diff --git a/services/etc/group b/services/etc/group index f1cee213a3fe22112b18d267ec86b41807167e3d..32969967dd17a9d12030f91ddc858067805cde28 100644 --- a/services/etc/group +++ b/services/etc/group @@ -29,10 +29,10 @@ shared_relro:x:1037: audio:x:1041: cameraserver:x:1047: uiserver:x:1048: -servicectrl:x:1050:root,shell,system,samgr,hdf_devmgr +servicectrl:x:1050:root,shell,system,samgr,hdf_devmgr,foundation powerctrl:x:1051:root,shell,system,update,power_host,charger,foundation bootctrl:x:1052:root,shell,system -deviceprivate:x:1053:root,shell,system,samgr,hdf_devmgr,deviceinfo,dsoftbus,dms,account,useriam,access_token,device_manager,foundation,dbms,deviceauth,huks_server,dlp_credential,dsserver +deviceprivate:x:1053:root,shell,system,samgr,hdf_devmgr,deviceinfo,dsoftbus,dms,account,useriam,access_token,device_manager,foundation,dbms,deviceauth,huks_server,dlp_credential,dsserver,edm hiview:x:1201: hidumper_service:x:1212: shell:x:2000: @@ -43,7 +43,6 @@ readproc:x:3009: wakelock:x:3010: uhid:x:3011: ddms:x:3012: -dlp_permission:x:3019: access_token:x:3020: blue_host:x:3021: sample_host:x:3022: @@ -52,6 +51,7 @@ usbfnMaster_host:x:3024: power_host:x:3025: wifi_host:x:3026: audio_hdi_server_host:x:3027: +audio_host:x:3127: camera_host:x:3028: input_user_host:x:3029: display_gralloc_host:x:3030: @@ -84,6 +84,7 @@ deviceauth:x:3333: huks_server:x:3510: cert_manager_server:x:3515: dlp_credential:x:3553: +dlp_permission:x:3019: dms:x:5522: foundation:x:5523: quickfixserver:x:5524: diff --git a/services/etc/param/ohos.para.size b/services/etc/param/ohos.para.size index 0f7674475452cce3e632188142a07e7ef88eed3e..a417ad6d82bafb997a263b73b5ce2fae73b8ab7d 100755 --- a/services/etc/param/ohos.para.size +++ b/services/etc/param/ohos.para.size @@ -18,16 +18,7 @@ startup_param=40960 persist_param=40960 const_param=40960 persist_sys_param=4096 -hw_sc_param=4096 -hw_sc_build_os_param=4096 -init_param=4096 -init_svc_param=4096 -const_postinstall_param=4096 -const_postinstall_fstab_param=4096 -const_allow_param=4096 -const_allow_mock_param=4096 devinfo_public_param=30720 -security_param=4096 sys_param=4096 bootevent_param=4096 startup_init_param=40960 diff --git a/services/etc/passwd b/services/etc/passwd index bbbb0275e6e3325fd526e819bbb762f07b853762..fedbb296c7cbef58d751d692f657cc4241567ddd 100644 --- a/services/etc/passwd +++ b/services/etc/passwd @@ -39,7 +39,6 @@ readproc:x:3009:3009:::/bin/false wakelock:x:3010:3010:::/bin/false uhid:x:3011:3011:::/bin/false ddms:x:3012:3012:::/bin/false -dlp_permission:x:3019:3019:::/bin/false access_token:x:3020:3020:::/bin/false blue_host:x:3021:3021:::/bin/false sample_host:x:3022:3022:::/bin/false @@ -48,6 +47,7 @@ usbfnMaster_host:x:3024:3024:::/bin/false power_host:x:3025:3025:::/bin/false wifi_host:x:3026:3026:::/bin/false audio_hdi_server_host:x:3027:3027:::/bin/false +audio_host:x:3127:3127:::/bin/false camera_host:x:3028:3028:::/bin/false input_user_host:x:3029:3029:::/bin/false display_gralloc_host:x:3030:3030:::/bin/false @@ -80,6 +80,7 @@ deviceauth:x:3333:3333:::/bin/false huks_server:x:3510:3510:::/bin/false cert_manager_server:x:3515:3515:::/bin/false dlp_credential:x:3553:3553:::/bin/false +dlp_permission:x:3019:3019:::/bin/false dms:x:5522:5522:::/bin/false foundation:x:5523:5523:::/bin/false quickfixserver:x:5524:5524:::/bin/false diff --git a/services/param/adapter/param_dac.c b/services/param/adapter/param_dac.c index 6e063dfae02af665b54ad5bc47fb0cc133df8803..8b0541b620bd36122dd4782c2c5c2bc19ef4f24c 100644 --- a/services/param/adapter/param_dac.c +++ b/services/param/adapter/param_dac.c @@ -125,6 +125,9 @@ static int LoadOneParam_(const uint32_t *context, const char *name, const char * auditData.name = name; int ret = GetParamDacData(&auditData.dacData, value); PARAM_CHECK(ret == 0, return -1, "Failed to get param info %d %s", ret, name); + if (INVALID_UID(auditData.dacData.gid) || INVALID_UID(auditData.dacData.uid)) { + PARAM_LOGW("Invalid dac for '%s' gid %d uid %d", name, auditData.dacData.gid, auditData.dacData.uid); + } AddSecurityLabel(&auditData); return 0; } @@ -262,7 +265,7 @@ static int DacCheckParamPermission(const ParamSecurityLabel *srcLabel, const cha if (ret != DAC_RESULT_PERMISSION) { PARAM_LOGW("Param '%s' label gid:%d uid:%d mode 0%o", name, srcLabel->cred.gid, srcLabel->cred.uid, localMode); PARAM_LOGW("Cfg label %d gid:%d uid:%d mode 0%o ", labelIndex, node->gid, node->uid, node->mode); -#ifndef STARTUP_INIT_TEST +#ifndef __MUSL__ ret = DAC_RESULT_PERMISSION; #endif } diff --git a/services/param/include/param_osadp.h b/services/param/include/param_osadp.h index 43c8c2173e4203218996d3e83dd88edac07765bd..ba7e7d02bb3ad484ae4c327f108630d2bffe2641 100755 --- a/services/param/include/param_osadp.h +++ b/services/param/include/param_osadp.h @@ -45,7 +45,15 @@ extern "C" { #endif #define PARAM_WORKSPACE_INVALID ((uint32_t)-1) -#define PARAM_WORKSPACE_MIN (4096) +#define PARAM_WORKSPACE_MIN (1024) +/* + length for parameter = node size + data size + xxxx.xxxx.xxxx.xxxx + node size: + 24 * (count(.) + 1) + strlen(xxxx.xxxx.xxxx.xxxx) + data size + strlen(xxxx.xxxx.xxxx.xxxx) + 96 +*/ #if (defined __LITEOS_A__ || defined __LITEOS_M__) #define DAC_DEFAULT_MODE 0777 #ifdef STARTUP_INIT_TEST diff --git a/services/param/linux/param_request.c b/services/param/linux/param_request.c index 55e7a3aeecd8e0eb45a81e689241b4dc934e7a6d..4bc08b286ba9a7b4d01bdaa7f747d172ea71fb6e 100644 --- a/services/param/linux/param_request.c +++ b/services/param/linux/param_request.c @@ -39,7 +39,7 @@ __attribute__((constructor)) static void ParameterInit(void) if (getpid() == 1) { return; } - EnableInitLog(INIT_ERROR); + EnableInitLog(INIT_INFO); PARAM_WORKSPACE_OPS ops = {0}; ops.updaterMode = 0; #ifdef PARAM_BASE_LOG