diff options
| author | Ningyuan Wang <nywang@google.com> | 2017-05-02 11:29:24 -0700 |
|---|---|---|
| committer | Ningyuan Wang <nywang@google.com> | 2017-05-04 13:29:09 -0700 |
| commit | a1da73ea4926ce8a5689594ff3685b0fe033d99f (patch) | |
| tree | dc471a194d542c0b909ce9c0f15e53a4e383212b /service | |
| parent | bd6f2f3e73224237808660fc89c6251797412caf (diff) | |
Update anonymous identity upon EAP network connection
This allows wifi framework to update anonymous identity
provided by authenticator to network configuration.
With this, supplicant can use pseudonym instead of
permanent identity for EAP-SIM/AKA/AKA' networks.
Bug: 37530183
Test: compile, unit tests, manual test
Change-Id: Iaf9d709cbcaabb5b183ee14a23982bd99188b91e
Diffstat (limited to 'service')
5 files changed, 58 insertions, 1 deletions
diff --git a/service/java/com/android/server/wifi/SupplicantStaIfaceHal.java b/service/java/com/android/server/wifi/SupplicantStaIfaceHal.java index 9c9501b3b..0e1182a4d 100644 --- a/service/java/com/android/server/wifi/SupplicantStaIfaceHal.java +++ b/service/java/com/android/server/wifi/SupplicantStaIfaceHal.java @@ -539,6 +539,16 @@ public class SupplicantStaIfaceHal { } /** + * Get the eap anonymous identity for the currently configured network. + * + * @return anonymous identity string if succeeds, null otherwise. + */ + public String getCurrentNetworkEapAnonymousIdentity() { + if (mCurrentNetwork == null) return null; + return mCurrentNetwork.fetchEapAnonymousIdentity(); + } + + /** * Send the eap identity response for the currently configured network. * * @param identityStr String to send. diff --git a/service/java/com/android/server/wifi/SupplicantStaNetworkHal.java b/service/java/com/android/server/wifi/SupplicantStaNetworkHal.java index 262725cc4..6e7d98c47 100644 --- a/service/java/com/android/server/wifi/SupplicantStaNetworkHal.java +++ b/service/java/com/android/server/wifi/SupplicantStaNetworkHal.java @@ -1785,6 +1785,20 @@ public class SupplicantStaNetworkHal { } } } + + /** + * A wrapping method for getEapAnonymousIdentity(). + * This get anonymous identity from supplicant and returns it as a string. + * + * @return anonymous identity string if succeeds, null otherwise. + */ + public String fetchEapAnonymousIdentity() { + if (!getEapAnonymousIdentity()) { + return null; + } + return NativeUtil.stringFromByteArrayList(mEapAnonymousIdentity); + } + /** See ISupplicantStaNetwork.hal for documentation */ private boolean getEapPassword() { synchronized (mLock) { diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java index 9020b8e0f..87d7a100b 100644 --- a/service/java/com/android/server/wifi/WifiConfigManager.java +++ b/service/java/com/android/server/wifi/WifiConfigManager.java @@ -636,6 +636,15 @@ public class WifiConfigManager { return true; } + // EAP-SIM/AKA/AKA' network needs framework to update the anonymous identity provided + // by authenticator back to the WifiConfiguration object. + // Since it is "owned" by us, so always allow us to modify them. + if (config.enterpriseConfig != null + && uid == Process.WIFI_UID + && TelephonyUtil.isSimEapMethod(config.enterpriseConfig.getEapMethod())) { + return true; + } + final DevicePolicyManagerInternal dpmi = LocalServices.getService( DevicePolicyManagerInternal.class); diff --git a/service/java/com/android/server/wifi/WifiNative.java b/service/java/com/android/server/wifi/WifiNative.java index fc741e83c..eb2412311 100644 --- a/service/java/com/android/server/wifi/WifiNative.java +++ b/service/java/com/android/server/wifi/WifiNative.java @@ -534,6 +534,15 @@ public class WifiNative { } /** + * This get anonymous identity from supplicant and returns it as a string. + * + * @return anonymous identity string if succeeds, null otherwise. + */ + public String getEapAnonymousIdentity() { + return mSupplicantStaIfaceHal.getCurrentNetworkEapAnonymousIdentity(); + } + + /** * Start WPS pin registrar operation with the specified peer and pin. * * @param bssid BSSID of the peer. diff --git a/service/java/com/android/server/wifi/WifiStateMachine.java b/service/java/com/android/server/wifi/WifiStateMachine.java index eaac5560a..6c5031d95 100644 --- a/service/java/com/android/server/wifi/WifiStateMachine.java +++ b/service/java/com/android/server/wifi/WifiStateMachine.java @@ -5214,10 +5214,25 @@ public class WifiStateMachine extends StateMachine implements WifiNative.WifiRss // to it after a config store reload. Hence the old network Id lookups may not // work, so disconnect the network and let network selector reselect a new // network. - if (getCurrentWifiConfiguration() != null) { + config = getCurrentWifiConfiguration(); + if (config != null) { mWifiInfo.setBSSID(mLastBssid); mWifiInfo.setNetworkId(mLastNetworkId); mWifiConnectivityManager.trackBssid(mLastBssid, true, reasonCode); + // We need to get the updated pseudonym from supplicant for EAP-SIM/AKA/AKA' + if (config.enterpriseConfig != null + && TelephonyUtil.isSimEapMethod( + config.enterpriseConfig.getEapMethod())) { + String anonymousIdentity = mWifiNative.getEapAnonymousIdentity(); + if (anonymousIdentity != null) { + config.enterpriseConfig.setAnonymousIdentity(anonymousIdentity); + } else { + Log.d(TAG, "Failed to get updated anonymous identity" + + " from supplicant, reset it in WifiConfiguration."); + config.enterpriseConfig.setAnonymousIdentity(null); + } + mWifiConfigManager.addOrUpdateNetwork(config, Process.WIFI_UID); + } sendNetworkStateChangeBroadcast(mLastBssid); transitionTo(mObtainingIpState); } else { |