diff options
author | Roshan Pius <rpius@google.com> | 2018-03-09 15:02:05 -0800 |
---|---|---|
committer | Roshan Pius <rpius@google.com> | 2018-03-15 13:35:20 -0700 |
commit | d121c710cfc02887c5bff213913314ec810ef408 (patch) | |
tree | 546485a2fb6dbf7b2773b39afb05e7b5afd7df40 /wpa_supplicant | |
parent | 51add01e6ac65dd93bbe85eab8fa6b86f0877e31 (diff) | |
download | wpa_supplicant_8-d121c710cfc02887c5bff213913314ec810ef408.tar.gz |
wpa_supplicant(hidl): Handle file access denials
For new devices (launching with P+), we're removing the sepolicy
exception granted to wpa_supplicant to access /data/misc/wifi.
This causes a problem in the .conf file migration logic in the HIDL
interface. We currently identify clean (new/factory-reset/wiped) devices by
the ENOENT error code, which indicates the legacy conf file does not
exist. But, with the sepolicy exception removed for new devices, we will
now receive an error code of EACCESS instead of ENOENT.
For older devices (launched with O), the sepolicy exception
granted will continue and hence they would have access to /data/misc/wifi/
in P.
Bug: 72643420
Bug: 74120033
Test: Booted device in enforcing mode and completed the setup wizard.
Change-Id: I4ca0cf97420f2cd377f02d856e26b9a92c3631c2
Diffstat (limited to 'wpa_supplicant')
-rw-r--r-- | wpa_supplicant/hidl/1.1/supplicant.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/wpa_supplicant/hidl/1.1/supplicant.cpp b/wpa_supplicant/hidl/1.1/supplicant.cpp index 7631eaca..4785c375 100644 --- a/wpa_supplicant/hidl/1.1/supplicant.cpp +++ b/wpa_supplicant/hidl/1.1/supplicant.cpp @@ -62,7 +62,7 @@ int copyFile( /** * Copy |src_file_path| to |dest_file_path| if it exists. * - * Returns 1 if |src_file_path| does not exists, + * Returns 1 if |src_file_path| does not exist or not accessible, * Returns -1 if the copy fails. * Returns 0 if the copy succeeds. */ @@ -70,7 +70,8 @@ int copyFileIfItExists( const std::string& src_file_path, const std::string& dest_file_path) { int ret = access(src_file_path.c_str(), R_OK); - if ((ret != 0) && (errno == ENOENT)) { + // Sepolicy denial (2018+ device) will return EACCESS instead of ENOENT. + if ((ret != 0) && ((errno == ENOENT) || (errno == EACCES))) { return 1; } ret = copyFile(src_file_path, dest_file_path); |