[wifi external scores] Check location permissions

Check that location permission is granted for the active external
scorer before handing out scan results.

Bug: 73168879
Test: atest FrameworksWifiTests
Change-Id: I9a05a54e18bb85dc95b2a3c75126b71beba6dcec

3 files changed, 81 insertions, 4 deletions

diff --git a/service/java/com/android/server/wifi/ScoredNetworkEvaluator.java b/service/java/com/android/server/wifi/ScoredNetworkEvaluator.java
index e36cf6623..223423eb2 100644
--- a/service/java/com/android/server/wifi/ScoredNetworkEvaluator.java
+++ b/service/java/com/android/server/wifi/ScoredNetworkEvaluator.java
@@ -21,6 +21,7 @@ import android.content.Context;
 import android.database.ContentObserver;
 import android.net.NetworkKey;
 import android.net.NetworkScoreManager;
+import android.net.NetworkScorerAppData;
 import android.net.wifi.ScanResult;
 import android.net.wifi.WifiConfiguration;
 import android.net.wifi.WifiNetworkScoreCache;
@@ -34,6 +35,7 @@ import android.util.Log;
 import android.util.Pair;
 
 import com.android.server.wifi.util.ScanResultUtil;
+import com.android.server.wifi.util.WifiPermissionsUtil;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -50,14 +52,17 @@ public class ScoredNetworkEvaluator implements WifiNetworkSelector.NetworkEvalua
     private final WifiConfigManager mWifiConfigManager;
     private final LocalLog mLocalLog;
     private final ContentObserver mContentObserver;
+    private final WifiPermissionsUtil mWifiPermissionsUtil;
     private boolean mNetworkRecommendationsEnabled;
     private WifiNetworkScoreCache mScoreCache;
 
     ScoredNetworkEvaluator(final Context context, Looper looper,
             final FrameworkFacade frameworkFacade, NetworkScoreManager networkScoreManager,
             WifiConfigManager wifiConfigManager, LocalLog localLog,
-            WifiNetworkScoreCache wifiNetworkScoreCache) {
+            WifiNetworkScoreCache wifiNetworkScoreCache,
+            WifiPermissionsUtil wifiPermissionsUtil) {
         mScoreCache = wifiNetworkScoreCache;
+        mWifiPermissionsUtil = wifiPermissionsUtil;
         mNetworkScoreManager = networkScoreManager;
         mWifiConfigManager = wifiConfigManager;
         mLocalLog = localLog;
@@ -97,13 +102,27 @@ public class ScoredNetworkEvaluator implements WifiNetworkSelector.NetworkEvalua
         }
 
         // Kick the score manager if there are any unscored network.
-        if (!unscoredNetworks.isEmpty()) {
+        if (!unscoredNetworks.isEmpty() && activeScorerAllowedtoSeeScanResults()) {
             NetworkKey[] unscoredNetworkKeys =
                     unscoredNetworks.toArray(new NetworkKey[unscoredNetworks.size()]);
             mNetworkScoreManager.requestScores(unscoredNetworkKeys);
         }
     }
 
+    private boolean activeScorerAllowedtoSeeScanResults() {
+        NetworkScorerAppData networkScorerAppData = mNetworkScoreManager.getActiveScorer();
+        String packageName = mNetworkScoreManager.getActiveScorerPackage();
+        if (networkScorerAppData == null || packageName == null) return false;
+        int uid = networkScorerAppData.packageUid;
+        boolean allow;
+        try {
+            allow = mWifiPermissionsUtil.canAccessScanResults(packageName, uid);
+        } catch (SecurityException e) {
+            allow = false;
+        }
+        return allow;
+    }
+
     @Override
     public WifiConfiguration evaluateNetworks(List<ScanDetail> scanDetails,
             WifiConfiguration currentNetwork, String currentBssid, boolean connected,
diff --git a/service/java/com/android/server/wifi/WifiInjector.java b/service/java/com/android/server/wifi/WifiInjector.java
index 623b3aa89..202f44aa7 100644
--- a/service/java/com/android/server/wifi/WifiInjector.java
+++ b/service/java/com/android/server/wifi/WifiInjector.java
@@ -229,7 +229,7 @@ public class WifiInjector {
                 mWifiConfigManager, mClock, mConnectivityLocalLog, mWifiConnectivityHelper);
         mScoredNetworkEvaluator = new ScoredNetworkEvaluator(context, wifiStateMachineLooper,
                 mFrameworkFacade, mNetworkScoreManager, mWifiConfigManager, mConnectivityLocalLog,
-                mWifiNetworkScoreCache);
+                mWifiNetworkScoreCache, mWifiPermissionsUtil);
         mSimAccessor = new SIMAccessor(mContext);
         mPasspointManager = new PasspointManager(mContext, mWifiNative, mWifiKeyStore, mClock,
                 mSimAccessor, new PasspointObjectFactory(), mWifiConfigManager, mWifiConfigStore,
diff --git a/tests/wifitests/src/com/android/server/wifi/ScoredNetworkEvaluatorTest.java b/tests/wifitests/src/com/android/server/wifi/ScoredNetworkEvaluatorTest.java
index 7602d2b44..65454c421 100644
--- a/tests/wifitests/src/com/android/server/wifi/ScoredNetworkEvaluatorTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/ScoredNetworkEvaluatorTest.java
@@ -27,6 +27,7 @@ import android.content.Context;
 import android.database.ContentObserver;
 import android.net.NetworkKey;
 import android.net.NetworkScoreManager;
+import android.net.NetworkScorerAppData;
 import android.net.Uri;
 import android.net.wifi.ScanResult;
 import android.net.wifi.WifiConfiguration;
@@ -38,6 +39,7 @@ import android.support.test.filters.SmallTest;
 import android.util.LocalLog;
 
 import com.android.server.wifi.WifiNetworkSelectorTestUtil.ScanDetailsAndWifiConfigs;
+import com.android.server.wifi.util.WifiPermissionsUtil;
 
 import org.junit.After;
 import org.junit.Before;
@@ -55,6 +57,10 @@ import java.util.List;
  */
 @SmallTest
 public class ScoredNetworkEvaluatorTest {
+    private static final String TEST_PACKAGE_NAME = "name.package.test";
+    private static final int TEST_UID = 12345;
+    private static final NetworkScorerAppData TEST_APP_DATA = new NetworkScorerAppData(
+            TEST_UID, null, null, null, null);
     private ContentObserver mContentObserver;
     private int mThresholdQualifiedRssi2G;
     private int mThresholdQualifiedRssi5G;
@@ -64,6 +70,7 @@ public class ScoredNetworkEvaluatorTest {
     @Mock private FrameworkFacade mFrameworkFacade;
     @Mock private NetworkScoreManager mNetworkScoreManager;
     @Mock private WifiConfigManager mWifiConfigManager;
+    @Mock private WifiPermissionsUtil mWifiPermissionsUtil;
 
     @Captor private ArgumentCaptor<NetworkKey[]> mNetworkKeyArrayCaptor;
 
@@ -81,17 +88,24 @@ public class ScoredNetworkEvaluatorTest {
                 Settings.Global.NETWORK_RECOMMENDATIONS_ENABLED, 0))
                 .thenReturn(1);
 
+        when(mWifiPermissionsUtil.canAccessScanResults(eq(TEST_PACKAGE_NAME), anyInt()))
+                .thenReturn(true);
+
         ArgumentCaptor<ContentObserver> observerCaptor =
                 ArgumentCaptor.forClass(ContentObserver.class);
         mScoreCache = new WifiNetworkScoreCache(mContext);
         mScoredNetworkEvaluator = new ScoredNetworkEvaluator(mContext,
                 Looper.getMainLooper(), mFrameworkFacade, mNetworkScoreManager,
-                mWifiConfigManager, new LocalLog(0), mScoreCache);
+                mWifiConfigManager, new LocalLog(0), mScoreCache, mWifiPermissionsUtil);
         verify(mFrameworkFacade).registerContentObserver(eq(mContext), any(Uri.class), eq(false),
                 observerCaptor.capture());
         mContentObserver = observerCaptor.getValue();
 
         reset(mNetworkScoreManager);
+        when(mNetworkScoreManager.getActiveScorer())
+                .thenReturn(TEST_APP_DATA);
+        when(mNetworkScoreManager.getActiveScorerPackage())
+                .thenReturn(TEST_PACKAGE_NAME);
 
         when(mClock.getElapsedSinceBootMillis()).thenReturn(SystemClock.elapsedRealtime());
     }
@@ -211,6 +225,50 @@ public class ScoredNetworkEvaluatorTest {
         verifyZeroInteractions(mWifiConfigManager, mNetworkScoreManager);
     }
 
+    @Test
+    public void testUpdate_externalScorerNotPermittedToSeeScanResults() {
+        String[] ssids = {"\"test1\"", "\"test2\""};
+        String[] bssids = {"6c:f3:7f:ae:8c:f3", "6c:f3:7f:ae:8c:f4"};
+        int[] freqs = {2470, 2437};
+        String[] caps = {"[WPA2-EAP-CCMP][ESS]", "[ESS]"};
+        int[] securities = {SECURITY_PSK, SECURITY_NONE};
+        int[] levels = {mThresholdQualifiedRssi2G + 8, mThresholdQualifiedRssi2G + 10};
+
+        when(mWifiPermissionsUtil.canAccessScanResults(any(), anyInt()))
+                .thenReturn(false);
+
+        ScanDetailsAndWifiConfigs scanDetailsAndConfigs = WifiNetworkSelectorTestUtil
+                .setupScanDetailsAndConfigStore(
+                        ssids, bssids, freqs, caps, levels, securities, mWifiConfigManager, mClock);
+
+        mScoredNetworkEvaluator.update(scanDetailsAndConfigs.getScanDetails());
+
+        verify(mNetworkScoreManager, never()).requestScores(any());
+        verify(mWifiPermissionsUtil).canAccessScanResults(eq(TEST_PACKAGE_NAME), eq(TEST_UID));
+    }
+
+    @Test
+    public void testUpdate_externalScorerNotPermittedToSeeScanResultsWithException() {
+        String[] ssids = {"\"test1\"", "\"test2\""};
+        String[] bssids = {"6c:f3:7f:ae:8c:f3", "6c:f3:7f:ae:8c:f4"};
+        int[] freqs = {2470, 2437};
+        String[] caps = {"[WPA2-EAP-CCMP][ESS]", "[ESS]"};
+        int[] securities = {SECURITY_PSK, SECURITY_NONE};
+        int[] levels = {mThresholdQualifiedRssi2G + 8, mThresholdQualifiedRssi2G + 10};
+
+        when(mWifiPermissionsUtil.canAccessScanResults(any(), anyInt()))
+                .thenThrow(new SecurityException());
+
+        ScanDetailsAndWifiConfigs scanDetailsAndConfigs = WifiNetworkSelectorTestUtil
+                .setupScanDetailsAndConfigStore(
+                        ssids, bssids, freqs, caps, levels, securities, mWifiConfigManager, mClock);
+
+        mScoredNetworkEvaluator.update(scanDetailsAndConfigs.getScanDetails());
+
+        verify(mNetworkScoreManager, never()).requestScores(any());
+        verify(mWifiPermissionsUtil).canAccessScanResults(eq(TEST_PACKAGE_NAME), eq(TEST_UID));
+    }
+
     /**
      * When no saved networks available, choose the available ephemeral networks
      * if untrusted networks are allowed.