!1467 打开系统参数dac校验，挑单monthly

Merge pull request !1467 from Mupceet/cherry-pick-1667390111

!1467 打开系统参数dac校验，挑单monthly
Merge pull request !1467 from Mupceet/cherry-pick-1667390111
f2e71db4 · openharmony_ci · Gitee · e4e57729 · ae15eb29 · f2e71db4
6 changed file
--- a/services/etc/group
+++ b/services/etc/group
@@ -29,10 +29,10 @@ shared_relro:x:1037:
 audio:x:1041:
 cameraserver:x:1047:
 uiserver:x:1048:
-servicectrl:x:1050:root,shell,system,samgr,hdf_devmgr
+servicectrl:x:1050:root,shell,system,samgr,hdf_devmgr,foundation
 powerctrl:x:1051:root,shell,system,update,power_host,charger,foundation
 bootctrl:x:1052:root,shell,system
-deviceprivate:x:1053:root,shell,system,samgr,hdf_devmgr,deviceinfo,dsoftbus,dms,account,useriam,access_token,device_manager,foundation,dbms,deviceauth,huks_server,dlp_credential,dsserver
+deviceprivate:x:1053:root,shell,system,samgr,hdf_devmgr,deviceinfo,dsoftbus,dms,account,useriam,access_token,device_manager,foundation,dbms,deviceauth,huks_server,dlp_credential,dsserver,edm
 hiview:x:1201:
 hidumper_service:x:1212:
 shell:x:2000:
@@ -43,7 +43,6 @@ readproc:x:3009:
 wakelock:x:3010:
 uhid:x:3011:
 ddms:x:3012:
-dlp_permission:x:3019:
 access_token:x:3020:
 blue_host:x:3021:
 sample_host:x:3022:
@@ -52,6 +51,7 @@ usbfnMaster_host:x:3024:
 power_host:x:3025:
 wifi_host:x:3026:
 audio_hdi_server_host:x:3027:
+audio_host:x:3127:
 camera_host:x:3028:
 input_user_host:x:3029:
 display_gralloc_host:x:3030:
@@ -84,6 +84,7 @@ deviceauth:x:3333:
 huks_server:x:3510:
 cert_manager_server:x:3515:
 dlp_credential:x:3553:
+dlp_permission:x:3019:
 dms:x:5522:
 foundation:x:5523:
 quickfixserver:x:5524:

--- a/services/etc/param/ohos.para.size
+++ b/services/etc/param/ohos.para.size
@@ -18,16 +18,7 @@ startup_param=40960
 persist_param=40960
 const_param=40960
 persist_sys_param=4096
-hw_sc_param=4096
-hw_sc_build_os_param=4096
-init_param=4096
-init_svc_param=4096
-const_postinstall_param=4096
-const_postinstall_fstab_param=4096
-const_allow_param=4096
-const_allow_mock_param=4096
 devinfo_public_param=30720
-security_param=4096
 sys_param=4096
 bootevent_param=4096
 startup_init_param=40960
--- a/services/etc/passwd
+++ b/services/etc/passwd
@@ -39,7 +39,6 @@ readproc:x:3009:3009:::/bin/false
 wakelock:x:3010:3010:::/bin/false
 uhid:x:3011:3011:::/bin/false
 ddms:x:3012:3012:::/bin/false
-dlp_permission:x:3019:3019:::/bin/false
 access_token:x:3020:3020:::/bin/false
 blue_host:x:3021:3021:::/bin/false
 sample_host:x:3022:3022:::/bin/false
@@ -48,6 +47,7 @@ usbfnMaster_host:x:3024:3024:::/bin/false
 power_host:x:3025:3025:::/bin/false
 wifi_host:x:3026:3026:::/bin/false
 audio_hdi_server_host:x:3027:3027:::/bin/false
+audio_host:x:3127:3127:::/bin/false
 camera_host:x:3028:3028:::/bin/false
 input_user_host:x:3029:3029:::/bin/false
 display_gralloc_host:x:3030:3030:::/bin/false
@@ -80,6 +80,7 @@ deviceauth:x:3333:3333:::/bin/false
 huks_server:x:3510:3510:::/bin/false
 cert_manager_server:x:3515:3515:::/bin/false
 dlp_credential:x:3553:3553:::/bin/false
+dlp_permission:x:3019:3019:::/bin/false
 dms:x:5522:5522:::/bin/false
 foundation:x:5523:5523:::/bin/false
 quickfixserver:x:5524:5524:::/bin/false

--- a/services/param/adapter/param_dac.c
+++ b/services/param/adapter/param_dac.c
@@ -125,6 +125,9 @@ static int LoadOneParam_(const uint32_t *context, const char *name, const char *
    auditData.name = name;
    int ret = GetParamDacData(&auditData.dacData, value);
    PARAM_CHECK(ret == 0, return -1, "Failed to get param info %d %s", ret, name);
+    if (INVALID_UID(auditData.dacData.gid) || INVALID_UID(auditData.dacData.uid)) {
+        PARAM_LOGW("Invalid dac for '%s' gid %d uid %d", name, auditData.dacData.gid, auditData.dacData.uid);
+    }
    AddSecurityLabel(&auditData);
    return 0;
 }
@@ -262,7 +265,7 @@ static int DacCheckParamPermission(const ParamSecurityLabel *srcLabel, const cha
    if (ret != DAC_RESULT_PERMISSION) {
        PARAM_LOGW("Param '%s' label gid:%d uid:%d mode 0%o", name, srcLabel->cred.gid, srcLabel->cred.uid, localMode);
        PARAM_LOGW("Cfg label %d gid:%d uid:%d mode 0%o ", labelIndex, node->gid, node->uid, node->mode);
-#ifndef STARTUP_INIT_TEST
+#ifndef __MUSL__
        ret = DAC_RESULT_PERMISSION;
 #endif
    }

--- a/services/param/include/param_osadp.h
+++ b/services/param/include/param_osadp.h
@@ -45,7 +45,15 @@ extern "C" {
 #endif
 #define PARAM_WORKSPACE_INVALID ((uint32_t)-1)
-#define PARAM_WORKSPACE_MIN (4096)
+#define PARAM_WORKSPACE_MIN (1024)
+/*
+    length for parameter = node size + data size
+    xxxx.xxxx.xxxx.xxxx
+    node size:
+    24 * (count(.) + 1) + strlen(xxxx.xxxx.xxxx.xxxx)
+    data size
+    strlen(xxxx.xxxx.xxxx.xxxx) + 96
+*/
 #if (defined __LITEOS_A__ || defined __LITEOS_M__)
 #define DAC_DEFAULT_MODE 0777
 #ifdef STARTUP_INIT_TEST

--- a/services/param/linux/param_request.c
+++ b/services/param/linux/param_request.c
@@ -39,7 +39,7 @@ __attribute__((constructor)) static void ParameterInit(void)
    if (getpid() == 1) {
        return;
    }
-    EnableInitLog(INIT_ERROR);
+    EnableInitLog(INIT_INFO);
    PARAM_WORKSPACE_OPS ops = {0};
    ops.updaterMode = 0;
 #ifdef PARAM_BASE_LOG