diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..6521aab2548129422fe928698f9faa60383d7ef3
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,36 @@
+# Temp
+*~
+*.swap
+
+# Prerequisites
+*.d
+
+# Compiled Object files
+*.slo
+*.lo
+*.o
+*.obj
+
+# Precompiled Headers
+*.gch
+*.pch
+
+# Compiled Dynamic libraries
+*.so
+*.dylib
+*.dll
+
+# Fortran module files
+*.mod
+*.smod
+
+# Compiled Static libraries
+*.lai
+*.la
+*.a
+*.lib
+
+# Executables
+*.exe
+*.out
+*.app
diff --git a/BUILD.gn b/BUILD.gn
index d045372516a075bad6e5897e501dcd31933c2f1d..ed1a53e54726084c01080179d9acaef090a2d13d 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -140,6 +140,7 @@ ohos_executable("selinux_test") {
"-DUSE_PCRE2",
"-w",
]
+ include_dirs = [ "$LIBSELINUX_ROOT_DIR/include/selinux" ]
deps = [
"$THIRD_PARTY_PCRE2_DIR:libpcre2",
"$THIRD_PARTY_SELINUX_DIR:libselinux",
diff --git a/LICENSE.txt b/LICENSE
similarity index 100%
rename from LICENSE.txt
rename to LICENSE
diff --git a/OAT.xml b/OAT.xml
new file mode 100644
index 0000000000000000000000000000000000000000..e81bfb773f25f8836b799ce75ea26318a945d1fb
--- /dev/null
+++ b/OAT.xml
@@ -0,0 +1,64 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/README.md b/README.md
index ddfa5405e57a5a319de1f9469c3472b2472996ca..c1bd4068e0f086437705e88c82d3cdd8b8b2cb77 100644
--- a/README.md
+++ b/README.md
@@ -13,14 +13,14 @@ SELinux (安全增强式 Linux , Security-Enhanced Linux )是 Linux 历史
| 仓库 | 源码目录 | 说明 |
| --- | --- | --- |
-| [security_selinux](https://gitee.com/openharmony-sig/security_selinux.git) | `base/security/selinux/` | 策略和一些自研接口 |
-| [third_party_selinux](https://gitee.com/openharmony-sig/third_party_selinux.git) | `third_party/selinux/` | SELinux 的主仓库 |
-| [productdefine_common](https://gitee.com/shell_way/productdefine_common.git) | `productdefine/common/` | 添加 SELinux 组件定义 |
-| [third_party_toybox](https://gitee.com/shell_way/third_party_toybox.git) | `third_party/toybox/` | 完善了 `ls` 的 SELinux 支持 |
-| [startup_init_lite](https://gitee.com/shell_way/startup_init_lite.git) | `base/startup/init_lite/` | 系统启动加载策略并分化服务的标签 |
-| [third_party_FreeBSD](https://gitee.com/shell_way/third_party_FreeBSD.git) | `third_party/FreeBSD/` | 提供 fts 库 |
+| [security_selinux](https://gitee.com/openharmony/security_selinux.git) | `base/security/selinux/` | 策略和一些自研接口 |
+| [third_party_selinux](https://gitee.com/openharmony/third_party_selinux.git) | `third_party/selinux/` | SELinux 的主仓库 |
+| [productdefine_common](https://gitee.com/openharmony/productdefine_common.git) | `productdefine/common/` | 添加 SELinux 组件定义 |
+| [third_party_toybox](https://gitee.com/openharmony/third_party_toybox.git) | `third_party/toybox/` | 完善了 `ls` 的 SELinux 支持 |
+| [startup_init_lite](https://gitee.com/openharmony/startup_init_lite.git) | `base/startup/init_lite/` | 系统启动加载策略并分化服务的标签 |
+| [third_party_FreeBSD](https://gitee.com/openharmony/third_party_FreeBSD.git) | `third_party/FreeBSD/` | 提供 fts 库 |
| [third_party_pcre](https://gitee.com/openharmony-sig/third_party_pcre.git) | `third_party/pcre/` | 提供 pcre2 库 |
-| [build](https://gitee.com/shell_way/build.git) | `build/` | 编译控制 |
+| [build](https://gitee.com/openharmony/build.git) | `build/` | 编译控制 |
## 架构
diff --git a/config/config b/config/config
index 9eccfb8cb1ca2ee44f36f83f8a9b91d9cfd00acb..946eb53315d20d6e77ee734b2819cee3df77d22a 100644
--- a/config/config
+++ b/config/config
@@ -1 +1,17 @@
+#
+# Copyright (c) 2021 北京万里红科技有限公司
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
SELINUX=permissive
diff --git a/interfaces/policycoreutils/include/policycoreutils.h b/interfaces/policycoreutils/include/policycoreutils.h
index 31e2cf13d4e8f29039995a32809f53e1a1743920..eab39f2b8ebb6b91dfd6c82fa829acbf3f0c6421 100644
--- a/interfaces/policycoreutils/include/policycoreutils.h
+++ b/interfaces/policycoreutils/include/policycoreutils.h
@@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -19,4 +19,4 @@
int load_policy(void);
int restorecon(void);
-#endif // __POLICYCOREUTILS_H__
+#endif // __POLICYCOREUTILS_H__
diff --git a/interfaces/policycoreutils/src/load_policy.c b/interfaces/policycoreutils/src/load_policy.c
index 666c8e6ee7ee0b57fd45148666c1446202e97b0b..ddaf2de02c9d6f172a0007d0010684d8403e82de 100644
--- a/interfaces/policycoreutils/src/load_policy.c
+++ b/interfaces/policycoreutils/src/load_policy.c
@@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,22 +18,23 @@
#include
#include
-int load_policy(void) {
- int ret, enforce = 0;
+int load_policy(void)
+{
+ int ret, enforce = 0;
- if ((ret = selinux_init_load_policy(&enforce))) {
- if (enforce > 0) {
- fprintf(stderr,
- "Can't load policy and enforcing mode requested: %s\n",
- strerror(errno));
- return -1;
+ if ((ret = selinux_init_load_policy(&enforce))) {
+ if (enforce > 0) {
+ fprintf(stderr,
+ "Can't load policy and enforcing mode requested: %s\n",
+ strerror(errno));
+ return -1;
+ }
}
- }
- if ((ret = selinux_mkload_policy(0)) < 0) {
- fprintf(stderr, "Can't load policy: %s\n", strerror(errno));
- return -1;
- }
+ if ((ret = selinux_mkload_policy(0)) < 0) {
+ fprintf(stderr, "Can't load policy: %s\n", strerror(errno));
+ return -1;
+ }
- return 1;
+ return 1;
}
diff --git a/interfaces/policycoreutils/src/restorecon.c b/interfaces/policycoreutils/src/restorecon.c
index 257006556197fc3dada25d091b3e710cf86fdaab..c11754efaeb1492f75c8700c9ef44d8f3aca8e61 100644
--- a/interfaces/policycoreutils/src/restorecon.c
+++ b/interfaces/policycoreutils/src/restorecon.c
@@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -24,45 +24,49 @@
#include
typedef struct restore_opts {
- unsigned int restorecon_flags;
- struct selabel_handle *hnd;
+ unsigned int restorecon_flags;
+ struct selabel_handle *hnd;
} restore_opts_t;
-static int restore_init(restore_opts_t *opts) {
- struct selinux_opt selinux_opts[] = {
- {SELABEL_OPT_VALIDATE, NULL},
- {SELABEL_OPT_PATH, NULL},
- {SELABEL_OPT_DIGEST, NULL},
- };
+static int restore_init(restore_opts_t * opts)
+{
+ struct selinux_opt selinux_opts[] = {
+ {SELABEL_OPT_VALIDATE, NULL},
+ {SELABEL_OPT_PATH, NULL},
+ {SELABEL_OPT_DIGEST, NULL},
+ };
- if (!(opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3))) {
- return -1;
- }
+ if (!(opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts,
+ sizeof(selinux_opts) /
+ sizeof(selinux_opt)))) {
+ return -1;
+ }
- opts->restorecon_flags = 0;
- opts->restorecon_flags =
- SELINUX_RESTORECON_REALPATH | SELINUX_RESTORECON_RECURSE;
+ opts->restorecon_flags = 0;
+ opts->restorecon_flags =
+ SELINUX_RESTORECON_REALPATH | SELINUX_RESTORECON_RECURSE;
- selinux_restorecon_set_sehandle(opts->hnd);
+ selinux_restorecon_set_sehandle(opts->hnd);
}
-int restorecon(void) {
- restore_opts_t opts;
- int i = 0;
- int errors = 0;
+int restorecon(void)
+{
+ restore_opts_t opts;
+ int i = 0;
+ int errors = 0;
- memset(&opts, 0, sizeof(opts));
+ memset_s(&opts, sizeof(opts), 0, sizeof(opts));
- if (is_selinux_enabled() < 1) {
- return 1;
- }
+ if (is_selinux_enabled() < 1) {
+ return 1;
+ }
- if (!restore_init(&opts)) {
- return -1;
- }
+ if (!restore_init(&opts)) {
+ return -1;
+ }
- errors = selinux_restorecon("/", opts.restorecon_flags);
- selabel_close(opts.hnd);
+ errors = selinux_restorecon("/", opts.restorecon_flags);
+ selabel_close(opts.hnd);
- return (errors ? -1 : 1);
+ return (errors ? -1 : 1);
}
diff --git a/interfaces/tools/load_policy/load_policy.c b/interfaces/tools/load_policy/load_policy.c
index 1700da04f8c065a0a035c598dfe1c00e65ad17c6..a20ad28e6bf25cd8c6959e48f75035600a6a0f0f 100644
--- a/interfaces/tools/load_policy/load_policy.c
+++ b/interfaces/tools/load_policy/load_policy.c
@@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
#include
-int main(int argc, char **argv) {
- return load_policy();
+int main(int argc, char **argv)
+{
+ return load_policy();
}
diff --git a/interfaces/tools/restorecon/restorecon.c b/interfaces/tools/restorecon/restorecon.c
index cf44cdfa68cb1aa62641058b310db3f7fc64845e..486e841fb8ed304c93d76f4b683ac713d99dd963 100644
--- a/interfaces/tools/restorecon/restorecon.c
+++ b/interfaces/tools/restorecon/restorecon.c
@@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
#include
-int main(int argc, char **argv) {
- return restorecon();
+int main(int argc, char **argv)
+{
+ return restorecon();
}
diff --git a/scripts/build_policy.sh b/scripts/build_policy.sh
index a4d4f275112afad41bc70c4e1c61c96d477da00c..d5f87e023d52d4f2d6487ac0840b231e285937c6 100755
--- a/scripts/build_policy.sh
+++ b/scripts/build_policy.sh
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
#
-# Copyright 2021 北京万里红科技有限公司
+# Copyright (c) 2021 北京万里红科技有限公司
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/test/selinux_test.c b/test/selinux_test.c
index 195091bed2bad5765d85753d2948503553a0de24..5c06cca9e9d7f45d1523614d46c2b2275b74c054 100644
--- a/test/selinux_test.c
+++ b/test/selinux_test.c
@@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -13,60 +13,62 @@
* limitations under the License.
*/
-#include
-#include
-#include
-#include
#include
#include
#include
-#include
#include
#include
+#include
-extern int setcon(const char *con);
+#define BUFFLEN (1000)
-extern int setexeccon(const char *con);
+int main(int argc, char *argv[])
+{
+ FILE *fp = NULL;
+ char buf[BUFFLEN];
+ const sleepSeconds = 5;
-int main(int argc, char *argv[]) {
- FILE *fp = NULL;
- char buf[1000];
+ int ret = setcon("u:r:kernel:s0");
+ printf("setcon %d\n", ret);
+ ret = setexeccon("u:r:kernel:s0");
+ printf("setexeccon %d\n", ret);
- int ret = setcon("u:r:kernel:s0");
- printf("setcon %d\n", ret);
- ret = setexeccon("u:r:kernel:s0");
- printf("setexeccon %d\n", ret);
+ sleep(sleepSeconds);
- sleep(5);
+ while (1) {
+ sleep(1);
+ fp = fopen("/data/abcd.txt", "r");
+ if (fp != NULL) {
+ if (memset_s(buf, sizeof(buf), 0, BUFFLEN) != 0) {
+ continue;
+ }
+ fread(buf, 1, BUFFLEN, fp);
+ fclose(fp);
+ printf("buf1 %s\n", buf);
+ }
- while (1) {
- fp = fopen("/data/abcd.txt", "r");
- if (fp != NULL) {
- memset(buf, 0, 1000);
- fread(buf, 1, 100, fp);
- fclose(fp);
- printf("buf1 %s\n", buf);
- }
- sleep(1);
-
- fp = fopen("/data/abcd2.txt", "r");
- if (fp != NULL) {
- memset(buf, 0, 1000);
- fread(buf, 1, 100, fp);
- fclose(fp);
- printf("buf2 %s\n", buf);
- }
- sleep(1);
+ sleep(1);
+ fp = fopen("/data/abcd2.txt", "r");
+ if (fp != NULL) {
+ if (memset_s(buf, sizeof(buf), 0, BUFFLEN) != 0) {
+ continue;
+ }
+ fread(buf, 1, BUFFLEN, fp);
+ fclose(fp);
+ printf("buf2 %s\n", buf);
+ }
- fp = fopen("/data/abcd3.txt", "r");
- if (fp != NULL) {
- memset(buf, 0, 1000);
- fread(buf, 1, 100, fp);
- fclose(fp);
- printf("buf3 %s\n", buf);
+ sleep(1);
+ fp = fopen("/data/abcd3.txt", "r");
+ if (fp != NULL) {
+ if (memset_s(buf, sizeof(buf), 0, BUFFLEN) != 0) {
+ continue;
+ }
+ fread(buf, 1, BUFFLEN, fp);
+ fclose(fp);
+ printf("buf3 %s\n", buf);
+ }
}
- sleep(1);
- }
- return 0;
+ return 0;
}
diff --git a/test/selinux_test_helper.sh b/test/selinux_test_helper.sh
index 123a74220d11bf1383b9496e2ac142e47efb303a..2b935fef31531b07eac2e34710bd63008e4aec4c 100755
--- a/test/selinux_test_helper.sh
+++ b/test/selinux_test_helper.sh
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
#
-# Copyright 2021 北京万里红科技有限公司
+# Copyright (c) 2021 北京万里红科技有限公司
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/test/selinux_test_helper_push.bat b/test/selinux_test_helper_push.bat
index 1274c30a58f9907e8046ba99778f8ce56034f790..cf2616ea3f05925c39438cabb69832512c9a4e65 100644
--- a/test/selinux_test_helper_push.bat
+++ b/test/selinux_test_helper_push.bat
@@ -1,3 +1,19 @@
+::
+:: Copyright (c) 2021 北京万里红科技有限公司
+::
+:: Licensed under the Apache License, Version 2.0 (the "License");
+:: you may not use this file except in compliance with the License.
+:: You may obtain a copy of the License at
+::
+:: http://www.apache.org/licenses/LICENSE-2.0
+::
+:: Unless required by applicable law or agreed to in writing, software
+:: distributed under the License is distributed on an "AS IS" BASIS,
+:: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+:: See the License for the specific language governing permissions and
+:: limitations under the License.
+::
+
hdc_std.exe file send selinux_test /bin/
hdc_std.exe shell chmod 755 /bin/selinux_test