From 17756c0602b13dca63b9c74620fb0ba3cfadb46f Mon Sep 17 00:00:00 2001 From: j30052480 Date: Fri, 14 Jun 2024 15:47:36 +0800 Subject: [PATCH 1/6] feat: devmgr adapting calling sid Signed-off-by: j30052480 --- adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp | 7 ++++++- adapter/uhdf2/manager/src/devsvc_manager_stub.c | 17 +++++++++++------ 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp b/adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp index 9e04980f6..01d027b1e 100644 --- a/adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp +++ b/adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp @@ -430,6 +430,11 @@ pid_t HdfRemoteGetCallingUid(void) return OHOS::IPCSkeleton::GetCallingUid(); } +const char *HdfRemoteGetCallingSid(void) +{ + return OHOS::IPCSkeleton::GetCallingSid().c_str(); +} + int HdfRemoteAdapterDefaultDispatch(struct HdfRemoteService *service, int code, struct HdfSBuf *data, struct HdfSBuf *reply) { @@ -465,4 +470,4 @@ int HdfRemoteAdapterDefaultDispatch(struct HdfRemoteService *service, } return stub->IPCObjectStub::OnRemoteRequest(code, *dataParcel, *replyParcel, option); -} \ No newline at end of file +} diff --git a/adapter/uhdf2/manager/src/devsvc_manager_stub.c b/adapter/uhdf2/manager/src/devsvc_manager_stub.c index a85a3bbf1..421a1149d 100644 --- a/adapter/uhdf2/manager/src/devsvc_manager_stub.c +++ b/adapter/uhdf2/manager/src/devsvc_manager_stub.c @@ -36,8 +36,10 @@ static int32_t AddServicePermCheck(const char *servName) { #ifdef WITH_SELINUX pid_t callingPid = HdfRemoteGetCallingPid(); - if (HdfAddServiceCheck(callingPid, servName) != 0) { - HDF_LOGE("[selinux] %{public}d haven't \"add service\" permission to %{public}s", callingPid, servName); + const char *callingSid = HdfRemoteGetCallingSid(); + if (HdfAddServiceCheck(callingSid, servName) != 0) { + HDF_LOGE("[selinux] %{public}s %{public}d haven't \"add service\" permission to %{public}s", + callingSid, callingPid, servName); return HDF_ERR_NOPERM; } #endif @@ -48,8 +50,10 @@ static int32_t GetServicePermCheck(const char *servName) { #ifdef WITH_SELINUX pid_t callingPid = HdfRemoteGetCallingPid(); - if (HdfGetServiceCheck(callingPid, servName) != 0) { - HDF_LOGE("[selinux] %{public}d haven't \"get service\" permission to %{public}s", callingPid, servName); + const char *callingSid = HdfRemoteGetCallingSid(); + if (HdfGetServiceCheck(callingSid, servName) != 0) { + HDF_LOGE("[selinux] %{public}s %{public}d haven't \"get service\" permission to %{public}s", + callingSid, callingPid, servName); return HDF_ERR_NOPERM; } #endif @@ -61,8 +65,9 @@ static int32_t ListServicePermCheck(void) { #ifdef WITH_SELINUX pid_t callingPid = HdfRemoteGetCallingPid(); - if (HdfListServiceCheck(callingPid) != 0) { - HDF_LOGE("[selinux] %{public}d haven't \"list service\" permission", callingPid); + const char *callingSid = HdfRemoteGetCallingSid(); + if (HdfListServiceCheck(callingSid) != 0) { + HDF_LOGE("[selinux] %{public}s %{public}d haven't \"list service\" permission", callingSid, callingPid); return HDF_ERR_NOPERM; } #endif -- Gitee From 8e7341762c5dd56e99f67380bd129ff2e3977700 Mon Sep 17 00:00:00 2001 From: j30052480 Date: Fri, 14 Jun 2024 16:05:25 +0800 Subject: [PATCH 2/6] feat: devmgr adapting calling sid Signed-off-by: j30052480 --- interfaces/inner_api/ipc/hdf_remote_service.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/interfaces/inner_api/ipc/hdf_remote_service.h b/interfaces/inner_api/ipc/hdf_remote_service.h index 9c57b30c7..ef972bca2 100644 --- a/interfaces/inner_api/ipc/hdf_remote_service.h +++ b/interfaces/inner_api/ipc/hdf_remote_service.h @@ -169,6 +169,13 @@ pid_t HdfRemoteGetCallingPid(void); */ pid_t HdfRemoteGetCallingUid(void); +/** + * @brief Get the caller's SID. + * + * @return The caller's SID. + */ +const char* HdfRemoteGetCallingSid(void) + /** * @brief Default command distribution for invoking ipc. * -- Gitee From 41745fa0a316789769d35947d57b784b14fc695e Mon Sep 17 00:00:00 2001 From: j30052480 Date: Sat, 15 Jun 2024 11:26:32 +0800 Subject: [PATCH 3/6] feat: devmgr adapting calling sid Signed-off-by: j30052480 --- adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp | 9 ++++++--- adapter/uhdf2/manager/src/devsvc_manager_stub.c | 9 ++++++--- interfaces/inner_api/ipc/hdf_remote_service.h | 2 +- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp b/adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp index 01d027b1e..e0baca1f1 100644 --- a/adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp +++ b/adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp @@ -302,8 +302,11 @@ int HdfRemoteAdapterAddSa(int32_t saId, struct HdfRemoteService *service) } { OHOS::HdfXCollie hdfXCollie("HdfRemoteAdapterAddSa_" + OHOS::ToString(saId) + "_add_sa", - OHOS::HdfXCollie::DEFAULT_TIMEOUT_SECONDS, nullptr, nullptr, OHOS::HdfXCollie::HDF_XCOLLIE_FLAG_RECOVERY); + OHOS::HdfXCollie::DEFAULT_TIMEOUT_SECONDS, nullptr, nullptr, OHOS::HdfXCollie::HDF_XCOLLIE_FLAG_RECOVERY); struct HdfRemoteServiceHolder *holder = reinterpret_cast(service); + OHOS::sptr remote = holder->remote_; + OHOS::IPCObjectStub *stub = reinterpret_cast(remote.GetRefPtr()); + stub->SetRequestSidFlag(true); int ret = saManager->AddSystemAbility(saId, holder->remote_); (void)OHOS::IPCSkeleton::GetInstance().SetMaxWorkThreadNum(g_remoteThreadMax++); HDF_LOGI("add sa %{public}d, ret = %{public}s", saId, (ret == 0) ? "succ" : "fail"); @@ -430,9 +433,9 @@ pid_t HdfRemoteGetCallingUid(void) return OHOS::IPCSkeleton::GetCallingUid(); } -const char *HdfRemoteGetCallingSid(void) +char *HdfRemoteGetCallingSid(void) { - return OHOS::IPCSkeleton::GetCallingSid().c_str(); + return strdup(OHOS::IPCSkeleton::GetCallingSid().c_str()); } int HdfRemoteAdapterDefaultDispatch(struct HdfRemoteService *service, diff --git a/adapter/uhdf2/manager/src/devsvc_manager_stub.c b/adapter/uhdf2/manager/src/devsvc_manager_stub.c index 421a1149d..9376e9c91 100644 --- a/adapter/uhdf2/manager/src/devsvc_manager_stub.c +++ b/adapter/uhdf2/manager/src/devsvc_manager_stub.c @@ -36,12 +36,13 @@ static int32_t AddServicePermCheck(const char *servName) { #ifdef WITH_SELINUX pid_t callingPid = HdfRemoteGetCallingPid(); - const char *callingSid = HdfRemoteGetCallingSid(); + char *callingSid = HdfRemoteGetCallingSid(); if (HdfAddServiceCheck(callingSid, servName) != 0) { HDF_LOGE("[selinux] %{public}s %{public}d haven't \"add service\" permission to %{public}s", callingSid, callingPid, servName); return HDF_ERR_NOPERM; } + free(callingSid); #endif return HDF_SUCCESS; } @@ -50,12 +51,13 @@ static int32_t GetServicePermCheck(const char *servName) { #ifdef WITH_SELINUX pid_t callingPid = HdfRemoteGetCallingPid(); - const char *callingSid = HdfRemoteGetCallingSid(); + char *callingSid = HdfRemoteGetCallingSid(); if (HdfGetServiceCheck(callingSid, servName) != 0) { HDF_LOGE("[selinux] %{public}s %{public}d haven't \"get service\" permission to %{public}s", callingSid, callingPid, servName); return HDF_ERR_NOPERM; } + free(callingSid); #endif return HDF_SUCCESS; @@ -65,11 +67,12 @@ static int32_t ListServicePermCheck(void) { #ifdef WITH_SELINUX pid_t callingPid = HdfRemoteGetCallingPid(); - const char *callingSid = HdfRemoteGetCallingSid(); + char *callingSid = HdfRemoteGetCallingSid(); if (HdfListServiceCheck(callingSid) != 0) { HDF_LOGE("[selinux] %{public}s %{public}d haven't \"list service\" permission", callingSid, callingPid); return HDF_ERR_NOPERM; } + free(callingSid); #endif return HDF_SUCCESS; diff --git a/interfaces/inner_api/ipc/hdf_remote_service.h b/interfaces/inner_api/ipc/hdf_remote_service.h index ef972bca2..147459a9d 100644 --- a/interfaces/inner_api/ipc/hdf_remote_service.h +++ b/interfaces/inner_api/ipc/hdf_remote_service.h @@ -174,7 +174,7 @@ pid_t HdfRemoteGetCallingUid(void); * * @return The caller's SID. */ -const char* HdfRemoteGetCallingSid(void) +const char* HdfRemoteGetCallingSid(void); /** * @brief Default command distribution for invoking ipc. -- Gitee From a57d781e21687df29faa300f50f6f59a9b3bf9c0 Mon Sep 17 00:00:00 2001 From: j30052480 Date: Sat, 15 Jun 2024 11:28:21 +0800 Subject: [PATCH 4/6] feat: devmgr adapting calling sid Signed-off-by: j30052480 --- adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp b/adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp index e0baca1f1..5b47f5303 100644 --- a/adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp +++ b/adapter/uhdf2/ipc/src/hdf_remote_adapter.cpp @@ -302,7 +302,7 @@ int HdfRemoteAdapterAddSa(int32_t saId, struct HdfRemoteService *service) } { OHOS::HdfXCollie hdfXCollie("HdfRemoteAdapterAddSa_" + OHOS::ToString(saId) + "_add_sa", - OHOS::HdfXCollie::DEFAULT_TIMEOUT_SECONDS, nullptr, nullptr, OHOS::HdfXCollie::HDF_XCOLLIE_FLAG_RECOVERY); + OHOS::HdfXCollie::DEFAULT_TIMEOUT_SECONDS, nullptr, nullptr, OHOS::HdfXCollie::HDF_XCOLLIE_FLAG_RECOVERY); struct HdfRemoteServiceHolder *holder = reinterpret_cast(service); OHOS::sptr remote = holder->remote_; OHOS::IPCObjectStub *stub = reinterpret_cast(remote.GetRefPtr()); -- Gitee From 26b8f4a218f231a155763c79cb4b3a7f01a4424b Mon Sep 17 00:00:00 2001 From: j30052480 Date: Sat, 15 Jun 2024 11:32:48 +0800 Subject: [PATCH 5/6] feat: devmgr adapting calling sid Signed-off-by: j30052480 --- interfaces/inner_api/ipc/hdf_remote_service.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interfaces/inner_api/ipc/hdf_remote_service.h b/interfaces/inner_api/ipc/hdf_remote_service.h index 147459a9d..85e3f26d5 100644 --- a/interfaces/inner_api/ipc/hdf_remote_service.h +++ b/interfaces/inner_api/ipc/hdf_remote_service.h @@ -174,7 +174,7 @@ pid_t HdfRemoteGetCallingUid(void); * * @return The caller's SID. */ -const char* HdfRemoteGetCallingSid(void); +char* HdfRemoteGetCallingSid(void); /** * @brief Default command distribution for invoking ipc. -- Gitee From dcbe388a52e76b5e7decd4a538a9ab6e7edea03a Mon Sep 17 00:00:00 2001 From: j30052480 Date: Sat, 15 Jun 2024 15:42:52 +0800 Subject: [PATCH 6/6] feat: devmgr adapting calling sid Signed-off-by: j30052480 --- adapter/uhdf2/manager/src/devsvc_manager_stub.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/adapter/uhdf2/manager/src/devsvc_manager_stub.c b/adapter/uhdf2/manager/src/devsvc_manager_stub.c index 9376e9c91..42c11b4fa 100644 --- a/adapter/uhdf2/manager/src/devsvc_manager_stub.c +++ b/adapter/uhdf2/manager/src/devsvc_manager_stub.c @@ -37,9 +37,14 @@ static int32_t AddServicePermCheck(const char *servName) #ifdef WITH_SELINUX pid_t callingPid = HdfRemoteGetCallingPid(); char *callingSid = HdfRemoteGetCallingSid(); + if (callingSid == NULL) { + HDF_LOGE("%{public}s: sid of %{public}d is null", __func__, callingPid); + return HDF_ERR_NOPERM; + } if (HdfAddServiceCheck(callingSid, servName) != 0) { HDF_LOGE("[selinux] %{public}s %{public}d haven't \"add service\" permission to %{public}s", callingSid, callingPid, servName); + free(callingSid); return HDF_ERR_NOPERM; } free(callingSid); @@ -52,9 +57,14 @@ static int32_t GetServicePermCheck(const char *servName) #ifdef WITH_SELINUX pid_t callingPid = HdfRemoteGetCallingPid(); char *callingSid = HdfRemoteGetCallingSid(); + if (callingSid == NULL) { + HDF_LOGE("%{public}s: sid of %{public}d is null", __func__, callingPid); + return HDF_ERR_NOPERM; + } if (HdfGetServiceCheck(callingSid, servName) != 0) { HDF_LOGE("[selinux] %{public}s %{public}d haven't \"get service\" permission to %{public}s", callingSid, callingPid, servName); + free(callingSid); return HDF_ERR_NOPERM; } free(callingSid); @@ -68,8 +78,13 @@ static int32_t ListServicePermCheck(void) #ifdef WITH_SELINUX pid_t callingPid = HdfRemoteGetCallingPid(); char *callingSid = HdfRemoteGetCallingSid(); + if (callingSid == NULL) { + HDF_LOGE("%{public}s: sid of %{public}d is null", __func__, callingPid); + return HDF_ERR_NOPERM; + } if (HdfListServiceCheck(callingSid) != 0) { HDF_LOGE("[selinux] %{public}s %{public}d haven't \"list service\" permission", callingSid, callingPid); + free(callingSid); return HDF_ERR_NOPERM; } free(callingSid); -- Gitee