一篇非三大模块下的进程文件介绍capability.c
代码注释
代码大致路径: kernel_liteos_a_note/security/cap/capability.c 代码主要功能是进程权限的解读。
#define CAPABILITY_INIT_STAT 0xffffffff
#define CAPABILITY_GET_CAP_MASK(x) (1 CAPABILITY_MAX || capIndex capability = CAPABILITY_INIT_STAT;
}
安全能力copy
//进程间安全能力的拷贝
VOID OsCopyCapability(LosProcessCB *from, LosProcessCB *to)
{
UINT32 intSave;
SCHEDULER_LOCK(intSave);
to->capability = from->capability;
SCHEDULER_UNLOCK(intSave);
}
进程权限设置
//为进程设置权限项
UINT32 SysCapSet(UINT32 caps)
{
UINT32 intSave;
SCHEDULER_LOCK(intSave);
if (!IsCapPermit(CAP_CAPSET)) {//先检查进程是否有权限
SCHEDULER_UNLOCK(intSave);
return -EPERM;
}
if (VALID_CAPS(caps, OsCurrProcessGet()->capability)) {//验证参数有效性
SCHEDULER_UNLOCK(intSave);
return -EPERM;
}
OsCurrProcessGet()->capability = caps;//改变当前进程的权限集,相当于自己给自己加减权限
SCHEDULER_UNLOCK(intSave);
return LOS_OK;
}
参数进程的权限集
//获取参数进程的权限集
UINT32 SysCapGet(pid_t pid, UINT32 *caps)
{
UINT32 intSave;
UINT32 kCaps;
LosProcessCB *processCB = NULL;
if ((OS_PID_CHECK_INVALID((UINT32)pid))) {
return -EINVAL;
}
if (pid == 0) {
processCB = OsCurrProcessGet();
} else {
processCB = OS_PCB_FROM_PID(pid);
}
SCHEDULER_LOCK(intSave);
if (OsProcessIsInactive(processCB)) {
SCHEDULER_UNLOCK(intSave);
return -ESRCH;
}
kCaps = processCB->capability;
SCHEDULER_UNLOCK(intSave);
//@note_thinking 感觉这里可以不用 LOS_ArchCopyToUser 直接返回kCaps
if (LOS_ArchCopyToUser(caps, &kCaps, sizeof(UINT32)) != LOS_OK) {//内核空间向用户空间拷贝
return -EFAULT;
}
return LOS_OK;
}
