WifiServiceImpl: add LOHS permission checks am: 2fd9436184

am: 8d1925ab9c Change-Id: I3f5b8977e41b9dc5d653b0b71711033bdf7aa91a
author: Rebecca Silberstein <silberst@google.com> 2017-05-01 22:52:02 +0000
committer: android-build-merger <android-build-merger@google.com> 2017-05-01 22:52:02 +0000
commit: 8a0adb85524d01b5a235a9ae95154cbc389d4cf8 (patch)
tree: 65016c1805b9442a72895d165f339bd2143c957e
parent: ab6d0d4b35673dcca253255362f048bce7370a4d (diff)
parent: 8d1925ab9cce5ad312987272bca1fb838c93de8c (diff)
4 files changed, 122 insertions, 0 deletions
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java
index 8cbeab225..656582c31 100644
--- a/service/java/com/android/server/wifi/WifiServiceImpl.java
+++ b/service/java/com/android/server/wifi/WifiServiceImpl.java
@@ -659,6 +659,10 @@ public class WifiServiceImpl extends IWifiManager.Stub {
                 "ConnectivityService");
     }
 
+    private void enforceLocationPermission(String pkgName, int uid) {
+        mWifiPermissionsUtil.enforceLocationPermission(pkgName, uid);
+    }
+
     /**
      * see {@link android.net.wifi.WifiManager#setWifiEnabled(boolean)}
      * @param enable {@code true} to enable, {@code false} to disable.
@@ -875,6 +879,20 @@ public class WifiServiceImpl extends IWifiManager.Stub {
      */
     @Override
     public WifiConfiguration startLocalOnlyHotspot(Messenger messenger, IBinder binder) {
+        // first check if the caller has permission to start a local only hotspot
+        // need to check for WIFI_STATE_CHANGE and location permission
+        final int uid = Binder.getCallingUid();
+        final String pkgName = mContext.getOpPackageName();
+
+        enforceChangePermission();
+        enforceLocationPermission(pkgName, uid);
+        // also need to verify that Locations services are enabled.
+        if (mSettingsStore.getLocationModeSetting(mContext) == Settings.Secure.LOCATION_MODE_OFF) {
+            throw new SecurityException("Location mode is not enabled.");
+        }
+
+        mLog.trace("startLocalOnlyHotspot uid=%").c(uid).flush();
+
         throw new UnsupportedOperationException("LocalOnlyHotspot is still in development");
     }
 
@@ -886,6 +904,11 @@ public class WifiServiceImpl extends IWifiManager.Stub {
      */
     @Override
     public void stopLocalOnlyHotspot() {
+        // first check if the caller has permission to stop a local only hotspot
+        enforceChangePermission();
+        final int uid = Binder.getCallingUid();
+
+        mLog.trace("stopLocalOnlyHotspot uid=%").c(uid).flush();
         throw new UnsupportedOperationException("LocalOnlyHotspot is still in development");
     }
 
diff --git a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
index 8b687db81..90ec060d6 100644
--- a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
+++ b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
@@ -86,6 +86,18 @@ public class WifiPermissionsUtil {
     }
 
     /**
+     * Check and enforce Location permission.
+     *
+     * @param pkgName PackageName of the application requesting access
+     * @param uid The uid of the package
+     */
+    public void enforceLocationPermission(String pkgName, int uid) {
+        if (!checkCallersLocationPermission(pkgName, uid)) {
+            throw new SecurityException("UID " + uid + " does not have Location permission");
+        }
+    }
+
+    /**
      * API to determine if the caller has permissions to get
      * scan results.
      * @param pkgName Packagename of the application requesting access
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
index b73aa299c..1553f3a7e 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
@@ -17,6 +17,8 @@
 package com.android.server.wifi;
 
 import static android.net.wifi.WifiManager.WIFI_STATE_DISABLED;
+import static android.provider.Settings.Secure.LOCATION_MODE_HIGH_ACCURACY;
+import static android.provider.Settings.Secure.LOCATION_MODE_OFF;
 
 import static com.android.server.wifi.WifiController.CMD_SET_AP;
 import static com.android.server.wifi.WifiController.CMD_WIFI_TOGGLED;
@@ -696,6 +698,44 @@ public class WifiServiceImplTest {
      */
     @Test(expected = UnsupportedOperationException.class)
     public void testStartLocalOnlyHotspotNotSupported() {
+        // allow test to proceed without a permission check failure
+        when(mSettingsStore.getLocationModeSetting(mContext))
+                .thenReturn(LOCATION_MODE_HIGH_ACCURACY);
+        mWifiServiceImpl.startLocalOnlyHotspot(mAppMessenger, mAppBinder);
+    }
+
+    /**
+     * Verify that a call to startLocalOnlyHotspot throws a SecurityException if the caller does not
+     * have the CHANGE_WIFI_STATE permission.
+     */
+    @Test(expected = SecurityException.class)
+    public void testStartLocalOnlyHotspotThrowsSecurityExceptionWithoutCorrectPermission() {
+        doThrow(new SecurityException()).when(mContext)
+                .enforceCallingOrSelfPermission(eq(android.Manifest.permission.CHANGE_WIFI_STATE),
+                                                eq("WifiService"));
+        mWifiServiceImpl.startLocalOnlyHotspot(mAppMessenger, mAppBinder);
+    }
+
+    /**
+     * Verify that a call to startLocalOnlyHotspot throws a SecurityException if the caller does not
+     * have Location permission.
+     */
+    @Test(expected = SecurityException.class)
+    public void testStartLocalOnlyHotspotThrowsSecurityExceptionWithoutLocationPermission() {
+        when(mContext.getOpPackageName()).thenReturn(TEST_PACKAGE_NAME);
+        doThrow(new SecurityException())
+                .when(mWifiPermissionsUtil).enforceLocationPermission(eq(TEST_PACKAGE_NAME),
+                                                                      anyInt());
+        mWifiServiceImpl.startLocalOnlyHotspot(mAppMessenger, mAppBinder);
+    }
+
+    /**
+     * Verify that a call to startLocalOnlyHotspot throws a SecurityException if Location mode is
+     * disabled.
+     */
+    @Test(expected = SecurityException.class)
+    public void testStartLocalOnlyHotspotThrowsSecurityExceptionWithoutLocationEnabled() {
+        when(mSettingsStore.getLocationModeSetting(mContext)).thenReturn(LOCATION_MODE_OFF);
         mWifiServiceImpl.startLocalOnlyHotspot(mAppMessenger, mAppBinder);
     }
 
@@ -705,6 +745,19 @@ public class WifiServiceImplTest {
      */
     @Test(expected = UnsupportedOperationException.class)
     public void testStopLocalOnlyHotspotNotSupported() {
+        // allow test to proceed without a permission check failure
+        mWifiServiceImpl.stopLocalOnlyHotspot();
+    }
+
+    /**
+     * Verify that a call to stopLocalOnlyHotspot throws a SecurityException if the caller does not
+     * have the CHANGE_WIFI_STATE permission.
+     */
+    @Test(expected = SecurityException.class)
+    public void testStopLocalOnlyHotspotThrowsSecurityExceptionWithoutCorrectPermission() {
+        doThrow(new SecurityException()).when(mContext)
+                .enforceCallingOrSelfPermission(eq(android.Manifest.permission.CHANGE_WIFI_STATE),
+                                                eq("WifiService"));
         mWifiServiceImpl.stopLocalOnlyHotspot();
     }
 
diff --git a/tests/wifitests/src/com/android/server/wifi/util/WifiPermissionsUtilTest.java b/tests/wifitests/src/com/android/server/wifi/util/WifiPermissionsUtilTest.java
index 33495f904..308e26776 100644
--- a/tests/wifitests/src/com/android/server/wifi/util/WifiPermissionsUtilTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/util/WifiPermissionsUtilTest.java
@@ -428,6 +428,40 @@ public class WifiPermissionsUtilTest {
         }
     }
 
+    /**
+     * Test case setting: caller does have Location permission.
+     * A SecurityException should not be thrown.
+     */
+    @Test
+    public void testEnforceLocationPermission() throws Exception {
+        mThrowSecurityException = false;
+        mMockApplInfo.targetSdkVersion = Build.VERSION_CODES.GINGERBREAD;
+        mLocationModeSetting = Settings.Secure.LOCATION_MODE_HIGH_ACCURACY;
+        mCoarseLocationPermission = PackageManager.PERMISSION_GRANTED;
+        mAllowCoarseLocationApps = AppOpsManager.MODE_ALLOWED;
+        mWifiScanAllowApps = AppOpsManager.MODE_ALLOWED;
+        mUid = MANAGED_PROFILE_UID;
+        mMockUserInfo.id = mCallingUser;
+        setupTestCase();
+        WifiPermissionsUtil codeUnderTest = new WifiPermissionsUtil(mMockPermissionsWrapper,
+                mMockContext, mMockWifiSettingsStore, mMockUserManager, mNetworkScoreManager,
+                mWifiInjector);
+        codeUnderTest.enforceLocationPermission(TEST_PACKAGE_NAME, mUid);
+    }
+
+    /**
+     * Test case setting: caller does not have Location permission.
+     * Expect a SecurityException
+     */
+    @Test(expected = SecurityException.class)
+    public void testEnforceLocationPermissionExpectSecurityException() throws Exception {
+        setupTestCase();
+        WifiPermissionsUtil codeUnderTest = new WifiPermissionsUtil(mMockPermissionsWrapper,
+                mMockContext, mMockWifiSettingsStore, mMockUserManager, mNetworkScoreManager,
+                mWifiInjector);
+        codeUnderTest.enforceLocationPermission(TEST_PACKAGE_NAME, mUid);
+    }
+
     private Answer<Integer> createPermissionAnswer() {
         return new Answer<Integer>() {
             @Override
author	Rebecca Silberstein <silberst@google.com>	2017-05-01 22:52:02 +0000
committer	android-build-merger <android-build-merger@google.com>	2017-05-01 22:52:02 +0000
commit	8a0adb85524d01b5a235a9ae95154cbc389d4cf8 (patch)
tree	65016c1805b9442a72895d165f339bd2143c957e
parent	ab6d0d4b35673dcca253255362f048bce7370a4d (diff)
parent	8d1925ab9cce5ad312987272bca1fb838c93de8c (diff)