修改param检查规格

Signed-off-by: N Mupceet <laiguizhong@huawei.com> Change-Id: I0a90188e137e4e61f050088f5d7ed19261ab431e

修改param检查规格
Signed-off-by: N Mupceet <laiguizhong@huawei.com> Change-Id: I0a90188e137e4e61f050088f5d7ed19261ab431e
aff99754 · Mupceet · laiguizhong · 1b0d7f87 · aff99754 · aff99754
7 changed file
--- a/services/etc/param/ohos.para.dac
+++ b/services/etc/param/ohos.para.dac
@@ -31,3 +31,5 @@ persist.window.boot. = root:system:0775
 debug.bytrace.   = root:system:0775

 persist.distributed_hardware.device_manager. = system:system:0775
+bootevent. = samgr:samgr:0777
+hw_sc. = root:root:0777
--- a/services/param/adapter/param_dac.c
+++ b/services/param/adapter/param_dac.c
@@ -237,8 +237,13 @@ static int DacCheckParamPermission(const ParamSecurityLabel *srcLabel, const cha
    if ((node->mode & localMode) != 0) {
        ret = DAC_RESULT_PERMISSION;
    }
-    PARAM_LOGV("Param '%s' label gid:%d uid:%d mode 0%o", name, srcLabel->cred.gid, srcLabel->cred.uid, localMode);
-    PARAM_LOGV("Cfg label %d gid:%d uid:%d mode 0%o result %d", labelIndex, node->gid, node->uid, node->mode, ret);
+    if (ret != DAC_RESULT_PERMISSION) {
+        PARAM_LOGW("Param '%s' label gid:%d uid:%d mode 0%o", name, srcLabel->cred.gid, srcLabel->cred.uid, localMode);
+        PARAM_LOGW("Cfg label %d gid:%d uid:%d mode 0%o ", labelIndex, node->gid, node->uid, node->mode);
+#ifndef STARTUP_INIT_TEST
+        ret = DAC_RESULT_PERMISSION;
+#endif
+    }
    return ret;
 }


--- a/services/param/adapter/param_selinux.c
+++ b/services/param/adapter/param_selinux.c
@@ -193,7 +193,10 @@ static int SelinuxCheckParamPermission(const ParamSecurityLabel *srcLabel, const
 #endif
    }
    if (ret != 0) {
-        PARAM_LOGI("Selinux check name %s pid %d uid %d %d result %d", name, uc.pid, uc.uid, uc.gid, ret);
+        PARAM_LOGW("Selinux check name %s pid %d uid %d %d result %d", name, uc.pid, uc.uid, uc.gid, ret);
+        ret = DAC_RESULT_FORBIDED;
+    } else {
+        ret = DAC_RESULT_PERMISSION;
    }
    return ret;
 }

--- a/services/param/base/param_base.c
+++ b/services/param/base/param_base.c
@@ -299,12 +299,11 @@ INIT_INNER_API int CheckParamPermission(const ParamSecurityLabel *srcLabel, cons
                continue;
            }
            if (ops->securityCheckParamPermission == NULL) {
-                ret = DAC_RESULT_FORBIDED;
                continue;
            }
            ret = ops->securityCheckParamPermission(srcLabel, name, mode);
-            PARAM_LOGV("CheckParamPermission %s %s ret %d", ops->name, name, ret);
-            if (ret == DAC_RESULT_PERMISSION) {
+            if (ret == DAC_RESULT_FORBIDED) {
+                PARAM_LOGW("CheckParamPermission %s %s FORBID", ops->name, name);
                break;
            }
        }

--- a/services/param/include/param_utils.h
+++ b/services/param/include/param_utils.h
@@ -101,6 +101,7 @@ typedef struct cmdLineInfo {
 #define PARAM_LOGI(fmt, ...) STARTUP_LOGI(PARAN_DOMAIN, PARAN_LABEL, fmt, ##__VA_ARGS__)
 #define PARAM_LOGE(fmt, ...) STARTUP_LOGE(PARAN_DOMAIN, PARAN_LABEL, fmt, ##__VA_ARGS__)
 #define PARAM_LOGV(fmt, ...) STARTUP_LOGV(PARAN_DOMAIN, PARAN_LABEL, fmt, ##__VA_ARGS__)
+#define PARAM_LOGW(fmt, ...) STARTUP_LOGW(PARAN_DOMAIN, PARAN_LABEL, fmt, ##__VA_ARGS__)

 #define PARAM_CHECK(retCode, exper, ...) \
    if (!(retCode)) {                \

--- a/test/unittest/param/client_unittest.cpp
+++ b/test/unittest/param/client_unittest.cpp
@@ -135,8 +135,9 @@ static void TestPermission()
    EXPECT_EQ(ret, testResult);
 #endif
    u_int32_t len = sizeof(tmp);
+    SetTestPermissionResult(DAC_RESULT_FORBIDED);
    ret = SystemGetParameter(testName, tmp, &len);
-    EXPECT_EQ(ret, testResult);
+    EXPECT_EQ(ret, DAC_RESULT_FORBIDED);
    RegisterSecurityOps(0);
    SetTestPermissionResult(0); // recover testpermission result
 }

--- a/test/unittest/param/watcher_agent_unittest.cpp
+++ b/test/unittest/param/watcher_agent_unittest.cpp
@@ -61,7 +61,7 @@ public:
        ret = SystemWatchParameter("test.permission.watcher.tes^^^^t1*", TestParameterChange, nullptr);
        EXPECT_NE(ret, 0);
        ret = SystemWatchParameter("test.permission.read.test1*", TestParameterChange, nullptr);
-        EXPECT_EQ(ret, 0);
+        EXPECT_EQ(ret, DAC_RESULT_FORBIDED);
        return 0;
    }

@@ -78,7 +78,7 @@ public:
        ret = SystemWatchParameter("test.permission.watcher.tes^^^^t1*", nullptr, nullptr);
        EXPECT_NE(ret, 0);
        ret = SystemWatchParameter("test.permission.read.test1*", nullptr, nullptr);
-        EXPECT_EQ(ret, 0);
+        EXPECT_EQ(ret, DAC_RESULT_FORBIDED);
        return 0;
    }