WifiPermissionsUtil: add checkConfigOverride

Add a helper method to allow callers to check the calling UID for the override config permission. This CL moves the call from WifiConfigManager to the util/WifiPermissionsUtil class and adds tests. Bug: 35870086 Test: frameworks/opt/net/wifi/tests/wifitests/runtests.sh Test: frameworks/base/wifi/tests/runtests.sh Change-Id: I5aa1bbc82eb86408272564365d45b7ddbf7cc661
author: Rebecca Silberstein <silberst@google.com> 2017-03-01 14:21:13 -0800
committer: Rebecca Silberstein <silberst@google.com> 2017-03-09 18:23:12 +0000
commit: 835e781643b79c30fabbab5595770cf01b5861fb (patch)
tree: 5a7570660631b8fa83efcaac761660ad6a9a1483 /service
parent: a9f4a722ac91fe87352f2e0cfec72fdfbb35ba5d (diff)
5 files changed, 49 insertions, 30 deletions
diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
index cd10bda67..7c8cddae8 100644
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
@@ -35,7 +35,6 @@ import android.net.wifi.WifiInfo;
 import android.net.wifi.WifiManager;
 import android.net.wifi.WifiScanner;
 import android.os.Process;
-import android.os.RemoteException;
 import android.os.UserHandle;
 import android.os.UserManager;
 import android.provider.Settings;
@@ -52,6 +51,7 @@ import com.android.server.wifi.WifiConfigStoreLegacy.WifiConfigStoreDataLegacy;
 import com.android.server.wifi.hotspot2.PasspointManager;
 import com.android.server.wifi.util.ScanResultUtil;
 import com.android.server.wifi.util.TelephonyUtil;
+import com.android.server.wifi.util.WifiPermissionsUtil;
 import com.android.server.wifi.util.WifiPermissionsWrapper;
 
 import org.xmlpull.v1.XmlPullParserException;
@@ -211,7 +211,6 @@ public class WifiConfigManager {
      * List of external dependencies for WifiConfigManager.
      */
     private final Context mContext;
-    private final FrameworkFacade mFacade;
     private final Clock mClock;
     private final UserManager mUserManager;
     private final BackupManagerProxy mBackupManagerProxy;
@@ -219,6 +218,7 @@ public class WifiConfigManager {
     private final WifiKeyStore mWifiKeyStore;
     private final WifiConfigStore mWifiConfigStore;
     private final WifiConfigStoreLegacy mWifiConfigStoreLegacy;
+    private final WifiPermissionsUtil mWifiPermissionsUtil;
     private final WifiPermissionsWrapper mWifiPermissionsWrapper;
     /**
      * Local log used for debugging any WifiConfigManager issues.
@@ -302,14 +302,14 @@ public class WifiConfigManager {
      * Create new instance of WifiConfigManager.
      */
     WifiConfigManager(
-            Context context, FrameworkFacade facade, Clock clock, UserManager userManager,
+            Context context, Clock clock, UserManager userManager,
             TelephonyManager telephonyManager, WifiKeyStore wifiKeyStore,
             WifiConfigStore wifiConfigStore, WifiConfigStoreLegacy wifiConfigStoreLegacy,
+            WifiPermissionsUtil wifiPermissionsUtil,
             WifiPermissionsWrapper wifiPermissionsWrapper,
             NetworkListStoreData networkListStoreData,
             DeletedEphemeralSsidsStoreData deletedEphemeralSsidsStoreData) {
         mContext = context;
-        mFacade = facade;
         mClock = clock;
         mUserManager = userManager;
         mBackupManagerProxy = new BackupManagerProxy();
@@ -317,6 +317,7 @@ public class WifiConfigManager {
         mWifiKeyStore = wifiKeyStore;
         mWifiConfigStore = wifiConfigStore;
         mWifiConfigStoreLegacy = wifiConfigStoreLegacy;
+        mWifiPermissionsUtil = wifiPermissionsUtil;
         mWifiPermissionsWrapper = wifiPermissionsWrapper;
 
         mConfiguredNetworks = new ConfigurationMap(userManager);
@@ -606,24 +607,6 @@ public class WifiConfigManager {
     }
 
     /**
-     * Checks if the app has the permission to override Wi-Fi network configuration or not.
-     *
-     * @param uid uid of the app.
-     * @return true if the app does have the permission, false otherwise.
-     */
-    public boolean checkConfigOverridePermission(int uid) {
-        try {
-            int permission =
-                    mFacade.checkUidPermission(
-                            android.Manifest.permission.OVERRIDE_WIFI_CONFIG, uid);
-            return (permission == PackageManager.PERMISSION_GRANTED);
-        } catch (RemoteException e) {
-            Log.e(TAG, "Error checking for permission " + e);
-            return false;
-        }
-    }
-
-    /**
      * Checks if |uid| has permission to modify the provided configuration.
      *
      * @param config         WifiConfiguration object corresponding to the network to be modified.
@@ -647,7 +630,7 @@ public class WifiConfigManager {
         // Check if the |uid| holds the |OVERRIDE_CONFIG_WIFI| permission if the caller asks us to
         // bypass the lockdown checks.
         if (ignoreLockdown) {
-            return checkConfigOverridePermission(uid);
+            return mWifiPermissionsUtil.checkConfigOverridePermission(uid);
         }
 
         // Check if device has DPM capability. If it has and |dpmi| is still null, then we
@@ -662,13 +645,13 @@ public class WifiConfigManager {
         final boolean isConfigEligibleForLockdown = dpmi != null && dpmi.isActiveAdminWithPolicy(
                 config.creatorUid, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
         if (!isConfigEligibleForLockdown) {
-            return isCreator || checkConfigOverridePermission(uid);
+            return isCreator || mWifiPermissionsUtil.checkConfigOverridePermission(uid);
         }
 
         final ContentResolver resolver = mContext.getContentResolver();
         final boolean isLockdownFeatureEnabled = Settings.Global.getInt(resolver,
                 Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN, 0) != 0;
-        return !isLockdownFeatureEnabled && checkConfigOverridePermission(uid);
+        return !isLockdownFeatureEnabled && mWifiPermissionsUtil.checkConfigOverridePermission(uid);
     }
 
     /**
@@ -2777,7 +2760,8 @@ public class WifiConfigManager {
                 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
         final boolean isUidDeviceOwner = dpmi != null && dpmi.isActiveAdminWithPolicy(uid,
                 DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
-        final boolean hasConfigOverridePermission = checkConfigOverridePermission(uid);
+        final boolean hasConfigOverridePermission =
+                mWifiPermissionsUtil.checkConfigOverridePermission(uid);
         // If |uid| corresponds to the device owner, allow all modifications.
         if (isUidDeviceOwner || isUidProfileOwner || hasConfigOverridePermission) {
             return true;
diff --git a/service/java/com/android/server/wifi/WifiInjector.java b/service/java/com/android/server/wifi/WifiInjector.java
index 59c1a5ac3..f41f5f90b 100644
--- a/service/java/com/android/server/wifi/WifiInjector.java
+++ b/service/java/com/android/server/wifi/WifiInjector.java
@@ -190,10 +190,11 @@ public class WifiInjector {
                 mWifiNetworkHistory, mWifiNative, mIpConfigStore,
                 new LegacyPasspointConfigParser());
         // Config Manager
-        mWifiConfigManager = new WifiConfigManager(mContext, mFrameworkFacade, mClock,
+        mWifiConfigManager = new WifiConfigManager(mContext, mClock,
                 UserManager.get(mContext), TelephonyManager.from(mContext),
-                mWifiKeyStore, mWifiConfigStore, mWifiConfigStoreLegacy, mWifiPermissionsWrapper,
-                new NetworkListStoreData(), new DeletedEphemeralSsidsStoreData());
+                mWifiKeyStore, mWifiConfigStore, mWifiConfigStoreLegacy, mWifiPermissionsUtil,
+                mWifiPermissionsWrapper, new NetworkListStoreData(),
+                new DeletedEphemeralSsidsStoreData());
         mWifiNetworkSelector = new WifiNetworkSelector(mContext, mWifiConfigManager, mClock);
         LocalLog localLog = mWifiNetworkSelector.getLocalLog();
         mSavedNetworkEvaluator = new SavedNetworkEvaluator(mContext,
diff --git a/service/java/com/android/server/wifi/WifiStateMachine.java b/service/java/com/android/server/wifi/WifiStateMachine.java
index 10f38aa88..ccbc8e811 100644
--- a/service/java/com/android/server/wifi/WifiStateMachine.java
+++ b/service/java/com/android/server/wifi/WifiStateMachine.java
@@ -118,6 +118,7 @@ import com.android.server.wifi.util.NativeUtil;
 import com.android.server.wifi.util.TelephonyUtil;
 import com.android.server.wifi.util.TelephonyUtil.SimAuthRequestData;
 import com.android.server.wifi.util.TelephonyUtil.SimAuthResponseData;
+import com.android.server.wifi.util.WifiPermissionsUtil;
 
 import java.io.BufferedReader;
 import java.io.FileDescriptor;
@@ -198,6 +199,7 @@ public class WifiStateMachine extends StateMachine implements WifiNative.WifiRss
     private WifiInjector mWifiInjector;
     private WifiMonitor mWifiMonitor;
     private WifiNative mWifiNative;
+    private WifiPermissionsUtil mWifiPermissionsUtil;
     private WifiConfigManager mWifiConfigManager;
     private WifiConnectivityManager mWifiConnectivityManager;
     private WifiNetworkSelector mWifiNetworkSelector;
@@ -885,6 +887,7 @@ public class WifiStateMachine extends StateMachine implements WifiNative.WifiRss
         mP2pSupported = mContext.getPackageManager().hasSystemFeature(
                 PackageManager.FEATURE_WIFI_DIRECT);
 
+        mWifiPermissionsUtil = mWifiInjector.getWifiPermissionsUtil();
         mWifiConfigManager = mWifiInjector.getWifiConfigManager();
         mWifiApConfigStore = mWifiInjector.getWifiApConfigStore();
         mWifiNative.setSystemSupportsFastBssTransition(
@@ -5852,7 +5855,7 @@ public class WifiStateMachine extends StateMachine implements WifiNative.WifiRss
         WifiConfiguration config = getCurrentWifiConfiguration();
         if (mWifiConfigManager.getLastSelectedNetwork() == config.networkId) {
             boolean prompt =
-                    mWifiConfigManager.checkConfigOverridePermission(config.lastConnectUid);
+                    mWifiPermissionsUtil.checkConfigOverridePermission(config.lastConnectUid);
             if (mVerboseLoggingEnabled) {
                 log("Network selected by UID " + config.lastConnectUid + " prompt=" + prompt);
             }
diff --git a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
index 3d473d44f..2010dcfa7 100644
--- a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
+++ b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
@@ -22,6 +22,7 @@ import android.content.Context;
 import android.content.pm.PackageManager;
 import android.content.pm.UserInfo;
 import android.net.NetworkScoreManager;
+import android.os.RemoteException;
 import android.os.UserManager;
 import android.provider.Settings;
 
@@ -58,6 +59,22 @@ public class WifiPermissionsUtil {
     }
 
     /**
+     * Checks if the app has the permission to override Wi-Fi network configuration or not.
+     *
+     * @param uid uid of the app.
+     * @return true if the app does have the permission, false otherwise.
+     */
+    public boolean checkConfigOverridePermission(int uid) {
+        try {
+            int permission = mWifiPermissionsWrapper.getOverrideWifiConfigPermission(uid);
+            return (permission == PackageManager.PERMISSION_GRANTED);
+        } catch (RemoteException e) {
+            mLog.err("Error checking for permission: %").r(e.getMessage()).flush();
+            return false;
+        }
+    }
+
+    /**
      * API to determine if the caller has permissions to get
      * scan results.
      * @param pkgName Packagename of the application requesting access
diff --git a/service/java/com/android/server/wifi/util/WifiPermissionsWrapper.java b/service/java/com/android/server/wifi/util/WifiPermissionsWrapper.java
index 72c439d47..6ca2f0291 100644
--- a/service/java/com/android/server/wifi/util/WifiPermissionsWrapper.java
+++ b/service/java/com/android/server/wifi/util/WifiPermissionsWrapper.java
@@ -17,8 +17,10 @@
 package com.android.server.wifi.util;
 
 import android.app.ActivityManager;
+import android.app.AppGlobals;
 import android.app.admin.DevicePolicyManagerInternal;
 import android.content.Context;
+import android.os.RemoteException;
 import android.os.UserHandle;
 
 import com.android.server.LocalServices;
@@ -81,4 +83,16 @@ public class WifiPermissionsWrapper {
     public DevicePolicyManagerInternal getDevicePolicyManagerInternal() {
         return LocalServices.getService(DevicePolicyManagerInternal.class);
     }
+
+    /**
+     * Determines if the caller has the override wifi config permission.
+     *
+     * @param uid to check the permission for
+     * @return int representation of success or denied
+     * @throws RemoteException
+     */
+    public int getOverrideWifiConfigPermission(int uid) throws RemoteException {
+        return AppGlobals.getPackageManager().checkUidPermission(
+                android.Manifest.permission.OVERRIDE_WIFI_CONFIG, uid);
+    }
 }
author	Rebecca Silberstein <silberst@google.com>	2017-03-01 14:21:13 -0800
committer	Rebecca Silberstein <silberst@google.com>	2017-03-09 18:23:12 +0000
commit	835e781643b79c30fabbab5595770cf01b5861fb (patch)
tree	5a7570660631b8fa83efcaac761660ad6a9a1483 /service
parent	a9f4a722ac91fe87352f2e0cfec72fdfbb35ba5d (diff)