From e4eb49f1d924df6fdbb6c4af597d11decdfce271 Mon Sep 17 00:00:00 2001 From: xionglei6 Date: Wed, 26 Jan 2022 15:53:01 +0800 Subject: [PATCH 1/7] =?UTF-8?q?Add:=20=E6=94=AF=E6=8C=81=E5=9C=A8=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6=E4=B8=AD=E9=85=8D=E7=BD=AE=E6=9C=8D?= =?UTF-8?q?=E5=8A=A1=E8=BF=9B=E7=A8=8B=E7=9A=84=E7=BB=91=E6=A0=B8=E3=80=81?= =?UTF-8?q?=E4=BC=98=E5=85=88=E7=BA=A7=E3=80=81MAC=E4=BF=A1=E6=81=AF?= =?UTF-8?q?=E4=BB=A5=E5=8F=8AAccessToken=E4=BF=A1=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xionglei6 --- BUILD.gn | 12 ++++++++++-- interfaces/innerkits/include/client_socket.h | 3 +++ src/appspawn_server.cpp | 17 +++++++++++++++++ src/include/appspawn_server.h | 1 + test/unittest/app_spawn_server_test/BUILD.gn | 20 ++++++++++++++++---- 5 files changed, 47 insertions(+), 6 deletions(-) diff --git a/BUILD.gn b/BUILD.gn index eb9a8401..9f2b3893 100755 --- a/BUILD.gn +++ b/BUILD.gn @@ -33,14 +33,21 @@ config("appspawn_config") { "${aafwk_path}/frameworks/kits/ability/native/include", "${aafwk_path}/services/abilitymgr/include", "${distributedschedule_path}/services/dtbschedmgr/include", + "//base/security/access_token/interfaces/innerkits/token_setproc/include", ] } ohos_executable("appspawn") { sources = [ "${appspawn_path}/src/main.cpp" ] configs = [ ":appspawn_config" ] - deps = [ "${appspawn_path}:appspawn_server" ] - external_deps = [ "hiviewdfx_hilog_native:libhilog" ] + deps = [ + "${appspawn_path}:appspawn_server", + "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + ] + external_deps = [ + "hiviewdfx_hilog_native:libhilog", + "selinux:libhap_restorecon", + ] install_enable = true subsystem_name = "${subsystem_name}" @@ -71,6 +78,7 @@ ohos_static_library("appspawn_server") { "ipc:ipc_core", "safwk:system_ability_fwk", "samgr_standard:samgr_proxy", + "selinux:libhap_restorecon", ] subsystem_name = "${subsystem_name}" diff --git a/interfaces/innerkits/include/client_socket.h b/interfaces/innerkits/include/client_socket.h index 2706a7c3..7bcb0c7f 100644 --- a/interfaces/innerkits/include/client_socket.h +++ b/interfaces/innerkits/include/client_socket.h @@ -87,6 +87,7 @@ public: static constexpr int LEN_PROC_NAME = 256; // process name length static constexpr int LEN_SO_PATH = 256; // load so lib static constexpr int MAX_GIDS = 64; + static constexpr int APL_MAX_LEN = 32; struct AppProperty { uint32_t uid; // the UNIX uid that the child process setuid() to after fork() @@ -95,6 +96,8 @@ public: uint32_t gidCount; // the size of gidTable char processName[LEN_PROC_NAME]; // process name char soPath[LEN_SO_PATH]; // so lib path + uint32_t accessTokenId; + char apl[APL_MAX_LEN]; }; private: diff --git a/src/appspawn_server.cpp b/src/appspawn_server.cpp index 7950c23d..f92ab0c2 100644 --- a/src/appspawn_server.cpp +++ b/src/appspawn_server.cpp @@ -35,6 +35,8 @@ #include "if_system_ability_manager.h" #include "iservice_registry.h" #include "system_ability_definition.h" +#include "token_setproc.h" +#include "hap_restorecon.h" #include #include @@ -587,6 +589,19 @@ int32_t AppSpawnServer::SetAppSandboxProperty(const ClientSocket::AppProperty *a return ERR_OK; } +void AppSpawnServer::SetAppAccessToken(const ClientSocket::AppProperty *appProperty) +{ + int32_t ret = SetSelfTokenID(appProperty->accessTokenId); + if (ret != 0) { + HiLog::Error(LABEL, "AppSpawnServer::Failed to set access token id, errno = %{public}d", errno); + } + HapContext hapContext; + ret = hapContext.HapDomainSetcontext(appProperty->apl, appProperty->processName); + if (ret != 0) { + HiLog::Error(LABEL, "AppSpawnServer::Failed to hap domain set context, errno = %{public}d", errno); + } +} + bool AppSpawnServer::SetAppProcProperty(int connectFd, const ClientSocket::AppProperty *appProperty, char *longProcName, int64_t longProcNameLen, const int32_t fd[FDLEN2]) { @@ -617,6 +632,8 @@ bool AppSpawnServer::SetAppProcProperty(int connectFd, const ClientSocket::AppPr return false; } + SetAppAccessToken(appProperty); + ret = SetProcessName(longProcName, longProcNameLen, appProperty->processName, strlen(appProperty->processName) + 1); if (FAILED(ret)) { NotifyResToParentProc(fd[1], ret); diff --git a/src/include/appspawn_server.h b/src/include/appspawn_server.h index bb61bb83..7edb2028 100644 --- a/src/include/appspawn_server.h +++ b/src/include/appspawn_server.h @@ -165,6 +165,7 @@ private: void LoadAceLib(); + void SetAppAccessToken(const ClientSocket::AppProperty *appProperty); private: const std::string deviceNull_ = "/dev/null"; std::string socketName_ {}; diff --git a/test/unittest/app_spawn_server_test/BUILD.gn b/test/unittest/app_spawn_server_test/BUILD.gn index 5b7d3223..536bbd70 100755 --- a/test/unittest/app_spawn_server_test/BUILD.gn +++ b/test/unittest/app_spawn_server_test/BUILD.gn @@ -17,7 +17,9 @@ import("//build/test.gni") ohos_unittest("AppSpawnServerOverrideTest") { module_out_path = "${module_output_path}" - include_dirs = [] + include_dirs = [ + "//base/security/access_token/interfaces/innerkits/token_setproc/include", + ] sources = [ "${appspawn_path}/src/appspawn_server.cpp", @@ -31,7 +33,10 @@ ohos_unittest("AppSpawnServerOverrideTest") { "app_spawn_server_override_test.cpp", ] - deps = [ "${appspawn_path}/test:appspawn_test_source" ] + deps = [ + "${appspawn_path}/test:appspawn_test_source", + "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + ] external_deps = [ "ability_runtime:app_manager", @@ -43,13 +48,16 @@ ohos_unittest("AppSpawnServerOverrideTest") { "ipc:ipc_core", "safwk:system_ability_fwk", "samgr_standard:samgr_proxy", + "selinux:libhap_restorecon", ] } ohos_unittest("AppSpawnServerMockTest") { module_out_path = "${module_output_path}" - include_dirs = [] + include_dirs = [ + "//base/security/access_token/interfaces/innerkits/token_setproc/include", + ] sources = [ "${appspawn_path}/src/appspawn_msg_peer.cpp", @@ -63,7 +71,10 @@ ohos_unittest("AppSpawnServerMockTest") { "app_spawn_server_mock_test.cpp", ] - deps = [ "${appspawn_path}/test:appspawn_test_source" ] + deps = [ + "${appspawn_path}/test:appspawn_test_source", + "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + ] external_deps = [ "ability_runtime:app_manager", @@ -75,6 +86,7 @@ ohos_unittest("AppSpawnServerMockTest") { "ipc:ipc_core", "safwk:system_ability_fwk", "samgr_standard:samgr_proxy", + "selinux:libhap_restorecon", ] } -- Gitee From 13d79331569f07a7c22041cd91a5b7250390de80 Mon Sep 17 00:00:00 2001 From: xionglei6 Date: Wed, 26 Jan 2022 17:17:30 +0800 Subject: [PATCH 2/7] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xionglei6 --- BUILD.gn | 9 ++++++++- src/appspawn_server.cpp | 4 ++++ test/unittest/app_spawn_server_test/BUILD.gn | 13 +++++++++++-- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/BUILD.gn b/BUILD.gn index 9f2b3893..64e20d45 100755 --- a/BUILD.gn +++ b/BUILD.gn @@ -35,6 +35,10 @@ config("appspawn_config") { "${distributedschedule_path}/services/dtbschedmgr/include", "//base/security/access_token/interfaces/innerkits/token_setproc/include", ] + + if (build_selinux) { + cflags += [ "-DWITH_SELINUX" ] + } } ohos_executable("appspawn") { @@ -78,9 +82,12 @@ ohos_static_library("appspawn_server") { "ipc:ipc_core", "safwk:system_ability_fwk", "samgr_standard:samgr_proxy", - "selinux:libhap_restorecon", ] + if (build_selinux) { + external_deps = [ "selinux:libhap_restorecon" ] + } + subsystem_name = "${subsystem_name}" part_name = "${part_name}" } diff --git a/src/appspawn_server.cpp b/src/appspawn_server.cpp index f92ab0c2..a49603b3 100644 --- a/src/appspawn_server.cpp +++ b/src/appspawn_server.cpp @@ -36,7 +36,9 @@ #include "iservice_registry.h" #include "system_ability_definition.h" #include "token_setproc.h" +#ifdef WITH_SELINUX #include "hap_restorecon.h" +#endif #include #include @@ -595,11 +597,13 @@ void AppSpawnServer::SetAppAccessToken(const ClientSocket::AppProperty *appPrope if (ret != 0) { HiLog::Error(LABEL, "AppSpawnServer::Failed to set access token id, errno = %{public}d", errno); } +#ifdef WITH_SELINUX HapContext hapContext; ret = hapContext.HapDomainSetcontext(appProperty->apl, appProperty->processName); if (ret != 0) { HiLog::Error(LABEL, "AppSpawnServer::Failed to hap domain set context, errno = %{public}d", errno); } +#endif } bool AppSpawnServer::SetAppProcProperty(int connectFd, const ClientSocket::AppProperty *appProperty, char *longProcName, diff --git a/test/unittest/app_spawn_server_test/BUILD.gn b/test/unittest/app_spawn_server_test/BUILD.gn index 536bbd70..3281f7e2 100755 --- a/test/unittest/app_spawn_server_test/BUILD.gn +++ b/test/unittest/app_spawn_server_test/BUILD.gn @@ -48,8 +48,12 @@ ohos_unittest("AppSpawnServerOverrideTest") { "ipc:ipc_core", "safwk:system_ability_fwk", "samgr_standard:samgr_proxy", - "selinux:libhap_restorecon", ] + + if (build_selinux) { + external_deps = [ "selinux:libhap_restorecon" ] + cflags += [ "-DWITH_SELINUX" ] + } } ohos_unittest("AppSpawnServerMockTest") { @@ -86,8 +90,13 @@ ohos_unittest("AppSpawnServerMockTest") { "ipc:ipc_core", "safwk:system_ability_fwk", "samgr_standard:samgr_proxy", - "selinux:libhap_restorecon", ] + + if (build_selinux) { + external_deps = [ "selinux:libhap_restorecon" ] + cflags += [ "-DWITH_SELINUX" ] + } + } group("unittest") { -- Gitee From 531a9f5dbb5a6939410c9c5669a30ce3d7e6ccc8 Mon Sep 17 00:00:00 2001 From: xionglei6 Date: Wed, 26 Jan 2022 17:20:54 +0800 Subject: [PATCH 3/7] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xionglei6 --- BUILD.gn | 1 - 1 file changed, 1 deletion(-) diff --git a/BUILD.gn b/BUILD.gn index 64e20d45..46e06b3a 100755 --- a/BUILD.gn +++ b/BUILD.gn @@ -50,7 +50,6 @@ ohos_executable("appspawn") { ] external_deps = [ "hiviewdfx_hilog_native:libhilog", - "selinux:libhap_restorecon", ] install_enable = true -- Gitee From 93dde26215183d846f77cd85072d1f29901c5796 Mon Sep 17 00:00:00 2001 From: xionglei6 Date: Wed, 26 Jan 2022 17:28:09 +0800 Subject: [PATCH 4/7] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xionglei6 --- BUILD.gn | 2 +- test/unittest/app_spawn_server_test/BUILD.gn | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/BUILD.gn b/BUILD.gn index 46e06b3a..c433b411 100755 --- a/BUILD.gn +++ b/BUILD.gn @@ -84,7 +84,7 @@ ohos_static_library("appspawn_server") { ] if (build_selinux) { - external_deps = [ "selinux:libhap_restorecon" ] + external_deps += [ "selinux:libhap_restorecon" ] } subsystem_name = "${subsystem_name}" diff --git a/test/unittest/app_spawn_server_test/BUILD.gn b/test/unittest/app_spawn_server_test/BUILD.gn index 3281f7e2..37e70a63 100755 --- a/test/unittest/app_spawn_server_test/BUILD.gn +++ b/test/unittest/app_spawn_server_test/BUILD.gn @@ -51,7 +51,7 @@ ohos_unittest("AppSpawnServerOverrideTest") { ] if (build_selinux) { - external_deps = [ "selinux:libhap_restorecon" ] + external_deps += [ "selinux:libhap_restorecon" ] cflags += [ "-DWITH_SELINUX" ] } } @@ -93,7 +93,7 @@ ohos_unittest("AppSpawnServerMockTest") { ] if (build_selinux) { - external_deps = [ "selinux:libhap_restorecon" ] + external_deps += [ "selinux:libhap_restorecon" ] cflags += [ "-DWITH_SELINUX" ] } -- Gitee From 2ba256b77760e5ce13e2b0b6ff6fc53a24b57233 Mon Sep 17 00:00:00 2001 From: xionglei6 Date: Wed, 26 Jan 2022 18:20:19 +0800 Subject: [PATCH 5/7] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xionglei6 --- BUILD.gn | 6 ++---- interfaces/innerkits/include/client_socket.h | 6 +++++- test/unittest/app_spawn_server_test/BUILD.gn | 5 ++--- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/BUILD.gn b/BUILD.gn index c433b411..cd98b423 100755 --- a/BUILD.gn +++ b/BUILD.gn @@ -37,7 +37,7 @@ config("appspawn_config") { ] if (build_selinux) { - cflags += [ "-DWITH_SELINUX" ] + cflags = [ "-DWITH_SELINUX" ] } } @@ -48,9 +48,7 @@ ohos_executable("appspawn") { "${appspawn_path}:appspawn_server", "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", ] - external_deps = [ - "hiviewdfx_hilog_native:libhilog", - ] + external_deps = [ "hiviewdfx_hilog_native:libhilog" ] install_enable = true subsystem_name = "${subsystem_name}" diff --git a/interfaces/innerkits/include/client_socket.h b/interfaces/innerkits/include/client_socket.h index 7bcb0c7f..6da17851 100644 --- a/interfaces/innerkits/include/client_socket.h +++ b/interfaces/innerkits/include/client_socket.h @@ -87,7 +87,9 @@ public: static constexpr int LEN_PROC_NAME = 256; // process name length static constexpr int LEN_SO_PATH = 256; // load so lib static constexpr int MAX_GIDS = 64; +#ifdef WITH_SELINUX static constexpr int APL_MAX_LEN = 32; +#endif struct AppProperty { uint32_t uid; // the UNIX uid that the child process setuid() to after fork() @@ -97,7 +99,9 @@ public: char processName[LEN_PROC_NAME]; // process name char soPath[LEN_SO_PATH]; // so lib path uint32_t accessTokenId; - char apl[APL_MAX_LEN]; +#ifdef WITH_SELINUX + char apl[APL_MAX_LEN]; +#endif }; private: diff --git a/test/unittest/app_spawn_server_test/BUILD.gn b/test/unittest/app_spawn_server_test/BUILD.gn index 37e70a63..6bdeb329 100755 --- a/test/unittest/app_spawn_server_test/BUILD.gn +++ b/test/unittest/app_spawn_server_test/BUILD.gn @@ -52,7 +52,7 @@ ohos_unittest("AppSpawnServerOverrideTest") { if (build_selinux) { external_deps += [ "selinux:libhap_restorecon" ] - cflags += [ "-DWITH_SELINUX" ] + cflags = [ "-DWITH_SELINUX" ] } } @@ -94,9 +94,8 @@ ohos_unittest("AppSpawnServerMockTest") { if (build_selinux) { external_deps += [ "selinux:libhap_restorecon" ] - cflags += [ "-DWITH_SELINUX" ] + cflags = [ "-DWITH_SELINUX" ] } - } group("unittest") { -- Gitee From 63b3625a3d2cc9811acf30123f7b01b17560fb35 Mon Sep 17 00:00:00 2001 From: xionglei6 Date: Wed, 26 Jan 2022 19:26:27 +0800 Subject: [PATCH 6/7] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xionglei6 --- interfaces/innerkits/include/client_socket.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/interfaces/innerkits/include/client_socket.h b/interfaces/innerkits/include/client_socket.h index 6da17851..f1ed0082 100644 --- a/interfaces/innerkits/include/client_socket.h +++ b/interfaces/innerkits/include/client_socket.h @@ -87,9 +87,7 @@ public: static constexpr int LEN_PROC_NAME = 256; // process name length static constexpr int LEN_SO_PATH = 256; // load so lib static constexpr int MAX_GIDS = 64; -#ifdef WITH_SELINUX static constexpr int APL_MAX_LEN = 32; -#endif struct AppProperty { uint32_t uid; // the UNIX uid that the child process setuid() to after fork() @@ -99,9 +97,7 @@ public: char processName[LEN_PROC_NAME]; // process name char soPath[LEN_SO_PATH]; // so lib path uint32_t accessTokenId; -#ifdef WITH_SELINUX char apl[APL_MAX_LEN]; -#endif }; private: -- Gitee From a4d4e44e87c9cbee1f2bde806394c8c59a5bbca2 Mon Sep 17 00:00:00 2001 From: xionglei6 Date: Wed, 26 Jan 2022 20:49:53 +0800 Subject: [PATCH 7/7] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xionglei6 --- interfaces/innerkits/include/client_socket.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interfaces/innerkits/include/client_socket.h b/interfaces/innerkits/include/client_socket.h index f1ed0082..7bcb0c7f 100644 --- a/interfaces/innerkits/include/client_socket.h +++ b/interfaces/innerkits/include/client_socket.h @@ -97,7 +97,7 @@ public: char processName[LEN_PROC_NAME]; // process name char soPath[LEN_SO_PATH]; // so lib path uint32_t accessTokenId; - char apl[APL_MAX_LEN]; + char apl[APL_MAX_LEN]; }; private: -- Gitee