From 3c285a28a14d328f5cea9aa0e5f63bc6c9549325 Mon Sep 17 00:00:00 2001
From: Christopher Wiley <wiley@google.com>
Date: Mon, 22 Aug 2016 17:47:36 -0700
Subject: [PATCH] Allow wificond to drop privileges after startup

wificond will now change user/group to wifi/wifi after
taking control of a particular path in the sysfs.

Bug: 29870863
Change-Id: I9ccb23f60a66d6850f3969c364288f8850044fed
Test: wificond unit and integration tests pass
(cherry picked from commit 8a04a3138af98e95a9037b8cecbf68d08ea4df8b)
---
 wificond.te | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/wificond.te b/wificond.te
index d3140ad82..764b69f33 100644
--- a/wificond.te
+++ b/wificond.te
@@ -10,7 +10,9 @@ binder_call(wificond, wpa)
 
 allow wificond wificond_service:service_manager { add find };
 
-allow wificond sysfs_wlan_fwpath:file w_file_perms;
+# wificond writes firmware paths to this file.
+# wificond also changes the owership of this file on startup.
+allow wificond sysfs_wlan_fwpath:file { w_file_perms setattr };
 
 set_prop(wificond, wifi_prop)
 set_prop(wificond, ctl_default_prop)
@@ -29,10 +31,10 @@ r_dir_file(wificond, proc_net)
 # wificond also reads pid files out of this directory
 allow wificond wifi_data_file:dir rw_dir_perms;
 allow wificond wifi_data_file:file create_file_perms;
-# TODO: Remove fowner when wificond runs as the wifi user b/29870863
-#       We need this today, because we need to chmod hostapd/supplicant
-#       files, which are owned by system or wifi (not wificond's root).
-allow wificond self:capability { chown fowner };
+
+# wificond drops root shortly after starting
+# wificond changes the ownership of some files before dropping root
+allow wificond self:capability { setuid setgid setpcap chown };
 
 # wificond cleans up sockets created by wpa_supplicant and framework
 allow wificond wpa_socket:dir rw_dir_perms;
-- 
GitLab