From 6df1e93562c3397904bcdebf2ee5beb59ab1be3b Mon Sep 17 00:00:00 2001
From: wanxiaoqing40281 <wanxiaoqing@huawei.com>
Date: Thu, 25 May 2023 14:36:12 +0800
Subject: [PATCH] =?UTF-8?q?uid=20=E5=88=A4=E6=96=AD=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: wanxiaoqing40281 <wanxiaoqing@huawei.com>
---
 drivers/accesstokenid/access_tokenid.c | 11 +++++++----
 drivers/accesstokenid/access_tokenid.h |  9 +++++++++
 include/linux/uidgid.h                 |  2 ++
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/drivers/accesstokenid/access_tokenid.c b/drivers/accesstokenid/access_tokenid.c
index e7bae802c531..fd2e73033c37 100644
--- a/drivers/accesstokenid/access_tokenid.c
+++ b/drivers/accesstokenid/access_tokenid.c
@@ -21,10 +21,11 @@ int access_tokenid_get_tokenid(struct file *file, void __user *uarg)
 			    sizeof(current->token)) ? -EFAULT : 0;
 }
 
-static bool check_permission_for_set_tokenid(struct file *file)
+static bool check_permission_for_set_tokenid(struct file *file, unsigned long long tokenid)
 {
 	kuid_t uid = current_uid();
 	struct inode *inode = file->f_inode;
+	access_tokenid_inner *tokenid_inner = (access_tokenid_inner *)&tokenid;
 
 	if (inode == NULL) {
 		pr_err("%s: file inode is null\n", __func__);
@@ -34,6 +35,8 @@ static bool check_permission_for_set_tokenid(struct file *file)
 	if (uid_eq(uid, GLOBAL_ROOT_UID) ||
 	    uid_eq(uid, inode->i_uid)) {
 		return true;
+	} else if (uid_eq(uid, NWEBSPAWN_UID) && (tokenid_inner->render_flag == 1)) {
+		return true;
 	}
 
 	return false;
@@ -43,12 +46,12 @@ int access_tokenid_set_tokenid(struct file *file, void __user *uarg)
 {
 	unsigned long long tmp = 0;
 
-	if (!check_permission_for_set_tokenid(file))
-		return -EPERM;
-
 	if (copy_from_user(&tmp, uarg, sizeof(tmp)))
 		return -EFAULT;
 
+	if (!check_permission_for_set_tokenid(file, tmp))
+		return -EPERM;
+
 	current->token = tmp;
 	return 0;
 }
diff --git a/drivers/accesstokenid/access_tokenid.h b/drivers/accesstokenid/access_tokenid.h
index 318b54831ebd..8a25d5f0fa5c 100644
--- a/drivers/accesstokenid/access_tokenid.h
+++ b/drivers/accesstokenid/access_tokenid.h
@@ -22,6 +22,15 @@ enum {
 	ACCESS_TOKENID_MAX_NR
 };
 
+typedef struct {
+	unsigned int token_uniqueid : 20;
+	unsigned int res : 5;
+	unsigned int render_flag : 1;
+	unsigned int dlp_flag : 1;
+	unsigned int type : 2;
+	unsigned int version : 3;
+} access_tokenid_inner;
+
 #define	ACCESS_TOKENID_GET_TOKENID \
 	_IOR(ACCESS_TOKEN_ID_IOCTL_BASE, GET_TOKEN_ID, unsigned long long)
 #define	ACCESS_TOKENID_SET_TOKENID \
diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h
index 120ef9f71914..9906d7d46b4e 100644
--- a/include/linux/uidgid.h
+++ b/include/linux/uidgid.h
@@ -55,6 +55,8 @@ static inline gid_t __kgid_val(kgid_t gid)
 #define GLOBAL_ROOT_UID KUIDT_INIT(0)
 #define GLOBAL_ROOT_GID KGIDT_INIT(0)
 
+#define NWEBSPAWN_UID KUIDT_INIT(3081)
+
 #ifdef CONFIG_HYPERHOLD
 #define GLOBAL_MEMMGR_UID KUIDT_INIT(1111)
 #endif
-- 
Gitee