!399 合入selinux、suspend、rk3568切换代码

Merge pull request !399 from 熊磊/init_3.1

interfaces/innerkits/file/BUILD.gn

@@ -29,6 +29,7 @@ ohos_static_library("libfile_static") {
   sources = service_file_sources
   include_dirs = service_file_include
   deps = service_file_deps
+  part_name = "init"
 }
 
 ohos_shared_library("libfile") {

interfaces/innerkits/fs_manager/fstab.c

@@ -190,13 +190,14 @@ Fstab *ReadFstabFromFile(const char *file, bool procMounts)
     ssize_t readn = 0;
     Fstab *fstab = NULL;
 
+    FILE *fp = NULL;
     char *realPath = GetRealPath(file);
-    if (realPath == NULL) {
-        BEGET_LOGE("Invalid file");
-        return NULL;
+    if (realPath != NULL) {
+        fp = fopen(realPath, "r");
+        free(realPath);
+    } else {
+        fp = fopen(file, "r"); // no file system, can not get real path
     }
-    FILE *fp = fopen(realPath, "r");
-    free(realPath);
     if (fp == NULL) {
         BEGET_LOGE("Open %s failed, err = %d", file, errno);
         return NULL;

interfaces/innerkits/reboot/init_reboot_innerkits.c

@@ -50,10 +50,10 @@ int DoReboot(const char *option)
     BEGET_ERROR_CHECK(ret >= 0, return -1, "Failed to copy boot option \" %s \"", option);
 
     if (strcmp(option, DEVICE_CMD_SUSPEND) == 0) {
-        ret = SystemSetParameter(STARTUP_DEVICE_CTL, DEVICE_CMD_SUSPEND);
+        ret = SystemSetParameter(STARTUP_DEVICE_CTL, DEVICE_CMD_STOP);
         BEGET_ERROR_CHECK(ret == 0, return -1, "Failed to set stop param");
     } else if (strcmp(option, DEVICE_CMD_FREEZE) == 0) {
-        ret = SystemSetParameter(STARTUP_DEVICE_CTL, DEVICE_CMD_FREEZE);
+        ret = SystemSetParameter(STARTUP_DEVICE_CTL, DEVICE_CMD_STOP);
         BEGET_ERROR_CHECK(ret == 0, return -1, "Failed to set stop param");
     } else {
         ret = SystemSetParameter(STARTUP_DEVICE_CTL, DEVICE_CMD_STOP);

interfaces/innerkits/socket/BUILD.gn

@@ -38,6 +38,7 @@ if (defined(ohos_lite)) {
     sources = service_socket_sources
     include_dirs = service_socket_include
     deps = service_socket_deps
+    part_name = "init"
   }
 
   ohos_shared_library("libsocket") {

interfaces/kits/src/syscap_ndk.c

+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 #include <stdbool.h>
 #include "systemcapability.h"
 #include "syscap_ndk.h"

services/BUILD.gn

@@ -301,12 +301,18 @@ if (defined(ohos_lite)) {
     part_name = "init"
   }
 
+  ohos_prebuilt_etc("init.reboot") {
+    source = "//base/startup/init_lite/services/etc/init.reboot.cfg"
+    part_name = "init"
+    module_install_dir = "etc/init"
+  }
   group("init_etc") {
     deps = [
       ":boot.group",
       ":charing.group",
       ":group",
       ":init.cfg",
+      ":init.reboot",
       ":init.usb.cfg",
       ":init.usb.configfs.cfg",
       ":ohos.para",

services/begetctl/BUILD.gn

@@ -62,6 +62,15 @@ ohos_executable("begetctl") {
     ]
   }
 
+  if (build_selinux) {
+    include_dirs += [
+      "//third_party/selinux/libselinux/include/",
+      "//base/security/selinux/interfaces/policycoreutils/include/",
+    ]
+    deps += [ "//third_party/selinux:libselinux" ]
+    defines += [ "WITH_SELINUX" ]
+  }
+
   symlink_target_name = [
     "misc_daemon",
     "reboot",
@@ -113,6 +122,7 @@ ohos_executable("paramshell") {
       "//base/startup/init_lite/interfaces/innerkits:libbeget_proxy",
       "//base/startup/init_lite/services/loopevent:loopevent",
       "//base/startup/init_lite/services/param/watcher:param_watcheragent",
+      "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
     ]
     defines += [
       "OHOS_SERVICE_DUMP",

services/begetctl/init_cmd_reboot.c

@@ -29,6 +29,7 @@ static int main_cmd(BShellHandle shell, int argc, char* argv[])
 
     if (argc == REBOOT_CMD_NUMBER && strcmp(argv[1], "shutdown") != 0 &&
         strcmp(argv[1], "updater") != 0 &&
+        strcmp(argv[1], "suspend") != 0 &&
         strcmp(argv[1], "flashd") != 0 &&
 #ifdef INIT_TEST
         strcmp(argv[1], "charing") != 0 &&
@@ -63,6 +64,7 @@ MODULE_CONSTRUCTOR(void)
     CmdInfo infos[] = {
         {"reboot", main_cmd, "reboot system", "reboot", ""},
         {"reboot", main_cmd, "shutdown system", "reboot shutdown", ""},
+        {"reboot", main_cmd, "suspend system", "reboot suspend", ""},
         {"reboot", main_cmd, "reboot and boot into updater", "reboot updater", ""},
         {"reboot", main_cmd, "reboot and boot into updater", "reboot updater[:options]", ""},
         {"reboot", main_cmd, "reboot and boot into flashd", "reboot flashd", ""},

services/begetctl/main.c

@@ -64,6 +64,9 @@ int main(int argc, char *argv[])
         number = argc - 1;
         args = argv + 1;
     }
+    if (number >= 1 && strcmp(args[0], "devctl") == 0) {
+        (void)memcpy_s(args[0], strlen(args[0]), "reboot", strlen("reboot"));
+    }
     SetInitLogLevel(0);
     BShellParamCmdRegister(g_handle, 0);
 #ifdef INIT_TEST

services/begetctl/param_cmd.c

@@ -28,6 +28,10 @@
 #include "param_utils.h"
 #include "shell_utils.h"
 #include "sys_param.h"
+#ifdef WITH_SELINUX
+#include <policycoreutils.h>
+#include <selinux/selinux.h>
+#endif // WITH_SELINUX
 
 #define MASK_LENGTH_MAX 4
 pid_t g_shellPid = 0;
@@ -389,6 +393,9 @@ static int32_t BShellParamCmdShell(BShellHandle shell, int32_t argc, char *argv[
     if (pid == 0) {
         setuid(2000); // 2000 shell group
         setgid(2000); // 2000 shell group
+#ifdef WITH_SELINUX
+        setcon("u:r:normal_hap_domain:s0");
+#endif
         if (argc >= 2) { // 2 min argc
             char *args[] = {SHELL_NAME, argv[1], NULL};
             ret = execv(CMD_PATH, args);

services/etc/init.cfg

@@ -428,15 +428,6 @@
                 "chmod 0773 /data/misc/trace",
                 "chmod 0775 /data/misc/wmtrace"
             ]
-        }, {
-            "name" : "reboot",
-            "cmds" : [
-                "stopAllServices ",
-                "sync ",
-                "umount /vendor",
-                "umount /data MNT_FORCE",
-                "sync "
-            ]
         }
     ],
     "services" : [{

services/etc/init.reboot.cfg

+{
+    "jobs" : [{
+            "name" : "reboot",
+            "cmds" : [
+                "stopAllServices true",
+                "sync ",
+                "umount /vendor",
+                "umount /data MNT_FORCE",
+                "sync "
+            ]
+        }, {
+            "name" : "suspend",
+            "cmds" : [
+                "stopAllServices false",
+                "sync ",
+                "umount /vendor",
+                "umount /data MNT_FORCE",
+                "sync "
+            ]
+        }
+    ],
+    "services" : []
+}

services/etc/param/ohos.para

@@ -17,7 +17,7 @@ build_version = 2.0
 hw_sc.build.os.enable=true
 
 # ohos API version number.
-hw_sc.build.os.apiversion=8
+hw_sc.build.os.apiversion=9
 
 # ohos system version.
 hw_sc.build.os.version=2.2.0
@@ -37,3 +37,48 @@ const.build.characteristics=default
 const.product.model=ohos
 const.product.name="OpenHarmony 2.0 Canary"
 persist.sys.usb.config=hdc
+const.sandbox=enable
+# const.build.characteristics=default
+const.product.devicetype=default
+# OHOS_SOFTWARE_MODEL[] = {"default"}
+const.software.model=default
+# OHOS_MANUFACTURE[] = {"default"}
+const.product.manufacturer=default
+# OHOS_BRAND[] = {"default"}
+const.product.brand=default
+# OHOS_PRODUCT_SERIES[] = {"default"}
+const.build.product=default
+# OHOS_HARDWARE_MODEL[] = {"default"}
+const.product.hardwareversion=default
+# OHOS_BOOTLOADER_VERSION[] = {"bootloader"}
+const.product.bootloader.version=bootloader
+# OHOS_ABI_LIST[] = {"default"}
+const.product.cpu.abilist=default
+# OHOS_SECURITY_PATCH_TAG[] = { "2020-09-01" }
+const.ohos.version.security_patch=2020-09-01
+# OHOS_DISPLAY_VERSION[] = {"OpenHarmony 3.1.5.2"}
+const.product.software.version=OpenHarmony 3.1.5.2
+# OHOS_INCREMENTAL_VERSION[] = {"default"}
+const.product.incremental.version=default
+# OHOS_FIRST_API_LEVEL = 1
+const.product.firstapiversion=1
+# OHOS_BUILD_TYPE[] = {"default"}
+const.product.build.type=default
+# OHOS_BUILD_USER[] = {"default"}
+const.product.build.user=default
+# OHOS_BUILD_HOST[] = {"default"}
+const.product.build.host=default
+# OHOS_BUILD_TIME[] = {"default"}
+const.product.build.date=default
+# OHOS_HARDWARE_PROFILE[] = {"default"}
+const.product.hardwareprofile=default
+# OHOS_RELEASE_TYPE[] = { "Canary1" }
+const.ohos.releasetype=Canary1
+# OHOS_SDK_API_LEVEL = 8;
+const.ohos.apiversion=8
+# OHOS_BUILD_ROOT_HASH[] = { "default" }
+const.ohos.buildroothash=default
+# OHOS_SDK_API_LEVEL = 8
+const.ohos.sdkapilevel=8
+# OHOS_OS_NAME[] = { "OpenHarmony" }
+const.ohos.name=OpenHarmony

services/etc/passwd

@@ -4,6 +4,7 @@ system:x:1000:1000:::/bin/false
 radio:x:1001:1001:::/bin/false
 bluetooth:x:1002:1002:::/bin/false
 graphics:x:1003:1003:::/bin/false
+samgr:x:1005:1005:::/bin/false
 file_manager:x:1006:1006:::/bin/false
 log:x:1007:1007:::/bin/false
 user_data_rw:x:1008:1008:::/bin/false
@@ -32,5 +33,6 @@ wakelock:x:3010:3010:::/bin/false
 uhid:x:3011:3011:::/bin/false
 ddms:x:3012:3012:::/bin/false
 access_token:x:3020:3020:::/bin/false
+dms:x:5522:5522:::/bin/false
 misc:x:9998:9998:::/bin/false
 app:x:10000:10000:::/bin/false

services/init/include/init_service.h

@@ -51,6 +51,7 @@ extern "C" {
 #define SERVICE_ATTR_DYNAMIC 0x100      // dynamic service
 #define SERVICE_ATTR_ONDEMAND 0x200     // ondemand, manage socket by init
 #define SERVICE_ATTR_TIMERSTART 0x400   // Mark a service will be started by timer
+#define SERVICE_ATTR_NEEDWAIT 0x800     // Mark a service will be started by timer
 
 #define MAX_SERVICE_NAME 32
 #define MAX_APL_NAME 32

services/init/init_common_service.c

@@ -64,6 +64,12 @@ static int SetAllAmbientCapability(void)
 static int SetPerms(const Service *service)
 {
     INIT_CHECK_RETURN_VALUE(KeepCapability() == 0, SERVICE_FAILURE);
+
+    if (service->servPerm.gIDCnt == 0) {
+        // use uid as gid
+        INIT_ERROR_CHECK(setgid(service->servPerm.uID) == 0, return SERVICE_FAILURE,
+            "SetPerms, setgid for %s failed. %d", service->name, errno);
+    }
     if (service->servPerm.gIDCnt > 0) {
         INIT_ERROR_CHECK(setgid(service->servPerm.gIDArray[0]) == 0, return SERVICE_FAILURE,
             "SetPerms, setgid for %s failed. %d", service->name, errno);

services/init/init_service_manager.c

@@ -305,7 +305,10 @@ static int GetServiceGids(const cJSON *curArrItem, Service *curServ)
 {
     int gidCount;
     cJSON *arrItem = cJSON_GetObjectItemCaseSensitive(curArrItem, GID_STR_IN_CFG);
-    if (!cJSON_IsArray(arrItem)) {
+    if (!arrItem) {
+        curServ->servPerm.gIDCnt = 0;
+        return SERVICE_SUCCESS;
+    } else if (!cJSON_IsArray(arrItem)) {
         gidCount = 1;
     } else {
         gidCount = cJSON_GetArraySize(arrItem);
@@ -961,7 +964,7 @@ void StopAllServices(int flags, const char **exclude, int size,
     int (*filter)(const Service *service, const char **exclude, int size))
 {
     Service *service = GetServiceByName("appspawn");
-    if (service != NULL && service->pid != 0) {
+    if (((SERVICE_ATTR_NEEDWAIT & flags) == SERVICE_ATTR_NEEDWAIT) && service != NULL && service->pid != 0) {
         waitpid(service->pid, 0, 0);
     }
 
@@ -977,7 +980,7 @@ void StopAllServices(int flags, const char **exclude, int size,
             node = GetNextGroupNode(NODE_TYPE_SERVICES, node);
             continue;
         }
-        service->attribute |= flags;
+        service->attribute |= (flags & SERVICE_ATTR_INVALID);
         int ret = ServiceStop(service);
         if (ret != SERVICE_SUCCESS) {
             INIT_LOGE("Service %s stop failed!", service->name);

services/init/standard/init_cmds.c

@@ -330,7 +330,13 @@ static int FilterService(const Service *service, const char **exclude, int size)
 
 static void DoStopAllServices(const struct CmdArgs *ctx)
 {
-    StopAllServices(SERVICE_ATTR_INVALID, (const char **)ctx->argv, ctx->argc, FilterService);
+    int flags = SERVICE_ATTR_INVALID;
+    if (ctx->argc >= 1 && strcmp(ctx->argv[0], "true") == 0) {
+        flags |= SERVICE_ATTR_NEEDWAIT;
+        StopAllServices(flags, (const char **)(&ctx->argv[1]), ctx->argc - 1, FilterService);
+    } else {
+        StopAllServices(flags, (const char **)ctx->argv, ctx->argc, FilterService);
+    }
     return;
 }
 

services/init/standard/init_reboot.c

@@ -131,89 +131,98 @@ static int CheckAndRebootToUpdater(const char *valueData, const char *cmd,
         INIT_ERROR_CHECK(ret == 0, return -1, "Failed to format update for %s.", cmd);
     }
 
-    ret = -1;
     if (RBMiscWriteUpdaterMessage(miscFile, &msg) == 0) {
-        ret = 0;
-#ifndef STARTUP_INIT_TEST
-        ret = reboot(RB_AUTOBOOT);
-#endif
+        return 0;
     }
-    return ret;
+    return -1;
 }
 
-int DoRebootCmd(const char *cmd, const char *opt)
+static int DoRebootCmd(const char *cmd, const char *opt)
 {
     // by job to stop service and unmount
     DoJobNow("reboot");
-#ifndef PRODUCT_RK
-    return CheckAndRebootToUpdater(NULL, "reboot", NULL, NULL);
-#else
-    reboot(RB_AUTOBOOT);
-    return 0;
+    int ret = CheckAndRebootToUpdater(NULL, "reboot", NULL, NULL);
+    if (ret == 0) {
+#ifndef STARTUP_INIT_TEST
+        return reboot(RB_AUTOBOOT);
 #endif
+    }
+    return 0;
 }
 
-int DoShutdownCmd(const char *cmd, const char *opt)
+static int DoShutdownCmd(const char *cmd, const char *opt)
 {
     // by job to stop service and unmount
     DoJobNow("reboot");
+    int ret = CheckAndRebootToUpdater(NULL, "reboot", NULL, NULL);
+    if (ret == 0) {
 #ifndef STARTUP_INIT_TEST
-    return reboot(RB_POWER_OFF);
-#else
-    return 0;
+        return reboot(RB_POWER_OFF);
 #endif
+    }
+    return 0;
 }
 
-int DoUpdaterCmd(const char *cmd, const char *opt)
+static int DoUpdaterCmd(const char *cmd, const char *opt)
 {
     // by job to stop service and unmount
     DoJobNow("reboot");
-    return CheckAndRebootToUpdater(opt, "updater", "updater:", "boot_updater");
+    int ret = CheckAndRebootToUpdater(opt, "updater", "updater:", "boot_updater");
+    if (ret == 0) {
+#ifndef STARTUP_INIT_TEST
+        return reboot(RB_AUTOBOOT);
+#endif
+    }
+    return 0;
 }
 
-int DoFlashdCmd(const char *cmd, const char *opt)
+static int DoFlashdCmd(const char *cmd, const char *opt)
 {
     // by job to stop service and unmount
     DoJobNow("reboot");
-    return CheckAndRebootToUpdater(opt, "flash", "flash:", "boot_flash");
+    int ret = CheckAndRebootToUpdater(opt, "flash", "flash:", "boot_flash");
+    if (ret == 0) {
+#ifndef STARTUP_INIT_TEST
+        return reboot(RB_AUTOBOOT);
+#endif
+    }
+    return 0;
 }
 
 #ifdef PRODUCT_RK
-int DoLoaderCmd(const char *cmd, const char *opt)
+static int DoLoaderCmd(const char *cmd, const char *opt)
 {
     syscall(__NR_reboot, REBOOT_MAGIC1, REBOOT_MAGIC2, REBOOT_CMD_RESTART2, "loader");
     return 0;
 }
 #endif
 
-int DoSuspendCmd(const char *cmd, const char *opt)
+static int DoSuspendCmd(const char *cmd, const char *opt)
 {
     // by job to stop service and unmount
     DoJobNow("suspend");
+    int ret = CheckAndRebootToUpdater(NULL, "reboot", NULL, NULL);
+    if (ret == 0) {
 #ifndef STARTUP_INIT_TEST
-    return reboot(RB_POWER_OFF);
-#else
-    return 0;
+        INIT_LOGE("DoSuspendCmd %s RB_SW_SUSPEND.", cmd);
+        return reboot(RB_AUTOBOOT);
 #endif
-}
-
-int DoFreezeCmd(const char *cmd, const char *opt)
-{
-    // by job to stop service and unmount
-    DoJobNow("freeze");
-#ifndef STARTUP_INIT_TEST
-    return reboot(RB_POWER_OFF);
-#else
+    }
     return 0;
-#endif
 }
 
 #ifdef INIT_TEST
-int DoCharingCmd()
+static int DoCharingCmd()
 {
     // by job to stop service and unmount
     DoJobNow("reboot");
-    return CheckAndRebootToUpdater(NULL, "charing", "charing:", "boot_charing");
+    int ret = CheckAndRebootToUpdater(NULL, "charing", "charing:", "boot_charing");
+    if (ret == 0) {
+#ifndef STARTUP_INIT_TEST
+        return reboot(RB_AUTOBOOT);
+#endif
+    }
+    return 0;
 }
 #endif
 
@@ -230,7 +239,6 @@ struct {
     { "loader", DoLoaderCmd },
 #endif
     { "suspend", DoSuspendCmd },
-    { "freeze", DoFreezeCmd },
 #ifdef INIT_TEST
     { "charing", DoCharingCmd }
 #endif
@@ -249,14 +257,14 @@ void ExecReboot(const char *value)
         return;
     }
 
-    INIT_LOGE("ExecReboot %s.", cmd);
+    INIT_LOGI("ExecReboot %s param %s.", cmd, value);
     for (int i = 0; i < (int)ARRAY_LENGTH(g_rebootCmd); i++) {
         if (strncmp(cmd, g_rebootCmd[i].cmdName, strlen(g_rebootCmd[i].cmdName)) == 0) {
             int ret = g_rebootCmd[i].doCmd(cmd, cmd);
-            INIT_LOGI("Reboot %s %s.", value, (ret == 0) ? "success" : "fail");
+            INIT_LOGI("Reboot %s %s errno %d .", cmd, (ret == 0) ? "success" : "fail", errno);
             return;
         }
     }
-    INIT_LOGE("Invalid rebot cmd %s.", value);
+    INIT_LOGE("Invalid reboot cmd %s.", value);
     return;
 }

services/init/standard/init_signal_handler.c

@@ -17,6 +17,7 @@
 
 #include "init_adapter.h"
 #include "init_log.h"
+#include "init_param.h"
 #include "init_service_manager.h"
 #include "loop_event.h"
 
@@ -48,7 +49,9 @@ static void ProcessSignal(const struct signalfd_siginfo *siginfo)
         }
         case SIGTERM: {
             INIT_LOGI("SigHandler, SIGTERM received.");
-            StopAllServices(0, NULL, 0, NULL);
+            SystemWriteParam("startup.device.ctl", "stop");
+            // exec reboot use toybox reboot cmd
+            ExecReboot("reboot");
             break;
         }
         default:

services/loopevent/include/loop_event.h

@@ -124,6 +124,7 @@ LE_STATUS LE_AcceptStreamClient(const LoopHandle loopHandle,
 LE_STATUS LE_Send(const LoopHandle loopHandle,
     const TaskHandle taskHandle, const BufferHandle handle, uint32_t buffLen);
 void LE_CloseStreamTask(const LoopHandle loopHandle, const TaskHandle taskHandle);
+int LE_GetSocketFd(const TaskHandle taskHandle);
 
 /**
  * 异步事件服务

services/loopevent/task/le_streamtask.c

@@ -244,4 +244,10 @@ void LE_CloseStreamTask(const LoopHandle loopHandle, const TaskHandle taskHandle
 {
     LE_CHECK(loopHandle != NULL && taskHandle != NULL, return, "Invalid parameters");
     LE_CloseTask(loopHandle, taskHandle);
+}
+
+int LE_GetSocketFd(const TaskHandle taskHandle)
+{
+    LE_CHECK(taskHandle != NULL, return -1, "Invalid parameters");
+    return GetSocketFd(taskHandle);
 }
\ No newline at end of file

services/param/BUILD.gn

@@ -41,11 +41,15 @@ ohos_static_library("param_service") {
     "//base/startup/init_lite/services/log",
     "//base/startup/init_lite/interfaces/innerkits/include",
     "//base/startup/init_lite/services/loopevent/include",
+    "//base/security/selinux/interfaces/policycoreutils/include",
     "//third_party/libuv/include",
     "//third_party/cJSON",
   ]
 
   defines = [ "PARAM_SUPPORT_SAVE_PERSIST" ]
+  if (build_selinux) {
+    defines += [ "WITH_SELINUX" ]
+  }
 
   if (defined(boot_kernel_extended_cmdline)) {
     defines += [ "BOOT_EXTENDED_CMDLINE=\"${boot_kernel_extended_cmdline}\"" ]
@@ -90,13 +94,17 @@ ohos_shared_library("param_client") {
     "//base/startup/init_lite/services/log",
     "//base/startup/init_lite/interfaces/innerkits/include",
     "//base/hiviewdfx/hilog/interfaces/native/innerkits/include",
+    "//base/security/selinux/interfaces/policycoreutils/include",
     "//base/startup/init_lite/services/loopevent/include",
   ]
 
   defines = [ "INIT_AGENT" ]
-
   defines += [ "_GNU_SOURCE" ]
 
+  if (build_selinux) {
+    defines += [ "WITH_SELINUX" ]
+  }
+
   if (param_security == "selinux") {
     sources += [ "adapter/param_selinux.c" ]
     defines += [ "PARAM_SUPPORT_SELINUX" ]

services/param/adapter/param_dac.c

@@ -85,6 +85,9 @@ static int InitLocalSecurityLabel(ParamSecurityLabel **security, int isInit)
     *security = &g_localSecurityLabel;
     // support check write permission in client
     (*security)->flags |= LABEL_CHECK_FOR_ALL_PROCESS;
+#ifdef WITH_SELINUX
+    (*security)->flags = 0;
+#endif
     return 0;
 }
 

services/param/manager/param_manager.c

@@ -16,6 +16,10 @@
 #include "param_manager.h"
 
 #include <ctype.h>
+#include <dlfcn.h>
+#ifdef WITH_SELINUX
+#include "selinux_parameter.h"
+#endif
 
 #if !defined PARAM_SUPPORT_SELINUX && !defined PARAM_SUPPORT_DAC
 static ParamSecurityLabel g_defaultSecurityLabel;
@@ -232,6 +236,45 @@ int TraversalParam(const ParamWorkSpace *workSpace,
     return TraversalTrieNode(&workSpace->paramSpace, root, ProcessParamTraversal, &context);
 }
 
+#ifdef WITH_SELINUX
+static void *g_selinuxHandle = NULL;
+static int CheckParamPermissionWithSelinux(const ParamSecurityLabel *srcLabel, const char *name, uint32_t mode)
+{
+    static void (*setSelinuxLogCallback)();
+    static int (*setParamCheck)(const char *paraName, struct ucred *uc);
+    g_selinuxHandle = dlopen("/system/lib/libparaperm_checker.z.so", RTLD_LAZY);
+    if (g_selinuxHandle == NULL) {
+        PARAM_LOGE("Failed to dlopen libparaperm_checker.z.so, %s\n", dlerror());
+        return DAC_RESULT_FORBIDED;
+    }
+    if (setSelinuxLogCallback == NULL) {
+        setSelinuxLogCallback = (void (*)())dlsym(g_selinuxHandle, "SetSelinuxLogCallback");
+        if (setSelinuxLogCallback == NULL) {
+            PARAM_LOGE("Failed to dlsym setSelinuxLogCallback, %s\n", dlerror());
+            return DAC_RESULT_FORBIDED;
+        }
+    }
+    (*setSelinuxLogCallback)();
+
+    if (setParamCheck == NULL) {
+        setParamCheck = (int (*)(const char *paraName, struct ucred *uc))dlsym(g_selinuxHandle, "SetParamCheck");
+        if (setParamCheck == NULL) {
+            PARAM_LOGE("Failed to dlsym setParamCheck, %s\n", dlerror());
+            return DAC_RESULT_FORBIDED;
+        }
+    }
+    struct ucred uc;
+    uc.pid = srcLabel->cred.pid;
+    uc.uid = srcLabel->cred.uid;
+    uc.gid = srcLabel->cred.gid;
+    int ret = setParamCheck(name, &uc);
+    if (ret != 0) {
+        PARAM_LOGI("Selinux check name %s pid %d uid %d %d result %d", name, uc.pid, uc.uid, uc.gid, ret);
+    }
+    return ret;
+}
+#endif
+
 int CheckParamPermission(const ParamWorkSpace *workSpace,
     const ParamSecurityLabel *srcLabel, const char *name, uint32_t mode)
 {
@@ -241,6 +284,14 @@ int CheckParamPermission(const ParamWorkSpace *workSpace,
         return 0;
     }
     PARAM_CHECK(name != NULL && srcLabel != NULL, return -1, "Invalid param");
+#ifdef WITH_SELINUX
+    if (mode == DAC_WRITE) {
+        int ret = CheckParamPermissionWithSelinux(srcLabel, name, mode);
+        if (ret == DAC_RESULT_PERMISSION) {
+            return DAC_RESULT_PERMISSION;
+        }
+    }
+#endif
     if (workSpace->paramSecurityOps.securityCheckParamPermission == NULL) {
         return DAC_RESULT_FORBIDED;
     }

services/param/manager/param_message.c

@@ -25,10 +25,12 @@
 int ConntectServer(int fd, const char *servername)
 {
     PARAM_CHECK(fd >= 0, return -1, "Invalid fd %d", fd);
+    int opt = 1;
+    int ret = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt));
     PARAM_CHECK(servername != NULL, return -1, "Invalid servername");
     struct sockaddr_un addr;
     /* fill socket address structure with server's address */
-    int ret = memset_s(&addr, sizeof(addr), 0, sizeof(addr));
+    ret = memset_s(&addr, sizeof(addr), 0, sizeof(addr));
     PARAM_CHECK(ret == 0, return -1, "Failed to memset server address");
     addr.sun_family = AF_UNIX;
     ret = sprintf_s(addr.sun_path, sizeof(addr.sun_path) - 1, "%s", servername);

services/param/service/param_service.c

@@ -15,6 +15,7 @@
 
 #include "param_service.h"
 
+#include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <stdio.h>
@@ -23,9 +24,12 @@
 #include <sys/msg.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
 
 #include "init_param.h"
 #include "init_utils.h"
+#include "loop_event.h"
 #include "param_message.h"
 #include "param_manager.h"
 #include "param_request.h"
@@ -67,7 +71,9 @@ static int AddParam(WorkSpace *workSpace, const char *name, const char *value, u
         PARAM_CHECK(offset > 0, return PARAM_CODE_REACHED_MAX, "Failed to allocate name %s", name);
         SaveIndex(&node->dataIndex, offset);
     }
-    *dataIndex = node->dataIndex;
+    if (dataIndex != NULL) {
+        *dataIndex = node->dataIndex;
+    }
     return 0;
 }
 
@@ -111,13 +117,15 @@ static int CheckParamValue(const WorkSpace *workSpace, const ParamTrieNode *node
 
 int WriteParam(const WorkSpace *workSpace, const char *name, const char *value, uint32_t *dataIndex, int onlyAdd)
 {
-    PARAM_CHECK(workSpace != NULL && dataIndex != NULL, return PARAM_CODE_INVALID_PARAM, "Invalid workSpace");
+    PARAM_CHECK(workSpace != NULL, return PARAM_CODE_INVALID_PARAM, "Invalid workSpace");
     PARAM_CHECK(value != NULL && name != NULL, return PARAM_CODE_INVALID_PARAM, "Invalid name or value");
     ParamTrieNode *node = FindTrieNode(workSpace, name, strlen(name), NULL);
     int ret = CheckParamValue(workSpace, node, name, value);
     PARAM_CHECK(ret == 0, return ret, "Invalid param value param: %s=%s", name, value);
     if (node != NULL && node->dataIndex != 0) {
-        *dataIndex = node->dataIndex;
+        if (dataIndex != NULL) {
+            *dataIndex = node->dataIndex;
+        }
         if (onlyAdd) {
             return 0;
         }
@@ -164,7 +172,7 @@ static char *BuildKey(ParamWorkSpace *workSpace, const char *format, ...)
     size_t buffSize = sizeof(workSpace->buffer);
     int len = vsnprintf_s(workSpace->buffer, buffSize, buffSize - 1, format, vargs);
     va_end(vargs);
-    if (len > 0 && len < buffSize) {
+    if (len > 0 && (size_t)len < buffSize) {
         workSpace->buffer[len] = '\0';
         for (int i = 0; i < len; i++) {
             if (workSpace->buffer[i] == '|') {
@@ -334,7 +342,17 @@ static int HandleParamSet(const ParamTaskPtr worker, const ParamMessage *msg)
         PARAM_CHECK(ret == 0, return ret,
             "Failed to decode param %d name %s %s", ret, msg->key, valueContent->content);
     }
-
+    if (srcLabel != NULL) {
+        struct ucred cr = {-1, -1, -1};
+        socklen_t crSize = sizeof(cr);
+        if (getsockopt(LE_GetSocketFd(worker), SOL_SOCKET, SO_PEERCRED, &cr, &crSize) < 0) {
+            PARAM_LOGE("Failed to get opt %d", errno);
+            return SendResponseMsg(worker, msg, -1);
+        }
+        srcLabel->cred.uid = cr.uid;
+        srcLabel->cred.pid = cr.pid;
+        srcLabel->cred.gid = cr.gid;
+    }
     ret = SystemSetParam(msg->key, valueContent->content, srcLabel);
     if (srcLabel != NULL && g_paramWorkSpace.paramSecurityOps.securityFreeLabel != NULL) {
         g_paramWorkSpace.paramSecurityOps.securityFreeLabel(srcLabel);
@@ -521,35 +539,107 @@ PARAM_STATIC int ProcessMessage(const ParamTaskPtr worker, const ParamMessage *m
     return 0;
 }
 
+static int LoadOneParam_(char *line, uint32_t mode, const char *exclude[], uint32_t count)
+{
+    char *name;
+    char *value;
+    char *pos;
+
+    // Skip spaces
+    name = line;
+    while (isspace(*name) && (*name != '\0')) {
+        name++;
+    }
+    // Empty line
+    if (*name == '\0') {
+        return 0;
+    }
+    // Comment line
+    if (*name == '#') {
+        return 0;
+    }
+
+    value = name;
+    // find the first delimiter '='
+    while (*value != '\0') {
+        if (*value == '=') {
+            (*value) = '\0';
+            value = value + 1;
+            break;
+        }
+        value++;
+    }
+
+    // empty name, just ignore this line
+    if (*name == '\0') {
+        return 0;
+    }
+
+    // Trim the ending spaces of name
+    pos = value - 1;
+    pos -= 1;
+    while (isspace(*pos) && pos > name) {
+        (*pos) = '\0';
+        pos--;
+    }
+
+    // Filter excluded parameters
+    for (uint32_t i = 0; i < count; i++) {
+        if (strncmp(name, exclude[i], strlen(exclude[i])) == 0) {
+            return 0;
+        }
+    }
+
+    // Skip spaces for value
+    while (isspace(*value) && (*value != '\0')) {
+        value++;
+    }
+
+    // Trim the ending spaces of value
+    pos = value + strlen(value);
+    pos--;
+    while (isspace(*pos) && pos > value) {
+        (*pos) = '\0';
+        pos--;
+    }
+
+    // Strip starting and ending " for value
+    if ((*value == '"') && (pos > value) && (*pos == '"')) {
+        value = value + 1;
+        *pos = '\0';
+    }
+
+    int ret = CheckParamName(name, 0);
+    // Invalid name, just ignore
+    if (ret != 0) {
+        return 0;
+    }
+    PARAM_LOGV("Add default parameter [%s] [%s]", name, value);
+    return WriteParam(&g_paramWorkSpace.paramSpace,
+        name, value, NULL, mode & LOAD_PARAM_ONLY_ADD);
+}
+
 static int LoadDefaultParam_(const char *fileName, uint32_t mode, const char *exclude[], uint32_t count)
 {
+    // max length for each line of para files: max name length + max value length + spaces
+#define PARAM_LINE_MAX_LENGTH (PARAM_NAME_LEN_MAX + PARAM_CONST_VALUE_LEN_MAX + 10)
+
     uint32_t paramNum = 0;
     FILE *fp = fopen(fileName, "r");
-    PARAM_CHECK(fp != NULL, return -1, "Open file %s fail", fileName);
-    char *buff = calloc(1, sizeof(SubStringInfo) * (SUBSTR_INFO_VALUE + 1) + PARAM_BUFFER_SIZE);
-    PARAM_CHECK(buff != NULL, (void)fclose(fp);
-        return -1, "Failed to alloc memory for load %s", fileName);
-
-    SubStringInfo *info = (SubStringInfo *)(buff + PARAM_BUFFER_SIZE);
-    while (fgets(buff, PARAM_BUFFER_SIZE, fp) != NULL) {
-        buff[PARAM_BUFFER_SIZE - 1] = '\0';
-        int subStrNumber = GetSubStringInfo(buff, strlen(buff), '=', info, SUBSTR_INFO_VALUE + 1);
-        if (subStrNumber <= SUBSTR_INFO_VALUE) {
-            continue;
-        }
-        // 过滤
-        for (uint32_t i = 0; i < count; i++) {
-            if (strncmp(info[0].value, exclude[i], strlen(exclude[i])) == 0) {
-                PARAM_LOGI("Do not set %s parameters", info[0].value);
-                continue;
-            }
-        }
-        int ret = CheckParamName(info[0].value, 0);
-        PARAM_CHECK(ret == 0, continue, "Illegal param name %s", info[0].value);
-        PARAM_LOGV("Add default parameter %s  %s", info[0].value, info[1].value);
-        uint32_t dataIndex = 0;
-        ret = WriteParam(&g_paramWorkSpace.paramSpace,
-            info[0].value, info[1].value, &dataIndex, mode & LOAD_PARAM_ONLY_ADD);
+    if (fp == NULL) {
+        return -1;
+    }
+
+    char *buff = calloc(1, PARAM_LINE_MAX_LENGTH);
+    if (buff == NULL) {
+        (void)fclose(fp);
+        return -1;
+    }
+
+    while (fgets(buff, PARAM_LINE_MAX_LENGTH, fp) != NULL) {
+        buff[PARAM_LINE_MAX_LENGTH - 1] = '\0';
+
+        int ret = LoadOneParam_(buff, mode, exclude, count);
         PARAM_CHECK(ret == 0, continue, "Failed to set param %d %s", ret, buff);
         paramNum++;
     }
@@ -625,9 +715,8 @@ static int LoadParamFromCmdLine(void)
             PARAM_LOGV("Add param from cmdline %s %s", cmdLines[i], value);
             ret = CheckParamName(cmdLines[i], 0);
             PARAM_CHECK(ret == 0, break, "Invalid name %s", cmdLines[i]);
-            uint32_t dataIndex = 0;
             PARAM_LOGV("**** cmdLines[%d] %s, value %s", i, cmdLines[i], value);
-            ret = WriteParam(&g_paramWorkSpace.paramSpace, cmdLines[i], value, &dataIndex, 0);
+            ret = WriteParam(&g_paramWorkSpace.paramSpace, cmdLines[i], value, NULL, 0);
             PARAM_CHECK(ret == 0, break, "Failed to write param %s %s", cmdLines[i], value);
         } else {
             PARAM_LOGE("Can not find arrt %s", cmdLines[i]);

services/param/trigger/trigger_processor.c

@@ -228,7 +228,7 @@ static int GetTriggerType(const char *type)
     }
     const char *triggerTypeStr[] = {
         "pre-init", "boot", "early-init", "init", "early-init", "late-init", "post-init",
-        "fs", "early-fs", "post-fs", "late-fs", "early-boot", "post-fs-data", "reboot"
+        "fs", "early-fs", "post-fs", "late-fs", "early-boot", "post-fs-data", "reboot", "suspend"
     };
     for (size_t i = 0; i < ARRAY_LENGTH(triggerTypeStr); i++) {
         if (strcmp(triggerTypeStr[i], type) == 0) {

services/utils/init_utils.c

@@ -168,8 +168,9 @@ int GetProcCmdlineValue(const char *name, const char *buffer, char *value, int l
             endIndex = i;
             break;
         }
-        if (*tmp == ' ') {
+        if (*tmp == ' ' || *tmp == '\n' || *tmp == '\r' || *tmp == '\t') {
             endIndex = i;
+            break;
         }
         if (*tmp == '=') {
             if (endIndex != 0) { // for root=uuid=xxxx

ueventd/BUILD.gn

@@ -105,6 +105,7 @@ if (defined(ohos_lite)) {
       external_deps = [ "selinux:librestorecon" ]
       cflags += [ "-DWITH_SELINUX" ]
     }
+    part_name = "init"
   }
 
   ohos_executable("ueventd") {