diff options
| author | Roshan Pius <rpius@google.com> | 2018-05-01 13:59:06 -0700 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2018-05-01 13:59:06 -0700 |
| commit | 22a9c74b0652ae31131a69bb96dab6a321a4d9fc (patch) | |
| tree | 90868ae7310dccfafac1fe4354562ba43ceec5b1 | |
| parent | ed094e0de54afdfae423ddf63d653c5af2f385ae (diff) | |
| parent | d47fd3791387eded068f6554c0dfdaa0ee5ceef2 (diff) | |
WifiServiceImpl: Additional permission checks for startScan
am: d47fd37913
Change-Id: I91774f7a8d0c9899a160e88200e38c88943f6b4f
| -rw-r--r-- | service/java/com/android/server/wifi/WifiServiceImpl.java | 32 | ||||
| -rw-r--r-- | tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java | 12 |
2 files changed, 32 insertions, 12 deletions
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java index 4d9dbf7e7..04be38daa 100644 --- a/service/java/com/android/server/wifi/WifiServiceImpl.java +++ b/service/java/com/android/server/wifi/WifiServiceImpl.java @@ -611,6 +611,7 @@ public class WifiServiceImpl extends IWifiManager.Stub { } int callingUid = Binder.getCallingUid(); + long ident = Binder.clearCallingIdentity(); mLog.info("startScan uid=%").c(callingUid).flush(); synchronized (this) { if (mInIdleMode) { @@ -626,19 +627,26 @@ public class WifiServiceImpl extends IWifiManager.Stub { return false; } } - Mutable<Boolean> scanSuccess = new Mutable<>(); - boolean runWithScissorsSuccess = mWifiInjector.getWifiStateMachineHandler() - .runWithScissors(() -> { - scanSuccess.value = mScanRequestProxy.startScan(callingUid, packageName); - }, RUN_WITH_SCISSORS_TIMEOUT_MILLIS); - if (!runWithScissorsSuccess) { - Log.e(TAG, "Failed to post runnable to start scan"); - sendFailedScanBroadcast(); - return false; - } - if (!scanSuccess.value) { - Log.e(TAG, "Failed to start scan"); + try { + mWifiPermissionsUtil.enforceCanAccessScanResults(packageName, callingUid); + Mutable<Boolean> scanSuccess = new Mutable<>(); + boolean runWithScissorsSuccess = mWifiInjector.getWifiStateMachineHandler() + .runWithScissors(() -> { + scanSuccess.value = mScanRequestProxy.startScan(callingUid, packageName); + }, RUN_WITH_SCISSORS_TIMEOUT_MILLIS); + if (!runWithScissorsSuccess) { + Log.e(TAG, "Failed to post runnable to start scan"); + sendFailedScanBroadcast(); + return false; + } + if (!scanSuccess.value) { + Log.e(TAG, "Failed to start scan"); + return false; + } + } catch (SecurityException e) { return false; + } finally { + Binder.restoreCallingIdentity(ident); } return true; } diff --git a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java index f64ce59e5..46b29a46b 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java @@ -1038,6 +1038,18 @@ public class WifiServiceImplTest { } /** + * Ensure that we handle scan access permission check failure when handling scan request. + */ + @Test + public void testStartScanFailureInCanAccessScanResultsPermission() { + setupWifiStateMachineHandlerForRunWithScissors(); + doThrow(new SecurityException()).when(mWifiPermissionsUtil) + .enforceCanAccessScanResults(SCAN_PACKAGE_NAME, Process.myUid()); + assertFalse(mWifiServiceImpl.startScan(SCAN_PACKAGE_NAME)); + verify(mScanRequestProxy, never()).startScan(Process.myUid(), SCAN_PACKAGE_NAME); + } + + /** * Ensure that we handle scan request failure when posting the runnable to handler fails. */ @Ignore |