From dde342737617a85d6fceeadc86c4ab714793ddf0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AE=8B=E4=BD=B3=E4=BC=9F?= <songjiawei9@h-partners.com>
Date: Fri, 11 Jul 2025 16:33:04 +0800
Subject: [PATCH 1/2] =?UTF-8?q?Description:=E4=BF=AE=E5=A4=8D=E5=88=9B?=
 =?UTF-8?q?=E5=BB=BA=E8=8A=82=E7=82=B9=E6=97=B6=E7=9A=84gid=E5=92=8Cmod?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98=20IssueNo:https://gitee.com/openharmony/star?=
 =?UTF-8?q?tup=5Finit/issues/ICLQ29=20Binary=20Source:No=20Signed-off-by:?=
 =?UTF-8?q?=20songjiawei9=20<songjiawei9@h-partners.com>?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 services/etc/ueventd.cfg         |  2 +-
 ueventd/ueventd_device_handler.c | 42 +++++++++++++++++++++++---------
 2 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/services/etc/ueventd.cfg b/services/etc/ueventd.cfg
index 68a1a5d6d..1fdff7f70 100644
--- a/services/etc/ueventd.cfg
+++ b/services/etc/ueventd.cfg
@@ -19,7 +19,7 @@
                     "SOCK_NONBLOCK"
                 ]
             }],
-            "caps" : ["DAC_OVERRIDE", "MKNOD", "CHOWN", "FOWNER"],
+            "caps" : ["DAC_OVERRIDE", "MKNOD", "CHOWN", "FOWNER", "CAP_SETGID"],
             "ondemand" : true,
             "sandbox" : 0,
             "start-mode" : "condition",
diff --git a/ueventd/ueventd_device_handler.c b/ueventd/ueventd_device_handler.c
index 7dee26914..db6b4b611 100644
--- a/ueventd/ueventd_device_handler.c
+++ b/ueventd/ueventd_device_handler.c
@@ -145,15 +145,41 @@ static void SetDeviceLable(const char *path, char **symLinks)
 }
 #endif
 
-static int CreateDeviceNode(const struct Uevent *uevent, const char *deviceNode, char **symLinks, bool isBlock)
+static int CreateDeviceNodeWithPermissions(const struct Uevent *uevent, const char *deviceNode, bool isBlock)
 {
-    int rc = -1;
     int major = uevent->major;
     int minor = uevent->minor;
     uid_t uid = uevent->ug.uid;
     gid_t gid = uevent->ug.gid;
     mode_t mode = DEVMODE;
 
+    (void)GetDeviceNodePermissions(deviceNode, &uid, &gid, &mode);
+    mode |= isBlock ? S_IFBLK : S_IFCHR;
+    dev_t dev = makedev((unsigned int)major, (unsigned int)minor);
+
+    if (setegid(gid) != 0) {
+        INIT_LOGE("Failed to setegid %u, deviceNode: \" %s \" , errno %d", gid, deviceNode, errno);
+    }
+    mode_t originalMask = umask(000);
+    int rc = mknod(deviceNode, mode, dev);
+    (void)umask(originalMask);
+    if (rc < 0 && errno != EEXIST) {
+        INIT_LOGE("Create device node[%s %d, %d] failed. %d", deviceNode, major, minor, errno);
+        return rc;
+    }
+    if (chown(deviceNode, uid, gid) != 0) {
+        INIT_LOGW("Failed to change \" %s \" owner, errno %d", deviceNode, errno);
+    }
+    if (setegid(0) != 0) {
+        INIT_LOGE("Failed to setegid 0, deviceNode: \" %s \" , errno %d", deviceNode, errno);
+    }
+    return 0;
+}
+
+static int CreateDeviceNode(const struct Uevent *uevent, const char *deviceNode, char **symLinks, bool isBlock)
+{
+    int rc = -1;
+
     if (deviceNode == NULL || *deviceNode == '\0') {
         INIT_LOGE("Invalid device file");
         return rc;
@@ -177,18 +203,10 @@ static int CreateDeviceNode(const struct Uevent *uevent, const char *deviceNode,
         return rc;
     }
 
-    (void)GetDeviceNodePermissions(deviceNode, &uid, &gid, &mode);
-    mode |= isBlock ? S_IFBLK : S_IFCHR;
-    dev_t dev = makedev((unsigned int)major, (unsigned int)minor);
-    setegid(0);
-    rc = mknod(deviceNode, mode, dev);
+    rc = CreateDeviceNodeWithPermissions(uevent, deviceNode, isBlock);
     if (rc < 0) {
-        if (errno != EEXIST) {
-            INIT_LOGE("Create device node[%s %d, %d] failed. %d", deviceNode, major, minor, errno);
-            return rc;
-        }
+        return rc;
     }
-    AdjustDeviceNodePermissions(deviceNode, uid, gid, mode);
     if (symLinks != NULL) {
         CreateSymbolLinks(deviceNode, symLinks);
     }
-- 
Gitee


From 8bcc0497aba98836bfbbae0d605d2b133901f9c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AE=8B=E4=BD=B3=E4=BC=9F?= <songjiawei9@h-partners.com>
Date: Sat, 12 Jul 2025 16:31:10 +0800
Subject: [PATCH 2/2] =?UTF-8?q?Description:=E4=BF=AE=E5=A4=8D=E5=88=9B?=
 =?UTF-8?q?=E5=BB=BA=E8=8A=82=E7=82=B9=E6=97=B6=E7=9A=84gid=E5=92=8Cmod?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98=20IssueNo:https://gitee.com/openharmony/star?=
 =?UTF-8?q?tup=5Finit/issues/ICLQ29=20Binary=20Source:No=20Signed-off-by:?=
 =?UTF-8?q?=20songjiawei9=20<songjiawei9@h-partners.com>?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 services/etc/ueventd.cfg         |  2 +-
 ueventd/ueventd_device_handler.c | 40 ++++++++++++++++++++++----------
 2 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/services/etc/ueventd.cfg b/services/etc/ueventd.cfg
index 68a1a5d6d..1fdff7f70 100644
--- a/services/etc/ueventd.cfg
+++ b/services/etc/ueventd.cfg
@@ -19,7 +19,7 @@
                     "SOCK_NONBLOCK"
                 ]
             }],
-            "caps" : ["DAC_OVERRIDE", "MKNOD", "CHOWN", "FOWNER"],
+            "caps" : ["DAC_OVERRIDE", "MKNOD", "CHOWN", "FOWNER", "CAP_SETGID"],
             "ondemand" : true,
             "sandbox" : 0,
             "start-mode" : "condition",
diff --git a/ueventd/ueventd_device_handler.c b/ueventd/ueventd_device_handler.c
index 7dee26914..df3c0ee0e 100644
--- a/ueventd/ueventd_device_handler.c
+++ b/ueventd/ueventd_device_handler.c
@@ -145,15 +145,39 @@ static void SetDeviceLable(const char *path, char **symLinks)
 }
 #endif
 
-static int CreateDeviceNode(const struct Uevent *uevent, const char *deviceNode, char **symLinks, bool isBlock)
+static int CreateDeviceNodeWithPermissions(const struct Uevent *uevent, const char *deviceNode, bool isBlock)
 {
-    int rc = -1;
     int major = uevent->major;
     int minor = uevent->minor;
     uid_t uid = uevent->ug.uid;
     gid_t gid = uevent->ug.gid;
     mode_t mode = DEVMODE;
 
+    (void)GetDeviceNodePermissions(deviceNode, &uid, &gid, &mode);
+    mode |= isBlock ? S_IFBLK : S_IFCHR;
+    dev_t dev = makedev((unsigned int)major, (unsigned int)minor);
+
+    if (setegid(gid) != 0) {
+        INIT_LOGW("Failed to setegid %u, deviceNode: \" %s \" , errno %d", gid, deviceNode, errno);
+    }
+    mode_t originalMask = umask(000);
+    int rc = mknod(deviceNode, mode, dev);
+    (void)umask(originalMask);
+    if (rc < 0 && errno != EEXIST) {
+        INIT_LOGE("Create device node[%s %d, %d] failed. %d", deviceNode, major, minor, errno);
+        return rc;
+    }
+    AdjustDeviceNodePermissions(deviceNode, uid, gid, mode);
+    if (setegid(0) != 0) {
+        INIT_LOGW("Failed to setegid 0, deviceNode: \" %s \" , errno %d", deviceNode, errno);
+    }
+    return 0;
+}
+
+static int CreateDeviceNode(const struct Uevent *uevent, const char *deviceNode, char **symLinks, bool isBlock)
+{
+    int rc = -1;
+
     if (deviceNode == NULL || *deviceNode == '\0') {
         INIT_LOGE("Invalid device file");
         return rc;
@@ -177,18 +201,10 @@ static int CreateDeviceNode(const struct Uevent *uevent, const char *deviceNode,
         return rc;
     }
 
-    (void)GetDeviceNodePermissions(deviceNode, &uid, &gid, &mode);
-    mode |= isBlock ? S_IFBLK : S_IFCHR;
-    dev_t dev = makedev((unsigned int)major, (unsigned int)minor);
-    setegid(0);
-    rc = mknod(deviceNode, mode, dev);
+    rc = CreateDeviceNodeWithPermissions(uevent, deviceNode, isBlock);
     if (rc < 0) {
-        if (errno != EEXIST) {
-            INIT_LOGE("Create device node[%s %d, %d] failed. %d", deviceNode, major, minor, errno);
-            return rc;
-        }
+        return rc;
     }
-    AdjustDeviceNodePermissions(deviceNode, uid, gid, mode);
     if (symLinks != NULL) {
         CreateSymbolLinks(deviceNode, symLinks);
     }
-- 
Gitee