From a34d020e6f6b8c78198847181d23f36d42637d74 Mon Sep 17 00:00:00 2001
From: Qin Fandong <qinfd@superred.com.cn>
Date: Tue, 2 Nov 2021 17:39:09 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=BA=86=E4=BB=A3=E7=A0=81?=
 =?UTF-8?q?=E6=A3=80=E6=9F=A5=E4=B8=AD=E7=9A=84=E4=B8=80=E4=BA=9B=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Qin Fandong <qinfd@superred.com.cn>
---
 .gitignore                                    | 36 ++++++++
 BUILD.gn                                      |  1 +
 LICENSE.txt => LICENSE                        |  0
 OAT.xml                                       | 64 ++++++++++++++
 README.md                                     | 14 +--
 config/config                                 | 16 ++++
 .../policycoreutils/include/policycoreutils.h |  4 +-
 interfaces/policycoreutils/src/load_policy.c  | 31 +++----
 interfaces/policycoreutils/src/restorecon.c   | 64 +++++++-------
 interfaces/tools/load_policy/load_policy.c    |  7 +-
 interfaces/tools/restorecon/restorecon.c      |  7 +-
 scripts/build_policy.sh                       |  2 +-
 test/selinux_test.c                           | 88 ++++++++++---------
 test/selinux_test_helper.sh                   |  2 +-
 test/selinux_test_helper_push.bat             | 16 ++++
 15 files changed, 247 insertions(+), 105 deletions(-)
 create mode 100644 .gitignore
 rename LICENSE.txt => LICENSE (100%)
 create mode 100644 OAT.xml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..6521aab25
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,36 @@
+# Temp
+*~
+*.swap
+
+# Prerequisites
+*.d
+
+# Compiled Object files
+*.slo
+*.lo
+*.o
+*.obj
+
+# Precompiled Headers
+*.gch
+*.pch
+
+# Compiled Dynamic libraries
+*.so
+*.dylib
+*.dll
+
+# Fortran module files
+*.mod
+*.smod
+
+# Compiled Static libraries
+*.lai
+*.la
+*.a
+*.lib
+
+# Executables
+*.exe
+*.out
+*.app
diff --git a/BUILD.gn b/BUILD.gn
index d04537251..ed1a53e54 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -140,6 +140,7 @@ ohos_executable("selinux_test") {
     "-DUSE_PCRE2",
     "-w",
   ]
+  include_dirs = [ "$LIBSELINUX_ROOT_DIR/include/selinux" ]
   deps = [
     "$THIRD_PARTY_PCRE2_DIR:libpcre2",
     "$THIRD_PARTY_SELINUX_DIR:libselinux",
diff --git a/LICENSE.txt b/LICENSE
similarity index 100%
rename from LICENSE.txt
rename to LICENSE
diff --git a/OAT.xml b/OAT.xml
new file mode 100644
index 000000000..e81bfb773
--- /dev/null
+++ b/OAT.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <oatconfig>
+        <licensefile/>
+        <policylist>
+            <policy name="projectPolicy" desc="">
+                <policyitem type="copyright" name="北京万里红科技有限公司" path=".*" rule="may" group="defaultGroup" filefilter="copyrightPolicyFilter" desc=""/>
+                <!--policyitem type="compatibility" name="GPL-2.0+" path="abc/.*" desc="Process that runs independently, invoked by the X process."/-->
+                <!--policyitem type="license" name="LGPL" path="abc/.*" desc="Dynamically linked by module X"/-->
+                <!--policyitem type="copyright" name="xxx" path="abc/.*" rule="may" group="defaultGroup" filefilter="copyrightPolicyFilter" desc="Developed by X Company"/-->
+            </policy>
+        </policylist>
+        <filefilterlist>
+            <filefilter name="defaultFilter" desc="Files not to check">
+                <!--filteritem type="filename" name="*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="abcdefg/.*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="projectroot/[a-zA-Z0-9]{20,}.sh" desc="Temp files"/-->
+            </filefilter>
+            <filefilter name="defaultPolicyFilter" desc="Filters for compatibility，license header policies">
+                <filteritem type="filename" name="*.cfg" desc="config file,can not add license head"/>
+                <filteritem type="filename" name="passwd" desc="config file,can not add license head"/>
+                <filteritem type="filename" name="group" desc="config file,can not add license head"/>
+            </filefilter>
+            <filefilter name="copyrightPolicyFilter" desc="Filters for copyright header policies">
+                <filteritem type="filename" name="*.cfg" desc="config file,can not add license head"/>
+                <filteritem type="filename" name="passwd" desc="config file,can not add license head"/>
+                <filteritem type="filename" name="group" desc="config file,can not add license head"/>
+            </filefilter>
+            <filefilter name="licenseFileNamePolicyFilter" desc="Filters for LICENSE file policies">
+                <!--filteritem type="filename" name="*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="abcdefg/.*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="projectroot/[a-zA-Z0-9]{20,}.sh" desc="Temp files"/-->
+            </filefilter>
+            <filefilter name="readmeFileNamePolicyFilter" desc="Filters for README file policies">
+                <!--filteritem type="filename" name="*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="abcdefg/.*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="projectroot/[a-zA-Z0-9]{20,}.sh" desc="Temp files"/-->
+            </filefilter>
+            <filefilter name="readmeOpenSourcefileNamePolicyFilter" desc="Filters for README.OpenSource file policies">
+                <!--filteritem type="filename" name="*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="abcdefg/.*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="projectroot/[a-zA-Z0-9]{20,}.sh" desc="Temp files"/-->
+            </filefilter>
+            <filefilter name="binaryFileTypePolicyFilter" desc="Filters for binary file policies">
+                <!--filteritem type="filename" name="*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="abcdefg/.*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
+                <!--filteritem type="filepath" name="projectroot/[a-zA-Z0-9]{20,}.sh" desc="Temp files"/-->
+                <filteritem type="filname" name="*.jpg|*.png|*.gif|*.pdf" desc="already checked"/>
+                <filteritem type="filepath" name="services/test/unittest/test_data/proc/*" desc="启动功能UT测试的资源文件"/>
+            </filefilter>
+
+        </filefilterlist>
+        <licensematcherlist>
+            <!--licensematcher name="uvwxyz License" desc="If the scanning result is InvalidLicense, you can define matching rules here. Note that quotation marks must be escaped.">
+                <licensetext name="
+                    uvwxyz license textA xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+				 " desc=""/>
+                <licensetext name="
+                    uvwxyz license textB xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+				 " desc=""/>
+            </licensematcher-->
+        </licensematcherlist>
+    </oatconfig>
+</configuration>
diff --git a/README.md b/README.md
index ddfa5405e..c1bd4068e 100644
--- a/README.md
+++ b/README.md
@@ -13,14 +13,14 @@ SELinux （安全增强式 Linux ， Security-Enhanced Linux ）是 Linux 历史
 
 | 仓库 | 源码目录 | 说明 |
 | --- | --- | --- |
-| [security_selinux](https://gitee.com/openharmony-sig/security_selinux.git) | `base/security/selinux/` | 策略和一些自研接口 |
-| [third_party_selinux](https://gitee.com/openharmony-sig/third_party_selinux.git) | `third_party/selinux/` | SELinux 的主仓库 |
-| [productdefine_common](https://gitee.com/shell_way/productdefine_common.git) | `productdefine/common/` | 添加 SELinux 组件定义 |
-| [third_party_toybox](https://gitee.com/shell_way/third_party_toybox.git) | `third_party/toybox/` | 完善了 `ls` 的 SELinux 支持 |
-| [startup_init_lite](https://gitee.com/shell_way/startup_init_lite.git) | `base/startup/init_lite/` | 系统启动加载策略并分化服务的标签 |
-| [third_party_FreeBSD](https://gitee.com/shell_way/third_party_FreeBSD.git) | `third_party/FreeBSD/` | 提供 fts 库 |
+| [security_selinux](https://gitee.com/openharmony/security_selinux.git) | `base/security/selinux/` | 策略和一些自研接口 |
+| [third_party_selinux](https://gitee.com/openharmony/third_party_selinux.git) | `third_party/selinux/` | SELinux 的主仓库 |
+| [productdefine_common](https://gitee.com/openharmony/productdefine_common.git) | `productdefine/common/` | 添加 SELinux 组件定义 |
+| [third_party_toybox](https://gitee.com/openharmony/third_party_toybox.git) | `third_party/toybox/` | 完善了 `ls` 的 SELinux 支持 |
+| [startup_init_lite](https://gitee.com/openharmony/startup_init_lite.git) | `base/startup/init_lite/` | 系统启动加载策略并分化服务的标签 |
+| [third_party_FreeBSD](https://gitee.com/openharmony/third_party_FreeBSD.git) | `third_party/FreeBSD/` | 提供 fts 库 |
 | [third_party_pcre](https://gitee.com/openharmony-sig/third_party_pcre.git) | `third_party/pcre/` | 提供 pcre2 库 |
-| [build](https://gitee.com/shell_way/build.git) | `build/` | 编译控制 |
+| [build](https://gitee.com/openharmony/build.git) | `build/` | 编译控制 |
 
 ## 架构
 
diff --git a/config/config b/config/config
index 9eccfb8cb..946eb5331 100644
--- a/config/config
+++ b/config/config
@@ -1 +1,17 @@
+#
+# Copyright (c) 2021 北京万里红科技有限公司
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 SELINUX=permissive
diff --git a/interfaces/policycoreutils/include/policycoreutils.h b/interfaces/policycoreutils/include/policycoreutils.h
index 31e2cf13d..eab39f2b8 100644
--- a/interfaces/policycoreutils/include/policycoreutils.h
+++ b/interfaces/policycoreutils/include/policycoreutils.h
@@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,4 +19,4 @@
 int load_policy(void);
 int restorecon(void);
 
-#endif  // __POLICYCOREUTILS_H__
+#endif                          // __POLICYCOREUTILS_H__
diff --git a/interfaces/policycoreutils/src/load_policy.c b/interfaces/policycoreutils/src/load_policy.c
index 666c8e6ee..ddaf2de02 100644
--- a/interfaces/policycoreutils/src/load_policy.c
+++ b/interfaces/policycoreutils/src/load_policy.c
@@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,22 +18,23 @@
 #include <sepol/sepol.h>
 #include <stdio.h>
 
-int load_policy(void) {
-  int ret, enforce = 0;
+int load_policy(void)
+{
+    int ret, enforce = 0;
 
-  if ((ret = selinux_init_load_policy(&enforce))) {
-    if (enforce > 0) {
-      fprintf(stderr,
-              "Can't load policy and enforcing mode requested:  %s\n",
-              strerror(errno));
-      return -1;
+    if ((ret = selinux_init_load_policy(&enforce))) {
+        if (enforce > 0) {
+            fprintf(stderr,
+                    "Can't load policy and enforcing mode requested:  %s\n",
+                    strerror(errno));
+            return -1;
+        }
     }
-  }
 
-  if ((ret = selinux_mkload_policy(0)) < 0) {
-    fprintf(stderr, "Can't load policy:  %s\n", strerror(errno));
-    return -1;
-  }
+    if ((ret = selinux_mkload_policy(0)) < 0) {
+        fprintf(stderr, "Can't load policy:  %s\n", strerror(errno));
+        return -1;
+    }
 
-  return 1;
+    return 1;
 }
diff --git a/interfaces/policycoreutils/src/restorecon.c b/interfaces/policycoreutils/src/restorecon.c
index 257006556..c11754efa 100644
--- a/interfaces/policycoreutils/src/restorecon.c
+++ b/interfaces/policycoreutils/src/restorecon.c
@@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,45 +24,49 @@
 #include <string.h>
 
 typedef struct restore_opts {
-  unsigned int restorecon_flags;
-  struct selabel_handle *hnd;
+    unsigned int restorecon_flags;
+    struct selabel_handle *hnd;
 } restore_opts_t;
 
-static int restore_init(restore_opts_t *opts) {
-  struct selinux_opt selinux_opts[] = {
-      {SELABEL_OPT_VALIDATE, NULL},
-      {SELABEL_OPT_PATH, NULL},
-      {SELABEL_OPT_DIGEST, NULL},
-  };
+static int restore_init(restore_opts_t * opts)
+{
+    struct selinux_opt selinux_opts[] = {
+        {SELABEL_OPT_VALIDATE, NULL},
+        {SELABEL_OPT_PATH, NULL},
+        {SELABEL_OPT_DIGEST, NULL},
+    };
 
-  if (!(opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3))) {
-    return -1;
-  }
+    if (!(opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts,
+                                   sizeof(selinux_opts) /
+                                   sizeof(selinux_opt)))) {
+        return -1;
+    }
 
-  opts->restorecon_flags = 0;
-  opts->restorecon_flags =
-      SELINUX_RESTORECON_REALPATH | SELINUX_RESTORECON_RECURSE;
+    opts->restorecon_flags = 0;
+    opts->restorecon_flags =
+        SELINUX_RESTORECON_REALPATH | SELINUX_RESTORECON_RECURSE;
 
-  selinux_restorecon_set_sehandle(opts->hnd);
+    selinux_restorecon_set_sehandle(opts->hnd);
 }
 
-int restorecon(void) {
-  restore_opts_t opts;
-  int i = 0;
-  int errors = 0;
+int restorecon(void)
+{
+    restore_opts_t opts;
+    int i = 0;
+    int errors = 0;
 
-  memset(&opts, 0, sizeof(opts));
+    memset_s(&opts, sizeof(opts), 0, sizeof(opts));
 
-  if (is_selinux_enabled() < 1) {
-    return 1;
-  }
+    if (is_selinux_enabled() < 1) {
+        return 1;
+    }
 
-  if (!restore_init(&opts)) {
-    return -1;
-  }
+    if (!restore_init(&opts)) {
+        return -1;
+    }
 
-  errors = selinux_restorecon("/", opts.restorecon_flags);
-  selabel_close(opts.hnd);
+    errors = selinux_restorecon("/", opts.restorecon_flags);
+    selabel_close(opts.hnd);
 
-  return (errors ? -1 : 1);
+    return (errors ? -1 : 1);
 }
diff --git a/interfaces/tools/load_policy/load_policy.c b/interfaces/tools/load_policy/load_policy.c
index 1700da04f..a20ad28e6 100644
--- a/interfaces/tools/load_policy/load_policy.c
+++ b/interfaces/tools/load_policy/load_policy.c
@@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 
 #include <policycoreutils.h>
 
-int main(int argc, char **argv) {
-  return load_policy();
+int main(int argc, char **argv)
+{
+    return load_policy();
 }
diff --git a/interfaces/tools/restorecon/restorecon.c b/interfaces/tools/restorecon/restorecon.c
index cf44cdfa6..486e841fb 100644
--- a/interfaces/tools/restorecon/restorecon.c
+++ b/interfaces/tools/restorecon/restorecon.c
@@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 
 #include <policycoreutils.h>
 
-int main(int argc, char **argv) {
-  return restorecon();
+int main(int argc, char **argv)
+{
+    return restorecon();
 }
diff --git a/scripts/build_policy.sh b/scripts/build_policy.sh
index a4d4f2751..d5f87e023 100755
--- a/scripts/build_policy.sh
+++ b/scripts/build_policy.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Copyright 2021 北京万里红科技有限公司
+# Copyright (c) 2021 北京万里红科技有限公司
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/test/selinux_test.c b/test/selinux_test.c
index 195091bed..5c06cca9e 100644
--- a/test/selinux_test.c
+++ b/test/selinux_test.c
@@ -1,4 +1,4 @@
-/* Copyright 2021 北京万里红科技有限公司
+/* Copyright (c) 2021 北京万里红科技有限公司
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,60 +13,62 @@
  * limitations under the License.
  */
 
-#include <ctype.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <limits.h>
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <selinux/selinux.h>
 
-extern int setcon(const char *con);
+#define BUFFLEN (1000)
 
-extern int setexeccon(const char *con);
+int main(int argc, char *argv[])
+{
+    FILE *fp = NULL;
+    char buf[BUFFLEN];
+    const sleepSeconds = 5;
 
-int main(int argc, char *argv[]) {
-  FILE *fp = NULL;
-  char buf[1000];
+    int ret = setcon("u:r:kernel:s0");
+    printf("setcon %d\n", ret);
+    ret = setexeccon("u:r:kernel:s0");
+    printf("setexeccon %d\n", ret);
 
-  int ret = setcon("u:r:kernel:s0");
-  printf("setcon %d\n", ret);
-  ret = setexeccon("u:r:kernel:s0");
-  printf("setexeccon %d\n", ret);
+    sleep(sleepSeconds);
 
-  sleep(5);
+    while (1) {
+        sleep(1);
+        fp = fopen("/data/abcd.txt", "r");
+        if (fp != NULL) {
+            if (memset_s(buf, sizeof(buf), 0, BUFFLEN) != 0) {
+                continue;
+            }
+            fread(buf, 1, BUFFLEN, fp);
+            fclose(fp);
+            printf("buf1 %s\n", buf);
+        }
 
-  while (1) {
-    fp = fopen("/data/abcd.txt", "r");
-    if (fp != NULL) {
-      memset(buf, 0, 1000);
-      fread(buf, 1, 100, fp);
-      fclose(fp);
-      printf("buf1 %s\n", buf);
-    }
-    sleep(1);
-
-    fp = fopen("/data/abcd2.txt", "r");
-    if (fp != NULL) {
-      memset(buf, 0, 1000);
-      fread(buf, 1, 100, fp);
-      fclose(fp);
-      printf("buf2 %s\n", buf);
-    }
-    sleep(1);
+        sleep(1);
+        fp = fopen("/data/abcd2.txt", "r");
+        if (fp != NULL) {
+            if (memset_s(buf, sizeof(buf), 0, BUFFLEN) != 0) {
+                continue;
+            }
+            fread(buf, 1, BUFFLEN, fp);
+            fclose(fp);
+            printf("buf2 %s\n", buf);
+        }
 
-    fp = fopen("/data/abcd3.txt", "r");
-    if (fp != NULL) {
-      memset(buf, 0, 1000);
-      fread(buf, 1, 100, fp);
-      fclose(fp);
-      printf("buf3 %s\n", buf);
+        sleep(1);
+        fp = fopen("/data/abcd3.txt", "r");
+        if (fp != NULL) {
+            if (memset_s(buf, sizeof(buf), 0, BUFFLEN) != 0) {
+                continue;
+            }
+            fread(buf, 1, BUFFLEN, fp);
+            fclose(fp);
+            printf("buf3 %s\n", buf);
+        }
     }
-    sleep(1);
-  }
 
-  return 0;
+    return 0;
 }
diff --git a/test/selinux_test_helper.sh b/test/selinux_test_helper.sh
index 123a74220..2b935fef3 100755
--- a/test/selinux_test_helper.sh
+++ b/test/selinux_test_helper.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Copyright 2021 北京万里红科技有限公司
+# Copyright (c) 2021 北京万里红科技有限公司
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/test/selinux_test_helper_push.bat b/test/selinux_test_helper_push.bat
index 1274c30a5..cf2616ea3 100644
--- a/test/selinux_test_helper_push.bat
+++ b/test/selinux_test_helper_push.bat
@@ -1,3 +1,19 @@
+::
+:: Copyright (c) 2021 北京万里红科技有限公司
+::
+:: Licensed under the Apache License, Version 2.0 (the "License");
+:: you may not use this file except in compliance with the License.
+:: You may obtain a copy of the License at
+::
+::     http://www.apache.org/licenses/LICENSE-2.0
+::
+:: Unless required by applicable law or agreed to in writing, software
+:: distributed under the License is distributed on an "AS IS" BASIS,
+:: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+:: See the License for the specific language governing permissions and
+:: limitations under the License.
+::
+
 hdc_std.exe file send selinux_test /bin/
 hdc_std.exe shell chmod 755 /bin/selinux_test
 
-- 
Gitee