diff --git a/security_lite/permission_posix/capability/src/ActsCapability.cpp b/security_lite/permission_posix/capability/src/ActsCapability.cpp old mode 100755 new mode 100644 index 4e71b9bb28793d6c754d5bda130b709446ce4b4c..6ff60e1e27091cd73c6f6bff85b2658fe315339f --- a/security_lite/permission_posix/capability/src/ActsCapability.cpp +++ b/security_lite/permission_posix/capability/src/ActsCapability.cpp @@ -35,12 +35,13 @@ int CapInit() { // Init capabilities struct __user_cap_header_struct capheader; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + (void)memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM]; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + (void)memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); capdata[0].permitted = LINUX_FULL_CAP; capdata[0].effective = LINUX_FULL_CAP; capdata[0].inheritable = LINUX_FULL_CAP; @@ -55,12 +56,21 @@ int CapInit() int DropCAPCHOWN() { struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("DropCAPCHOWN memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("DropCAPCHOWN memset_s failed"); + return FALSE; + }; // Drop the capabilities of CAP_CHOWN capdata[CAP_TO_INDEX(CAP_CHOWN)].permitted &= ~CAP_TO_MASK(CAP_CHOWN); capdata[CAP_TO_INDEX(CAP_CHOWN)].effective &= ~CAP_TO_MASK(CAP_CHOWN); @@ -75,12 +85,21 @@ int DropCAPCHOWN() int DropCAPDACOVERRIDE() { struct __user_cap_header_struct capheader = { 0, 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("DropCAPDACOVERRIDE memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("DropCAPDACOVERRIDE memset_s failed"); + return FALSE; + }; // Drop the capabilities of CAP_DAC_OVERRIDE capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].permitted &= ~CAP_TO_MASK(CAP_DAC_OVERRIDE); capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].effective &= ~CAP_TO_MASK(CAP_DAC_OVERRIDE); @@ -95,12 +114,21 @@ int DropCAPDACOVERRIDE() int DropCAPDACREADSEARCH() { struct __user_cap_header_struct capheader = { 0, 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("DropCAPDACREADSEARCH memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("DropCAPDACREADSEARCH memset_s failed"); + return FALSE; + }; // Drop the capabilities of CAP_DAC_READ_SEARCH capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].permitted &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH); capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].effective &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH); @@ -115,12 +143,21 @@ int DropCAPDACREADSEARCH() int DropCAPDACOVERRIDEAndREADSEARCH() { struct __user_cap_header_struct capheader = { 0, 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("DropCAPDACOVERRIDEAndREADSEARCH memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("DropCAPDACOVERRIDEAndREADSEARCH memset_s failed"); + return FALSE; + }; // Drop the capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].permitted &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH); capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].effective &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH); @@ -138,12 +175,21 @@ int DropCAPDACOVERRIDEAndREADSEARCH() int DropCAPFOWNER() { struct __user_cap_header_struct capheader = { 0, 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("DropCAPFOWNER memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("DropCAPFOWNER memset_s failed"); + return FALSE; + }; // Drop the capabilities of CAP_FOWNER capdata[CAP_TO_INDEX(CAP_FOWNER)].permitted &= ~CAP_TO_MASK(CAP_FOWNER); capdata[CAP_TO_INDEX(CAP_FOWNER)].effective &= ~CAP_TO_MASK(CAP_FOWNER); @@ -158,12 +204,21 @@ int DropCAPFOWNER() int DropCAPKILL() { struct __user_cap_header_struct capheader = { 0, 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("DropCAPKILL memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("DropCAPKILL memset_s failed"); + return FALSE; + }; // Drop the capabilities of CAP_KILL capdata[CAP_TO_INDEX(CAP_KILL)].permitted &= ~CAP_TO_MASK(CAP_KILL); capdata[CAP_TO_INDEX(CAP_KILL)].effective &= ~CAP_TO_MASK(CAP_KILL); @@ -178,12 +233,21 @@ int DropCAPKILL() int DropCAPSETGID() { struct __user_cap_header_struct capheader = { 0, 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("DropCAPSETGID memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct); + if (result != EOK) { + LOG("DropCAPSETGID memset_s failed"); + return FALSE; + }; // Drop the capabilities of CAP_SETGID capdata[CAP_TO_INDEX(CAP_SETGID)].permitted &= ~CAP_TO_MASK(CAP_SETGID); capdata[CAP_TO_INDEX(CAP_SETGID)].effective &= ~CAP_TO_MASK(CAP_SETGID); @@ -198,12 +262,21 @@ int DropCAPSETGID() int DropCAPSETUID() { struct __user_cap_header_struct capheader = { 0, 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("DropCAPSETUID memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("DropCAPSETUID memset_s failed"); + return FALSE; + }; // Drop the capabilities of CAP_SETUID capdata[CAP_TO_INDEX(CAP_SETUID)].permitted &= ~CAP_TO_MASK(CAP_SETUID); capdata[CAP_TO_INDEX(CAP_SETUID)].effective &= ~CAP_TO_MASK(CAP_SETUID); @@ -218,12 +291,21 @@ int DropCAPSETUID() int DropCAPSETPCAP() { struct __user_cap_header_struct capheader = { 0, 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("DropCAPSETPCAP memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("DropCAPSETPCAP memset_s failed"); + return FALSE; + }; // Drop the capabilities of CAP_SETPCAP capdata[CAP_TO_INDEX(CAP_SETPCAP)].permitted &= ~CAP_TO_MASK(CAP_SETPCAP); capdata[CAP_TO_INDEX(CAP_SETPCAP)].effective &= ~CAP_TO_MASK(CAP_SETPCAP); @@ -238,12 +320,21 @@ int DropCAPSETPCAP() int DropCAPSYSNICE() { struct __user_cap_header_struct capheader = { 0, 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("DropCAPSYSNICE memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("DropCAPSYSNICE memset_s failed"); + return FALSE; + }; // Drop the capabilities of CAP_SYS_NICE capdata[CAP_TO_INDEX(CAP_SYS_NICE)].permitted &= ~CAP_TO_MASK(CAP_SYS_NICE); capdata[CAP_TO_INDEX(CAP_SYS_NICE)].effective &= ~CAP_TO_MASK(CAP_SYS_NICE); @@ -258,12 +349,21 @@ int DropCAPSYSNICE() int DropCAPSYSTIME() { struct __user_cap_header_struct capheader = { 0, 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("DropCAPSYSTIME memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("DropCAPSYSTIME memset_s failed"); + return FALSE; + }; // Drop the capabilities of CAP_SYS_TIME capdata[CAP_TO_INDEX(CAP_SYS_TIME)].permitted &= ~CAP_TO_MASK(CAP_SYS_TIME); capdata[CAP_TO_INDEX(CAP_SYS_TIME)].effective &= ~CAP_TO_MASK(CAP_SYS_TIME); @@ -278,12 +378,21 @@ int DropCAPSYSTIME() int DropAllCAP() { struct __user_cap_header_struct capheader = { 0, 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("DropAllCAP memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("DropAllCAP memset_s failed"); + return FALSE; + }; // Drop all the capabilities capdata[0].permitted = NO_CAP; capdata[0].effective = NO_CAP; diff --git a/security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp b/security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp old mode 100755 new mode 100644 index 32d734a2f1758e72fd452a83efdc943e19cacd6a..b96b245c72e04c01674b7283900f93aadcc2f45c --- a/security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp +++ b/security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp @@ -214,12 +214,13 @@ static void CreateTxt() static int CapsetOnlySETPCAP(int num) { struct __user_cap_header_struct capheader; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + (void)memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM]; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + (void)memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); capdata[CAP_TO_INDEX(CAP_SETPCAP)].permitted |= CAP_TO_MASK(CAP_SETPCAP); capdata[CAP_TO_INDEX(CAP_SETPCAP)].effective |= CAP_TO_MASK(CAP_SETPCAP); capdata[CAP_TO_INDEX(CAP_SETPCAP)].inheritable |= CAP_TO_MASK(CAP_SETPCAP); @@ -235,12 +236,13 @@ static int CapsetOnlySETPCAP(int num) static int AddCapUnauthorized(int num) { struct __user_cap_header_struct capheader; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + (void)memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM]; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + (void)memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); capdata[0].permitted = LINUX_FULL_CAP; capdata[0].effective = LINUX_FULL_CAP; capdata[0].inheritable = LINUX_FULL_CAP; @@ -256,12 +258,21 @@ static int AddCapUnauthorized(int num) static int CapgetWithAllCap(int num) { struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; int ret = capget(&capheader, &capdataget[0]); if (ret != 0) { EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs"; @@ -280,12 +291,21 @@ static int CapgetWithAllCap(int num) static int CapgetWithNoCap(int num) { struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; int ret = capget(&capheader, &capdataget[0]); if (ret != 0) { EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs"; @@ -304,12 +324,21 @@ static int CapgetWithNoCap(int num) static int CapgetOnlySETPCAP(int num) { struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; int ret = capget(&capheader, &capdataget[0]); if (ret != 0) { EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs"; @@ -372,12 +401,21 @@ static int CapsetWithoutSETPCAP() static int CapsetWithVersion(pid_t pid, unsigned int version) { struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.pid = pid; capheader.version = version; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; // Capget based on input parameters int ret = capset(&capheader, &capdata[0]); if (ret != 0) { @@ -390,12 +428,21 @@ static int CapsetWithVersion(pid_t pid, unsigned int version) static int CapgetWithVersion(pid_t pid, unsigned int version) { struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.pid = pid; capheader.version = version; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; // Capget based on input parameters int ret = capget(&capheader, &capdataget[0]); if (ret != 0) { @@ -408,12 +455,21 @@ static int CapgetWithVersion(pid_t pid, unsigned int version) static int CapgetWithCaps(pid_t pid, unsigned int caps) { struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.pid = pid; capheader.version = _LINUX_CAPABILITY_VERSION_3; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; // Capget based on input parameters and check whether the capability is the same as the input parameter int ret = capget(&capheader, &capdataget[0]); if (ret != 0 || capdataget[0].effective != caps) { @@ -1179,12 +1235,13 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev if (pid == 0) { int exitCode = 0; struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + (void)memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - LINUX_FULL_CAP, CAP_NUM * sizeof(struct __user_cap_data_struct)); + (void)memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + LINUX_FULL_CAP, CAP_NUM * sizeof(struct __user_cap_data_struct)); capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].permitted &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX); capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].effective &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX); capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].inheritable &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX); @@ -1583,10 +1640,11 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1 { int ret; struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + (void)memset_s(&capheader, sizeof(struct __user_cap_header_struct), + 0, sizeof(struct __user_cap_header_struct)); capheader.version = _LINUX_CAPABILITY_VERSION_3; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), + (void)memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); pid_t pid = getpid(); for (int num = OTHER_PID; num <= pid; num++) {