From b10c3f51220d9073d598c7307595e480da43a42f Mon Sep 17 00:00:00 2001 From: xionglei6 Date: Tue, 18 Jan 2022 16:55:19 +0800 Subject: [PATCH 1/6] =?UTF-8?q?Add:=20AppSpawn=20=E6=96=B0=E5=A2=9E?= =?UTF-8?q?=E8=AE=BE=E7=BD=AE=20accessTokenId?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xionglei6 --- BUILD.gn | 7 ++++++- interfaces/innerkits/include/client_socket.h | 1 + src/appspawn_server.cpp | 6 ++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/BUILD.gn b/BUILD.gn index d0e4d285..2ef2b6f5 100755 --- a/BUILD.gn +++ b/BUILD.gn @@ -33,13 +33,18 @@ config("appspawn_config") { "${aafwk_path}/frameworks/kits/ability/native/include", "${aafwk_path}/services/abilitymgr/include", "${distributedschedule_path}/services/dtbschedmgr/include", + "//base/security/access_token/interfaces/innerkits/token_setproc/include", ] } ohos_executable("appspawn") { sources = [ "${appspawn_path}/src/main.cpp" ] configs = [ ":appspawn_config" ] - deps = [ "${appspawn_path}:appspawn_server" ] + deps = [ + "${appspawn_path}:appspawn_server", + "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + ] + external_deps = [ "hiviewdfx_hilog_native:libhilog" ] install_enable = true diff --git a/interfaces/innerkits/include/client_socket.h b/interfaces/innerkits/include/client_socket.h index 2706a7c3..aeaa79f8 100644 --- a/interfaces/innerkits/include/client_socket.h +++ b/interfaces/innerkits/include/client_socket.h @@ -95,6 +95,7 @@ public: uint32_t gidCount; // the size of gidTable char processName[LEN_PROC_NAME]; // process name char soPath[LEN_SO_PATH]; // so lib path + uint32_t tokenId; }; private: diff --git a/src/appspawn_server.cpp b/src/appspawn_server.cpp index 38ccf1e4..9e81ae72 100644 --- a/src/appspawn_server.cpp +++ b/src/appspawn_server.cpp @@ -27,6 +27,7 @@ #include "hilog/log.h" #include "main_thread.h" #include "securec.h" +#include "token_setproc.h" #include #include @@ -420,6 +421,11 @@ bool AppSpawnServer::SetAppProcProperty(int connectFd, const ClientSocket::AppPr return false; } + ret = SetSelfTokenID(appProperty->tokenId); + if (ret != 0) { + HiLog::Error(LABEL, "AppSpawnServer::Failed to set access token id, errno = %{public}d", errno); + } + ret = SetProcessName(longProcName, longProcNameLen, appProperty->processName, strlen(appProperty->processName) + 1); if (FAILED(ret)) { NotifyResToParentProc(fd[1], ret); -- Gitee From 796e14db4e3b8dbccc3d86d7b75eb541b2ebf439 Mon Sep 17 00:00:00 2001 From: xionglei6 Date: Tue, 18 Jan 2022 18:10:56 +0800 Subject: [PATCH 2/6] =?UTF-8?q?=E4=BF=AE=E6=94=B9Bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xionglei6 --- test/unittest/app_spawn_server_test/BUILD.gn | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/test/unittest/app_spawn_server_test/BUILD.gn b/test/unittest/app_spawn_server_test/BUILD.gn index 4ac518e2..aae99fc7 100755 --- a/test/unittest/app_spawn_server_test/BUILD.gn +++ b/test/unittest/app_spawn_server_test/BUILD.gn @@ -42,7 +42,7 @@ ohos_unittest("AppSpawnServerOverrideTest") { ohos_unittest("AppSpawnServerMockTest") { module_out_path = "${module_output_path}" - include_dirs = [] + include_dirs = [ "//base/security/access_token/interfaces/innerkits/token_setproc/include" ] sources = [ "${appspawn_path}/src/appspawn_msg_peer.cpp", @@ -56,7 +56,10 @@ ohos_unittest("AppSpawnServerMockTest") { "app_spawn_server_mock_test.cpp", ] - deps = [ "${appspawn_path}/test:appspawn_test_source" ] + deps = [ + "${appspawn_path}/test:appspawn_test_source", + "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + ] external_deps = [ "hiviewdfx_hilog_native:libhilog", -- Gitee From a8905fb5ed8871a1521228eb9089e7b382c03325 Mon Sep 17 00:00:00 2001 From: xionglei6 Date: Tue, 18 Jan 2022 18:54:07 +0800 Subject: [PATCH 3/6] =?UTF-8?q?=E4=BF=AE=E6=94=B9Bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xionglei6 --- test/unittest/app_spawn_server_test/BUILD.gn | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/test/unittest/app_spawn_server_test/BUILD.gn b/test/unittest/app_spawn_server_test/BUILD.gn index aae99fc7..9adb0352 100755 --- a/test/unittest/app_spawn_server_test/BUILD.gn +++ b/test/unittest/app_spawn_server_test/BUILD.gn @@ -17,7 +17,7 @@ import("//build/test.gni") ohos_unittest("AppSpawnServerOverrideTest") { module_out_path = "${module_output_path}" - include_dirs = [] + include_dirs = [ "//base/security/access_token/interfaces/innerkits/token_setproc/include" ] sources = [ "${appspawn_path}/src/appspawn_server.cpp", @@ -31,7 +31,10 @@ ohos_unittest("AppSpawnServerOverrideTest") { "app_spawn_server_override_test.cpp", ] - deps = [ "${appspawn_path}/test:appspawn_test_source" ] + deps = [ + "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + "${appspawn_path}/test:appspawn_test_source" + ] external_deps = [ "hiviewdfx_hilog_native:libhilog", @@ -57,8 +60,8 @@ ohos_unittest("AppSpawnServerMockTest") { ] deps = [ - "${appspawn_path}/test:appspawn_test_source", "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + "${appspawn_path}/test:appspawn_test_source", ] external_deps = [ -- Gitee From 7880eb9decda1762d99eb30b4007c86993e0029c Mon Sep 17 00:00:00 2001 From: xionglei6 Date: Tue, 18 Jan 2022 20:08:09 +0800 Subject: [PATCH 4/6] =?UTF-8?q?=E4=BF=AE=E6=94=B9BUILD.gn=E6=A0=BC?= =?UTF-8?q?=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xionglei6 --- test/unittest/app_spawn_server_test/BUILD.gn | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/test/unittest/app_spawn_server_test/BUILD.gn b/test/unittest/app_spawn_server_test/BUILD.gn index 9adb0352..bf9b79c7 100755 --- a/test/unittest/app_spawn_server_test/BUILD.gn +++ b/test/unittest/app_spawn_server_test/BUILD.gn @@ -17,7 +17,9 @@ import("//build/test.gni") ohos_unittest("AppSpawnServerOverrideTest") { module_out_path = "${module_output_path}" - include_dirs = [ "//base/security/access_token/interfaces/innerkits/token_setproc/include" ] + include_dirs = [ + "//base/security/access_token/interfaces/innerkits/token_setproc/include", + ] sources = [ "${appspawn_path}/src/appspawn_server.cpp", @@ -32,8 +34,8 @@ ohos_unittest("AppSpawnServerOverrideTest") { ] deps = [ + "${appspawn_path}/test:appspawn_test_source", "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", - "${appspawn_path}/test:appspawn_test_source" ] external_deps = [ @@ -45,7 +47,9 @@ ohos_unittest("AppSpawnServerOverrideTest") { ohos_unittest("AppSpawnServerMockTest") { module_out_path = "${module_output_path}" - include_dirs = [ "//base/security/access_token/interfaces/innerkits/token_setproc/include" ] + include_dirs = [ + "//base/security/access_token/interfaces/innerkits/token_setproc/include", + ] sources = [ "${appspawn_path}/src/appspawn_msg_peer.cpp", @@ -60,8 +64,8 @@ ohos_unittest("AppSpawnServerMockTest") { ] deps = [ - "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", "${appspawn_path}/test:appspawn_test_source", + "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", ] external_deps = [ -- Gitee From b90af29609988b42a2e2e5fc2fca48ea12d536df Mon Sep 17 00:00:00 2001 From: xionglei6 Date: Tue, 18 Jan 2022 20:39:43 +0800 Subject: [PATCH 5/6] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xionglei6 --- test/unittest/app_spawn_server_test/BUILD.gn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/unittest/app_spawn_server_test/BUILD.gn b/test/unittest/app_spawn_server_test/BUILD.gn index bf9b79c7..3790e13c 100755 --- a/test/unittest/app_spawn_server_test/BUILD.gn +++ b/test/unittest/app_spawn_server_test/BUILD.gn @@ -35,7 +35,7 @@ ohos_unittest("AppSpawnServerOverrideTest") { deps = [ "${appspawn_path}/test:appspawn_test_source", - "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", ] external_deps = [ -- Gitee From 2cf2ad9af63f5ba034dd0d215abbee0d3eee833a Mon Sep 17 00:00:00 2001 From: xionglei6 Date: Tue, 25 Jan 2022 20:45:40 +0800 Subject: [PATCH 6/6] =?UTF-8?q?=E4=BF=AE=E6=94=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xionglei6 --- BUILD.gn | 2 ++ interfaces/innerkits/include/client_socket.h | 4 +++- src/appspawn_server.cpp | 8 +++++++- test/unittest/app_spawn_server_test/BUILD.gn | 4 ++++ 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/BUILD.gn b/BUILD.gn index 2ef2b6f5..679da12e 100755 --- a/BUILD.gn +++ b/BUILD.gn @@ -34,6 +34,7 @@ config("appspawn_config") { "${aafwk_path}/services/abilitymgr/include", "${distributedschedule_path}/services/dtbschedmgr/include", "//base/security/access_token/interfaces/innerkits/token_setproc/include", + "//base/security/selinux/interfaces/policycoreutils/include", ] } @@ -43,6 +44,7 @@ ohos_executable("appspawn") { deps = [ "${appspawn_path}:appspawn_server", "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + "//base/security/selinux:libload_policy", ] external_deps = [ "hiviewdfx_hilog_native:libhilog" ] diff --git a/interfaces/innerkits/include/client_socket.h b/interfaces/innerkits/include/client_socket.h index aeaa79f8..7bcb0c7f 100644 --- a/interfaces/innerkits/include/client_socket.h +++ b/interfaces/innerkits/include/client_socket.h @@ -87,6 +87,7 @@ public: static constexpr int LEN_PROC_NAME = 256; // process name length static constexpr int LEN_SO_PATH = 256; // load so lib static constexpr int MAX_GIDS = 64; + static constexpr int APL_MAX_LEN = 32; struct AppProperty { uint32_t uid; // the UNIX uid that the child process setuid() to after fork() @@ -95,7 +96,8 @@ public: uint32_t gidCount; // the size of gidTable char processName[LEN_PROC_NAME]; // process name char soPath[LEN_SO_PATH]; // so lib path - uint32_t tokenId; + uint32_t accessTokenId; + char apl[APL_MAX_LEN]; }; private: diff --git a/src/appspawn_server.cpp b/src/appspawn_server.cpp index 9e81ae72..97491b3d 100644 --- a/src/appspawn_server.cpp +++ b/src/appspawn_server.cpp @@ -28,6 +28,7 @@ #include "main_thread.h" #include "securec.h" #include "token_setproc.h" +#include "hap_restorecon.h" #include #include @@ -421,10 +422,15 @@ bool AppSpawnServer::SetAppProcProperty(int connectFd, const ClientSocket::AppPr return false; } - ret = SetSelfTokenID(appProperty->tokenId); + ret = SetSelfTokenID(appProperty->accessTokenId); if (ret != 0) { HiLog::Error(LABEL, "AppSpawnServer::Failed to set access token id, errno = %{public}d", errno); } + HapContext hapContext; + ret = hapContext.HapDomainSetcontext(appProperty->apl, appProperty->processName); + if (ret != 0) { + HiLog::Error(LABEL, "AppSpawnServer::Failed to hap domain set context, errno = %{public}d", errno); + } ret = SetProcessName(longProcName, longProcNameLen, appProperty->processName, strlen(appProperty->processName) + 1); if (FAILED(ret)) { diff --git a/test/unittest/app_spawn_server_test/BUILD.gn b/test/unittest/app_spawn_server_test/BUILD.gn index 3790e13c..a39cfc19 100755 --- a/test/unittest/app_spawn_server_test/BUILD.gn +++ b/test/unittest/app_spawn_server_test/BUILD.gn @@ -19,6 +19,7 @@ ohos_unittest("AppSpawnServerOverrideTest") { include_dirs = [ "//base/security/access_token/interfaces/innerkits/token_setproc/include", + "//base/security/selinux/interfaces/policycoreutils/include", ] sources = [ @@ -36,6 +37,7 @@ ohos_unittest("AppSpawnServerOverrideTest") { deps = [ "${appspawn_path}/test:appspawn_test_source", "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + "//base/security/selinux:libload_policy", ] external_deps = [ @@ -49,6 +51,7 @@ ohos_unittest("AppSpawnServerMockTest") { include_dirs = [ "//base/security/access_token/interfaces/innerkits/token_setproc/include", + "//base/security/selinux/interfaces/policycoreutils/include", ] sources = [ @@ -66,6 +69,7 @@ ohos_unittest("AppSpawnServerMockTest") { deps = [ "${appspawn_path}/test:appspawn_test_source", "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", + "//base/security/selinux:libload_policy", ] external_deps = [ -- Gitee