fix：selinux、suspend、rk3568切换回合release

Signed-off-by: N xionglei6 <xionglei6@huawei.com>

fix：selinux、suspend、rk3568切换回合release
Signed-off-by: N xionglei6 <xionglei6@huawei.com>
9318dc79 · xionglei6 · fa7f95d3 · 9318dc79 · 9318dc79 · 9318dc79
21 changed file
--- a/interfaces/innerkits/fs_manager/fstab.c
+++ b/interfaces/innerkits/fs_manager/fstab.c
@@ -190,13 +190,14 @@ Fstab *ReadFstabFromFile(const char *file, bool procMounts)
    ssize_t readn = 0;
    Fstab *fstab = NULL;
+    FILE *fp = NULL;
    char *realPath = GetRealPath(file);
-    if (realPath == NULL) {
+    if (realPath != NULL) {
-        BEGET_LOGE("Invalid file");
+        fp = fopen(realPath, "r");
-        return NULL;
+        free(realPath);
+    } else {
+        fp = fopen(file, "r"); // no file system, can not get real path
    }
-    FILE *fp = fopen(realPath, "r");
-    free(realPath);
    if (fp == NULL) {
        BEGET_LOGE("Open %s failed, err = %d", file, errno);
        return NULL;

--- a/interfaces/innerkits/reboot/init_reboot_innerkits.c
+++ b/interfaces/innerkits/reboot/init_reboot_innerkits.c
@@ -50,10 +50,10 @@ int DoReboot(const char *option)
    BEGET_ERROR_CHECK(ret >= 0, return -1, "Failed to copy boot option \" %s \"", option);
    if (strcmp(option, DEVICE_CMD_SUSPEND) == 0) {
-        ret = SystemSetParameter(STARTUP_DEVICE_CTL, DEVICE_CMD_SUSPEND);
+        ret = SystemSetParameter(STARTUP_DEVICE_CTL, DEVICE_CMD_STOP);
        BEGET_ERROR_CHECK(ret == 0, return -1, "Failed to set stop param");
    } else if (strcmp(option, DEVICE_CMD_FREEZE) == 0) {
-        ret = SystemSetParameter(STARTUP_DEVICE_CTL, DEVICE_CMD_FREEZE);
+        ret = SystemSetParameter(STARTUP_DEVICE_CTL, DEVICE_CMD_STOP);
        BEGET_ERROR_CHECK(ret == 0, return -1, "Failed to set stop param");
    } else {
        ret = SystemSetParameter(STARTUP_DEVICE_CTL, DEVICE_CMD_STOP);

--- a/services/BUILD.gn
+++ b/services/BUILD.gn
@@ -301,12 +301,18 @@ if (defined(ohos_lite)) {
    part_name = "init"
  }
+  ohos_prebuilt_etc("init.reboot") {
+    source = "//base/startup/init_lite/services/etc/init.reboot.cfg"
+    part_name = "init"
+    module_install_dir = "etc/init"
+  }
  group("init_etc") {
    deps = [
      ":boot.group",
      ":charing.group",
      ":group",
      ":init.cfg",
+      ":init.reboot",
      ":init.usb.cfg",
      ":init.usb.configfs.cfg",
      ":ohos.para",

--- a/services/begetctl/BUILD.gn
+++ b/services/begetctl/BUILD.gn
@@ -62,6 +62,15 @@ ohos_executable("begetctl") {
    ]
  }
+  if (build_selinux) {
+    include_dirs += [
+      "//third_party/selinux/libselinux/include/",
+      "//base/security/selinux/interfaces/policycoreutils/include/",
+    ]
+    deps += [ "//third_party/selinux:libselinux" ]
+    defines += [ "WITH_SELINUX" ]
+  }
  symlink_target_name = [
    "misc_daemon",
    "reboot",
@@ -113,6 +122,7 @@ ohos_executable("paramshell") {
      "//base/startup/init_lite/interfaces/innerkits:libbeget_proxy",
      "//base/startup/init_lite/services/loopevent:loopevent",
      "//base/startup/init_lite/services/param/watcher:param_watcheragent",
+      "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
    ]
    defines += [
      "OHOS_SERVICE_DUMP",

--- a/services/begetctl/init_cmd_reboot.c
+++ b/services/begetctl/init_cmd_reboot.c
@@ -29,6 +29,7 @@ static int main_cmd(BShellHandle shell, int argc, char* argv[])
    if (argc == REBOOT_CMD_NUMBER && strcmp(argv[1], "shutdown") != 0 &&
        strcmp(argv[1], "updater") != 0 &&
+        strcmp(argv[1], "suspend") != 0 &&
        strcmp(argv[1], "flashd") != 0 &&
 #ifdef INIT_TEST
        strcmp(argv[1], "charing") != 0 &&
@@ -63,6 +64,7 @@ MODULE_CONSTRUCTOR(void)
    CmdInfo infos[] = {
        {"reboot", main_cmd, "reboot system", "reboot", ""},
        {"reboot", main_cmd, "shutdown system", "reboot shutdown", ""},
+        {"reboot", main_cmd, "suspend system", "reboot suspend", ""},
        {"reboot", main_cmd, "reboot and boot into updater", "reboot updater", ""},
        {"reboot", main_cmd, "reboot and boot into updater", "reboot updater[:options]", ""},
        {"reboot", main_cmd, "reboot and boot into flashd", "reboot flashd", ""},

--- a/services/begetctl/main.c
+++ b/services/begetctl/main.c
@@ -64,6 +64,9 @@ int main(int argc, char *argv[])
        number = argc - 1;
        args = argv + 1;
    }
+    if (number >= 1 && strcmp(args[0], "devctl") == 0) {
+        (void)memcpy_s(args[0], strlen(args[0]), "reboot", strlen("reboot"));
+    }
    SetInitLogLevel(0);
    BShellParamCmdRegister(g_handle, 0);
 #ifdef INIT_TEST

--- a/services/begetctl/param_cmd.c
+++ b/services/begetctl/param_cmd.c
@@ -28,6 +28,10 @@
 #include "param_utils.h"
 #include "shell_utils.h"
 #include "sys_param.h"
+#ifdef WITH_SELINUX
+#include <policycoreutils.h>
+#include <selinux/selinux.h>
+#endif // WITH_SELINUX
 #define MASK_LENGTH_MAX 4
 pid_t g_shellPid = 0;
@@ -389,6 +393,9 @@ static int32_t BShellParamCmdShell(BShellHandle shell, int32_t argc, char *argv[
    if (pid == 0) {
        setuid(2000); // 2000 shell group
        setgid(2000); // 2000 shell group
+#ifdef WITH_SELINUX
+        setcon("u:r:normal_hap_domain:s0");
+#endif
        if (argc >= 2) { // 2 min argc
            char *args[] = {SHELL_NAME, argv[1], NULL};
            ret = execv(CMD_PATH, args);

--- a/services/etc/init.reboot.cfg
+++ b/services/etc/init.reboot.cfg
+{
+    "jobs" : [{
+            "name" : "reboot",
+            "cmds" : [
+                "stopAllServices true",
+                "sync ",
+                "umount /vendor",
+                "umount /data MNT_FORCE",
+                "sync "
+            ]
+        }, {
+            "name" : "suspend",
+            "cmds" : [
+                "stopAllServices false",
+                "sync ",
+                "umount /vendor",
+                "umount /data MNT_FORCE",
+                "sync "
+            ]
+        }
+    ],
+    "services" : []
+}
--- a/services/init/include/init_service.h
+++ b/services/init/include/init_service.h
@@ -51,6 +51,7 @@ extern "C" {
 #define SERVICE_ATTR_DYNAMIC 0x100      // dynamic service
 #define SERVICE_ATTR_ONDEMAND 0x200     // ondemand, manage socket by init
 #define SERVICE_ATTR_TIMERSTART 0x400   // Mark a service will be started by timer
+#define SERVICE_ATTR_NEEDWAIT 0x800     // Mark a service will be started by timer
 #define MAX_SERVICE_NAME 32
 #define MAX_APL_NAME 32

--- a/services/init/init_common_service.c
+++ b/services/init/init_common_service.c
@@ -448,6 +448,7 @@ void ServiceReap(Service *service)
        if (CalculateCrashTime(service, service->crashTime, service->crashCount) == false) {
            INIT_LOGE("Critical service \" %s \" crashed %d times, rebooting system",
                service->name, service->crashCount);
+            ServiceStop(GetServiceByName("appspawn"));
            ExecReboot("reboot");
        }
    } else if (!(service->attribute & SERVICE_ATTR_NEED_RESTART)) {

--- a/services/init/init_service_manager.c
+++ b/services/init/init_service_manager.c
@@ -961,7 +961,7 @@ void StopAllServices(int flags, const char **exclude, int size,
    int (*filter)(const Service *service, const char **exclude, int size))
 {
    Service *service = GetServiceByName("appspawn");
-    if (service != NULL && service->pid != 0) {
+    if (((SERVICE_ATTR_NEEDWAIT & flags) == SERVICE_ATTR_NEEDWAIT) && service != NULL && service->pid != 0) {
        waitpid(service->pid, 0, 0);
    }
@@ -977,7 +977,7 @@ void StopAllServices(int flags, const char **exclude, int size,
            node = GetNextGroupNode(NODE_TYPE_SERVICES, node);
            continue;
        }
-        service->attribute |= flags;
+        service->attribute |= (flags & SERVICE_ATTR_INVALID);
        int ret = ServiceStop(service);
        if (ret != SERVICE_SUCCESS) {
            INIT_LOGE("Service %s stop failed!", service->name);

--- a/services/init/standard/init_cmds.c
+++ b/services/init/standard/init_cmds.c
@@ -304,7 +304,13 @@ static int FilterService(const Service *service, const char **exclude, int size)
 static void DoStopAllServices(const struct CmdArgs *ctx)
 {
-    StopAllServices(SERVICE_ATTR_INVALID, (const char **)ctx->argv, ctx->argc, FilterService);
+    int flags = SERVICE_ATTR_INVALID;
+    if (ctx->argc >= 1 && strcmp(ctx->argv[0], "true") == 0) {
+        flags |= SERVICE_ATTR_NEEDWAIT;
+        StopAllServices(flags, (const char **)(&ctx->argv[1]), ctx->argc - 1, FilterService);
+    } else {
+        StopAllServices(flags, (const char **)ctx->argv, ctx->argc, FilterService);
+    }
    return;
 }

--- a/services/init/standard/init_reboot.c
+++ b/services/init/standard/init_reboot.c
@@ -131,89 +131,98 @@ static int CheckAndRebootToUpdater(const char *valueData, const char *cmd,
        INIT_ERROR_CHECK(ret == 0, return -1, "Failed to format update for %s.", cmd);
    }
-    ret = -1;
    if (RBMiscWriteUpdaterMessage(miscFile, &msg) == 0) {
-        ret = 0;
+        return 0;
-#ifndef STARTUP_INIT_TEST
-        ret = reboot(RB_AUTOBOOT);
-#endif
    }
-    return ret;
+    return -1;
 }
-int DoRebootCmd(const char *cmd, const char *opt)
+static int DoRebootCmd(const char *cmd, const char *opt)
 {
    // by job to stop service and unmount
    DoJobNow("reboot");
-#ifndef PRODUCT_RK
+    int ret = CheckAndRebootToUpdater(NULL, "reboot", NULL, NULL);
-    return CheckAndRebootToUpdater(NULL, "reboot", NULL, NULL);
+    if (ret == 0) {
-#else
+#ifndef STARTUP_INIT_TEST
-    reboot(RB_AUTOBOOT);
+        return reboot(RB_AUTOBOOT);
-    return 0;
 #endif
+    }
+    return 0;
 }
-int DoShutdownCmd(const char *cmd, const char *opt)
+static int DoShutdownCmd(const char *cmd, const char *opt)
 {
    // by job to stop service and unmount
    DoJobNow("reboot");
+    int ret = CheckAndRebootToUpdater(NULL, "reboot", NULL, NULL);
+    if (ret == 0) {
 #ifndef STARTUP_INIT_TEST
-    return reboot(RB_POWER_OFF);
+        return reboot(RB_POWER_OFF);
-#else
-    return 0;
 #endif
+    }
+    return 0;
 }
-int DoUpdaterCmd(const char *cmd, const char *opt)
+static int DoUpdaterCmd(const char *cmd, const char *opt)
 {
    // by job to stop service and unmount
    DoJobNow("reboot");
-    return CheckAndRebootToUpdater(opt, "updater", "updater:", "boot_updater");
+    int ret = CheckAndRebootToUpdater(opt, "updater", "updater:", "boot_updater");
+    if (ret == 0) {
+#ifndef STARTUP_INIT_TEST
+        return reboot(RB_AUTOBOOT);
+#endif
+    }
+    return 0;
 }
-int DoFlashdCmd(const char *cmd, const char *opt)
+static int DoFlashdCmd(const char *cmd, const char *opt)
 {
    // by job to stop service and unmount
    DoJobNow("reboot");
-    return CheckAndRebootToUpdater(opt, "flash", "flash:", "boot_flash");
+    int ret = CheckAndRebootToUpdater(opt, "flash", "flash:", "boot_flash");
+    if (ret == 0) {
+#ifndef STARTUP_INIT_TEST
+        return reboot(RB_AUTOBOOT);
+#endif
+    }
+    return 0;
 }
 #ifdef PRODUCT_RK
-int DoLoaderCmd(const char *cmd, const char *opt)
+static int DoLoaderCmd(const char *cmd, const char *opt)
 {
    syscall(__NR_reboot, REBOOT_MAGIC1, REBOOT_MAGIC2, REBOOT_CMD_RESTART2, "loader");
    return 0;
 }
 #endif
-int DoSuspendCmd(const char *cmd, const char *opt)
+static int DoSuspendCmd(const char *cmd, const char *opt)
 {
    // by job to stop service and unmount
    DoJobNow("suspend");
+    int ret = CheckAndRebootToUpdater(NULL, "reboot", NULL, NULL);
+    if (ret == 0) {
 #ifndef STARTUP_INIT_TEST
-    return reboot(RB_POWER_OFF);
+        INIT_LOGE("DoSuspendCmd %s RB_SW_SUSPEND.", cmd);
-#else
+        return reboot(RB_AUTOBOOT);
-    return 0;
 #endif
-}
+    }
-int DoFreezeCmd(const char *cmd, const char *opt)
-{
-    // by job to stop service and unmount
-    DoJobNow("freeze");
-#ifndef STARTUP_INIT_TEST
-    return reboot(RB_POWER_OFF);
-#else
    return 0;
-#endif
 }
 #ifdef INIT_TEST
-int DoCharingCmd()
+static int DoCharingCmd()
 {
    // by job to stop service and unmount
    DoJobNow("reboot");
-    return CheckAndRebootToUpdater(NULL, "charing", "charing:", "boot_charing");
+    int ret = CheckAndRebootToUpdater(NULL, "charing", "charing:", "boot_charing");
+    if (ret == 0) {
+#ifndef STARTUP_INIT_TEST
+        return reboot(RB_AUTOBOOT);
+#endif
+    }
+    return 0;
 }
 #endif
@@ -230,7 +239,6 @@ struct {
    { "loader", DoLoaderCmd },
 #endif
    { "suspend", DoSuspendCmd },
-    { "freeze", DoFreezeCmd },
 #ifdef INIT_TEST
    { "charing", DoCharingCmd }
 #endif
@@ -249,14 +257,14 @@ void ExecReboot(const char *value)
        return;
    }
-    INIT_LOGE("ExecReboot %s.", cmd);
+    INIT_LOGI("ExecReboot %s param %s.", cmd, value);
    for (int i = 0; i < (int)ARRAY_LENGTH(g_rebootCmd); i++) {
        if (strncmp(cmd, g_rebootCmd[i].cmdName, strlen(g_rebootCmd[i].cmdName)) == 0) {
            int ret = g_rebootCmd[i].doCmd(cmd, cmd);
-            INIT_LOGI("Reboot %s %s.", value, (ret == 0) ? "success" : "fail");
+            INIT_LOGI("Reboot %s %s errno %d .", cmd, (ret == 0) ? "success" : "fail", errno);
            return;
        }
    }
-    INIT_LOGE("Invalid rebot cmd %s.", value);
+    INIT_LOGE("Invalid reboot cmd %s.", value);
    return;
 }
--- a/services/loopevent/include/loop_event.h
+++ b/services/loopevent/include/loop_event.h
@@ -124,6 +124,7 @@ LE_STATUS LE_AcceptStreamClient(const LoopHandle loopHandle,
 LE_STATUS LE_Send(const LoopHandle loopHandle,
    const TaskHandle taskHandle, const BufferHandle handle, uint32_t buffLen);
 void LE_CloseStreamTask(const LoopHandle loopHandle, const TaskHandle taskHandle);
+int LE_GetSocketFd(const TaskHandle taskHandle);
 /**
 * 异步事件服务

--- a/services/loopevent/task/le_streamtask.c
+++ b/services/loopevent/task/le_streamtask.c
@@ -244,4 +244,10 @@ void LE_CloseStreamTask(const LoopHandle loopHandle, const TaskHandle taskHandle
 {
    LE_CHECK(loopHandle != NULL && taskHandle != NULL, return, "Invalid parameters");
    LE_CloseTask(loopHandle, taskHandle);
+}
+int LE_GetSocketFd(const TaskHandle taskHandle)
+{
+    LE_CHECK(taskHandle != NULL, return -1, "Invalid parameters");
+    return GetSocketFd(taskHandle);
 }
\ No newline at end of file
--- a/services/param/BUILD.gn
+++ b/services/param/BUILD.gn
@@ -41,11 +41,15 @@ ohos_static_library("param_service") {
    "//base/startup/init_lite/services/log",
    "//base/startup/init_lite/interfaces/innerkits/include",
    "//base/startup/init_lite/services/loopevent/include",
+    "//base/security/selinux/interfaces/policycoreutils/include",
    "//third_party/libuv/include",
    "//third_party/cJSON",
  ]
  defines = [ "PARAM_SUPPORT_SAVE_PERSIST" ]
+  if (build_selinux) {
+    defines += [ "WITH_SELINUX" ]
+  }
  if (defined(boot_kernel_extended_cmdline)) {
    defines += [ "BOOT_EXTENDED_CMDLINE=\"${boot_kernel_extended_cmdline}\"" ]
@@ -90,13 +94,17 @@ ohos_shared_library("param_client") {
    "//base/startup/init_lite/services/log",
    "//base/startup/init_lite/interfaces/innerkits/include",
    "//base/hiviewdfx/hilog/interfaces/native/innerkits/include",
+    "//base/security/selinux/interfaces/policycoreutils/include",
    "//base/startup/init_lite/services/loopevent/include",
  ]
  defines = [ "INIT_AGENT" ]
  defines += [ "_GNU_SOURCE" ]
+  if (build_selinux) {
+    defines += [ "WITH_SELINUX" ]
+  }
  if (param_security == "selinux") {
    sources += [ "adapter/param_selinux.c" ]
    defines += [ "PARAM_SUPPORT_SELINUX" ]

--- a/services/param/adapter/param_dac.c
+++ b/services/param/adapter/param_dac.c
@@ -85,6 +85,9 @@ static int InitLocalSecurityLabel(ParamSecurityLabel **security, int isInit)
    *security = &g_localSecurityLabel;
    // support check write permission in client
    (*security)->flags |= LABEL_CHECK_FOR_ALL_PROCESS;
+#ifdef WITH_SELINUX
+    (*security)->flags = 0;
+#endif
    return 0;
 }

--- a/services/param/manager/param_manager.c
+++ b/services/param/manager/param_manager.c
@@ -16,6 +16,10 @@
 #include "param_manager.h"
 #include <ctype.h>
+#include <dlfcn.h>
+#ifdef WITH_SELINUX
+#include "selinux_parameter.h"
+#endif
 #if !defined PARAM_SUPPORT_SELINUX && !defined PARAM_SUPPORT_DAC
 static ParamSecurityLabel g_defaultSecurityLabel;
@@ -110,9 +114,10 @@ int ReadParamWithCheck(const ParamWorkSpace *workSpace, const char *name, uint32
    PARAM_CHECK(handle != NULL, return PARAM_CODE_INVALID_PARAM, "Invalid param handle");
    PARAM_CHECK(workSpace != NULL && name != NULL, return PARAM_CODE_INVALID_PARAM, "Invalid param name");
    *handle = -1;
+#ifdef READ_CHECK
    int ret = CheckParamPermission(workSpace, workSpace->securityLabel, name, op);
    PARAM_CHECK(ret == 0, return ret, "Forbid to access parameter %s", name);
+#endif
    ParamTrieNode *node = FindTrieNode(&workSpace->paramSpace, name, strlen(name), NULL);
    if (node != NULL && node->dataIndex != 0) {
        *handle = node->dataIndex;
@@ -231,6 +236,45 @@ int TraversalParam(const ParamWorkSpace *workSpace,
    return TraversalTrieNode(&workSpace->paramSpace, root, ProcessParamTraversal, &context);
 }
+#ifdef WITH_SELINUX
+static void *g_selinuxHandle = NULL;
+static int CheckParamPermissionWithSelinux(const ParamSecurityLabel *srcLabel, const char *name, uint32_t mode)
+{
+    static void (*setSelinuxLogCallback)();
+    static int (*setParamCheck)(const char *paraName, struct ucred *uc);
+    g_selinuxHandle = dlopen("/system/lib/libparaperm_checker.z.so", RTLD_LAZY);
+    if (g_selinuxHandle == NULL) {
+        PARAM_LOGE("Failed to dlopen libparaperm_checker.z.so, %s\n", dlerror());
+        return DAC_RESULT_FORBIDED;
+    }
+    if (setSelinuxLogCallback == NULL) {
+        setSelinuxLogCallback = (void (*)())dlsym(g_selinuxHandle, "SetSelinuxLogCallback");
+        if (setSelinuxLogCallback == NULL) {
+            PARAM_LOGE("Failed to dlsym setSelinuxLogCallback, %s\n", dlerror());
+            return DAC_RESULT_FORBIDED;
+        }
+    }
+    (*setSelinuxLogCallback)();
+    if (setParamCheck == NULL) {
+        setParamCheck = (int (*)(const char *paraName, struct ucred *uc))dlsym(g_selinuxHandle, "SetParamCheck");
+        if (setParamCheck == NULL) {
+            PARAM_LOGE("Failed to dlsym setParamCheck, %s\n", dlerror());
+            return DAC_RESULT_FORBIDED;
+        }
+    }
+    struct ucred uc;
+    uc.pid = srcLabel->cred.pid;
+    uc.uid = srcLabel->cred.uid;
+    uc.gid = srcLabel->cred.gid;
+    int ret = setParamCheck(name, &uc);
+    if (ret != 0) {
+        PARAM_LOGI("Selinux check name %s pid %d uid %d %d result %d", name, uc.pid, uc.uid, uc.gid, ret);
+    }
+    return ret;
+}
+#endif
 int CheckParamPermission(const ParamWorkSpace *workSpace,
    const ParamSecurityLabel *srcLabel, const char *name, uint32_t mode)
 {
@@ -240,6 +284,14 @@ int CheckParamPermission(const ParamWorkSpace *workSpace,
        return 0;
    }
    PARAM_CHECK(name != NULL && srcLabel != NULL, return -1, "Invalid param");
+#ifdef WITH_SELINUX
+    if (mode == DAC_WRITE) {
+        int ret = CheckParamPermissionWithSelinux(srcLabel, name, mode);
+        if (ret == DAC_RESULT_PERMISSION) {
+            return DAC_RESULT_PERMISSION;
+        }
+    }
+#endif
    if (workSpace->paramSecurityOps.securityCheckParamPermission == NULL) {
        return DAC_RESULT_FORBIDED;
    }

--- a/services/param/manager/param_message.c
+++ b/services/param/manager/param_message.c
@@ -25,10 +25,12 @@
 int ConntectServer(int fd, const char *servername)
 {
    PARAM_CHECK(fd >= 0, return -1, "Invalid fd %d", fd);
+    int opt = 1;
+    int ret = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt));
    PARAM_CHECK(servername != NULL, return -1, "Invalid servername");
    struct sockaddr_un addr;
    /* fill socket address structure with server's address */
-    int ret = memset_s(&addr, sizeof(addr), 0, sizeof(addr));
+    ret = memset_s(&addr, sizeof(addr), 0, sizeof(addr));
    PARAM_CHECK(ret == 0, return -1, "Failed to memset server address");
    addr.sun_family = AF_UNIX;
    ret = sprintf_s(addr.sun_path, sizeof(addr.sun_path) - 1, "%s", servername);

--- a/services/param/service/param_service.c
+++ b/services/param/service/param_service.c
@@ -15,6 +15,7 @@
 #include "param_service.h"
+#include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <stdio.h>
@@ -23,9 +24,12 @@
 #include <sys/msg.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
 #include "init_param.h"
 #include "init_utils.h"
+#include "loop_event.h"
 #include "param_message.h"
 #include "param_manager.h"
 #include "param_request.h"
@@ -334,7 +338,17 @@ static int HandleParamSet(const ParamTaskPtr worker, const ParamMessage *msg)
        PARAM_CHECK(ret == 0, return ret,
            "Failed to decode param %d name %s %s", ret, msg->key, valueContent->content);
    }
+    if (srcLabel != NULL) {
+        struct ucred cr = {-1, -1, -1};
+        socklen_t crSize = sizeof(cr);
+        if (getsockopt(LE_GetSocketFd(worker), SOL_SOCKET, SO_PEERCRED, &cr, &crSize) < 0) {
+            PARAM_LOGE("Failed to get opt %d", errno);
+            return SendResponseMsg(worker, msg, -1);
+        }
+        srcLabel->cred.uid = cr.uid;
+        srcLabel->cred.pid = cr.pid;
+        srcLabel->cred.gid = cr.gid;
+    }
    ret = SystemSetParam(msg->key, valueContent->content, srcLabel);
    if (srcLabel != NULL && g_paramWorkSpace.paramSecurityOps.securityFreeLabel != NULL) {
        g_paramWorkSpace.paramSecurityOps.securityFreeLabel(srcLabel);

--- a/services/param/trigger/trigger_processor.c
+++ b/services/param/trigger/trigger_processor.c
@@ -228,7 +228,7 @@ static int GetTriggerType(const char *type)
    }
    const char *triggerTypeStr[] = {
        "pre-init", "boot", "early-init", "init", "early-init", "late-init", "post-init",
-        "fs", "early-fs", "post-fs", "late-fs", "early-boot", "post-fs-data", "reboot"
+        "fs", "early-fs", "post-fs", "late-fs", "early-boot", "post-fs-data", "reboot", "suspend"
    };
    for (size_t i = 0; i < ARRAY_LENGTH(triggerTypeStr); i++) {
        if (strcmp(triggerTypeStr[i], type) == 0) {