fix: selinux read check and cmd for param get

Signed-off-by: N Mupceet <laiguizhong@huawei.com>

fix: selinux read check and cmd for param get
Signed-off-by: N Mupceet <laiguizhong@huawei.com>
8cabde55 · Mupceet · 88b01727 · 8cabde55
隐藏空白更改
内联并排

Showing with 7 addition and 3 deletion

services/param/adapter/param_selinux.c services/param/adapter/param_selinux.c +7 -3

未找到文件。
--- a/services/param/adapter/param_selinux.c
+++ b/services/param/adapter/param_selinux.c
@@ -126,10 +126,14 @@ static int CheckFilePermission(const ParamSecurityLabel *localLabel, const char

 static int SelinuxReadParamCheck(const char *name)
 {
-    PARAM_CHECK(g_selinuxSpace.getParamLabel != NULL, return NULL, "Invalid getParamLabel");
+    int ret = DAC_RESULT_FORBIDED;
+    PARAM_CHECK(g_selinuxSpace.getParamLabel != NULL, return ret, "Invalid getParamLabel");
    const char *label = g_selinuxSpace.getParamLabel(name);
-    // open file with readonly
-    int ret = AddWorkSpace(label, 1, PARAM_WORKSPACE_MAX);
+    if (label == NULL) { // open file with readonly
+        ret = AddWorkSpace(WORKSPACE_NAME_DEF_SELINUX, 1, PARAM_WORKSPACE_MAX);
+    } else {
+        ret = AddWorkSpace(label, 1, PARAM_WORKSPACE_MAX);
+    }
    if (ret != 0) {
        return DAC_RESULT_FORBIDED;
    }