Merge "Use correct method for checking NETWORK_SETUP_WIZARD permission" into qt-dev

author: TreeHugger Robot <treehugger-gerrit@google.com> 2019-06-08 00:28:23 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2019-06-08 00:28:23 +0000
commit: 6a70be37fe18f0b9b1a968a69190d3fab0505a71 (patch)
tree: 08e70dab93bda1f0759d001e97a98d3f0e180c3e
parent: d23921925eeb0d42497e5e4bee75b5e500d71fc0 (diff)
parent: 751d92efd542fae18c5c4a0e5597edd24ecb684b (diff)
2 files changed, 108 insertions, 65 deletions
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java
index ef57382bf..6bb36b3b9 100644
--- a/service/java/com/android/server/wifi/WifiServiceImpl.java
+++ b/service/java/com/android/server/wifi/WifiServiceImpl.java
@@ -747,6 +747,13 @@ public class WifiServiceImpl extends BaseWifiService {
                 || checkNetworkManagedProvisioningPermission(pid, uid);
     }
 
+    // Helper method to check if the entity initiating the binder call has setup wizard or settings
+    // permissions.
+    private boolean isSettingsOrSuw(int pid, int uid) {
+        return checkNetworkSettingsPermission(pid, uid)
+                || checkNetworkSetupWizardPermission(pid, uid);
+    }
+
     // Helper method to check if the entity initiating the binder call is a system app.
     private boolean isSystem(String packageName) {
         long ident = Binder.clearCallingIdentity();
@@ -1909,10 +1916,7 @@ public class WifiServiceImpl extends BaseWifiService {
     @Override
     public Map<String, Map<Integer, List<ScanResult>>> getAllMatchingFqdnsForScanResults(
             List<ScanResult> scanResults) {
-        if ((mContext.checkCallingOrSelfPermission(android.Manifest.permission.NETWORK_SETTINGS)
-                != PERMISSION_GRANTED)
-                && (mContext.checkSelfPermission(android.Manifest.permission.NETWORK_SETUP_WIZARD)
-                != PERMISSION_GRANTED)) {
+        if (!isSettingsOrSuw(Binder.getCallingPid(), Binder.getCallingUid())) {
             throw new SecurityException(TAG + ": Permission denied");
         }
         if (mVerboseLoggingEnabled) {
@@ -1934,10 +1938,7 @@ public class WifiServiceImpl extends BaseWifiService {
     @Override
     public Map<OsuProvider, List<ScanResult>> getMatchingOsuProviders(
             List<ScanResult> scanResults) {
-        if ((mContext.checkCallingOrSelfPermission(android.Manifest.permission.NETWORK_SETTINGS)
-                != PERMISSION_GRANTED)
-                && (mContext.checkSelfPermission(android.Manifest.permission.NETWORK_SETUP_WIZARD)
-                != PERMISSION_GRANTED)) {
+        if (!isSettingsOrSuw(Binder.getCallingPid(), Binder.getCallingUid())) {
             throw new SecurityException(TAG + ": Permission denied");
         }
         if (mVerboseLoggingEnabled) {
@@ -1958,10 +1959,7 @@ public class WifiServiceImpl extends BaseWifiService {
     @Override
     public Map<OsuProvider, PasspointConfiguration> getMatchingPasspointConfigsForOsuProviders(
             List<OsuProvider> osuProviders) {
-        if ((mContext.checkCallingOrSelfPermission(android.Manifest.permission.NETWORK_SETTINGS)
-                != PERMISSION_GRANTED)
-                && (mContext.checkSelfPermission(android.Manifest.permission.NETWORK_SETUP_WIZARD)
-                != PERMISSION_GRANTED)) {
+        if (!isSettingsOrSuw(Binder.getCallingPid(), Binder.getCallingUid())) {
             throw new SecurityException(TAG + ": Permission denied");
         }
         if (mVerboseLoggingEnabled) {
@@ -1990,10 +1988,7 @@ public class WifiServiceImpl extends BaseWifiService {
      */
     @Override
     public List<WifiConfiguration> getWifiConfigsForPasspointProfiles(List<String> fqdnList) {
-        if ((mContext.checkCallingOrSelfPermission(android.Manifest.permission.NETWORK_SETTINGS)
-                != PERMISSION_GRANTED)
-                && (mContext.checkSelfPermission(android.Manifest.permission.NETWORK_SETUP_WIZARD)
-                != PERMISSION_GRANTED)) {
+        if (!isSettingsOrSuw(Binder.getCallingPid(), Binder.getCallingUid())) {
             throw new SecurityException(TAG + ": Permission denied");
         }
         if (mVerboseLoggingEnabled) {
@@ -3123,10 +3118,7 @@ public class WifiServiceImpl extends BaseWifiService {
         if (callback == null) {
             throw new IllegalArgumentException("Callback must not be null");
         }
-        if ((mContext.checkCallingOrSelfPermission(android.Manifest.permission.NETWORK_SETTINGS)
-                != PERMISSION_GRANTED)
-                && (mContext.checkSelfPermission(android.Manifest.permission.NETWORK_SETUP_WIZARD)
-                != PERMISSION_GRANTED)) {
+        if (!isSettingsOrSuw(Binder.getCallingPid(), Binder.getCallingUid())) {
             throw new SecurityException(TAG + ": Permission denied");
         }
         if (!mContext.getPackageManager().hasSystemFeature(
@@ -3419,10 +3411,7 @@ public class WifiServiceImpl extends BaseWifiService {
 
         final int uid = getMockableCallingUid();
 
-        if ((mContext.checkCallingOrSelfPermission(android.Manifest.permission.NETWORK_SETTINGS)
-                != PERMISSION_GRANTED)
-                && (mContext.checkSelfPermission(android.Manifest.permission.NETWORK_SETUP_WIZARD)
-                != PERMISSION_GRANTED)) {
+        if (!isSettingsOrSuw(Binder.getCallingPid(), Binder.getCallingUid())) {
             throw new SecurityException(TAG + ": Permission denied");
         }
 
@@ -3456,10 +3445,7 @@ public class WifiServiceImpl extends BaseWifiService {
 
         final int uid = getMockableCallingUid();
 
-        if ((mContext.checkCallingOrSelfPermission(android.Manifest.permission.NETWORK_SETTINGS)
-                != PERMISSION_GRANTED)
-                && (mContext.checkSelfPermission(android.Manifest.permission.NETWORK_SETUP_WIZARD)
-                != PERMISSION_GRANTED)) {
+        if (!isSettingsOrSuw(Binder.getCallingPid(), Binder.getCallingUid())) {
             throw new SecurityException(TAG + ": Permission denied");
         }
 
@@ -3473,10 +3459,7 @@ public class WifiServiceImpl extends BaseWifiService {
      */
     @Override
     public void stopDppSession() throws android.os.RemoteException {
-        if ((mContext.checkCallingOrSelfPermission(android.Manifest.permission.NETWORK_SETTINGS)
-                != PERMISSION_GRANTED)
-                && (mContext.checkSelfPermission(android.Manifest.permission.NETWORK_SETUP_WIZARD)
-                != PERMISSION_GRANTED)) {
+        if (!isSettingsOrSuw(Binder.getCallingPid(), Binder.getCallingUid())) {
             throw new SecurityException(TAG + ": Permission denied");
         }
         final int uid = getMockableCallingUid();
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
index 0377001e6..b69fba78b 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
@@ -50,7 +50,26 @@ import static org.junit.Assert.fail;
 import static org.mockito.Matchers.any;
 import static org.mockito.Matchers.anyString;
 import static org.mockito.Matchers.eq;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.anyBoolean;
+import static org.mockito.Mockito.anyInt;
+import static org.mockito.Mockito.anyLong;
+import static org.mockito.Mockito.anyObject;
+import static org.mockito.Mockito.argThat;
+import static org.mockito.Mockito.atLeastOnce;
+import static org.mockito.Mockito.doNothing;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.inOrder;
+import static org.mockito.Mockito.isNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.reset;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
 
 import android.Manifest;
 import android.app.ActivityManager;
@@ -67,6 +86,7 @@ import android.content.pm.PackageManager;
 import android.content.pm.ParceledListSlice;
 import android.content.res.Resources;
 import android.net.Uri;
+import android.net.wifi.IDppCallback;
 import android.net.wifi.INetworkRequestMatchCallback;
 import android.net.wifi.IOnWifiUsabilityStatsListener;
 import android.net.wifi.ISoftApCallback;
@@ -180,6 +200,7 @@ public class WifiServiceImplTest {
     private OsuProvider mOsuProvider;
     private SoftApCallback mStateMachineSoftApCallback;
     private ApplicationInfo mApplicationInfo;
+    private static final String DPP_URI = "DPP:some_dpp_uri";
 
     final ArgumentCaptor<BroadcastReceiver> mBroadcastReceiverCaptor =
             ArgumentCaptor.forClass(BroadcastReceiver.class);
@@ -237,6 +258,7 @@ public class WifiServiceImplTest {
     @Mock WifiScoreReport mWifiScoreReport;
     @Mock WifiScoreCard mWifiScoreCard;
     @Mock PasspointManager mPasspointManager;
+    @Mock IDppCallback mDppCallback;
 
     @Spy FakeWifiLog mLog;
 
@@ -384,6 +406,32 @@ public class WifiServiceImplTest {
         verify(mActiveModeWarden).registerSoftApCallback(softApCallbackCaptor.capture());
         mStateMachineSoftApCallback = softApCallbackCaptor.getValue();
         mWifiServiceImpl.setWifiHandlerLogForTest(mLog);
+        mDppCallback = new IDppCallback() {
+            @Override
+            public void onSuccessConfigReceived(int newNetworkId) throws RemoteException {
+
+            }
+
+            @Override
+            public void onSuccess(int status) throws RemoteException {
+
+            }
+
+            @Override
+            public void onFailure(int status) throws RemoteException {
+
+            }
+
+            @Override
+            public void onProgress(int status) throws RemoteException {
+
+            }
+
+            @Override
+            public IBinder asBinder() {
+                return null;
+            }
+        };
     }
 
     private WifiAsyncChannelTester verifyAsyncChannelHalfConnected() throws RemoteException {
@@ -2495,14 +2543,7 @@ public class WifiServiceImplTest {
      * permissions and NETWORK_SETUP_WIZARD.
      */
     @Test(expected = SecurityException.class)
-    public void testGetAllMatchingFqdnsForScanResultsWithOutPermissions() {
-        when(mContext.checkCallingOrSelfPermission(
-                eq(android.Manifest.permission.NETWORK_SETTINGS))).thenReturn(
-                PackageManager.PERMISSION_DENIED);
-        when(mContext.checkSelfPermission(
-                eq(android.Manifest.permission.NETWORK_SETUP_WIZARD))).thenReturn(
-                PackageManager.PERMISSION_DENIED);
-
+    public void testGetAllMatchingFqdnsForScanResultsWithoutPermissions() {
         mWifiServiceImpl.getAllMatchingFqdnsForScanResults(new ArrayList<>());
     }
 
@@ -2512,14 +2553,7 @@ public class WifiServiceImplTest {
      * permissions and NETWORK_SETUP_WIZARD.
      */
     @Test(expected = SecurityException.class)
-    public void testGetWifiConfigsForPasspointProfilesWithOutPermissions() {
-        when(mContext.checkCallingOrSelfPermission(
-                eq(android.Manifest.permission.NETWORK_SETTINGS))).thenReturn(
-                PackageManager.PERMISSION_DENIED);
-        when(mContext.checkSelfPermission(
-                eq(android.Manifest.permission.NETWORK_SETUP_WIZARD))).thenReturn(
-                PackageManager.PERMISSION_DENIED);
-
+    public void testGetWifiConfigsForPasspointProfilesWithoutPermissions() {
         mWifiServiceImpl.getWifiConfigsForPasspointProfiles(new ArrayList<>());
     }
 
@@ -2529,14 +2563,7 @@ public class WifiServiceImplTest {
      * permissions and NETWORK_SETUP_WIZARD.
      */
     @Test(expected = SecurityException.class)
-    public void testGetMatchingOsuProvidersWithOutPermissions() {
-        when(mContext.checkCallingOrSelfPermission(
-                eq(android.Manifest.permission.NETWORK_SETTINGS))).thenReturn(
-                PackageManager.PERMISSION_DENIED);
-        when(mContext.checkSelfPermission(
-                eq(android.Manifest.permission.NETWORK_SETUP_WIZARD))).thenReturn(
-                PackageManager.PERMISSION_DENIED);
-
+    public void testGetMatchingOsuProvidersWithoutPermissions() {
         mWifiServiceImpl.getMatchingOsuProviders(new ArrayList<>());
     }
 
@@ -2546,14 +2573,7 @@ public class WifiServiceImplTest {
      * NETWORK_SETTINGS permissions and NETWORK_SETUP_WIZARD.
      */
     @Test(expected = SecurityException.class)
-    public void testGetMatchingPasspointConfigsForOsuProvidersWithOutPermissions() {
-        when(mContext.checkCallingOrSelfPermission(
-                eq(android.Manifest.permission.NETWORK_SETTINGS))).thenReturn(
-                PackageManager.PERMISSION_DENIED);
-        when(mContext.checkSelfPermission(
-                eq(android.Manifest.permission.NETWORK_SETUP_WIZARD))).thenReturn(
-                PackageManager.PERMISSION_DENIED);
-
+    public void testGetMatchingPasspointConfigsForOsuProvidersWithoutPermissions() {
         mWifiServiceImpl.getMatchingPasspointConfigsForOsuProviders(new ArrayList<>());
     }
 
@@ -2563,6 +2583,11 @@ public class WifiServiceImplTest {
      */
     @Test
     public void testStartSubscriptionProvisioningWithPermission() throws Exception {
+        when(mContext.checkPermission(eq(android.Manifest.permission.NETWORK_SETTINGS),
+                anyInt(), anyInt())).thenReturn(PackageManager.PERMISSION_GRANTED);
+        when(mContext.checkPermission(eq(android.Manifest.permission.NETWORK_SETUP_WIZARD),
+                anyInt(), anyInt())).thenReturn(PackageManager.PERMISSION_GRANTED);
+
         mWifiServiceImpl.startSubscriptionProvisioning(mOsuProvider, mProvisioningCallback);
         verify(mClientModeImpl).syncStartSubscriptionProvisioning(anyInt(),
                 eq(mOsuProvider), eq(mProvisioningCallback), any());
@@ -2574,6 +2599,10 @@ public class WifiServiceImplTest {
      */
     @Test(expected = UnsupportedOperationException.class)
     public void testStartSubscriptionProvisioniningPasspointUnsupported() throws Exception {
+        when(mContext.checkPermission(eq(android.Manifest.permission.NETWORK_SETTINGS),
+                anyInt(), anyInt())).thenReturn(PackageManager.PERMISSION_GRANTED);
+        when(mContext.checkPermission(eq(android.Manifest.permission.NETWORK_SETUP_WIZARD),
+                anyInt(), anyInt())).thenReturn(PackageManager.PERMISSION_GRANTED);
         when(mPackageManager.hasSystemFeature(
                 PackageManager.FEATURE_WIFI_PASSPOINT)).thenReturn(false);
         mWifiServiceImpl.startSubscriptionProvisioning(mOsuProvider, mProvisioningCallback);
@@ -4065,4 +4094,35 @@ public class WifiServiceImplTest {
         verify(mHandler, never()).handleMessage(any(Message.class));
         verify(mWifiController, never()).sendMessage(eq(CMD_SET_AP), eq(0), anyInt());
     }
+
+    /**
+     * Verify that the call to startDppAsConfiguratorInitiator throws a security exception when the
+     * caller doesn't have NETWORK_SETTINGS permissions or NETWORK_SETUP_WIZARD.
+     */
+    @Test(expected = SecurityException.class)
+    public void testStartDppAsConfiguratorInitiatorWithoutPermissions() {
+        mWifiServiceImpl.startDppAsConfiguratorInitiator(mAppBinder, DPP_URI,
+                1, 1, mDppCallback);
+    }
+
+    /**
+     * Verify that the call to startDppAsEnrolleeInitiator throws a security exception when the
+     * caller doesn't have NETWORK_SETTINGS permissions or NETWORK_SETUP_WIZARD.
+     */
+    @Test(expected = SecurityException.class)
+    public void testStartDppAsEnrolleeInitiatorWithoutPermissions() {
+        mWifiServiceImpl.startDppAsEnrolleeInitiator(mAppBinder, DPP_URI, mDppCallback);
+    }
+
+    /**
+     * Verify that the call to stopDppSession throws a security exception when the
+     * caller doesn't have NETWORK_SETTINGS permissions or NETWORK_SETUP_WIZARD.
+     */
+    @Test(expected = SecurityException.class)
+    public void testStopDppSessionWithoutPermissions() {
+        try {
+            mWifiServiceImpl.stopDppSession();
+        } catch (RemoteException e) {
+        }
+    }
 }
author	TreeHugger Robot <treehugger-gerrit@google.com>	2019-06-08 00:28:23 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2019-06-08 00:28:23 +0000
commit	6a70be37fe18f0b9b1a968a69190d3fab0505a71 (patch)
tree	08e70dab93bda1f0759d001e97a98d3f0e180c3e
parent	d23921925eeb0d42497e5e4bee75b5e500d71fc0 (diff)
parent	751d92efd542fae18c5c4a0e5597edd24ecb684b (diff)