package/network/services/hostapd/patches/610-hostapd_cli_ujail_permission.patch

   1 From: Mark Mentovai <mark@moxienet.com>
   2 Date: Tue, 23 Nov 2021 12:28:55 -0500
   3 Subject: [PATCH] hostapd: allow hostapd under ujail to communicate with
   4  hostapd_cli
   5
   6 When procd-ujail is available, 1f78538 runs hostapd as user
   7 "network", with only limited additional capabilities (CAP_NET_ADMIN and
   8 CAP_NET_RAW).
   9
  10 hostapd_cli (CONFIG_PACKAGE_hostapd-utils) communicates with hostapd
  11 over a named UNIX-domain socket. hostapd_cli is responsible for creating
  12 this socket at /tmp/wpa_ctrl_$pid_$counter. Since it typically runs as
  13 root, this endpoint is normally created with uid root, gid root, mode
  14 0755. As a result, hostapd running as uid network is able to receive
  15 control messages sent through this interface, but is not able to respond
  16 to them. If debug-level logging is enabled (CONFIG_WPA_MSG_MIN_PRIORITY
  17 <= 2 at build, and log_level <= 2 in /etc/config/wireless wifi-device),
  18 this message will appear from hostapd:
  19
  20 CTRL: sendto failed: Permission denied
  21
  22 As a fix, hostapd_cli should create the socket node in the filesystem
  23 with uid network, gid network, mode 0770. This borrows the presently
  24 Android-only strategy already in hostapd intended to solve the same
  25 problem on Android.
  26
  27 If procd-ujail is not available and hostapd falls back to running as
  28 root, it will still be able to read from and write to the socket even if
  29 the node in the filesystem has been restricted to the network user and
  30 group. This matches the logic in
  31 package/network/services/hostapd/files/wpad.init, which sets the uid and
  32 gid of /var/run/hostapd to network regardless of whether procd-ujail is
  33 available.
  34
  35 As it appears that the "network" user and group are statically allocated
  36 uid 101 and gid 101, respectively, per
  37 package/base-files/files/etc/passwd and USERID in
  38 package/network/services/hostapd/Makefile, this patch also uses a
  39 constant 101 for the uid and gid.
  40
  41 --- a/src/common/wpa_ctrl.c
  42 +++ b/src/common/wpa_ctrl.c
  43 @@ -135,7 +135,7 @@ try_again:
  44                 return NULL;
  45         }
  46         tries++;
  47 -#ifdef ANDROID
  48 +
  49         /* Set client socket file permissions so that bind() creates the client
  50          * socket with these permissions and there is no need to try to change
  51          * them with chmod() after bind() which would have potential issues with
  52 @@ -147,7 +147,7 @@ try_again:
  53          * operations to allow the response to go through. Those are using the
  54          * no-deference-symlinks version to avoid races. */
  55         fchmod(ctrl->s, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
  56 -#endif /* ANDROID */
  57 +
  58         if (bind(ctrl->s, (struct sockaddr *) &ctrl->local,
  59                     sizeof(ctrl->local)) < 0) {
  60                 if (errno == EADDRINUSE && tries < 2) {
  61 @@ -165,7 +165,11 @@ try_again:
  62                 return NULL;
  63         }
  64
  65 -#ifdef ANDROID
  66 +#ifndef ANDROID
  67 +       /* Set group even if we do not have privileges to change owner */
  68 +       lchown(ctrl->local.sun_path, -1, 101);
  69 +       lchown(ctrl->local.sun_path, 101, 101);
  70 +#else
  71         /* Set group even if we do not have privileges to change owner */
  72         lchown(ctrl->local.sun_path, -1, AID_WIFI);
  73         lchown(ctrl->local.sun_path, AID_SYSTEM, AID_WIFI);