From 39f660e9fd097fcf7c5e72d8c01f20b4ace59662 Mon Sep 17 00:00:00 2001 From: zhong_ning Date: Wed, 11 Aug 2021 10:54:18 +0800 Subject: [PATCH 1/2] modify init Signed-off-by: zhong_ning --- interfaces/innerkits/reboot/init_reboot.c | 12 ++++++++++-- services/src/init_service.c | 9 +++++---- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/interfaces/innerkits/reboot/init_reboot.c b/interfaces/innerkits/reboot/init_reboot.c index ec74638e3..39da233b1 100644 --- a/interfaces/innerkits/reboot/init_reboot.c +++ b/interfaces/innerkits/reboot/init_reboot.c @@ -16,9 +16,11 @@ #include #include -#include "sys_param.h" -#include "securec.h" +#include +#include #include "init_log.h" +#include "securec.h" +#include "sys_param.h" #define SYS_POWER_CTRL "sys.powerctrl=" #define MAX_REBOOT_NAME_SIZE 100 @@ -26,6 +28,12 @@ int DoReboot(const char *cmdContent) { + uid_t uid1 = getuid(); + uid_t uid2 = geteuid(); + if (uid1 != 0 || uid2 != 0) { + INIT_LOGE("uid1=%d, uid2=%d, user MUST be root, error!", uid1, uid2); + return -1; + } char value[MAX_REBOOT_VAUE_SIZE]; if (cmdContent == NULL || strlen(cmdContent) == 0) { if (snprintf_s(value, MAX_REBOOT_NAME_SIZE, MAX_REBOOT_NAME_SIZE - 1, "%s", "reboot") < 0) { diff --git a/services/src/init_service.c b/services/src/init_service.c index 020b5dac2..248c1962d 100644 --- a/services/src/init_service.c +++ b/services/src/init_service.c @@ -78,14 +78,15 @@ static int SetAllAmbientCapability() static int SetPerms(const Service *service) { INIT_CHECK_RETURN_VALUE(KeepCapability() == 0, SERVICE_FAILURE); - if (service->servPerm.gIDCnt == 1) { + if (service->servPerm.gIDCnt > 0) { INIT_ERROR_CHECK(setgid(service->servPerm.gIDArray[0]) == 0, return SERVICE_FAILURE, "SetPerms, setgid for %s failed. %d", service->name, errno); - } else if (service->servPerm.gIDCnt > 1){ - INIT_ERROR_CHECK(setgroups(service->servPerm.gIDCnt, service->servPerm.gIDArray) == 0, return SERVICE_FAILURE, + } + if (service->servPerm.gIDCnt > 1) { + INIT_ERROR_CHECK(setgroups(service->servPerm.gIDCnt - 1, &service->servPerm.gIDArray[1]) == 0, + return SERVICE_FAILURE, "SetPerms, setgroups failed. errno = %d, gIDCnt=%d", errno, service->servPerm.gIDCnt); } - if (service->servPerm.uID != 0) { if (setuid(service->servPerm.uID) != 0) { INIT_LOGE("setuid of service: %s failed, uid = %d", service->name, service->servPerm.uID); -- Gitee From 1401c3de6a8e5ee75e0a4804ffaca1c0057111dc Mon Sep 17 00:00:00 2001 From: zhong_ning Date: Wed, 11 Aug 2021 12:52:40 +0800 Subject: [PATCH 2/2] restore start/stop service Signed-off-by: zhong_ning --- services/cmds/service_control/BUILD.gn | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/services/cmds/service_control/BUILD.gn b/services/cmds/service_control/BUILD.gn index 5b4aa7a02..0e8f91315 100755 --- a/services/cmds/service_control/BUILD.gn +++ b/services/cmds/service_control/BUILD.gn @@ -22,6 +22,11 @@ ohos_executable("service_control") { "//base/startup/init_lite/services/param:paramclient", "//third_party/bounds_checking_function:libsec_static", ] + symlink_target_name = [ + "start_service", + "stop_service", + ] + install_images = [ "system" ] install_enable = true part_name = "init" } -- Gitee