*/
#include <unistd.h>
+#include <sys/capability.h>
#include <csignal>
#include <memory>
#include <binder/IServiceManager.h>
#include <binder/ProcessState.h>
#include <cutils/properties.h>
+#include <libminijail.h>
+#include <private/android_filesystem_config.h>
#include <utils/String16.h>
#include <wifi_hal/driver_tool.h>
#include <wifi_system/hal_tool.h>
android::NO_ERROR);
}
+void DoPrivilegedSetupOrCrash() {
+ // take ownership of the magic firmware change path
+ CHECK(chown(DriverTool::kFirmwareReloadPath, AID_WIFI, AID_WIFI) == 0)
+ << "Error changing ownership of '" << DriverTool::kFirmwareReloadPath
+ << "' to wifi:wifi, (" << strerror(errno) << ")";
+}
+
+void DropPrivilegesOrCrash() {
+ minijail* j = minijail_new();
+ CHECK(minijail_change_user(j, "wifi") == 0);
+ CHECK(minijail_change_group(j, "wifi") == 0);
+ minijail_use_caps(j,
+ CAP_TO_MASK(CAP_NET_ADMIN) |
+ CAP_TO_MASK(CAP_NET_RAW));
+ minijail_enter(j);
+ minijail_destroy(j);
+}
+
} // namespace
void OnBinderReadReady(int fd) {
android::base::InitLogging(argv, android::base::LogdLogger(android::base::SYSTEM));
LOG(INFO) << "wificond is starting up...";
+ DoPrivilegedSetupOrCrash();
+ DropPrivilegesOrCrash();
+
unique_ptr<android::wificond::LooperBackedEventLoop> event_dispatcher(
new android::wificond::LooperBackedEventLoop());
ScopedSignalHandler scoped_signal_handler(event_dispatcher.get());