WifiConfigManager: Mask Randomized MAC Address

Mask out the Randomized MAC Address from WifiConfiguration object when it is being provided through public WifiManager API's. The randomized MAC address should only be used by the WifiStateMachine when connecting to a network to determine which MAC address to use. Bug: 72508588 Test: Unittest Change-Id: I6f2794a25100dc9b4b53f8a61db116ad6272405f
author: Jong Wook Kim <jongwook@google.com> 2018-01-24 11:04:08 -0800
committer: Jong Wook Kim <jongwook@google.com> 2018-03-09 03:03:53 -0800
commit: be1a7e114f0378bed4194f9aeb02c49cda2be29b (patch)
tree: da53ea8a597c4df36ed3ccb3d8077c51f72b07b0
parent: 42f26dd680949e1d418d79f9cb0dc234ffd0d9ea (diff)
4 files changed, 111 insertions, 10 deletions
diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
index 1cc0ee709..79dcced11 100644
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
@@ -429,6 +429,16 @@ public class WifiConfigManager {
     }
 
     /**
+     * Helper method to mask randomized MAC address from the provided WifiConfiguration Object.
+     * This is needed when the network configurations are being requested via the public
+     * WifiManager API's. This method puts "0:0:0:0:0:0" as the MAC address.
+     * @param configuration WifiConfiguration to hide the MAC address
+     */
+    private void maskRandomizedMacAddressInWifiConfiguration(WifiConfiguration configuration) {
+        configuration.setRandomizedMacAddress(MacAddress.ALL_ZEROS_ADDRESS);
+    }
+
+    /**
      * Helper method to create a copy of the provided internal WifiConfiguration object to be
      * passed to external modules.
      *
@@ -442,6 +452,7 @@ public class WifiConfigManager {
         if (maskPasswords) {
             maskPasswordsInWifiConfiguration(network);
         }
+        maskRandomizedMacAddressInWifiConfiguration(network);
         return network;
     }
 
@@ -553,6 +564,24 @@ public class WifiConfigManager {
     }
 
     /**
+     * Retrieves the configured network corresponding to the provided networkId
+     * without any masking.
+     *
+     * WARNING: Don't use this to pass network configurations except in the wifi stack, when
+     * there is a need for passwords and randomized MAC address.
+     *
+     * @param networkId networkId of the requested network.
+     * @return Copy of WifiConfiguration object if found, null otherwise.
+     */
+    public WifiConfiguration getConfiguredNetworkWithoutMasking(int networkId) {
+        WifiConfiguration config = getInternalConfiguredNetwork(networkId);
+        if (config == null) {
+            return null;
+        }
+        return new WifiConfiguration(config);
+    }
+
+    /**
      * Helper method to retrieve all the internal WifiConfiguration objects corresponding to all
      * the networks in our database.
      */
diff --git a/service/java/com/android/server/wifi/WifiStateMachine.java b/service/java/com/android/server/wifi/WifiStateMachine.java
index 4a0c572bf..e690ef926 100644
--- a/service/java/com/android/server/wifi/WifiStateMachine.java
+++ b/service/java/com/android/server/wifi/WifiStateMachine.java
@@ -4545,7 +4545,7 @@ public class WifiStateMachine extends StateMachine {
                         }
                     }
 
-                    config = mWifiConfigManager.getConfiguredNetworkWithPassword(netId);
+                    config = mWifiConfigManager.getConfiguredNetworkWithoutMasking(netId);
                     logd("CMD_START_CONNECT sup state "
                             + mSupplicantStateTracker.getSupplicantStateName()
                             + " my state " + getCurrentState().getName()
@@ -5679,7 +5679,7 @@ public class WifiStateMachine extends StateMachine {
                     if (candidate != null) {
                         bssid = candidate.BSSID;
                     }
-                    config = mWifiConfigManager.getConfiguredNetworkWithPassword(netId);
+                    config = mWifiConfigManager.getConfiguredNetworkWithoutMasking(netId);
                     if (config == null) {
                         loge("CMD_START_ROAM and no config, bail out...");
                         break;
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
index eedfef5f3..7ba8ef96e 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
@@ -1454,6 +1454,68 @@ public class WifiConfigManagerTest {
     }
 
     /**
+     * Verifies that randomized MAC address is masked out to "0:0:0:0:0:0" when we return
+     * external configs except when explicitly asked for MAC address.
+     */
+    @Test
+    public void testGetConfiguredNetworksMasksRandomizedMac() {
+        WifiConfiguration config = WifiConfigurationTestUtil.createOpenNetwork();
+        NetworkUpdateResult result = verifyAddNetworkToWifiConfigManager(config);
+
+        MacAddress testMac = MacAddress.createRandomUnicastAddress();
+        mWifiConfigManager.setNetworkRandomizedMacAddress(result.getNetworkId(), testMac);
+
+        // Verify that randomized MAC address is masked in retrieved network configs.
+        WifiConfiguration configWithMaskedRandomizedMac = mWifiConfigManager
+                .getConfiguredNetwork(result.getNetworkId());
+        assertRandomizedMacAddressMaskedInWifiConfiguration(configWithMaskedRandomizedMac);
+
+        configWithMaskedRandomizedMac = mWifiConfigManager
+                .getConfiguredNetworkWithPassword(result.getNetworkId());
+        assertRandomizedMacAddressMaskedInWifiConfiguration(configWithMaskedRandomizedMac);
+
+        // Ensure that the MAC address is present when asked for config with MAC address.
+        WifiConfiguration configWithRandomizedMac = mWifiConfigManager
+                .getConfiguredNetworkWithoutMasking(result.getNetworkId());
+        assertEquals(testMac, configWithRandomizedMac.getRandomizedMacAddress());
+    }
+
+    /**
+     * Verifies that passwords are masked out when we return external configs except when
+     * explicitly asked for them.
+     */
+    @Test
+    public void testGetConfiguredNetworksMasksPasswords() {
+        WifiConfiguration networkWithPasswords = WifiConfigurationTestUtil.createEapNetwork();
+        networkWithPasswords.wepKeys = WifiConfigurationTestUtil.TEST_WEP_KEYS;
+        networkWithPasswords.preSharedKey = WifiConfigurationTestUtil.TEST_PSK;
+        networkWithPasswords.enterpriseConfig.setPassword(
+                WifiConfigurationTestUtil.TEST_EAP_PASSWORD);
+
+        NetworkUpdateResult result = verifyAddNetworkToWifiConfigManager(networkWithPasswords);
+
+        // All of these passwords must be masked in this retrieved network config.
+        WifiConfiguration retrievedNetworkWithMaskedPassword =
+                mWifiConfigManager.getConfiguredNetwork(result.getNetworkId());
+        assertPasswordsMaskedInWifiConfiguration(retrievedNetworkWithMaskedPassword);
+
+        // Ensure that the passwords are present when asked for configs with passwords.
+        WifiConfiguration retrievedNetworkWithPassword =
+                mWifiConfigManager.getConfiguredNetworkWithPassword(result.getNetworkId());
+        assertEquals(networkWithPasswords.preSharedKey, retrievedNetworkWithPassword.preSharedKey);
+        assertEquals(networkWithPasswords.wepKeys, retrievedNetworkWithPassword.wepKeys);
+        assertEquals(networkWithPasswords.enterpriseConfig.getPassword(),
+                retrievedNetworkWithPassword.enterpriseConfig.getPassword());
+
+        retrievedNetworkWithPassword =
+                mWifiConfigManager.getConfiguredNetworkWithoutMasking(result.getNetworkId());
+        assertEquals(networkWithPasswords.preSharedKey, retrievedNetworkWithPassword.preSharedKey);
+        assertEquals(networkWithPasswords.wepKeys, retrievedNetworkWithPassword.wepKeys);
+        assertEquals(networkWithPasswords.enterpriseConfig.getPassword(),
+                retrievedNetworkWithPassword.enterpriseConfig.getPassword());
+    }
+
+    /**
      * Verifies the ordering of network list generated using
      * {@link WifiConfigManager#retrievePnoNetworkList()}.
      */
@@ -3457,15 +3519,16 @@ public class WifiConfigManagerTest {
         // Verify that internal randomized MAC address does not change from
         // from setting external randomized MAC address
         MacAddress originalMac = originalConfig.getOrCreateRandomizedMacAddress();
-        WifiConfiguration retrievedConfig =
-                mWifiConfigManager.getConfiguredNetwork(result.getNetworkId());
+        WifiConfiguration retrievedConfig = mWifiConfigManager
+                .getConfiguredNetworkWithoutMasking(result.getNetworkId());
         assertNotEquals(originalMac, retrievedConfig.getRandomizedMacAddress());
 
         // Verify that changing randomized MAC address through setNetworkRandomizedMacAddress
         // changes the internal randomized MAC address
         MacAddress newMac = MacAddress.createRandomUnicastAddress();
         mWifiConfigManager.setNetworkRandomizedMacAddress(result.getNetworkId(), newMac);
-        retrievedConfig = mWifiConfigManager.getConfiguredNetwork(result.getNetworkId());
+        retrievedConfig = mWifiConfigManager
+                .getConfiguredNetworkWithoutMasking(result.getNetworkId());
         assertEquals(newMac, retrievedConfig.getRandomizedMacAddress());
     }
 
@@ -3732,6 +3795,14 @@ public class WifiConfigManagerTest {
         }
     }
 
+    private void assertRandomizedMacAddressMaskedInWifiConfiguration(
+            WifiConfiguration configuration) {
+        MacAddress randomizedMacAddress = configuration.getRandomizedMacAddress();
+        if (randomizedMacAddress != null) {
+            assertEquals(MacAddress.ALL_ZEROS_ADDRESS, randomizedMacAddress);
+        }
+    }
+
     /**
      * Verifies that the network was present in the network change broadcast and returns the
      * change reason.
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiStateMachineTest.java b/tests/wifitests/src/com/android/server/wifi/WifiStateMachineTest.java
index 75e8fbc5f..bc0958785 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiStateMachineTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiStateMachineTest.java
@@ -891,7 +891,7 @@ public class WifiStateMachineTest {
                 .thenReturn(new NetworkUpdateResult(0));
         when(mWifiConfigManager.getSavedNetworks()).thenReturn(Arrays.asList(config));
         when(mWifiConfigManager.getConfiguredNetwork(0)).thenReturn(config);
-        when(mWifiConfigManager.getConfiguredNetworkWithPassword(0)).thenReturn(config);
+        when(mWifiConfigManager.getConfiguredNetworkWithoutMasking(0)).thenReturn(config);
 
         mLooper.startAutoDispatch();
         mWsm.syncAddOrUpdateNetwork(mWsmAsyncChannel, config);
@@ -943,8 +943,8 @@ public class WifiStateMachineTest {
                 .thenReturn(true);
         when(mWifiConfigManager.getConfiguredNetwork(eq(config.networkId)))
                 .thenReturn(config);
-        when(mWifiConfigManager.getConfiguredNetworkWithPassword(eq(config.networkId)))
-                .thenReturn(config);
+        when(mWifiConfigManager.getConfiguredNetworkWithoutMasking(
+                eq(config.networkId))).thenReturn(config);
 
         verify(mWifiNative).removeAllNetworks(WIFI_IFACE_NAME);
         verify(mScanRequestProxy).enableScanningForHiddenNetworks(true);
@@ -958,7 +958,7 @@ public class WifiStateMachineTest {
         verify(mWifiConfigManager).enableNetwork(eq(config.networkId), eq(true), anyInt());
         verify(mWifiConnectivityManager).setUserConnectChoice(eq(config.networkId));
         verify(mWifiConnectivityManager).prepareForForcedConnection(eq(config.networkId));
-        verify(mWifiConfigManager).getConfiguredNetworkWithPassword(eq(config.networkId));
+        verify(mWifiConfigManager).getConfiguredNetworkWithoutMasking(eq(config.networkId));
         verify(mWifiNative).connectToNetwork(eq(WIFI_IFACE_NAME), eq(config));
     }
 
@@ -966,7 +966,8 @@ public class WifiStateMachineTest {
         verify(mWifiConfigManager).enableNetwork(eq(config.networkId), eq(true), anyInt());
         verify(mWifiConnectivityManager).setUserConnectChoice(eq(config.networkId));
         verify(mWifiConnectivityManager).prepareForForcedConnection(eq(config.networkId));
-        verify(mWifiConfigManager, never()).getConfiguredNetworkWithPassword(eq(config.networkId));
+        verify(mWifiConfigManager, never())
+                .getConfiguredNetworkWithoutMasking(eq(config.networkId));
         verify(mWifiNative, never()).connectToNetwork(eq(WIFI_IFACE_NAME), eq(config));
     }
author	Jong Wook Kim <jongwook@google.com>	2018-01-24 11:04:08 -0800
committer	Jong Wook Kim <jongwook@google.com>	2018-03-09 03:03:53 -0800
commit	be1a7e114f0378bed4194f9aeb02c49cda2be29b (patch)
tree	da53ea8a597c4df36ed3ccb3d8077c51f72b07b0
parent	42f26dd680949e1d418d79f9cb0dc234ffd0d9ea (diff)