WifiShellCommand: Allow non root access to some commands

Note that these commands are still invoking WifiService API methods, so the regular permission checks will kick-in. So, apps should not be able to bypass permission checks using this route. Bug: 152299953 Test: Manual test running shell commands without adb root (passed) abd shell cmd wifi list-scan-results abd shell cmd wifi start-scan abd shell cmd wifi list-networks abd shell cmd wifi connect-network <ssid> open abd shell cmd wifi connect-network <ssid> wpa2 <passphrase> abd shell cmd wifi forget-network <networkId> abd shell cmd wifi status Test: Manual test running shell commands without adb root (failed) adb shell cmd set-softap-channel Change-Id: I422785a3a8954ffe95f4974ed9b66c76fa727c62
author: Roshan Pius <rpius@google.com> 2020-03-26 16:44:59 -0700
committer: Roshan Pius <rpius@google.com> 2020-03-27 15:16:28 +0000
commit: 386816bb104b9139d02b6460340d6ea35ae2be18 (patch)
tree: b42956b4c7ef388b52bbbedfc66bae64d331b607 /service
parent: 7de8d9fdf5c65f2cd6dd6a9b3b473855e9435c0d (diff)
1 files changed, 21 insertions, 17 deletions
diff --git a/service/java/com/android/server/wifi/WifiShellCommand.java b/service/java/com/android/server/wifi/WifiShellCommand.java
index 6d7eeed4c..4a609a9e9 100644
--- a/service/java/com/android/server/wifi/WifiShellCommand.java
+++ b/service/java/com/android/server/wifi/WifiShellCommand.java
@@ -30,11 +30,13 @@ import android.net.wifi.WifiScanner;
 import android.net.wifi.nl80211.WifiNl80211Manager;
 import android.os.BasicShellCommandHandler;
 import android.os.Binder;
+import android.os.Process;
 import android.os.RemoteException;
 import android.os.SystemClock;
 import android.text.TextUtils;
 
 import com.android.server.wifi.util.ApConfigUtil;
+import com.android.server.wifi.util.ArrayUtils;
 import com.android.server.wifi.util.ScanResultUtil;
 
 import java.io.PrintWriter;
@@ -60,6 +62,19 @@ import java.util.concurrent.TimeUnit;
  */
 public class WifiShellCommand extends BasicShellCommandHandler {
     private static String SHELL_PACKAGE_NAME = "com.android.shell";
+    // These don't require root access.
+    // However, these do perform permission checks in the corresponding WifiService methods.
+    private static final String[] NON_PRIVILEGED_COMMANDS = {
+            "connect-network",
+            "forget-network",
+            "list-scan-results",
+            "list-networks",
+            "set-verbose-logging",
+            "set-wifi-enabled",
+            "start-scan",
+            "status",
+    };
+
     private final ClientModeImpl mClientModeImpl;
     private final WifiLockManager mWifiLockManager;
     private final WifiNetworkSuggestionsManager mWifiNetworkSuggestionsManager;
@@ -89,8 +104,12 @@ public class WifiShellCommand extends BasicShellCommandHandler {
         // Explicit exclusion from root permission
         // Do not require root permission to maintain backwards compatibility with
         // `svc wifi [enable|disable]`.
-        if (!"set-wifi-enabled".equals(cmd)) {
-            checkRootPermission();
+        if (ArrayUtils.indexOf(NON_PRIVILEGED_COMMANDS, cmd) == -1) {
+            final int uid = Binder.getCallingUid();
+            if (uid != Process.ROOT_UID) {
+                throw new SecurityException(
+                        "Uid " + uid + " does not have access to " + cmd + " wifi command");
+            }
         }
 
         final PrintWriter pw = getOutPrintWriter();
@@ -358,12 +377,6 @@ public class WifiShellCommand extends BasicShellCommandHandler {
                     return 0;
                 }
                 case "set-wifi-enabled": {
-                    // This command is explicitly exempted from checkRootPermission() (see beginning
-                    // of this method).
-                    // Do not require root permission to maintain backwards compatibility with
-                    // `svc wifi [enable|disable]`.
-                    // However, setWifiEnabled() does perform its own check for the
-                    // android.Manifest.permission.CHANGE_WIFI_STATE permission.
                     boolean enabled;
                     String nextArg = getNextArgRequired();
                     if ("enabled".equals(nextArg)) {
@@ -583,15 +596,6 @@ public class WifiShellCommand extends BasicShellCommandHandler {
                 || Arrays.binarySearch(allowed6gFreq, apChannelMHz) >= 0;
     }
 
-    private void checkRootPermission() {
-        final int uid = Binder.getCallingUid();
-        if (uid == 0) {
-            // Root can do anything.
-            return;
-        }
-        throw new SecurityException("Uid " + uid + " does not have access to wifi commands");
-    }
-
     @Override
     public void onHelp() {
         final PrintWriter pw = getOutPrintWriter();
author	Roshan Pius <rpius@google.com>	2020-03-26 16:44:59 -0700
committer	Roshan Pius <rpius@google.com>	2020-03-27 15:16:28 +0000
commit	386816bb104b9139d02b6460340d6ea35ae2be18 (patch)
tree	b42956b4c7ef388b52bbbedfc66bae64d331b607 /service
parent	7de8d9fdf5c65f2cd6dd6a9b3b473855e9435c0d (diff)