Merge changes from topic "p2p-systemapi"

* changes: WifiP2pService: Add permission checks for new @SystemApis Rename WIFI_P2P_PERSISTENT_GROUPS_CHANGED_ACTION intent
author: David Su <dysu@google.com> 2019-11-18 17:52:54 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2019-11-18 17:52:54 +0000
commit: 908eda596c7d233b5ef234837b2e41cf4e8872f5 (patch)
tree: 9e5c114479045aa6abfe8919bb30c8080327b3cd
parent: 7703348beff18ed6cfe4abec9e4d8ab227833c85 (diff)
parent: cf8a3f0243ff1c36ea19d0bb46225f9df4e01c8f (diff)
3 files changed, 183 insertions, 4 deletions
diff --git a/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java b/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java
index 8fc0a8f6b..dd6a3060e 100644
--- a/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java
+++ b/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java
@@ -1080,6 +1080,15 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
                                 maybeEraseOwnDeviceAddress(mGroup, message.sendingUid));
                         break;
                     case WifiP2pManager.REQUEST_PERSISTENT_GROUP_INFO:
+                        if (!checkNetworkSettingsOrNetworkStackOrReadWifiCredentialPermission(
+                                message.sendingUid)) {
+                            loge("Permission violation - none of NETWORK_SETTING, NETWORK_STACK,"
+                                    + " or READ_WIFI_CREDENTIAL permission, uid = "
+                                    + message.sendingUid);
+                            replyToMessage(message, WifiP2pManager.RESPONSE_PERSISTENT_GROUP_INFO,
+                                    new WifiP2pGroupList());
+                            break;
+                        }
                         replyToMessage(message, WifiP2pManager.RESPONSE_PERSISTENT_GROUP_INFO,
                                 new WifiP2pGroupList(
                                         maybeEraseOwnDeviceAddress(mGroups, message.sendingUid),
@@ -1483,6 +1492,15 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
                         break;
                     case WifiP2pManager.SET_DEVICE_NAME:
                     {
+                        if (!checkNetworkSettingsOrNetworkStackOrOverrideWifiConfigPermission(
+                                message.sendingUid)) {
+                            loge("Permission violation - none of NETWORK_SETTING, NETWORK_STACK,"
+                                    + " or OVERRIDE_WIFI_CONFIG permission, uid = "
+                                    + message.sendingUid);
+                            replyToMessage(message, WifiP2pManager.SET_DEVICE_NAME_FAILED,
+                                    WifiP2pManager.ERROR);
+                            break;
+                        }
                         WifiP2pDevice d = (WifiP2pDevice) message.obj;
                         if (d != null && setAndPersistDeviceName(d.deviceName)) {
                             if (mVerboseLoggingEnabled) logd("set device name " + d.deviceName);
@@ -1683,6 +1701,15 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
                         }
                         break;
                     case WifiP2pManager.DELETE_PERSISTENT_GROUP:
+                        if (!checkNetworkSettingsOrNetworkStackOrOverrideWifiConfigPermission(
+                                message.sendingUid)) {
+                            loge("Permission violation - none of NETWORK_SETTING, NETWORK_STACK,"
+                                    + " or OVERRIDE_WIFI_CONFIG permission, uid = "
+                                    + message.sendingUid);
+                            replyToMessage(message, WifiP2pManager.DELETE_PERSISTENT_GROUP_FAILED,
+                                    WifiP2pManager.ERROR);
+                            break;
+                        }
                         if (mVerboseLoggingEnabled) logd(getName() + " delete persistent group");
                         mGroups.remove(message.arg1);
                         mWifiP2pMetrics.updatePersistentGroup(mGroups);
@@ -1724,6 +1751,15 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
                         mWifiNative.p2pFlush();
                         break;
                     case WifiP2pManager.SET_CHANNEL:
+                        if (!checkNetworkSettingsOrNetworkStackOrOverrideWifiConfigPermission(
+                                message.sendingUid)) {
+                            loge("Permission violation - none of NETWORK_SETTING, NETWORK_STACK,"
+                                    + " or OVERRIDE_WIFI_CONFIG permission, uid = "
+                                    + message.sendingUid);
+                            replyToMessage(message, WifiP2pManager.SET_CHANNEL_FAILED,
+                                    WifiP2pManager.ERROR);
+                            break;
+                        }
                         Bundle p2pChannels = (Bundle) message.obj;
                         int lc = p2pChannels.getInt("lc", 0);
                         int oc = p2pChannels.getInt("oc", 0);
@@ -2042,6 +2078,15 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
                         mWifiNative.p2pFlush();
                         break;
                     case WifiP2pManager.SET_CHANNEL:
+                        if (!checkNetworkSettingsOrNetworkStackOrOverrideWifiConfigPermission(
+                                message.sendingUid)) {
+                            loge("Permission violation - none of NETWORK_SETTING, NETWORK_STACK,"
+                                    + " or OVERRIDE_WIFI_CONFIG permission, uid = "
+                                    + message.sendingUid);
+                            replyToMessage(message, WifiP2pManager.SET_CHANNEL_FAILED,
+                                    WifiP2pManager.ERROR);
+                            break;
+                        }
                         if (message.obj == null) {
                             Log.e(TAG, "Illegal arguments(s)");
                             break;
@@ -3042,7 +3087,7 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
 
         private void sendP2pPersistentGroupsChangedBroadcast() {
             if (mVerboseLoggingEnabled) logd("sending p2p persistent groups changed broadcast");
-            Intent intent = new Intent(WifiP2pManager.WIFI_P2P_PERSISTENT_GROUPS_CHANGED_ACTION);
+            Intent intent = new Intent(WifiP2pManager.ACTION_WIFI_P2P_PERSISTENT_GROUPS_CHANGED);
             intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY_BEFORE_BOOT);
             mContext.sendStickyBroadcastAsUser(intent, UserHandle.ALL);
         }
@@ -4214,4 +4259,34 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
             mServList = new ArrayList<WifiP2pServiceInfo>();
         }
     }
+
+    /**
+     * Check that the UID has one of the following permissions:
+     * {@link android.Manifest.permission.NETWORK_SETTINGS}
+     * {@link android.Manifest.permission.NETWORK_STACK}
+     * {@link android.Manifest.permission.OVERRIDE_WIFI_CONFIG}
+     *
+     * @param uid the UID to check
+     * @return whether the UID has any of the above permissions
+     */
+    private boolean checkNetworkSettingsOrNetworkStackOrOverrideWifiConfigPermission(int uid) {
+        return mWifiPermissionsUtil.checkNetworkSettingsPermission(uid)
+                || mWifiPermissionsUtil.checkNetworkStackPermission(uid)
+                || mWifiPermissionsUtil.checkConfigOverridePermission(uid);
+    }
+
+    /**
+     * Check that the UID has one of the following permissions:
+     * {@link android.Manifest.permission.NETWORK_SETTINGS}
+     * {@link android.Manifest.permission.NETWORK_STACK}
+     * {@link android.Manifest.permission.READ_WIFI_CREDENTIAL}
+     *
+     * @param uid the UID to check
+     * @return whether the UID has any of the above permissions
+     */
+    private boolean checkNetworkSettingsOrNetworkStackOrReadWifiCredentialPermission(int uid) {
+        return mWifiPermissionsUtil.checkNetworkSettingsPermission(uid)
+                || mWifiPermissionsUtil.checkNetworkStackPermission(uid)
+                || mWifiPermissionsUtil.checkReadWifiCredentialPermission(uid);
+    }
 }
diff --git a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
index 957e2abea..5e651d415 100644
--- a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
+++ b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
@@ -476,6 +476,15 @@ public class WifiPermissionsUtil {
     }
 
     /**
+     * Returns true if the |uid| holds READ_WIFI_CREDENTIAL permission.
+     */
+    public boolean checkReadWifiCredentialPermission(int uid) {
+        return mWifiPermissionsWrapper.getUidPermission(
+                android.Manifest.permission.READ_WIFI_CREDENTIAL, uid)
+                == PackageManager.PERMISSION_GRANTED;
+    }
+
+    /**
      * Returns true if the |callingUid|/\callingPackage| holds SYSTEM_ALERT_WINDOW permission.
      */
     public boolean checkSystemAlertWindowPermission(int callingUid, String callingPackage) {
diff --git a/tests/wifitests/src/com/android/server/wifi/p2p/WifiP2pServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/p2p/WifiP2pServiceImplTest.java
index 95ffbc6c2..f37ce6786 100644
--- a/tests/wifitests/src/com/android/server/wifi/p2p/WifiP2pServiceImplTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/p2p/WifiP2pServiceImplTest.java
@@ -678,14 +678,14 @@ public class WifiP2pServiceImplTest extends WifiBaseTest {
     }
 
     /**
-     * Check the broadcast of WIFI_P2P_PERSISTENT_GROUPS_CHANGED_ACTION is sent as expected.
+     * Check the broadcast of ACTION_WIFI_P2P_PERSISTENT_GROUPS_CHANGED is sent as expected.
      */
     private void checkSendP2pPersistentGroupsChangedBroadcast() {
         ArgumentCaptor<Intent> intentCaptor = ArgumentCaptor.forClass(Intent.class);
         verify(mContext, atLeastOnce()).sendStickyBroadcastAsUser(
                 intentCaptor.capture(), eq(UserHandle.ALL));
         Intent intent = intentCaptor.getValue();
-        assertEquals(WifiP2pManager.WIFI_P2P_PERSISTENT_GROUPS_CHANGED_ACTION, intent.getAction());
+        assertEquals(WifiP2pManager.ACTION_WIFI_P2P_PERSISTENT_GROUPS_CHANGED, intent.getAction());
         assertEquals(Intent.FLAG_RECEIVER_REGISTERED_ONLY_BEFORE_BOOT, intent.getFlags());
     }
 
@@ -727,6 +727,11 @@ public class WifiP2pServiceImplTest extends WifiBaseTest {
         when(mWifiInjector.getWifiP2pNative()).thenReturn(mWifiNative);
         when(mWifiInjector.getWifiP2pServiceHandlerThread()).thenReturn(mHandlerThread);
         when(mWifiInjector.getWifiPermissionsUtil()).thenReturn(mWifiPermissionsUtil);
+        // enable all permissions, disable specific permissions in tests
+        when(mWifiPermissionsUtil.checkNetworkSettingsPermission(anyInt())).thenReturn(true);
+        when(mWifiPermissionsUtil.checkNetworkStackPermission(anyInt())).thenReturn(true);
+        when(mWifiPermissionsUtil.checkReadWifiCredentialPermission(anyInt())).thenReturn(true);
+        when(mWifiPermissionsUtil.checkConfigOverridePermission(anyInt())).thenReturn(true);
         when(mWifiNative.setupInterface(any(), any())).thenReturn(IFACE_NAME_P2P);
         when(mWifiNative.p2pGetDeviceAddress()).thenReturn(thisDeviceMac);
         doAnswer(new AnswerWithArguments() {
@@ -1692,6 +1697,27 @@ public class WifiP2pServiceImplTest extends WifiBaseTest {
     }
 
     /**
+     * Verify that respond with DELETE_PERSISTENT_GROUP_FAILED
+     * when caller sends DELETE_PERSISTENT_GROUP and doesn't have the necessary permissions.
+     */
+    @Test
+    public void testDeletePersistentGroupFailureWhenNoPermissions() throws Exception {
+        // Move to enabled state
+        forceP2pEnabled(mClient1);
+
+        // no permissions held
+        when(mWifiPermissionsUtil.checkNetworkSettingsPermission(anyInt())).thenReturn(false);
+        when(mWifiPermissionsUtil.checkNetworkStackPermission(anyInt())).thenReturn(false);
+        when(mWifiPermissionsUtil.checkConfigOverridePermission(anyInt())).thenReturn(false);
+
+        sendDeletePersistentGroupMsg(mClientMessenger, WifiP2pGroup.PERSISTENT_NET_ID);
+        verify(mClientHandler).sendMessage(mMessageCaptor.capture());
+        Message message = mMessageCaptor.getValue();
+        assertEquals(WifiP2pManager.DELETE_PERSISTENT_GROUP_FAILED, message.what);
+        assertEquals(WifiP2pManager.ERROR, message.arg1);
+    }
+
+    /**
      * Verify the peer scan counter is increased while receiving WifiP2pManager.DISCOVER_PEERS at
      * P2pEnabledState.
      */
@@ -2449,6 +2475,29 @@ public class WifiP2pServiceImplTest extends WifiBaseTest {
     }
 
     /**
+     *  Verify WifiP2pManager.SET_CHANNEL_FAILED is returned when no permissions are held.
+     */
+    @Test
+    public void testSetChannelFailureWhenNoPermissions() throws Exception {
+        // Move to enabled state
+        forceP2pEnabled(mClient1);
+
+        // no permissions held
+        when(mWifiPermissionsUtil.checkNetworkSettingsPermission(anyInt())).thenReturn(false);
+        when(mWifiPermissionsUtil.checkNetworkStackPermission(anyInt())).thenReturn(false);
+        when(mWifiPermissionsUtil.checkConfigOverridePermission(anyInt())).thenReturn(false);
+
+        Bundle p2pChannels = new Bundle();
+        p2pChannels.putInt("lc", 1);
+        p2pChannels.putInt("oc", 2);
+        sendSetChannelMsg(mClientMessenger, p2pChannels);
+        verify(mClientHandler).sendMessage(mMessageCaptor.capture());
+        Message message = mMessageCaptor.getValue();
+        assertEquals(WifiP2pManager.SET_CHANNEL_FAILED, message.what);
+        assertEquals(WifiP2pManager.ERROR, message.arg1);
+    }
+
+    /**
      *  Verify p2pSetChannel doesn't been called when message contain null object.
      */
     @Test
@@ -2688,7 +2737,7 @@ public class WifiP2pServiceImplTest extends WifiBaseTest {
     }
 
     /**
-     * Verify WifiP2pManager.SET_DEVICE_NAME_FAILED is returned when p2p device is null.
+     * Verify WifiP2pManager.SET_DEVICE_NAME_FAILED is returned when native call failed.
      */
     @Test
     public void testSetDeviceNameFailureWhenNativeCallFailure() throws Exception {
@@ -2761,6 +2810,26 @@ public class WifiP2pServiceImplTest extends WifiBaseTest {
     }
 
     /**
+     * Verify WifiP2pManager.SET_DEVICE_NAME_FAILED is returned when no permissions are held.
+     */
+    @Test
+    public void testSetDeviceNameFailureWhenNoPermissions() throws Exception {
+        // Move to enabled state
+        forceP2pEnabled(mClient1);
+
+        // no permissions held
+        when(mWifiPermissionsUtil.checkNetworkSettingsPermission(anyInt())).thenReturn(false);
+        when(mWifiPermissionsUtil.checkNetworkStackPermission(anyInt())).thenReturn(false);
+        when(mWifiPermissionsUtil.checkConfigOverridePermission(anyInt())).thenReturn(false);
+
+        sendSetDeviceNameMsg(mClientMessenger, null);
+        verify(mClientHandler).sendMessage(mMessageCaptor.capture());
+        Message message = mMessageCaptor.getValue();
+        assertEquals(WifiP2pManager.SET_DEVICE_NAME_FAILED, message.what);
+        assertEquals(WifiP2pManager.ERROR, message.arg1);
+    }
+
+    /**
      * Verify the caller sends WifiP2pManager.SET_WFD_INFO with wfd enabled.
      */
     @Test
@@ -3375,6 +3444,32 @@ public class WifiP2pServiceImplTest extends WifiBaseTest {
     }
 
     /**
+     * Verify that when no permissions are held, an empty {@link WifiP2pGroupList} is returned.
+     */
+    @Test
+    public void testRequestPersistentGroupInfoNoPermissionFailure() throws Exception {
+        // Ensure our own MAC address is not anonymized in the result
+        when(mWifiPermissionsUtil.checkLocalMacAddressPermission(anyInt())).thenReturn(true);
+        forceP2pEnabled(mClient1);
+
+        // no permissions held
+        when(mWifiPermissionsUtil.checkNetworkSettingsPermission(anyInt())).thenReturn(false);
+        when(mWifiPermissionsUtil.checkNetworkStackPermission(anyInt())).thenReturn(false);
+        when(mWifiPermissionsUtil.checkReadWifiCredentialPermission(anyInt())).thenReturn(false);
+
+        sendSimpleMsg(mClientMessenger, WifiP2pManager.REQUEST_PERSISTENT_GROUP_INFO);
+
+        verify(mClientHandler).sendMessage(mMessageCaptor.capture());
+        Message message = mMessageCaptor.getValue();
+        WifiP2pGroupList groups = (WifiP2pGroupList) message.obj;
+        assertEquals(WifiP2pManager.RESPONSE_PERSISTENT_GROUP_INFO, message.what);
+        // WifiP2pGroupList does not implement equals operator,
+        // use toString to compare two lists.
+        // Expect empty WifiP2pGroupList()
+        assertEquals(new WifiP2pGroupList().toString(), groups.toString());
+    }
+
+    /**
      * Verify that respond with RESPONSE_CONNECTION_INFO
      * when caller sends REQUEST_CONNECTION_INFO.
      */
author	David Su <dysu@google.com>	2019-11-18 17:52:54 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2019-11-18 17:52:54 +0000
commit	908eda596c7d233b5ef234837b2e41cf4e8872f5 (patch)
tree	9e5c114479045aa6abfe8919bb30c8080327b3cd
parent	7703348beff18ed6cfe4abec9e4d8ab227833c85 (diff)
parent	cf8a3f0243ff1c36ea19d0bb46225f9df4e01c8f (diff)