fix：增加selinux属性校验

Signed-off-by: N xionglei6 <xionglei6@huawei.com>

fix：增加selinux属性校验
Signed-off-by: N xionglei6 <xionglei6@huawei.com>
9ab3e1f8 · xionglei6 · c0e607a0 · 9ab3e1f8
隐藏空白更改
内联并排

Showing with 7 addition and 8 deletion

services/param/manager/param_manager.c services/param/manager/param_manager.c +7 -8

未找到文件。
--- a/services/param/manager/param_manager.c
+++ b/services/param/manager/param_manager.c
@@ -236,12 +236,9 @@ int TraversalParam(const ParamWorkSpace *workSpace,
 }

 #ifdef WITH_SELINUX
-void *g_selinuxHandle = NULL;
-int CheckParamPermissionWithSelinux(const ParamSecurityLabel *srcLabel, const char *name, uint32_t mode)
+static void *g_selinuxHandle = NULL;
+static int CheckParamPermissionWithSelinux(const ParamSecurityLabel *srcLabel, const char *name, uint32_t mode)
 {
-    if (srcLabel == NULL || mode != DAC_WRITE) {
-        return DAC_RESULT_PERMISSION;
-    }
    static void (*setSelinuxLogCallback)();
    static int (*setParamCheck)(const char *paraName, struct ucred *uc);
    g_selinuxHandle = dlopen("/system/lib/libparaperm_checker.z.so", RTLD_LAZY);
@@ -287,9 +284,11 @@ int CheckParamPermission(const ParamWorkSpace *workSpace,
    }
    PARAM_CHECK(name != NULL && srcLabel != NULL, return -1, "Invalid param");
 #ifdef WITH_SELINUX
-    int ret = CheckParamPermissionWithSelinux(srcLabel, name, mode);
-    if (ret == DAC_RESULT_PERMISSION) {
-        return DAC_RESULT_PERMISSION;
+    if (mode == DAC_WRITE) {
+        int ret = CheckParamPermissionWithSelinux(srcLabel, name, mode);
+        if (ret == DAC_RESULT_PERMISSION) {
+            return DAC_RESULT_PERMISSION;
+        }
    }
 #endif
    if (workSpace->paramSecurityOps.securityCheckParamPermission == NULL) {