#endif
}
return
ret
;
...
...
services/param/base/BUILD.gn
浏览文件 @
13347e5c
...
...
@@ -109,7 +109,10 @@ if (defined(ohos_lite)) {
ldflags = [ "-nostdlib" ]
configs -= inherited_configs
configs += [ "//build/config/compiler:compiler" ]
defines += [ "PARAM_BASE" ]
defines += [
"PARAM_BASE",
"__MUSL__",
]
} else {
include_dirs += [ "//third_party/bounds_checking_function/include" ]
sources += [ "//base/startup/init/services/log/init_commlog.c" ]
...
...
services/param/base/param_comm.c
浏览文件 @
13347e5c
...
...
@@ -30,6 +30,7 @@ INIT_LOCAL_API int GenerateKeyHasCode(const char *buff, size_t len)
INIT_LOCAL_API
ParamHandle
GetParamHandle
(
const
WorkSpace
*
workSpace
,
uint32_t
index
,
const
char
*
name
)
{
(
void
)
name
;
PARAM_CHECK
(
workSpace
!=
NULL
&&
workSpace
->
area
!=
NULL
,
return
-
1
,
"Invalid param"
);
uint32_t
hashCode
=
(
uint32_t
)
GenerateKeyHasCode
(
workSpace
->
fileName
,
strlen
(
workSpace
->
fileName
));
uint32_t
handle
=
(
hashCode
%
HASH_BUTT
)
<<
24
;
// 24 left shift
...
...
@@ -168,6 +169,7 @@ INIT_LOCAL_API uint8_t GetParamValueType(const char *name)
static
int
CheckParamValueType
(
const
char
*
name
,
const
char
*
value
,
uint8_t
paramType
)
{
(
void
)
name
;
if
(
paramType
==
PARAM_TYPE_INT
)
{
long
long
int
temp1
=
0
;
if
(
strlen
(
value
)
>
1
&&
value
[
0
]
==
'-'
&&
StringToLL
(
value
,
&
temp1
)
!=
0
)
{
...
...
services/param/include/param_trie.h
浏览文件 @
13347e5c
...
...
@@ -87,7 +87,7 @@ typedef struct {
struct
WorkSpace_
;
typedef
struct
WorkSpace_
{
int
flags
;
unsigned
int
flags
;
HashNode
hashNode
;
ListNode
node
;
uint32_t
(
*
allocTrieNode
)(
struct
WorkSpace_
*
workSpace
,
const
char
*
key
,
uint32_t
keyLen
);
...
...
services/param/include/param_utils.h
浏览文件 @
13347e5c
...
...
@@ -43,6 +43,7 @@ typedef struct cmdLineInfo {
int
(
*
processor
)(
const
char
*
name
,
const
char
*
value
,
int
);
}
cmdLineInfo
;
#define PARAM_BUFFER_MAX (0x01 << 16)
#define FILENAME_LEN_MAX 255
#define MS_UNIT 1000
#ifndef UNUSED
...
...
@@ -127,12 +128,7 @@ INIT_LOCAL_API void ParamWorBaseLog(InitLogLevel logLevel, uint32_t domain, cons
exper
;
\
}
#ifdef INIT_AGENT
#define PARAM_DUMP printf
#else
#define PARAM_DUMP PARAM_LOGI
#endif
#define MAX_LABEL_LEN 256
#define PARAM_BUFFER_SIZE 256
...
...
services/param/linux/param_message.c
浏览文件 @
13347e5c
...
...
@@ -43,7 +43,7 @@ int ConnectServer(int fd, const char *servername)
int
FillParamMsgContent
(
const
ParamMessage
*
request
,
uint32_t
*
start
,
int
type
,
const
char
*
value
,
uint32_t
length
)
{
PARAM_CHECK
(
request
!=
NULL
&&
start
!=
NULL
,
return
-
1
,
"Invalid param"
);
PARAM_CHECK
(
value
!=
NULL
&&
length
>
0
,
return
-
1
,
"Invalid value"
);
PARAM_CHECK
(
value
!=
NULL
&&
length
>
0
&&
length
<
PARAM_BUFFER_MAX
,
return
-
1
,
"Invalid value"
);
uint32_t
bufferSize
=
request
->
msgSize
-
sizeof
(
ParamMessage
);
uint32_t
offset
=
*
start
;
PARAM_CHECK
((
offset
+
sizeof
(
ParamMsgContent
)
+
length
)
<=
bufferSize
,
...
...
services/param/liteos/param_client.c
浏览文件 @
13347e5c
...
...
@@ -117,6 +117,7 @@ int SystemWaitParameter(const char *name, const char *value, int32_t timeout)
int
WatchParamCheck
(
const
char
*
keyprefix
)
{
(
void
)
keyprefix
;
return
PARAM_CODE_NOT_SUPPORT
;
}
...
...
services/param/liteos/param_litedac.c
浏览文件 @
13347e5c
...
...
@@ -34,6 +34,7 @@ static int InitLocalSecurityLabel(ParamSecurityLabel *security, int isInit)
static
int
FreeLocalSecurityLabel
(
ParamSecurityLabel
*
srcLabel
)
{
(
void
)
srcLabel
;
return
0
;
}
...
...
services/param/liteos/param_service.c
浏览文件 @
13347e5c
...
...
@@ -122,7 +122,6 @@ int SystemWriteParam(const char *name, const char *value)
static
void
ParamServiceTask
(
int
*
arg
)
{
char
buffer
[
10
]
=
{
0
};
(
void
)
arg
;
PARAM_LOGI
(
"ParamServiceTask start"
);
while
(
1
)
{
...
...
services/param/manager/param_persist.c
浏览文件 @
13347e5c
...
...
@@ -87,7 +87,7 @@ static int SavePersistParam(const WorkSpace *workSpace, const ParamTrieNode *nod
return
ret
;
}
static
int
BatchSavePersistParam
()
static
int
BatchSavePersistParam
(
void
)
{
PARAM_LOGV
(
"BatchSavePersistParam"
);
if
(
g_persistWorkSpace
.
persistParamOps
.
batchSaveBegin
==
NULL
||
...
...
@@ -122,7 +122,7 @@ static int BatchSavePersistParam()
return
ret
;
}
INIT_LOCAL_API
int
InitPersistParamWorkSpace
()
INIT_LOCAL_API
int
InitPersistParamWorkSpace
(
void
)
{
if
(
PARAM_TEST_FLAG
(
g_persistWorkSpace
.
flags
,
WORKSPACE_FLAGS_INIT
))
{
return
0
;
...
...
services/param/trigger/trigger_manager.c
浏览文件 @
13347e5c
...
...
@@ -474,15 +474,15 @@ int CheckTrigger(TriggerWorkSpace *workSpace, int type,
static
void
DumpJobTrigger_
(
const
TriggerWorkSpace
*
workSpace
,
const
TriggerNode
*
trigger
)
{
const
JobNode
*
node
=
(
const
JobNode
*
)
trigger
;
PARAM_DUMP
(
"trigger 0x%08x
\n
"
,
trigger
->
flags
);
PARAM_DUMP
(
"trigger
name
%s
\n
"
,
node
->
name
);
PARAM_DUMP
(
"trigger condition %s
\n
"
,
node
->
condition
);
PARAM_DUMP
(
"trigger
flags:
0x%08x
\n
"
,
trigger
->
flags
);
PARAM_DUMP
(
"trigger
name:
%s
\n
"
,
node
->
name
);
PARAM_DUMP
(
"trigger condition
:
%s
\n
"
,
node
->
condition
);
const
int
maxCmd
=
1024
;
int
count
=
0
;
CommandNode
*
cmd
=
GetNextCmdNode
(
node
,
NULL
);
while
(
cmd
!=
NULL
&&
count
<
maxCmd
)
{
PARAM_DUMP
(
"
\t
command name
%s
\n
"
,
GetCmdKey
(
cmd
->
cmdKeyIndex
));
PARAM_DUMP
(
"
\t
command args
%s
\n
"
,
cmd
->
content
);
PARAM_DUMP
(
"
command name:
%s
\n
"
,
GetCmdKey
(
cmd
->
cmdKeyIndex
));
PARAM_DUMP
(
"
command args:
%s
\n
"
,
cmd
->
content
);
cmd
=
GetNextCmdNode
(
node
,
cmd
);
count
++
;
}
...
...
@@ -491,19 +491,19 @@ static void DumpJobTrigger_(const TriggerWorkSpace *workSpace, const TriggerNode
static
void
DumpWatchTrigger_
(
const
TriggerWorkSpace
*
workSpace
,
const
TriggerNode
*
trigger
)
{
const
WatchNode
*
node
=
(
const
WatchNode
*
)
trigger
;
PARAM_DUMP
(
"trigger 0x%08x
\n
"
,
trigger
->
flags
);
PARAM_DUMP
(
"trigger condition %s
\n
"
,
trigger
->
condition
);
PARAM_DUMP
(
"trigger
watchId
%d
\n
"
,
node
->
watchId
);
PARAM_DUMP
(
"trigger
flags:
0x%08x
\n
"
,
trigger
->
flags
);
PARAM_DUMP
(
"trigger condition
:
%s
\n
"
,
trigger
->
condition
);
PARAM_DUMP
(
"trigger
watchId:
%d
\n
"
,
node
->
watchId
);
}
static
void
DumpWaitTrigger_
(
const
TriggerWorkSpace
*
workSpace
,
const
TriggerNode
*
trigger
)
{
const
WaitNode
*
node
=
(
const
WaitNode
*
)
trigger
;
PARAM_DUMP
(
"trigger 0x%08x
\n
"
,
trigger
->
flags
);
PARAM_DUMP
(
"trigger
name
%s
\n
"
,
GetTriggerName
(
trigger
));
PARAM_DUMP
(
"trigger condition %s
\n
"
,
trigger
->
condition
);
PARAM_DUMP
(
"trigger
waitId
%d
\n
"
,
node
->
waitId
);
PARAM_DUMP
(
"trigger
timeout
%d
\n
"
,
node
->
timeout
);
PARAM_DUMP
(
"trigger
flags:
0x%08x
\n
"
,
trigger
->
flags
);
PARAM_DUMP
(
"trigger
name:
%s
\n
"
,
GetTriggerName
(
trigger
));
PARAM_DUMP
(
"trigger condition
:
%s
\n
"
,
trigger
->
condition
);
PARAM_DUMP
(
"trigger
waitId:
%d
\n
"
,
node
->
waitId
);
PARAM_DUMP
(
"trigger
timeout:
%d
\n
"
,
node
->
timeout
);
}
static
void
DumpTrigger_
(
const
TriggerWorkSpace
*
workSpace
,
int
type
)
...
...
@@ -522,7 +522,6 @@ void SystemDumpTriggers(int verbose)
{
TriggerWorkSpace
*
workSpace
=
GetTriggerWorkSpace
();
PARAM_CHECK
(
workSpace
!=
NULL
,
return
,
"Invalid workSpace "
);
PARAM_DUMP
(
"Ready to dump all trigger memory
\n
"
);
PARAM_DUMP
(
"workspace queue BOOT info:
\n
"
);
DumpTrigger_
(
workSpace
,
TRIGGER_BOOT
);
PARAM_DUMP
(
"workspace queue parameter info:
\n
"
);
...
...
@@ -540,7 +539,7 @@ void SystemDumpTriggers(int verbose)
for
(
uint32_t
index
=
workSpace
->
executeQueue
.
startIndex
;
index
<
workSpace
->
executeQueue
.
endIndex
;
index
++
)
{
TriggerNode
*
trigger
=
workSpace
->
executeQueue
.
executeQueue
[
index
%
workSpace
->
executeQueue
.
queueCount
];
if
(
trigger
!=
0
)
{
PARAM_DUMP
(
"queue node trigger name: %s
\n
"
,
GetTriggerName
(
trigger
));
PARAM_DUMP
(
"
queue node trigger name: %s
\n
"
,
GetTriggerName
(
trigger
));
}
}
}
...
...
test/moduletest/param_test_cmds.c
浏览文件 @
13347e5c
...
...
@@ -164,7 +164,7 @@ int32_t BShellCmdRegister(BShellHandle shell, int execMode)
{
"init"
,
BShellParamCmdGroupTest
,
"init group test"
,
"init group test [stage]"
,
"init group test"
},
};
for
(
size_t
i
=
0
;
i
<
sizeof
(
infos
)
/
sizeof
(
infos
[
0
]);
i
++
)
{
BShellEnvRegi
t
sterCmd
(
shell
,
&
infos
[
i
]);
BShellEnvRegisterCmd
(
shell
,
&
infos
[
i
]);
}
}
else
{
const
CmdInfo
infos
[]
=
{
...
...
@@ -177,7 +177,7 @@ int32_t BShellCmdRegister(BShellHandle shell, int execMode)
{
"display"
,
BShellParamCmdUdidGet
,
"display udid"
,
"display udid"
,
"display udid"
},
};
for
(
size_t
i
=
0
;
i
<
sizeof
(
infos
)
/
sizeof
(
infos
[
0
]);
i
++
)
{
BShellEnvRegi
t
sterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
BShellEnvRegisterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
}
}
return
0
;
...
...
test/moduletest/syspara.cpp
浏览文件 @
13347e5c
...
...
@@ -93,6 +93,6 @@ MODULE_CONSTRUCTOR(void)
{(
char
*
)
"dump"
,
SysParaApiDumpCmd
,
(
char
*
)
"dump api"
,
(
char
*
)
"dump api"
,
(
char
*
)
"dump api"
},
};
for
(
size_t
i
=
0
;
i
<
sizeof
(
infos
)
/
sizeof
(
infos
[
0
]);
i
++
)
{
BShellEnvRegi
t
sterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
BShellEnvRegisterCmd
(
GetShellHandle
(),
&
infos
[
i
]);
}
}
test/unittest/BUILD.gn
浏览文件 @
13347e5c
...
...
@@ -245,6 +245,9 @@ ohos_unittest("init_unittest") {
if (target_cpu == "arm64") {
defines += [ "SUPPORT_64BIT" ]
}
if (use_musl) {
defines += [ "__MUSL__" ]
}
external_deps = [
"c_utils:utils",
...
...
test/unittest/init/cmds_unittest.cpp
浏览文件 @
13347e5c
...
...
@@ -267,9 +267,14 @@ HWTEST_F(CmdsUnitTest, TestGetCmdLinesFromJson, TestSize.Level1)
free
(
cmdLines
);
cmdLines
=
nullptr
;
}
HWTEST_F
(
CmdsUnitTest
,
TestInitCmdFunc
,
TestSize
.
Level1
)
{
int
ret
=
GetBootModeFromMisc
();
#ifdef __MUSL__
EXPECT_EQ
(
ret
,
0
);
#else
EXPECT_NE
(
ret
,
0
);
#endif
}
}
// namespace init_ut
test/unittest/init/loopevent_unittest.cpp
浏览文件 @
13347e5c
...
...
@@ -83,13 +83,6 @@ static void ProcessWatchEventTest(WatcherHandle taskHandle, int fd, uint32_t *ev
UNUSED
(
context
);
}
static
void
*
RunLoopThread
(
void
*
arg
)
{
UNUSED
(
arg
);
StartParamService
();
return
nullptr
;
}
namespace
init_ut
{
class
LoopEventUnittest
:
public
testing
::
Test
{
public:
...
...
@@ -304,24 +297,4 @@ HWTEST_F(LoopEventUnittest, ProcessWatcherTask, TestSize.Level1)
LoopEventUnittest
loopevtest
=
LoopEventUnittest
();
loopevtest
.
ProcessWatcherTask
();
}
HWTEST_F
(
LoopEventUnittest
,
RunLoopThread
,
TestSize
.
Level1
)
{
InitParamService
();
pthread_t
tid
=
0
;
int
fd
=
eventfd
(
1
,
EFD_NONBLOCK
|
EFD_CLOEXEC
);
struct
epoll_event
event
=
{};
event
.
events
=
EPOLLIN
;
if
(
fd
>=
0
)
{
epoll_ctl
(((
EventEpoll
*
)
LE_GetDefaultLoop
())
->
epollFd
,
EPOLL_CTL_ADD
,
fd
,
&
event
);
}
pthread_create
(
&
tid
,
nullptr
,
RunLoopThread
,
nullptr
);
event
.
events
=
EPOLLOUT
;
epoll_ctl
(((
EventEpoll
*
)
LE_GetDefaultLoop
())
->
epollFd
,
EPOLL_CTL_ADD
,
fd
,
&
event
);
HashMapHandle
taskMap
=
((
EventLoop
*
)
LE_GetDefaultLoop
())
->
taskMap
;
((
EventLoop
*
)
LE_GetDefaultLoop
())
->
taskMap
=
nullptr
;
StopParamService
();
pthread_join
(
tid
,
nullptr
);
InitParamService
();
((
EventLoop
*
)
LE_GetDefaultLoop
())
->
taskMap
=
taskMap
;
}
}
// namespace init_ut
test/unittest/init/mount_unittest.cpp
浏览文件 @
13347e5c
...
...
@@ -38,8 +38,10 @@ HWTEST_F(MountUnitTest, TestMountRequriedPartitions, TestSize.Level0)
Fstab
*
fstab
=
NULL
;
fstab
=
ReadFstabFromFile
(
fstabFiles
,
false
);
if
(
fstab
!=
NULL
)
{
#ifdef __MUSL__
int
ret
=
MountRequriedPartitions
(
fstab
);
EXPECT_EQ
(
ret
,
-
1
);
#endif
ReleaseFstab
(
fstab
);
}
else
{
Fstab
fstab1
;
...
...
test/unittest/init/service_unittest.cpp
浏览文件 @
13347e5c
...
...
@@ -49,10 +49,7 @@ public:
void
SetUp
()
{};
void
TearDown
()
{};
};
HWTEST_F
(
ServiceUnitTest
,
TestDestoryHashMap
,
TestSize
.
Level1
)
{
OH_HashMapDestory
(
GetInitWorkspace
()
->
hashMap
[
0
]);
}
HWTEST_F
(
ServiceUnitTest
,
case01
,
TestSize
.
Level1
)
{
const
char
*
jsonStr
=
"{
\"
services
\"
:{
\"
name
\"
:
\"
test_service
\"
,
\"
path
\"
:[
\"
/data/init_ut/test_service
\"
],"
...
...
@@ -168,7 +165,6 @@ HWTEST_F(ServiceUnitTest, TestServiceReap, TestSize.Level1)
service
->
attribute
|=
SERVICE_ATTR_ONCE
;
ServiceReap
(
service
);
EXPECT_EQ
(
service
->
attribute
,
SERVICE_ATTR_ONCE
);
service
->
attribute
=
SERVICE_ATTR_CRITICAL
;
service
->
crashCount
=
1
;
ServiceReap
(
service
);
...
...
test/unittest/param/dac_unittest.cpp
浏览文件 @
13347e5c
...
...
@@ -124,7 +124,7 @@ HWTEST_F(DacUnitTest, TestDacCheckFilePermission, TestSize.Level0)
DacUnitTest
test
;
test
.
TestDacCheckFilePermission
(
STARTUP_INIT_UT_PATH
"/trigger_test.cfg"
);
}
#ifdef __MUSL__
HWTEST_F
(
DacUnitTest
,
TestDacCheckUserParaPermission
,
TestSize
.
Level0
)
{
// 相同用户
...
...
@@ -247,7 +247,7 @@ HWTEST_F(DacUnitTest, TestDacCheckOtherParaPermission, TestSize.Level0)
ret
=
test
.
TestDacCheckParaPermission
(
"test.permission.watch.aaa"
,
&
dacData
,
DAC_WATCH
);
EXPECT_EQ
(
ret
,
0
);
}
#endif
HWTEST_F
(
DacUnitTest
,
TestClientDacCheckFilePermission
,
TestSize
.
Level0
)
{
DacUnitTest
test
;
...
...
test/unittest/param/param_stub.cpp
浏览文件 @
13347e5c
...
...
@@ -354,7 +354,7 @@ void PrepareCmdLineHasSn()
LoadParamFromCmdLine
();
const
char
*
cmdLineHasntSn
=
"bootgroup=device.charge.group earlycon=uart8250,mmio32,0xfe660000 "
"root=PARTUUID=614e0000-0000 rw rootwait rootfstype=ext4 console=ttyFIQ0 hardware=rk3568 "
"BOOT_IMAGE=/kernel init=/init default_boot_device=fe310000.sdhci bootslots=2 "
"BOOT_IMAGE=/kernel init=/init default_boot_device=fe310000.sdhci bootslots=2
currentslot=1
"
"ohos.required_mount.system="
"/dev/block/platform/fe310000.sdhci/by-name/system@/usr@ext4@ro,barrier=1@wait,required "
"ohos.required_mount.vendor="
...
...
test/unittest/param/paramservice_unittest.cpp
浏览文件 @
13347e5c
...
...
@@ -461,7 +461,7 @@ public:
{
// service forbid
ParamAuditData
auditData
=
{};
auditData
.
name
=
"ohos.servicectrl."
;
auditData
.
name
=
"ohos.servicectrl.
reboot
"
;
auditData
.
dacData
.
gid
=
202
;
// 202 test dac gid
auditData
.
dacData
.
uid
=
202
;
// 202 test dac uid
auditData
.
dacData
.
mode
=
mode
;
...
...
@@ -528,40 +528,51 @@ HWTEST_F(ParamServiceUnitTest, TestServiceCtrl, TestSize.Level0)
{
ParamServiceUnitTest
test
;
int
ret
=
test
.
TestServiceCtrl
(
"server1"
,
0770
);
#ifdef __MUSL__
EXPECT_NE
(
ret
,
0
);
#endif
#ifdef PARAM_SUPPORT_SELINUX
// selinux forbid
ret
=
test
.
TestServiceCtrl
(
"server2"
,
0772
);
EXPECT_NE
(
ret
,
0
);
#endif
ret
=
0
;
}
HWTEST_F
(
ParamServiceUnitTest
,
TestPowerCtrl
,
TestSize
.
Level0
)
{
ParamServiceUnitTest
test
;
int
ret
=
test
.
TestPowerCtrl
(
"reboot,shutdown"
,
0770
);
#ifdef __MUSL__
EXPECT_NE
(
ret
,
0
);
#endif
#ifdef PARAM_SUPPORT_SELINUX
ret
=
test
.
TestPowerCtrl
(
"reboot,shutdown"
,
0772
);
// selinux forbid
EXPECT_NE
(
ret
,
0
);
#endif
ret
=
test
.
TestPowerCtrl
(
"reboot,updater"
,
0770
);
#ifdef __MUSL__
EXPECT_NE
(
ret
,
0
);
#endif
#ifdef PARAM_SUPPORT_SELINUX
ret
=
test
.
TestPowerCtrl
(
"reboot,updater"
,
0772
);
// selinux forbid
EXPECT_NE
(
ret
,
0
);
#endif
ret
=
test
.
TestPowerCtrl
(
"reboot,flash"
,
0770
);
#ifdef __MUSL__
EXPECT_NE
(
ret
,
0
);
#endif
#ifdef PARAM_SUPPORT_SELINUX
ret
=
test
.
TestPowerCtrl
(
"reboot,flash"
,
0772
);
// selinux forbid
EXPECT_NE
(
ret
,
0
);
#endif
ret
=
test
.
TestPowerCtrl
(
"reboot"
,
0770
);
#ifdef __MUSL__
EXPECT_NE
(
ret
,
0
);
#endif
#ifdef PARAM_SUPPORT_SELINUX
ret
=
test
.
TestPowerCtrl
(
"reboot"
,
0772
);
// selinux forbid
...
...
test/unittest/param/trigger_unittest.cpp
浏览文件 @
13347e5c
...
...
@@ -470,7 +470,6 @@ public:
{
RegisterBootStateChange
(
BootStateChange
);
(
void
)
AddCompleteJob
(
"param:ohos.servicectrl.display"
,
"ohos.servicectrl.display=*"
,
"display system"
);
OH_HashMapDestory
(
GetTriggerWorkSpace
()
->
hashMap
);
return
0
;
}
};
...
...
test/unittest/param/watcher_agent_unittest.cpp
浏览文件 @
13347e5c
...
...
@@ -61,7 +61,9 @@ public:
ret
=
SystemWatchParameter
(
"test.permission.watcher.tes^^^^t1*"
,
TestParameterChange
,
nullptr
);
EXPECT_NE
(
ret
,
0
);
ret
=
SystemWatchParameter
(
"test.permission.read.test1*"
,
TestParameterChange
,
nullptr
);
#ifdef __MUSL__
EXPECT_EQ
(
ret
,
DAC_RESULT_FORBIDED
);
#endif
return
0
;
}
...
...
@@ -78,7 +80,9 @@ public:
ret
=
SystemWatchParameter
(
"test.permission.watcher.tes^^^^t1*"
,
nullptr
,
nullptr
);
EXPECT_NE
(
ret
,
0
);
ret
=
SystemWatchParameter
(
"test.permission.read.test1*"
,
nullptr
,
nullptr
);
#ifdef __MUSL__
EXPECT_EQ
(
ret
,
DAC_RESULT_FORBIDED
);
#endif
return
0
;
}
...
...
test/unittest/seccomp/seccomp_unittest.cpp
浏览文件 @
13347e5c
...
...
@@ -61,7 +61,7 @@ public:
std
::
cout
<<
"PR_SET_NO_NEW_PRIVS set fail "
<<
std
::
endl
;
exit
(
EXIT_FAILURE
);
}
if
(
!
SetSeccompPolicy
(
type
))
{
if
(
type
!=
SYSTEM
&&
!
SetSeccompPolicy
(
type
))
{
std
::
cout
<<
"SetSeccompPolicy set fail type is "
<<
type
<<
std
::
endl
;
exit
(
EXIT_FAILURE
);
}
...
...
@@ -187,6 +187,16 @@ public:
return
false
;
}
static
bool
CheckSetuid
()
{
int
uid
=
syscall
(
__NR_setuid
,
1
);
if
(
uid
==
0
)
{
return
true
;
}
return
false
;
}
void
TestSystemSycall
()
{
// system blocklist
...
...
@@ -208,6 +218,17 @@ public:
ret
=
CheckSyscall
(
APPSPAWN
,
CheckSetresuidArgsInRange
,
true
);
EXPECT_EQ
(
ret
,
0
);
}
void
TestAppSycall
()
{
// app blocklist
int
ret
=
CheckSyscall
(
APP
,
CheckSetuid
,
false
);
EXPECT_EQ
(
ret
,
0
);
// app allowlist
ret
=
CheckSyscall
(
APP
,
CheckGetpid
,
true
);
EXPECT_EQ
(
ret
,
0
);
}
#elif defined __arm__
static
bool
CheckGetuid32
()
{
...
...
@@ -227,6 +248,16 @@ public:
return
false
;
}
static
bool
CheckSetuid32
()
{
int
ret
=
syscall
(
__NR_setuid32
,
1
);
if
(
ret
==
0
)
{
return
true
;
}
return
false
;
}
static
bool
CheckSetresuid32ArgsInRange
()
{
int
ret
=
syscall
(
__NR_setresuid32
,
20000
,
20000
,
20000
);
...
...
@@ -268,6 +299,17 @@ public:
ret
=
CheckSyscall
(
APPSPAWN
,
CheckSetresuid32ArgsInRange
,
true
);
EXPECT_EQ
(
ret
,
0
);
}
void
TestAppSycall
()
{
// app blocklist
int
ret
=
CheckSyscall
(
APP
,
CheckSetuid32
,
false
);
EXPECT_EQ
(
ret
,
0
);
// app allowlist
ret
=
CheckSyscall
(
APP
,
CheckGetuid32
,
true
);
EXPECT_EQ
(
ret
,
0
);
}
#endif
};
...
...
@@ -275,11 +317,35 @@ public:
* @tc.name: TestSystemSycall
* @tc.desc: Verify the system seccomp policy.
* @tc.type: FUNC
* @tc.require: I5IUWJ
* @tc.require:
issue
I5IUWJ
*/
HWTEST_F
(
SeccompUnitTest
,
TestSystemSycall
,
TestSize
.
Level1
)
{
SeccompUnitTest
test
;
test
.
TestSystemSycall
();
}
/**
* @tc.name: TestSetUidGidFilter
* @tc.desc: Verify the system seccomp policy.
* @tc.type: FUNC
* @tc.require: issueI5IUWJ
*/
HWTEST_F
(
SeccompUnitTest
,
TestSetUidGidFilter
,
TestSize
.
Level1
)
{
SeccompUnitTest
test
;
test
.
TestSetUidGidFilter
();
}
/**
* @tc.name: TestSystemSycall
* @tc.desc: Verify the system seccomp policy.
* @tc.type: FUNC
* @tc.require: issueI5MUXD
*/
HWTEST_F
(
SeccompUnitTest
,
TestAppSycall
,
TestSize
.
Level1
)
{
SeccompUnitTest
test
;
test
.
TestAppSycall
();
}
}
watchdog/init_watchdog.c
浏览文件 @
13347e5c
...
...
@@ -37,6 +37,9 @@
#define DEFAULT_GAP 3
#define CONVERSION_BASE 1000000U
#define PRETIMEOUT_GAP 5
#define PRETIMEOUT_DIV 2
static
void
WaitAtStartup
(
const
char
*
source
)
{
unsigned
int
count
=
0
;
...
...
@@ -83,6 +86,12 @@ int main(int argc, const char *argv[])
#endif
int
timeoutSet
=
interval
+
gap
;
int
timeoutGet
=
0
;
#ifdef WDIOC_SETPRETIMEOUT
int
preTimeout
=
0
;
int
preTimeoutGet
=
0
;
#endif
int
ret
=
ioctl
(
fd
,
WDIOC_SETTIMEOUT
,
&
timeoutSet
);
if
(
ret
)
{
INIT_LOGE
(
"Failed to set timeout to %d
\n
"
,
timeoutSet
);
...
...
@@ -90,9 +99,30 @@ int main(int argc, const char *argv[])
ret
=
ioctl
(
fd
,
WDIOC_GETTIMEOUT
,
&
timeoutGet
);
if
(
ret
)
{
INIT_LOGE
(
"Failed to get timeout
\n
"
);
}
else
{
}
if
(
timeoutGet
>
0
)
{
interval
=
(
timeoutGet
>
gap
)
?
(
timeoutGet
-
gap
)
:
1
;
}
#ifdef WDIOC_SETPRETIMEOUT
preTimeout
=
timeoutGet
-
PRETIMEOUT_GAP
;
// ensure pretimeout smaller then timeout
if
(
preTimeout
>
0
)
{
ret
=
ioctl
(
fd
,
WDIOC_SETPRETIMEOUT
,
&
preTimeout
);
if
(
ret
)
{
INIT_LOGE
(
"Failed to set pretimeout to %d
\n
"
,
preTimeout
);
}
ret
=
ioctl
(
fd
,
WDIOC_GETPRETIMEOUT
,
&
preTimeoutGet
);
if
(
ret
)
{
INIT_LOGE
(
"Failed to get pretimeout
\n
"
);
}
}
if
(
preTimeoutGet
>
0
&&
preTimeoutGet
<
interval
)
{
interval
=
preTimeoutGet
/
PRETIMEOUT_DIV
;
}
#endif
while
(
1
)
{
ioctl
(
fd
,
WDIOC_KEEPALIVE
);
sleep
(
interval
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录