diff --git a/build/build.sh b/build/build.sh
index 0354ad6..5c24550 100644
--- a/build/build.sh
+++ b/build/build.sh
@@ -4,6 +4,7 @@
ROOT=$(cd `dirname $0`; pwd)/..
OPENSRC=${ROOT}/opensource
+PLATFORM=${ROOT}/platform
OUTPUT=${ROOT}/output
BUILD=${ROOT}/build
@@ -132,8 +133,21 @@ funcmakeunzip(){
cd ${OPENSRC}
tar -xzvf cJSON*.tar.gz
CJSONS=`find . -name "cJSON.*"`
-CJSONSLIB=`find ${INSTALLHELPERDIR} -name cjson -type d`
+CJSONSLIB=${INSTALLHELPERDIR}/deb/src/cjson
/bin/cp -f ${CJSONS} ${CJSONSLIB}
+
+cd ${PLATFORM}
+tar -xzvf HuaweiSecureC.tar.gz
+SECURECSRC=`find . -name "src"`
+SECURECINC=`find . -name "include"`
+
+SECURECLIB=${INSTALLHELPERDIR}/deb/src/HuaweiSecureC
+/bin/cp -f ${SECURECSRC}/* ${SECURECLIB}
+/bin/cp -f ${SECURECINC}/* ${SECURECLIB}
+
+SECURECLIB=${CLIDIR}/src/HuaweiSecureC
+/bin/cp -f ${SECURECSRC}/* ${SECURECLIB}
+/bin/cp -f ${SECURECINC}/* ${SECURECLIB}
}
funcmakeclean
diff --git a/ci/dependency.xml b/ci/dependency.xml
index 8fea80e..eddb2af 100644
--- a/ci/dependency.xml
+++ b/ci/dependency.xml
@@ -32,5 +32,20 @@
+
+
+ BVersion
+ Generic
+
+ Huawei Secure C
+ Huawei Secure C V100R001C01SPC009B003
+
+
+
+ /*
+ platform/
+
+
+
diff --git a/cli/src/CMakeLists.txt b/cli/src/CMakeLists.txt
index 4fb2934..63a6a55 100644
--- a/cli/src/CMakeLists.txt
+++ b/cli/src/CMakeLists.txt
@@ -1,5 +1,14 @@
-cmake_minimum_required(VERSION 2.26)
-project(ascend-docker-cli C)
-set(CMAKE_C_STANDARD 11)
-aux_source_directory(. SRC)
-add_executable(ascend-docker-cli ${SRC})
+cmake_minimum_required(VERSION 2.26)
+project(ascend-docker-cli C)
+set(CMAKE_C_STANDARD 11)
+## The common options using by both c and cxx
+
+message(STATUS "CMAKE_SHARED_LIBRARY_LINK_C_FLAGS = " ${CMAKE_SHARED_LIBRARY_LINK_C_FLAGS})
+set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
+
+include_directories("${PROJECT_SOURCE_DIR}/HuaweiSecureC")
+aux_source_directory(. SRC)
+add_subdirectory(HuaweiSecureC)
+add_executable(ascend-docker-cli ${SRC})
+target_compile_options(ascend-docker-cli PRIVATE -fstack-protector-all -fpie)
+target_link_libraries(ascend-docker-cli -pie -Wl,-z,now HuaweiSecureC)
diff --git a/cli/src/HuaweiSecureC/CMakeLists.txt b/cli/src/HuaweiSecureC/CMakeLists.txt
new file mode 100644
index 0000000..92ab9b8
--- /dev/null
+++ b/cli/src/HuaweiSecureC/CMakeLists.txt
@@ -0,0 +1,7 @@
+# 查找当前目录下的所有源文件
+# 并将名称保存到 LIB_SRC 变量
+aux_source_directory(. LIB_SRC)
+
+#生成链接库
+add_library(HuaweiSecureC ${LIB_SRC})
+target_compile_options(HuaweiSecureC PRIVATE -fstack-protector-all -fpie)
diff --git a/cli/src/main.c b/cli/src/main.c
index 504b613..bc19b64 100644
--- a/cli/src/main.c
+++ b/cli/src/main.c
@@ -15,6 +15,7 @@
#include
#include
#include
+#include "securec.h"
#define DEVICE_NAME "davinci"
#define DAVINCI_MANAGER_PATH "/dev/davinci_manager"
@@ -29,7 +30,7 @@
#define MOUNT_SUBSTR_GAP 2
#define ROOT_SUBSTR_GAP 2
-static const struct option g_opts[] = {
+static const struct option g_cmdOpts[] = {
{"devices", required_argument, 0, 'd'},
{"pid", required_argument, 0, 'p'},
{"rootfs", required_argument, 0, 'r'},
@@ -71,13 +72,13 @@ void FreeCmdArgs(struct CmdArgs *args)
int GetNsPath(const int pid, const char *nsType, char *buf, size_t bufSize)
{
static const char *fmtStr = "/proc/%d/ns/%s";
- return snprintf(buf, bufSize, fmtStr, pid, nsType);
+ return snprintf_s(buf, BUF_SIZE, bufSize, fmtStr, pid, nsType);
}
int GetSelfNsPath(const char *nsType, char *buf, size_t bufSize)
{
static const char *fmtStr = "/proc/self/ns/%s";
- return snprintf(buf, bufSize, fmtStr, nsType);
+ return snprintf_s(buf, BUF_SIZE, bufSize, fmtStr, nsType);
}
int EnterNsByFd(int fd, int nsType)
@@ -118,9 +119,14 @@ int MountDevice(const char *rootfs, const int serialNumber)
char src[BUF_SIZE] = {0};
char dst[BUF_SIZE] = {0};
- snprintf(src, BUF_SIZE, "/dev/" DEVICE_NAME "%d", serialNumber);
- snprintf(dst, BUF_SIZE, "%s%s", rootfs, (const char *)src);
-
+ ret = snprintf_s(src, BUF_SIZE, BUF_SIZE, "/dev/" DEVICE_NAME "%d", serialNumber);
+ if (ret < 0) {
+ return -1;
+ }
+ ret = snprintf_s(dst, BUF_SIZE, BUF_SIZE, "%s%s", rootfs, (const char *)src);
+ if (ret < 0) {
+ return -1;
+ }
struct stat srcStat;
ret = stat((const char *)src, &srcStat);
if (ret < 0) {
@@ -149,7 +155,10 @@ int DoDeviceMounting(const char *rootfs, const char *devicesList)
{
static const char *sep = ",";
char list[BUF_SIZE] = {0};
- strcpy(list, devicesList);
+ errno_t err = strncpy_s(list, BUF_SIZE, devicesList, strlen(devicesList));
+ if (err != EOK) {
+ return -1;
+ }
char *token = NULL;
token = strtok(list, sep);
@@ -196,7 +205,10 @@ int GetParentPathStr(const char *path, int lenOfPath, char *parent)
if (len < 1) {
return 0;
}
- strncpy(parent, path, len);
+ errno_t ret = strncpy_s(parent, BUF_SIZE, path, len);
+ if (ret != EOK) {
+ return -1;
+ }
return 0;
}
@@ -231,13 +243,17 @@ int MountFiles(const char *rootfs, const char *file, unsigned long reMountRwFlag
{
char src[BUF_SIZE] = {0};
char dst[BUF_SIZE] = {0};
- snprintf(src, BUF_SIZE, "%s", file);
- snprintf(dst, BUF_SIZE, "%s%s", rootfs, file);
-
- struct stat srcStat;
- int ret = stat((const char *) src, &srcStat);
+ int ret = snprintf_s(src, BUF_SIZE, BUF_SIZE, "%s", file);
+ if (ret < 0) {
+ return -1;
+ }
+ ret = snprintf_s(dst, BUF_SIZE, BUF_SIZE, "%s%s", rootfs, file);
+ if (ret < 0) {
+ return -1;
+ }
+ struct stat srcStat;
+ ret = stat((const char *) src, &srcStat);
if (ret < 0) {
- fprintf(stderr, "error: failed to stat src: %s\n", src);
return -1;
}
@@ -439,7 +455,10 @@ int CatFileContent(char* buffer, int bufferSize, ParseFileLine fn, const char* f
while (getline(&line, &len, fp) != -1) {
char* result = fn(line, "devices");
if (result != NULL && strlen(result) < bufferSize) {
- strncpy(buffer, result, strlen(result));
+ errno_t ret = strncpy_s(buffer, BUF_SIZE, result, strlen(result));
+ if (ret != EOK) {
+ return -1;
+ }
break;
}
}
@@ -503,7 +522,7 @@ int GetCgroupPath(const struct CmdArgs *args, char *effPath, const size_t maxSiz
char mountPath[BUF_SIZE] = {0x0};
char mount[BUF_SIZE] = {0x0};
- ret = snprintf(mountPath, BUF_SIZE, "/proc/%d/mountinfo", (int)getppid());
+ ret = snprintf_s(mountPath, BUF_SIZE, BUF_SIZE, "/proc/%d/mountinfo", (int)getppid());
if (ret < 0) {
fprintf(stderr, "error: assemble mount info path failed: ppid(%d)\n", getppid());
return -1;
@@ -517,7 +536,7 @@ int GetCgroupPath(const struct CmdArgs *args, char *effPath, const size_t maxSiz
char cgroup[BUF_SIZE] = {0x0};
char cgroupPath[BUF_SIZE] = {0x0};
- ret = snprintf(cgroupPath, BUF_SIZE, "/proc/%d/cgroup", args->pid);
+ ret = snprintf_s(cgroupPath, BUF_SIZE, BUF_SIZE, "/proc/%d/cgroup", args->pid);
if (ret < 0) {
fprintf(stderr, "error: assemble cgroup path failed: pid(%d)\n", args->pid);
return -1;
@@ -532,7 +551,7 @@ int GetCgroupPath(const struct CmdArgs *args, char *effPath, const size_t maxSiz
// cut last '\n' off
cgroup[strcspn(cgroup, "\n")] = '\0';
- ret = snprintf(effPath, maxSize, "%s%s%s", mount, cgroup, ALLOW_PATH);
+ ret = snprintf_s(effPath, BUF_SIZE, maxSize, "%s%s%s", mount, cgroup, ALLOW_PATH);
if (ret < 0) {
fprintf(stderr, "error: assemble cgroup device path failed: \n");
return -1;
@@ -549,7 +568,10 @@ int SetupCgroup(struct CmdArgs *args, const char *cgroupPath)
static const char *sep = ",";
char list[BUF_SIZE] = {0};
- strcpy(list, args->devices);
+ errno_t err = strncpy_s(list, BUF_SIZE, args->devices, strlen(args->devices));
+ if (err != EOK) {
+ return -1;
+ }
char *token = NULL;
cgroupAllow = fopen(cgroupPath, "a");
@@ -567,7 +589,7 @@ int SetupCgroup(struct CmdArgs *args, const char *cgroupPath)
token = strtok(list, sep);
while (token != NULL) {
- ret = snprintf(devicePath, BUF_SIZE, "/dev/" DEVICE_NAME "%d", atoi(token));
+ ret = snprintf_s(devicePath, BUF_SIZE, BUF_SIZE, "/dev/" DEVICE_NAME "%d", atoi(token));
if (ret < 0) {
fclose(cgroupAllow);
fprintf(stderr, "error: failed to assemble device path for no.%s\n", token);
@@ -675,7 +697,7 @@ int Process(int argc, char **argv)
.pid = -1
};
- while ((c = getopt_long(argc, argv, "d:p:r", g_opts, &optionIndex)) != -1) {
+ while ((c = getopt_long(argc, argv, "d:p:r", g_cmdOpts, &optionIndex)) != -1) {
switch (c) {
case 'd':
args.devices = strdup(optarg);
diff --git a/install/deb/src/CMakeLists.txt b/install/deb/src/CMakeLists.txt
index e324718..35e44e7 100644
--- a/install/deb/src/CMakeLists.txt
+++ b/install/deb/src/CMakeLists.txt
@@ -1,24 +1,32 @@
-# CMake 最低版本号要求
-cmake_minimum_required (VERSION 2.8)
-
-# 项目信息
-project (ascend-docker-plugin-install-helper)
-
-#导入头文件所在路径
-#PROJECT_SOURCE_DIR为cmake宏
-include_directories("${PROJECT_SOURCE_DIR}/cjson")
-
-# 查找当前目录下的所有源文件
-# 并将名称保存到 SRC 变量
-aux_source_directory(. SRC)
-
-# 指定生成目标
-add_executable(ascend-docker-plugin-install-helper ${SRC})
-
-# 添加 math 子目录
-add_subdirectory(cjson)
-
-# 添加链接库
-#该命令要在add_executable命令下方,否则报错
-target_link_libraries(ascend-docker-plugin-install-helper cjson)
-
+# CMake 最低版本号要求
+cmake_minimum_required (VERSION 2.8)
+
+# 项目信息
+project (ascend-docker-plugin-install-helper)
+
+message(STATUS "CMAKE_SHARED_LIBRARY_LINK_C_FLAGS = " ${CMAKE_SHARED_LIBRARY_LINK_C_FLAGS})
+set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
+
+
+#导入头文件所在路径
+#PROJECT_SOURCE_DIR为cmake宏
+include_directories("${PROJECT_SOURCE_DIR}/cjson")
+include_directories("${PROJECT_SOURCE_DIR}/HuaweiSecureC")
+
+# 查找当前目录下的所有源文件
+# 并将名称保存到 SRC 变量
+aux_source_directory(. SRC)
+
+# 指定生成目标
+add_executable(ascend-docker-plugin-install-helper ${SRC})
+
+# 添加子目录
+add_subdirectory(cjson)
+add_subdirectory(HuaweiSecureC)
+
+# 添加链接库
+#该命令要在add_executable命令下方,否则报错
+target_compile_options(ascend-docker-plugin-install-helper PRIVATE -fstack-protector-all -fpie)
+target_link_libraries(ascend-docker-plugin-install-helper -pie -Wl,-z,now cjson)
+target_link_libraries(ascend-docker-plugin-install-helper -pie -Wl,-z,now HuaweiSecureC)
+
diff --git a/install/deb/src/HuaweiSecureC/CMakeLists.txt b/install/deb/src/HuaweiSecureC/CMakeLists.txt
new file mode 100644
index 0000000..92ab9b8
--- /dev/null
+++ b/install/deb/src/HuaweiSecureC/CMakeLists.txt
@@ -0,0 +1,7 @@
+# 查找当前目录下的所有源文件
+# 并将名称保存到 LIB_SRC 变量
+aux_source_directory(. LIB_SRC)
+
+#生成链接库
+add_library(HuaweiSecureC ${LIB_SRC})
+target_compile_options(HuaweiSecureC PRIVATE -fstack-protector-all -fpie)
diff --git a/install/deb/src/cjson/CMakeLists.txt b/install/deb/src/cjson/CMakeLists.txt
index ad8ce98..b5e902a 100644
--- a/install/deb/src/cjson/CMakeLists.txt
+++ b/install/deb/src/cjson/CMakeLists.txt
@@ -1,8 +1,8 @@
-execute_process(COMMAND bash ../install)
-# 查找当前目录下的所有源文件
-# 并将名称保存到 LIB_SRC 变量
-aux_source_directory(. LIB_SRC)
-
-#生成链接库
-add_library(cjson ${LIB_SRC})
-
+# 查找当前目录下的所有源文件
+# 并将名称保存到 LIB_SRC 变量
+aux_source_directory(. LIB_SRC)
+
+#生成链接库
+add_library(cjson ${LIB_SRC})
+target_compile_options(cjson PRIVATE -fstack-protector-all -fpie)
+
diff --git a/install/deb/src/main.c b/install/deb/src/main.c
index 7553a60..d8ef79f 100644
--- a/install/deb/src/main.c
+++ b/install/deb/src/main.c
@@ -6,6 +6,7 @@
#include
#include
#include
+#include
#define MAX_JSON_FILE_SIZE 65535
#define NUM_ARGS 4
@@ -22,7 +23,7 @@
#define DEFALUT_KEY "default-runtime"
#define DEFAULT_VALUE "ascend"
-void ReadJsonFile(const FILE *pf, char *text, int maxBufferSize)
+void ReadJsonFile(FILE *pf, char *text, int maxBufferSize)
{
fseek(pf, 0, SEEK_END);
@@ -144,7 +145,7 @@ cJSON *CreateContent()
return root;
}
-cJSON *ModifyContent(const FILE *pf)
+cJSON *ModifyContent(FILE *pf)
{
char jsonStr[MAX_JSON_FILE_SIZE] = {0x0};
ReadJsonFile(pf, &jsonStr[0], MAX_JSON_FILE_SIZE);
@@ -197,7 +198,7 @@ cJSON *ModifyContent(const FILE *pf)
return root;
}
-cJSON *RemoveContent(const FILE *pf)
+cJSON *RemoveContent(FILE *pf)
{
char jsonStr[MAX_JSON_FILE_SIZE] = {0x0};
ReadJsonFile(pf, &jsonStr[0], MAX_JSON_FILE_SIZE);
diff --git a/platform/README.MD b/platform/README.MD
new file mode 100644
index 0000000..0e1b50b
--- /dev/null
+++ b/platform/README.MD
@@ -0,0 +1 @@
+put platform dependency here
\ No newline at end of file