Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Startup Init Lite
提交
fd4b59bf
S
Startup Init Lite
项目概览
OpenHarmony
/
Startup Init Lite
大约 1 年 前同步成功
通知
3
Star
37
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
Startup Init Lite
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
fd4b59bf
编写于
6月 27, 2022
作者:
M
Mupceet
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
fix bug fir deny
Signed-off-by:
N
Mupceet
<
laiguizhong@huawei.com
>
上级
1261fd89
变更
8
隐藏空白更改
内联
并排
Showing
8 changed file
with
68 addition
and
13 deletion
+68
-13
scripts/param_cfg_to_code.py
scripts/param_cfg_to_code.py
+2
-0
services/include/param/init_param.h
services/include/param/init_param.h
+1
-0
services/init/standard/init.c
services/init/standard/init.c
+3
-0
services/modules/BUILD.gn
services/modules/BUILD.gn
+2
-3
services/param/adapter/param_selinux.c
services/param/adapter/param_selinux.c
+39
-3
services/param/base/param_trie.c
services/param/base/param_trie.c
+1
-1
services/param/linux/BUILD.gn
services/param/linux/BUILD.gn
+10
-0
services/param/linux/param_service.c
services/param/linux/param_service.c
+10
-6
未找到文件。
scripts/param_cfg_to_code.py
浏览文件 @
fd4b59bf
...
@@ -107,6 +107,8 @@ def WriteMapToCode(codeName, dict):
...
@@ -107,6 +107,8 @@ def WriteMapToCode(codeName, dict):
f
.
write
(
'#endif'
+
os
.
linesep
)
f
.
write
(
'#endif'
+
os
.
linesep
)
f
.
write
(
'#endif'
+
os
.
linesep
)
f
.
write
(
'#endif'
+
os
.
linesep
)
f
.
write
(
'#endif // PARAM_LITE_DEF_CFG_'
+
os
.
linesep
)
f
.
write
(
'#endif // PARAM_LITE_DEF_CFG_'
+
os
.
linesep
)
f
.
write
(
os
.
linesep
)
f
.
truncate
()
except
IOError
:
except
IOError
:
print
(
"Error: open or write file %s fail"
%
{
codeName
})
print
(
"Error: open or write file %s fail"
%
{
codeName
})
else
:
else
:
...
...
services/include/param/init_param.h
浏览文件 @
fd4b59bf
...
@@ -71,6 +71,7 @@ typedef enum {
...
@@ -71,6 +71,7 @@ typedef enum {
*
*
*/
*/
void
InitParamService
(
void
);
void
InitParamService
(
void
);
void
LoadSpecialParam
(
void
);
/**
/**
* Init 接口
* Init 接口
...
...
services/init/standard/init.c
浏览文件 @
fd4b59bf
...
@@ -376,6 +376,9 @@ void SystemConfig(void)
...
@@ -376,6 +376,9 @@ void SystemConfig(void)
// load SELinux context and policy
// load SELinux context and policy
// Do not move position!
// Do not move position!
SystemLoadSelinux
();
SystemLoadSelinux
();
LoadSpecialParam
();
// parse parameters
// parse parameters
HookMgrExecute
(
GetBootStageHookMgr
(),
INIT_PRE_PARAM_LOAD
,
(
void
*
)
&
timingStat
,
(
void
*
)
&
options
);
HookMgrExecute
(
GetBootStageHookMgr
(),
INIT_PRE_PARAM_LOAD
,
(
void
*
)
&
timingStat
,
(
void
*
)
&
options
);
InitLoadParamFiles
();
InitLoadParamFiles
();
...
...
services/modules/BUILD.gn
浏览文件 @
fd4b59bf
...
@@ -24,9 +24,8 @@ if (!defined(ohos_lite)) {
...
@@ -24,9 +24,8 @@ if (!defined(ohos_lite)) {
]
]
deps = [
deps = [
"//base/startup/init_lite/services/param/base:parameterbase",
"//base/startup/init_lite/interfaces/innerkits:libbegetutil",
"//base/startup/init_lite/services/utils:libinit_utils",
"//third_party/bounds_checking_function:libsec_shared",
"//third_party/bounds_checking_function:libsec_static",
"//third_party/cJSON:cjson_static",
"//third_party/cJSON:cjson_static",
]
]
...
...
services/param/adapter/param_selinux.c
浏览文件 @
fd4b59bf
...
@@ -23,6 +23,8 @@
...
@@ -23,6 +23,8 @@
#include "param_base.h"
#include "param_base.h"
#ifdef PARAM_SUPPORT_SELINUX
#ifdef PARAM_SUPPORT_SELINUX
#include "selinux_parameter.h"
#include "selinux_parameter.h"
#include <policycoreutils.h>
#include <selinux/selinux.h>
#endif
#endif
#ifdef __aarch64__
#ifdef __aarch64__
...
@@ -67,6 +69,9 @@ static int InitLocalSecurityLabel(ParamSecurityLabel *security, int isInit)
...
@@ -67,6 +69,9 @@ static int InitLocalSecurityLabel(ParamSecurityLabel *security, int isInit)
g_selinuxSpace
.
initParamSelinux
=
(
void
(
*
)())
dlsym
(
handle
,
"InitParamSelinux"
);
g_selinuxSpace
.
initParamSelinux
=
(
void
(
*
)())
dlsym
(
handle
,
"InitParamSelinux"
);
PARAM_CHECK
(
g_selinuxSpace
.
initParamSelinux
!=
NULL
,
return
-
1
,
"Failed to dlsym initParamSelinux "
);
PARAM_CHECK
(
g_selinuxSpace
.
initParamSelinux
!=
NULL
,
return
-
1
,
"Failed to dlsym initParamSelinux "
);
}
}
if
(
g_selinuxSpace
.
readParamCheck
==
NULL
)
{
g_selinuxSpace
.
readParamCheck
=
(
int
(
*
)(
const
char
*
))
dlsym
(
handle
,
"ReadParamCheck"
);
}
if
(
g_selinuxSpace
.
destroyParamList
==
NULL
)
{
if
(
g_selinuxSpace
.
destroyParamList
==
NULL
)
{
g_selinuxSpace
.
destroyParamList
=
g_selinuxSpace
.
destroyParamList
=
(
void
(
*
)(
ParamContextsList
**
))
dlsym
(
handle
,
"DestroyParamList"
);
(
void
(
*
)(
ParamContextsList
**
))
dlsym
(
handle
,
"DestroyParamList"
);
...
@@ -84,11 +89,25 @@ static int FreeLocalSecurityLabel(ParamSecurityLabel *srcLabel)
...
@@ -84,11 +89,25 @@ static int FreeLocalSecurityLabel(ParamSecurityLabel *srcLabel)
return
0
;
return
0
;
}
}
static
void
SetSelinuxFileCon
(
const
char
*
name
,
const
char
*
context
)
{
static
char
buffer
[
FILENAME_LEN_MAX
]
=
{
0
};
int
len
=
ParamSprintf
(
buffer
,
sizeof
(
buffer
),
"%s/%s"
,
PARAM_STORAGE_PATH
,
context
);
if
(
len
>
0
)
{
buffer
[
len
]
=
'\0'
;
PARAM_LOGI
(
"setfilecon name %s path: %s %s "
,
name
,
context
,
buffer
);
if
(
setfilecon
(
buffer
,
context
)
<
0
)
{
PARAM_LOGE
(
"Failed to setfilecon %s "
,
context
);
}
}
}
static
int
SelinuxGetAllLabel
(
int
readOnly
)
static
int
SelinuxGetAllLabel
(
int
readOnly
)
{
{
PARAM_CHECK
(
g_selinuxSpace
.
getParamList
!=
NULL
,
return
DAC_RESULT_FORBIDED
,
"Invalid getParamList"
);
PARAM_CHECK
(
g_selinuxSpace
.
getParamList
!=
NULL
,
return
DAC_RESULT_FORBIDED
,
"Invalid getParamList"
);
ParamContextsList
*
head
=
g_selinuxSpace
.
getParamList
();
ParamContextsList
*
head
=
g_selinuxSpace
.
getParamList
();
ParamContextsList
*
node
=
head
;
ParamContextsList
*
node
=
head
;
int
count
=
0
;
int
count
=
0
;
while
(
node
!=
NULL
)
{
while
(
node
!=
NULL
)
{
PARAM_LOGV
(
"GetParamSecurityLabel name %s content %s"
,
node
->
info
.
paraName
,
node
->
info
.
paraContext
);
PARAM_LOGV
(
"GetParamSecurityLabel name %s content %s"
,
node
->
info
.
paraName
,
node
->
info
.
paraContext
);
...
@@ -97,15 +116,27 @@ static int SelinuxGetAllLabel(int readOnly)
...
@@ -97,15 +116,27 @@ static int SelinuxGetAllLabel(int readOnly)
continue
;
continue
;
}
}
int
ret
=
AddWorkSpace
(
node
->
info
.
paraContext
,
readOnly
,
PARAM_WORKSPACE_DEF
);
int
ret
=
AddWorkSpace
(
node
->
info
.
paraContext
,
readOnly
,
PARAM_WORKSPACE_DEF
);
PARAM_CHECK
(
ret
==
0
,
continue
,
if
(
ret
!=
0
)
{
"Failed to add selinux workspace %s %s"
,
node
->
info
.
paraName
,
node
->
info
.
paraContext
);
PARAM_LOGE
(
"Forbid to add selinux workspace %s %s"
,
node
->
info
.
paraName
,
node
->
info
.
paraContext
);
node
=
node
->
next
;
node
=
node
->
next
;
continue
;
}
count
++
;
count
++
;
if
(
readOnly
!=
0
)
{
node
=
node
->
next
;
continue
;
}
// set selinx label
SetSelinuxFileCon
(
node
->
info
.
paraName
,
node
->
info
.
paraContext
);
node
=
node
->
next
;
}
}
int
ret
=
AddWorkSpace
(
WORKSPACE_NAME_DEF_SELINUX
,
readOnly
,
PARAM_WORKSPACE_MAX
);
int
ret
=
AddWorkSpace
(
WORKSPACE_NAME_DEF_SELINUX
,
readOnly
,
PARAM_WORKSPACE_MAX
);
PARAM_CHECK
(
ret
==
0
,
return
-
1
,
PARAM_CHECK
(
ret
==
0
,
return
-
1
,
"Failed to add selinux workspace %s"
,
WORKSPACE_NAME_DEF_SELINUX
);
"Failed to add selinux workspace %s"
,
WORKSPACE_NAME_DEF_SELINUX
);
if
(
readOnly
==
0
)
{
SetSelinuxFileCon
(
WORKSPACE_NAME_DEF_SELINUX
,
WORKSPACE_NAME_DEF_SELINUX
);
}
PARAM_LOGI
(
"SelinuxGetAllLabel count %d"
,
count
);
PARAM_LOGI
(
"SelinuxGetAllLabel count %d"
,
count
);
return
0
;
return
0
;
}
}
...
@@ -126,10 +157,15 @@ static int CheckFilePermission(const ParamSecurityLabel *localLabel, const char
...
@@ -126,10 +157,15 @@ static int CheckFilePermission(const ParamSecurityLabel *localLabel, const char
static
int
SelinuxReadParamCheck
(
const
char
*
name
)
static
int
SelinuxReadParamCheck
(
const
char
*
name
)
{
{
int
ret
=
DAC_RESULT_FORBIDED
;
int
ret
=
DAC_RESULT_FORBIDED
;
if
(
g_selinuxSpace
.
readParamCheck
!=
NULL
)
{
ret
=
g_selinuxSpace
.
readParamCheck
(
name
);
PARAM_LOGI
(
"SelinuxReadParamCheck name %s ret %d"
,
name
,
ret
);
}
const
char
*
label
=
GetSelinuxContent
(
name
);
const
char
*
label
=
GetSelinuxContent
(
name
);
if
(
label
==
NULL
)
{
// open file with readonly
if
(
label
==
NULL
)
{
// open file with readonly
ret
=
AddWorkSpace
(
WORKSPACE_NAME_DEF_SELINUX
,
1
,
PARAM_WORKSPACE_MAX
);
ret
=
AddWorkSpace
(
WORKSPACE_NAME_DEF_SELINUX
,
1
,
PARAM_WORKSPACE_MAX
);
}
else
{
}
else
{
PARAM_LOGI
(
"SelinuxReadParamCheck name %s label %s"
,
name
,
label
);
ret
=
AddWorkSpace
(
label
,
1
,
PARAM_WORKSPACE_MAX
);
ret
=
AddWorkSpace
(
label
,
1
,
PARAM_WORKSPACE_MAX
);
}
}
if
(
ret
!=
0
)
{
if
(
ret
!=
0
)
{
...
...
services/param/base/param_trie.c
浏览文件 @
fd4b59bf
...
@@ -23,7 +23,7 @@
...
@@ -23,7 +23,7 @@
#include "param_osadp.h"
#include "param_osadp.h"
#include "param_utils.h"
#include "param_utils.h"
int
GetRealFileName
(
WorkSpace
*
workSpace
,
char
*
buffer
,
uint32_t
size
)
static
int
GetRealFileName
(
WorkSpace
*
workSpace
,
char
*
buffer
,
uint32_t
size
)
{
{
int
ret
=
ParamSprintf
(
buffer
,
size
,
"%s/%s"
,
PARAM_STORAGE_PATH
,
workSpace
->
fileName
);
int
ret
=
ParamSprintf
(
buffer
,
size
,
"%s/%s"
,
PARAM_STORAGE_PATH
,
workSpace
->
fileName
);
PARAM_CHECK
(
ret
>
0
,
return
-
1
,
"Failed to copy file name %s"
,
workSpace
->
fileName
);
PARAM_CHECK
(
ret
>
0
,
return
-
1
,
"Failed to copy file name %s"
,
workSpace
->
fileName
);
...
...
services/param/linux/BUILD.gn
浏览文件 @
fd4b59bf
...
@@ -111,6 +111,10 @@ if (defined(ohos_lite)) {
...
@@ -111,6 +111,10 @@ if (defined(ohos_lite)) {
}
}
if (build_selinux) {
if (build_selinux) {
include_dirs += [
"//third_party/selinux/libselinux/include/",
"//base/security/selinux/interfaces/policycoreutils/include/",
]
defines += [ "PARAM_SUPPORT_SELINUX" ]
defines += [ "PARAM_SUPPORT_SELINUX" ]
}
}
part_name = "init"
part_name = "init"
...
@@ -121,11 +125,17 @@ if (defined(ohos_lite)) {
...
@@ -121,11 +125,17 @@ if (defined(ohos_lite)) {
sources = param_client_sources
sources = param_client_sources
include_dirs = param_include_dirs
include_dirs = param_include_dirs
public_configs = [ ":exported_header_files" ]
public_configs = [ ":exported_header_files" ]
deps = []
defines = [
defines = [
"_GNU_SOURCE",
"_GNU_SOURCE",
"INIT_AGENT",
"INIT_AGENT",
]
]
if (build_selinux) {
if (build_selinux) {
deps += [
"//base/security/selinux:libload_policy",
"//base/security/selinux:librestorecon",
"//third_party/selinux:libselinux",
]
defines += [
defines += [
"PARAM_SUPPORT_SELINUX",
"PARAM_SUPPORT_SELINUX",
"PARAMWORKSPACE_NEED_MUTEX",
"PARAMWORKSPACE_NEED_MUTEX",
...
...
services/param/linux/param_service.c
浏览文件 @
fd4b59bf
...
@@ -391,12 +391,6 @@ void InitParamService(void)
...
@@ -391,12 +391,6 @@ void InitParamService(void)
ret
=
ParamServerCreate
(
&
g_paramService
.
serverTask
,
&
info
);
ret
=
ParamServerCreate
(
&
g_paramService
.
serverTask
,
&
info
);
PARAM_CHECK
(
ret
==
0
,
return
,
"Failed to create server"
);
PARAM_CHECK
(
ret
==
0
,
return
,
"Failed to create server"
);
}
}
// read selinux label
LoadSelinuxLabel
();
// from cmdline
LoadParamFromCmdLine
();
// from build
LoadParamFromBuild
();
// init trigger space
// init trigger space
ret
=
InitTriggerWorkSpace
();
ret
=
InitTriggerWorkSpace
();
...
@@ -405,6 +399,16 @@ void InitParamService(void)
...
@@ -405,6 +399,16 @@ void InitParamService(void)
RegisterTriggerExec
(
TRIGGER_PARAM_WATCH
,
ExecuteWatchTrigger_
);
RegisterTriggerExec
(
TRIGGER_PARAM_WATCH
,
ExecuteWatchTrigger_
);
}
}
void
LoadSpecialParam
(
void
)
{
// read selinux label
LoadSelinuxLabel
();
// from cmdline
LoadParamFromCmdLine
();
// from build
LoadParamFromBuild
();
}
int
StartParamService
(
void
)
int
StartParamService
(
void
)
{
{
return
ParamServiceStart
();
return
ParamServiceStart
();
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录