wpa_supplicant(hidl): Handle file access denials

For new devices (launching with P+), we're removing the sepolicy
exception granted to wpa_supplicant to access /data/misc/wifi.

This causes a problem in the .conf file migration logic in the HIDL
interface. We currently identify clean (new/factory-reset/wiped) devices by
the ENOENT error code, which indicates the legacy conf file does not
exist. But, with the sepolicy exception removed for new devices, we will
now receive an error code of EACCESS instead of ENOENT.
For older devices (launched with O), the sepolicy exception
granted will continue and hence they would have access to /data/misc/wifi/
in P.

Bug: 72643420
Bug: 74120033
Test: Booted device in enforcing mode and completed the setup wizard.
Change-Id: I4ca0cf97420f2cd377f02d856e26b9a92c3631c2

1 files changed, 3 insertions, 2 deletions

diff --git a/wpa_supplicant/hidl/1.1/supplicant.cpp b/wpa_supplicant/hidl/1.1/supplicant.cpp
index 7631eaca..4785c375 100644
--- a/wpa_supplicant/hidl/1.1/supplicant.cpp
+++ b/wpa_supplicant/hidl/1.1/supplicant.cpp
@@ -62,7 +62,7 @@ int copyFile(
 /**
  * Copy |src_file_path| to |dest_file_path| if it exists.
  *
- * Returns 1 if |src_file_path| does not exists,
+ * Returns 1 if |src_file_path| does not exist or not accessible,
  * Returns -1 if the copy fails.
  * Returns 0 if the copy succeeds.
  */
@@ -70,7 +70,8 @@ int copyFileIfItExists(
     const std::string& src_file_path, const std::string& dest_file_path)
 {
 	int ret = access(src_file_path.c_str(), R_OK);
-	if ((ret != 0) && (errno == ENOENT)) {
+	// Sepolicy denial (2018+ device) will return EACCESS instead of ENOENT.
+	if ((ret != 0) && ((errno == ENOENT) || (errno == EACCES))) {
 		return 1;
 	}
 	ret = copyFile(src_file_path, dest_file_path);