diff options
| author | Hai Shalom <haishalom@google.com> | 2019-03-07 16:00:13 -0800 |
|---|---|---|
| committer | Hai Shalom <haishalom@google.com> | 2019-03-15 13:47:02 -0700 |
| commit | 0f51da86dd92c709cd071ad3b81d2ce6d8428b4c (patch) | |
| tree | e1e023b7a1e30f155615b7cf2795c3a7022e4f65 /service | |
| parent | 5b1205eb48a8bdbdd92a66e2f86cd7e2e074345d (diff) | |
[Wi-Fi] Do not delete certs when forgetting network
Deleting EAP Wi-Fi configuration deletes shared credentials used by other
configs. To resolve this issue the following changes were implemented:
1. When manually adding Wi-Fi certs from storage, Wi-Fi will not attempt
to delete them when network is removed.
2. When apps use WifiEnterpriseConfig#setClientKeyEntry to add certs,
they will be deleted if the network is removed.
3. Allow the user to delete Wi-Fi certs the same way that allows the
user to add them. Make the "Remove" option available, and implement key
store removal in settings.
Bug: 30248175
Test: atest WifiEnterpriseConfigTest
Test: atest WifiKeyStoreTest
Test: Load certs, remove certs from credentials menu
Test: Load cert, create 2 EAP networks that use it, forget one network
Change-Id: I4f1e7db718dd193bd2c55b7531a0c4344a9dfbe0
Diffstat (limited to 'service')
| -rw-r--r-- | service/java/com/android/server/wifi/WifiKeyStore.java | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/service/java/com/android/server/wifi/WifiKeyStore.java b/service/java/com/android/server/wifi/WifiKeyStore.java index 3054fe5e0..3b8c5bbd7 100644 --- a/service/java/com/android/server/wifi/WifiKeyStore.java +++ b/service/java/com/android/server/wifi/WifiKeyStore.java @@ -220,21 +220,31 @@ public class WifiKeyStore { * @param config Config corresponding to the network. */ public void removeKeys(WifiEnterpriseConfig config) { - String client = config.getClientCertificateAlias(); - // a valid client certificate is configured - if (!TextUtils.isEmpty(client)) { - if (mVerboseLoggingEnabled) Log.d(TAG, "removing client private key and user cert"); - mKeyStore.delete(Credentials.USER_PRIVATE_KEY + client, Process.WIFI_UID); - mKeyStore.delete(Credentials.USER_CERTIFICATE + client, Process.WIFI_UID); + // Do not remove keys that were manually installed by the user + if (config.isAppInstalledDeviceKeyAndCert()) { + String client = config.getClientCertificateAlias(); + // a valid client certificate is configured + if (!TextUtils.isEmpty(client)) { + if (mVerboseLoggingEnabled) { + Log.d(TAG, "removing client private key and user cert"); + } + mKeyStore.delete(Credentials.USER_PRIVATE_KEY + client, Process.WIFI_UID); + mKeyStore.delete(Credentials.USER_CERTIFICATE + client, Process.WIFI_UID); + } } - String[] aliases = config.getCaCertificateAliases(); - // a valid ca certificate is configured - if (aliases != null) { - for (String ca : aliases) { - if (!TextUtils.isEmpty(ca)) { - if (mVerboseLoggingEnabled) Log.d(TAG, "removing CA cert: " + ca); - mKeyStore.delete(Credentials.CA_CERTIFICATE + ca, Process.WIFI_UID); + // Do not remove CA certs that were manually installed by the user + if (config.isAppInstalledCaCert()) { + String[] aliases = config.getCaCertificateAliases(); + // a valid ca certificate is configured + if (aliases != null) { + for (String ca : aliases) { + if (!TextUtils.isEmpty(ca)) { + if (mVerboseLoggingEnabled) { + Log.d(TAG, "removing CA cert: " + ca); + } + mKeyStore.delete(Credentials.CA_CERTIFICATE + ca, Process.WIFI_UID); + } } } } |