Fix manual connection to Carrier Wifi

Fixed to conform to encrypted IMSI protocol even
when user manually connected to a network.
Previously only auto-connection worked correctly.

Bug: 134094526
Test: Manually connect to Carrier Wifi network
Test: Auto-connect to Carrier Wifi network
Test: frameworks/opt/net/wifi/tests/wifitests/runtests.sh
Change-Id: I1ac5c2083d12e671a4ca89e93e7955c64197b522

3 files changed, 16 insertions, 10 deletions

diff --git a/service/java/com/android/server/wifi/CarrierNetworkEvaluator.java b/service/java/com/android/server/wifi/CarrierNetworkEvaluator.java
index 8bd024bf5..52d7d1844 100644
--- a/service/java/com/android/server/wifi/CarrierNetworkEvaluator.java
+++ b/service/java/com/android/server/wifi/CarrierNetworkEvaluator.java
@@ -121,9 +121,6 @@ public class CarrierNetworkEvaluator implements NetworkEvaluator {
                 config.enterpriseConfig = new WifiEnterpriseConfig();
             }
             config.enterpriseConfig.setEapMethod(eapType);
-            // Send anonymous@realm as EAP-IDENTITY response.
-            config.enterpriseConfig.setAnonymousIdentity(
-                    TelephonyUtil.getAnonymousIdentityWith3GppRealm(getTelephonyManager()));
 
             // Check if we already have a network with the same credentials in WifiConfigManager
             // database. If yes, we should check if the network is currently blacklisted.
diff --git a/service/java/com/android/server/wifi/ClientModeImpl.java b/service/java/com/android/server/wifi/ClientModeImpl.java
index f181cd295..bb1230554 100644
--- a/service/java/com/android/server/wifi/ClientModeImpl.java
+++ b/service/java/com/android/server/wifi/ClientModeImpl.java
@@ -4273,6 +4273,17 @@ public class ClientModeImpl extends StateMachine {
                     String currentMacAddress = mWifiNative.getMacAddress(mInterfaceName);
                     mWifiInfo.setMacAddress(currentMacAddress);
                     Log.i(TAG, "Connecting with " + currentMacAddress + " as the mac address");
+
+                    if (config.enterpriseConfig != null
+                            && TelephonyUtil.isSimEapMethod(config.enterpriseConfig.getEapMethod())
+                            && mWifiInjector.getCarrierNetworkConfig()
+                                    .isCarrierEncryptionInfoAvailable()
+                            && TextUtils.isEmpty(config.enterpriseConfig.getAnonymousIdentity())) {
+                        String anonAtRealm = TelephonyUtil.getAnonymousIdentityWith3GppRealm(
+                                getTelephonyManager());
+                        config.enterpriseConfig.setAnonymousIdentity(anonAtRealm);
+                    }
+
                     if (mWifiNative.connectToNetwork(mInterfaceName, config)) {
                         mWifiMetrics.logStaEvent(StaEvent.TYPE_CMD_START_CONNECT, config);
                         mLastConnectAttemptTimestamp = mClock.getWallClockMillis();
@@ -4434,6 +4445,11 @@ public class ClientModeImpl extends StateMachine {
                         if (config.enterpriseConfig != null
                                 && TelephonyUtil.isSimEapMethod(
                                         config.enterpriseConfig.getEapMethod())
+                                // if using anonymous@<realm>, do not use pseudonym identity on
+                                // reauthentication. Instead, use full authentication using
+                                // anonymous@<realm> followed by encrypted IMSI every time.
+                                // This is because the encrypted IMSI spec does not specify its
+                                // compatibility with the pseudonym identity specified by EAP-AKA.
                                 && !TelephonyUtil.isAnonymousAtRealmIdentity(
                                         config.enterpriseConfig.getAnonymousIdentity())) {
                             String anonymousIdentity =
diff --git a/service/java/com/android/server/wifi/hotspot2/PasspointNetworkEvaluator.java b/service/java/com/android/server/wifi/hotspot2/PasspointNetworkEvaluator.java
index a2838b5fd..ec8a009d9 100644
--- a/service/java/com/android/server/wifi/hotspot2/PasspointNetworkEvaluator.java
+++ b/service/java/com/android/server/wifi/hotspot2/PasspointNetworkEvaluator.java
@@ -221,13 +221,6 @@ public class PasspointNetworkEvaluator implements WifiNetworkSelector.NetworkEva
      */
     private WifiConfiguration createWifiConfigForProvider(PasspointNetworkCandidate networkInfo) {
         WifiConfiguration config = networkInfo.mProvider.getWifiConfig();
-        if (TelephonyUtil.isSimEapMethod(config.enterpriseConfig.getEapMethod())
-                && mCarrierNetworkConfig.isCarrierEncryptionInfoAvailable()) {
-            // Send anonymous@realm as EAP-IDENTITY response.
-            config.enterpriseConfig.setAnonymousIdentity(
-                    TelephonyUtil.getAnonymousIdentityWith3GppRealm(
-                            getTelephonyManager()));
-        }
         config.SSID = ScanResultUtil.createQuotedSSID(networkInfo.mScanDetail.getSSID());
         if (networkInfo.mMatchStatus == PasspointMatch.HomeProvider) {
             config.isHomeProviderNetwork = true;