diff --git a/services/etc/param/param_fixer.py b/services/etc/param/param_fixer.py index 76f526af118f7c5a84ef38d1f4693787f4fcc06a..8804f1faa7f21dbfb3d5e286bb62db517869660f 100755 --- a/services/etc/param/param_fixer.py +++ b/services/etc/param/param_fixer.py @@ -17,6 +17,7 @@ import optparse import os import sys import json +import stat sys.path.append(os.path.join(os.path.dirname(__file__), os.pardir, os.pardir, os.pardir, os.pardir, os.pardir, os.pardir, "build")) @@ -66,7 +67,9 @@ def fix_para_file(options): if options.extra: parse_extra_params(options.extra, contents) - with open(options.output, 'w') as f: + flags = os.O_WRONLY | os.O_CREAT | os.O_EXCL + modes = stat.S_IWUSR | stat.S_IRUSR | stat.S_IWGRP | stat.S_IRGRP + with os.fdopen(os.open(options.output, flags, modes), 'w') as f: for key in contents: f.write("".join([key, "=", contents[key], '\n'])) diff --git a/services/modules/seccomp/scripts/generate_code_from_policy.py b/services/modules/seccomp/scripts/generate_code_from_policy.py index 280ace8b2dbb874f8c7a088087e188f5a65ba137..69636e78432fae3864fea65f576105e0f3719b8c 100755 --- a/services/modules/seccomp/scripts/generate_code_from_policy.py +++ b/services/modules/seccomp/scripts/generate_code_from_policy.py @@ -20,6 +20,8 @@ import sys import argparse import textwrap import re +import os +import stat supported_parse_item = ['arch', 'labelName', 'priority', 'allowList', 'blockList', 'priorityWithArgs',\ 'allowListWithArgs', 'headFiles', 'selfDefineSyscall', 'returnValue', 'mode'] @@ -834,7 +836,10 @@ class SeccompPolicyParser: content = header + '\n'.join(extra_header_list) + array_name + \ ' ' + '\n '.join(self.bpf_generator.bpf_policy) + footer - with open(args.dstfile, 'w') as output_file: + + flags = os.O_WRONLY | os.O_CREAT | os.O_EXCL + modes = stat.S_IWUSR | stat.S_IRUSR | stat.S_IWGRP | stat.S_IRGRP + with os.fdopen(os.open(args.dstfile, flags, modes), 'w') as output_file: output_file.write(content) @staticmethod diff --git a/services/modules/selinux/selinux_adp.c b/services/modules/selinux/selinux_adp.c index 8ebe2cf97b5647274a4dd3e1f200035cba1e1d56..978a1e39e7dff3683fa6f0be8db1abef89540c76 100755 --- a/services/modules/selinux/selinux_adp.c +++ b/services/modules/selinux/selinux_adp.c @@ -36,7 +36,7 @@ extern char *__progname; static int LoadSelinuxPolicy(int id, const char *name, int argc, const char **argv) { int ret; - char process_context[MAX_SECON_LEN]; + char processContext[MAX_SECON_LEN]; UNUSED(id); UNUSED(name); @@ -50,11 +50,11 @@ static int LoadSelinuxPolicy(int id, const char *name, int argc, const char **ar PLUGIN_LOGI("main, load_policy success."); } - ret = snprintf_s(process_context, sizeof(process_context), sizeof(process_context) - 1, "u:r:%s:s0", __progname); + ret = snprintf_s(processContext, sizeof(processContext), sizeof(processContext) - 1, "u:r:%s:s0", __progname); if (ret == -1) { setcon("u:r:init:s0"); } else { - setcon(process_context); + setcon(processContext); } (void)RestoreconRecurse("/dev"); return 0; diff --git a/services/param/trigger/trigger_checker.c b/services/param/trigger/trigger_checker.c index 4b95fbb2d09118a35e553742f757e17a4aa46798..501a1b28c5a8c9097e823f37a81f3322d8191fa6 100644 --- a/services/param/trigger/trigger_checker.c +++ b/services/param/trigger/trigger_checker.c @@ -329,8 +329,7 @@ int CheckMatchSubCondition(const char *condition, const char *input, int length) PARAM_CHECK(condition != NULL, return 0, "Invalid condition"); PARAM_CHECK(input != NULL, return 0, "Invalid input"); const char *tmp = strstr(condition, input); - while (tmp != NULL) - { + while (tmp != NULL) { PARAM_LOGV("CheckMatchSubCondition Condition: '%s' content: '%s' length %d", condition, input, length); if (((int)strlen(tmp) <= length) || (tmp[length] != '=')) { return 0;