diff --git a/interfaces/innerkits/include/beget_ext.h b/interfaces/innerkits/include/beget_ext.h index f3bdb3a51285be15008d73e4fea1282fbe220f8a..cfb62ec889fced65deabd0c8559668aa09d839de 100644 --- a/interfaces/innerkits/include/beget_ext.h +++ b/interfaces/innerkits/include/beget_ext.h @@ -47,7 +47,7 @@ typedef enum InitLogLevel { INIT_FATAL } InitLogLevel; -typedef void (*InitCommLog)(InitLogLevel logLevel, uint32_t domain, const char *tag, const char *fmt, va_list vargs); +typedef void (*InitCommLog)(int logLevel, uint32_t domain, const char *tag, const char *fmt, va_list vargs); #define FILE_NAME (strrchr((__FILE__), '/') ? strrchr((__FILE__), '/') + 1 : (__FILE__)) INIT_PUBLIC_API void StartupLog(InitLogLevel logLevel, uint32_t domain, const char *tag, const char *fmt, ...); diff --git a/services/log/init_log.c b/services/log/init_log.c index b9144eeb75b265826fb16d1def6b47201293344c..8ca97e310132c9a89c54bb320657de0a3cac51a9 100644 --- a/services/log/init_log.c +++ b/services/log/init_log.c @@ -116,8 +116,7 @@ static void PrintLog(InitLogLevel logLevel, unsigned int domain, const char *tag #endif } -INIT_LOCAL_API void InitLog(InitLogLevel logLevel, - unsigned int domain, const char *tag, const char *fmt, va_list vargs) +INIT_LOCAL_API void InitLog(int logLevel, unsigned int domain, const char *tag, const char *fmt, va_list vargs) { if (g_logLevel > logLevel) { return; diff --git a/services/log/init_log.h b/services/log/init_log.h index f1403327cacb8de3fd9834713b8dbe7e848b7702..780031ff8f09423ca456419333b6e9f28015ccbb 100644 --- a/services/log/init_log.h +++ b/services/log/init_log.h @@ -37,8 +37,7 @@ extern "C" { #endif INIT_LOCAL_API void OpenLogDevice(void); -INIT_LOCAL_API void InitLog(InitLogLevel logLevel, - unsigned int domain, const char *tag, const char *fmt, va_list vargs); +INIT_LOCAL_API void InitLog(int logLevel, unsigned int domain, const char *tag, const char *fmt, va_list vargs); #ifdef PARAM_BASE #define INIT_LOGV(fmt, ...) diff --git a/services/param/adapter/param_selinux.c b/services/param/adapter/param_selinux.c index 1d50a13437a905cf1e991c0f24814720974e414e..e30845785093a4181939508aa3182a67521f833e 100644 --- a/services/param/adapter/param_selinux.c +++ b/services/param/adapter/param_selinux.c @@ -154,7 +154,7 @@ static int SelinuxGetAllLabel(int readOnly) node = node->next; continue; } - // set selinx label + // set selinux label SetSelinuxFileCon(node->info.paraName, node->info.paraContext); node = node->next; } @@ -200,15 +200,12 @@ static int SelinuxReadParamCheck(const char *name) if (selinuxSpace->readParamCheck != NULL) { ret = selinuxSpace->readParamCheck(name); PARAM_LOGI("SelinuxReadParamCheck name %s ret %d", name, ret); + return ret; } - const char *label = GetSelinuxContent(name); - if (label == NULL) { // open file with readonly - ret = AddWorkSpace(WORKSPACE_NAME_DEF_SELINUX, 1, PARAM_WORKSPACE_MAX); - } else { - ret = AddWorkSpace(label, 1, PARAM_WORKSPACE_MAX); - } - if (ret != 0) { - PARAM_LOGV("SelinuxReadParamCheck name %s label %s ", name, label); + PARAM_LOGW("SelinuxReadParamCheck name %s label %s", name, GetSelinuxContent(name)); + WorkSpace *space = GetWorkSpace(name); + if (space == NULL) { + PARAM_LOGW("SelinuxReadParamCheck name %s label %s forbid", name, GetSelinuxContent(name)); return DAC_RESULT_FORBIDED; } return DAC_RESULT_PERMISSION; @@ -225,7 +222,8 @@ static int SelinuxCheckParamPermission(const ParamSecurityLabel *srcLabel, const uc.gid = srcLabel->cred.gid; if (mode == DAC_WRITE) { PARAM_CHECK(selinuxSpace->setParamCheck != NULL, return ret, "Invalid setParamCheck"); - ret = selinuxSpace->setParamCheck(name, &uc); + const char *context = GetSelinuxContent(name); + ret = selinuxSpace->setParamCheck(name, context, &uc); } else { #ifndef STARTUP_INIT_TEST ret = SelinuxReadParamCheck(name); diff --git a/services/param/base/BUILD.gn b/services/param/base/BUILD.gn index 85e4c3cf4151968bcddc3875a389e7d04826c7e0..58dcc5b97a82512c1d9aa841a71ac8ffa1ea39f1 100644 --- a/services/param/base/BUILD.gn +++ b/services/param/base/BUILD.gn @@ -71,7 +71,26 @@ if (defined(ohos_lite)) { } } } else { - ohos_source_set("parameterbase") { + inherited_configs = [ + "//build/config/compiler:afdo", + "//build/config/compiler:afdo_optimize_size", + "//build/config/compiler:compiler", + "//build/config/compiler:compiler_arm_fpu", + "//build/config/compiler:compiler_arm_thumb", + "//build/config/compiler:chromium_code", + "//build/config/compiler:default_include_dirs", + "//build/config/compiler:default_optimization", + "//build/config/compiler:default_stack_frames", + "//build/config/compiler:default_symbols", + "//build/config/compiler:export_dynamic", + "//build/config/compiler:no_exceptions", + "//build/config/compiler:no_rtti", + "//build/config/compiler:runtime_library", + "//build/config/compiler:thin_archive", + "//build/config/sanitizers:default_sanitizer_flags", + ] + + source_set("parameterbase") { sources = comm_sources sources += [ "//base/startup/init/services/param/adapter/param_dac.c", @@ -79,6 +98,9 @@ if (defined(ohos_lite)) { "//base/startup/init/services/param/linux/param_osadp.c", ] cflags = [ "-fPIC" ] + ldflags = [ "-nostdlib" ] + configs -= inherited_configs + configs += [ "//build/config/compiler:compiler" ] include_dirs = base_include_dirs public_configs = [ ":exported_header_files" ] defines = [ "_GNU_SOURCE" ] @@ -106,7 +128,6 @@ if (defined(ohos_lite)) { if (param_base_log) { defines += [ "PARAM_BASE_LOG" ] } - part_name = "init" } # extend for base @@ -114,8 +135,6 @@ if (defined(ohos_lite)) { sources = comm_sources sources += [ "//base/startup/init/services/log/init_commlog.c", - "//base/startup/init/services/param/adapter/param_dac.c", - "//base/startup/init/services/param/base/param_base.c", "//base/startup/init/services/param/linux/param_osadp.c", ] cflags = [ "-fPIC" ] @@ -130,8 +149,6 @@ if (defined(ohos_lite)) { "//third_party/selinux/libselinux/include/", "//base/security/selinux/interfaces/policycoreutils/include/", ] - sources += - [ "//base/startup/init/services/param/adapter/param_selinux.c" ] defines += [ "PARAM_SUPPORT_SELINUX", "PARAMWORKSPACE_NEED_MUTEX", diff --git a/services/param/include/param_security.h b/services/param/include/param_security.h index 28517acedf4e3d159faf6650ce795e21ac99b83c..9150c466da757bd4b5e63ccc46b5d96048242e34 100644 --- a/services/param/include/param_security.h +++ b/services/param/include/param_security.h @@ -96,11 +96,11 @@ typedef struct { } ParamSecurityOps; typedef int (*RegisterSecurityOpsPtr)(ParamSecurityOps *ops, int isInit); -typedef int (*SelinuxSetParamCheck)(const char *paraName, struct ucred *uc); +typedef int (*SelinuxSetParamCheck)(const char *paraName, const char *destContext, struct ucred *uc); typedef struct SelinuxSpace_ { void *selinuxHandle; void (*setSelinuxLogCallback)(void); - int (*setParamCheck)(const char *paraName, struct ucred *uc); + int (*setParamCheck)(const char *paraName, const char *destContext, struct ucred *uc); const char *(*getParamLabel)(const char *paraName); int (*initParamSelinux)(void); int (*readParamCheck)(const char *paraName); diff --git a/services/param/linux/param_service.c b/services/param/linux/param_service.c index 753dcd8b93e17646d66c3c4bb7b52f4d0665ebe7..780cdf4f68272ca25cbaf52d5efcd58766f034dc 100755 --- a/services/param/linux/param_service.c +++ b/services/param/linux/param_service.c @@ -18,9 +18,7 @@ #include #include -#ifdef PARAM_BASE_LOG #include "init_log.h" -#endif #include "init_param.h" #include "init_utils.h" #include "loop_event.h" @@ -380,9 +378,8 @@ void InitParamService(void) // param space PARAM_WORKSPACE_OPS ops = {0}; ops.updaterMode = InUpdaterMode(); -#ifdef PARAM_BASE_LOG + // init open log ops.logFunc = InitLog; -#endif #ifdef PARAM_SUPPORT_SELINUX ops.setfilecon = setfilecon; #endif diff --git a/test/unittest/param/param_stub.cpp b/test/unittest/param/param_stub.cpp index 02a800fadbbaa60e7c021e2d97735c1f1af3b710..9b059e62b5865977476149caa0331a6e3433f62f 100644 --- a/test/unittest/param/param_stub.cpp +++ b/test/unittest/param/param_stub.cpp @@ -61,7 +61,7 @@ static const char *forbitWriteParamName[] = { "test.persmission.watch" }; -static int TestSetParamCheck(const char *paraName, struct ucred *uc) +static int TestSetParamCheck(const char *paraName, const char *context, struct ucred *uc) { // forbid to read ohos.servicectrl. for (size_t i = 0; i < ARRAY_LENGTH(forbitWriteParamName); i++) {