Merge changes from topic "p2p-systemapi"

* changes: WifiP2pService: Add permission checks for new @SystemApis Rename WIFI_P2P_PERSISTENT_GROUPS_CHANGED_ACTION intent
author: David Su <dysu@google.com> 2019-11-18 17:52:54 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2019-11-18 17:52:54 +0000
commit: 908eda596c7d233b5ef234837b2e41cf4e8872f5 (patch)
tree: 9e5c114479045aa6abfe8919bb30c8080327b3cd /service
parent: 7703348beff18ed6cfe4abec9e4d8ab227833c85 (diff)
parent: cf8a3f0243ff1c36ea19d0bb46225f9df4e01c8f (diff)
2 files changed, 85 insertions, 1 deletions
diff --git a/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java b/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java
index 8fc0a8f6b..dd6a3060e 100644
--- a/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java
+++ b/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java
@@ -1080,6 +1080,15 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
                                 maybeEraseOwnDeviceAddress(mGroup, message.sendingUid));
                         break;
                     case WifiP2pManager.REQUEST_PERSISTENT_GROUP_INFO:
+                        if (!checkNetworkSettingsOrNetworkStackOrReadWifiCredentialPermission(
+                                message.sendingUid)) {
+                            loge("Permission violation - none of NETWORK_SETTING, NETWORK_STACK,"
+                                    + " or READ_WIFI_CREDENTIAL permission, uid = "
+                                    + message.sendingUid);
+                            replyToMessage(message, WifiP2pManager.RESPONSE_PERSISTENT_GROUP_INFO,
+                                    new WifiP2pGroupList());
+                            break;
+                        }
                         replyToMessage(message, WifiP2pManager.RESPONSE_PERSISTENT_GROUP_INFO,
                                 new WifiP2pGroupList(
                                         maybeEraseOwnDeviceAddress(mGroups, message.sendingUid),
@@ -1483,6 +1492,15 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
                         break;
                     case WifiP2pManager.SET_DEVICE_NAME:
                     {
+                        if (!checkNetworkSettingsOrNetworkStackOrOverrideWifiConfigPermission(
+                                message.sendingUid)) {
+                            loge("Permission violation - none of NETWORK_SETTING, NETWORK_STACK,"
+                                    + " or OVERRIDE_WIFI_CONFIG permission, uid = "
+                                    + message.sendingUid);
+                            replyToMessage(message, WifiP2pManager.SET_DEVICE_NAME_FAILED,
+                                    WifiP2pManager.ERROR);
+                            break;
+                        }
                         WifiP2pDevice d = (WifiP2pDevice) message.obj;
                         if (d != null && setAndPersistDeviceName(d.deviceName)) {
                             if (mVerboseLoggingEnabled) logd("set device name " + d.deviceName);
@@ -1683,6 +1701,15 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
                         }
                         break;
                     case WifiP2pManager.DELETE_PERSISTENT_GROUP:
+                        if (!checkNetworkSettingsOrNetworkStackOrOverrideWifiConfigPermission(
+                                message.sendingUid)) {
+                            loge("Permission violation - none of NETWORK_SETTING, NETWORK_STACK,"
+                                    + " or OVERRIDE_WIFI_CONFIG permission, uid = "
+                                    + message.sendingUid);
+                            replyToMessage(message, WifiP2pManager.DELETE_PERSISTENT_GROUP_FAILED,
+                                    WifiP2pManager.ERROR);
+                            break;
+                        }
                         if (mVerboseLoggingEnabled) logd(getName() + " delete persistent group");
                         mGroups.remove(message.arg1);
                         mWifiP2pMetrics.updatePersistentGroup(mGroups);
@@ -1724,6 +1751,15 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
                         mWifiNative.p2pFlush();
                         break;
                     case WifiP2pManager.SET_CHANNEL:
+                        if (!checkNetworkSettingsOrNetworkStackOrOverrideWifiConfigPermission(
+                                message.sendingUid)) {
+                            loge("Permission violation - none of NETWORK_SETTING, NETWORK_STACK,"
+                                    + " or OVERRIDE_WIFI_CONFIG permission, uid = "
+                                    + message.sendingUid);
+                            replyToMessage(message, WifiP2pManager.SET_CHANNEL_FAILED,
+                                    WifiP2pManager.ERROR);
+                            break;
+                        }
                         Bundle p2pChannels = (Bundle) message.obj;
                         int lc = p2pChannels.getInt("lc", 0);
                         int oc = p2pChannels.getInt("oc", 0);
@@ -2042,6 +2078,15 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
                         mWifiNative.p2pFlush();
                         break;
                     case WifiP2pManager.SET_CHANNEL:
+                        if (!checkNetworkSettingsOrNetworkStackOrOverrideWifiConfigPermission(
+                                message.sendingUid)) {
+                            loge("Permission violation - none of NETWORK_SETTING, NETWORK_STACK,"
+                                    + " or OVERRIDE_WIFI_CONFIG permission, uid = "
+                                    + message.sendingUid);
+                            replyToMessage(message, WifiP2pManager.SET_CHANNEL_FAILED,
+                                    WifiP2pManager.ERROR);
+                            break;
+                        }
                         if (message.obj == null) {
                             Log.e(TAG, "Illegal arguments(s)");
                             break;
@@ -3042,7 +3087,7 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
 
         private void sendP2pPersistentGroupsChangedBroadcast() {
             if (mVerboseLoggingEnabled) logd("sending p2p persistent groups changed broadcast");
-            Intent intent = new Intent(WifiP2pManager.WIFI_P2P_PERSISTENT_GROUPS_CHANGED_ACTION);
+            Intent intent = new Intent(WifiP2pManager.ACTION_WIFI_P2P_PERSISTENT_GROUPS_CHANGED);
             intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY_BEFORE_BOOT);
             mContext.sendStickyBroadcastAsUser(intent, UserHandle.ALL);
         }
@@ -4214,4 +4259,34 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
             mServList = new ArrayList<WifiP2pServiceInfo>();
         }
     }
+
+    /**
+     * Check that the UID has one of the following permissions:
+     * {@link android.Manifest.permission.NETWORK_SETTINGS}
+     * {@link android.Manifest.permission.NETWORK_STACK}
+     * {@link android.Manifest.permission.OVERRIDE_WIFI_CONFIG}
+     *
+     * @param uid the UID to check
+     * @return whether the UID has any of the above permissions
+     */
+    private boolean checkNetworkSettingsOrNetworkStackOrOverrideWifiConfigPermission(int uid) {
+        return mWifiPermissionsUtil.checkNetworkSettingsPermission(uid)
+                || mWifiPermissionsUtil.checkNetworkStackPermission(uid)
+                || mWifiPermissionsUtil.checkConfigOverridePermission(uid);
+    }
+
+    /**
+     * Check that the UID has one of the following permissions:
+     * {@link android.Manifest.permission.NETWORK_SETTINGS}
+     * {@link android.Manifest.permission.NETWORK_STACK}
+     * {@link android.Manifest.permission.READ_WIFI_CREDENTIAL}
+     *
+     * @param uid the UID to check
+     * @return whether the UID has any of the above permissions
+     */
+    private boolean checkNetworkSettingsOrNetworkStackOrReadWifiCredentialPermission(int uid) {
+        return mWifiPermissionsUtil.checkNetworkSettingsPermission(uid)
+                || mWifiPermissionsUtil.checkNetworkStackPermission(uid)
+                || mWifiPermissionsUtil.checkReadWifiCredentialPermission(uid);
+    }
 }
diff --git a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
index 957e2abea..5e651d415 100644
--- a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
+++ b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
@@ -476,6 +476,15 @@ public class WifiPermissionsUtil {
     }
 
     /**
+     * Returns true if the |uid| holds READ_WIFI_CREDENTIAL permission.
+     */
+    public boolean checkReadWifiCredentialPermission(int uid) {
+        return mWifiPermissionsWrapper.getUidPermission(
+                android.Manifest.permission.READ_WIFI_CREDENTIAL, uid)
+                == PackageManager.PERMISSION_GRANTED;
+    }
+
+    /**
      * Returns true if the |callingUid|/\callingPackage| holds SYSTEM_ALERT_WINDOW permission.
      */
     public boolean checkSystemAlertWindowPermission(int callingUid, String callingPackage) {
author	David Su <dysu@google.com>	2019-11-18 17:52:54 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2019-11-18 17:52:54 +0000
commit	908eda596c7d233b5ef234837b2e41cf4e8872f5 (patch)
tree	9e5c114479045aa6abfe8919bb30c8080327b3cd /service
parent	7703348beff18ed6cfe4abec9e4d8ab227833c85 (diff)
parent	cf8a3f0243ff1c36ea19d0bb46225f9df4e01c8f (diff)