Merge "[WiFi] Replace internal connectivity checks permission" am: b5ed396b15

Change-Id: I08d5a862a45cd9655410c7fe22ed9fb621241f14
author: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2020-02-01 15:23:55 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2020-02-01 15:23:55 +0000
commit: 8db7ae8d54bf754a08249a29b2f4136fa5007139 (patch)
tree: ef73166925f6d887157dce18f94451c36a67bf2f
parent: ec892fede0be02219fe6260c9b5a89f5536a7364 (diff)
parent: b5ed396b15c1d4703c822f53a745d9abb0686a24 (diff)
6 files changed, 42 insertions, 60 deletions
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java
index 977b24893..c0d65e931 100644
--- a/service/java/com/android/server/wifi/WifiServiceImpl.java
+++ b/service/java/com/android/server/wifi/WifiServiceImpl.java
@@ -683,7 +683,7 @@ public class WifiServiceImpl extends BaseWifiService {
     @Override
     public String getCurrentNetworkWpsNfcConfigurationToken() {
         // while CLs are in flight, return null here, will be removed (b/72423090)
-        enforceConnectivityInternalPermission();
+        enforceNetworkStackPermission();
         if (mVerboseLoggingEnabled) {
             mLog.info("getCurrentNetworkWpsNfcConfigurationToken uid=%")
                     .c(Binder.getCallingUid()).flush();
@@ -2420,7 +2420,7 @@ public class WifiServiceImpl extends BaseWifiService {
     @Override
     public void setCountryCode(String countryCode) {
         Slog.i(TAG, "WifiService trying to set country code to " + countryCode);
-        enforceConnectivityInternalPermission();
+        enforceNetworkStackPermission();
         mLog.info("setCountryCode uid=%").c(Binder.getCallingUid()).flush();
         final long token = Binder.clearCallingIdentity();
         mCountryCode.setCountryCode(countryCode);
@@ -2435,7 +2435,7 @@ public class WifiServiceImpl extends BaseWifiService {
      */
     @Override
     public String getCountryCode() {
-        enforceConnectivityInternalPermission();
+        enforceNetworkStackPermission();
         if (mVerboseLoggingEnabled) {
             mLog.info("getCountryCode uid=%").c(Binder.getCallingUid()).flush();
         }
@@ -2973,7 +2973,7 @@ public class WifiServiceImpl extends BaseWifiService {
 
     @Override
     public void factoryReset(String packageName) {
-        enforceConnectivityInternalPermission();
+        enforceNetworkSettingsPermission();
         if (enforceChangePermission(packageName) != MODE_ALLOWED) {
             return;
         }
diff --git a/service/java/com/android/server/wifi/aware/WifiAwareDataPathStateManager.java b/service/java/com/android/server/wifi/aware/WifiAwareDataPathStateManager.java
index 5832ee898..ac42118e6 100644
--- a/service/java/com/android/server/wifi/aware/WifiAwareDataPathStateManager.java
+++ b/service/java/com/android/server/wifi/aware/WifiAwareDataPathStateManager.java
@@ -1369,7 +1369,7 @@ public class WifiAwareDataPathStateManager {
 
             // validate permission if PMK is used (SystemApi)
             if (ns.pmk != null && ns.pmk.length != 0) {
-                if (permissionWrapper.getUidPermission(Manifest.permission.CONNECTIVITY_INTERNAL,
+                if (permissionWrapper.getUidPermission(Manifest.permission.NETWORK_STACK,
                         ns.requestorUid) != PackageManager.PERMISSION_GRANTED) {
                     Log.e(TAG, "processNetworkSpecifier: networkSpecifier=" + ns.toString()
                             + " -- UID doesn't have permission to use PMK API");
diff --git a/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java b/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java
index 055fa72ef..9f5a3cbad 100644
--- a/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java
+++ b/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java
@@ -34,6 +34,7 @@ import android.net.InterfaceConfiguration;
 import android.net.LinkAddress;
 import android.net.LinkProperties;
 import android.net.NetworkInfo;
+import android.net.NetworkStack;
 import android.net.NetworkUtils;
 import android.net.ip.IIpClient;
 import android.net.ip.IpClientCallbacks;
@@ -485,27 +486,28 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
                 "WifiP2pService");
     }
 
-    private void enforceConnectivityInternalPermission() {
-        mContext.enforceCallingOrSelfPermission(
-                android.Manifest.permission.CONNECTIVITY_INTERNAL,
-                "WifiP2pService");
-    }
-
-    private int checkConnectivityInternalPermission() {
-        return mContext.checkCallingOrSelfPermission(
-                android.Manifest.permission.CONNECTIVITY_INTERNAL);
+    private boolean checkAnyPermissionOf(String... permissions) {
+        for (String permission : permissions) {
+            if (mContext.checkCallingOrSelfPermission(permission)
+                    == PackageManager.PERMISSION_GRANTED) {
+                return true;
+            }
+        }
+        return false;
     }
 
-    private int checkLocationHardwarePermission() {
-        return mContext.checkCallingOrSelfPermission(
-                android.Manifest.permission.LOCATION_HARDWARE);
+    private void enforceAnyPermissionOf(String... permissions) {
+        if (!checkAnyPermissionOf(permissions)) {
+            throw new SecurityException("Requires one of the following permissions: "
+                    + String.join(", ", permissions) + ".");
+        }
     }
 
-    private void enforceConnectivityInternalOrLocationHardwarePermission() {
-        if (checkConnectivityInternalPermission() != PackageManager.PERMISSION_GRANTED
-                && checkLocationHardwarePermission() != PackageManager.PERMISSION_GRANTED) {
-            enforceConnectivityInternalPermission();
-        }
+    private void enforceNetworkStackOrLocationHardwarePermission() {
+        enforceAnyPermissionOf(
+                android.Manifest.permission.LOCATION_HARDWARE,
+                android.Manifest.permission.NETWORK_STACK,
+                NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
     }
 
     private void stopIpClient() {
@@ -624,7 +626,7 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
      */
     @Override
     public Messenger getP2pStateMachineMessenger() {
-        enforceConnectivityInternalOrLocationHardwarePermission();
+        enforceNetworkStackOrLocationHardwarePermission();
         enforceAccessPermission();
         enforceChangePermission();
         return new Messenger(mP2pStateMachine.getHandler());
@@ -678,7 +680,6 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
      */
     @Override
     public void setMiracastMode(int mode) {
-        enforceConnectivityInternalPermission();
         checkConfigureWifiDisplayPermission();
         mP2pStateMachine.sendMessage(SET_MIRACAST_MODE, mode);
     }
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
index e6e7a2b72..b7b7dd17e 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
@@ -3116,14 +3116,14 @@ public class WifiServiceImplTest {
 
     /**
      * Verify that setCountryCode() fails and doesn't call WifiCountryCode object
-     * if the caller doesn't have CONNECTIVITY_INTERNAL permission.
+     * if the caller doesn't have NETWORK_STACK permission.
      */
     @Test(expected = SecurityException.class)
-    public void testSetCountryCodeFailsWithoutConnectivityInternalPermission() throws Exception {
-        doThrow(new SecurityException()).when(mContext)
-                .enforceCallingOrSelfPermission(
-                        eq(android.Manifest.permission.CONNECTIVITY_INTERNAL),
-                        eq("ConnectivityService"));
+    public void testSetCountryCodeFailsWithoutNetworkStackPermission() throws Exception {
+        when(mContext.checkCallingOrSelfPermission(android.Manifest.permission.NETWORK_STACK))
+                .thenReturn(PackageManager.PERMISSION_DENIED);
+        doThrow(new SecurityException()).when(mContext).enforceCallingOrSelfPermission(
+                eq(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK), any());
         mWifiServiceImpl.setCountryCode(TEST_COUNTRY_CODE);
         verify(mWifiCountryCode, never()).setCountryCode(TEST_COUNTRY_CODE);
     }
@@ -3701,13 +3701,13 @@ public class WifiServiceImplTest {
 
     /**
      * Verify that a call to factoryReset throws a SecurityException if the caller does not have
-     * the CONNECTIVITY_INTERNAL permission.
+     * the NETWORK_SETTINGS permission.
      */
     @Test
-    public void testFactoryResetWithoutConnectivityInternalPermission() throws Exception {
+    public void testFactoryResetWithoutNetworkSettingsPermission() throws Exception {
         doThrow(new SecurityException()).when(mContext)
-                .enforceCallingOrSelfPermission(eq(Manifest.permission.CONNECTIVITY_INTERNAL),
-                        eq("ConnectivityService"));
+                .enforceCallingOrSelfPermission(eq(Manifest.permission.NETWORK_SETTINGS),
+                        eq("WifiService"));
         mWifiServiceImpl.mClientModeImplChannel = mAsyncChannel;
 
         try {
diff --git a/tests/wifitests/src/com/android/server/wifi/aware/WifiAwareDataPathStateManagerTest.java b/tests/wifitests/src/com/android/server/wifi/aware/WifiAwareDataPathStateManagerTest.java
index 0f3e73cf9..2cc9f14ff 100644
--- a/tests/wifitests/src/com/android/server/wifi/aware/WifiAwareDataPathStateManagerTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/aware/WifiAwareDataPathStateManagerTest.java
@@ -179,8 +179,8 @@ public class WifiAwareDataPathStateManagerTest {
         when(mMockPowerManager.isDeviceIdleMode()).thenReturn(false);
         when(mMockPowerManager.isInteractive()).thenReturn(true);
 
-        when(mPermissionsWrapperMock.getUidPermission(eq(Manifest.permission.CONNECTIVITY_INTERNAL),
-                anyInt())).thenReturn(PackageManager.PERMISSION_GRANTED);
+        when(mPermissionsWrapperMock.getUidPermission(eq(Manifest.permission.NETWORK_STACK),
+                eq(Process.myUid()))).thenReturn(PackageManager.PERMISSION_GRANTED);
 
         mDut.mDataPathMgr.mNwService = mMockNwMgt;
         mDut.mDataPathMgr.mNiWrapper = mMockNetworkInterface;
@@ -288,8 +288,8 @@ public class WifiAwareDataPathStateManagerTest {
         InOrder inOrder = inOrder(mMockNative, mMockCm, mMockCallback, mMockSessionCallback);
         InOrder inOrderM = inOrder(mAwareMetricsMock);
 
-        when(mPermissionsWrapperMock.getUidPermission(eq(Manifest.permission.CONNECTIVITY_INTERNAL),
-                anyInt())).thenReturn(PackageManager.PERMISSION_DENIED);
+        when(mPermissionsWrapperMock.getUidPermission(eq(Manifest.permission.NETWORK_STACK),
+                eq(Process.myUid()))).thenReturn(PackageManager.PERMISSION_DENIED);
 
         // (0) initialize
         DataPathEndPointInfo res = initDataPathEndPoint(true, clientId, pubSubId, requestorId,
@@ -1319,7 +1319,7 @@ public class WifiAwareDataPathStateManagerTest {
 
         if (!providePmk) {
             when(mPermissionsWrapperMock.getUidPermission(
-                    eq(Manifest.permission.CONNECTIVITY_INTERNAL), anyInt())).thenReturn(
+                    eq(Manifest.permission.NETWORK_STACK), eq(Process.myUid()))).thenReturn(
                     PackageManager.PERMISSION_DENIED);
         }
 
@@ -1481,7 +1481,7 @@ public class WifiAwareDataPathStateManagerTest {
 
         if (providePmk) {
             when(mPermissionsWrapperMock.getUidPermission(
-                    eq(Manifest.permission.CONNECTIVITY_INTERNAL), anyInt())).thenReturn(
+                    eq(Manifest.permission.NETWORK_STACK), eq(Process.myUid()))).thenReturn(
                     PackageManager.PERMISSION_GRANTED);
         }
 
diff --git a/tests/wifitests/src/com/android/server/wifi/p2p/WifiP2pServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/p2p/WifiP2pServiceImplTest.java
index 1091c1dac..4f6357757 100644
--- a/tests/wifitests/src/com/android/server/wifi/p2p/WifiP2pServiceImplTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/p2p/WifiP2pServiceImplTest.java
@@ -3036,8 +3036,6 @@ public class WifiP2pServiceImplTest {
                 .thenReturn(PackageManager.PERMISSION_GRANTED);
         mWifiP2pServiceImpl.setMiracastMode(0);
         mLooper.dispatchAll();
-        verify(mContext).enforceCallingOrSelfPermission(
-                eq(android.Manifest.permission.CONNECTIVITY_INTERNAL), eq("WifiP2pService"));
         verify(mWifiInjector).getWifiPermissionsWrapper();
         verify(mWifiPermissionsWrapper).getUidPermission(
                 eq(android.Manifest.permission.CONFIGURE_WIFI_DISPLAY), anyInt());
@@ -3054,8 +3052,6 @@ public class WifiP2pServiceImplTest {
                 .thenReturn(PackageManager.PERMISSION_GRANTED);
         mWifiP2pServiceImpl.setMiracastMode(0);
         mLooper.dispatchAll();
-        verify(mContext).enforceCallingOrSelfPermission(
-                eq(android.Manifest.permission.CONNECTIVITY_INTERNAL), eq("WifiP2pService"));
         verify(mWifiInjector).getWifiPermissionsWrapper();
         verify(mWifiPermissionsWrapper).getUidPermission(
                 eq(android.Manifest.permission.CONFIGURE_WIFI_DISPLAY), anyInt());
@@ -3063,29 +3059,14 @@ public class WifiP2pServiceImplTest {
     }
 
     /**
-     * Verify the call setMiracastMode when CONNECTIVITY_INTERNAL permission denied.
-     */
-    @Test(expected = SecurityException.class)
-    public void testSetMiracastModeWhenPermissionDeined1() throws Exception {
-        doThrow(SecurityException.class).when(mContext)
-                .enforceCallingOrSelfPermission(anyString(), anyString());
-        mWifiP2pServiceImpl.setMiracastMode(0);
-        verify(mContext).enforceCallingOrSelfPermission(
-                eq(android.Manifest.permission.CONNECTIVITY_INTERNAL), eq("WifiP2pService"));
-        verify(mWifiNative, never()).setMiracastMode(anyInt());
-    }
-
-    /**
      * Verify the call setMiracastMode when CONFIGURE_WIFI_DISPLAY permission denied.
      */
     @Test(expected = SecurityException.class)
-    public void testSetMiracastModeWhenPermissionDeined2() throws Exception {
+    public void testSetMiracastModeWhenPermissionDeined() throws Exception {
         when(mWifiInjector.getWifiPermissionsWrapper()).thenReturn(mWifiPermissionsWrapper);
         when(mWifiPermissionsWrapper.getUidPermission(anyString(), anyInt()))
                 .thenReturn(PackageManager.PERMISSION_DENIED);
         mWifiP2pServiceImpl.setMiracastMode(0);
-        verify(mContext).enforceCallingOrSelfPermission(
-                eq(android.Manifest.permission.CONNECTIVITY_INTERNAL), eq("WifiP2pService"));
         verify(mWifiInjector).getWifiPermissionsWrapper();
         verify(mWifiPermissionsWrapper).getUidPermission(
                 eq(android.Manifest.permission.CONFIGURE_WIFI_DISPLAY), anyInt());
author	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2020-02-01 15:23:55 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2020-02-01 15:23:55 +0000
commit	8db7ae8d54bf754a08249a29b2f4136fa5007139 (patch)
tree	ef73166925f6d887157dce18f94451c36a67bf2f
parent	ec892fede0be02219fe6260c9b5a89f5536a7364 (diff)
parent	b5ed396b15c1d4703c822f53a745d9abb0686a24 (diff)