[AWARE] Enforce permissions for Aware data-path PMK usage

The Aware data-path using PMK API is system-only. Add code to
actually enforce that restriction.

Add test coverage for PMK/Passphrase code path.

Bug: 62266163
Test: unit tests, integration tests
Change-Id: Id833cbf81518df67f0fec4c8d944767b8c46ab82

4 files changed, 32 insertions, 8 deletions

diff --git a/service/java/com/android/server/wifi/aware/WifiAwareDataPathStateManager.java b/service/java/com/android/server/wifi/aware/WifiAwareDataPathStateManager.java
index aa1771c60..9b9def594 100644
--- a/service/java/com/android/server/wifi/aware/WifiAwareDataPathStateManager.java
+++ b/service/java/com/android/server/wifi/aware/WifiAwareDataPathStateManager.java
@@ -16,7 +16,9 @@
 
 package com.android.server.wifi.aware;
 
+import android.Manifest;
 import android.content.Context;
+import android.content.pm.PackageManager;
 import android.hardware.wifi.V1_0.NanDataPathChannelCfg;
 import android.net.ConnectivityManager;
 import android.net.IpPrefix;
@@ -40,6 +42,7 @@ import android.util.ArrayMap;
 import android.util.Log;
 
 import com.android.internal.annotations.VisibleForTesting;
+import com.android.server.wifi.util.WifiPermissionsWrapper;
 
 import libcore.util.HexEncoding;
 
@@ -85,6 +88,7 @@ public class WifiAwareDataPathStateManager {
             mNetworkRequestsCache = new ArrayMap<>();
     private Context mContext;
     private WifiAwareMetrics mAwareMetrics;
+    private WifiPermissionsWrapper mPermissionsWrapper;
     private Looper mLooper;
     private WifiAwareNetworkFactory mNetworkFactory;
     private INetworkManagementService mNwService;
@@ -97,11 +101,13 @@ public class WifiAwareDataPathStateManager {
      * Initialize the Aware data-path state manager. Specifically register the network factory with
      * connectivity service.
      */
-    public void start(Context context, Looper looper, WifiAwareMetrics awareMetrics) {
+    public void start(Context context, Looper looper, WifiAwareMetrics awareMetrics,
+            WifiPermissionsWrapper permissionsWrapper) {
         if (VDBG) Log.v(TAG, "start");
 
         mContext = context;
         mAwareMetrics = awareMetrics;
+        mPermissionsWrapper = permissionsWrapper;
         mLooper = looper;
 
         mNetworkCapabilitiesFilter.clearAll();
@@ -594,7 +600,8 @@ public class WifiAwareDataPathStateManager {
                 return true;
             }
 
-            nnri = AwareNetworkRequestInformation.processNetworkSpecifier(networkSpecifier, mMgr);
+            nnri = AwareNetworkRequestInformation.processNetworkSpecifier(networkSpecifier, mMgr,
+                    mPermissionsWrapper);
             if (nnri == null) {
                 Log.e(TAG, "WifiAwareNetworkFactory.acceptRequest: request=" + request
                         + " - can't parse network specifier");
@@ -818,7 +825,7 @@ public class WifiAwareDataPathStateManager {
         public WifiAwareNetworkAgent networkAgent;
 
         static AwareNetworkRequestInformation processNetworkSpecifier(WifiAwareNetworkSpecifier ns,
-                WifiAwareStateManager mgr) {
+                WifiAwareStateManager mgr, WifiPermissionsWrapper permissionWrapper) {
             int uid, pubSubId = 0;
             byte[] peerMac = ns.peerMac;
 
@@ -911,6 +918,16 @@ public class WifiAwareDataPathStateManager {
                 return null;
             }
 
+            // validate permission if PMK is used (SystemApi)
+            if (ns.pmk != null && ns.pmk.length != 0) {
+                if (permissionWrapper.getUidPermission(Manifest.permission.CONNECTIVITY_INTERNAL,
+                        ns.requestorUid) != PackageManager.PERMISSION_GRANTED) {
+                    Log.e(TAG, "processNetworkSpecifier: networkSpecifier=" + ns.toString()
+                            + " -- UID doesn't have permission to use PMK API");
+                    return null;
+                }
+            }
+
             // create container and populate
             AwareNetworkRequestInformation nnri = new AwareNetworkRequestInformation();
             nnri.state = (ns.role == WifiAwareManager.WIFI_AWARE_DATA_PATH_ROLE_INITIATOR)
diff --git a/service/java/com/android/server/wifi/aware/WifiAwareService.java b/service/java/com/android/server/wifi/aware/WifiAwareService.java
index 8c405dd63..40baf7eed 100644
--- a/service/java/com/android/server/wifi/aware/WifiAwareService.java
+++ b/service/java/com/android/server/wifi/aware/WifiAwareService.java
@@ -68,7 +68,8 @@ public final class WifiAwareService extends SystemService {
 
             HandlerThread awareHandlerThread = wifiInjector.getWifiAwareHandlerThread();
             mImpl.start(awareHandlerThread, wifiAwareStateManager, wifiAwareShellCommand,
-                    wifiInjector.getWifiMetrics().getWifiAwareMetrics());
+                    wifiInjector.getWifiMetrics().getWifiAwareMetrics(),
+                    wifiInjector.getWifiPermissionsWrapper());
         } else if (phase == SystemService.PHASE_BOOT_COMPLETED) {
             mImpl.startLate();
         }
diff --git a/service/java/com/android/server/wifi/aware/WifiAwareServiceImpl.java b/service/java/com/android/server/wifi/aware/WifiAwareServiceImpl.java
index ed7390cf6..b77ae6355 100644
--- a/service/java/com/android/server/wifi/aware/WifiAwareServiceImpl.java
+++ b/service/java/com/android/server/wifi/aware/WifiAwareServiceImpl.java
@@ -38,6 +38,8 @@ import android.util.Log;
 import android.util.SparseArray;
 import android.util.SparseIntArray;
 
+import com.android.server.wifi.util.WifiPermissionsWrapper;
+
 import java.io.FileDescriptor;
 import java.io.PrintWriter;
 import java.util.Arrays;
@@ -81,12 +83,13 @@ public class WifiAwareServiceImpl extends IWifiAwareManager.Stub {
      * the components of the service.
      */
     public void start(HandlerThread handlerThread, WifiAwareStateManager awareStateManager,
-            WifiAwareShellCommand awareShellCommand, WifiAwareMetrics awareMetrics) {
+            WifiAwareShellCommand awareShellCommand, WifiAwareMetrics awareMetrics,
+            WifiPermissionsWrapper permissionsWrapper) {
         Log.i(TAG, "Starting Wi-Fi Aware service");
 
         mStateManager = awareStateManager;
         mShellCommand = awareShellCommand;
-        mStateManager.start(mContext, handlerThread.getLooper(), awareMetrics);
+        mStateManager.start(mContext, handlerThread.getLooper(), awareMetrics, permissionsWrapper);
     }
 
     /**
diff --git a/service/java/com/android/server/wifi/aware/WifiAwareStateManager.java b/service/java/com/android/server/wifi/aware/WifiAwareStateManager.java
index e3df643e7..c9e48a142 100644
--- a/service/java/com/android/server/wifi/aware/WifiAwareStateManager.java
+++ b/service/java/com/android/server/wifi/aware/WifiAwareStateManager.java
@@ -48,6 +48,7 @@ import com.android.internal.util.MessageUtils;
 import com.android.internal.util.State;
 import com.android.internal.util.StateMachine;
 import com.android.internal.util.WakeupMessage;
+import com.android.server.wifi.util.WifiPermissionsWrapper;
 
 import libcore.util.HexEncoding;
 
@@ -320,7 +321,8 @@ public class WifiAwareStateManager implements WifiAwareShellCommand.DelegatedShe
      *
      * @param looper Thread looper on which to run the handler.
      */
-    public void start(Context context, Looper looper, WifiAwareMetrics awareMetrics) {
+    public void start(Context context, Looper looper, WifiAwareMetrics awareMetrics,
+            WifiPermissionsWrapper permissionsWrapper) {
         Log.i(TAG, "start()");
 
         mContext = context;
@@ -331,7 +333,8 @@ public class WifiAwareStateManager implements WifiAwareShellCommand.DelegatedShe
 
         mRtt = new WifiAwareRttStateManager();
         mDataPathMgr = new WifiAwareDataPathStateManager(this);
-        mDataPathMgr.start(mContext, mSm.getHandler().getLooper(), awareMetrics);
+        mDataPathMgr.start(mContext, mSm.getHandler().getLooper(), awareMetrics,
+                permissionsWrapper);
 
         mPowerManager = mContext.getSystemService(PowerManager.class);