release-request-94878621-f29d-487c-a2aa-213f2be9d20c-for-git_oc-mr1-release-4222039 snap-temp-L91400000086509174
Change-Id: I4b60a17455899e93f65ba9993a48b74b6121fd71
diff --git a/src/common/wpa_ctrl.c b/src/common/wpa_ctrl.c
index 623c2a7..a0fe822 100644
--- a/src/common/wpa_ctrl.c
+++ b/src/common/wpa_ctrl.c
@@ -21,9 +21,11 @@
#ifdef ANDROID
#include <dirent.h>
+#include <grp.h>
+#include <pwd.h>
#include <sys/stat.h>
+#include <sys/types.h>
#include <cutils/sockets.h>
-#include "private/android_filesystem_config.h"
#endif /* ANDROID */
#ifdef CONFIG_CTRL_IFACE_UDP_IPV6
@@ -98,6 +100,12 @@
size_t res;
int tries = 0;
int flags;
+#ifdef ANDROID
+ struct group *grp_wifi;
+ gid_t gid_wifi;
+ struct passwd *pwd_system;
+ uid_t uid_system;
+#endif
if (ctrl_path == NULL)
return NULL;
@@ -153,8 +161,18 @@
#ifdef ANDROID
chmod(ctrl->local.sun_path, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
/* Set group even if we do not have privileges to change owner */
- chown(ctrl->local.sun_path, -1, AID_WIFI);
- chown(ctrl->local.sun_path, AID_SYSTEM, AID_WIFI);
+ grp_wifi = getgrnam("wifi");
+ gid_wifi = grp_wifi ? grp_wifi->gr_gid : 0;
+ pwd_system = getpwnam("system");
+ uid_system = pwd_system ? pwd_system->pw_uid : 0;
+ if (!gid_wifi || !uid_system) {
+ close(ctrl->s);
+ unlink(ctrl->local.sun_path);
+ os_free(ctrl);
+ return NULL;
+ }
+ chown(ctrl->local.sun_path, -1, gid_wifi);
+ chown(ctrl->local.sun_path, uid_system, gid_wifi);
if (os_strncmp(ctrl_path, "@android:", 9) == 0) {
if (socket_local_client_connect(
diff --git a/src/utils/os_unix.c b/src/utils/os_unix.c
index 26fd172..b516cc4 100644
--- a/src/utils/os_unix.c
+++ b/src/utils/os_unix.c
@@ -12,9 +12,11 @@
#include <sys/wait.h>
#ifdef ANDROID
+#include <grp.h>
+#include <pwd.h>
#include <sys/capability.h>
#include <sys/prctl.h>
-#include <private/android_filesystem_config.h>
+#include <sys/types.h>
#endif /* ANDROID */
#ifdef __MACH__
@@ -324,24 +326,42 @@
int os_program_init(void)
{
#ifdef ANDROID
+ struct __user_cap_header_struct header;
+ struct __user_cap_data_struct cap;
+ struct group *grp = getgrnam("wifi");
+ gid_t gid_wifi = grp ? grp->gr_gid : 0;
+ struct passwd *pwd = getpwnam("wifi");
+ uid_t uid_wifi = pwd ? pwd->pw_uid : 0;
+
/*
* We ignore errors here since errors are normal if we
* are already running as non-root.
*/
#ifdef ANDROID_SETGROUPS_OVERRIDE
gid_t groups[] = { ANDROID_SETGROUPS_OVERRIDE };
+
+ if (!gid_wifi || !uid_wifi) return -1;
#else /* ANDROID_SETGROUPS_OVERRIDE */
- gid_t groups[] = { AID_INET, AID_WIFI, AID_KEYSTORE };
+ gid_t groups[3];
+
+ if (!gid_wifi || !uid_wifi) return -1;
+ groups[0] = gid_wifi;
+
+ grp = getgrnam("inet");
+ groups[1] = grp ? grp->gr_gid : 0;
+ if (!groups[1]) return -1;
+
+ grp = getgrnam("keystore");
+ groups[2] = grp ? grp->gr_gid : 0;
+ if (!groups[2]) return -1;
#endif /* ANDROID_SETGROUPS_OVERRIDE */
- struct __user_cap_header_struct header;
- struct __user_cap_data_struct cap;
setgroups(ARRAY_SIZE(groups), groups);
prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
- setgid(AID_WIFI);
- setuid(AID_WIFI);
+ setgid(gid_wifi);
+ setuid(uid_wifi);
header.version = _LINUX_CAPABILITY_VERSION;
header.pid = 0;
