未验证 提交 f51bac84 编写于 作者: O openharmony_ci 提交者: Gitee

!2813 OpenHarmony3.1.5.5 Hi3516DV300 L1 LiteOS 内源代码修改

Merge pull request !2813 from 胡吉翔/lite_20220323_02
...@@ -35,12 +35,13 @@ int CapInit() ...@@ -35,12 +35,13 @@ int CapInit()
{ {
// Init capabilities // Init capabilities
struct __user_cap_header_struct capheader; struct __user_cap_header_struct capheader;
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); (void)memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM]; struct __user_cap_data_struct capdata[CAP_NUM];
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), (void)memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
capdata[0].permitted = LINUX_FULL_CAP; capdata[0].permitted = LINUX_FULL_CAP;
capdata[0].effective = LINUX_FULL_CAP; capdata[0].effective = LINUX_FULL_CAP;
capdata[0].inheritable = LINUX_FULL_CAP; capdata[0].inheritable = LINUX_FULL_CAP;
...@@ -55,12 +56,21 @@ int CapInit() ...@@ -55,12 +56,21 @@ int CapInit()
int DropCAPCHOWN() int DropCAPCHOWN()
{ {
struct __user_cap_header_struct capheader = { 0 }; struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPCHOWN memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPCHOWN memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_CHOWN // Drop the capabilities of CAP_CHOWN
capdata[CAP_TO_INDEX(CAP_CHOWN)].permitted &= ~CAP_TO_MASK(CAP_CHOWN); capdata[CAP_TO_INDEX(CAP_CHOWN)].permitted &= ~CAP_TO_MASK(CAP_CHOWN);
capdata[CAP_TO_INDEX(CAP_CHOWN)].effective &= ~CAP_TO_MASK(CAP_CHOWN); capdata[CAP_TO_INDEX(CAP_CHOWN)].effective &= ~CAP_TO_MASK(CAP_CHOWN);
...@@ -75,12 +85,21 @@ int DropCAPCHOWN() ...@@ -75,12 +85,21 @@ int DropCAPCHOWN()
int DropCAPDACOVERRIDE() int DropCAPDACOVERRIDE()
{ {
struct __user_cap_header_struct capheader = { 0, 0 }; struct __user_cap_header_struct capheader = { 0, 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPDACOVERRIDE memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPDACOVERRIDE memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_DAC_OVERRIDE // Drop the capabilities of CAP_DAC_OVERRIDE
capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].permitted &= ~CAP_TO_MASK(CAP_DAC_OVERRIDE); capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].permitted &= ~CAP_TO_MASK(CAP_DAC_OVERRIDE);
capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].effective &= ~CAP_TO_MASK(CAP_DAC_OVERRIDE); capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].effective &= ~CAP_TO_MASK(CAP_DAC_OVERRIDE);
...@@ -95,12 +114,21 @@ int DropCAPDACOVERRIDE() ...@@ -95,12 +114,21 @@ int DropCAPDACOVERRIDE()
int DropCAPDACREADSEARCH() int DropCAPDACREADSEARCH()
{ {
struct __user_cap_header_struct capheader = { 0, 0 }; struct __user_cap_header_struct capheader = { 0, 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPDACREADSEARCH memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPDACREADSEARCH memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_DAC_READ_SEARCH // Drop the capabilities of CAP_DAC_READ_SEARCH
capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].permitted &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH); capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].permitted &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH);
capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].effective &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH); capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].effective &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH);
...@@ -115,12 +143,21 @@ int DropCAPDACREADSEARCH() ...@@ -115,12 +143,21 @@ int DropCAPDACREADSEARCH()
int DropCAPDACOVERRIDEAndREADSEARCH() int DropCAPDACOVERRIDEAndREADSEARCH()
{ {
struct __user_cap_header_struct capheader = { 0, 0 }; struct __user_cap_header_struct capheader = { 0, 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPDACOVERRIDEAndREADSEARCH memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPDACOVERRIDEAndREADSEARCH memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH // Drop the capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH
capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].permitted &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH); capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].permitted &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH);
capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].effective &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH); capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].effective &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH);
...@@ -138,12 +175,21 @@ int DropCAPDACOVERRIDEAndREADSEARCH() ...@@ -138,12 +175,21 @@ int DropCAPDACOVERRIDEAndREADSEARCH()
int DropCAPFOWNER() int DropCAPFOWNER()
{ {
struct __user_cap_header_struct capheader = { 0, 0 }; struct __user_cap_header_struct capheader = { 0, 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPFOWNER memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPFOWNER memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_FOWNER // Drop the capabilities of CAP_FOWNER
capdata[CAP_TO_INDEX(CAP_FOWNER)].permitted &= ~CAP_TO_MASK(CAP_FOWNER); capdata[CAP_TO_INDEX(CAP_FOWNER)].permitted &= ~CAP_TO_MASK(CAP_FOWNER);
capdata[CAP_TO_INDEX(CAP_FOWNER)].effective &= ~CAP_TO_MASK(CAP_FOWNER); capdata[CAP_TO_INDEX(CAP_FOWNER)].effective &= ~CAP_TO_MASK(CAP_FOWNER);
...@@ -158,12 +204,21 @@ int DropCAPFOWNER() ...@@ -158,12 +204,21 @@ int DropCAPFOWNER()
int DropCAPKILL() int DropCAPKILL()
{ {
struct __user_cap_header_struct capheader = { 0, 0 }; struct __user_cap_header_struct capheader = { 0, 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPKILL memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPKILL memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_KILL // Drop the capabilities of CAP_KILL
capdata[CAP_TO_INDEX(CAP_KILL)].permitted &= ~CAP_TO_MASK(CAP_KILL); capdata[CAP_TO_INDEX(CAP_KILL)].permitted &= ~CAP_TO_MASK(CAP_KILL);
capdata[CAP_TO_INDEX(CAP_KILL)].effective &= ~CAP_TO_MASK(CAP_KILL); capdata[CAP_TO_INDEX(CAP_KILL)].effective &= ~CAP_TO_MASK(CAP_KILL);
...@@ -178,12 +233,21 @@ int DropCAPKILL() ...@@ -178,12 +233,21 @@ int DropCAPKILL()
int DropCAPSETGID() int DropCAPSETGID()
{ {
struct __user_cap_header_struct capheader = { 0, 0 }; struct __user_cap_header_struct capheader = { 0, 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPSETGID memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct);
if (result != EOK) {
LOG("DropCAPSETGID memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_SETGID // Drop the capabilities of CAP_SETGID
capdata[CAP_TO_INDEX(CAP_SETGID)].permitted &= ~CAP_TO_MASK(CAP_SETGID); capdata[CAP_TO_INDEX(CAP_SETGID)].permitted &= ~CAP_TO_MASK(CAP_SETGID);
capdata[CAP_TO_INDEX(CAP_SETGID)].effective &= ~CAP_TO_MASK(CAP_SETGID); capdata[CAP_TO_INDEX(CAP_SETGID)].effective &= ~CAP_TO_MASK(CAP_SETGID);
...@@ -198,12 +262,21 @@ int DropCAPSETGID() ...@@ -198,12 +262,21 @@ int DropCAPSETGID()
int DropCAPSETUID() int DropCAPSETUID()
{ {
struct __user_cap_header_struct capheader = { 0, 0 }; struct __user_cap_header_struct capheader = { 0, 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPSETUID memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPSETUID memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_SETUID // Drop the capabilities of CAP_SETUID
capdata[CAP_TO_INDEX(CAP_SETUID)].permitted &= ~CAP_TO_MASK(CAP_SETUID); capdata[CAP_TO_INDEX(CAP_SETUID)].permitted &= ~CAP_TO_MASK(CAP_SETUID);
capdata[CAP_TO_INDEX(CAP_SETUID)].effective &= ~CAP_TO_MASK(CAP_SETUID); capdata[CAP_TO_INDEX(CAP_SETUID)].effective &= ~CAP_TO_MASK(CAP_SETUID);
...@@ -218,12 +291,21 @@ int DropCAPSETUID() ...@@ -218,12 +291,21 @@ int DropCAPSETUID()
int DropCAPSETPCAP() int DropCAPSETPCAP()
{ {
struct __user_cap_header_struct capheader = { 0, 0 }; struct __user_cap_header_struct capheader = { 0, 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPSETPCAP memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPSETPCAP memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_SETPCAP // Drop the capabilities of CAP_SETPCAP
capdata[CAP_TO_INDEX(CAP_SETPCAP)].permitted &= ~CAP_TO_MASK(CAP_SETPCAP); capdata[CAP_TO_INDEX(CAP_SETPCAP)].permitted &= ~CAP_TO_MASK(CAP_SETPCAP);
capdata[CAP_TO_INDEX(CAP_SETPCAP)].effective &= ~CAP_TO_MASK(CAP_SETPCAP); capdata[CAP_TO_INDEX(CAP_SETPCAP)].effective &= ~CAP_TO_MASK(CAP_SETPCAP);
...@@ -238,12 +320,21 @@ int DropCAPSETPCAP() ...@@ -238,12 +320,21 @@ int DropCAPSETPCAP()
int DropCAPSYSNICE() int DropCAPSYSNICE()
{ {
struct __user_cap_header_struct capheader = { 0, 0 }; struct __user_cap_header_struct capheader = { 0, 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPSYSNICE memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPSYSNICE memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_SYS_NICE // Drop the capabilities of CAP_SYS_NICE
capdata[CAP_TO_INDEX(CAP_SYS_NICE)].permitted &= ~CAP_TO_MASK(CAP_SYS_NICE); capdata[CAP_TO_INDEX(CAP_SYS_NICE)].permitted &= ~CAP_TO_MASK(CAP_SYS_NICE);
capdata[CAP_TO_INDEX(CAP_SYS_NICE)].effective &= ~CAP_TO_MASK(CAP_SYS_NICE); capdata[CAP_TO_INDEX(CAP_SYS_NICE)].effective &= ~CAP_TO_MASK(CAP_SYS_NICE);
...@@ -258,12 +349,21 @@ int DropCAPSYSNICE() ...@@ -258,12 +349,21 @@ int DropCAPSYSNICE()
int DropCAPSYSTIME() int DropCAPSYSTIME()
{ {
struct __user_cap_header_struct capheader = { 0, 0 }; struct __user_cap_header_struct capheader = { 0, 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPSYSTIME memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPSYSTIME memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_SYS_TIME // Drop the capabilities of CAP_SYS_TIME
capdata[CAP_TO_INDEX(CAP_SYS_TIME)].permitted &= ~CAP_TO_MASK(CAP_SYS_TIME); capdata[CAP_TO_INDEX(CAP_SYS_TIME)].permitted &= ~CAP_TO_MASK(CAP_SYS_TIME);
capdata[CAP_TO_INDEX(CAP_SYS_TIME)].effective &= ~CAP_TO_MASK(CAP_SYS_TIME); capdata[CAP_TO_INDEX(CAP_SYS_TIME)].effective &= ~CAP_TO_MASK(CAP_SYS_TIME);
...@@ -278,12 +378,21 @@ int DropCAPSYSTIME() ...@@ -278,12 +378,21 @@ int DropCAPSYSTIME()
int DropAllCAP() int DropAllCAP()
{ {
struct __user_cap_header_struct capheader = { 0, 0 }; struct __user_cap_header_struct capheader = { 0, 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropAllCAP memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropAllCAP memset_s failed");
return FALSE;
};
// Drop all the capabilities // Drop all the capabilities
capdata[0].permitted = NO_CAP; capdata[0].permitted = NO_CAP;
capdata[0].effective = NO_CAP; capdata[0].effective = NO_CAP;
......
...@@ -214,12 +214,13 @@ static void CreateTxt() ...@@ -214,12 +214,13 @@ static void CreateTxt()
static int CapsetOnlySETPCAP(int num) static int CapsetOnlySETPCAP(int num)
{ {
struct __user_cap_header_struct capheader; struct __user_cap_header_struct capheader;
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); (void)memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM]; struct __user_cap_data_struct capdata[CAP_NUM];
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), (void)memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0, CAP_NUM * sizeof(struct __user_cap_data_struct));
capdata[CAP_TO_INDEX(CAP_SETPCAP)].permitted |= CAP_TO_MASK(CAP_SETPCAP); capdata[CAP_TO_INDEX(CAP_SETPCAP)].permitted |= CAP_TO_MASK(CAP_SETPCAP);
capdata[CAP_TO_INDEX(CAP_SETPCAP)].effective |= CAP_TO_MASK(CAP_SETPCAP); capdata[CAP_TO_INDEX(CAP_SETPCAP)].effective |= CAP_TO_MASK(CAP_SETPCAP);
capdata[CAP_TO_INDEX(CAP_SETPCAP)].inheritable |= CAP_TO_MASK(CAP_SETPCAP); capdata[CAP_TO_INDEX(CAP_SETPCAP)].inheritable |= CAP_TO_MASK(CAP_SETPCAP);
...@@ -235,12 +236,13 @@ static int CapsetOnlySETPCAP(int num) ...@@ -235,12 +236,13 @@ static int CapsetOnlySETPCAP(int num)
static int AddCapUnauthorized(int num) static int AddCapUnauthorized(int num)
{ {
struct __user_cap_header_struct capheader; struct __user_cap_header_struct capheader;
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); (void)memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM]; struct __user_cap_data_struct capdata[CAP_NUM];
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), (void)memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0, CAP_NUM * sizeof(struct __user_cap_data_struct));
capdata[0].permitted = LINUX_FULL_CAP; capdata[0].permitted = LINUX_FULL_CAP;
capdata[0].effective = LINUX_FULL_CAP; capdata[0].effective = LINUX_FULL_CAP;
capdata[0].inheritable = LINUX_FULL_CAP; capdata[0].inheritable = LINUX_FULL_CAP;
...@@ -256,12 +258,21 @@ static int AddCapUnauthorized(int num) ...@@ -256,12 +258,21 @@ static int AddCapUnauthorized(int num)
static int CapgetWithAllCap(int num) static int CapgetWithAllCap(int num)
{ {
struct __user_cap_header_struct capheader = { 0 }; struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
0, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
int ret = capget(&capheader, &capdataget[0]); int ret = capget(&capheader, &capdataget[0]);
if (ret != 0) { if (ret != 0) {
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs"; EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs";
...@@ -280,12 +291,21 @@ static int CapgetWithAllCap(int num) ...@@ -280,12 +291,21 @@ static int CapgetWithAllCap(int num)
static int CapgetWithNoCap(int num) static int CapgetWithNoCap(int num)
{ {
struct __user_cap_header_struct capheader = { 0 }; struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
0, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
int ret = capget(&capheader, &capdataget[0]); int ret = capget(&capheader, &capdataget[0]);
if (ret != 0) { if (ret != 0) {
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs"; EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs";
...@@ -304,12 +324,21 @@ static int CapgetWithNoCap(int num) ...@@ -304,12 +324,21 @@ static int CapgetWithNoCap(int num)
static int CapgetOnlySETPCAP(int num) static int CapgetOnlySETPCAP(int num)
{ {
struct __user_cap_header_struct capheader = { 0 }; struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
0, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
int ret = capget(&capheader, &capdataget[0]); int ret = capget(&capheader, &capdataget[0]);
if (ret != 0) { if (ret != 0) {
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs"; EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs";
...@@ -372,12 +401,21 @@ static int CapsetWithoutSETPCAP() ...@@ -372,12 +401,21 @@ static int CapsetWithoutSETPCAP()
static int CapsetWithVersion(pid_t pid, unsigned int version) static int CapsetWithVersion(pid_t pid, unsigned int version)
{ {
struct __user_cap_header_struct capheader = { 0 }; struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.pid = pid; capheader.pid = pid;
capheader.version = version; capheader.version = version;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
// Capget based on input parameters // Capget based on input parameters
int ret = capset(&capheader, &capdata[0]); int ret = capset(&capheader, &capdata[0]);
if (ret != 0) { if (ret != 0) {
...@@ -390,12 +428,21 @@ static int CapsetWithVersion(pid_t pid, unsigned int version) ...@@ -390,12 +428,21 @@ static int CapsetWithVersion(pid_t pid, unsigned int version)
static int CapgetWithVersion(pid_t pid, unsigned int version) static int CapgetWithVersion(pid_t pid, unsigned int version)
{ {
struct __user_cap_header_struct capheader = { 0 }; struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.pid = pid; capheader.pid = pid;
capheader.version = version; capheader.version = version;
struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
// Capget based on input parameters // Capget based on input parameters
int ret = capget(&capheader, &capdataget[0]); int ret = capget(&capheader, &capdataget[0]);
if (ret != 0) { if (ret != 0) {
...@@ -408,12 +455,21 @@ static int CapgetWithVersion(pid_t pid, unsigned int version) ...@@ -408,12 +455,21 @@ static int CapgetWithVersion(pid_t pid, unsigned int version)
static int CapgetWithCaps(pid_t pid, unsigned int caps) static int CapgetWithCaps(pid_t pid, unsigned int caps)
{ {
struct __user_cap_header_struct capheader = { 0 }; struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); error_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.pid = pid; capheader.pid = pid;
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
// Capget based on input parameters and check whether the capability is the same as the input parameter // Capget based on input parameters and check whether the capability is the same as the input parameter
int ret = capget(&capheader, &capdataget[0]); int ret = capget(&capheader, &capdataget[0]);
if (ret != 0 || capdataget[0].effective != caps) { if (ret != 0 || capdataget[0].effective != caps) {
...@@ -1179,12 +1235,13 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev ...@@ -1179,12 +1235,13 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev
if (pid == 0) { if (pid == 0) {
int exitCode = 0; int exitCode = 0;
struct __user_cap_header_struct capheader = { 0 }; struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); (void)memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0; capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), (void)memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
LINUX_FULL_CAP, CAP_NUM * sizeof(struct __user_cap_data_struct)); LINUX_FULL_CAP, CAP_NUM * sizeof(struct __user_cap_data_struct));
capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].permitted &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX); capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].permitted &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX);
capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].effective &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX); capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].effective &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX);
capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].inheritable &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX); capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].inheritable &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX);
...@@ -1583,10 +1640,11 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1 ...@@ -1583,10 +1640,11 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1
{ {
int ret; int ret;
struct __user_cap_header_struct capheader = { 0 }; struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); (void)memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.version = _LINUX_CAPABILITY_VERSION_3;
struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), (void)memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
0, CAP_NUM * sizeof(struct __user_cap_data_struct)); 0, CAP_NUM * sizeof(struct __user_cap_data_struct));
pid_t pid = getpid(); pid_t pid = getpid();
for (int num = OTHER_PID; num <= pid; num++) { for (int num = OTHER_PID; num <= pid; num++) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册