Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Startup Init Lite
提交
b2c66323
S
Startup Init Lite
项目概览
OpenHarmony
/
Startup Init Lite
大约 1 年 前同步成功
通知
3
Star
37
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
Startup Init Lite
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
b2c66323
编写于
3月 03, 2022
作者:
X
xlei1030
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
针对读取param进行权限管控
Signed-off-by:
N
xlei1030
<
xionglei6@huawei.com
>
上级
85a97645
变更
4
显示空白变更内容
内联
并排
Showing
4 changed file
with
33 addition
and
0 deletion
+33
-0
services/BUILD.gn
services/BUILD.gn
+5
-0
services/param/BUILD.gn
services/param/BUILD.gn
+10
-0
services/param/adapter/param_dac.c
services/param/adapter/param_dac.c
+3
-0
services/param/manager/param_manager.c
services/param/manager/param_manager.c
+15
-0
未找到文件。
services/BUILD.gn
浏览文件 @
b2c66323
...
@@ -63,6 +63,11 @@ if (defined(ohos_lite)) {
...
@@ -63,6 +63,11 @@ if (defined(ohos_lite)) {
cflags = [ "-Wall" ]
cflags = [ "-Wall" ]
if (build_selinux) {
external_deps = [ "selinux:libparaperm_checker_static" ]
defines += [ "WITH_SELINUX" ]
}
deps = [
deps = [
"//base/hiviewdfx/hilog_lite/frameworks/featured:hilog_shared",
"//base/hiviewdfx/hilog_lite/frameworks/featured:hilog_shared",
"//base/startup/init_lite/initsync:initsync",
"//base/startup/init_lite/initsync:initsync",
...
...
services/param/BUILD.gn
浏览文件 @
b2c66323
...
@@ -62,6 +62,11 @@ ohos_static_library("param_service") {
...
@@ -62,6 +62,11 @@ ohos_static_library("param_service") {
}
}
}
}
if (build_selinux) {
external_deps = [ "selinux:libparaperm_checker_static" ]
defines += [ "WITH_SELINUX" ]
}
deps = [
deps = [
"//base/startup/init_lite/services/log:init_log",
"//base/startup/init_lite/services/log:init_log",
"//base/startup/init_lite/services/loopevent:loopevent",
"//base/startup/init_lite/services/loopevent:loopevent",
...
@@ -108,6 +113,11 @@ ohos_shared_library("param_client") {
...
@@ -108,6 +113,11 @@ ohos_shared_library("param_client") {
}
}
}
}
if (build_selinux) {
external_deps = [ "selinux:libparaperm_checker_static" ]
defines += [ "WITH_SELINUX" ]
}
deps = [
deps = [
"//base/startup/init_lite/services/log:agent_log",
"//base/startup/init_lite/services/log:agent_log",
"//third_party/bounds_checking_function:libsec_static",
"//third_party/bounds_checking_function:libsec_static",
...
...
services/param/adapter/param_dac.c
浏览文件 @
b2c66323
...
@@ -85,6 +85,9 @@ static int InitLocalSecurityLabel(ParamSecurityLabel **security, int isInit)
...
@@ -85,6 +85,9 @@ static int InitLocalSecurityLabel(ParamSecurityLabel **security, int isInit)
*
security
=
&
g_localSecurityLabel
;
*
security
=
&
g_localSecurityLabel
;
// support check write permission in client
// support check write permission in client
(
*
security
)
->
flags
|=
LABEL_CHECK_FOR_ALL_PROCESS
;
(
*
security
)
->
flags
|=
LABEL_CHECK_FOR_ALL_PROCESS
;
#ifdef WITH_SELINUX
(
*
security
)
->
flags
=
0
;
#endif
return
0
;
return
0
;
}
}
...
...
services/param/manager/param_manager.c
浏览文件 @
b2c66323
...
@@ -14,6 +14,9 @@
...
@@ -14,6 +14,9 @@
*/
*/
#include "param_manager.h"
#include "param_manager.h"
#ifdef WITH_SELINUX
#include "selinux_parameter.h"
#endif
#include <ctype.h>
#include <ctype.h>
...
@@ -240,6 +243,18 @@ int CheckParamPermission(const ParamWorkSpace *workSpace,
...
@@ -240,6 +243,18 @@ int CheckParamPermission(const ParamWorkSpace *workSpace,
return
0
;
return
0
;
}
}
PARAM_CHECK
(
name
!=
NULL
&&
srcLabel
!=
NULL
,
return
-
1
,
"Invalid param"
);
PARAM_CHECK
(
name
!=
NULL
&&
srcLabel
!=
NULL
,
return
-
1
,
"Invalid param"
);
#ifdef WITH_SELINUX
SetSelinuxLogCallback
();
if
(
srcLabel
!=
NULL
&&
mode
==
DAC_WRITE
)
{
PARAM_LOGI
(
"selinux SetParamCheck name %s, pid: %d"
,
name
,
srcLabel
->
cred
.
pid
);
struct
ucred
uc
;
uc
.
pid
=
srcLabel
->
cred
.
pid
;
uc
.
uid
=
srcLabel
->
cred
.
uid
;
uc
.
gid
=
srcLabel
->
cred
.
gid
;
int
ret
=
SetParamCheck
(
name
,
&
uc
);
PARAM_LOGI
(
"pid: %d SetParamCheck %s, result: %d"
,
srcLabel
->
cred
.
pid
,
name
,
ret
);
}
#endif
if
(
workSpace
->
paramSecurityOps
.
securityCheckParamPermission
==
NULL
)
{
if
(
workSpace
->
paramSecurityOps
.
securityCheckParamPermission
==
NULL
)
{
return
DAC_RESULT_FORBIDED
;
return
DAC_RESULT_FORBIDED
;
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录