15f9996aaSopenharmony_ci#!/usr/bin/env python3 25f9996aaSopenharmony_ci# -*- coding: utf-8 -*- 35f9996aaSopenharmony_ci 45f9996aaSopenharmony_ci# 55f9996aaSopenharmony_ci# Copyright (c) 2023 Huawei Device Co., Ltd. 65f9996aaSopenharmony_ci# Licensed under the Apache License, Version 2.0 (the "License"); 75f9996aaSopenharmony_ci# you may not use this file except in compliance with the License. 85f9996aaSopenharmony_ci# You may obtain a copy of the License at 95f9996aaSopenharmony_ci# 105f9996aaSopenharmony_ci# http://www.apache.org/licenses/LICENSE-2.0 115f9996aaSopenharmony_ci# 125f9996aaSopenharmony_ci# Unless required by applicable law or agreed to in writing, software 135f9996aaSopenharmony_ci# distributed under the License is distributed on an "AS IS" BASIS, 145f9996aaSopenharmony_ci# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 155f9996aaSopenharmony_ci# See the License for the specific language governing permissions and 165f9996aaSopenharmony_ci# limitations under the License. 175f9996aaSopenharmony_ci# 185f9996aaSopenharmony_ci 195f9996aaSopenharmony_ciimport sys 205f9996aaSopenharmony_ciimport argparse 215f9996aaSopenharmony_ciimport json 225f9996aaSopenharmony_ciimport os 235f9996aaSopenharmony_ci 245f9996aaSopenharmony_ci 255f9996aaSopenharmony_ciclass ValidateError(Exception): 265f9996aaSopenharmony_ci def __init__(self, msg): 275f9996aaSopenharmony_ci super().__init__(msg) 285f9996aaSopenharmony_ci 295f9996aaSopenharmony_ci 305f9996aaSopenharmony_cidef parse_cfg_file(file_name: str): 315f9996aaSopenharmony_ci """ 325f9996aaSopenharmony_ci Load the cfg file in JSON format 335f9996aaSopenharmony_ci """ 345f9996aaSopenharmony_ci services_name = set() 355f9996aaSopenharmony_ci with open(file_name) as fp: 365f9996aaSopenharmony_ci data = json.load(fp) 375f9996aaSopenharmony_ci if "services" not in data: 385f9996aaSopenharmony_ci return services_name 395f9996aaSopenharmony_ci for field in data['services']: 405f9996aaSopenharmony_ci services_name.add(field['name']) 415f9996aaSopenharmony_ci if "path" in field and len(field['path']) == 2 and field['path'][0] == "/system/bin/sa_main": 425f9996aaSopenharmony_ci if field['path'][1].endswith('.xml'): 435f9996aaSopenharmony_ci raise ValidateError('cfg error,please use json file replace xml process name: ' + field['name']) 445f9996aaSopenharmony_ci return services_name 455f9996aaSopenharmony_ci 465f9996aaSopenharmony_ci 475f9996aaSopenharmony_cidef collect_cfg_services_name(cfg_dir: str): 485f9996aaSopenharmony_ci services_name = set() 495f9996aaSopenharmony_ci if not os.path.exists(cfg_dir): 505f9996aaSopenharmony_ci return services_name 515f9996aaSopenharmony_ci for file in os.listdir(cfg_dir): 525f9996aaSopenharmony_ci if file.endswith(".cfg"): 535f9996aaSopenharmony_ci services_name |= parse_cfg_file("{}/{}".format(cfg_dir, file)) 545f9996aaSopenharmony_ci return services_name 555f9996aaSopenharmony_ci 565f9996aaSopenharmony_ci 575f9996aaSopenharmony_cidef collect_seccomp_services_name(lib_dir: str): 585f9996aaSopenharmony_ci services_name = set() 595f9996aaSopenharmony_ci name_allow_list = ['system', 'app', 'nwebspawn', 'imf_secure_mode', 'app_privilege'] 605f9996aaSopenharmony_ci if not os.path.exists(lib_dir): 615f9996aaSopenharmony_ci return services_name 625f9996aaSopenharmony_ci for file in os.listdir(lib_dir): 635f9996aaSopenharmony_ci if not file.startswith('lib') or not file.endswith('_filter.z.so'): 645f9996aaSopenharmony_ci raise ValidateError('seccomp directory has other shared library except seccomp policy library') 655f9996aaSopenharmony_ci 665f9996aaSopenharmony_ci front_pos = file.find('lib') + 3 675f9996aaSopenharmony_ci rear_pos = file.find('_filter.z.so') 685f9996aaSopenharmony_ci name = file[front_pos : rear_pos] 695f9996aaSopenharmony_ci if not name.startswith('com.') and name not in name_allow_list: 705f9996aaSopenharmony_ci services_name.add(name) 715f9996aaSopenharmony_ci 725f9996aaSopenharmony_ci return services_name 735f9996aaSopenharmony_ci 745f9996aaSopenharmony_ci 755f9996aaSopenharmony_cidef check_seccomp_services_name(servces_name: str, seccomp_services_name: str): 765f9996aaSopenharmony_ci for name in seccomp_services_name: 775f9996aaSopenharmony_ci if name not in servces_name: 785f9996aaSopenharmony_ci raise ValidateError('service name {} not in cfg, please check the name used for seccomp'.format(name)) 795f9996aaSopenharmony_ci return 805f9996aaSopenharmony_ci 815f9996aaSopenharmony_ci 825f9996aaSopenharmony_cidef main(): 835f9996aaSopenharmony_ci parser = argparse.ArgumentParser( 845f9996aaSopenharmony_ci description='check whehter name is legal used for the seccomp policy shared library') 855f9996aaSopenharmony_ci parser.add_argument('--vendor-cfg-path', type=str, 865f9996aaSopenharmony_ci help=('input vendor cfg path\n')) 875f9996aaSopenharmony_ci 885f9996aaSopenharmony_ci parser.add_argument('--vendor-seccomp-lib-path', type=str, 895f9996aaSopenharmony_ci help=('input vendor seccomp cfg path\n')) 905f9996aaSopenharmony_ci 915f9996aaSopenharmony_ci parser.add_argument('--system-cfg-path', type=str, 925f9996aaSopenharmony_ci help=('input system cfg path\n')) 935f9996aaSopenharmony_ci 945f9996aaSopenharmony_ci parser.add_argument('--system-seccomp-lib-path', type=str, 955f9996aaSopenharmony_ci help='input system seccomp cfg path\n') 965f9996aaSopenharmony_ci 975f9996aaSopenharmony_ci args = parser.parse_args() 985f9996aaSopenharmony_ci vendor_services_name = collect_cfg_services_name(args.vendor_cfg_path) 995f9996aaSopenharmony_ci vendor_seccomp_services_name = collect_seccomp_services_name(args.vendor_seccomp_lib_path) 1005f9996aaSopenharmony_ci check_seccomp_services_name(vendor_services_name, vendor_seccomp_services_name) 1015f9996aaSopenharmony_ci 1025f9996aaSopenharmony_ci system_services_name = collect_cfg_services_name(args.system_cfg_path) 1035f9996aaSopenharmony_ci system_seccomp_services_name = collect_seccomp_services_name(args.system_seccomp_lib_path) 1045f9996aaSopenharmony_ci check_seccomp_services_name(system_services_name, system_seccomp_services_name) 1055f9996aaSopenharmony_ci 1065f9996aaSopenharmony_ci 1075f9996aaSopenharmony_ciif __name__ == '__main__': 1085f9996aaSopenharmony_ci sys.exit(main()) 109