!1688 调整使能seccomp的进程范围

Merge pull request !1688 from 夏不白/only_enable_sa

!1688 调整使能seccomp的进程范围
Merge pull request !1688 from 夏不白/only_enable_sa
8dbcb648 · openharmony_ci · Gitee · f5dc3fa9 · 6f29f8fc · 8dbcb648
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

services/init/init_common_service.c services/init/init_common_service.c +3 -1

未找到文件。
--- a/services/init/init_common_service.c
+++ b/services/init/init_common_service.c
@@ -53,6 +53,7 @@
 #ifdef WITH_SECCOMP
 #define APPSPAWN_NAME ("appspawn")
 #define NWEBSPAWN_NAME ("nwebspawn")
+#define SA_MAIN_PATH ("/system/bin/sa_main")
 #endif

 #ifndef TIOCSCTTY
@@ -73,7 +74,8 @@ static void SetSystemSeccompPolicy(const Service *service)
 {
 #ifdef WITH_SECCOMP
    if (strncmp(APPSPAWN_NAME, service->name, strlen(APPSPAWN_NAME)) \
-        && strncmp(NWEBSPAWN_NAME, service->name, strlen(NWEBSPAWN_NAME))) {
+        && strncmp(NWEBSPAWN_NAME, service->name, strlen(NWEBSPAWN_NAME))
+        && !strncmp(SA_MAIN_PATH, service->pathArgs.argv[0], strlen(SA_MAIN_PATH))) {
        PluginExecCmdByName("SetSeccompPolicy", "start");
    }
 #endif