diff --git a/services/etc/init.cfg b/services/etc/init.cfg
index 6ea5480c1ce26e0597cf077db1f125b297d7ba7a..fb5211c47ba904ff962c25b540b36a910d319df7 100755
--- a/services/etc/init.cfg
+++ b/services/etc/init.cfg
@@ -135,9 +135,9 @@
                 "copy /data/system/entropy.dat /dev/urandom",
                 "mkdir /data/misc 01771 system misc",
                 "mkdir /data/misc/zoneinfo 0775 system system",
-                "mkdir /data/misc/wifi 0770 system system",
-                "mkdir /data/misc/wifi/sockets 0770 system system",
-                "mkdir /data/misc/wifi/wpa_supplicant 0770 system system",
+                "mkdir /data/misc/wifi 0770 wifi wifi",
+                "mkdir /data/misc/wifi/sockets 0770 wifi wifi",
+                "mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi",
                 "mkdir /data/local 0751 root root",
                 "mkdir /data/preloads 0775 system system",
                 "mkdir /data/vendor 0771 root root",
diff --git a/services/param/adapter/param_dac.c b/services/param/adapter/param_dac.c
index d55a8c29df14bd718779e4213eb3f22985a7e547..b2f3dd9cd4a38d4f4e3ecc77c23063f2bfc486f9 100644
--- a/services/param/adapter/param_dac.c
+++ b/services/param/adapter/param_dac.c
@@ -230,7 +230,9 @@ static int CheckParamPermission(const ParamSecurityLabel *srcLabel, const ParamA
     int ret = DAC_RESULT_FORBIDED;
     PARAM_CHECK(srcLabel != NULL && auditData != NULL && auditData->name != NULL, return ret, "Invalid param");
     PARAM_CHECK((mode & (DAC_READ | DAC_WRITE | DAC_WATCH)) != 0, return ret, "Invalid mode %x", mode);
-
+    if (srcLabel->cred.uid == 0) {
+        return DAC_RESULT_PERMISSION;
+    }
     /**
      * DAC group 实现的label的定义
      * user:group:read|write|watch