Start the mainline supplicant as user 'wifi'
rather than user 'root'.
From the wpa_supplicant documentation,
the process will need Net Admin and
Net Raw capabilities, along with access
to the socket directory, in order to
function as a non-root user.
Bug: 376525695
Test: Start mainline supplicant and
add interface wlan0
Change-Id: I37f813031354dbb38765b78ed2cac26056ca1747
diff --git a/wpa_supplicant/aidl/mainline/config/mainline_supplicant.rc b/wpa_supplicant/aidl/mainline/config/mainline_supplicant.rc
index 8c436c6..018df1c 100644
--- a/wpa_supplicant/aidl/mainline/config/mainline_supplicant.rc
+++ b/wpa_supplicant/aidl/mainline/config/mainline_supplicant.rc
@@ -3,7 +3,9 @@
-g@android:wpa_wlan0
interface aidl wifi_mainline_supplicant
class main
- user root
+ user wifi
+ group wifi net_raw net_admin
+ capabilities NET_RAW NET_ADMIN
socket wpa_wlan0 dgram 660 wifi wifi
disabled
oneshot