1/*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15#include "param_osadp.h"
16#include "param_security.h"
17#include "securec.h"
18
19static int InitLocalSecurityLabel(ParamSecurityLabel *security, int isInit)
20{
21    UNUSED(isInit);
22    PARAM_CHECK(security != NULL, return -1, "Invalid security");
23#if defined __LITEOS_A__
24    security->cred.pid = getpid();
25    security->cred.uid = getuid();
26    security->cred.gid = 0;
27#else
28    security->cred.pid = 0;
29    security->cred.uid = 0;
30    security->cred.gid = 0;
31#endif
32    security->flags[PARAM_SECURITY_DAC] |= LABEL_CHECK_IN_ALL_PROCESS;
33    return 0;
34}
35
36static int FreeLocalSecurityLabel(ParamSecurityLabel *srcLabel)
37{
38    (void)srcLabel;
39    return 0;
40}
41
42static int DacGetParamSecurityLabel(const char *path)
43{
44    UNUSED(path);
45    return 0;
46}
47
48static int CheckFilePermission(const ParamSecurityLabel *localLabel, const char *fileName, int flags)
49{
50    UNUSED(flags);
51    PARAM_CHECK(localLabel != NULL && fileName != NULL, return -1, "Invalid param");
52    return 0;
53}
54
55static int LiteDacCheckParamPermission(const ParamLabelIndex *labelIndex,
56    const ParamSecurityLabel *srcLabel, const char *name, uint32_t mode)
57{
58    UNUSED(labelIndex);
59    UNUSED(srcLabel);
60    UNUSED(name);
61    UNUSED(mode);
62#if defined(__LITEOS_A__)
63    uid_t uid = getuid();
64    return uid <= SYS_UID_INDEX ? DAC_RESULT_PERMISSION : DAC_RESULT_FORBIDED;
65#endif
66    return DAC_RESULT_PERMISSION;
67}
68
69INIT_LOCAL_API int RegisterSecurityDacOps(ParamSecurityOps *ops, int isInit)
70{
71    PARAM_CHECK(ops != NULL, return -1, "Invalid param");
72    PARAM_LOGV("RegisterSecurityDacOps %d", isInit);
73    int ret = strcpy_s(ops->name, sizeof(ops->name), "dac");
74    ops->securityGetLabel = NULL;
75    ops->securityInitLabel = InitLocalSecurityLabel;
76    ops->securityCheckFilePermission = CheckFilePermission;
77    ops->securityCheckParamPermission = LiteDacCheckParamPermission;
78    ops->securityFreeLabel = FreeLocalSecurityLabel;
79    if (isInit) {
80        ops->securityGetLabel = DacGetParamSecurityLabel;
81    }
82    return ret;
83}
84