Match-id-32a15651385a7d833acddf807ede6634942407d7

2025-10-12 03:40:05 +08:00 · 2020-06-13 16:07:56 +08:00
parent d5424d6a8a
commit 39fe5ed6db
10 changed files with 146 additions and 62 deletions
--- a/build/build.sh
+++ b/build/build.sh
@@ -4,6 +4,7 @@
 ROOT=$(cd `dirname $0`; pwd)/..

 OPENSRC=${ROOT}/opensource
+PLATFORM=${ROOT}/platform
 OUTPUT=${ROOT}/output
 BUILD=${ROOT}/build

@@ -132,8 +133,21 @@ funcmakeunzip(){
 cd ${OPENSRC}
 tar -xzvf cJSON*.tar.gz
 CJSONS=`find . -name "cJSON.*"`
-CJSONSLIB=`find ${INSTALLHELPERDIR} -name cjson -type d` 
+CJSONSLIB=${INSTALLHELPERDIR}/deb/src/cjson 
 /bin/cp -f ${CJSONS} ${CJSONSLIB}
+
+cd ${PLATFORM}
+tar -xzvf HuaweiSecureC.tar.gz
+SECURECSRC=`find . -name "src"`
+SECURECINC=`find . -name "include"`
+
+SECURECLIB=${INSTALLHELPERDIR}/deb/src/HuaweiSecureC
+/bin/cp -f ${SECURECSRC}/* ${SECURECLIB}
+/bin/cp -f ${SECURECINC}/* ${SECURECLIB}
+
+SECURECLIB=${CLIDIR}/src/HuaweiSecureC
+/bin/cp -f ${SECURECSRC}/* ${SECURECLIB}
+/bin/cp -f ${SECURECINC}/* ${SECURECLIB}
 }

 funcmakeclean
--- a/ci/dependency.xml
+++ b/ci/dependency.xml
@@ -32,5 +32,20 @@
                                </copy>
                        </copies>
                </dependency>
+                <!-- Platform -->
+                <dependency>
+                    <versionType>BVersion</versionType>
+                    <repoType>Generic</repoType>
+                    <id>
+                        <offering>Huawei Secure C</offering>
+                        <version>Huawei Secure C V100R001C01SPC009B003</version>
+                    </id>
+                    <copies>
+                        <copy>
+                            <source>/*</source>
+                            <dest>platform/</dest>
+                        </copy>
+                    </copies>
+                </dependency>
        </dependencies>
 </project>
--- a/cli/src/CMakeLists.txt
+++ b/cli/src/CMakeLists.txt
@@ -1,5 +1,14 @@
 cmake_minimum_required(VERSION 2.26)
 project(ascend-docker-cli C)
 set(CMAKE_C_STANDARD 11)
+## The common options using by both c and cxx
+
+message(STATUS "CMAKE_SHARED_LIBRARY_LINK_C_FLAGS = " ${CMAKE_SHARED_LIBRARY_LINK_C_FLAGS})
+set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
+
+include_directories("${PROJECT_SOURCE_DIR}/HuaweiSecureC")
 aux_source_directory(. SRC)
+add_subdirectory(HuaweiSecureC)
 add_executable(ascend-docker-cli ${SRC})
+target_compile_options(ascend-docker-cli PRIVATE -fstack-protector-all -fpie)
+target_link_libraries(ascend-docker-cli -pie -Wl,-z,now HuaweiSecureC)
--- a/cli/src/HuaweiSecureC/CMakeLists.txt
+++ b/cli/src/HuaweiSecureC/CMakeLists.txt
@@ -0,0 +1,7 @@
+# 查找当前目录下的所有源文件
+# 并将名称保存到 LIB_SRC 变量
+aux_source_directory(. LIB_SRC)
+
+#生成链接库
+add_library(HuaweiSecureC ${LIB_SRC})
+target_compile_options(HuaweiSecureC PRIVATE -fstack-protector-all -fpie)
--- a/cli/src/main.c
+++ b/cli/src/main.c
@@ -15,6 +15,7 @@
 #include <unistd.h>
 #include <sched.h>
 #include <dirent.h>
+#include "securec.h"

 #define DEVICE_NAME "davinci"
 #define DAVINCI_MANAGER_PATH        "/dev/davinci_manager"
@@ -29,7 +30,7 @@
 #define MOUNT_SUBSTR_GAP 2
 #define ROOT_SUBSTR_GAP 2

-static const struct option g_opts[] = {
+static const struct option g_cmdOpts[] = {
    {"devices", required_argument, 0, 'd'},
    {"pid", required_argument, 0, 'p'},
    {"rootfs", required_argument, 0, 'r'},
@@ -71,13 +72,13 @@ void FreeCmdArgs(struct CmdArgs *args)
 int GetNsPath(const int pid, const char *nsType, char *buf, size_t bufSize)
 {
    static const char *fmtStr = "/proc/%d/ns/%s";
-    return snprintf(buf, bufSize, fmtStr, pid, nsType);
+    return snprintf_s(buf, BUF_SIZE, bufSize, fmtStr, pid, nsType);
 }

 int GetSelfNsPath(const char *nsType, char *buf, size_t bufSize)
 {
    static const char *fmtStr = "/proc/self/ns/%s";
-    return snprintf(buf, bufSize, fmtStr, nsType);
+    return snprintf_s(buf, BUF_SIZE, bufSize, fmtStr, nsType);
 }

 int EnterNsByFd(int fd, int nsType)
@@ -118,9 +119,14 @@ int MountDevice(const char *rootfs, const int serialNumber)
    char src[BUF_SIZE] = {0};
    char dst[BUF_SIZE] = {0};

-    snprintf(src, BUF_SIZE, "/dev/" DEVICE_NAME "%d", serialNumber);
-    snprintf(dst, BUF_SIZE, "%s%s", rootfs, (const char *)src);
-
+    ret = snprintf_s(src, BUF_SIZE, BUF_SIZE, "/dev/" DEVICE_NAME "%d", serialNumber);
+    if (ret < 0) {
+        return -1;
+    }
+    ret = snprintf_s(dst, BUF_SIZE, BUF_SIZE, "%s%s", rootfs, (const char *)src);
+    if (ret < 0) {
+        return -1;
+    }
    struct stat srcStat;
    ret = stat((const char *)src, &srcStat);
    if (ret < 0) {
@@ -149,7 +155,10 @@ int DoDeviceMounting(const char *rootfs, const char *devicesList)
 {
    static const char *sep = ",";
    char list[BUF_SIZE] = {0};
-    strcpy(list, devicesList);
+    errno_t err = strncpy_s(list, BUF_SIZE, devicesList, strlen(devicesList));
+    if (err != EOK) {
+        return -1;
+    }
    char *token = NULL;

    token = strtok(list, sep);
@@ -196,7 +205,10 @@ int GetParentPathStr(const char *path, int lenOfPath, char *parent)
    if (len < 1) {
        return 0;
    }
-    strncpy(parent, path, len);
+    errno_t ret = strncpy_s(parent, BUF_SIZE, path, len);
+    if (ret != EOK) {
+        return -1;
+    }
    return 0;
 }

@@ -231,13 +243,17 @@ int MountFiles(const char *rootfs, const char *file, unsigned long reMountRwFlag
 {
    char src[BUF_SIZE] = {0};
    char dst[BUF_SIZE] = {0};
-    snprintf(src, BUF_SIZE, "%s", file);
-    snprintf(dst, BUF_SIZE, "%s%s", rootfs, file);
-
-    struct stat srcStat;
-    int ret = stat((const char *) src, &srcStat);
+    int ret = snprintf_s(src, BUF_SIZE, BUF_SIZE, "%s", file);
+    if (ret < 0) {
+        return -1;
+    }
+    ret = snprintf_s(dst, BUF_SIZE, BUF_SIZE, "%s%s", rootfs, file);
+    if (ret < 0) {
+        return -1;
+    }
+    struct stat srcStat;
+    ret = stat((const char *) src, &srcStat);
    if (ret < 0) {
-        fprintf(stderr, "error: failed to stat src: %s\n", src);
        return -1;
    }

@@ -439,7 +455,10 @@ int CatFileContent(char* buffer, int bufferSize, ParseFileLine fn, const char* f
    while (getline(&line, &len, fp) != -1) {
        char* result = fn(line, "devices");
        if (result != NULL && strlen(result) < bufferSize) {
-            strncpy(buffer, result, strlen(result));
+            errno_t ret = strncpy_s(buffer, BUF_SIZE, result, strlen(result));
+            if (ret != EOK) {
+                return -1;
+            }
            break;
        }
    }
@@ -503,7 +522,7 @@ int GetCgroupPath(const struct CmdArgs *args, char *effPath, const size_t maxSiz
    char mountPath[BUF_SIZE] = {0x0};
    char mount[BUF_SIZE] = {0x0};

-    ret = snprintf(mountPath, BUF_SIZE, "/proc/%d/mountinfo", (int)getppid());
+    ret = snprintf_s(mountPath, BUF_SIZE, BUF_SIZE, "/proc/%d/mountinfo", (int)getppid());
    if (ret < 0) {
        fprintf(stderr, "error: assemble mount info path failed: ppid(%d)\n", getppid());
        return -1;
@@ -517,7 +536,7 @@ int GetCgroupPath(const struct CmdArgs *args, char *effPath, const size_t maxSiz

    char cgroup[BUF_SIZE] = {0x0};
    char cgroupPath[BUF_SIZE] = {0x0};
-    ret = snprintf(cgroupPath, BUF_SIZE, "/proc/%d/cgroup", args->pid);
+    ret = snprintf_s(cgroupPath, BUF_SIZE, BUF_SIZE, "/proc/%d/cgroup", args->pid);
    if (ret < 0) {
        fprintf(stderr, "error: assemble cgroup path failed: pid(%d)\n", args->pid);
        return -1;
@@ -532,7 +551,7 @@ int GetCgroupPath(const struct CmdArgs *args, char *effPath, const size_t maxSiz
    // cut last '\n' off
    cgroup[strcspn(cgroup, "\n")] = '\0';

-    ret = snprintf(effPath, maxSize, "%s%s%s", mount, cgroup, ALLOW_PATH);
+    ret = snprintf_s(effPath, BUF_SIZE, maxSize, "%s%s%s", mount, cgroup, ALLOW_PATH);
    if (ret < 0) {
        fprintf(stderr, "error: assemble cgroup device path failed: \n");
        return -1;
@@ -549,7 +568,10 @@ int SetupCgroup(struct CmdArgs *args, const char *cgroupPath)

    static const char *sep = ",";
    char list[BUF_SIZE] = {0};
-    strcpy(list, args->devices);
+    errno_t err = strncpy_s(list, BUF_SIZE, args->devices, strlen(args->devices));
+    if (err != EOK) {
+        return -1;
+    }
    char *token = NULL;

    cgroupAllow = fopen(cgroupPath, "a");
@@ -567,7 +589,7 @@ int SetupCgroup(struct CmdArgs *args, const char *cgroupPath)
    
    token = strtok(list, sep);
    while (token != NULL) {
-        ret = snprintf(devicePath, BUF_SIZE, "/dev/" DEVICE_NAME "%d", atoi(token));
+        ret = snprintf_s(devicePath, BUF_SIZE, BUF_SIZE, "/dev/" DEVICE_NAME "%d", atoi(token));
        if (ret < 0) {
            fclose(cgroupAllow);
            fprintf(stderr, "error: failed to assemble device path for no.%s\n", token);
@@ -675,7 +697,7 @@ int Process(int argc, char **argv)
        .pid     = -1
    };

-    while ((c = getopt_long(argc, argv, "d:p:r", g_opts, &optionIndex)) != -1) {
+    while ((c = getopt_long(argc, argv, "d:p:r", g_cmdOpts, &optionIndex)) != -1) {
        switch (c) {
            case 'd':
                args.devices = strdup(optarg);
--- a/install/deb/src/CMakeLists.txt
+++ b/install/deb/src/CMakeLists.txt
@@ -4,9 +4,14 @@ cmake_minimum_required (VERSION 2.8)
 # 项目信息
 project (ascend-docker-plugin-install-helper)

+message(STATUS "CMAKE_SHARED_LIBRARY_LINK_C_FLAGS = " ${CMAKE_SHARED_LIBRARY_LINK_C_FLAGS})
+set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
+
+
 #导入头文件所在路径
 #PROJECT_SOURCE_DIR为cmake宏
 include_directories("${PROJECT_SOURCE_DIR}/cjson")
+include_directories("${PROJECT_SOURCE_DIR}/HuaweiSecureC")

 # 查找当前目录下的所有源文件
 # 并将名称保存到 SRC 变量
@@ -15,10 +20,13 @@ aux_source_directory(. SRC)
 # 指定生成目标
 add_executable(ascend-docker-plugin-install-helper ${SRC})

-# 添加 math 子目录
+# 添加子目录
 add_subdirectory(cjson)
+add_subdirectory(HuaweiSecureC)

 # 添加链接库 
 #该命令要在add_executable命令下方，否则报错
-target_link_libraries(ascend-docker-plugin-install-helper cjson)
+target_compile_options(ascend-docker-plugin-install-helper PRIVATE -fstack-protector-all -fpie)
+target_link_libraries(ascend-docker-plugin-install-helper -pie -Wl,-z,now cjson)
+target_link_libraries(ascend-docker-plugin-install-helper -pie -Wl,-z,now HuaweiSecureC)

--- a/install/deb/src/HuaweiSecureC/CMakeLists.txt
+++ b/install/deb/src/HuaweiSecureC/CMakeLists.txt
@@ -0,0 +1,7 @@
+# 查找当前目录下的所有源文件
+# 并将名称保存到 LIB_SRC 变量
+aux_source_directory(. LIB_SRC)
+
+#生成链接库
+add_library(HuaweiSecureC ${LIB_SRC})
+target_compile_options(HuaweiSecureC PRIVATE -fstack-protector-all -fpie)
--- a/install/deb/src/cjson/CMakeLists.txt
+++ b/install/deb/src/cjson/CMakeLists.txt
@@ -1,8 +1,8 @@
-execute_process(COMMAND bash ../install)
 # 查找当前目录下的所有源文件
 # 并将名称保存到 LIB_SRC 变量
 aux_source_directory(. LIB_SRC)

 #生成链接库
 add_library(cjson ${LIB_SRC})
+target_compile_options(cjson PRIVATE -fstack-protector-all -fpie)

--- a/install/deb/src/main.c
+++ b/install/deb/src/main.c
@@ -6,6 +6,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <string.h>

 #define MAX_JSON_FILE_SIZE 65535
 #define NUM_ARGS 4
@@ -22,7 +23,7 @@
 #define DEFALUT_KEY "default-runtime"
 #define DEFAULT_VALUE "ascend"

-void ReadJsonFile(const FILE *pf, char *text, int maxBufferSize)
+void ReadJsonFile(FILE *pf, char *text, int maxBufferSize)
 {
    fseek(pf, 0, SEEK_END);

@@ -144,7 +145,7 @@ cJSON *CreateContent()
    return root;
 }

-cJSON *ModifyContent(const FILE *pf)
+cJSON *ModifyContent(FILE *pf)
 {
    char jsonStr[MAX_JSON_FILE_SIZE] = {0x0};
    ReadJsonFile(pf, &jsonStr[0], MAX_JSON_FILE_SIZE);
@@ -197,7 +198,7 @@ cJSON *ModifyContent(const FILE *pf)
    return root;
 }

-cJSON *RemoveContent(const FILE *pf)
+cJSON *RemoveContent(FILE *pf)
 {
    char jsonStr[MAX_JSON_FILE_SIZE] = {0x0};
    ReadJsonFile(pf, &jsonStr[0], MAX_JSON_FILE_SIZE);
--- a/platform/README.MD
+++ b/platform/README.MD
@@ -0,0 +1 @@
+put platform dependency here