!1102 清理非必要caps

Merge pull request !1102 from dapaodexiaoyu2/master

!1102 清理非必要caps
Merge pull request !1102 from dapaodexiaoyu2/master
d76daafc · openharmony_ci · Gitee · 4507570f · 0507592d · d76daafc
4 changed file
--- a/services/param/adapter/param_selinux.c
+++ b/services/param/adapter/param_selinux.c
@@ -216,14 +216,15 @@ static int SelinuxCheckParamPermission(const ParamSecurityLabel *srcLabel, const
    SelinuxSpace *selinuxSpace = &GetParamWorkSpace()->selinuxSpace;
    int ret = DAC_RESULT_FORBIDED;
    // check
-    struct ucred uc;
-    uc.pid = srcLabel->cred.pid;
-    uc.uid = srcLabel->cred.uid;
-    uc.gid = srcLabel->cred.gid;
+    SrcInfo info;
+    info.uc.pid = srcLabel->cred.pid;
+    info.uc.uid = srcLabel->cred.uid;
+    info.uc.gid = srcLabel->cred.gid;
+    info.sockFd = srcLabel->sockFd;
    if (mode == DAC_WRITE) {
        PARAM_CHECK(selinuxSpace->setParamCheck != NULL, return ret, "Invalid setParamCheck");
        const char *context = GetSelinuxContent(name);
-        ret = selinuxSpace->setParamCheck(name, context, &uc);
+        ret = selinuxSpace->setParamCheck(name, context, &info);
    } else {
 #ifndef STARTUP_INIT_TEST
        ret = SelinuxReadParamCheck(name);
@@ -232,7 +233,8 @@ static int SelinuxCheckParamPermission(const ParamSecurityLabel *srcLabel, const
 #endif
    }
    if (ret != 0) {
-        PARAM_LOGW("Selinux check name %s pid %d uid %d %d result %d", name, uc.pid, uc.uid, uc.gid, ret);
+        PARAM_LOGW("Selinux check name %s pid %d uid %d %d result %d", name, info.uc.pid,
+            info.uc.uid, info.uc.gid, ret);
        ret = DAC_RESULT_FORBIDED;
    } else {
        ret = DAC_RESULT_PERMISSION;

--- a/services/param/include/param_security.h
+++ b/services/param/include/param_security.h
@@ -25,6 +25,9 @@
 #else
 typedef struct ParamContextsList_ {
 } ParamContextsList;
+
+typedef struct SrcInfo {
+} SrcInfo;
 #endif

 #include "beget_ext.h"
@@ -66,6 +69,7 @@ typedef enum {
 } ParamSecurityType;

 typedef struct {
+    int32_t sockFd;
    UserCred cred;
    uint32_t flags[PARAM_SECURITY_MAX];
 } ParamSecurityLabel;
@@ -96,11 +100,11 @@ typedef struct {
 } ParamSecurityOps;

 typedef int (*RegisterSecurityOpsPtr)(ParamSecurityOps *ops, int isInit);
-typedef int (*SelinuxSetParamCheck)(const char *paraName, const char *destContext, struct ucred *uc);
+typedef int (*SelinuxSetParamCheck)(const char *paraName, const char *destContext, const SrcInfo *info);
 typedef struct SelinuxSpace_ {
    void *selinuxHandle;
    void (*setSelinuxLogCallback)(void);
-    int (*setParamCheck)(const char *paraName, const char *destContext, struct ucred *uc);
+    int (*setParamCheck)(const char *paraName, const char *destContext, const SrcInfo *info);
    const char *(*getParamLabel)(const char *paraName);
    int (*initParamSelinux)(void);
    int (*readParamCheck)(const char *paraName);
@@ -122,4 +126,4 @@ INIT_LOCAL_API int RegisterSecurityOps(int onlyRead);
 }
 #endif
 #endif
-#endif  // BASE_STARTUP_PARAM_SECURITY_H
\ No newline at end of file
+#endif  // BASE_STARTUP_PARAM_SECURITY_H
--- a/services/param/linux/param_service.c
+++ b/services/param/linux/param_service.c
@@ -168,6 +168,7 @@ static int HandleParamSet(const ParamTaskPtr worker, const ParamMessage *msg)
        PARAM_LOGE("Failed to get opt %d", errno);
        return SendResponseMsg(worker, msg, -1);
    }
+    srcLabel.sockFd = LE_GetSocketFd(worker);
    srcLabel.cred.uid = cr.uid;
    srcLabel.cred.pid = cr.pid;
    srcLabel.cred.gid = cr.gid;

--- a/test/unittest/param/param_stub.cpp
+++ b/test/unittest/param/param_stub.cpp
@@ -61,7 +61,7 @@ static const char *forbitWriteParamName[] = {
    "test.persmission.watch"
 };

-static int TestSetParamCheck(const char *paraName, const char *context, struct ucred *uc)
+static int TestSetParamCheck(const char *paraName, const char *context, const SrcInfo *info)
 {
    // forbid to read ohos.servicectrl.
    for (size_t i = 0; i < ARRAY_LENGTH(forbitWriteParamName); i++) {