Question: Permissions required for running in Android in System user mode

Arend van Spriel arend at broadcom.com
Wed Aug 19 07:55:28 PDT 2015 

On 08/19/2015 02:22 PM, Thomas Haller wrote:
> On Tue, 2015-08-18 at 08:57 -0700, Adithya Prakash wrote:
>> Hello,
>>
>> I am calling a few libnl API's to send a vendor specific command
>> which
>> queries the properties of the current WiFi P2P connection (like
>> frequency, mode etc).
>>
>> The code sets few callback functions and sends the command message
>> using libnl API's and waits for the callback function to be called
>> with the property parameters.
>>
>> Question: When I run my code as a ROOT user, This works fine and I
>> get
>> the callback with the properties of the connection. But when I run my
>> code as a SYSTEM user, which is the actual end use case, I dont get
>> the callback. Any suggestions what changes are needed when the user
>> group changes?
>>
>> Context: This is a C++ code written as a standalone command line unit
>> test to verify this feature and is run on Android L.
>>
>> Other points:
>>
>> All SELinux permissions have already been provided. I have also tried
>> running this in permissive mode.
>>
>> Some debugging appears to hint that the user space to kernel
>> communication is not taking place after sending the command message.
>> Not 100% sure, but likely issue.
>>
>> If you have any insight into this and can provide some pointers, that
>> would be very helpful. Thanks!
>
> Hi,
>
> I don't think that libnl behaves any differently whether you run it as
> root or not. It just reads the socket, does the parsing, and invokes
> the callbacks.
>
> Probably the other side (kernel) checks the user and refuses to answer.

Indeed. In this case it is nl80211 family which imposes the requirement 
per command. It is in struct genl_ops nl80211_ops[] in 
net/wireless/nl80211.c. The NL80211_VENDOR_CMD is here [1] and is 
flagged with GENL_ADMIN_PERM.

Regards,
Arend

[1] http://lxr.free-electrons.com/source/net/wireless/nl80211.c#L10990

> If you set the NL_CB_MSG_IN callback, you might see the most. This
> callback is called always and as first.
>      nl_socket_modify_cb (sk, NL_CB_MSG_IN, NL_CB_CUSTOM, my_func, user_data);
>
>
>
> Thomas
>
>
>
> _______________________________________________
> libnl mailing list
> libnl at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/libnl
>

More information about the libnl mailing list