一篇非三大模块下的进程文件介绍capability.c
代码注释
代码大致路径: kernel_liteos_a_note/security/cap/capability.c
代码主要功能是进程权限的解读。
#define CAPABILITY_INIT_STAT 0xffffffff
#define CAPABILITY_GET_CAP_MASK(x) (1 << ((x) & 31))
#define CAPABILITY_MAX 31
#define VALID_CAPS(a, b) (((a) & (~(b))) != 0)
//是否允许访问
BOOL IsCapPermit(UINT32 capIndex)
{
UINT32 capability = OsCurrProcessGet()->capability;
if (capIndex > CAPABILITY_MAX || capIndex < 0) {
PRINTK("%s,%d, get invalid capIndex %d\n", __FUNCTION__, __LINE__, capIndex);
return FALSE;
}
return (capability & (CAPABILITY_GET_CAP_MASK(capIndex)));
}
进程安全的初始化
//初始化进程安全能力
VOID OsInitCapability(LosProcessCB *processCB)
{
processCB->capability = CAPABILITY_INIT_STAT;
}
安全能力copy
//进程间安全能力的拷贝
VOID OsCopyCapability(LosProcessCB *from, LosProcessCB *to)
{
UINT32 intSave;
SCHEDULER_LOCK(intSave);
to->capability = from->capability;
SCHEDULER_UNLOCK(intSave);
}
进程权限设置
//为进程设置权限项
UINT32 SysCapSet(UINT32 caps)
{
UINT32 intSave;
SCHEDULER_LOCK(intSave);
if (!IsCapPermit(CAP_CAPSET)) {
//先检查进程是否有权限
SCHEDULER_UNLOCK(intSave);
return -EPERM;
}
if (VALID_CAPS(caps, OsCurrProcessGet()->capability)) {
//验证参数有效性
SCHEDULER_UNLOCK(intSave);
return -EPERM;
}
OsCurrProcessGet()->capability = caps;//改变当前进程的权限集,相当于自己给自己加减权限
SCHEDULER_UNLOCK(intSave);
return LOS_OK;
}
参数进程的权限集
//获取参数进程的权限集
UINT32 SysCapGet(pid_t pid, UINT32 *caps)
{
UINT32 intSave;
UINT32 kCaps;
LosProcessCB *processCB = NULL;
if ((OS_PID_CHECK_INVALID((UINT32)pid))) {
return -EINVAL;
}
if (pid == 0) {
processCB = OsCurrProcessGet();
} else {
processCB = OS_PCB_FROM_PID(pid);
}
SCHEDULER_LOCK(intSave);
if (OsProcessIsInactive(processCB)) {
SCHEDULER_UNLOCK(intSave);
return -ESRCH;
}
kCaps = processCB->capability;
SCHEDULER_UNLOCK(intSave);
//@note_thinking 感觉这里可以不用 LOS_ArchCopyToUser 直接返回kCaps
if (LOS_ArchCopyToUser(caps, &kCaps, sizeof(UINT32)) != LOS_OK) {
//内核空间向用户空间拷贝
return -EFAULT;
}
return LOS_OK;
}