From 0767965106dc2e5da014322f4b3218a9a618b029 Mon Sep 17 00:00:00 2001 From: zhongning5 Date: Fri, 15 Mar 2024 15:33:45 +0800 Subject: [PATCH] =?UTF-8?q?init=E6=89=A9=E5=B1=95=E6=8F=92=E4=BB=B6?= =?UTF-8?q?=E4=BE=9D=E8=B5=96=E7=9C=8B=E6=8A=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhongning5 Change-Id: I62f4ad1594def32e460b41ad6b677b047fd2a859 --- tools/deps_guard/deps_guard.py | 10 +- .../config_parser_mgr/cfg/config_parser.py | 58 +- .../config_parser_mgr/config_parser_mgr.py | 10 +- .../whitelist.json | 754 +++++++++--------- .../rules/NO-Plug-In_Module-Init/README.md | 50 ++ .../NO-Plug-In_Module-Init/whitelist.json | 67 ++ .../startup_guard/startup_checker/__init__.py | 2 + .../startup_checker/plug_in_rule.py | 75 ++ .../startup_checker/system_parameter_rules.py | 1 + tools/startup_guard/startup_guard.py | 4 +- 10 files changed, 632 insertions(+), 399 deletions(-) create mode 100755 tools/startup_guard/rules/NO-Plug-In_Module-Init/README.md create mode 100755 tools/startup_guard/rules/NO-Plug-In_Module-Init/whitelist.json create mode 100644 tools/startup_guard/startup_checker/plug_in_rule.py diff --git a/tools/deps_guard/deps_guard.py b/tools/deps_guard/deps_guard.py index 71ac61f..ae7924b 100755 --- a/tools/deps_guard/deps_guard.py +++ b/tools/deps_guard/deps_guard.py @@ -47,7 +47,7 @@ def _deps_guard_module(out_path, args=None): raise Exception("ERROR: deps_guard failed.") -def _startup_guard_module(out_path, args): +def _startup_guard_module(out_path, target_cpu, args): import sys import os for path in sys.path: @@ -58,15 +58,15 @@ def _startup_guard_module(out_path, args): from startup_guard import startup_guard - startup_guard(out_path, args) + startup_guard(out_path, target_cpu, args) -def deps_guard(out_path, args=None): +def deps_guard(out_path, target_cpu, args=None): _deps_guard_module(out_path, args) - #_startup_guard_module(out_path, args) + # _startup_guard_module(out_path, target_cpu, args) if __name__ == '__main__': parser = __createArgParser() args = parser.parse_args() - deps_guard(args.input, args) + _deps_guard_module(args.input, args) diff --git a/tools/startup_guard/config_parser_mgr/cfg/config_parser.py b/tools/startup_guard/config_parser_mgr/cfg/config_parser.py index a6a2c5e..5dde037 100644 --- a/tools/startup_guard/config_parser_mgr/cfg/config_parser.py +++ b/tools/startup_guard/config_parser_mgr/cfg/config_parser.py @@ -306,6 +306,7 @@ class ConfigParser(): self._file_id = 0 self._serviceId = 0 self._selinux = "" + self._plug_in = [] def _load_services(self, json_node, file_id): assert(isinstance(json_node, list)) @@ -408,8 +409,7 @@ class ConfigParser(): pp.pprint(self._jobs) pass - def _is_valid_file(self, file): - valid_file_ext = [".cfg"] + def _is_valid_file(self, file, valid_file_ext): if not file.is_file(): return False for ext in valid_file_ext: @@ -424,18 +424,53 @@ class ConfigParser(): try: with os.scandir(dir_config_file) as files: for file in files: - if self._is_valid_file(file): + if self._is_valid_file(file, ".cfg"): name = file.path[len(self._path) :] self.load_config(name) except: pass + def _scan_share_library_file(self, file_name): + if not os.path.exists(file_name): + return + try: + for item in os.scandir(file_name): + file_path = os.path.join(file_name, item.name) + if item.is_file(): + if self._is_valid_file(item, ".so"): + self._plug_in.append(file_path) + continue + else: + dir_config_file = os.path.join(file_name, item.name) + self._scan_share_library_file(item) + except: + pass + + def scan_library(self, target_cpu): + if target_cpu == "arm64": + config_paths = [ + "system/lib64/init", + "chip_prod/lib64/init", + "sys_prod/lib64/init", + "vendor/lib64/init", + ] + else: + config_paths = [ + "system/lib/init", + "chip_prod/lib/init", + "sys_prod/lib/init", + "vendor/lib/init", + ] + for file_name in config_paths: + dir_config_file = os.path.join(self._path, file_name) + self._scan_share_library_file(dir_config_file) + def scan_config(self): config_paths = [ - "/system/etc/init", - "/chip_prod/etc/init", - "/sys_prod/etc/init", - "/vendor/etc/init", + "system/etc/init", + "chip_prod/etc/init", + "sys_prod/etc/init", + "vendor/etc/init", ] for file_name in config_paths: self._scan_config_file(file_name) @@ -480,7 +515,7 @@ class ConfigParser(): def load_selinux_config(self, file_name): path = os.path.join(self._path, file_name) if not os.path.exists(path): - print("Error, invalid selinux config file %s" % path) + print("Error, invalid selinux config path %s" % path) return try: with open(path, encoding='utf-8') as fp: @@ -498,13 +533,14 @@ class ConfigParser(): line = fp.readline() except: print("Error, invalid parameter file ", file_name) - pass + pass -def startup_config_collect(base_path): +def startup_config_collect(base_path, target_cpu): parser = ConfigParser(os.path.join(base_path, "packages/phone")) parser.load_config("/system/etc/init.cfg") + parser.scan_library(target_cpu) parser.scan_config() - parser.load_selinux_config("/system/etc/selinux/config") + parser.load_selinux_config("system/etc/selinux/config") return parser if __name__ == '__main__': diff --git a/tools/startup_guard/config_parser_mgr/config_parser_mgr.py b/tools/startup_guard/config_parser_mgr/config_parser_mgr.py index e6e8154..2b79cf1 100644 --- a/tools/startup_guard/config_parser_mgr/config_parser_mgr.py +++ b/tools/startup_guard/config_parser_mgr/config_parser_mgr.py @@ -27,6 +27,8 @@ def __create_arg_parser(): parser = argparse.ArgumentParser(description='Check startup architecture information from compiled output files.') parser.add_argument('-i', '--input', help='input config files base directory example "out/rk3568/packages/phone/" ', required=True) + parser.add_argument('-c', '--target_cpu', + help='target_cpu cpu type" ', required=True) return parser class ConfigParserMgr(object): @@ -34,9 +36,9 @@ class ConfigParserMgr(object): self._path = path self._parser_list = {} - def load_all_parser(self, options): - cfg_parser = startup_config_collect(options) - param_parser = parameters_collect(options) + def load_all_parser(self, out_path, target_cpu): + cfg_parser = startup_config_collect(out_path, target_cpu) + param_parser = parameters_collect(out_path) self._parser_list = {'cmd_whitelist':cfg_parser, 'system_parameter_whitelist':param_parser} def get_parser_by_name(self, key): @@ -47,4 +49,4 @@ if __name__ == '__main__': args_parser = __create_arg_parser() options = args_parser.parse_args() mgr = ConfigParserMgr() - mgr.load_all_parser(options) + mgr.load_all_parser(options.input, options.target_cpu) diff --git a/tools/startup_guard/rules/NO-Config-SystemParameter-In-INIT/whitelist.json b/tools/startup_guard/rules/NO-Config-SystemParameter-In-INIT/whitelist.json index 4791015..7296982 100755 --- a/tools/startup_guard/rules/NO-Config-SystemParameter-In-INIT/whitelist.json +++ b/tools/startup_guard/rules/NO-Config-SystemParameter-In-INIT/whitelist.json @@ -1,377 +1,377 @@ -[ - "const.ohos.version.security_patch", - "const.ohos.releasetype", - "const.ohos.apiversion", - "const.ohos.fullname", - "persist.thermal.log.enable", - "persist.thermal.log.interval", - "persist.thermal.log.width", - "persist.thermal.log.", - "sys.usb.config", - "const.product.hardwareversion", - "const.product.brand", - "const.build.product", - "accesstoken.permission.change", - "persist.resourceschedule.memmgr.eswap.permanently.closed", - "persist.resourceschedule.memmgr.eswap.minsToday", - "persist.resourceschedule.memmgr.eswap.swapOutKBToday", - "persist.resourceschedule.memmgr.eswap.minsFromBirth", - "persist.resourceschedule.memmgr.eswap.swapOutKBFromBirth", - "const.cust.", - "persist.darkmode", - "sys.usb.ffs.ready", - "persist.hdc.root", - "persist.hdc.mode", - "persist.hdc.port", - "persist.hdc.uv.threads", - "persist.hdc.control", - "persist.hdc.control.shell", - "persist.hdc.control.file", - "persist.hdc.control.fport", - "accessibility.config.ready", - "bootevent.appfwk.ready", - "component.startup.newRules", - "component.startup.newRules.except.LauncherSystemUI", - "component.startup.backgroundJudge.flag", - "component.startup.whitelist.associatedWakeUp", - "netmanager_base.", - "persist.netmanager_base.", - "const.distributed_file_property.enabled", - "const.distributed_file_only_for_same_account_test", - "const.telephony.slotCount", - "telephony.sim.opkey0", - "telephony.sim.opkey1", - "persist.sys.default_ime", - "ohos.servicectrl.", - "ohos.servicectrl.reboot.", - "ohos.boot.", - "bootevent.", - "startup.service.ctl.", - "startup.device.", - "const.debuggable", - "const.build.", - "const.SystemCapability.", - "const.product.", - "persist.init.", - "startup.appspawn.", - "startup.uevent.", - "persist.init.debug.", - "persist.init.bootevent.enable", - "persist.appspawn.", - "persist.xts.devattest.", - "ohos.boot.sn", - "const.product.udid", - "const.product.devUdid", - "const.actionable_compatible_property.enabled", - "const.postinstall.fstab.prefix", - "const.secure", - "security.perf_harden", - "const.allow.mock.location", - "persist.sys.usb.config", - "persist.window.boot.", - "debug.bytrace.", - "persist.distributed_hardware.device_manager.", - "persist.sys.hiview.", - "vendor.hifi.watchdog.come", - "bootevent.wms.fullscreen.ready", - "persist.pasteboard.", - "const.theme.screenlockWhiteApp", - "const.theme.screenlockApp", - "persist.global.language", - "persist.global.locale", - "persist.global.is24Hour", - "persist.sys.preferredLanguages", - "const.global.locale", - "const.global.language", - "const.global.region", - "bootevent.useriam.fwkready", - "hiviewdfx.hiperf.perf_event_max_sample_rate", - "hiviewdfx.hiperf.perf_cpu_time_max_percent", - "hiviewdfx.hiperf.perf_event_mlock_kb", - "persist.filemanagement.usb.readonly", - "debug.hitrace.tags.enableflags", - "hilog.", - "persist.sys.hilog.", - "bootevent.samgr.ready", - "persist.samgr.perf.ondemand", - "persist.sys.graphic.animationscale", - "debug.graphic.", - "musl.log.enable", - "musl.log.ld.all", - "const.display.brightness.", - "persist.sys.arkui.animationscale", - "const.build.characteristics", - "const.product.model", - "const.product.name", - "const.sandbox", - "const.product.devicetype", - "const.software.model", - "const.product.manufacturer", - "const.product.bootloader.version", - "const.product.cpu.abilist", - "const.product.software.version", - "const.product.incremental.version", - "const.product.firstapiversion", - "const.product.build.type", - "const.product.build.user", - "const.product.build.host", - "const.product.build.date", - "const.product.hardwareprofile", - "const.ohos.buildroothash", - "backup.debug.overrideExtensionConfig", - "persist.netmanager_base.http_proxy.host", - "persist.netmanager_base.http_proxy.port", - "persist.netmanager_base.http_proxy.exclusion_list", - "persist.distributed_hardware.device_manager.discover_status", - "input.pointer.device", - "hiviewdfx.hiprofiler.profilerd.start", - "hiviewdfx.hiprofiler.plugins.start", - "hiviewdfx.hiprofiler.native_memoryd.start", - "libc.hook_mode", - "persist.multimedia.audio.mediavolume", - "const.SystemCapability.ArkUI.UiAppearance", - "const.SystemCapability.ArkUI.ArkUI.Full", - "const.SystemCapability.ArkUI.ArkUI.Napi", - "const.SystemCapability.ArkUI.ArkUI.Libuv", - "const.SystemCapability.Account.AppAccount", - "const.SystemCapability.Account.OsAccount", - "const.SystemCapability.DistributedDataManager.KVStore.Core", - "const.SystemCapability.DistributedDataManager.KVStore.Lite", - "const.SystemCapability.DistributedDataManager.KVStore.DistributedKVStore", - "const.SystemCapability.DistributedDataManager.Preferences.Core", - "const.SystemCapability.DistributedDataManager.DataObject.DistributedObject", - "const.SystemCapability.DistributedDataManager.RelationalStore.Core", - "const.SystemCapability.DistributedDataManager.DataShare.Core", - "const.SystemCapability.DistributedDataManager.DataShare.Consumer", - "const.SystemCapability.DistributedDataManager.DataShare.Provider", - "const.SystemCapability.MiscServices.Pasteboard", - "const.SystemCapability.Security.AccessToken", - "const.SystemCapability.Security.DeviceSecurityLevel", - "const.SystemCapability.Security.DataTransitManager", - "const.SystemCapability.Security.DeviceAuth", - "const.SystemCapability.Security.AppVerify", - "const.SystemCapability.Security.CertificateManager", - "const.SystemCapability.Security.Huks", - "const.SystemCapability.Security.Cipher", - "const.SystemCapability.Security.CryptoFramework", - "const.SystemCapability.Security.Cert", - "const.SystemCapability.UserIAM.UserAuth.FaceAuth", - "const.SystemCapability.UserIAM.UserAuth.PinAuth", - "const.SystemCapability.UserIAM.UserAuth.Core", - "const.SystemCapability.UserIAM.UserAuth.FingerprintAuth", - "const.SystemCapability.Startup.SystemInfo", - "const.SystemCapability.HiviewDFX.HiLog", - "const.SystemCapability.HiviewDFX.HiTrace", - "const.SystemCapability.HiviewDFX.HiSysEvent", - "const.SystemCapability.HiviewDFX.HiAppEvent", - "const.SystemCapability.HiviewDFX.Hiview", - "const.SystemCapability.HiviewDFX.Hiview.FaultLogger", - "const.SystemCapability.HiviewDFX.HiChecker", - "const.SystemCapability.HiviewDFX.HiDumper", - "const.SystemCapability.Utils.Lang", - "const.SystemCapability.BundleManager.BundleTool", - "const.SystemCapability.BundleManager.DistributedBundleFramework", - "const.SystemCapability.BundleManager.BundleFramework", - "const.SystemCapability.BundleManager.Zlib", - "const.SystemCapability.BundleManager.BundleFramework.AppControl", - "const.SystemCapability.BundleManager.BundleFramework.Core", - "const.SystemCapability.BundleManager.BundleFramework.FreeInstall", - "const.SystemCapability.BundleManager.BundleFramework.Launcher", - "const.SystemCapability.BundleManager.BundleFramework.DefaultApp", - "const.SystemCapability.BundleManager.BundleFramework.Resource", - "const.SystemCapability.Ability.AbilityBase", - "const.SystemCapability.Ability.DistributedAbilityManager", - "const.SystemCapability.Ability.AbilityRuntime.Core", - "const.SystemCapability.Ability.AbilityRuntime.FAModel", - "const.SystemCapability.Ability.AbilityRuntime.AbilityCore", - "const.SystemCapability.Ability.AbilityRuntime.Mission", - "const.SystemCapability.Ability.AbilityRuntime.QuickFix", - "const.SystemCapability.Ability.AbilityTools.AbilityAssistant", - "const.SystemCapability.Ability.Form", - "const.SystemCapability.Notification.Emitter", - "const.SystemCapability.Notification.Notification", - "const.SystemCapability.Notification.ReminderAgent", - "const.SystemCapability.Notification.CommonEvent", - "const.SystemCapability.Communication.SoftBus.Core", - "const.SystemCapability.Communication.NetManager.Core", - "const.SystemCapability.Communication.Bluetooth.Core", - "const.SystemCapability.Communication.Bluetooth.Lite", - "const.SystemCapability.Communication.NetStack", - "const.SystemCapability.Communication.WiFi.STA", - "const.SystemCapability.Communication.WiFi.AP.Core", - "const.SystemCapability.Communication.WiFi.P2P", - "const.SystemCapability.Communication.WiFi.Core", - "const.SystemCapability.Communication.IPC.Core", - "const.SystemCapability.Communication.NetManager.Ethernet", - "const.SystemCapability.Communication.NetManager.NetSharing", - "const.SystemCapability.Communication.NetManager.MDNS", - "const.SystemCapability.Communication.NetManager.Vpn", - "const.SystemCapability.Location.Location.Core", - "const.SystemCapability.Location.Location.Gnss", - "const.SystemCapability.Location.Location.Geofence", - "const.SystemCapability.Location.Location.Geocoder", - "const.SystemCapability.Location.Location.Lite", - "const.SystemCapability.Update.UpdateService", - "const.SystemCapability.HiviewDFX.HiProfiler.HiDebug", - "const.SystemCapability.Developtools.Syscap", - "const.SystemCapability.Sensors.Sensor", - "const.SystemCapability.Sensors.MiscDevice", - "const.SystemCapability.Graphic.Graphic2D.ColorManager.Core", - "const.SystemCapability.Graphic.Graphic2D.EGL", - "const.SystemCapability.Graphic.Graphic2D.GLES3", - "const.SystemCapability.Graphic.Graphic2D.NativeWindow", - "const.SystemCapability.Graphic.Graphic2D.NativeDrawing", - "const.SystemCapability.Graphic.Graphic2D.WebGL", - "const.SystemCapability.Graphic.Graphic2D.WebGL2", - "const.SystemCapability.WindowManager.WindowManager.Core", - "const.SystemCapability.MiscServices.Time", - "const.SystemCapability.MiscServices.InputMethodFramework", - "const.SystemCapability.MiscServices.Download", - "const.SystemCapability.MiscServices.Upload", - "const.SystemCapability.Print.PrintFramework", - "const.SystemCapability.MiscServices.ScreenLock", - "const.SystemCapability.MiscServices.Wallpaper", - "const.SystemCapability.Multimedia.Audio.Core", - "const.SystemCapability.Multimedia.Audio.Renderer", - "const.SystemCapability.Multimedia.Audio.Capturer", - "const.SystemCapability.Multimedia.Audio.Device", - "const.SystemCapability.Multimedia.Audio.Volume", - "const.SystemCapability.Multimedia.Audio.Communication", - "const.SystemCapability.Multimedia.Audio.Tone", - "const.SystemCapability.Multimedia.Audio.Interrupt", - "const.SystemCapability.Multimedia.Image.Core", - "const.SystemCapability.Multimedia.Image.ImageSource", - "const.SystemCapability.Multimedia.Image.ImagePacker", - "const.SystemCapability.Multimedia.Image.ImageReceiver", - "const.SystemCapability.Multimedia.Image.ImageCreator", - "const.SystemCapability.Multimedia.Camera.Core", - "const.SystemCapability.Multimedia.MediaLibrary.Core", - "const.SystemCapability.Multimedia.MediaLibrary.DistributedCore", - "const.SystemCapability.FileManagement.UserFileManager.Core", - "const.SystemCapability.FileManagement.UserFileManager.DistributedCore", - "const.SystemCapability.Multimedia.Media.Core", - "const.SystemCapability.Multimedia.Media.AudioPlayer", - "const.SystemCapability.Multimedia.Media.VideoPlayer", - "const.SystemCapability.Multimedia.Media.AudioRecorder", - "const.SystemCapability.Multimedia.Media.VideoRecorder", - "const.SystemCapability.Multimedia.Media.AudioDecoder", - "const.SystemCapability.Multimedia.Media.AudioEncoder", - "const.SystemCapability.Multimedia.Media.VideoDecoder", - "const.SystemCapability.Multimedia.Media.VideoEncoder", - "const.SystemCapability.Multimedia.Media.CodecBase", - "const.SystemCapability.Multimedia.Media.AVPlayer", - "const.SystemCapability.Multimedia.Media.AVRecorder", - "const.SystemCapability.Multimedia.SystemSound.Core", - "const.SystemCapability.Multimedia.AVSession", - "const.SystemCapability.Multimedia.AVSession.Core", - "const.SystemCapability.Multimedia.AVSession.Manager", - "const.SystemCapability.MultimodalInput.Input.InputConsumer", - "const.SystemCapability.MultimodalInput.Input.InputDevice", - "const.SystemCapability.MultimodalInput.Input.Core", - "const.SystemCapability.MultimodalInput.Input.InputSimulator", - "const.SystemCapability.MultimodalInput.Input.InputMonitor", - "const.SystemCapability.MultimodalInput.Input.Pointer", - "const.SystemCapability.MultimodalInput.Input.ShortKey", - "const.SystemCapability.Telephony.DataStorage", - "const.SystemCapability.Telephony.CellularCall", - "const.SystemCapability.Telephony.CellularData", - "const.SystemCapability.Telephony.SmsMms", - "const.SystemCapability.Telephony.StateRegistry", - "const.SystemCapability.Telephony.CallManager", - "const.SystemCapability.Telephony.CoreService", - "const.SystemCapability.Global.I18n", - "const.SystemCapability.Global.ResourceManager", - "const.SystemCapability.PowerManager.BatteryStatistics", - "const.SystemCapability.PowerManager.ThermalManager", - "const.SystemCapability.PowerManager.PowerManager.Core", - "const.SystemCapability.PowerManager.PowerManager.Extension", - "const.SystemCapability.PowerManager.DisplayPowerManager", - "const.SystemCapability.PowerManager.BatteryManager.Core", - "const.SystemCapability.PowerManager.BatteryManager.Extension", - "const.SystemCapability.USB.USBManager", - "const.SystemCapability.Applications.settings.Core", - "const.SystemCapability.Applications.ContactsData", - "const.SystemCapability.XTS.DeviceAttest", - "const.SystemCapability.Test.WuKong", - "const.SystemCapability.Test.UiTest", - "const.SystemCapability.DistributedHardware.DistributedAudio", - "const.SystemCapability.DistributedHardware.DistributedCamera", - "const.SystemCapability.DistributedHardware.DistributedScreen", - "const.SystemCapability.DistributedHardware.DistributedInput", - "const.SystemCapability.DistributedHardware.DistributedHardwareFWK", - "const.SystemCapability.DistributedHardware.DeviceManager", - "const.SystemCapability.Msdp.DeviceStatus.Stationary", - "const.SystemCapability.FileManagement.File.FileIO", - "const.SystemCapability.FileManagement.File.Environment", - "const.SystemCapability.FileManagement.File.DistributedFile", - "const.SystemCapability.FileManagement.DistributedFileService.CloudSyncManager", - "const.SystemCapability.FileManagement.UserFileService", - "const.SystemCapability.FileManagement.AppFileService", - "const.SystemCapability.FileManagement.StorageService.Backup", - "const.SystemCapability.FileManagement.StorageService.SpatialStatistics", - "const.SystemCapability.FileManagement.StorageService.Volume", - "const.SystemCapability.FileManagement.StorageService.Encryption", - "const.SystemCapability.ResourceSchedule.WorkScheduler", - "const.SystemCapability.ResourceSchedule.BackgroundTaskManager.ContinuousTask", - "const.SystemCapability.ResourceSchedule.BackgroundTaskManager.TransientTask", - "const.SystemCapability.ResourceSchedule.BackgroundTaskManager.EfficiencyResourcesApply", - "const.SystemCapability.ResourceSchedule.UsageStatistics.AppGroup", - "const.SystemCapability.ResourceSchedule.UsageStatistics.App", - "const.SystemCapability.BarrierFree.Accessibility.Core", - "const.SystemCapability.BarrierFree.Accessibility.Hearing", - "const.SystemCapability.BarrierFree.Accessibility.Vision", - "const.SystemCapability.Customization.ConfigPolicy", - "const.SystemCapability.Customization.EnterpriseDeviceManager", - "const.SystemCapability.Web.Webview.Core", - "const.SystemCapability.Ai.MindSpore", - "persist.time.timezone", - "hiviewdfx.hiprofiler.", - "libc.hook_mode.", - "hilog.private.on", - "hilog.debug.on", - "persist.sys.hilog.kmsg.on", - "persist.sys.hilog.debug.on", - "hilog.flowctrl.proc.on", - "hilog.flowctrl.domain.on", - "hilog.loggable.global", - "hilog.buffersize.global", - "persist.time.", - "const.ark.minVersion", - "const.ark.version", - "const.display.brightness.min", - "const.display.brightness.default", - "const.display.brightness.max", - "persist.telephony.", - "telephony.", - "sys.", - "sys.usb", - "net.", - "net.tcp.", - "const.postinstall.", - "const.postinstall.fstab.", - "const.allow.", - "const.allow.mock.", - "security.", - "persist.", - "persist.sys.", - "debug.", - "musl.", - "bootevent.wms.", - "ffrt.", - "hiviewdfx.hiperf.", - "persist.multimedia.audio.", - "persist.ark.", - "persist.ace.", - "accesstoken.permission.", - "persist.bms.", - "distributedsched.continuationmanager.", - "updater.hdc.configfs", - "updater.flashd.configfs", - "updater.data.configs", - "persist.xts.devattest.authresult", - "llvm.debug.service.", - "persist.edm.edm_enable", - "persist.edm.", - "persist.usb.setting.gadget_conn_prompt", - "persist.usb.setting." -] +[ + "const.ohos.version.security_patch", + "const.ohos.releasetype", + "const.ohos.apiversion", + "const.ohos.fullname", + "persist.thermal.log.enable", + "persist.thermal.log.interval", + "persist.thermal.log.width", + "persist.thermal.log.", + "sys.usb.config", + "const.product.hardwareversion", + "const.product.brand", + "const.build.product", + "accesstoken.permission.change", + "persist.resourceschedule.memmgr.eswap.permanently.closed", + "persist.resourceschedule.memmgr.eswap.minsToday", + "persist.resourceschedule.memmgr.eswap.swapOutKBToday", + "persist.resourceschedule.memmgr.eswap.minsFromBirth", + "persist.resourceschedule.memmgr.eswap.swapOutKBFromBirth", + "const.cust.", + "persist.darkmode", + "sys.usb.ffs.ready", + "persist.hdc.root", + "persist.hdc.mode", + "persist.hdc.port", + "persist.hdc.uv.threads", + "persist.hdc.control", + "persist.hdc.control.shell", + "persist.hdc.control.file", + "persist.hdc.control.fport", + "accessibility.config.ready", + "bootevent.appfwk.ready", + "component.startup.newRules", + "component.startup.newRules.except.LauncherSystemUI", + "component.startup.backgroundJudge.flag", + "component.startup.whitelist.associatedWakeUp", + "netmanager_base.", + "persist.netmanager_base.", + "const.distributed_file_property.enabled", + "const.distributed_file_only_for_same_account_test", + "const.telephony.slotCount", + "telephony.sim.opkey0", + "telephony.sim.opkey1", + "persist.sys.default_ime", + "ohos.servicectrl.", + "ohos.servicectrl.reboot.", + "ohos.boot.", + "bootevent.", + "startup.service.ctl.", + "startup.device.", + "const.debuggable", + "const.build.", + "const.SystemCapability.", + "const.product.", + "persist.init.", + "startup.appspawn.", + "startup.uevent.", + "persist.init.debug.", + "persist.init.bootevent.enable", + "persist.appspawn.", + "persist.xts.devattest.", + "ohos.boot.sn", + "const.product.udid", + "const.product.devUdid", + "const.actionable_compatible_property.enabled", + "const.postinstall.fstab.prefix", + "const.secure", + "security.perf_harden", + "const.allow.mock.location", + "persist.sys.usb.config", + "persist.window.boot.", + "debug.bytrace.", + "persist.distributed_hardware.device_manager.", + "persist.sys.hiview.", + "vendor.hifi.watchdog.come", + "bootevent.wms.fullscreen.ready", + "persist.pasteboard.", + "const.theme.screenlockWhiteApp", + "const.theme.screenlockApp", + "persist.global.language", + "persist.global.locale", + "persist.global.is24Hour", + "persist.sys.preferredLanguages", + "const.global.locale", + "const.global.language", + "const.global.region", + "bootevent.useriam.fwkready", + "hiviewdfx.hiperf.perf_event_max_sample_rate", + "hiviewdfx.hiperf.perf_cpu_time_max_percent", + "hiviewdfx.hiperf.perf_event_mlock_kb", + "persist.filemanagement.usb.readonly", + "debug.hitrace.tags.enableflags", + "hilog.", + "persist.sys.hilog.", + "bootevent.samgr.ready", + "persist.samgr.perf.ondemand", + "persist.sys.graphic.animationscale", + "debug.graphic.", + "musl.log.enable", + "musl.log.ld.all", + "const.display.brightness.", + "persist.sys.arkui.animationscale", + "const.build.characteristics", + "const.product.model", + "const.product.name", + "const.sandbox", + "const.product.devicetype", + "const.software.model", + "const.product.manufacturer", + "const.product.bootloader.version", + "const.product.cpu.abilist", + "const.product.software.version", + "const.product.incremental.version", + "const.product.firstapiversion", + "const.product.build.type", + "const.product.build.user", + "const.product.build.host", + "const.product.build.date", + "const.product.hardwareprofile", + "const.ohos.buildroothash", + "backup.debug.overrideExtensionConfig", + "persist.netmanager_base.http_proxy.host", + "persist.netmanager_base.http_proxy.port", + "persist.netmanager_base.http_proxy.exclusion_list", + "persist.distributed_hardware.device_manager.discover_status", + "input.pointer.device", + "hiviewdfx.hiprofiler.profilerd.start", + "hiviewdfx.hiprofiler.plugins.start", + "hiviewdfx.hiprofiler.native_memoryd.start", + "libc.hook_mode", + "persist.multimedia.audio.mediavolume", + "const.SystemCapability.ArkUI.UiAppearance", + "const.SystemCapability.ArkUI.ArkUI.Full", + "const.SystemCapability.ArkUI.ArkUI.Napi", + "const.SystemCapability.ArkUI.ArkUI.Libuv", + "const.SystemCapability.Account.AppAccount", + "const.SystemCapability.Account.OsAccount", + "const.SystemCapability.DistributedDataManager.KVStore.Core", + "const.SystemCapability.DistributedDataManager.KVStore.Lite", + "const.SystemCapability.DistributedDataManager.KVStore.DistributedKVStore", + "const.SystemCapability.DistributedDataManager.Preferences.Core", + "const.SystemCapability.DistributedDataManager.DataObject.DistributedObject", + "const.SystemCapability.DistributedDataManager.RelationalStore.Core", + "const.SystemCapability.DistributedDataManager.DataShare.Core", + "const.SystemCapability.DistributedDataManager.DataShare.Consumer", + "const.SystemCapability.DistributedDataManager.DataShare.Provider", + "const.SystemCapability.MiscServices.Pasteboard", + "const.SystemCapability.Security.AccessToken", + "const.SystemCapability.Security.DeviceSecurityLevel", + "const.SystemCapability.Security.DataTransitManager", + "const.SystemCapability.Security.DeviceAuth", + "const.SystemCapability.Security.AppVerify", + "const.SystemCapability.Security.CertificateManager", + "const.SystemCapability.Security.Huks", + "const.SystemCapability.Security.Cipher", + "const.SystemCapability.Security.CryptoFramework", + "const.SystemCapability.Security.Cert", + "const.SystemCapability.UserIAM.UserAuth.FaceAuth", + "const.SystemCapability.UserIAM.UserAuth.PinAuth", + "const.SystemCapability.UserIAM.UserAuth.Core", + "const.SystemCapability.UserIAM.UserAuth.FingerprintAuth", + "const.SystemCapability.Startup.SystemInfo", + "const.SystemCapability.HiviewDFX.HiLog", + "const.SystemCapability.HiviewDFX.HiTrace", + "const.SystemCapability.HiviewDFX.HiSysEvent", + "const.SystemCapability.HiviewDFX.HiAppEvent", + "const.SystemCapability.HiviewDFX.Hiview", + "const.SystemCapability.HiviewDFX.Hiview.FaultLogger", + "const.SystemCapability.HiviewDFX.HiChecker", + "const.SystemCapability.HiviewDFX.HiDumper", + "const.SystemCapability.Utils.Lang", + "const.SystemCapability.BundleManager.BundleTool", + "const.SystemCapability.BundleManager.DistributedBundleFramework", + "const.SystemCapability.BundleManager.BundleFramework", + "const.SystemCapability.BundleManager.Zlib", + "const.SystemCapability.BundleManager.BundleFramework.AppControl", + "const.SystemCapability.BundleManager.BundleFramework.Core", + "const.SystemCapability.BundleManager.BundleFramework.FreeInstall", + "const.SystemCapability.BundleManager.BundleFramework.Launcher", + "const.SystemCapability.BundleManager.BundleFramework.DefaultApp", + "const.SystemCapability.BundleManager.BundleFramework.Resource", + "const.SystemCapability.Ability.AbilityBase", + "const.SystemCapability.Ability.DistributedAbilityManager", + "const.SystemCapability.Ability.AbilityRuntime.Core", + "const.SystemCapability.Ability.AbilityRuntime.FAModel", + "const.SystemCapability.Ability.AbilityRuntime.AbilityCore", + "const.SystemCapability.Ability.AbilityRuntime.Mission", + "const.SystemCapability.Ability.AbilityRuntime.QuickFix", + "const.SystemCapability.Ability.AbilityTools.AbilityAssistant", + "const.SystemCapability.Ability.Form", + "const.SystemCapability.Notification.Emitter", + "const.SystemCapability.Notification.Notification", + "const.SystemCapability.Notification.ReminderAgent", + "const.SystemCapability.Notification.CommonEvent", + "const.SystemCapability.Communication.SoftBus.Core", + "const.SystemCapability.Communication.NetManager.Core", + "const.SystemCapability.Communication.Bluetooth.Core", + "const.SystemCapability.Communication.Bluetooth.Lite", + "const.SystemCapability.Communication.NetStack", + "const.SystemCapability.Communication.WiFi.STA", + "const.SystemCapability.Communication.WiFi.AP.Core", + "const.SystemCapability.Communication.WiFi.P2P", + "const.SystemCapability.Communication.WiFi.Core", + "const.SystemCapability.Communication.IPC.Core", + "const.SystemCapability.Communication.NetManager.Ethernet", + "const.SystemCapability.Communication.NetManager.NetSharing", + "const.SystemCapability.Communication.NetManager.MDNS", + "const.SystemCapability.Communication.NetManager.Vpn", + "const.SystemCapability.Location.Location.Core", + "const.SystemCapability.Location.Location.Gnss", + "const.SystemCapability.Location.Location.Geofence", + "const.SystemCapability.Location.Location.Geocoder", + "const.SystemCapability.Location.Location.Lite", + "const.SystemCapability.Update.UpdateService", + "const.SystemCapability.HiviewDFX.HiProfiler.HiDebug", + "const.SystemCapability.Developtools.Syscap", + "const.SystemCapability.Sensors.Sensor", + "const.SystemCapability.Sensors.MiscDevice", + "const.SystemCapability.Graphic.Graphic2D.ColorManager.Core", + "const.SystemCapability.Graphic.Graphic2D.EGL", + "const.SystemCapability.Graphic.Graphic2D.GLES3", + "const.SystemCapability.Graphic.Graphic2D.NativeWindow", + "const.SystemCapability.Graphic.Graphic2D.NativeDrawing", + "const.SystemCapability.Graphic.Graphic2D.WebGL", + "const.SystemCapability.Graphic.Graphic2D.WebGL2", + "const.SystemCapability.WindowManager.WindowManager.Core", + "const.SystemCapability.MiscServices.Time", + "const.SystemCapability.MiscServices.InputMethodFramework", + "const.SystemCapability.MiscServices.Download", + "const.SystemCapability.MiscServices.Upload", + "const.SystemCapability.Print.PrintFramework", + "const.SystemCapability.MiscServices.ScreenLock", + "const.SystemCapability.MiscServices.Wallpaper", + "const.SystemCapability.Multimedia.Audio.Core", + "const.SystemCapability.Multimedia.Audio.Renderer", + "const.SystemCapability.Multimedia.Audio.Capturer", + "const.SystemCapability.Multimedia.Audio.Device", + "const.SystemCapability.Multimedia.Audio.Volume", + "const.SystemCapability.Multimedia.Audio.Communication", + "const.SystemCapability.Multimedia.Audio.Tone", + "const.SystemCapability.Multimedia.Audio.Interrupt", + "const.SystemCapability.Multimedia.Image.Core", + "const.SystemCapability.Multimedia.Image.ImageSource", + "const.SystemCapability.Multimedia.Image.ImagePacker", + "const.SystemCapability.Multimedia.Image.ImageReceiver", + "const.SystemCapability.Multimedia.Image.ImageCreator", + "const.SystemCapability.Multimedia.Camera.Core", + "const.SystemCapability.Multimedia.MediaLibrary.Core", + "const.SystemCapability.Multimedia.MediaLibrary.DistributedCore", + "const.SystemCapability.FileManagement.UserFileManager.Core", + "const.SystemCapability.FileManagement.UserFileManager.DistributedCore", + "const.SystemCapability.Multimedia.Media.Core", + "const.SystemCapability.Multimedia.Media.AudioPlayer", + "const.SystemCapability.Multimedia.Media.VideoPlayer", + "const.SystemCapability.Multimedia.Media.AudioRecorder", + "const.SystemCapability.Multimedia.Media.VideoRecorder", + "const.SystemCapability.Multimedia.Media.AudioDecoder", + "const.SystemCapability.Multimedia.Media.AudioEncoder", + "const.SystemCapability.Multimedia.Media.VideoDecoder", + "const.SystemCapability.Multimedia.Media.VideoEncoder", + "const.SystemCapability.Multimedia.Media.CodecBase", + "const.SystemCapability.Multimedia.Media.AVPlayer", + "const.SystemCapability.Multimedia.Media.AVRecorder", + "const.SystemCapability.Multimedia.SystemSound.Core", + "const.SystemCapability.Multimedia.AVSession", + "const.SystemCapability.Multimedia.AVSession.Core", + "const.SystemCapability.Multimedia.AVSession.Manager", + "const.SystemCapability.MultimodalInput.Input.InputConsumer", + "const.SystemCapability.MultimodalInput.Input.InputDevice", + "const.SystemCapability.MultimodalInput.Input.Core", + "const.SystemCapability.MultimodalInput.Input.InputSimulator", + "const.SystemCapability.MultimodalInput.Input.InputMonitor", + "const.SystemCapability.MultimodalInput.Input.Pointer", + "const.SystemCapability.MultimodalInput.Input.ShortKey", + "const.SystemCapability.Telephony.DataStorage", + "const.SystemCapability.Telephony.CellularCall", + "const.SystemCapability.Telephony.CellularData", + "const.SystemCapability.Telephony.SmsMms", + "const.SystemCapability.Telephony.StateRegistry", + "const.SystemCapability.Telephony.CallManager", + "const.SystemCapability.Telephony.CoreService", + "const.SystemCapability.Global.I18n", + "const.SystemCapability.Global.ResourceManager", + "const.SystemCapability.PowerManager.BatteryStatistics", + "const.SystemCapability.PowerManager.ThermalManager", + "const.SystemCapability.PowerManager.PowerManager.Core", + "const.SystemCapability.PowerManager.PowerManager.Extension", + "const.SystemCapability.PowerManager.DisplayPowerManager", + "const.SystemCapability.PowerManager.BatteryManager.Core", + "const.SystemCapability.PowerManager.BatteryManager.Extension", + "const.SystemCapability.USB.USBManager", + "const.SystemCapability.Applications.settings.Core", + "const.SystemCapability.Applications.ContactsData", + "const.SystemCapability.XTS.DeviceAttest", + "const.SystemCapability.Test.WuKong", + "const.SystemCapability.Test.UiTest", + "const.SystemCapability.DistributedHardware.DistributedAudio", + "const.SystemCapability.DistributedHardware.DistributedCamera", + "const.SystemCapability.DistributedHardware.DistributedScreen", + "const.SystemCapability.DistributedHardware.DistributedInput", + "const.SystemCapability.DistributedHardware.DistributedHardwareFWK", + "const.SystemCapability.DistributedHardware.DeviceManager", + "const.SystemCapability.Msdp.DeviceStatus.Stationary", + "const.SystemCapability.FileManagement.File.FileIO", + "const.SystemCapability.FileManagement.File.Environment", + "const.SystemCapability.FileManagement.File.DistributedFile", + "const.SystemCapability.FileManagement.DistributedFileService.CloudSyncManager", + "const.SystemCapability.FileManagement.UserFileService", + "const.SystemCapability.FileManagement.AppFileService", + "const.SystemCapability.FileManagement.StorageService.Backup", + "const.SystemCapability.FileManagement.StorageService.SpatialStatistics", + "const.SystemCapability.FileManagement.StorageService.Volume", + "const.SystemCapability.FileManagement.StorageService.Encryption", + "const.SystemCapability.ResourceSchedule.WorkScheduler", + "const.SystemCapability.ResourceSchedule.BackgroundTaskManager.ContinuousTask", + "const.SystemCapability.ResourceSchedule.BackgroundTaskManager.TransientTask", + "const.SystemCapability.ResourceSchedule.BackgroundTaskManager.EfficiencyResourcesApply", + "const.SystemCapability.ResourceSchedule.UsageStatistics.AppGroup", + "const.SystemCapability.ResourceSchedule.UsageStatistics.App", + "const.SystemCapability.BarrierFree.Accessibility.Core", + "const.SystemCapability.BarrierFree.Accessibility.Hearing", + "const.SystemCapability.BarrierFree.Accessibility.Vision", + "const.SystemCapability.Customization.ConfigPolicy", + "const.SystemCapability.Customization.EnterpriseDeviceManager", + "const.SystemCapability.Web.Webview.Core", + "const.SystemCapability.Ai.MindSpore", + "persist.time.timezone", + "hiviewdfx.hiprofiler.", + "libc.hook_mode.", + "hilog.private.on", + "hilog.debug.on", + "persist.sys.hilog.kmsg.on", + "persist.sys.hilog.debug.on", + "hilog.flowctrl.proc.on", + "hilog.flowctrl.domain.on", + "hilog.loggable.global", + "hilog.buffersize.global", + "persist.time.", + "const.ark.minVersion", + "const.ark.version", + "const.display.brightness.min", + "const.display.brightness.default", + "const.display.brightness.max", + "persist.telephony.", + "telephony.", + "sys.", + "sys.usb", + "net.", + "net.tcp.", + "const.postinstall.", + "const.postinstall.fstab.", + "const.allow.", + "const.allow.mock.", + "security.", + "persist.", + "persist.sys.", + "debug.", + "musl.", + "bootevent.wms.", + "ffrt.", + "hiviewdfx.hiperf.", + "persist.multimedia.audio.", + "persist.ark.", + "persist.ace.", + "accesstoken.permission.", + "persist.bms.", + "distributedsched.continuationmanager.", + "updater.hdc.configfs", + "updater.flashd.configfs", + "updater.data.configs", + "persist.xts.devattest.authresult", + "llvm.debug.service.", + "persist.edm.edm_enable", + "persist.edm.", + "persist.usb.setting.gadget_conn_prompt", + "persist.usb.setting." +] diff --git a/tools/startup_guard/rules/NO-Plug-In_Module-Init/README.md b/tools/startup_guard/rules/NO-Plug-In_Module-Init/README.md new file mode 100755 index 0000000..653d4cb --- /dev/null +++ b/tools/startup_guard/rules/NO-Plug-In_Module-Init/README.md @@ -0,0 +1,50 @@ +# 插件化白名单规则说明 + +## 规则解释 + 白名单严格遵循JSON格式。 + + ### **init扩展插件检查** + **[白名单](whitelist.json)** 约束插件依赖。 + + - 规则要求 + 1. 约束除基础库外的动态库。 + 2. 插件不在白名单内。 + + - 白名单信息解释 + ``` + { + "base_library":[ + "libc.so", + "libc++.so", + "libinit_module_engine.so" + ], + "private_library": { + "libudidmodule.z.so": { // 插件模块动态库 + "library_name" : "libudidmodule.z.so", + "deps" : [ + "libsec_shared.z.so", + "libmbedtls.z.so" + ] + } + } + } + ``` + 1. base_library: 白名单基础库。 + 2. private_library: 插件依赖动态库。 + 3. library_name: 插件动态库。 + 4. deps: 插件依赖动态库。 + + - 解决方法 + 1. 排查插件安装目录: system/lib/init、vendor/lib/init、sys_prod/lib/init、chip_prod/lib/init。 + 2. 排查插件是否在白名单中配置。 + 3. 排查插件依赖动态库是否找白名单中配置。base_library 之外的动态库,添加在private_library列表中。 + + +编译时会提示如下类型的告警: + ``` + [NOT ALLOWED]: the dependent shared library libmbedtls.z.so of libudidmodule.z.so is not in whitelist + [NOT ALLOWED]: libinit_eng.z.so is not in whitelists +``` + +## 违规场景及处理方案建议 + 1. 根据 **[规则解释](README.md#规则解释)** 排查修改, 如果需要添加白名单,需要评审。 diff --git a/tools/startup_guard/rules/NO-Plug-In_Module-Init/whitelist.json b/tools/startup_guard/rules/NO-Plug-In_Module-Init/whitelist.json new file mode 100755 index 0000000..6e669a9 --- /dev/null +++ b/tools/startup_guard/rules/NO-Plug-In_Module-Init/whitelist.json @@ -0,0 +1,67 @@ +[ + { + "base_library":[ + "libc.so", + "libc++.so", + "libinit_module_engine.so" + ], + "private_library": { + "libudidmodule.z.so": { + "library_name" : "libudidmodule.z.so", + "deps" : [ + "libsec_shared.z.so", + "libmbedtls.z.so" + ] + }, + "libinit_eng.z.so": { + "library_name" : "libinit_eng.z.so", + "deps" : [ + "libsec_shared.z.so" + ] + }, + "libbootchart.z.so": { + "library_name" : "libbootchart.z.so", + "deps" : [ + "libsec_shared.z.so" + ] + }, + "libeventmodule.z.so": { + "library_name" : "libeventmodule.z.so", + "deps" : [ + "libsec_shared.z.so", + "libhisysevent.z.so" + ] + }, + "libinit_context.z.so": { + "library_name" : "libinit_context.z.so", + "deps" : [ + "libsec_shared.z.so", + "libselinux.z.so" + ] + }, + "libinittrace.z.so": { + "library_name" : "libinittrace.z.so", + "deps" : [ + "libsec_shared.z.so", + "libcjson.z.so" + ] + }, + "librebootmodule.z.so": { + "library_name" : "librebootmodule.z.so", + "deps" : [ + "libsec_shared.z.so", + "libcjson.z.so" + ] + }, + "libselinuxadp.z.so": { + "library_name" : "libselinuxadp.z.so", + "deps" : [ + "libsec_shared.z.so", + "libselinux.z.so", + "libload_policy.z.so", + "librestorecon.z.so" + ] + } + } + } +] \ No newline at end of file diff --git a/tools/startup_guard/startup_checker/__init__.py b/tools/startup_guard/startup_checker/__init__.py index 5231516..a550f7b 100755 --- a/tools/startup_guard/startup_checker/__init__.py +++ b/tools/startup_guard/startup_checker/__init__.py @@ -18,11 +18,13 @@ from .cmds_rule import cmdRule from .system_parameter_rules import SystemParameterRule +from .plug_in_rule import PlugInModuleRule def check_all_rules(mgr, args): rules = [ cmdRule, SystemParameterRule, + PlugInModuleRule, ] passed = True diff --git a/tools/startup_guard/startup_checker/plug_in_rule.py b/tools/startup_guard/startup_checker/plug_in_rule.py new file mode 100644 index 0000000..1031d8c --- /dev/null +++ b/tools/startup_guard/startup_checker/plug_in_rule.py @@ -0,0 +1,75 @@ +#!/usr/bin/env python +#coding=utf-8 + +# +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import os +import subprocess + +from .base_rule import BaseRule + +class PlugInModuleRule(BaseRule): + RULE_NAME = "NO-Plug-In_Module-Init" + + def __init__(self, mgr, args): + super().__init__(mgr, args) + self._base_so = [] + self._private_so = {} + + def _read_elf_dt_needed(self, file): + # print(file) + passed = True + paser = self._private_so + file_name = os.path.basename(file) + proc = subprocess.Popen(["readelf", "-d", file], + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + out, _ = proc.communicate() + lines = out.splitlines() + for line in lines: + line = str(line) + if " (NEEDED) " in line: + needed = line.strip().split("[")[-1].split("]")[0] + for key, item in paser.items(): + if file_name == key : + if needed in item["deps"] or needed in self._base_so: + pass + else: + error_log = "the dependent shared library {} of {} is not in whitelist".format(needed, file_name) + self.error("%s" % error_log) + passed = False + continue + pass + return passed + + def check_plug_in_library(self): + passed = True + cfg_parser = self.get_mgr().get_parser_by_name('config_parser') + white_lists =self.get_white_lists() + for key, item in white_lists[0].items(): + if key == "base_library": + self._base_so = item + if key == "private_library": + self._private_so = item + keys = list(self._private_so.keys()) + for name in cfg_parser._plug_in: + if os.path.basename(name) not in keys: + self.error("%s is not in whitelists" % os.path.basename(name)) + continue + passed = self._read_elf_dt_needed(name) + return passed + + def __check__(self): + return self.check_plug_in_library() diff --git a/tools/startup_guard/startup_checker/system_parameter_rules.py b/tools/startup_guard/startup_checker/system_parameter_rules.py index 3f11a4d..dc7c130 100644 --- a/tools/startup_guard/startup_checker/system_parameter_rules.py +++ b/tools/startup_guard/startup_checker/system_parameter_rules.py @@ -64,6 +64,7 @@ class SystemParameterRule(BaseRule): continue if key in white_list: continue + print("counts = ", counts) if counts > SystemParameterRule.CONFIG_DAC_MAX_NUM: self.error("DAC overallocated memory") passed = False diff --git a/tools/startup_guard/startup_guard.py b/tools/startup_guard/startup_guard.py index 92e259c..6de4f8b 100755 --- a/tools/startup_guard/startup_guard.py +++ b/tools/startup_guard/startup_guard.py @@ -29,9 +29,9 @@ def __create_arg_parser(): help='force to pass all rules', required=False) return parser -def startup_guard(out_path, args=None): +def startup_guard(out_path, target_cpu ,args=None): mgr = ConfigParserMgr() - mgr.load_all_parser(out_path) + mgr.load_all_parser(out_path, target_cpu) from startup_checker import check_all_rules passed = check_all_rules(mgr, args) -- Gitee