From 9879c0338c57a7071dd71bd13431c002a7f8c804 Mon Sep 17 00:00:00 2001 From: chengjinsong2 Date: Thu, 18 Aug 2022 19:53:53 +0800 Subject: [PATCH 1/4] =?UTF-8?q?=E5=A2=9E=E5=8A=A0appspawn=20uid=E6=A0=A1?= =?UTF-8?q?=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chengjinsong2 Change-Id: Ic7deaad0b3044cbe04c88cb020ee949e565709ca --- interfaces/innerkits/client/client_socket.cpp | 5 +++++ standard/appspawn_service.c | 15 +++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/interfaces/innerkits/client/client_socket.cpp b/interfaces/innerkits/client/client_socket.cpp index d9ec6a1e..c26928cf 100644 --- a/interfaces/innerkits/client/client_socket.cpp +++ b/interfaces/innerkits/client/client_socket.cpp @@ -32,6 +32,11 @@ int ClientSocket::CreateClient() APPSPAWN_CHECK(socketFd_ >= 0, return socketFd_, "Client: Create socket failed"); } + int opt = 1; + int ret = setsockopt(socketFd_, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt)); + if (ret < 0) { + APPSPAWN_CHECK("Client: setsockopt failed!"); + } APPSPAWN_LOGV("Client: CreateClient socket fd %d", socketFd_); return 0; } diff --git a/standard/appspawn_service.c b/standard/appspawn_service.c index ec8c666b..844b808b 100644 --- a/standard/appspawn_service.c +++ b/standard/appspawn_service.c @@ -19,12 +19,15 @@ #include #include +#include #include #include #include + #include "init_hashmap.h" #include "init_socket.h" +#include "init_utils.h" #include "parameter.h" #include "securec.h" @@ -423,6 +426,18 @@ APPSPAWN_STATIC int OnConnection(const LoopHandle loopHandle, const TaskHandle s AppSpawnClientExt *client = (AppSpawnClientExt *)LE_GetUserData(stream); APPSPAWN_CHECK(client != NULL, return -1, "Failed to alloc stream"); + struct ucred cred = {-1, -1, -1}; + socklen_t credSize = sizeof(struct ucred); + if(getsockopt(LE_GetSocketFd(stream), SOL_SOCKET, SO_PEERCRED, &cred, &credSize) < 0) { + APPSPAWN_LOGI("get cred failed!"); + return -1; + } + + if (cred.uid != DecodeUid("foundation")) { + APPSPAWN_LOGI("OnConnection client fd %d is nerverallow!" ,LE_GetSocketFd(stream)); + return -1; + } + client->stream = stream; client->client.id = ++clientId; client->client.flags = 0; -- Gitee From 1e0099497b09189a200f2bacbeb5550e6ee5ae5f Mon Sep 17 00:00:00 2001 From: chengjinsong2 Date: Thu, 18 Aug 2022 20:06:35 +0800 Subject: [PATCH 2/4] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=97=A5=E5=BF=97?= =?UTF-8?q?=E7=BA=A7=E5=88=AB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chengjinsong2 Change-Id: Ia721b9657637d2f8ec51132928950832357886ec --- interfaces/innerkits/client/client_socket.cpp | 2 +- standard/appspawn_service.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/interfaces/innerkits/client/client_socket.cpp b/interfaces/innerkits/client/client_socket.cpp index c26928cf..7884a4d3 100644 --- a/interfaces/innerkits/client/client_socket.cpp +++ b/interfaces/innerkits/client/client_socket.cpp @@ -35,7 +35,7 @@ int ClientSocket::CreateClient() int opt = 1; int ret = setsockopt(socketFd_, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt)); if (ret < 0) { - APPSPAWN_CHECK("Client: setsockopt failed!"); + APPSPAWN_LOGE("Client: setsockopt failed!"); } APPSPAWN_LOGV("Client: CreateClient socket fd %d", socketFd_); return 0; diff --git a/standard/appspawn_service.c b/standard/appspawn_service.c index 844b808b..81b73ed2 100644 --- a/standard/appspawn_service.c +++ b/standard/appspawn_service.c @@ -429,12 +429,12 @@ APPSPAWN_STATIC int OnConnection(const LoopHandle loopHandle, const TaskHandle s struct ucred cred = {-1, -1, -1}; socklen_t credSize = sizeof(struct ucred); if(getsockopt(LE_GetSocketFd(stream), SOL_SOCKET, SO_PEERCRED, &cred, &credSize) < 0) { - APPSPAWN_LOGI("get cred failed!"); + APPSPAWN_LOGE("get cred failed!"); return -1; } if (cred.uid != DecodeUid("foundation")) { - APPSPAWN_LOGI("OnConnection client fd %d is nerverallow!" ,LE_GetSocketFd(stream)); + APPSPAWN_LOGE("OnConnection client fd %d is nerverallow!" ,LE_GetSocketFd(stream)); return -1; } -- Gitee From 030ba4d0b795c47fd982f44cb3e812b637709972 Mon Sep 17 00:00:00 2001 From: chengjinsong2 Date: Thu, 18 Aug 2022 20:15:25 +0800 Subject: [PATCH 3/4] =?UTF-8?q?=E5=88=A0=E9=99=A4=E7=A9=BA=E8=A1=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chengjinsong2 Change-Id: I20b81cfbc4aec060a73606ce4df8e9bd4b7c564a --- standard/appspawn_service.c | 1 - 1 file changed, 1 deletion(-) diff --git a/standard/appspawn_service.c b/standard/appspawn_service.c index 81b73ed2..691de040 100644 --- a/standard/appspawn_service.c +++ b/standard/appspawn_service.c @@ -24,7 +24,6 @@ #include #include - #include "init_hashmap.h" #include "init_socket.h" #include "init_utils.h" -- Gitee From c486306e16f73eca7fd32c9bed30821aea5c3574 Mon Sep 17 00:00:00 2001 From: chengjinsong2 Date: Fri, 19 Aug 2022 10:49:41 +0800 Subject: [PATCH 4/4] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E9=9D=99=E6=80=81?= =?UTF-8?q?=E5=91=8A=E8=AD=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chengjinsong2 Change-Id: I8a13637c454a8cfbd5f53132bab2eee4efe024e2 --- standard/appspawn_service.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/standard/appspawn_service.c b/standard/appspawn_service.c index 691de040..f0e2643c 100644 --- a/standard/appspawn_service.c +++ b/standard/appspawn_service.c @@ -427,13 +427,13 @@ APPSPAWN_STATIC int OnConnection(const LoopHandle loopHandle, const TaskHandle s struct ucred cred = {-1, -1, -1}; socklen_t credSize = sizeof(struct ucred); - if(getsockopt(LE_GetSocketFd(stream), SOL_SOCKET, SO_PEERCRED, &cred, &credSize) < 0) { + if (getsockopt(LE_GetSocketFd(stream), SOL_SOCKET, SO_PEERCRED, &cred, &credSize) < 0) { APPSPAWN_LOGE("get cred failed!"); return -1; } if (cred.uid != DecodeUid("foundation")) { - APPSPAWN_LOGE("OnConnection client fd %d is nerverallow!" ,LE_GetSocketFd(stream)); + APPSPAWN_LOGE("OnConnection client fd %d is nerverallow!", LE_GetSocketFd(stream)); return -1; } -- Gitee