Skip to content

S
Startup Init Lite

OpenHarmony / Startup Init Lite
接近 2 年 前同步成功

通知 3
Star 37
Fork 0
S
Startup Init Lite
提交 513c2427 编写于 作者: C cheng_jinsong 提交者: Gitee
浏览文件
操作

Merge branch 'master' of gitee.com:openharmony/startup_init_lite into servicejob 

Signed-off-by: Ncheng_jinsong <chengjinsong2@huawei.com>
上级 726c2794 645e2c28
展开全部 隐藏空白更改
内联 并排
Showing with 795 addition and 766 deletion
README_zh.md
浏览文件 @ 513c2427
......@@ -425,5 +425,5 @@ init的关键配置文件init.cfg位于代码仓库base/startup/init/service/etc
[startup\_bootstrap\_lite](https://gitee.com/openharmony/startup_bootstrap_lite/blob/master/README_zh.md)
**[startup\_init\_lite]**
startup\_init\_lite
begetd.gni
浏览文件 @ 513c2427
......@@ -15,7 +15,6 @@ declare_args() {
enable_ohos_startup_init_feature_watcher = true
enable_ohos_startup_init_feature_deviceinfo = true
param_test = true
control_test = false
param_base_log = false
enable_ohos_startup_init_feature_ab_partition = false
......
device_info/device_info_proxy.h
浏览文件 @ 513c2427
......@@ -26,8 +26,8 @@ public:
explicit DeviceInfoProxy(const sptr<IRemoteObject> &impl) : IRemoteProxy<IDeviceInfo>(impl) {}
virtual ~DeviceInfoProxy() {}
virtual int32_t GetUdid(std::string& result) override;
virtual int32_t GetSerialID(std::string& result) override;
int32_t GetUdid(std::string& result) override;
int32_t GetSerialID(std::string& result) override;
private:
static inline BrokerDelegator<DeviceInfoProxy> delegator_;
};
......
device_info/device_info_stub.h
浏览文件 @ 513c2427
......@@ -39,8 +39,8 @@ public:
{
}
~DeviceInfoService() override {}
virtual int32_t GetUdid(std::string& result) override;
virtual int32_t GetSerialID(std::string& result) override;
int32_t GetUdid(std::string& result) override;
int32_t GetSerialID(std::string& result) override;
#ifndef STARTUP_INIT_TEST
protected:
#endif
......
interfaces/innerkits/BUILD.gn
浏览文件 @ 513c2427
......@@ -174,6 +174,7 @@ if (defined(ohos_lite)) {
include_dirs = include_common
deps = [
"//base/customization/config_policy/frameworks/config_policy:configpolicy_util_for_init_static",
"//base/startup/init/interfaces/innerkits/control_fd:libcontrolfd",
"//base/startup/init/interfaces/innerkits/fd_holder:fdholder",
"//base/startup/init/interfaces/innerkits/file:libfile",
......
interfaces/innerkits/fs_manager/fstab.c
浏览文件 @ 513c2427
......@@ -348,7 +348,7 @@ int GetBlockDeviceByName(const char *deviceName, const Fstab *fstab, char* miscD
return -1;
}
static const struct MountFlags mountFlags[] = {
static const struct MountFlags MOUNT_FLAGS[] = {
{ "noatime", MS_NOATIME },
{ "noexec", MS_NOEXEC },
{ "nosuid", MS_NOSUID },
......@@ -372,8 +372,8 @@ static bool IsDefaultMountFlags(const char *str)
bool isDefault = false;
if (str != NULL) {
for (size_t i = 0; i < ARRAY_LENGTH(mountFlags); i++) {
if (strcmp(str, mountFlags[i].name) == 0) {
for (size_t i = 0; i < ARRAY_LENGTH(MOUNT_FLAGS); i++) {
if (strcmp(str, MOUNT_FLAGS[i].name) == 0) {
isDefault = true;
}
}
......@@ -386,9 +386,9 @@ static unsigned long ParseDefaultMountFlag(const char *str)
unsigned long flags = 0;
if (str != NULL) {
for (size_t i = 0; i < ARRAY_LENGTH(mountFlags); i++) {
if (strcmp(str, mountFlags[i].name) == 0) {
flags = mountFlags[i].flags;
for (size_t i = 0; i < ARRAY_LENGTH(MOUNT_FLAGS); i++) {
if (strcmp(str, MOUNT_FLAGS[i].name) == 0) {
flags = MOUNT_FLAGS[i].flags;
break;
}
}
......
interfaces/innerkits/fs_manager/fstab_mount.c
浏览文件 @ 513c2427
......@@ -182,7 +182,10 @@ static int DoResizeF2fs(const char* device, const unsigned long long size)
unsigned long long realSize = size *
((unsigned long long)RESIZE_BUFFER_SIZE * RESIZE_BUFFER_SIZE / FS_MANAGER_BUFFER_SIZE);
char sizeStr[RESIZE_BUFFER_SIZE] = {0};
sprintf_s(sizeStr, RESIZE_BUFFER_SIZE, "%llu", realSize);
int len = sprintf_s(sizeStr, RESIZE_BUFFER_SIZE, "%llu", realSize);
if (len <= 0) {
BEGET_LOGE("Write buffer size failed.");
}
char *cmd[] = {
file, "-t", sizeStr, (char *)device, NULL
};
......@@ -229,7 +232,10 @@ static int DoResizeExt(const char* device, const unsigned long long size)
ret = ExecCommand(argc, argv);
} else {
char sizeStr[RESIZE_BUFFER_SIZE] = {0};
sprintf_s(sizeStr, RESIZE_BUFFER_SIZE, "%lluM", size);
int len = sprintf_s(sizeStr, RESIZE_BUFFER_SIZE, "%lluM", size);
if (len <= 0) {
BEGET_LOGE("Write buffer size failed.");
}
char *cmd[] = {
file, "-f", (char *)device, sizeStr, NULL
};
......
interfaces/innerkits/modulemgr/modulemgr.c
浏览文件 @ 513c2427
......@@ -21,6 +21,7 @@
#include <linux/limits.h>
#include "beget_ext.h"
#include "config_policy_utils.h"
#include "init_utils.h"
#include "list.h"
#include "securec.h"
......@@ -225,15 +226,22 @@ MODULE_MGR *ModuleMgrScan(const char *modulePath)
BEGET_CHECK(moduleMgr != NULL, return NULL);
if (modulePath[0] == '/') {
BEGET_CHECK(!(snprintf_s(path, sizeof(path), sizeof(path) - 1, "%s", modulePath) < 0), return NULL);
scanModules(moduleMgr, modulePath);
} else if (InUpdaterMode() == 1) {
BEGET_CHECK(snprintf_s(path, sizeof(path), sizeof(path) - 1,
"/%s/%s", MODULE_LIB_NAME, modulePath) > 0, return NULL);
scanModules(moduleMgr, path);
} else {
const char *fmt = (InUpdaterMode() == 0) ? "/system/" MODULE_LIB_NAME : "/" MODULE_LIB_NAME;
BEGET_CHECK(!(snprintf_s(path, sizeof(path), sizeof(path) - 1,
"%s/%s", fmt, modulePath) < 0), return NULL);
BEGET_CHECK(snprintf_s(path, sizeof(path), sizeof(path) - 1,
"%s/%s", MODULE_LIB_NAME, modulePath) > 0, return NULL);
CfgFiles *files = GetCfgFiles(path);
for (int i = MAX_CFG_POLICY_DIRS_CNT - 1; files && i >= 0; i--) {
if (files->paths[i]) {
scanModules(moduleMgr, files->paths[i]);
}
}
FreeCfgFiles(files);
}
scanModules(moduleMgr, path);
return moduleMgr;
}
......
interfaces/innerkits/sandbox/sandbox.c
浏览文件 @ 513c2427
......@@ -68,7 +68,7 @@ struct SandboxMountFlags {
unsigned long value;
};
static const struct SandboxMountFlags g_flags[] = {
static const struct SandboxMountFlags FLAGS[] = {
{
.flag = "bind",
.value = MS_BIND,
......@@ -99,7 +99,7 @@ struct SandboxMap {
const char *configfile;
};
static const struct SandboxMap g_map[] = {
static const struct SandboxMap MAP[] = {
{
.name = "system",
.sandbox = &g_systemSandbox,
......@@ -124,9 +124,9 @@ static unsigned long GetSandboxMountFlags(cJSON *item)
BEGET_ERROR_CHECK(item != NULL, return 0, "Invalid parameter.");
char *str = cJSON_GetStringValue(item);
BEGET_CHECK(str != NULL, return 0);
for (size_t i = 0; i < ARRAY_LENGTH(g_flags); i++) {
if (strcmp(str, g_flags[i].flag) == 0) {
return g_flags[i].value;
for (size_t i = 0; i < ARRAY_LENGTH(FLAGS); i++) {
if (strcmp(str, FLAGS[i].flag) == 0) {
return FLAGS[i].value;
}
}
return 0;
......@@ -260,10 +260,10 @@ static int ParseSandboxConfig(cJSON *root, sandbox_t *sandbox)
static const struct SandboxMap *GetSandboxMapByName(const char *name)
{
BEGET_ERROR_CHECK(name != NULL, return NULL, "Sandbox map name is NULL.");
int len = ARRAY_LENGTH(g_map);
int len = ARRAY_LENGTH(MAP);
for (int i = 0; i < len; i++) {
if (strcmp(g_map[i].name, name) == 0) {
return &g_map[i];
if (strcmp(MAP[i].name, name) == 0) {
return &MAP[i];
}
}
return NULL;
......
interfaces/innerkits/seccomp/BUILD.gn
浏览文件 @ 513c2427
......@@ -26,16 +26,14 @@ if (defined(build_seccomp) && build_seccomp) {
include_dirs = [
"//base/startup/init/interfaces/innerkits/include",
"//base/startup/init/services/modules/seccomp",
"//base/startup/init/services/modules",
"//base/startup/init/services/log",
"//third_party/bounds_checking_function/include",
]
deps = [
"//base/startup/init/interfaces/innerkits:libbegetutil",
"//base/startup/init/services/modules/seccomp:app_filter",
"//base/startup/init/services/modules/seccomp:appspawn_filter",
"//base/startup/init/services/modules/seccomp:nwebspawn_filter",
"//third_party/bounds_checking_function:libsec_shared",
]
license_file = "//base/startup/init/LICENSE"
......@@ -43,10 +41,7 @@ if (defined(build_seccomp) && build_seccomp) {
part_name = "init"
install_enable = true
install_images = [
"system",
"updater",
]
install_images = [ "system" ]
}
} else {
group("seccomp") {
......
interfaces/innerkits/seccomp/include/seccomp_policy.h
浏览文件 @ 513c2427
......@@ -25,14 +25,12 @@ extern "C" {
#endif
#endif
typedef enum {
SYSTEM,
APPSPAWN,
APP,
NWEBSPAWN,
} PolicyType;
#define SYSTEM_NAME "system"
#define APPSPAWN_NAME "appspawn"
#define NWEBSPAWN_NAME "nwebspawn"
#define APP_NAME "app"
bool SetSeccompPolicy(PolicyType policy);
bool SetSeccompPolicyWithName(const char *filterName);
#ifdef __cplusplus
#if __cplusplus
......
interfaces/innerkits/syspara/param_comm.c
浏览文件 @ 513c2427
......@@ -142,6 +142,9 @@ static int GetSha256Value(const char *input, char *udid, int udidSize)
#else
static int GetSha256Value(const char *input, char *udid, int udidSize)
{
(void)input;
(void)udid;
(void)udidSize;
return EC_FAILURE;
}
#endif
......
interfaces/kits/jskits/src/native_parameters_js.cpp
浏览文件 @ 513c2427
......@@ -202,8 +202,7 @@ static napi_value GetSync(napi_env env, napi_callback_info info)
napi_value napiValue = nullptr;
if (ret == 0) {
const char *value = getValue.c_str();
NAPI_CALL(env, napi_create_string_utf8(env, value, strlen(value), &napiValue));
NAPI_CALL(env, napi_create_string_utf8(env, getValue.c_str(), strlen(getValue.c_str()), &napiValue));
}
return napiValue;
}
......
scripts/param_cfg_to_code.py
浏览文件 @ 513c2427
......@@ -20,7 +20,7 @@ import argparse
import os
import sys
def DecodeCfgLine(data):
def decode_cfg_line(data):
data.replace('\n', '').replace('\r', '')
data = data.strip()
if (len(data) == 0 or data[0] == '#'):
......@@ -30,46 +30,46 @@ def DecodeCfgLine(data):
return "", ""
return strs[0].strip(), strs[1].strip()
def GetParamFromCfg(cfgName):
def get_param_from_cfg(cfg_name):
dict = {}
with open(cfgName) as afile:
with open(cfg_name) as afile:
data = afile.readline()
while data:
name, value = DecodeCfgLine(data)
name, value = decode_cfg_line(data)
if len(name) != 0 and len(value) != 0:
dict[name] = value
print("sample file name={%s %s}"%(name, value))
data = afile.readline()
return dict
def DecodeCodeLine(data):
def decode_code_line(data):
data.replace('\n', '').replace('\r', '')
data = data.strip()
if (not data.startswith("PARAM_MAP")):
return "", ""
dataLen = len(data)
data = data[len("PARAM_MAP") + 1 : dataLen - 1]
data_len = len(data)
data = data[len("PARAM_MAP") + 1 : data_len - 1]
data = data.strip()
strs = data.split(',')
if len(strs) <= 1:
return "", ""
return strs[0].strip(), data[len(strs[0]) + 1: ].strip()
def GetParamFromCCode(codeName):
def get_param_from_c_code(code_name):
dict = {}
with open(codeName, "r+") as afile:
with open(code_name, "r+") as afile:
data = afile.readline()
while data:
name, value = DecodeCodeLine(data)
name, value = decode_code_line(data)
if len(name) != 0 and len(value) != 0:
dict[name] = value
data = afile.readline()
afile.truncate(0)
return dict
def WriteMapToCode(codeName, dict):
def write_map_to_code(code_name, dict):
try:
with open(codeName, "w") as f:
with open(code_name, "w") as f:
# start with 0
f.seek(0)
# write file header
......@@ -110,18 +110,18 @@ def WriteMapToCode(codeName, dict):
f.write(os.linesep)
f.truncate()
except IOError:
print("Error: open or write file %s fail"%{codeName})
print("Error: open or write file %s fail"%{code_name})
return 0
def AddToCodeDict(codeDict, cfgDict, high = True):
for name, value in cfgDict.items():
def add_to_code_dict(code_dict, cfg_dict, high = True):
for name, value in cfg_dict.items():
# check if name exit
hasKey = name in codeDict #codeDict.has_key(name)
if hasKey and high:
codeDict[name] = value
elif not hasKey:
codeDict[name] = value
return codeDict
has_key = name in code_dict #code_dict.has_key(name)
if has_key and high:
code_dict[name] = value
elif not has_key:
code_dict[name] = value
return code_dict
def main():
parser = argparse.ArgumentParser(
......@@ -144,18 +144,19 @@ def main():
for source in args.source:
print("source {}".format(out_dir))
assert os.path.exists(source)
if not os.path.exists(source):
raise FileNotFoundError
srcDict = GetParamFromCfg(source)
src_dict = get_param_from_cfg(source)
dst = "".join([out_dir, "param_cfg.h"])
if os.path.exists(dst):
dstDict = GetParamFromCCode(dst)
dst_dict = get_param_from_c_code(dst)
else:
dstDict = {}
dst_dict = {}
dstDict = AddToCodeDict(dstDict, srcDict, False)
WriteMapToCode(dst, dstDict)
dst_dict = add_to_code_dict(dst_dict, src_dict, False)
write_map_to_code(dst, dst_dict)
return 0
......
services/BUILD.gn
浏览文件 @ 513c2427
......@@ -32,7 +32,13 @@ group("startup_init") {
deps = [
"etc:etc_files",
"init/standard:init",
"//third_party/e2fsprogs:e2fsprogs",
]
if (use_musl) {
deps += [ "//third_party/f2fs-tools:f2fs-tools" ]
}
if (enable_ohos_startup_init_feature_watcher) {
deps += [
"//base/startup/init/services/param/watcher:param_watcher",
......
services/begetctl/misc_daemon.cpp
浏览文件 @ 513c2427
......@@ -206,7 +206,7 @@ static void WriteLogoToMisc(const std::string &logoPath)
static int main_cmd(BShellHandle shell, int argc, char **argv)
{
if (argc >= 2 && strcmp((char *)"--write_logo", argv[0]) == 0) { // 2 min arg
if (argc >= 2 && strcmp(const_cast<char *>("--write_logo"), argv[0]) == 0) { // 2 min arg
WriteLogoToMisc(argv[1]);
} else {
char *helpArgs[] = {const_cast<char *>("misc_daemon"), nullptr};
......
services/begetctl/param_cmd.c
浏览文件 @ 513c2427
......@@ -359,9 +359,9 @@ static int32_t BShellParamCmdDump(BShellHandle shell, int32_t argc, char *argv[]
{
BSH_CHECK(shell != NULL, return BSH_INVALID_PARAM, "Invalid shell env");
if (argc >= 2 && strcmp(argv[1], "verbose") == 0) { // 2 min arg
SystemDumpParameters(1);
SystemDumpParameters(1, printf);
} else {
SystemDumpParameters(0);
SystemDumpParameters(0, printf);
}
return 0;
}
......
services/begetctl/sandbox.cpp
浏览文件 @ 513c2427
......@@ -74,7 +74,7 @@ static void RunSandbox(const std::string &sandboxName)
static void EnterShell()
{
char *argv[] = { (char *)"sh", NULL };
char *argv[] = { const_cast<char *>("sh"), NULL };
char *envp[] = { nullptr };
if (execve("/system/bin/sh", argv, envp) != 0) {
std::cout << "execve sh failed! err = "<< errno << std::endl;
......
services/begetctl/shell/shell_bas.c
浏览文件 @ 513c2427
......@@ -38,7 +38,10 @@ char *BShellEnvErrString(BShellHandle handle, int32_t err)
}
BSH_CHECK(handle != NULL, return "System unknow err", "Invalid shell env");
BShellEnv *shell = (BShellEnv *)handle;
sprintf_s(shell->data, sizeof(shell->data) - 1, "System unknow err 0x%08x", err);
int len = sprintf_s(shell->data, sizeof(shell->data) - 1, "System unknow err 0x%08x", err);
if (len <= 0) {
BSH_LOGE("Write shell data size failed.");
}
return shell->data;
}
......
services/etc/BUILD.gn
浏览文件 @ 513c2427
......@@ -110,11 +110,6 @@ if (defined(ohos_lite)) {
part_name = "init"
}
ohos_prebuilt_etc("init.usb.configfs.cfg") {
source = "//base/startup/init/services/etc/init.usb.configfs.cfg"
part_name = "init"
}
ohos_prebuilt_para("ohos.para") {
source = "//base/startup/init/services/etc/param/ohos.para"
install_images = [
......@@ -223,7 +218,6 @@ if (defined(ohos_lite)) {
":init.cfg",
":init.reboot",
":init.usb.cfg",
":init.usb.configfs.cfg",
":misc.cfg",
":ohos.para",
":ohos.para.dac",
......
services/etc/console.cfg
浏览文件 @ 513c2427
......@@ -8,6 +8,7 @@
"sandbox" : 0,
"uid" : "root",
"gid" : ["shell", "log", "readproc"],
"ondemand" : true,
"jobs" : {
"on-start" : "services:console"
},
......
services/etc/group
浏览文件 @ 513c2427
......@@ -32,7 +32,7 @@ uiserver:x:1048:
servicectrl:x:1050:root,shell,system,samgr,hdf_devmgr
powerctrl:x:1051:root,shell,system,update,power_host
bootctrl:x:1052:root,shell,system
deviceprivate:1053:root,shell,system,samgr,hdf_devmgr, deviceinfo
deviceprivate:x:1053:root,shell,system,samgr,hdf_devmgr,deviceinfo,dsoftbus,dms,account
hiview:x:1201:
hidumper_service:x:1212:
shell:x:2000:
......@@ -83,6 +83,7 @@ deviceauth:x:3333:
huks_server:x:3510:
dms:x:5522:
foundation:x:5523:
quickfixserver:x:5524;
samgr:x:5555:
update:x:6666:
charger:x:6667:
......@@ -115,3 +116,4 @@ uhdf_driver:x:3066:
memmgr:x:1111:
ispserver:x:3821:
dfs_share:x:3822:
appspawn:x:4000:
services/etc/init.cfg
浏览文件 @ 513c2427
......@@ -212,12 +212,6 @@
"cmds" : [
"write /proc/sys/kernel/perf_event_paranoid 3"
]
}, {
"name" : "boot && param:const.debuggable=1",
"condition" : "boot && const.debuggable=1",
"cmds" : [
"start console"
]
}, {
"name" : "services:console",
"cmds" : [
......
services/etc/init.usb.configfs.cfg 已删除 100755 → 0
浏览文件 @ 726c2794
{
"jobs" : [{
"name" : "param:sys.usb.config=none && param:sys.usb.configfs=1",
"condition" : "sys.usb.config=none && sys.usb.configfs=1",
"cmds" : [
"write /config/usb_gadget/g1/UDC none",
"stop hdcd",
"setparam sys.usb.ffs.ready 0",
"write /config/usb_gadget/g1/bDeviceClass 0",
"write /config/usb_gadget/g1/bDeviceSubClass 0",
"write /config/usb_gadget/g1/bDeviceProtocol 0",
"rm /config/usb_gadget/g1/configs/b.1/f1",
"rm /config/usb_gadget/g1/configs/b.1/rndis.rn0",
"rmdir /config/usb_gadget/g1/functions/rndis.rn0",
"rm /config/usb_gadget/g1/configs/b.1/mass_storage.usb",
"rmdir /config/usb_gadget/g1/functions/mass_storage.usb",
"setparam sys.usb.state ${sys.usb.config}"
]
}, {
"name" : "param:startup.service.ctl.hdcd=5",
"condition" : "startup.service.ctl.hdcd=5",
"cmds" : [
"setparam sys.usb.ffs.ready 0"
]
}, {
"name" : "param:sys.usb.config=hdc && param:sys.usb.configfs=1",
"condition" : "sys.usb.config=hdc && sys.usb.configfs=1",
"cmds" : [
"start hdcd"
]
}, {
"name" : "param:sys.usb.ffs.ready=1 && param:sys.usb.config=hdc && param:sys.usb.configfs=1",
"condition" : "sys.usb.ffs.ready=1 && sys.usb.config=hdc && sys.usb.configfs=1",
"cmds" : [
"write /config/usb_gadget/g1/configs/b.1/strings/0x409/configuration hdc",
"symlink /config/usb_gadget/g1/functions/ffs.hdc /config/usb_gadget/g1/configs/b.1/f1",
"write /config/usb_gadget/g1/UDC ${sys.usb.controller}",
"setparam sys.usb.state ${sys.usb.config}"
]
}, {
"name" : "param:sys.usb.config=rndis && param:sys.usb.configfs=1",
"condition" : "sys.usb.config=rndis && sys.usb.configfs=1",
"cmds" : [
"mkdir /config/usb_gadget/g1/functions/rndis.rn0",
"write /config/usb_gadget/g1/configs/b.1/strings/0x409/configuration rndis",
"symlink /config/usb_gadget/g1/functions/rndis.rn0 /config/usb_gadget/g1/configs/b.1/rndis.rn0",
"write /config/usb_gadget/g1/UDC ${sys.usb.controller}",
"setparam sys.usb.state ${sys.usb.config}"
]
}, {
"name" : "param:sys.usb.config=rndis_hdc && param:sys.usb.configfs=1",
"condition" : "sys.usb.config=rndis_hdc && sys.usb.configfs=1",
"cmds" : [
"mkdir /config/usb_gadget/g1/functions/rndis.rn0",
"symlink /config/usb_gadget/g1/functions/rndis.rn0 /config/usb_gadget/g1/configs/b.1/rndis.rn0",
"start hdcd"
]
}, {
"name" : "param:sys.usb.ffs.ready=1 && param:sys.usb.config=rndis_hdc && param:sys.usb.configfs=1",
"condition" : "sys.usb.ffs.ready=1 && sys.usb.config=rndis_hdc && sys.usb.configfs=1",
"cmds" : [
"write /config/usb_gadget/g1/configs/b.1/strings/0x409/configuration rndis_hdc",
"symlink /config/usb_gadget/g1/functions/ffs.hdc /config/usb_gadget/g1/configs/b.1/f1",
"write /config/usb_gadget/g1/UDC ${sys.usb.controller}",
"setparam sys.usb.state ${sys.usb.config}"
]
}, {
"name" : "param:sys.usb.config=storage && param:sys.usb.configfs=1",
"condition" : "sys.usb.config=storage && sys.usb.configfs=1",
"cmds" : [
"mkdir /config/usb_gadget/g1/functions/mass_storage.usb",
"write /config/usb_gadget/g1/functions/mass_storage.usb/lun.0/file /dev/block/mmcblk0p11",
"write /config/usb_gadget/g1/configs/b.1/strings/0x409/configuration mass_storage",
"symlink /config/usb_gadget/g1/functions/mass_storage.usb /config/usb_gadget/g1/configs/b.1/mass_storage.usb",
"write /config/usb_gadget/g1/UDC ${sys.usb.controller}",
"setparam sys.usb.state ${sys.usb.config}"
]
}, {
"name" : "param:sys.usb.config=storage_hdc && param:sys.usb.configfs=1",
"condition" : "sys.usb.config=storage_hdc && sys.usb.configfs=1",
"cmds" : [
"mkdir /config/usb_gadget/g1/functions/mass_storage.usb",
"write /config/usb_gadget/g1/functions/mass_storage.usb/lun.0/file /dev/block/mmcblk0p11",
"symlink /config/usb_gadget/g1/functions/mass_storage.usb /config/usb_gadget/g1/configs/b.1/mass_storage.usb",
"start hdcd"
]
}, {
"name" : "param:sys.usb.ffs.ready=1 && param:sys.usb.config=storage_hdc && param:sys.usb.configfs=1",
"condition" : "sys.usb.ffs.ready=1 && sys.usb.config=storage_hdc && sys.usb.configfs=1",
"cmds" : [
"write /config/usb_gadget/g1/configs/b.1/strings/0x409/configuration storage_hdc",
"symlink /config/usb_gadget/g1/functions/ffs.hdc /config/usb_gadget/g1/configs/b.1/f1",
"write /config/usb_gadget/g1/UDC ${sys.usb.controller}",
"setparam sys.usb.state ${sys.usb.config}"
]
}
]
}
services/etc/param/ohos.para
浏览文件 @ 513c2427
......@@ -30,7 +30,7 @@ const.build.product=default
const.product.hardwareversion=default
const.product.bootloader.version=bootloader
const.product.cpu.abilist=default
const.product.software.version=OpenHarmony 3.2.7.2
const.product.software.version=OpenHarmony 3.2.7.3
const.product.incremental.version=default
const.product.firstapiversion=1
const.product.build.type=default
......
services/etc/param/ohos.para.size
浏览文件 @ 513c2427
......@@ -26,7 +26,7 @@ const_postinstall_param=4096
const_postinstall_fstab_param=4096
const_allow_param=4096
const_allow_mock_param=4096
device_public_param=30720
devinfo_public_param=30720
security_param=4096
sys_param=4096
bootevent_param=4096
......
services/etc/param/param_fixer.py
浏览文件 @ 513c2427
......@@ -18,7 +18,8 @@ import os
import sys
import json
sys.path.append(os.path.join(os.path.dirname(__file__), os.pardir, os.pardir, os.pardir, os.pardir, os.pardir, os.pardir, "build"))
sys.path.append(os.path.join(os.path.dirname(__file__), os.pardir, os.pardir,
os.pardir, os.pardir, os.pardir, os.pardir, "build"))
from scripts.util import build_utils # noqa: E402
def parse_args(args):
......@@ -39,7 +40,7 @@ def parse_params(line, contents):
if pos <= 0:
return
name = line[:pos]
value = line[pos+1:]
value = line[pos + 1:]
name = name.strip()
value = value.strip()
contents[name] = value
......
services/etc/passwd
浏览文件 @ 513c2427
......@@ -79,6 +79,7 @@ deviceauth:x:3333:3333:::/bin/false
huks_server:x:3510:3510:::/bin/false
dms:x:5522:5522:::/bin/false
foundation:x:5523:5523:::/bin/false
quickfixserver:x:5524:5524:::/bin/false
samgr:x:5555:5555:::/bin/false
dbms:x:6000:6000:::/bin/false
update:x:6666:6666:::/bin/false
......
services/include/init_utils.h
浏览文件 @ 513c2427
......@@ -42,6 +42,7 @@ typedef struct {
#define WAIT_MAX_SECOND 5
#define MAX_BUFFER_LEN 256
#define CMDLINE_VALUE_LEN_MAX 512
#define STDERR_HANDLE 2
#define ARRAY_LENGTH(array) (sizeof((array)) / sizeof((array)[0]))
#ifndef STARTUP_INIT_UT_PATH
......@@ -76,14 +77,14 @@ void FreeStringVector(char **vector, int count);
int InUpdaterMode(void);
int StringReplaceChr(char *strl, char oldChr, char newChr);
uint32_t GetRandom(void);
void OpenConsole(void);
void TrimTail(char *str, char c);
char *TrimHead(char *str, char c);
INIT_LOCAL_API int StringToULL(const char *str, unsigned long long int *out);
INIT_LOCAL_API int StringToLL(const char *str, long long int *out);
void CloseStdio(void);
void RedirectStdio(int fd);
#ifdef __cplusplus
#if __cplusplus
}
......
services/include/param/init_param.h
浏览文件 @ 513c2427
......@@ -146,7 +146,7 @@ void RegisterBootStateChange(void (*bootStateChange)(int start, const char *));
* dump 参数和trigger信息
*
*/
void SystemDumpTriggers(int verbose);
void SystemDumpTriggers(int verbose, int (*dump)(const char *fmt, ...));
#endif
/**
......@@ -217,7 +217,7 @@ int SystemWatchParameter(const char *keyprefix, ParameterChangePtr change, void
int SystemCheckParamExist(const char *name);
long long GetSystemCommitId(void);
void SystemDumpParameters(int verbose);
void SystemDumpParameters(int verbose, int (*dump)(const char *fmt, ...));
int WatchParamCheck(const char *keyprefix);
......
services/init/include/device.h
浏览文件 @ 513c2427
......@@ -29,7 +29,6 @@ extern "C" {
void MountBasicFs(void);
void CreateDeviceNode(void);
void CloseStdio(void);
#ifdef __cplusplus
#if __cplusplus
......
services/init/include/init.h
浏览文件 @ 513c2427
......@@ -43,7 +43,6 @@ void SystemExecuteRcs(void);
void ReadConfig(void);
void SignalInit(void);
void SetServiceEnterSandbox(const char *path, unsigned int attribute);
#ifdef __cplusplus
#if __cplusplus
......
services/init/include/init_service.h
浏览文件 @ 513c2427
......@@ -48,7 +48,7 @@ extern "C" {
#define SERVICE_ATTR_ONDEMAND 0x100 // ondemand, manage socket by init
#define SERVICE_ATTR_TIMERSTART 0x200 // Mark a service will be started by timer
#define SERVICE_ATTR_NEEDWAIT 0x400 // service should execute waitpid while stopping
#define SERVICE_ATTR_SANDBOX 0x800 // make service will enter sandbox
#define SERVICE_ATTR_WITHOUT_SANDBOX 0x800 // make service not enter sandbox
#define MAX_SERVICE_NAME 32
#define MAX_APL_NAME 32
......@@ -67,6 +67,12 @@ extern "C" {
#define IsOnDemandService(service) \
(((service)->attribute & SERVICE_ATTR_ONDEMAND) == SERVICE_ATTR_ONDEMAND)
#define MarkServiceAsOndemand(service) \
((service)->attribute |= SERVICE_ATTR_ONDEMAND)
#define UnMarkServiceAsOndemand(service) \
((service)->attribute &= ~SERVICE_ATTR_ONDEMAND)
#define IsServiceWithTimerEnabled(service) \
(((service)->attribute & SERVICE_ATTR_TIMERSTART) == SERVICE_ATTR_TIMERSTART)
......@@ -76,12 +82,13 @@ extern "C" {
#define EnableServiceTimer(service) \
((service)->attribute |= SERVICE_ATTR_TIMERSTART)
#define MarkServiceWithSandbox(service) \
((service)->attribute |= SERVICE_ATTR_SANDBOX)
#define MarkServiceWithoutSandbox(service) \
((service)->attribute |= SERVICE_ATTR_WITHOUT_SANDBOX)
#define UnMarkServiceWithSandbox(service) \
((service)->attribute &= ~SERVICE_ATTR_SANDBOX)
#define MarkServiceWithSandbox(service) \
((service)->attribute &= ~SERVICE_ATTR_WITHOUT_SANDBOX)
#pragma pack(4)
typedef enum {
START_MODE_CONDITION,
START_MODE_BOOT,
......@@ -133,7 +140,7 @@ typedef struct Service_ {
int endMode : 4; // preFork/ fork / exec / ready
int status : 4; // ServiceStatus
uint64_t tokenId;
char apl[MAX_APL_NAME + 1];
char *apl;
ServiceArgs capsArgs;
ServiceArgs permArgs;
ServiceArgs permAclsArgs;
......@@ -151,6 +158,7 @@ typedef struct Service_ {
cpu_set_t cpuSet;
struct ListNode extDataNode;
} Service;
#pragma pack()
Service *GetServiceByPid(pid_t pid);
Service *GetServiceByName(const char *servName);
......@@ -170,7 +178,9 @@ int SetAccessToken(const Service *service);
void GetAccessToken(void);
void ServiceStopTimer(Service *service);
void ServiceStartTimer(Service *service, uint64_t timeout);
void IsEnableSandbox(void);
void EnterServiceSandbox(Service *service);
void SetServiceEnterSandbox(const char *execPath, unsigned int attribute);
#ifdef __cplusplus
#if __cplusplus
}
......
services/init/include/init_service_manager.h
浏览文件 @ 513c2427
......@@ -63,6 +63,7 @@ Service *AddService(const char *name);
void DumpServiceHookExecute(const char *name, const char *info);
void ProcessControlFd(uint16_t type, const char *serviceCmd, const void *context);
int GetKillServiceSig(const char *name);
int WatchConsoleDevice(Service *service);
#ifdef __cplusplus
#if __cplusplus
}
......
services/init/init_capability.c
浏览文件 @ 513c2427
......@@ -88,8 +88,6 @@ int GetServiceCaps(const cJSON *curArrItem, Service *service)
{
INIT_ERROR_CHECK(service != NULL, return SERVICE_FAILURE, "service is null ptr.");
INIT_ERROR_CHECK(curArrItem != NULL, return SERVICE_FAILURE, "json is null ptr.");
service->servPerm.capsCnt = 0;
service->servPerm.caps = NULL;
int capsCnt = 0;
cJSON *filedJ = GetArrayItem(curArrItem, &capsCnt, "caps");
if (filedJ == NULL) {
......@@ -97,10 +95,14 @@ int GetServiceCaps(const cJSON *curArrItem, Service *service)
}
INIT_ERROR_CHECK(capsCnt <= MAX_CAPS_CNT_FOR_ONE_SERVICE, return SERVICE_FAILURE,
"service=%s, too many caps[cnt %d] for one service", service->name, capsCnt);
service->servPerm.capsCnt = 0;
if (service->servPerm.caps != NULL) {
free(service->servPerm.caps);
service->servPerm.caps = NULL;
}
service->servPerm.caps = (unsigned int *)calloc(1, sizeof(unsigned int) * capsCnt);
INIT_ERROR_CHECK(service->servPerm.caps != NULL, return SERVICE_FAILURE,
"Failed to malloc for service %s", service->name);
service->servPerm.capsCnt = 0;
unsigned int caps = FULL_CAP;
for (int i = 0; i < capsCnt; ++i) { // number form
char *capStr = NULL;
......
services/init/init_common_service.c
浏览文件 @ 513c2427
......@@ -291,7 +291,7 @@ static void ClearEnvironment(Service *service)
return;
}
static int InitServicePropertys(Service *service)
static int InitServiceProperties(Service *service)
{
INIT_ERROR_CHECK(service != NULL, return -1, "Invalid parameter.");
SetServiceEnterSandbox(service->pathArgs.argv[0], service->attribute);
......@@ -308,7 +308,7 @@ static int InitServicePropertys(Service *service)
}
CreateServiceFile(service->fileCfg);
if (service->attribute & SERVICE_ATTR_CONSOLE) {
if ((service->attribute & SERVICE_ATTR_CONSOLE)) {
OpenConsole();
}
......@@ -317,7 +317,7 @@ static int InitServicePropertys(Service *service)
"binding core number failed for service %s", service->name);
SetSystemSeccompPolicy(service);
// permissions
INIT_ERROR_CHECK(SetPerms(service) == SERVICE_SUCCESS, return -1,
"service %s exit! set perms failed! err %d.", service->name, errno);
......@@ -331,7 +331,7 @@ static int InitServicePropertys(Service *service)
void EnterServiceSandbox(Service *service)
{
INIT_ERROR_CHECK(InitServicePropertys(service) == 0, return, "Failed init service property");
INIT_ERROR_CHECK(InitServiceProperties(service) == 0, return, "Failed init service property");
if (service->importance != 0) {
if (setpriority(PRIO_PROCESS, 0, service->importance) != 0) {
INIT_LOGE("setpriority failed for %s, importance = %d, err=%d",
......@@ -374,7 +374,7 @@ int ServiceStart(Service *service)
int pid = fork();
if (pid == 0) {
// fail must exit sub process
INIT_ERROR_CHECK(InitServicePropertys(service) == 0,
INIT_ERROR_CHECK(InitServiceProperties(service) == 0,
_exit(PROCESS_EXIT_CODE), "Failed init service property");
ServiceExec(service);
_exit(PROCESS_EXIT_CODE);
......@@ -474,6 +474,17 @@ static void CheckServiceSocket(Service *service)
return;
}
static void CheckOndemandService(Service *service)
{
CheckServiceSocket(service);
if (strcmp(service->name, "console") == 0) {
if (WatchConsoleDevice(service) < 0) {
INIT_LOGE("Failed to watch console service after it exit, mark console service invalid");
service->attribute |= SERVICE_ATTR_INVALID;
}
}
}
void ServiceReap(Service *service)
{
INIT_CHECK(service != NULL, return);
......@@ -524,9 +535,9 @@ void ServiceReap(Service *service)
return;
}
}
// service no need to restart which socket managed by init until socket message detected
// service no need to restart if it is an ondemand service.
if (IsOnDemandService(service)) {
CheckServiceSocket(service);
CheckOndemandService(service);
return;
}
......
services/init/init_service_manager.c
浏览文件 @ 513c2427
......@@ -20,7 +20,7 @@
#include <sys/socket.h>
#include <sys/wait.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include "cJSON.h"
#include "init.h"
#include "init_group_manager.h"
......@@ -31,6 +31,7 @@
#include "init_utils.h"
#include "securec.h"
#include "service_control.h"
#include "sys_param.h"
#ifdef ASAN_DETECTOR
#include "init_param.h"
#endif
......@@ -139,6 +140,10 @@ void ReleaseService(Service *service)
FreeServiceSocket(service->socketCfg);
FreeServiceFile(service->fileCfg);
if(service->apl != NULL) {
free(service->apl);
service->apl = NULL;
}
for (size_t i = 0; i < JOB_ON_MAX; i++) {
if (service->serviceJobs.jobsName[i] != NULL) {
free(service->serviceJobs.jobsName[i]);
......@@ -167,16 +172,6 @@ static char *GetStringValue(const cJSON *json, const char *name, size_t *strLen)
return fieldStr;
}
static int GetStringItem(const cJSON *json, const char *name, char *buffer, int buffLen)
{
INIT_ERROR_CHECK(json != NULL, return SERVICE_FAILURE, "Invalid json for %s", name);
size_t strLen = 0;
char *fieldStr = GetStringValue(json, name, &strLen);
INIT_CHECK((fieldStr != NULL) && (strLen != 0) && (strLen <= (size_t)buffLen),
return SERVICE_FAILURE);
return strcpy_s(buffer, buffLen, fieldStr);
}
cJSON *GetArrayItem(const cJSON *fileRoot, int *arrSize, const char *arrName)
{
cJSON *arrItem = cJSON_GetObjectItemCaseSensitive(fileRoot, arrName);
......@@ -198,7 +193,9 @@ static int GetServiceArgs(const cJSON *argJson, const char *name, int maxCount,
INIT_ERROR_CHECK(ret, return SERVICE_FAILURE, "Invalid type");
int count = cJSON_GetArraySize(obj);
INIT_ERROR_CHECK((count > 0) && (count < maxCount), return SERVICE_FAILURE, "Array size = %d is wrong", count);
if ((args->argv != NULL) && (args->count > 0)) {
FreeServiceArg(args);
}
args->argv = (char **)malloc((count + 1) * sizeof(char *));
INIT_ERROR_CHECK(args->argv != NULL, return SERVICE_FAILURE, "Failed to malloc for argv");
for (int i = 0; i < count + 1; ++i) {
......@@ -256,7 +253,6 @@ static int GetServiceGids(const cJSON *curArrItem, Service *curServ)
int gidCount;
cJSON *arrItem = cJSON_GetObjectItemCaseSensitive(curArrItem, GID_STR_IN_CFG);
if (!arrItem) {
curServ->servPerm.gIDCnt = 0;
return SERVICE_SUCCESS;
} else if (!cJSON_IsArray(arrItem)) {
gidCount = 1;
......@@ -265,6 +261,9 @@ static int GetServiceGids(const cJSON *curArrItem, Service *curServ)
}
INIT_ERROR_CHECK((gidCount != 0) && (gidCount <= NGROUPS_MAX + 1), return SERVICE_FAILURE,
"Invalid gid count %d", gidCount);
if (curServ->servPerm.gIDArray != NULL) {
free(curServ->servPerm.gIDArray);
}
curServ->servPerm.gIDArray = (gid_t *)malloc(sizeof(gid_t) * gidCount);
INIT_ERROR_CHECK(curServ->servPerm.gIDArray != NULL, return SERVICE_FAILURE, "Failed to malloc");
curServ->servPerm.gIDCnt = gidCount;
......@@ -299,10 +298,9 @@ static int GetServiceAttr(const cJSON *curArrItem, Service *curServ, const char
}
INIT_ERROR_CHECK(cJSON_IsNumber(filedJ), return SERVICE_FAILURE,
"%s is null or is not a number, service name is %s", attrName, curServ->name);
curServ->attribute &= ~flag;
int value = (int)cJSON_GetNumberValue(filedJ);
if (processAttr == NULL) {
curServ->attribute &= ~flag;
if (value == 1) {
curServ->attribute |= flag;
}
......@@ -450,6 +448,9 @@ static int ParseServiceSocket(const cJSON *curArrItem, Service *curServ)
int sockCnt = 0;
cJSON *filedJ = GetArrayItem(curArrItem, &sockCnt, "socket");
INIT_CHECK(filedJ != NULL && sockCnt > 0, return SERVICE_FAILURE);
CloseServiceSocket(curServ);
FreeServiceSocket(curServ->socketCfg);
int ret = 0;
curServ->socketCfg = NULL;
for (int i = 0; i < sockCnt; ++i) {
......@@ -523,6 +524,7 @@ static int ParseServiceFile(const cJSON *curArrItem, Service *curServ)
int fileCnt = 0;
cJSON *filedJ = GetArrayItem(curArrItem, &fileCnt, "file");
INIT_CHECK(filedJ != NULL && fileCnt > 0, return SERVICE_FAILURE);
FreeServiceFile(curServ->fileCfg);
int ret = 0;
curServ->fileCfg = NULL;
for (int i = 0; i < fileCnt; ++i) {
......@@ -544,6 +546,8 @@ static int GetServiceOnDemand(const cJSON *curArrItem, Service *curServ)
INIT_ERROR_CHECK(cJSON_IsBool(item), return SERVICE_FAILURE,
"Service : %s ondemand value only support bool.", curServ->name);
curServ->attribute &= ~SERVICE_ATTR_ONDEMAND;
INIT_INFO_CHECK(cJSON_IsTrue(item), return SERVICE_SUCCESS,
"Service : %s ondemand value is false, it should be pulled up by init", curServ->name);
if (curServ->attribute & SERVICE_ATTR_CRITICAL) {
......@@ -604,6 +608,10 @@ static int GetServiceJobs(Service *service, cJSON *json)
for (int i = 0; i < (int)ARRAY_LENGTH(jobTypes); i++) {
char *jobName = cJSON_GetStringValue(cJSON_GetObjectItem(json, jobTypes[i]));
if (jobName != NULL) {
if (service->serviceJobs.jobsName[i] != NULL) {
DelGroupNode(NODE_TYPE_JOBS, service->serviceJobs.jobsName[i]);
free(service->serviceJobs.jobsName[i]);
}
service->serviceJobs.jobsName[i] = strdup(jobName);
// save job name for group job check
AddGroupNode(NODE_TYPE_JOBS, jobName);
......@@ -694,7 +702,6 @@ static int GetCpuArgs(const cJSON *argJson, const char *name, Service *service)
static int GetServiceSandbox(const cJSON *curItem, Service *service)
{
MarkServiceWithSandbox(service);
cJSON *item = cJSON_GetObjectItem(curItem, "sandbox");
if (item == NULL) {
return SERVICE_SUCCESS;
......@@ -703,10 +710,10 @@ static int GetServiceSandbox(const cJSON *curItem, Service *service)
INIT_ERROR_CHECK(cJSON_IsNumber(item), return SERVICE_FAILURE,
"Service : %s sandbox value only support number.", service->name);
int isSandbox = (int)cJSON_GetNumberValue(item);
if (isSandbox == 1) {
MarkServiceWithSandbox(service);
if (isSandbox == 0) {
MarkServiceWithoutSandbox(service);
} else {
UnMarkServiceWithSandbox(service);
MarkServiceWithSandbox(service);
}
return SERVICE_SUCCESS;
......@@ -790,7 +797,15 @@ static void ParseOneServiceArgs(const cJSON *curItem, Service *service)
(void)GetServiceArgs(curItem, D_CAPS_STR_IN_CFG, MAX_WRITEPID_FILES, &service->capsArgs);
(void)GetServiceArgs(curItem, "permission", MAX_WRITEPID_FILES, &service->permArgs);
(void)GetServiceArgs(curItem, "permission_acls", MAX_WRITEPID_FILES, &service->permAclsArgs);
(void)GetStringItem(curItem, APL_STR_IN_CFG, service->apl, MAX_APL_NAME);
size_t strLen = 0;
char *fieldStr = GetStringValue(curItem, APL_STR_IN_CFG, &strLen);
if (fieldStr != NULL) {
if (service->apl != NULL) {
free(service->apl);
}
service->apl = strdup(fieldStr);
INIT_CHECK(service->apl != NULL, return);
}
(void)GetCpuArgs(curItem, CPU_CORE_STR_IN_CFG, service);
}
......@@ -872,6 +887,90 @@ static void ParseServiceHookExecute(const char *name, const cJSON *serviceNode)
}
#endif
static void ProcessConsoleEvent(const WatcherHandle handler, int fd, uint32_t *events, const void *context)
{
Service *service = (Service *)context;
LE_RemoveWatcher(LE_GetDefaultLoop(), (WatcherHandle)handler);
if (fd < 0 || service == NULL) {
INIT_LOGE("Process console event with invalid arguments");
return;
}
// Since we've got event from console device
// the fd related to '/dev/console' does not need anymore, close it.
close(fd);
if (strcmp(service->name, "console") != 0) {
INIT_LOGE("Process console event with invalid service %s, only console service should do this", service->name);
return;
}
// Check if debuggable
char value[MAX_BUFFER_LEN] = {0};
unsigned int len = MAX_BUFFER_LEN;
if (SystemReadParam("const.debuggable", value, &len) != 0) {
INIT_LOGE("Failed to read parameter \'const.debuggable\', prevent console service starting");
return;
}
int isDebug = StringToInt(value, 0);
if (isDebug != 1) {
INIT_LOGI("Non-debuggable system, prevent console service starting");
return;
}
if (ServiceStart(service) != SERVICE_SUCCESS) {
INIT_LOGE("Start console service failed");
}
return;
}
static int AddFileDescriptorToWatcher(int fd, Service *service)
{
if (fd < 0 || service == NULL) {
return -1;
}
WatcherHandle watcher = NULL;
LE_WatchInfo info = {};
info.fd = fd;
info.flags = 0; // WATCHER_ONCE;
info.events = Event_Read;
info.processEvent = ProcessConsoleEvent;
int ret = LE_StartWatcher(LE_GetDefaultLoop(), &watcher, &info, service);
if (ret != LE_SUCCESS) {
INIT_LOGE("Failed to watch console device for service \' %s \'", service->name);
return -1;
}
return 0;
}
int WatchConsoleDevice(Service *service)
{
if (service == NULL) {
return -1;
}
int fd = open("/dev/console", O_RDWR);
if (fd < 0) {
if (errno == ENOENT) {
INIT_LOGW("/dev/console is not exist, wait for it...");
WaitForFile("/dev/console", WAIT_MAX_SECOND);
} else {
INIT_LOGE("Failed to open /dev/console, err = %d", errno);
return -1;
}
fd = open("/dev/console", O_RDWR);
if (fd < 0) {
INIT_LOGW("Failed to open /dev/console after try 1 time, err = %d", errno);
return -1;
}
}
if (AddFileDescriptorToWatcher(fd, service) < 0) {
close(fd);
return -1;
}
return 0;
}
void ParseAllServices(const cJSON *fileRoot)
{
int servArrSize = 0;
......@@ -882,26 +981,26 @@ void ParseAllServices(const cJSON *fileRoot)
"Too many services[cnt %d] detected, should not exceed %d.",
servArrSize, MAX_SERVICES_CNT_IN_FILE);
char serviceName[MAX_SERVICE_NAME] = {};
size_t strLen = 0;
for (int i = 0; i < servArrSize; ++i) {
cJSON *curItem = cJSON_GetArrayItem(serviceArr, i);
int ret = GetStringItem(curItem, "name", serviceName, MAX_SERVICE_NAME);
if (ret != 0) {
char *fieldStr = GetStringValue(curItem, "name", &strLen);
if (fieldStr == NULL) {
INIT_LOGE("Failed to get service name");
continue;
}
Service *service = GetServiceByName(serviceName);
Service *service = GetServiceByName(fieldStr);
if (service != NULL) {
INIT_LOGE("Service \' %s \' already exist", serviceName);
INIT_LOGE("Service \' %s \' already exist", fieldStr);
continue;
}
service = AddService(serviceName);
service = AddService(fieldStr);
if (service == NULL) {
INIT_LOGE("Failed to create service name %s", serviceName);
INIT_LOGE("Failed to create service name %s", fieldStr);
continue;
}
ret = ParseOneService(curItem, service);
service->pid = -1;
int ret = ParseOneService(curItem, service);
if (ret != SERVICE_SUCCESS) {
ReleaseService(service);
service = NULL;
......@@ -916,11 +1015,17 @@ void ParseAllServices(const cJSON *fileRoot)
service->fileCfg = NULL;
}
// Watch "/dev/console" node for starting console service ondemand.
if ((strcmp(service->name, "console") == 0) && IsOnDemandService(service)) {
if (WatchConsoleDevice(service) < 0) {
INIT_LOGW("Failed to watch \'/dev/console\' device");
}
}
#ifndef OHOS_LITE
/*
* Execute service parsing hooks
*/
ParseServiceHookExecute(serviceName, curItem);
ParseServiceHookExecute(fieldStr, curItem);
#endif
ret = GetCmdLinesFromJson(cJSON_GetObjectItem(curItem, "onrestart"), &service->restartArg);
......@@ -931,6 +1036,10 @@ void ParseAllServices(const cJSON *fileRoot)
static Service *GetServiceByExtServName(const char *fullServName)
{
INIT_ERROR_CHECK(fullServName != NULL, return NULL, "Failed get parameters");
Service *service = GetServiceByName(fullServName);
if (service != NULL) { // none parameter in fullServName
return service;
}
char *tmpServName = strdup(fullServName);
char *dstPtr[MAX_PATH_ARGS_CNT] = {NULL};
int returnCount = SplitString(tmpServName, "|", dstPtr, MAX_PATH_ARGS_CNT);
......@@ -938,7 +1047,7 @@ static Service *GetServiceByExtServName(const char *fullServName)
free(tmpServName);
return NULL;
}
Service *service = GetServiceByName(dstPtr[0]);
service = GetServiceByName(dstPtr[0]);
if (service == NULL) {
free(tmpServName);
return NULL;
......@@ -955,9 +1064,6 @@ static Service *GetServiceByExtServName(const char *fullServName)
for (extArgc = 0; extArgc < (returnCount - 1); extArgc++) {
service->extraArgs.argv[extArgc + argc] = strdup(dstPtr[extArgc + 1]);
}
for (int i = 0; i < service->extraArgs.count - 1; i++) {
INIT_LOGI("service->extraArgs.argv[%d] is %s", i, service->extraArgs.argv[i]);
}
service->extraArgs.argv[service->extraArgs.count] = NULL;
free(tmpServName);
return service;
......@@ -965,7 +1071,7 @@ static Service *GetServiceByExtServName(const char *fullServName)
void StartServiceByName(const char *servName)
{
INIT_LOGE("StartServiceByName Service %s", servName);
INIT_LOGI("StartServiceByName Service %s", servName);
Service *service = GetServiceByName(servName);
if (service == NULL) {
service = GetServiceByExtServName(servName);
......@@ -1060,4 +1166,4 @@ int GetKillServiceSig(const char *name)
return SIGTERM;
}
return SIGKILL;
}
\ No newline at end of file
}
services/init/lite/init.c
浏览文件 @ 513c2427
......@@ -32,7 +32,7 @@
void SystemInit(void)
{
SignalInit();
MakeDirRecursive("/dev/unix/socket", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
(void)MakeDirRecursive("/dev/unix/socket", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
}
void LogInit(void)
......@@ -56,11 +56,11 @@ void SystemConfig(void)
#ifdef LITEOS_SUPPORT
InitParamService();
// parse parameters
LoadDefaultParams("/system/etc/param/ohos_const", LOAD_PARAM_NORMAL);
LoadDefaultParams("/vendor/etc/param", LOAD_PARAM_NORMAL);
LoadDefaultParams("/system/etc/param", LOAD_PARAM_ONLY_ADD);
(void)LoadDefaultParams("/system/etc/param/ohos_const", LOAD_PARAM_NORMAL);
(void)LoadDefaultParams("/vendor/etc/param", LOAD_PARAM_NORMAL);
(void)LoadDefaultParams("/system/etc/param", LOAD_PARAM_ONLY_ADD);
LoadPersistParams();
(void)LoadPersistParams();
#endif
// read config
ReadConfig();
......@@ -79,7 +79,7 @@ void SystemConfig(void)
DoJob("post-init");
#ifndef __LINUX__
TriggerStage(EVENT3, EVENT3_WAITTIME, QS_STAGE3);
InitStageFinished();
(void)InitStageFinished();
#endif
ReleaseAllJobs();
}
......@@ -96,10 +96,3 @@ void SystemRun(void)
}
#endif
}
void SetServiceEnterSandbox(const char *path, unsigned int attribute)
{
UNUSED(path);
UNUSED(attribute);
return;
}
services/init/lite/init_service.c
浏览文件 @ 513c2427
......@@ -95,3 +95,15 @@ void GetAccessToken(void)
{
return;
}
void IsEnableSandbox(void)
{
return;
}
void SetServiceEnterSandbox(const char *path, unsigned int attribute)
{
UNUSED(path);
UNUSED(attribute);
return;
}
services/init/standard/BUILD.gn
浏览文件 @ 513c2427
......@@ -82,7 +82,6 @@ ohos_executable("init") {
"//base/startup/init/ueventd:libueventd_ramdisk_static",
"//third_party/bounds_checking_function:libsec_static",
"//third_party/cJSON:cjson_static",
"//third_party/e2fsprogs:e2fsprogs",
]
deps += [ "//base/startup/init/interfaces/innerkits/init_module_engine:libinit_stub_versionscript" ]
......@@ -94,7 +93,6 @@ ohos_executable("init") {
if (use_musl) {
deps += [
"//third_party/f2fs-tools:f2fs-tools",
"//third_party/mksh:sh",
"//third_party/toybox:toybox",
]
......
services/init/standard/device.c
浏览文件 @ 513c2427
......@@ -25,19 +25,6 @@
#define DEFAULT_RW_MODE (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)
#define DEFAULT_NO_AUTHORITY_MODE (S_IWUSR | S_IRUSR)
#define STDERR_HANDLE 2
void CloseStdio(void)
{
int fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd < 0) {
return;
}
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, STDERR_HANDLE);
close(fd);
}
void MountBasicFs(void)
{
......
services/init/standard/init.c
浏览文件 @ 513c2427
......@@ -30,6 +30,7 @@
#include "device.h"
#include "fd_holder_service.h"
#include "fs_manager/fs_manager.h"
#include "key_control.h"
#include "init_control_fd_service.h"
#include "init_log.h"
#include "init_mount.h"
......@@ -43,11 +44,8 @@
#include "ueventd.h"
#include "ueventd_socket.h"
#include "fd_holder_internal.h"
#include "sandbox.h"
#include "sandbox_namespace.h"
#include "bootstage.h"
static bool g_enableSandbox;
typedef struct HOOK_TIMING_STAT {
struct timespec startTime;
struct timespec endTime;
......@@ -204,6 +202,9 @@ static void StartInitSecondStage(void)
// It will panic if close stdio before execv("/bin/sh", NULL)
CloseStdio();
// Set up a session keyring that all processes will have access to.
KeyCtrlGetKeyringId(KEY_SPEC_SESSION_KEYRING, 1);
#ifndef DISABLE_INIT_TWO_STAGES
SwitchRoot("/usr");
// Execute init second stage
......@@ -258,7 +259,7 @@ static long long InitDiffTime(HOOK_TIMING_STAT *stat)
if (stat->endTime.tv_nsec > stat->startTime.tv_nsec) {
diff += (stat->endTime.tv_nsec - stat->startTime.tv_nsec) / 1000; // 1000 ms
} else {
diff -= (stat->endTime.tv_nsec - stat->startTime.tv_nsec) / 1000; // 1000 ms
diff -= (stat->startTime.tv_nsec - stat->endTime.tv_nsec) / 1000; // 1000 ms
}
return diff;
}
......@@ -275,24 +276,6 @@ static void BootStateChange(int start, const char *content)
}
}
static void IsEnableSandbox(void)
{
const char *name = "const.sandbox";
char value[MAX_BUFFER_LEN] = {0};
unsigned int len = MAX_BUFFER_LEN;
if (SystemReadParam(name, value, &len) != 0) {
INIT_LOGE("Failed read param.");
g_enableSandbox = false;
}
if (strcmp(value, "enable") == 0) {
INIT_LOGI("Enable sandbox.");
g_enableSandbox = true;
} else {
INIT_LOGI("Disable sandbox.");
g_enableSandbox = false;
}
}
static void InitLoadParamFiles(void)
{
if (InUpdaterMode() != 0) {
......@@ -414,31 +397,3 @@ void SystemRun(void)
{
StartParamService();
}
void SetServiceEnterSandbox(const char *execPath, unsigned int attribute)
{
if (g_enableSandbox == false) {
return;
}
if ((attribute & SERVICE_ATTR_SANDBOX) != SERVICE_ATTR_SANDBOX) {
return;
}
INIT_ERROR_CHECK(execPath != NULL, return, "Service path is null.");
if (strncmp(execPath, "/system/bin/", strlen("/system/bin/")) == 0) {
if (strcmp(execPath, "/system/bin/appspawn") == 0) {
INIT_LOGI("Appspawn skip enter sandbox.");
} else if (strcmp(execPath, "/system/bin/hilogd") == 0) {
INIT_LOGI("Hilogd skip enter sandbox.");
} else {
INIT_INFO_CHECK(EnterSandbox("system") == 0, return,
"Service %s skip enter sandbox system.", execPath);
}
} else if (strncmp(execPath, "/vendor/bin/", strlen("/vendor/bin/")) == 0) {
// chipset sandbox will be implemented later.
INIT_INFO_CHECK(EnterSandbox("chipset") == 0, return,
"Service %s skip enter sandbox system.", execPath);
} else {
INIT_LOGI("Service %s does not enter sandbox", execPath);
}
return;
}
services/init/standard/init_cmds.c
浏览文件 @ 513c2427
......@@ -89,11 +89,12 @@ int GetParamValue(const char *symValue, unsigned int symLen, char *paramValue, u
return 0;
}
static int SyncExecCommand(int argc, char * const *argv)
static void SyncExecCommand(int argc, char * const *argv)
{
INIT_CHECK(!(argc == 0 || argv == NULL || argv[0] == NULL), return -1);
INIT_CHECK(!(argc == 0 || argv == NULL || argv[0] == NULL), return);
INIT_LOGI("sync exec: %s", argv[0]);
pid_t pid = fork();
INIT_ERROR_CHECK(!(pid < 0), return -1, "Fork new process to format failed: %d", errno);
INIT_ERROR_CHECK(!(pid < 0), return, "Fork new process to format failed: %d", errno);
if (pid == 0) {
INIT_CHECK_ONLY_ELOG(execv(argv[0], argv) == 0, "execv %s failed! err %d.", argv[0], errno);
exit(-1);
......@@ -102,11 +103,10 @@ static int SyncExecCommand(int argc, char * const *argv)
pid_t ret = waitpid(pid, &status, 0);
if (ret != pid) {
INIT_LOGE("Failed to wait pid %d, errno %d", pid, errno);
return ret;
return;
}
INIT_CHECK_ONLY_ELOG(!(!WIFEXITED(status) || WEXITSTATUS(status) != 0),
"Command %s failed with status %d", argv[0], WEXITSTATUS(status));
return 0;
INIT_LOGI("sync exec: %s result %d %d", argv[0], WEXITSTATUS(status), WIFEXITED(status));
return;
}
static void DoIfup(const struct CmdArgs *ctx)
......@@ -198,8 +198,7 @@ static void DoSyncExec(const struct CmdArgs *ctx)
// format: syncexec /xxx/xxx/xxx xxx
INIT_ERROR_CHECK(ctx != NULL && ctx->argv[0] != NULL, return,
"DoSyncExec: invalid arguments to exec \"%s\"", ctx->argv[0]);
int ret = SyncExecCommand(ctx->argc, ctx->argv);
INIT_LOGI("DoSyncExec end with ret %d", ret);
SyncExecCommand(ctx->argc, ctx->argv);
return;
}
......@@ -288,7 +287,8 @@ static void DoMakeDevice(const struct CmdArgs *ctx)
static void DoMountFstabFile(const struct CmdArgs *ctx)
{
INIT_LOGI("Mount partitions from fstab file \" %s \"", ctx->argv[0]);
(void)MountAllWithFstabFile(ctx->argv[0], 0);
int ret = MountAllWithFstabFile(ctx->argv[0], 0);
INIT_LOGI("Mount partitions from fstab file \" %s \" finish ret %d", ctx->argv[0], ret);
}
static void DoUmountFstabFile(const struct CmdArgs *ctx)
......@@ -342,14 +342,18 @@ static void DoStopAllServices(const struct CmdArgs *ctx)
static void DoUmount(const struct CmdArgs *ctx)
{
INIT_LOGI("DoUmount %s", ctx->argv[0]);
int ret = GetMountStatusForMountPoint(ctx->argv[0]);
if (ret == 0) {
ret = umount(ctx->argv[0]);
MountStatus status = GetMountStatusForMountPoint(ctx->argv[0]);
if (status == MOUNT_MOUNTED) {
int ret = umount(ctx->argv[0]);
if ((ret != 0) && (ctx->argc > 1) && (strcmp(ctx->argv[1], "MNT_FORCE") == 0)) {
ret = umount2(ctx->argv[0], MNT_FORCE);
}
INIT_CHECK_ONLY_ELOG(ret == 0, "Failed to umount %s, errno %d", ctx->argv[0], errno);
} else if (status == MOUNT_UMOUNTED) {
INIT_LOGI("%s is already umounted", ctx->argv[0]);
} else {
INIT_LOGE("Failed to get %s mount status", ctx->argv[0]);
}
INIT_ERROR_CHECK(ret == 0, return, "Failed to umount %s errno = %d.", ctx->argv[0], errno);
}
static void DoSync(const struct CmdArgs *ctx)
......@@ -420,7 +424,6 @@ static bool InitFscryptPolicy(void)
static void DoInitGlobalKey(const struct CmdArgs *ctx)
{
INIT_LOGI("DoInitGlobalKey: start");
if (ctx == NULL || ctx->argc != 1) {
INIT_LOGE("DoInitGlobalKey: para invalid");
return;
......@@ -442,21 +445,15 @@ static void DoInitGlobalKey(const struct CmdArgs *ctx)
NULL
};
int argc = ARRAY_LENGTH(argv);
int ret = SyncExecCommand(argc, argv);
INIT_LOGI("DoInitGlobalKey: end, ret = %d", ret);
SyncExecCommand(argc, argv);
}
static void DoInitMainUser(const struct CmdArgs *ctx)
{
INIT_LOGI("DoInitMainUser: start");
if (ctx == NULL) {
INIT_LOGE("DoInitMainUser: para invalid");
return;
}
if (!InitFscryptPolicy()) {
INIT_LOGI("DoInitMainUser:init fscrypt failed,not enable fscrypt");
return;
}
char * const argv[] = {
"/system/bin/sdc",
......@@ -465,13 +462,11 @@ static void DoInitMainUser(const struct CmdArgs *ctx)
NULL
};
int argc = ARRAY_LENGTH(argv);
int ret = SyncExecCommand(argc, argv);
INIT_LOGI("DoInitMainUser: end, ret = %d", ret);
SyncExecCommand(argc, argv);
}
static void DoMkswap(const struct CmdArgs *ctx)
{
INIT_LOGI("DoMkswap: start");
if (ctx == NULL) {
INIT_LOGE("DoMkswap: para invalid");
return;
......@@ -482,13 +477,11 @@ static void DoMkswap(const struct CmdArgs *ctx)
NULL
};
int argc = ARRAY_LENGTH(argv);
int ret = SyncExecCommand(argc, argv);
INIT_LOGI("DoMkswap: end, ret = %d", ret);
SyncExecCommand(argc, argv);
}
static void DoSwapon(const struct CmdArgs *ctx)
{
INIT_LOGI("DoSwapon: start");
if (ctx == NULL) {
INIT_LOGE("DoSwapon: para invalid");
return;
......@@ -499,8 +492,7 @@ static void DoSwapon(const struct CmdArgs *ctx)
NULL
};
int argc = ARRAY_LENGTH(argv);
int ret = SyncExecCommand(argc, argv);
INIT_LOGI("DoSwapon: end, ret = %d", ret);
SyncExecCommand(argc, argv);
}
static void DoMkSandbox(const struct CmdArgs *ctx)
......
services/init/standard/init_control_fd_service.c
浏览文件 @ 513c2427
......@@ -190,7 +190,7 @@ static void ProcessDumpServiceControlFd(uint16_t type, const char *serviceCmd)
}
if (strcmp(serviceCmd, "parameter_service") == 0) {
if (cmd != NULL && strcmp(cmd, "trigger") == 0) {
SystemDumpTriggers(0);
SystemDumpTriggers(0, printf);
}
return;
}
......
services/init/standard/init_service.c
浏览文件 @ 513c2427
......@@ -29,11 +29,15 @@
#include "securec.h"
#include "token_setproc.h"
#include "nativetoken_kit.h"
#include "sandbox.h"
#include "sandbox_namespace.h"
#include "service_control.h"
#define MIN_IMPORTANT_LEVEL (-20)
#define MAX_IMPORTANT_LEVEL 19
static bool g_enableSandbox = false;
void NotifyServiceChange(Service *service, int status)
{
INIT_LOGI("NotifyServiceChange %s %d to %d", service->name, service->status, status);
......@@ -107,8 +111,9 @@ void GetAccessToken(void)
if (service->capsArgs.count == 0) {
service->capsArgs.argv = NULL;
}
if (strlen(service->apl) == 0) {
(void)strncpy_s(service->apl, sizeof(service->apl), "system_basic", sizeof(service->apl) - 1);
const char *apl = "system_basic";
if (service->apl != NULL) {
apl = service->apl;
}
NativeTokenInfoParams nativeTokenInfoParams = {
service->capsArgs.count,
......@@ -118,8 +123,9 @@ void GetAccessToken(void)
(const char **)service->permArgs.argv,
(const char **)service->permAclsArgs.argv,
service->name,
service->apl,
apl,
};
uint64_t tokenId = GetAccessTokenId(&nativeTokenInfoParams);
INIT_CHECK_ONLY_ELOG(tokenId != 0,
"Get totken id %lld of service \' %s \' failed", tokenId, service->name);
......@@ -128,3 +134,35 @@ void GetAccessToken(void)
node = GetNextGroupNode(NODE_TYPE_SERVICES, node);
}
}
void IsEnableSandbox(void)
{
char value[MAX_BUFFER_LEN] = {0};
unsigned int len = MAX_BUFFER_LEN;
if (SystemReadParam("const.sandbox", value, &len) == 0) {
if (strcmp(value, "enable") == 0) {
g_enableSandbox = true;
}
}
}
void SetServiceEnterSandbox(const char *execPath, unsigned int attribute)
{
if (g_enableSandbox == false) {
return;
}
if ((attribute & SERVICE_ATTR_WITHOUT_SANDBOX) == SERVICE_ATTR_WITHOUT_SANDBOX) {
return;
}
INIT_ERROR_CHECK(execPath != NULL, return, "Service path is null.");
if (strncmp(execPath, "/system/bin/", strlen("/system/bin/")) == 0) {
INIT_INFO_CHECK(EnterSandbox("system") == 0, return,
"Service %s skip enter system sandbox.", execPath);
} else if (strncmp(execPath, "/vendor/bin/", strlen("/vendor/bin/")) == 0) {
INIT_INFO_CHECK(EnterSandbox("chipset") == 0, return,
"Service %s skip enter chipset sandbox.", execPath);
} else {
INIT_LOGI("Service %s does not enter sandbox", execPath);
}
return;
}
services/init/standard/switch_root.c
浏览文件 @ 513c2427
......@@ -199,5 +199,6 @@ int SwitchRoot(const char *newRoot)
return -1;
}
FreeRootDir(oldRoot, oldRootStat.st_dev);
INIT_LOGI("SwitchRoot to %s finish", newRoot);
return 0;
}
services/loopevent/include/loop_event.h
浏览文件 @ 513c2427
......@@ -76,6 +76,7 @@ BufferHandle LE_CreateBuffer(const LoopHandle loopHandle, uint32_t bufferSize);
void LE_FreeBuffer(const LoopHandle loopHandle, const TaskHandle taskHandle, const BufferHandle handle);
uint8_t *LE_GetBufferInfo(const BufferHandle handle, uint32_t *dataSize, uint32_t *buffSize);
void *LE_GetUserData(const TaskHandle handle);
int32_t LE_GetSendResult(const BufferHandle handle);
typedef void (*LE_Close)(const TaskHandle taskHandle);
typedef struct {
......
services/loopevent/task/le_streamtask.c
浏览文件 @ 513c2427
......@@ -30,6 +30,7 @@ static LE_STATUS HandleSendMsg_(const LoopHandle loopHandle,
while (buffer) {
int ret = write(GetSocketFd(taskHandle), buffer->data, buffer->dataSize);
LE_LOGV("HandleSendMsg_ fd:%d send data size %d %d", GetSocketFd(taskHandle), buffer->dataSize, ret);
buffer->result = (ret == buffer->dataSize) ? 0 : errno;
if (complete != NULL) {
complete(taskHandle, buffer);
}
......
services/loopevent/task/le_task.c
浏览文件 @ 513c2427
......@@ -202,4 +202,10 @@ void *LE_GetUserData(TaskHandle handle)
LE_CHECK(handle != NULL, return NULL, "Invalid handle");
BaseTask *stream = (BaseTask *)handle;
return (void *)(((char *)stream) + stream->userDataOffset);
}
int32_t LE_GetSendResult(const BufferHandle handle)
{
LE_CHECK(handle != NULL, return 0, "Invalid handle");
return ((LE_Buffer *)handle)->result;
}
\ No newline at end of file
services/loopevent/task/le_task.h
浏览文件 @ 513c2427
......@@ -44,6 +44,7 @@ typedef struct {
ListNode node;
uint32_t buffSize;
uint32_t dataSize;
int32_t result;
uint8_t data[0];
} LE_Buffer;
......
services/modules/BUILD.gn
浏览文件 @ 513c2427
......@@ -10,6 +10,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//build/ohos.gni")
group("static_modules") {
if (!defined(ohos_lite)) {
......@@ -22,9 +23,9 @@ group("static_modules") {
if (build_seccomp) {
deps += [ "seccomp:libseccomp_static" ]
}
}
if (build_selinux) {
deps += [ "selinux:libselinuxadp_static" ]
if (build_selinux) {
deps += [ "selinux:libselinuxadp_static" ]
}
}
}
......@@ -35,10 +36,10 @@ group("modulesgroup") {
"reboot:rebootmodule",
]
if (build_seccomp) {
deps += [ "seccomp:seccomp_module" ]
deps += [ "seccomp:seccomp_filter" ]
}
if (build_selinux) {
deps += [ "selinux:selinuxadp" ]
}
}
if (build_selinux) {
deps += [ "selinux:selinuxadp" ]
}
}
services/modules/bootchart/BUILD.gn
浏览文件 @ 513c2427
......@@ -23,7 +23,6 @@ ohos_shared_library("bootchart") {
]
deps = [
"//base/startup/init/interfaces/innerkits:libbegetutil",
"//third_party/bounds_checking_function:libsec_shared",
"//third_party/cJSON:cjson_static",
]
......
services/modules/bootevent/bootevent.c
浏览文件 @ 513c2427
......@@ -137,6 +137,9 @@ static void ServiceParseBootEventHook(SERVICE_PARSE_CTX *serviceParseCtx)
if (bootEvents == NULL) {
return;
}
SERVICE_INFO_CTX ctx = {0};
ctx.serviceName = serviceParseCtx->serviceName;
HookMgrExecute(GetBootStageHookMgr(), INIT_SERVICE_CLEAR, (void *)&ctx, NULL);
// Single bootevent in config file
if (!cJSON_IsArray(bootEvents)) {
if (AddServiceBootEvent(serviceParseCtx->serviceName,
......
services/modules/init_hook/BUILD.gn
浏览文件 @ 513c2427
......@@ -37,7 +37,10 @@ if (defined(ohos_lite)) {
}
} else {
ohos_source_set("inithook") {
defines = [ "_GNU_SOURCE" ]
defines = [
"_GNU_SOURCE",
"PARAM_SUPPORT_TRIGGER",
]
include_dirs = comm_include
sources = [
"init_hook.c",
......
services/modules/init_hook/init_hook.c
浏览文件 @ 513c2427
......@@ -21,6 +21,7 @@
#include "securec.h"
#include "init_module_engine.h"
#include "init_group_manager.h"
#include "init_param.h"
#include "hookmgr.h"
#include "bootstage.h"
......@@ -127,7 +128,31 @@ static int ParamSetBootEventHook(const HOOK_INFO *hookInfo, void *cookie)
return 0;
}
static int DumpTrigger(const char *fmt, ...)
{
va_list vargs;
va_start(vargs, fmt);
InitLog(INIT_INFO, INIT_LOG_DOMAIN, INIT_LOG_TAG, fmt, vargs);
va_end(vargs);
return 0;
}
static int DumpServiceHook(const HOOK_INFO *info, void *cookie)
{
// check and dump all jobs
char dump[8] = {0}; // 8 len
uint32_t len = sizeof(dump);
int ret = SystemReadParam("persist.init.debug.dump.trigger", dump, &len);
PLUGIN_LOGV("boot dump %s ret %d", dump, ret);
if (ret == 0 && strcmp(dump, "1") == 0) {
SystemDumpTriggers(1, DumpTrigger);
}
return 0;
}
MODULE_CONSTRUCTOR(void)
{
InitAddGlobalInitHook(0, ParamSetBootEventHook);
// Depends on parameter service
InitAddPostPersistParamLoadHook(0, DumpServiceHook);
}
services/modules/reboot/BUILD.gn
浏览文件 @ 513c2427
......@@ -36,6 +36,10 @@ ohos_shared_library("rebootmodule") {
} else {
module_install_dir = "lib/init"
}
install_images = [
"system",
"updater",
]
}
ohos_source_set("libreboot_static") {
......
services/modules/reboot/reboot_adp.h
浏览文件 @ 513c2427
......@@ -13,11 +13,11 @@
* limitations under the License.
*/
#ifndef _MODULE_REBOOT_ADP_H
#define _MODULE_REBOOT_ADP_H
#ifndef MODULE_REBOOT_ADP_H
#define MODULE_REBOOT_ADP_H
#include <stdio.h>
int GetRebootReasonFromMisc(char *reason, size_t size);
int UpdateMiscMessage(const char *valueData, const char *cmd, const char *cmdExt, const char *boot);
#endif /* _MODULE_REBOOT_ADP_H */
#endif /* MODULE_REBOOT_ADP_H */
services/modules/seccomp/BUILD.gn
浏览文件 @ 513c2427
......@@ -77,16 +77,11 @@ ohos_prebuilt_seccomp("system_filter") {
}
filtername = "g_systemSeccompFilter"
include_dirs = [ "." ]
part_name = INIT_PART
subsystem_name = "startup"
install_enable = true
install_images = [
"system",
"ramdisk",
"updater",
]
install_images = [ "system" ]
}
ohos_prebuilt_seccomp("appspawn_filter") {
......@@ -102,7 +97,6 @@ ohos_prebuilt_seccomp("appspawn_filter") {
}
filtername = "g_appspawnSeccompFilter"
include_dirs = [ "." ]
part_name = INIT_PART
subsystem_name = "startup"
......@@ -118,7 +112,6 @@ ohos_prebuilt_seccomp("nwebspawn_filter") {
}
filtername = "g_nwebspawnSeccompFilter"
include_dirs = [ "." ]
part_name = INIT_PART
subsystem_name = "startup"
......@@ -139,7 +132,6 @@ ohos_prebuilt_seccomp("app_filter") {
}
filtername = "g_appSeccompFilter"
include_dirs = [ "." ]
part_name = INIT_PART
subsystem_name = "startup"
......@@ -147,46 +139,30 @@ ohos_prebuilt_seccomp("app_filter") {
install_images = [ "system" ]
}
ohos_shared_library("seccomp_module") {
sources = [ "seccomp_policy.c" ]
config("libseccomp_static_config") {
include_dirs = [
"//base/startup/init/services/modules",
"//base/startup/init/interfaces/innerkits/include",
"//base/startup/init/interfaces/innerkits/seccomp/include",
"//base/startup/init/services/modules/seccomp",
"//third_party/bounds_checking_function/include",
]
}
deps = [
":system_filter",
"//base/startup/init/interfaces/innerkits/init_module_engine:libinit_module_engine",
ohos_source_set("libseccomp_static") {
sources = [
"seccomp_policy.c",
"seccomp_policy_static.c",
]
cflags = [ "-DSECCOMP_PLUGIN" ]
part_name = "init"
if (target_cpu == "arm64") {
module_install_dir = "lib64/init"
} else {
module_install_dir = "lib/init"
}
install_images = [
"system",
"ramdisk",
"updater",
public_configs = [
":libseccomp_static_config",
"//base/startup/init/interfaces/innerkits/init_module_engine:init_module_engine_exported_config",
]
}
config("libseccomp_static_config") {
include_dirs = [
"//base/startup/init/services/modules",
"//base/startup/init/services/modules/seccomp",
"//base/startup/init/interfaces/innerkits/seccomp/include",
group("seccomp_filter") {
deps = [
":app_filter",
":appspawn_filter",
":nwebspawn_filter",
":system_filter",
]
}
ohos_source_set("libseccomp_static") {
sources = [ "seccomp_policy_static.c" ]
public_configs = [ ":libseccomp_static_config" ]
public_configs += [ "//base/startup/init/interfaces/innerkits/init_module_engine:init_module_engine_exported_config" ]
}
services/modules/seccomp/scripts/generate_code_from_policy.py
浏览文件 @ 513c2427
......@@ -303,7 +303,7 @@ class GenBpfPolicy:
@staticmethod
def gen_bpf_ge32(const_str, jt, jf):
bpf_policy = []
bpf_policy.append(BPF_JGE.format(const_str+' & 0xffffffff', jt, jf))
bpf_policy.append(BPF_JGE.format(const_str + ' & 0xffffffff', jt, jf))
return bpf_policy
@staticmethod
......@@ -315,12 +315,12 @@ class GenBpfPolicy:
low = number & 0xffffffff
if digit_flag and hight == 0:
bpf_policy.append(BPF_JGT.format('((unsigned long)'+const_str+') >> 32', jt + 2, 0))
bpf_policy.append(BPF_JGT.format('((unsigned long)' + const_str + ') >> 32', jt + 2, 0))
else:
bpf_policy.append(BPF_JGT.format('((unsigned long)'+const_str+') >> 32', jt + 3, 0))
bpf_policy.append(BPF_JEQ.format('((unsigned long)'+const_str+') >> 32', 0, jf + 2))
bpf_policy.append(BPF_JGT.format('((unsigned long)' + const_str + ') >> 32', jt + 3, 0))
bpf_policy.append(BPF_JEQ.format('((unsigned long)' + const_str + ') >> 32', 0, jf + 2))
bpf_policy.append(BPF_LOAD_MEM.format(0))
bpf_policy.append(BPF_JGE.format(const_str+' & 0xffffffff', jt, jf))
bpf_policy.append(BPF_JGE.format(const_str + ' & 0xffffffff', jt, jf))
return bpf_policy
def gen_bpf_ge(self, const_str, jt, jf):
......@@ -342,7 +342,7 @@ class GenBpfPolicy:
@staticmethod
def gen_bpf_set64(const_str, jt, jf):
bpf_policy = []
bpf_policy.append(BPF_JSET.format('((unsigned long)' + const_str+') >> 32', jt + 2, 0))
bpf_policy.append(BPF_JSET.format('((unsigned long)' + const_str + ') >> 32', jt + 2, 0))
bpf_policy.append(BPF_LOAD_MEM.format(0))
bpf_policy.append(BPF_JSET.format(const_str + ' & 0xffffffff', jt, jf))
return bpf_policy
......@@ -747,7 +747,8 @@ class SeccompPolicyParser:
with open(args.dstfile, 'w') as output_file:
output_file.write(content)
def filter_syscalls_nr(self, name_to_nr):
@staticmethod
def filter_syscalls_nr(name_to_nr):
syscalls = {}
for syscall_name, nr in name_to_nr.items():
if not syscall_name.startswith("__NR_") and not syscall_name.startswith("__ARM_NR_"):
......@@ -776,7 +777,7 @@ class SeccompPolicyParser:
continue
try:
name = k.group(1)
nr = eval(mark_pattern.sub(lambda x: str(name_to_nr[x.group(0)]),
nr = eval(mark_pattern.sub(lambda x: str(name_to_nr.get(x.group(0))),
k.group(2)))
name_to_nr[name] = nr
......
services/modules/seccomp/seccomp_filters.h 已删除 100644 → 0
浏览文件 @ 726c2794
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef SECCOMP_FILTERS_H
#define SECCOMP_FILTERS_H
#include <stddef.h>
#include <linux/filter.h>
#ifdef __cplusplus
#if __cplusplus
extern "C" {
#endif
#endif
extern const struct sock_filter g_appspawnSeccompFilter[];
extern const size_t g_appspawnSeccompFilterSize;
extern const struct sock_filter g_systemSeccompFilter[];
extern const size_t g_systemSeccompFilterSize;
extern const struct sock_filter g_nwebspawnSeccompFilter[];
extern const size_t g_nwebspawnSeccompFilterSize;
extern const struct sock_filter g_appSeccompFilter[];
extern const size_t g_appSeccompFilterSize;
#ifdef __cplusplus
#if __cplusplus
}
#endif
#endif
#endif // SECCOMP_FILTERS_H
services/modules/seccomp/seccomp_policy.c
浏览文件 @ 513c2427
......@@ -14,12 +14,10 @@
*/
#include "seccomp_policy.h"
#include "seccomp_filters.h"
#include "plugin_adapter.h"
#ifdef SECCOMP_PLUGIN
#include "init_module_engine.h"
#endif
#include "securec.h"
#include <dlfcn.h>
#include <sys/syscall.h>
#include <unistd.h>
#include <ctype.h>
......@@ -33,6 +31,14 @@
#define SECCOMP_SET_MODE_FILTER (1)
#endif
#ifdef __aarch64__
#define FILTER_LIB_PATH_FORMAT "/system/lib64/lib%s_filter.z.so"
#else
#define FILTER_LIB_PATH_FORMAT "/system/lib/lib%s_filter.z.so"
#endif
#define FILTER_NAME_FORMAT "g_%sSeccompFilter"
#define FILTER_SIZE_STRING "Size"
static bool IsSupportFilterFlag(unsigned int filterFlag)
{
errno = 0;
......@@ -69,78 +75,41 @@ static bool InstallSeccompPolicy(const struct sock_filter* filter, size_t filter
return true;
}
#ifndef SECCOMP_PLUGIN
bool SetSeccompPolicy(PolicyType policy)
bool SetSeccompPolicyWithName(const char *filterName)
{
bool ret = false;
switch (policy) {
case APPSPAWN:
ret = InstallSeccompPolicy(g_appspawnSeccompFilter, g_appspawnSeccompFilterSize, SECCOMP_FILTER_FLAG_LOG);
break;
case NWEBSPAWN:
ret = InstallSeccompPolicy(g_nwebspawnSeccompFilter, g_nwebspawnSeccompFilterSize, SECCOMP_FILTER_FLAG_LOG);
break;
case APP:
ret = InstallSeccompPolicy(g_appSeccompFilter, g_appSeccompFilterSize, SECCOMP_FILTER_FLAG_LOG);
break;
default:
ret = false;
}
char filterLibPath[512] = {0};
char filterVaribleName[512] = {0};
struct sock_filter *filterPtr = NULL;
size_t *filterSize = NULL;
return ret;
}
#else
static bool SetSystemSeccompPolicy(void)
{
return InstallSeccompPolicy(g_systemSeccompFilter, g_systemSeccompFilterSize, SECCOMP_FILTER_FLAG_LOG);
}
int rc = snprintf_s(filterLibPath, sizeof(filterLibPath), \
strlen(filterName) + strlen(FILTER_LIB_PATH_FORMAT) - strlen("%s"), \
FILTER_LIB_PATH_FORMAT, filterName);
PLUGIN_CHECK(rc != -1, return false, "snprintf_s filterLibPath failed");
static int DoSetSeccompPolicyStart(void)
{
bool ret = false;
ret = SetSystemSeccompPolicy();
PLUGIN_CHECK(ret == true, return -1, "SetSeccompPolicy failed");
rc = snprintf_s(filterVaribleName, sizeof(filterVaribleName), \
strlen(filterName) + strlen(FILTER_NAME_FORMAT) - strlen("%s"), \
FILTER_NAME_FORMAT, filterName);
PLUGIN_CHECK(rc != -1, return false, "snprintf_s faiVribleName failed");
return 0;
}
void *handler = dlopen(filterLibPath, RTLD_LAZY);
PLUGIN_CHECK(handler != NULL, return false, "dlopen %s failed", filterLibPath);
static int DoSetSeccompPolicyCmd(int id, const char *name, int argc, const char **argv)
{
PLUGIN_LOGI("DoBootchartCmd argc %d %s", argc, name);
PLUGIN_CHECK(argc >= 1, return -1, "Invalid parameter");
if (strcmp(argv[0], "start") == 0) {
return DoSetSeccompPolicyStart();
}
return 0;
}
filterPtr = (struct sock_filter *)dlsym(handler, filterVaribleName);
PLUGIN_CHECK(filterPtr != NULL, dlclose(handler);
return false, "dlsym %s failed", filterVaribleName);
static int32_t g_executorId = -1;
static int SetSeccompPolicyInit(void)
{
if (g_executorId == -1) {
g_executorId = AddCmdExecutor("SetSeccompPolicy", DoSetSeccompPolicyCmd);
PLUGIN_LOGI("SetSeccompPolicy executorId %d", g_executorId);
}
return 0;
}
rc = strcat_s(filterVaribleName, strlen(filterVaribleName) + strlen(FILTER_SIZE_STRING) + 1, FILTER_SIZE_STRING);
PLUGIN_CHECK(rc == 0, dlclose(handler);
return false, "strcat_s filterVaribleName failed");
static void SetSeccompPolicyExit(void)
{
PLUGIN_LOGI("SetSeccompPolicy executorId %d", g_executorId);
if (g_executorId != -1) {
RemoveCmdExecutor("SetSeccompPolicy", g_executorId);
}
}
filterSize = (size_t *)dlsym(handler, filterVaribleName);
PLUGIN_CHECK(filterSize != NULL, dlclose(handler);
return false, "dlsym %s failed", filterVaribleName);
MODULE_CONSTRUCTOR(void)
{
PLUGIN_LOGI("DoSetSeccompPolicyStart now ...");
SetSeccompPolicyInit();
}
bool ret = InstallSeccompPolicy(filterPtr, *filterSize, SECCOMP_FILTER_FLAG_LOG);
MODULE_DESTRUCTOR(void)
{
PLUGIN_LOGI("DoSetSeccompPolicyStop now ...");
SetSeccompPolicyExit();
dlclose(handler);
return ret;
}
#endif
services/modules/seccomp/seccomp_policy/app_arm.seccomp.policy
浏览文件 @ 513c2427
......@@ -17,9 +17,6 @@ arm
@returnValue
KILL_PROCESS
@headFiles
"seccomp_filters.h"
@priority
ioctl
futex
......@@ -299,6 +296,7 @@ pidfd_getfd
process_madvise
cacheflush
set_tls
set_robust_list
@blockList
mount
......
services/modules/seccomp/seccomp_policy/app_arm64.seccomp.policy
浏览文件 @ 513c2427
......@@ -17,9 +17,6 @@ arm64
@returnValue
KILL_PROCESS
@headFiles
"seccomp_filters.h"
@priority
ioctl
futex
......@@ -243,6 +240,7 @@ pidfd_open
close_range
pidfd_getfd
process_madvise
set_robust_list
@blockList
umount2
......
services/modules/seccomp/seccomp_policy/renderer_arm.seccomp.policy
浏览文件 @ 513c2427
......@@ -18,7 +18,6 @@ arm
KILL_PROCESS
@headFiles
"seccomp_filters.h"
"time.h"
"sys/ioctl.h"
"linux/futex.h"
......
services/modules/seccomp/seccomp_policy/renderer_arm64.seccomp.policy
浏览文件 @ 513c2427
......@@ -18,7 +18,6 @@ arm64
KILL_PROCESS
@headFiles
"seccomp_filters.h"
"time.h"
"sys/ioctl.h"
"linux/futex.h"
......
services/modules/seccomp/seccomp_policy/spawn_arm.seccomp.policy
浏览文件 @ 513c2427
......@@ -20,9 +20,6 @@ KILL_PROCESS
@mode
ONLY_CHECK_ARGS
@headFiles
"seccomp_filters.h"
@allowListWithArgs
setresuid32: if arg0 >= 1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return KILL_PROCESS;
setresgid32: if arg0 >= 1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return KILL_PROCESS;
services/modules/seccomp/seccomp_policy/spawn_arm64.seccomp.policy
浏览文件 @ 513c2427
......@@ -19,9 +19,6 @@ KILL_PROCESS
@mode
ONLY_CHECK_ARGS
@headFiles
"seccomp_filters.h"
@allowListWithArgs
setresuid: if arg0 >= 1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return KILL_PROCESS;
setresgid: if arg0 >= 1000 && arg1 >= 1000 && arg2 >= 1000; return ALLOW; else return KILL_PROCESS;
services/modules/seccomp/seccomp_policy/system_arm.seccomp.policy
浏览文件 @ 513c2427
......@@ -17,9 +17,6 @@ arm
@returnValue
KILL_PROCESS
@headFiles
"seccomp_filters.h"
@allowList
restart_syscall
exit
......
services/modules/seccomp/seccomp_policy/system_arm64.seccomp.policy
浏览文件 @ 513c2427
......@@ -17,9 +17,6 @@ arm64
@returnValue
KILL_PROCESS
@headFiles
"seccomp_filters.h"
@allowList
io_setup
io_destroy
......
services/modules/seccomp/seccomp_policy_static.c
浏览文件 @ 513c2427
......@@ -15,10 +15,32 @@
#include <string.h>
#include "init_module_engine.h"
#include "plugin_adapter.h"
#include "seccomp_policy.h"
static int SetSystemSeccompPolicy(int id, const char *name, int argc, const char **argv)
{
PLUGIN_LOGI("SetSystemSeccompPolicy argc %d %s", argc, name);
PLUGIN_CHECK(argc >= 1, return -1, "Invalid parameter");
bool ret = SetSeccompPolicyWithName(SYSTEM_NAME);
PLUGIN_CHECK(ret == true, return -1, "SetSystemSeccompPolicy failed");
return 0;
}
static int32_t g_executorId = -1;
static int SetSeccompPolicyInit(void)
{
if (g_executorId == -1) {
g_executorId = AddCmdExecutor("SetSeccompPolicy", SetSystemSeccompPolicy);
PLUGIN_LOGI("SetSeccompPolicy executorId %d", g_executorId);
}
return 0;
}
static int SeccompHook(const HOOK_INFO *info, void *cookie)
{
InitModuleMgrInstall("seccomp_module");
SetSeccompPolicyInit();
PLUGIN_LOGI("seccomp enabled.");
return 0;
}
......
services/modules/selinux/selinux_adp.h
浏览文件 @ 513c2427
......@@ -13,11 +13,11 @@
* limitations under the License.
*/
#ifndef _PLUGIN_SELINUX_ADP_H
#define _PLUGIN_SELINUX_ADP_H
#ifndef PLUGIN_SELINUX_ADP_H
#define PLUGIN_SELINUX_ADP_H
# define SECON_STR_IN_CFG ("secon")
// https://github.com/xelerance/Openswan/blob/86dff2b/include/pluto/state.h#L222
# define MAX_SECON_LEN (257)
#endif /* _PLUGIN_SELINUX_ADP_H */
#endif /* PLUGIN_SELINUX_ADP_H */
services/modules/selinux/selinux_static.c
浏览文件 @ 513c2427
......@@ -25,16 +25,17 @@ static int SelinuxHook(const HOOK_INFO *hookInfo, void *cookie)
return 0;
}
static void ServiceParseBootEventHook(SERVICE_PARSE_CTX *serviceParseCtx)
static void ServiceParseSelinuxHook(SERVICE_PARSE_CTX *serviceParseCtx)
{
char *fieldStr = cJSON_GetStringValue(cJSON_GetObjectItem(serviceParseCtx->serviceNode, SECON_STR_IN_CFG));
PLUGIN_CHECK(fieldStr != NULL, return, "No secon item in %s", serviceParseCtx->serviceName);
PLUGIN_LOGV("Cfg %s for %s", fieldStr, serviceParseCtx->serviceName);
DelServiceExtData(serviceParseCtx->serviceName, HOOK_ID_SELINUX);
AddServiceExtData(serviceParseCtx->serviceName, HOOK_ID_SELINUX, fieldStr, strlen(fieldStr) + 1);
}
MODULE_CONSTRUCTOR(void)
{
InitAddServiceParseHook(ServiceParseBootEventHook);
InitAddServiceParseHook(ServiceParseSelinuxHook);
InitAddGlobalInitHook(0, SelinuxHook);
}
\ No newline at end of file
}
services/param/adapter/param_dac.c
浏览文件 @ 513c2427
......@@ -230,6 +230,11 @@ static int CheckUserInGroup(WorkSpace *space, gid_t groupId, uid_t uid)
static int DacCheckParamPermission(const ParamSecurityLabel *srcLabel, const char *name, uint32_t mode)
{
#ifndef STARTUP_INIT_TEST
if (srcLabel->cred.uid == 0) {
return DAC_RESULT_PERMISSION;
}
#endif
int ret = DAC_RESULT_FORBIDED;
uint32_t labelIndex = 0;
// get dac label
......@@ -257,7 +262,7 @@ static int DacCheckParamPermission(const ParamSecurityLabel *srcLabel, const cha
}
if (ret != DAC_RESULT_PERMISSION) {
PARAM_LOGW("Param '%s' label gid:%d uid:%d mode 0%o", name, srcLabel->cred.gid, srcLabel->cred.uid, localMode);
PARAM_LOGW("Cfg label %s gid:%d uid:%d mode 0%o ", node->data, node->gid, node->uid, node->mode);
PARAM_LOGW("Cfg label %d gid:%d uid:%d mode 0%o ", labelIndex, node->gid, node->uid, node->mode);
#ifndef STARTUP_INIT_TEST
ret = DAC_RESULT_PERMISSION;
#endif
......
services/param/adapter/param_selinux.c
浏览文件 @ 513c2427
......@@ -23,8 +23,6 @@
#include "param_base.h"
#ifdef PARAM_SUPPORT_SELINUX
#include "selinux_parameter.h"
#include <policycoreutils.h>
#include <selinux/selinux.h>
#endif
#ifdef __aarch64__
......@@ -78,7 +76,6 @@ static int InitSelinuxOpsForInit(SelinuxSpace *selinuxSpace)
if (selinuxSpace->setSelinuxLogCallback != NULL) {
selinuxSpace->setSelinuxLogCallback();
}
PARAM_LOGI("Load selinux lib success.");
return ret;
}
......@@ -106,7 +103,7 @@ static int InitLocalSecurityLabel(ParamSecurityLabel *security, int isInit)
selinuxSpace->initParamSelinux();
}
#endif
PARAM_LOGV("Load selinux lib success.");
PARAM_LOGI("Load selinux lib success.");
return 0;
}
......@@ -123,7 +120,7 @@ static void SetSelinuxFileCon(const char *name, const char *context)
int len = ParamSprintf(buffer, sizeof(buffer), "%s/%s", PARAM_STORAGE_PATH, context);
if (len > 0) {
buffer[len] = '\0';
PARAM_LOGI("setfilecon name %s path: %s %s ", name, context, buffer);
PARAM_LOGV("setfilecon name %s path: %s %s ", name, context, buffer);
if (GetParamWorkSpace()->ops.setfilecon(buffer, context) < 0) {
PARAM_LOGE("Failed to setfilecon %s ", context);
}
......@@ -233,24 +230,33 @@ static const char *GetSelinuxContent(const char *name)
}
}
static int SelinuxReadParamCheck(const char *name)
static int CheckContentPermission(const char *name, const char *label)
{
PARAM_CHECK(name != NULL && label != NULL, return DAC_RESULT_FORBIDED, "The label is null");
int ret = DAC_RESULT_FORBIDED;
SelinuxSpace *selinuxSpace = &GetParamWorkSpace()->selinuxSpace;
if (selinuxSpace->readParamCheck != NULL) {
ret = selinuxSpace->readParamCheck(name);
PARAM_LOGI("SelinuxReadParamCheck name %s ret %d", name, ret);
return ret;
char buffer[FILENAME_LEN_MAX] = {0};
int size = ParamSprintf(buffer, sizeof(buffer), "%s/%s", PARAM_STORAGE_PATH, label);
PARAM_CHECK(size > 0, return -1, "Failed to format file name %s", label);
buffer[size] = '\0';
if (access(buffer, R_OK) == 0) {
ret = AddWorkSpace(label, 1, PARAM_WORKSPACE_MAX);
}
PARAM_LOGW("SelinuxReadParamCheck name %s label %s", name, GetSelinuxContent(name));
WorkSpace *space = GetWorkSpace(name);
if (space == NULL) {
PARAM_LOGW("SelinuxReadParamCheck name %s label %s forbid", name, GetSelinuxContent(name));
if (ret != 0) {
PARAM_LOGE("SelinuxReadParamCheck name %s label %s ", name, label);
return DAC_RESULT_FORBIDED;
}
return DAC_RESULT_PERMISSION;
}
static int SelinuxReadParamCheck(const char *name)
{
const char *label = GetSelinuxContent(name);
if (label == NULL) {
return CheckContentPermission(name, WORKSPACE_NAME_DEF_SELINUX);
}
return CheckContentPermission(name, label);
}
static int SelinuxCheckParamPermission(const ParamSecurityLabel *srcLabel, const char *name, uint32_t mode)
{
SelinuxSpace *selinuxSpace = &GetParamWorkSpace()->selinuxSpace;
......@@ -273,8 +279,8 @@ static int SelinuxCheckParamPermission(const ParamSecurityLabel *srcLabel, const
#endif
}
if (ret != 0) {
PARAM_LOGW("Selinux check name %s pid %d uid %d %d result %d", name, info.uc.pid,
info.uc.uid, info.uc.gid, ret);
PARAM_LOGW("Selinux check name %s in %s info [%d %d %d] result %d",
name, GetSelinuxContent(name), info.uc.pid, info.uc.uid, info.uc.gid, ret);
ret = DAC_RESULT_FORBIDED;
} else {
ret = DAC_RESULT_PERMISSION;
......@@ -287,6 +293,13 @@ static int UpdaterCheckParamPermission(const ParamSecurityLabel *srcLabel, const
return DAC_RESULT_PERMISSION;
}
static int OpenPermissionWorkSpace(const char *path)
{
UNUSED(path);
// open workspace by readonly
return SelinuxGetAllLabel(1);
}
INIT_LOCAL_API int RegisterSecuritySelinuxOps(ParamSecurityOps *ops, int isInit)
{
PARAM_CHECK(GetParamWorkSpace() != NULL, return -1, "Invalid workspace");
......@@ -303,12 +316,8 @@ INIT_LOCAL_API int RegisterSecuritySelinuxOps(ParamSecurityOps *ops, int isInit)
ops->securityFreeLabel = FreeLocalSecurityLabel;
if (isInit != 0) {
ops->securityGetLabel = SelinuxGetParamSecurityLabel;
} else {
ops->securityGetLabel = OpenPermissionWorkSpace;
}
return ret;
}
INIT_LOCAL_API void OpenPermissionWorkSpace(void)
{
// open workspace by readonly
SelinuxGetAllLabel(1);
}
services/param/base/param_base.c
浏览文件 @ 513c2427
......@@ -100,7 +100,9 @@ static int CheckNeedInit(int onlyRead, const PARAM_WORKSPACE_OPS *ops)
{
if (ops != NULL) {
g_paramWorkSpace.ops.updaterMode = ops->updaterMode;
g_paramWorkSpace.ops.logFunc = ops->logFunc;
if (g_paramWorkSpace.ops.logFunc == NULL) {
g_paramWorkSpace.ops.logFunc = ops->logFunc;
}
#ifdef PARAM_SUPPORT_SELINUX
g_paramWorkSpace.ops.setfilecon = ops->setfilecon;
#endif
......@@ -175,10 +177,6 @@ INIT_INNER_API int InitParamWorkSpace(int onlyRead, const PARAM_WORKSPACE_OPS *o
auditData.dacData.paramType = PARAM_TYPE_STRING;
ret = AddSecurityLabel(&auditData);
PARAM_CHECK(ret == 0, return ret, "Failed to add default dac label");
} else {
#ifdef PARAM_SUPPORT_SELINUX
OpenPermissionWorkSpace();
#endif
}
return ret;
}
......@@ -245,4 +243,54 @@ void InitParameterClient(void)
PARAM_WORKSPACE_OPS ops = {0};
ops.updaterMode = 0;
InitParamWorkSpace(1, &ops);
}
\ No newline at end of file
}
INIT_LOCAL_API int AddWorkSpace(const char *name, int onlyRead, uint32_t spaceSize)
{
ParamWorkSpace *paramSpace = GetParamWorkSpace();
PARAM_CHECK(paramSpace != NULL, return -1, "Invalid workspace");
int ret = 0;
// check exist
#ifdef PARAM_SUPPORT_SELINUX
const char *realName = name;
#else
const char *realName = WORKSPACE_NAME_NORMAL;
#endif
WORKSPACE_RW_LOCK(*paramSpace);
HashNode *node = OH_HashMapGet(paramSpace->workSpaceHashHandle, (const void *)realName);
if (node != NULL) {
WORKSPACE_RW_UNLOCK(*paramSpace);
return 0;
}
if (onlyRead == 0) {
PARAM_LOGI("AddWorkSpace %s spaceSize: %u onlyRead %s", name, spaceSize, onlyRead ? "true" : "false");
}
WorkSpace *workSpace = NULL;
do {
ret = -1;
const size_t size = strlen(realName) + 1;
workSpace = (WorkSpace *)malloc(sizeof(WorkSpace) + size);
PARAM_CHECK(workSpace != NULL, break, "Failed to create workspace for %s", realName);
workSpace->flags = 0;
workSpace->area = NULL;
OH_ListInit(&workSpace->node);
ret = ParamStrCpy(workSpace->fileName, size, realName);
PARAM_CHECK(ret == 0, break, "Failed to copy file name %s", realName);
HASHMAPInitNode(&workSpace->hashNode);
ret = InitWorkSpace(workSpace, onlyRead, spaceSize);
PARAM_CHECK(ret == 0, break, "Failed to init workspace %s", realName);
ret = OH_HashMapAdd(paramSpace->workSpaceHashHandle, &workSpace->hashNode);
PARAM_CHECK(ret == 0, CloseWorkSpace(workSpace);
workSpace = NULL;
break, "Failed to add hash node");
OH_ListAddTail(&paramSpace->workSpaceList, &workSpace->node);
ret = 0;
workSpace = NULL;
} while (0);
if (workSpace != NULL) {
free(workSpace);
}
WORKSPACE_RW_UNLOCK(*paramSpace);
PARAM_LOGV("AddWorkSpace %s %s", name, ret == 0 ? "success" : "fail");
return ret;
}
services/param/base/param_comm.c
浏览文件 @ 513c2427
......@@ -473,54 +473,6 @@ INIT_LOCAL_API int SplitParamString(char *line, const char *exclude[], uint32_t
return result(context, name, value);
}
INIT_LOCAL_API int AddWorkSpace(const char *name, int onlyRead, uint32_t spaceSize)
{
ParamWorkSpace *paramSpace = GetParamWorkSpace();
PARAM_CHECK(paramSpace != NULL, return -1, "Invalid workspace");
int ret = 0;
// check exist
#ifdef PARAM_SUPPORT_SELINUX
const char *realName = name;
#else
const char *realName = WORKSPACE_NAME_NORMAL;
#endif
WORKSPACE_RW_LOCK(*paramSpace);
HashNode *node = OH_HashMapGet(paramSpace->workSpaceHashHandle, (const void *)realName);
if (node != NULL) {
WORKSPACE_RW_UNLOCK(*paramSpace);
return 0;
}
PARAM_LOGV("AddWorkSpace %s spaceSize: %u onlyRead %s", name, spaceSize, onlyRead ? "true" : "false");
WorkSpace *workSpace = NULL;
do {
ret = -1;
const size_t size = strlen(realName) + 1;
workSpace = (WorkSpace *)malloc(sizeof(WorkSpace) + size);
PARAM_CHECK(workSpace != NULL, break, "Failed to create workspace for %s", realName);
workSpace->flags = 0;
workSpace->area = NULL;
OH_ListInit(&workSpace->node);
ret = ParamStrCpy(workSpace->fileName, size, realName);
PARAM_CHECK(ret == 0, break, "Failed to copy file name %s", realName);
HASHMAPInitNode(&workSpace->hashNode);
ret = InitWorkSpace(workSpace, onlyRead, spaceSize);
PARAM_CHECK(ret == 0, break, "Failed to init workspace %s", realName);
ret = OH_HashMapAdd(paramSpace->workSpaceHashHandle, &workSpace->hashNode);
PARAM_CHECK(ret == 0, CloseWorkSpace(workSpace);
workSpace = NULL;
break, "Failed to add hash node");
OH_ListAddTail(&paramSpace->workSpaceList, &workSpace->node);
ret = 0;
workSpace = NULL;
} while (0);
if (workSpace != NULL) {
free(workSpace);
}
WORKSPACE_RW_UNLOCK(*paramSpace);
PARAM_LOGV("AddWorkSpace %s %s", name, ret == 0 ? "success" : "fail");
return ret;
}
INIT_LOCAL_API uint32_t ReadCommitId(ParamNode *entry)
{
uint32_t commitId = ATOMIC_LOAD_EXPLICIT(&entry->commitId, memory_order_acquire);
......@@ -578,24 +530,27 @@ INIT_LOCAL_API int CheckParamPermission(const ParamSecurityLabel *srcLabel, cons
ParamWorkSpace *paramSpace = GetParamWorkSpace();
PARAM_CHECK(paramSpace != NULL, return DAC_RESULT_FORBIDED, "Invalid workspace");
int ret = DAC_RESULT_PERMISSION;
// for root, all permission
if (srcLabel->cred.uid != 0) {
for (int i = 0; i < PARAM_SECURITY_MAX; i++) {
if (PARAM_TEST_FLAG(paramSpace->securityLabel.flags[i], LABEL_ALL_PERMISSION)) {
continue;
}
ParamSecurityOps *ops = GetParamSecurityOps(i);
if (ops == NULL) {
continue;
}
if (ops->securityCheckParamPermission == NULL) {
continue;
}
ret = ops->securityCheckParamPermission(srcLabel, name, mode);
if (ret == DAC_RESULT_FORBIDED) {
PARAM_LOGW("CheckParamPermission %s %s FORBID", ops->name, name);
break;
}
PARAM_LOGV("CheckParamPermission mode 0x%x name: %s uid:%d pid:%d",
mode, name, (int)srcLabel->cred.uid, (int)srcLabel->cred.pid);
// for root, all permission, but for appspawn must to check
if (srcLabel->cred.uid == 0 && srcLabel->cred.pid == 1) {
return DAC_RESULT_PERMISSION;
}
for (int i = 0; i < PARAM_SECURITY_MAX; i++) {
if (PARAM_TEST_FLAG(paramSpace->securityLabel.flags[i], LABEL_ALL_PERMISSION)) {
continue;
}
ParamSecurityOps *ops = GetParamSecurityOps(i);
if (ops == NULL) {
continue;
}
if (ops->securityCheckParamPermission == NULL) {
continue;
}
ret = ops->securityCheckParamPermission(srcLabel, name, mode);
if (ret == DAC_RESULT_FORBIDED) {
PARAM_LOGW("CheckParamPermission %s %s FORBID", ops->name, name);
break;
}
}
return ret;
......
services/param/include/param_osadp.h
浏览文件 @ 513c2427
......@@ -44,6 +44,7 @@ extern "C" {
#endif
#endif
#define PARAM_WORKSPACE_INVALID ((uint32_t)-1)
#define PARAM_WORKSPACE_MIN (4096)
#if (defined __LITEOS_A__ || defined __LITEOS_M__)
#define DAC_DEFAULT_MODE 0777
......
services/param/include/param_security.h
浏览文件 @ 513c2427
......@@ -118,7 +118,6 @@ INIT_LOCAL_API int RegisterSecuritySelinuxOps(ParamSecurityOps *ops, int isInit)
INIT_LOCAL_API ParamSecurityOps *GetParamSecurityOps(int type);
INIT_LOCAL_API void LoadGroupUser(void);
INIT_LOCAL_API int RegisterSecurityDacOps(ParamSecurityOps *ops, int isInit);
INIT_LOCAL_API void OpenPermissionWorkSpace(void);
INIT_LOCAL_API int RegisterSecurityOps(int onlyRead);
#ifdef __cplusplus
......
services/param/include/param_utils.h
浏览文件 @ 513c2427
......@@ -33,6 +33,10 @@ typedef enum {
PARAM_CODE_ERROR_MAP_FILE,
} PARAM_INNER_CODE;
#ifndef PARAM_BUFFER_MAX
#define PARAM_BUFFER_MAX (0x01 << 16)
#endif
struct CmdLineEntry {
char *key;
int set;
......@@ -43,7 +47,6 @@ typedef struct cmdLineInfo {
int (*processor)(const char *name, const char *value, int);
} cmdLineInfo;
#define PARAM_BUFFER_MAX (0x01 << 16)
#define FILENAME_LEN_MAX 255
#define MS_UNIT 1000
#ifndef UNUSED
......@@ -129,7 +132,8 @@ INIT_LOCAL_API void ParamWorBaseLog(InitLogLevel logLevel, uint32_t domain, cons
exper; \
}
#define PARAM_DUMP printf
typedef int (*DUMP_PRINTF)(const char *fmt, ...);
#define PARAM_DUMP g_printf
#define MAX_LABEL_LEN 256
#define PARAM_BUFFER_SIZE 256
......
services/param/linux/BUILD.gn
浏览文件 @ 513c2427
......@@ -34,6 +34,7 @@ param_include_dirs = [
"//base/startup/init/services/init/include",
"//base/startup/init/services/log",
"//base/startup/init/services/modules/init_hook",
"//base/startup/init/interfaces/innerkits/include/syspara",
"//base/startup/init/interfaces/innerkits/init_module_engine/include",
"//base/startup/init/services/loopevent/include",
"//third_party/bounds_checking_function/include",
......@@ -118,6 +119,21 @@ if (defined(ohos_lite)) {
if (param_base_log) {
defines += [ "PARAM_BASE_LOG" ]
}
if (defined(ohos_build_type)) {
defines += [ "BUILD_TYPE=\"${ohos_build_type}\"" ]
}
if (defined(ohos_version)) {
defines += [ "INCREMENTAL_VERSION=\"${ohos_version}\"" ]
}
if (defined(ohos_build_user)) {
defines += [ "BUILD_USER=\"${ohos_build_user}\"" ]
}
if (defined(ohos_build_time)) {
defines += [ "BUILD_TIME=\"${ohos_build_time}\"" ]
}
if (defined(ohos_build_host)) {
defines += [ "BUILD_HOST=\"${ohos_build_host}\"" ]
}
if (build_selinux) {
include_dirs += [
......
services/param/linux/param_service.c
浏览文件 @ 513c2427
......@@ -95,7 +95,7 @@ static int SendResponseMsg(ParamTaskPtr worker, const ParamMessage *msg, int res
response->result = result;
response->msg.msgSize = sizeof(ParamResponseMessage);
ParamTaskSendMsg(worker, (ParamMessage *)response);
PARAM_LOGI("SendResponseMsg msgId %d", msg->id.msgId);
PARAM_LOGI("SendResponseMsg msgId %d result %d", msg->id.msgId, result);
return 0;
}
......
services/param/manager/param_manager.c
浏览文件 @ 513c2427
......@@ -23,6 +23,7 @@
#include "param_trie.h"
#include "param_utils.h"
#include "securec.h"
static DUMP_PRINTF g_printf = printf;
ParamNode *SystemCheckMatchParamWait(const char *name, const char *value)
{
......@@ -84,8 +85,14 @@ int SystemTraversalParameter(const char *prefix, TraversalParamPtr traversalPara
ParamWorkSpace *paramSpace = GetParamWorkSpace();
PARAM_CHECK(paramSpace != NULL, return -1, "Invalid paramSpace");
PARAM_WORKSPACE_CHECK(paramSpace, return -1, "Invalid space");
PARAM_CHECK(traversalParameter != NULL, return -1, "The param is null");
#ifdef PARAM_SUPPORT_SELINUX // load security label
ParamSecurityOps *ops = GetParamSecurityOps(PARAM_SECURITY_SELINUX);
if (ops != NULL && ops->securityGetLabel != NULL) {
ops->securityGetLabel(NULL);
}
#endif
ParamTraversalContext context = {traversalParameter, cookie, "#"};
if (!(prefix == NULL || strlen(prefix) == 0)) {
ParamHandle handle = 0;
......@@ -162,8 +169,13 @@ static void HashNodeTraverseForDump(WorkSpace *workSpace, int verbose)
PARAMSPACE_AREA_RW_UNLOCK(workSpace);
}
void SystemDumpParameters(int verbose)
void SystemDumpParameters(int verbose, int (*dump)(const char *fmt, ...))
{
if (dump != NULL) {
g_printf = dump;
} else {
g_printf = printf;
}
ParamWorkSpace *paramSpace = GetParamWorkSpace();
PARAM_CHECK(paramSpace != NULL, return, "Invalid paramSpace");
PARAM_WORKSPACE_CHECK(paramSpace, return, "Invalid space");
......@@ -173,10 +185,16 @@ void SystemDumpParameters(int verbose)
if (ret != PARAM_CODE_NOT_FOUND && ret != 0 && ret != PARAM_CODE_NODE_EXIST) {
PARAM_CHECK(ret == 0, return, "Forbid to dump parameters");
}
#ifdef PARAM_SUPPORT_SELINUX // load security label
ParamSecurityOps *ops = GetParamSecurityOps(PARAM_SECURITY_SELINUX);
if (ops != NULL && ops->securityGetLabel != NULL) {
ops->securityGetLabel(NULL);
}
#endif
PARAM_DUMP("Dump all parameters begin ...\n");
if (verbose) {
PARAM_DUMP("Local sercurity information\n");
PARAM_DUMP("\t pid: %d uid: %u gid: %u \n",
PARAM_DUMP("pid: %d uid: %u gid: %u \n",
paramSpace->securityLabel.cred.pid,
paramSpace->securityLabel.cred.uid,
paramSpace->securityLabel.cred.gid);
......
services/param/manager/param_persist.c
浏览文件 @ 513c2427
......@@ -158,7 +158,7 @@ PARAM_STATIC void TimerCallbackForSave(const ParamTaskPtr timer, void *context)
UNUSED(context);
UNUSED(timer);
PARAM_LOGV("TimerCallbackForSave ");
// for liteos-a,we must cycle check
// for liteos-a must cycle check
#if (!defined(PARAM_SUPPORT_CYCLE_CHECK) || defined(PARAM_SUPPORT_REAL_CHECK))
ParamTimerClose(g_persistWorkSpace.saveTimer);
g_persistWorkSpace.saveTimer = NULL;
......
services/param/trigger/trigger_manager.c
浏览文件 @ 513c2427
......@@ -23,6 +23,8 @@
#include "trigger_checker.h"
#include "securec.h"
static DUMP_PRINTF g_printf = printf;
int AddCommand(JobNode *trigger, uint32_t cmdKeyIndex, const char *content)
{
PARAM_CHECK(trigger != NULL, return -1, "trigger is null");
......@@ -41,7 +43,7 @@ int AddCommand(JobNode *trigger, uint32_t cmdKeyIndex, const char *content)
PARAM_CHECK(ret == EOK, free(node);
return 0, "Failed to copy command");
}
// 插入队列
if (trigger->firstCmd == NULL) {
trigger->firstCmd = node;
trigger->lastCmd = node;
......@@ -520,8 +522,13 @@ static void DumpTrigger_(const TriggerWorkSpace *workSpace, int type)
}
}
void SystemDumpTriggers(int verbose)
void SystemDumpTriggers(int verbose, int (*dump)(const char *fmt, ...))
{
if (dump != NULL) {
g_printf = dump;
} else {
g_printf = printf;
}
TriggerWorkSpace *workSpace = GetTriggerWorkSpace();
PARAM_CHECK(workSpace != NULL, return, "Invalid workSpace ");
PARAM_DUMP("workspace queue BOOT info:\n");
......
services/param/watcher/agent/watcher_manager_kits.cpp
浏览文件 @ 513c2427
......@@ -205,7 +205,7 @@ void WatcherManagerKits::ParamWatcher::OnParameterChange(const std::string &name
WATCHER_LOGI("OnParameterChange name %s value %s", name.c_str(), value.c_str());
uint32_t index = 0;
ParameterChangeListener *listener = GetParameterListener(&index);
while (listener != NULL) {
while (listener != nullptr) {
if (!listener->CheckValueChange(value)) {
listener->OnParameterChange(name, value);
}
......@@ -240,7 +240,7 @@ int WatcherManagerKits::ParamWatcher::DelParameterListener(ParameterChangePtr ca
{
uint32_t index = 0;
ParameterChangeListener *listener = GetParameterListener(&index);
while (listener != NULL) {
while (listener != nullptr) {
if ((callback == nullptr && context == nullptr)) {
RemoveParameterListener(index);
} else if (listener->IsEqual(callback, context)) {
......
services/param/watcher/agent/watcher_manager_kits.h
浏览文件 @ 513c2427
......@@ -66,7 +66,7 @@ private:
class ParamWatcher final : public Watcher {
public:
explicit ParamWatcher(const std::string &key) : keyPrefix_(key) {}
virtual ~ParamWatcher()
~ParamWatcher() override
{
parameterChangeListeners.clear();
};
......
services/param/watcher/proxy/watcher_manager.cpp
浏览文件 @ 513c2427
......@@ -236,7 +236,7 @@ void WatcherManager::SendLocalChange(const std::string &keyPrefix, ParamWatcherP
SystemGetParameterValue(handle, context->buffer + PARAM_NAME_LEN_MAX, &size);
WATCHER_LOGV("SendLocalChange key %s value: %s ", context->buffer, context->buffer + PARAM_NAME_LEN_MAX);
context->watcher->ProcessParameterChange(context->buffer, context->buffer + PARAM_NAME_LEN_MAX);
}, (void *)&context);
}, reinterpret_cast<void *>(&context));
}
void WatcherManager::RunLoop()
......
services/utils/init_utils.c
浏览文件 @ 513c2427
......@@ -160,6 +160,20 @@ char *ReadFileToBuf(const char *configFile)
return buffer;
}
void CloseStdio(void)
{
#ifndef __LITEOS_M__
int fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd < 0) {
return;
}
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, STDERR_HANDLE);
close(fd);
#endif
}
char *ReadFileData(const char *fileName)
{
if (fileName == NULL) {
......@@ -520,29 +534,25 @@ int StringReplaceChr(char *strl, char oldChr, char newChr)
return 0;
}
uint32_t GetRandom()
void RedirectStdio(int fd)
{
uint32_t ulSeed = 0;
int fd = open("/dev/urandom", O_RDONLY);
if (fd > 0) {
read(fd, &ulSeed, sizeof(ulSeed));
}
close(fd);
return ulSeed;
#ifndef __LITEOS_M__
const int stdError = 2;
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, stdError); // Redirect fd to 0, 1, 2
#endif
}
void OpenConsole(void)
{
#ifndef __LITEOS_M__
const int stdError = 2;
setsid();
WaitForFile("/dev/console", WAIT_MAX_SECOND);
int fd = open("/dev/console", O_RDWR);
if (fd >= 0) {
ioctl(fd, TIOCSCTTY, 0);
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, stdError); // Redirect fd to 0, 1, 2
RedirectStdio(fd);
close(fd);
} else {
INIT_LOGE("Open /dev/console failed. err = %d", errno);
......
test/exec_test/BUILD.gn
浏览文件 @ 513c2427
......@@ -83,13 +83,11 @@ ohos_executable("ondemandTest") {
}
group("exectest") {
if (control_test) {
deps = [
":client",
":fd_holder_test",
":fd_holder_test.cfg",
":ondemandTest",
":server",
]
}
deps = [
":client",
":fd_holder_test",
":fd_holder_test.cfg",
":ondemandTest",
":server",
]
}
test/exec_test/fd_holder_test.c
浏览文件 @ 513c2427
......@@ -70,13 +70,13 @@ int main(int argc, char **argv)
free(fds);
outfdCount = 0;
while (1) {
pause();
sleep(3);
}
}
char *files[] = {"/data/test/1", "/data/test/2"};
SaveFds("fd_holder_test", FD_COUNT, (char **)files);
while (1) {
pause();
sleep(3);
}
return 0;
}
test/fuzztest/systemdumpparameters_fuzzer/systemdumpparameters_fuzzer.cpp
浏览文件 @ 513c2427
......@@ -24,7 +24,7 @@ namespace OHOS {
CloseStdout();
std::string str(reinterpret_cast<const char*>(data), size);
int verbose = atoi(str.c_str());
SystemDumpParameters(verbose);
SystemDumpParameters(verbose, nullptr);
return true;
}
}
......
test/unittest/begetctl/begetctl_unittest.cpp
浏览文件 @ 513c2427
......@@ -38,7 +38,7 @@ HWTEST_F(BegetctlUnitTest, TestShellInit, TestSize.Level0)
const char *args[] = {
"param"
};
BShellEnvDirectExecute(GetShellHandle(), 1, (char **)args);
BShellEnvDirectExecute(GetShellHandle(), 1, const_cast<char **>(args));
}
HWTEST_F(BegetctlUnitTest, TestShellLs, TestSize.Level1)
......@@ -47,7 +47,7 @@ HWTEST_F(BegetctlUnitTest, TestShellLs, TestSize.Level1)
const char *args[] = {
"param", "ls"
};
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), (char **)args);
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), const_cast<char **>(args));
}
HWTEST_F(BegetctlUnitTest, TestShellLsWithR, TestSize.Level1)
......@@ -56,7 +56,7 @@ HWTEST_F(BegetctlUnitTest, TestShellLsWithR, TestSize.Level1)
const char *args[] = {
"param", "ls", "-r"
};
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), (char **)args);
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), const_cast<char **>(args));
}
HWTEST_F(BegetctlUnitTest, TestShellLsGet, TestSize.Level1)
......@@ -65,7 +65,7 @@ HWTEST_F(BegetctlUnitTest, TestShellLsGet, TestSize.Level1)
const char *args[] = {
"param", "get"
};
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), (char **)args);
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), const_cast<char **>(args));
}
HWTEST_F(BegetctlUnitTest, TestShellSet, TestSize.Level1)
......@@ -74,7 +74,7 @@ HWTEST_F(BegetctlUnitTest, TestShellSet, TestSize.Level1)
const char *args[] = {
"param", "set", "aaaaa", "1234567"
};
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), (char **)args);
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), const_cast<char **>(args));
}
HWTEST_F(BegetctlUnitTest, TestShellGetWithKey, TestSize.Level1)
......@@ -83,7 +83,7 @@ HWTEST_F(BegetctlUnitTest, TestShellGetWithKey, TestSize.Level1)
const char *args[] = {
"param", "get", "aaaaa"
};
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), (char **)args);
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), const_cast<char **>(args));
}
HWTEST_F(BegetctlUnitTest, TestShellWait, TestSize.Level1)
......@@ -92,7 +92,7 @@ HWTEST_F(BegetctlUnitTest, TestShellWait, TestSize.Level1)
const char *args[] = {
"param", "wait", "aaaaa"
};
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), (char **)args);
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), const_cast<char **>(args));
}
HWTEST_F(BegetctlUnitTest, TestShellWaitFalse, TestSize.Level1)
{
......@@ -100,7 +100,7 @@ HWTEST_F(BegetctlUnitTest, TestShellWaitFalse, TestSize.Level1)
const char *args[] = {
"param", "wait"
};
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), (char **)args);
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), const_cast<char **>(args));
}
HWTEST_F(BegetctlUnitTest, TestShellWaitWithKey, TestSize.Level1)
......@@ -109,7 +109,7 @@ HWTEST_F(BegetctlUnitTest, TestShellWaitWithKey, TestSize.Level1)
const char *args[] = {
"param", "wait", "aaaaa", "12*", "30"
};
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), (char **)args);
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), const_cast<char **>(args));
}
HWTEST_F(BegetctlUnitTest, TestShellParamShell, TestSize.Level1)
{
......@@ -117,7 +117,7 @@ HWTEST_F(BegetctlUnitTest, TestShellParamShell, TestSize.Level1)
const char *args[] = {
"param", "shell"
};
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), (char **)args);
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), const_cast<char **>(args));
}
HWTEST_F(BegetctlUnitTest, TestShellLsWithvalue, TestSize.Level1)
{
......@@ -126,7 +126,7 @@ HWTEST_F(BegetctlUnitTest, TestShellLsWithvalue, TestSize.Level1)
const char *args[] = {
"param", "ls", PARAM_REVERESD_NAME_CURR_PARAMETER
};
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), (char **)args);
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), const_cast<char **>(args));
}
HWTEST_F(BegetctlUnitTest, TestShellLsWithvalueExist, TestSize.Level1)
{
......@@ -135,6 +135,6 @@ HWTEST_F(BegetctlUnitTest, TestShellLsWithvalueExist, TestSize.Level1)
const char *args[] = {
"param", "ls", "-r", PARAM_REVERESD_NAME_CURR_PARAMETER
};
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), (char **)args);
BShellEnvDirectExecute(GetShellHandle(), sizeof(args) / sizeof(args[0]), const_cast<char **>(args));
}
} // namespace init_ut
test/unittest/init/group_unittest.cpp
浏览文件 @ 513c2427
......@@ -43,14 +43,14 @@ static int TestHashNodeCompare(const HashNode *node1, const HashNode *node2)
static int TestHashKeyCompare(const HashNode *node1, const void *key)
{
TestHashNode *testNode1 = HASHMAP_ENTRY(node1, TestHashNode, node);
return strcmp(testNode1->name, (char *)key);
return strcmp(testNode1->name, reinterpret_cast<char *>(const_cast<void *>(key)));
}
static int TestHashNodeFunction(const HashNode *node)
{
TestHashNode *testNode = HASHMAP_ENTRY(node, TestHashNode, node);
int code = 0;
for (int i = 0; i < (int)strlen(testNode->name); i++) {
for (size_t i = 0; i < strlen(testNode->name); i++) {
code += testNode->name[i] - 'A';
}
return code;
......@@ -60,7 +60,7 @@ static int TestHashKeyFunction(const void *key)
{
int code = 0;
char *buff = const_cast<char *>(static_cast<const char *>(key));
for (int i = 0; i < (int)strlen(buff); i++) {
for (size_t i = 0; i < strlen(buff); i++) {
code += buff[i] - 'A';
}
return code;
......
test/unittest/init/utils_unittest.cpp
浏览文件 @ 513c2427
......@@ -70,7 +70,6 @@ HWTEST_F(UtilsUnitTest, TestUtilsApi, TestSize.Level0)
float sec = ConvertMicrosecondToSecond(1000000); // 1000000 microseconds
EXPECT_EQ(sec, 1);
EXPECT_EQ(WriteAll(2, "test", strlen("test")), 4);
GetRandom();
mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH;
CheckAndCreatFile("/data/init_ut/testcreatfile", mode);
CheckAndCreatFile("/data/init_ut/nodir/testcreatfile", mode);
......
test/unittest/param/client_unittest.cpp
浏览文件 @ 513c2427
......@@ -74,10 +74,12 @@ static void TestForMultiThread()
"thread.5555.1111.2222.3333.4444"
};
for (size_t i = 0; i < threadMaxNumer; i++) {
pthread_create(&tids[i], nullptr, TestSendParamSetMsg, (void *)names[i % ARRAY_LENGTH(names)]);
pthread_create(&tids[i], nullptr, TestSendParamSetMsg,
reinterpret_cast<void *>(const_cast<char *>(names[i % ARRAY_LENGTH(names)])));
}
for (size_t i = threadMaxNumer; i < threadMaxNumer + threadMaxNumer; i++) {
pthread_create(&tids[i], nullptr, TestSendParamWaitMsg, (void *)names[i % ARRAY_LENGTH(names)]);
pthread_create(&tids[i], nullptr, TestSendParamWaitMsg,
reinterpret_cast<void *>(const_cast<char *>(names[i % ARRAY_LENGTH(names)])));
}
for (size_t i = 0; i < threadMaxNumer + threadMaxNumer; i++) {
pthread_join(tids[i], nullptr);
......@@ -209,7 +211,7 @@ HWTEST_F(ClientUnitTest, TestClient_03, TestSize.Level0)
{
// 3 Traversal test
TestParamTraversal();
SystemDumpParameters(1);
SystemDumpParameters(1, NULL);
}
HWTEST_F(ClientUnitTest, TestClient_04, TestSize.Level0)
......
test/unittest/param/param_unittest.cpp
浏览文件 @ 513c2427
......@@ -298,7 +298,7 @@ public:
int TestDumpParamMemory()
{
SystemDumpParameters(1);
SystemDumpParameters(1, NULL);
return 0;
}
};
......
test/unittest/param/paramservice_unittest.cpp
浏览文件 @ 513c2427
......@@ -429,7 +429,7 @@ public:
char buffer[] = "testbuff";
CheckTrigger(GetTriggerWorkSpace(), TRIGGER_PARAM_WATCH, buffer, strlen(buffer), TestTriggerExecute);
#ifdef PARAM_SUPPORT_TRIGGER
SystemDumpTriggers(1);
SystemDumpTriggers(1, NULL);
#endif
AddWatch(MSG_DEL_WATCHER, name, value);
return 0;
......
test/unittest/param/selinux_unittest.cpp
浏览文件 @ 513c2427
......@@ -22,9 +22,7 @@
using namespace testing::ext;
using namespace std;
extern "C" {
void OpenPermissionWorkSpace(void);
}
namespace init_ut {
class SelinuxUnitTest : public ::testing::Test {
public:
......@@ -90,9 +88,6 @@ public:
{
int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
EXPECT_EQ(ret, 0);
if (clientParamSercurityOps.securityGetLabel != nullptr) {
EXPECT_EQ(1, 0);
}
if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
EXPECT_EQ(1, 0);
return -1;
......@@ -183,6 +178,5 @@ HWTEST_F(SelinuxUnitTest, TestClientDacCheckParaPermission, TestSize.Level0)
SelinuxUnitTest test;
test.TestClientSelinuxCheckParaPermissionWrite("aaa.bbb.bbb.ccc", "user:group1:r");
test.TestClientSelinuxCheckParaPermissionRead("aaa.bbb.bbb.ccc", "user:group1:r");
OpenPermissionWorkSpace();
}
}
\ No newline at end of file
test/unittest/param/trigger_unittest.cpp
浏览文件 @ 513c2427
......@@ -90,7 +90,7 @@ public:
int cmdKeyIndex = 0;
const char *matchCmd = GetMatchCmd("setparam aaaa aaaa", &cmdKeyIndex);
printf("cmd %d \n", matchCmd != nullptr);
EXPECT_EQ(matchCmd != 0, 1);
EXPECT_NE(matchCmd, nullptr);
ReadConfig();
ParseInitCfg(STARTUP_INIT_UT_PATH "/trigger_test.cfg");
......
test/unittest/seccomp/seccomp_unittest.cpp
浏览文件 @ 513c2427
......@@ -53,7 +53,7 @@ public:
{
}
static pid_t StartChild(PolicyType type, SyscallFunc func)
static pid_t StartChild(const char *filterName, SyscallFunc func)
{
pid_t pid = fork();
if (pid == 0) {
......@@ -61,8 +61,8 @@ public:
std::cout << "PR_SET_NO_NEW_PRIVS set fail " << std::endl;
exit(EXIT_FAILURE);
}
if (type != SYSTEM && !SetSeccompPolicy(type)) {
std::cout << "SetSeccompPolicy set fail type is " << type << std::endl;
if (!SetSeccompPolicyWithName(filterName)) {
std::cout << "SetSeccompPolicy set fail fiterName is " << filterName << std::endl;
exit(EXIT_FAILURE);
}
......@@ -78,7 +78,7 @@ public:
return pid;
}
static int CheckSyscall(PolicyType type, SyscallFunc func, bool isAllow)
static int CheckSyscall(const char *filterName, SyscallFunc func, bool isAllow)
{
sigset_t set;
int status;
......@@ -93,7 +93,7 @@ public:
std::cout << "signal failed:" << strerror(errno) << std::endl;
}
pid = StartChild(type, func);
pid = StartChild(filterName, func);
if (pid == -1) {
std::cout << "fork failed:" << strerror(errno) << std::endl;
return -1;
......@@ -200,33 +200,33 @@ public:
void TestSystemSycall()
{
// system blocklist
int ret = CheckSyscall(SYSTEM, CheckGetMempolicy, false);
int ret = CheckSyscall(SYSTEM_NAME, CheckGetMempolicy, false);
EXPECT_EQ(ret, 0);
// system allowlist
ret = CheckSyscall(SYSTEM, CheckGetpid, true);
ret = CheckSyscall(SYSTEM_NAME, CheckGetpid, true);
EXPECT_EQ(ret, 0);
}
void TestSetUidGidFilter()
{
// system blocklist
int ret = CheckSyscall(APPSPAWN, CheckSetresuidArgsOutOfRange, false);
int ret = CheckSyscall(APPSPAWN_NAME, CheckSetresuidArgsOutOfRange, false);
EXPECT_EQ(ret, 0);
// system allowlist
ret = CheckSyscall(APPSPAWN, CheckSetresuidArgsInRange, true);
ret = CheckSyscall(APPSPAWN_NAME, CheckSetresuidArgsInRange, true);
EXPECT_EQ(ret, 0);
}
void TestAppSycall()
{
// app blocklist
int ret = CheckSyscall(APP, CheckSetuid, false);
int ret = CheckSyscall(APP_NAME, CheckSetuid, false);
EXPECT_EQ(ret, 0);
// app allowlist
ret = CheckSyscall(APP, CheckGetpid, true);
ret = CheckSyscall(APP_NAME, CheckGetpid, true);
EXPECT_EQ(ret, 0);
}
#elif defined __arm__
......@@ -281,33 +281,33 @@ public:
void TestSystemSycall()
{
// system blocklist
int ret = CheckSyscall(SYSTEM, CheckGetuid, false);
int ret = CheckSyscall(SYSTEM_NAME, CheckGetuid, false);
EXPECT_EQ(ret, 0);
// system allowlist
ret = CheckSyscall(SYSTEM, CheckGetuid32, true);
ret = CheckSyscall(SYSTEM_NAME, CheckGetuid32, true);
EXPECT_EQ(ret, 0);
}
void TestSetUidGidFilter()
{
// system blocklist
int ret = CheckSyscall(APPSPAWN, CheckSetresuid32ArgsOutOfRange, false);
int ret = CheckSyscall(APPSPAWN_NAME, CheckSetresuid32ArgsOutOfRange, false);
EXPECT_EQ(ret, 0);
// system allowlist
ret = CheckSyscall(APPSPAWN, CheckSetresuid32ArgsInRange, true);
ret = CheckSyscall(APPSPAWN_NAME, CheckSetresuid32ArgsInRange, true);
EXPECT_EQ(ret, 0);
}
void TestAppSycall()
{
// app blocklist
int ret = CheckSyscall(APP, CheckSetuid32, false);
int ret = CheckSyscall(APP_NAME, CheckSetuid32, false);
EXPECT_EQ(ret, 0);
// app allowlist
ret = CheckSyscall(APP, CheckGetuid32, true);
ret = CheckSyscall(APP_NAME, CheckGetuid32, true);
EXPECT_EQ(ret, 0);
}
#endif
......
ueventd/BUILD.gn
浏览文件 @ 513c2427
此差异已折叠。
ueventd/ueventd.c
浏览文件 @ 513c2427
此差异已折叠。
watchdog/BUILD.gn
浏览文件 @ 513c2427
此差异已折叠。
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册