| /ohos5.0/base/security/selinux_adapter/scripts/selinux_check/ |
| H A D | check_data_regex.py | 43 def check_file_contexts(args, file_contexts, whitelist_set): argument
46 for line in file_contexts:
59 "check '{}' failed in file {}:{}\n".format(path, args.file_contexts, line_index),
93 file_contexts_data = read_file(input_args.file_contexts)
|
| H A D | check_partition_label_use.py | 28 def check_file_contexts(args, file_contexts, whitelist_map, label_list): argument
35 for line in file_contexts:
46 … "check '{} {}' failed in file {}:{}\n".format(path, label, args.file_contexts, line_index),
88 file_contexts_data = read_file(input_args.file_contexts)
|
| /ohos5.0/docs/zh-cn/device-dev/subsystems/ |
| H A D | subsys-security-selinux-sample-file.md | 10 1. 在file_contexts中,建立文件绝对路径与文件标签的映射关系,可以使用正则表达式。
27 1. 在file_contexts中,建立文件绝对路径与文件标签的映射关系,可以使用正则表达式。
35 3. 使标签生效,file_contexts只是映射了文件路径和标签的对应关系,标签不会自动更新到文件上,需要进程主动触发标签更新操作。按文件创建的时机,可以分为以下场景:
|
| H A D | subsys-security-selinux-check.md | 8 ## file_contexts中data分区二级目录使用正则表达式检查
12 …用户的文件存放在data分区,文件数量庞大,容易出现碎片化问题。为避免data分区打标签性能问题,需要限制data分区的二级目录不能存在正则表达式,该检查主要扫描`file_contexts`文件。
16 在`file_contexts`中,data分区二级目录使用正则表达式,会触发编译报错,关键报错信息`Regex is not allowed in the secondary directory …
18 …eck '/data/log(/.*)?' failed in file out/rk3568/obj/base/security/selinux_adapter/file_contexts:214
26 说明以下`file_contexts`中的定义是非法的,因为`log(/.*)?`是正则表达式,且在data的第二级目录:
42 ## file_contexts中使用一级目录标签检查
61 `file_contexts`中禁止使用一级目录标签来定义路径标签,避免配置不合理的SELinux权限,对根路径的子目录产生影响,构成安全隐患。
65 在`file_contexts`配置中,不合理的使用一级目录标签,会触发编译报错,关键报错信息`partition label is not allow to use`,报错如下:
68 …bject_r:data_file:s0' failed in file out/rk3568/obj/base/security/selinux_adapter/file_contexts:213
76 说明以下`file_contexts`中的定义是非法的,因为为`/data/log`配置了标签`u:object_r:data_file:s0`,该标签属于一级目录标签:
|
| H A D | subsys-security-selinux-compile.md | 23 OpenHarmony SELinux contexts包括`file_contexts`、`hdf_service_contexts`、`sevice_contexts`、`parameter_c…
40 | file_contexts | 需要更新文件标签的进程 | 更新文件标签 |
|
| /ohos5.0/docs/en/device-dev/subsystems/ |
| H A D | subsys-security-selinux-sample-file.md | 10 1. In **file_contexts**, define the mapping between the absolute path of the file and the label. Re…
27 1. In **file_contexts**, define the mapping between the absolute path of the file and the label. Re…
39 …The **file_contexts** file only defines the mapping between the file path and the label. The label…
|
| /ohos5.0/base/security/selinux_adapter/ |
| H A D | BUILD.gn | 633 target_out_dir + "/file_contexts.bin",
634 target_out_dir + "/file_contexts",
729 target_out_dir + "/updater/file_contexts.bin",
730 target_out_dir + "/updater/file_contexts",
912 ohos_prebuilt_etc("file_contexts") {
914 source = target_out_dir + "/file_contexts"
942 source = target_out_dir + "/updater/file_contexts"
1159 sources = [ "$target_out_dir/file_contexts.bin" ]
1160 outputs = [ "$target_out_dir/../security/selinux/file_contexts.bin" ]
1317 ":file_contexts",
|
| /ohos5.0/build/ohos/images/mkimage/debug/ |
| H A D | system_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | chip_prod_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | eng_chipset_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | eng_system_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | sys_prod_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | updater_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | updater_ramdisk_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | userdata_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | vendor_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| /ohos5.0/build/ohos/images/mkimage/ |
| H A D | system_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | chip_ckm.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | chip_prod_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | eng_chipset_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | eng_system_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | sys_prod_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | updater_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| H A D | updater_ramdisk_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|
| /ohos5.0/build/ohos/images/mkimage/asan/debug/ |
| H A D | userdata_image_conf.txt | 5 --file_context obj/base/security/selinux_adapter/file_contexts.bin
|