From 901591e99110cf1e2312ddbe0e7911b3f85aa4a7 Mon Sep 17 00:00:00 2001 From: Mupceet Date: Wed, 11 May 2022 19:16:57 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20cd=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mupceet --- services/begetctl/param_cmd.c | 21 ++++++++++----- services/param/adapter/param_dac.c | 12 +++++++-- services/param/manager/param_manager.c | 37 ++++++++++++++++++-------- 3 files changed, 50 insertions(+), 20 deletions(-) diff --git a/services/begetctl/param_cmd.c b/services/begetctl/param_cmd.c index 3d0152cb..82f963a6 100755 --- a/services/begetctl/param_cmd.c +++ b/services/begetctl/param_cmd.c @@ -110,9 +110,11 @@ int SetParamShellPrompt(BShellHandle shell, const char *param) } // check parameter int ret = SysCheckParamExist(realParameter); - if (ret != 0) { + if (ret == PARAM_CODE_NOT_FOUND) { BShellEnvOutput(shell, "Error: parameter \'%s\' not found\r\n", realParameter); return -1; + } else if (ret != 0 && ret != PARAM_CODE_NODE_EXIST) { + return -1; } if (strcmp(realParameter, "#") == 0) { ret = BShellEnvSetParam(shell, PARAM_REVERESD_NAME_CURR_PARAMETER, @@ -223,14 +225,19 @@ static int32_t BShellParamCmdLs(BShellHandle shell, int32_t argc, char *argv[]) BShellEnvOutput(shell, "Error: Forbid to list parameters\r\n"); } } else { - ParamHandle handle; - ret = SystemFindParameter(prefix, &handle); - if (ret != PARAM_CODE_NOT_FOUND && ret != 0 && ret != PARAM_CODE_NODE_EXIST) { - BShellEnvOutput(shell, "Error: Forbid to list parameters\r\n"); - } else if (ret == 0) { - ShowParamForCmdLs(handle, (void *)shell); + ret = SysCheckParamExist(prefix); + if (ret == 0) { + ParamHandle handle; + ret = SystemFindParameter(prefix, &handle); + if (ret != 0) { + BShellEnvOutput(shell, "Error: Forbid to list parameters\r\n"); + } else { + ShowParamForCmdLs(handle, (void *)shell); + } } else if (ret == PARAM_CODE_NODE_EXIST) { ShowParam(shell, prefix, NULL); + } else if (ret != PARAM_CODE_NOT_FOUND) { + BShellEnvOutput(shell, "Error: Forbid to list parameters\r\n"); } else { BShellEnvOutput(shell, "Parameter %s not found\r\n", prefix); } diff --git a/services/param/adapter/param_dac.c b/services/param/adapter/param_dac.c index 937e51bf..7fd027a5 100644 --- a/services/param/adapter/param_dac.c +++ b/services/param/adapter/param_dac.c @@ -25,7 +25,7 @@ #include "param_utils.h" #define USER_BUFFER_LEN 64 -#define GROUP_FORMAT "ohos.group" +#define GROUP_FORMAT "const.group" #define OCT_BASE 8 static void GetUserIdByName(uid_t *uid, const char *name, uint32_t nameLen) @@ -160,6 +160,7 @@ static int CheckFilePermission(const ParamSecurityLabel *localLabel, const char static int CheckUserInGroup(WorkSpace *space, gid_t groupId, uid_t uid) { +#ifdef __MUSL__ static char buffer[USER_BUFFER_LEN] = {0}; uint32_t labelIndex = 0; int ret = sprintf_s(buffer, sizeof(buffer) - 1, "%s.%d.%d", GROUP_FORMAT, groupId, uid); @@ -172,6 +173,9 @@ static int CheckUserInGroup(WorkSpace *space, gid_t groupId, uid_t uid) return 0; } return -1; +#else + return 0; +#endif } static int DacCheckParamPermission(const ParamSecurityLabel *srcLabel, const char *name, uint32_t mode) @@ -245,6 +249,10 @@ static void AddGroupUser(int uid, int gid, int mode, const char *format) void LoadGroupUser(void) { +#ifndef __MUSL__ + return; +#endif + #if !(defined __LITEOS_A__ || defined __LITEOS_M__) PARAM_LOGV("LoadGroupUser "); uid_t uid = 0; @@ -263,7 +271,7 @@ void LoadGroupUser(void) while (data->gr_mem[index]) { // user in this group GetUserIdByName(&uid, data->gr_mem[index], strlen(data->gr_mem[index])); PARAM_LOGV("LoadGroupUser %s gid %d uid %d user %s", data->gr_name, data->gr_gid, uid, data->gr_mem[index]); - AddGroupUser(uid, data->gr_gid, 0550, "ohos.group"); // 0550 read and watch + AddGroupUser(uid, data->gr_gid, 0550, GROUP_FORMAT); // 0550 read and watch index++; } } diff --git a/services/param/manager/param_manager.c b/services/param/manager/param_manager.c index effb5ca6..9ca6661e 100644 --- a/services/param/manager/param_manager.c +++ b/services/param/manager/param_manager.c @@ -658,6 +658,8 @@ int AddWorkSpace(const char *name, int onlyRead, uint32_t spaceSize) const size_t size = strlen(realName) + 1; workSpace = (WorkSpace *)malloc(sizeof(WorkSpace) + size); PARAM_CHECK(workSpace != NULL, break, "Failed to create workspace for %s", realName); + workSpace->flags = 0; + workSpace->area = NULL; ListInit(&workSpace->node); ret = strcpy_s(workSpace->fileName, size, realName); PARAM_CHECK(ret == 0, break, "Failed to copy file name %s", realName); @@ -785,14 +787,23 @@ int SysCheckParamExist(const char *name) { PARAM_WORKSPACE_CHECK(&g_paramWorkSpace, return -1, "Invalid space"); PARAM_CHECK(name != NULL, return -1, "The name or handle is null"); - ParamHandle handle; - int ret = ReadParamWithCheck(name, DAC_READ, &handle); - PARAM_LOGI("SysCheckParamExist %s result %d", name, ret); - if (ret == PARAM_CODE_NODE_EXIST) { - return 0; +#ifdef PARAM_SUPPORT_SELINUX + // open all workspace + OpenPermissionWorkSpace(); +#endif + WorkSpace *workSpace = GetFristWorkSpace(); + while (workSpace != NULL) { + PARAM_LOGV("SysCheckParamExist name %s in space %s", name, workSpace->fileName); + WorkSpace *next = GetNextWorkSpace(workSpace); + ParamTrieNode *node = FindTrieNode(workSpace, name, strlen(name), NULL); + if (node != NULL && node->dataIndex != 0) { + return 0; + } else if (node != NULL) { + return PARAM_CODE_NODE_EXIST; + } + workSpace = next; } - PARAM_CHECK(ret == 0, return ret, "Forbid to access parameter %s", name); - return ret; + return PARAM_CODE_NOT_FOUND; } int SystemGetParameterCommitId(ParamHandle handle, uint32_t *commitId) @@ -862,14 +873,18 @@ int CheckParameterSet(const char *name, const char *value, const ParamSecurityLa PARAM_CHECK(ret == 0, return ret, "Illegal param value %s", value); *ctrlService = 0; -#ifndef PARAM_SUPPORT_SELINUX - if ((getpid() != 1) && ((srcLabel->flags[0] & LABEL_CHECK_IN_ALL_PROCESS) != LABEL_CHECK_IN_ALL_PROCESS)) { + if (getpid() != 1) { // none init +#ifdef PARAM_SUPPORT_SELINUX *ctrlService |= PARAM_NEED_CHECK_IN_SERVICE; -#ifndef STARTUP_INIT_TEST return 0; +#else + if ((srcLabel->flags[0] & LABEL_CHECK_IN_ALL_PROCESS) != LABEL_CHECK_IN_ALL_PROCESS) { + *ctrlService |= PARAM_NEED_CHECK_IN_SERVICE; + return 0; + } #endif } -#endif + char *key = GetServiceCtrlName(name, value); ret = CheckParamPermission(srcLabel, (key == NULL) ? name : key, DAC_WRITE); if (key != NULL) { // ctrl param -- GitLab