clear init cap

Signed-off-by: N renwei <renwei8@huawei.com> Change-Id: I43705587af285cd2011de4f1b4f3e1a80069249c

clear init cap
Signed-off-by: N renwei <renwei8@huawei.com> Change-Id: I43705587af285cd2011de4f1b4f3e1a80069249c
426368f9 · renwei · a856c2c1 · 426368f9 · 426368f9 · 426368f9
4 changed file
--- a/services/param/adapter/param_selinux.c
+++ b/services/param/adapter/param_selinux.c
@@ -216,14 +216,16 @@ static int SelinuxCheckParamPermission(const ParamSecurityLabel *srcLabel, const
    SelinuxSpace *selinuxSpace = &GetParamWorkSpace()->selinuxSpace;
    int ret = DAC_RESULT_FORBIDED;
    // check
+    SrcInfo info = { 0 };
    struct ucred uc;
-    uc.pid = srcLabel->cred.pid;
-    uc.uid = srcLabel->cred.uid;
-    uc.gid = srcLabel->cred.gid;
+    info.uc.pid = srcLabel->cred.pid;
+    info.uc.uid = srcLabel->cred.uid;
+    info.uc.gid = srcLabel->cred.gid;
+    info.sockFd = srcLabel->sockFd;
    if (mode == DAC_WRITE) {
        PARAM_CHECK(selinuxSpace->setParamCheck != NULL, return ret, "Invalid setParamCheck");
        const char *context = GetSelinuxContent(name);
-        ret = selinuxSpace->setParamCheck(name, context, &uc);
+        ret = selinuxSpace->setParamCheck(name, context, &info);
    } else {
 #ifndef STARTUP_INIT_TEST
        ret = SelinuxReadParamCheck(name);
@@ -232,7 +234,7 @@ static int SelinuxCheckParamPermission(const ParamSecurityLabel *srcLabel, const
 #endif
    }
    if (ret != 0) {
-        PARAM_LOGW("Selinux check name %s pid %d uid %d %d result %d", name, uc.pid, uc.uid, uc.gid, ret);
+        PARAM_LOGW("Selinux check name %s pid %d uid %d %d result %d", name, info.uc.pid, info.uc.uid, info.uc.gid, ret);
        ret = DAC_RESULT_FORBIDED;
    } else {
        ret = DAC_RESULT_PERMISSION;

--- a/services/param/include/param_security.h
+++ b/services/param/include/param_security.h
@@ -66,6 +66,7 @@ typedef enum {
 } ParamSecurityType;

 typedef struct {
+    int32_t sockFd;
    UserCred cred;
    uint32_t flags[PARAM_SECURITY_MAX];
 } ParamSecurityLabel;
@@ -96,11 +97,11 @@ typedef struct {
 } ParamSecurityOps;

 typedef int (*RegisterSecurityOpsPtr)(ParamSecurityOps *ops, int isInit);
-typedef int (*SelinuxSetParamCheck)(const char *paraName, const char *destContext, struct ucred *uc);
+typedef int (*SelinuxSetParamCheck)(const char *paraName, const char *destContext, int32_t sockFd, struct ucred *uc);
 typedef struct SelinuxSpace_ {
    void *selinuxHandle;
    void (*setSelinuxLogCallback)(void);
-    int (*setParamCheck)(const char *paraName, const char *destContext, struct ucred *uc);
+    int (*setParamCheck)(const char *paraName, const char *destContext, const SrcInfo *info);
    const char *(*getParamLabel)(const char *paraName);
    int (*initParamSelinux)(void);
    int (*readParamCheck)(const char *paraName);

--- a/services/param/linux/param_service.c
+++ b/services/param/linux/param_service.c
@@ -168,6 +168,7 @@ static int HandleParamSet(const ParamTaskPtr worker, const ParamMessage *msg)
        PARAM_LOGE("Failed to get opt %d", errno);
        return SendResponseMsg(worker, msg, -1);
    }
+    srcLabel.sockFd = LE_GetSocketFd(worker);
    srcLabel.cred.uid = cr.uid;
    srcLabel.cred.pid = cr.pid;
    srcLabel.cred.gid = cr.gid;

--- a/test/unittest/param/param_stub.cpp
+++ b/test/unittest/param/param_stub.cpp
@@ -61,7 +61,7 @@ static const char *forbitWriteParamName[] = {
    "test.persmission.watch"
 };

-static int TestSetParamCheck(const char *paraName, const char *context, struct ucred *uc)
+static int TestSetParamCheck(const char *paraName, const char *context, const SrcInfo *info)
 {
    // forbid to read ohos.servicectrl.
    for (size_t i = 0; i < ARRAY_LENGTH(forbitWriteParamName); i++) {