Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Xts Acts
提交
f51bac84
X
Xts Acts
项目概览
OpenHarmony
/
Xts Acts
1 年多 前同步成功
通知
9
Star
22
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
X
Xts Acts
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
未验证
提交
f51bac84
编写于
3月 24, 2022
作者:
O
openharmony_ci
提交者:
Gitee
3月 24, 2022
浏览文件
操作
浏览文件
下载
差异文件
!2813 OpenHarmony3.1.5.5 Hi3516DV300 L1 LiteOS 内源代码修改
Merge pull request !2813 from 胡吉翔/lite_20220323_02
上级
630ae8fb
58890761
变更
2
显示空白变更内容
内联
并排
Showing
2 changed file
with
235 addition
and
68 deletion
+235
-68
security_lite/permission_posix/capability/src/ActsCapability.cpp
...y_lite/permission_posix/capability/src/ActsCapability.cpp
+148
-39
security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp
...te/permission_posix/capability/src/ActsCapabilityTest.cpp
+87
-29
未找到文件。
security_lite/permission_posix/capability/src/ActsCapability.cpp
100755 → 100644
浏览文件 @
f51bac84
...
...
@@ -35,11 +35,12 @@ int CapInit()
{
// Init capabilities
struct
__user_cap_header_struct
capheader
;
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
(
void
)
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
];
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
(
void
)
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
capdata
[
0
].
permitted
=
LINUX_FULL_CAP
;
capdata
[
0
].
effective
=
LINUX_FULL_CAP
;
...
...
@@ -55,12 +56,21 @@ int CapInit()
int
DropCAPCHOWN
()
{
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPCHOWN memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPCHOWN memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_CHOWN
capdata
[
CAP_TO_INDEX
(
CAP_CHOWN
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_CHOWN
);
capdata
[
CAP_TO_INDEX
(
CAP_CHOWN
)].
effective
&=
~
CAP_TO_MASK
(
CAP_CHOWN
);
...
...
@@ -75,12 +85,21 @@ int DropCAPCHOWN()
int
DropCAPDACOVERRIDE
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPDACOVERRIDE memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPDACOVERRIDE memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_DAC_OVERRIDE
capdata
[
CAP_TO_INDEX
(
CAP_DAC_OVERRIDE
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_DAC_OVERRIDE
);
capdata
[
CAP_TO_INDEX
(
CAP_DAC_OVERRIDE
)].
effective
&=
~
CAP_TO_MASK
(
CAP_DAC_OVERRIDE
);
...
...
@@ -95,12 +114,21 @@ int DropCAPDACOVERRIDE()
int
DropCAPDACREADSEARCH
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPDACREADSEARCH memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPDACREADSEARCH memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_DAC_READ_SEARCH
capdata
[
CAP_TO_INDEX
(
CAP_DAC_READ_SEARCH
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_DAC_READ_SEARCH
);
capdata
[
CAP_TO_INDEX
(
CAP_DAC_READ_SEARCH
)].
effective
&=
~
CAP_TO_MASK
(
CAP_DAC_READ_SEARCH
);
...
...
@@ -115,12 +143,21 @@ int DropCAPDACREADSEARCH()
int
DropCAPDACOVERRIDEAndREADSEARCH
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPDACOVERRIDEAndREADSEARCH memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPDACOVERRIDEAndREADSEARCH memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH
capdata
[
CAP_TO_INDEX
(
CAP_DAC_READ_SEARCH
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_DAC_READ_SEARCH
);
capdata
[
CAP_TO_INDEX
(
CAP_DAC_READ_SEARCH
)].
effective
&=
~
CAP_TO_MASK
(
CAP_DAC_READ_SEARCH
);
...
...
@@ -138,12 +175,21 @@ int DropCAPDACOVERRIDEAndREADSEARCH()
int
DropCAPFOWNER
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPFOWNER memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPFOWNER memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_FOWNER
capdata
[
CAP_TO_INDEX
(
CAP_FOWNER
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_FOWNER
);
capdata
[
CAP_TO_INDEX
(
CAP_FOWNER
)].
effective
&=
~
CAP_TO_MASK
(
CAP_FOWNER
);
...
...
@@ -158,12 +204,21 @@ int DropCAPFOWNER()
int
DropCAPKILL
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPKILL memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPKILL memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_KILL
capdata
[
CAP_TO_INDEX
(
CAP_KILL
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_KILL
);
capdata
[
CAP_TO_INDEX
(
CAP_KILL
)].
effective
&=
~
CAP_TO_MASK
(
CAP_KILL
);
...
...
@@ -178,12 +233,21 @@ int DropCAPKILL()
int
DropCAPSETGID
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSETGID memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
);
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSETGID memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_SETGID
capdata
[
CAP_TO_INDEX
(
CAP_SETGID
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_SETGID
);
capdata
[
CAP_TO_INDEX
(
CAP_SETGID
)].
effective
&=
~
CAP_TO_MASK
(
CAP_SETGID
);
...
...
@@ -198,12 +262,21 @@ int DropCAPSETGID()
int
DropCAPSETUID
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSETUID memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSETUID memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_SETUID
capdata
[
CAP_TO_INDEX
(
CAP_SETUID
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_SETUID
);
capdata
[
CAP_TO_INDEX
(
CAP_SETUID
)].
effective
&=
~
CAP_TO_MASK
(
CAP_SETUID
);
...
...
@@ -218,12 +291,21 @@ int DropCAPSETUID()
int
DropCAPSETPCAP
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSETPCAP memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSETPCAP memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_SETPCAP
capdata
[
CAP_TO_INDEX
(
CAP_SETPCAP
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_SETPCAP
);
capdata
[
CAP_TO_INDEX
(
CAP_SETPCAP
)].
effective
&=
~
CAP_TO_MASK
(
CAP_SETPCAP
);
...
...
@@ -238,12 +320,21 @@ int DropCAPSETPCAP()
int
DropCAPSYSNICE
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSYSNICE memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSYSNICE memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_SYS_NICE
capdata
[
CAP_TO_INDEX
(
CAP_SYS_NICE
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_SYS_NICE
);
capdata
[
CAP_TO_INDEX
(
CAP_SYS_NICE
)].
effective
&=
~
CAP_TO_MASK
(
CAP_SYS_NICE
);
...
...
@@ -258,12 +349,21 @@ int DropCAPSYSNICE()
int
DropCAPSYSTIME
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSYSTIME memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSYSTIME memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_SYS_TIME
capdata
[
CAP_TO_INDEX
(
CAP_SYS_TIME
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_SYS_TIME
);
capdata
[
CAP_TO_INDEX
(
CAP_SYS_TIME
)].
effective
&=
~
CAP_TO_MASK
(
CAP_SYS_TIME
);
...
...
@@ -278,12 +378,21 @@ int DropCAPSYSTIME()
int
DropAllCAP
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropAllCAP memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropAllCAP memset_s failed"
);
return
FALSE
;
};
// Drop all the capabilities
capdata
[
0
].
permitted
=
NO_CAP
;
capdata
[
0
].
effective
=
NO_CAP
;
...
...
security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp
100755 → 100644
浏览文件 @
f51bac84
...
...
@@ -214,11 +214,12 @@ static void CreateTxt()
static
int
CapsetOnlySETPCAP
(
int
num
)
{
struct
__user_cap_header_struct
capheader
;
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
(
void
)
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
];
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
(
void
)
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
capdata
[
CAP_TO_INDEX
(
CAP_SETPCAP
)].
permitted
|=
CAP_TO_MASK
(
CAP_SETPCAP
);
capdata
[
CAP_TO_INDEX
(
CAP_SETPCAP
)].
effective
|=
CAP_TO_MASK
(
CAP_SETPCAP
);
...
...
@@ -235,11 +236,12 @@ static int CapsetOnlySETPCAP(int num)
static
int
AddCapUnauthorized
(
int
num
)
{
struct
__user_cap_header_struct
capheader
;
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
(
void
)
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
];
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
(
void
)
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
capdata
[
0
].
permitted
=
LINUX_FULL_CAP
;
capdata
[
0
].
effective
=
LINUX_FULL_CAP
;
...
...
@@ -256,12 +258,21 @@ static int AddCapUnauthorized(int num)
static
int
CapgetWithAllCap
(
int
num
)
{
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
if
(
ret
!=
0
)
{
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to get CAPs"
;
...
...
@@ -280,12 +291,21 @@ static int CapgetWithAllCap(int num)
static
int
CapgetWithNoCap
(
int
num
)
{
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
if
(
ret
!=
0
)
{
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to get CAPs"
;
...
...
@@ -304,12 +324,21 @@ static int CapgetWithNoCap(int num)
static
int
CapgetOnlySETPCAP
(
int
num
)
{
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
if
(
ret
!=
0
)
{
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to get CAPs"
;
...
...
@@ -372,12 +401,21 @@ static int CapsetWithoutSETPCAP()
static
int
CapsetWithVersion
(
pid_t
pid
,
unsigned
int
version
)
{
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
pid
=
pid
;
capheader
.
version
=
version
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
// Capget based on input parameters
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
...
...
@@ -390,12 +428,21 @@ static int CapsetWithVersion(pid_t pid, unsigned int version)
static
int
CapgetWithVersion
(
pid_t
pid
,
unsigned
int
version
)
{
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
pid
=
pid
;
capheader
.
version
=
version
;
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
// Capget based on input parameters
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
if
(
ret
!=
0
)
{
...
...
@@ -408,12 +455,21 @@ static int CapgetWithVersion(pid_t pid, unsigned int version)
static
int
CapgetWithCaps
(
pid_t
pid
,
unsigned
int
caps
)
{
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
error_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
pid
=
pid
;
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
// Capget based on input parameters and check whether the capability is the same as the input parameter
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
if
(
ret
!=
0
||
capdataget
[
0
].
effective
!=
caps
)
{
...
...
@@ -1179,11 +1235,12 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev
if
(
pid
==
0
)
{
int
exitCode
=
0
;
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
(
void
)
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
(
void
)
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
LINUX_FULL_CAP
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
capdata
[
CAP_TO_INDEX
(
INVALID_CAP_TO_INDEX
)].
permitted
&=
~
CAP_TO_MASK
(
INVALID_CAP_TO_INDEX
);
capdata
[
CAP_TO_INDEX
(
INVALID_CAP_TO_INDEX
)].
effective
&=
~
CAP_TO_MASK
(
INVALID_CAP_TO_INDEX
);
...
...
@@ -1583,10 +1640,11 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1
{
int
ret
;
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
(
void
)
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
(
void
)
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
pid_t
pid
=
getpid
();
for
(
int
num
=
OTHER_PID
;
num
<=
pid
;
num
++
)
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录