Revoke the setuid capability from mainline supplicant. The process will now be started as user wifi. Bug: 376525695 Test: Start mainline supplicant and add interface wlan0 Change-Id: I65abbe4d2a71e4409634a150f689354b5cb3b157

commit: 586ce3151df0beaf6ae578116965e9d4e3786959 [log] [tgz]
author: Gabriel Biren <gbiren@google.com> Thu Jan 16 01:30:06 2025 +0000
committer: Gabriel Biren <gbiren@google.com> Tue Jan 21 18:41:55 2025 +0000
tree: 0ac7e39bc218ebb1eda14dadfa39b668e74484cd
parent: 2d3643ac78a1b22e17649e366c821fea4b0cbe6f [diff] [blame]
diff --git a/private/wifi_mainline_supplicant.te b/private/wifi_mainline_supplicant.te
index d6c7998..c18cef6 100644
--- a/private/wifi_mainline_supplicant.te
+++ b/private/wifi_mainline_supplicant.te

@@ -5,7 +5,7 @@
 init_daemon_domain(wifi_mainline_supplicant)
 add_service(wifi_mainline_supplicant, wifi_mainline_supplicant_service)
 
-allow wifi_mainline_supplicant self:global_capability_class_set { setuid setgid net_admin net_raw };
+allow wifi_mainline_supplicant self:global_capability_class_set { net_admin net_raw };
 allow wifi_mainline_supplicant proc_net:file rw_file_perms;
 allow wifi_mainline_supplicant sysfs_net:dir search;
commit	586ce3151df0beaf6ae578116965e9d4e3786959	[log] [tgz]
author	Gabriel Biren <gbiren@google.com>	Thu Jan 16 01:30:06 2025 +0000
committer	Gabriel Biren <gbiren@google.com>	Tue Jan 21 18:41:55 2025 +0000
tree	0ac7e39bc218ebb1eda14dadfa39b668e74484cd
parent	2d3643ac78a1b22e17649e366c821fea4b0cbe6f [diff] [blame]