clear init cap

Signed-off-by: Nrenwei <renwei8@huawei.com>
Change-Id: I43705587af285cd2011de4f1b4f3e1a80069249c

services/param/adapter/param_selinux.c

@@ -216,14 +216,16 @@ static int SelinuxCheckParamPermission(const ParamSecurityLabel *srcLabel, const
     SelinuxSpace *selinuxSpace = &GetParamWorkSpace()->selinuxSpace;
     int ret = DAC_RESULT_FORBIDED;
     // check
+    SrcInfo info = { 0 };
     struct ucred uc;
-    uc.pid = srcLabel->cred.pid;
-    uc.uid = srcLabel->cred.uid;
-    uc.gid = srcLabel->cred.gid;
+    info.uc.pid = srcLabel->cred.pid;
+    info.uc.uid = srcLabel->cred.uid;
+    info.uc.gid = srcLabel->cred.gid;
+    info.sockFd = srcLabel->sockFd;
     if (mode == DAC_WRITE) {
         PARAM_CHECK(selinuxSpace->setParamCheck != NULL, return ret, "Invalid setParamCheck");
         const char *context = GetSelinuxContent(name);
-        ret = selinuxSpace->setParamCheck(name, context, &uc);
+        ret = selinuxSpace->setParamCheck(name, context, &info);
     } else {
 #ifndef STARTUP_INIT_TEST
         ret = SelinuxReadParamCheck(name);
@@ -232,7 +234,7 @@ static int SelinuxCheckParamPermission(const ParamSecurityLabel *srcLabel, const
 #endif
     }
     if (ret != 0) {
-        PARAM_LOGW("Selinux check name %s pid %d uid %d %d result %d", name, uc.pid, uc.uid, uc.gid, ret);
+        PARAM_LOGW("Selinux check name %s pid %d uid %d %d result %d", name, info.uc.pid, info.uc.uid, info.uc.gid, ret);
         ret = DAC_RESULT_FORBIDED;
     } else {
         ret = DAC_RESULT_PERMISSION;

services/param/include/param_security.h

@@ -66,6 +66,7 @@ typedef enum {
 } ParamSecurityType;
 
 typedef struct {
+    int32_t sockFd;
     UserCred cred;
     uint32_t flags[PARAM_SECURITY_MAX];
 } ParamSecurityLabel;
@@ -96,11 +97,11 @@ typedef struct {
 } ParamSecurityOps;
 
 typedef int (*RegisterSecurityOpsPtr)(ParamSecurityOps *ops, int isInit);
-typedef int (*SelinuxSetParamCheck)(const char *paraName, const char *destContext, struct ucred *uc);
+typedef int (*SelinuxSetParamCheck)(const char *paraName, const char *destContext, int32_t sockFd, struct ucred *uc);
 typedef struct SelinuxSpace_ {
     void *selinuxHandle;
     void (*setSelinuxLogCallback)(void);
-    int (*setParamCheck)(const char *paraName, const char *destContext, struct ucred *uc);
+    int (*setParamCheck)(const char *paraName, const char *destContext, const SrcInfo *info);
     const char *(*getParamLabel)(const char *paraName);
     int (*initParamSelinux)(void);
     int (*readParamCheck)(const char *paraName);

services/param/linux/param_service.c

@@ -168,6 +168,7 @@ static int HandleParamSet(const ParamTaskPtr worker, const ParamMessage *msg)
         PARAM_LOGE("Failed to get opt %d", errno);
         return SendResponseMsg(worker, msg, -1);
     }
+    srcLabel.sockFd = LE_GetSocketFd(worker);
     srcLabel.cred.uid = cr.uid;
     srcLabel.cred.pid = cr.pid;
     srcLabel.cred.gid = cr.gid;

test/unittest/param/param_stub.cpp

@@ -61,7 +61,7 @@ static const char *forbitWriteParamName[] = {
     "test.persmission.watch"
 };
 
-static int TestSetParamCheck(const char *paraName, const char *context, struct ucred *uc)
+static int TestSetParamCheck(const char *paraName, const char *context, const SrcInfo *info)
 {
     // forbid to read ohos.servicectrl.
     for (size_t i = 0; i < ARRAY_LENGTH(forbitWriteParamName); i++) {