WifiPermissionsUtil: remove connectivity app bypass

Remove the "connectivity app" bypass for getting scan results.

Changes in the CL:
a) Made the method checking permissions and device state more clear by
adding the location mode check up front with an explicit
SecurityException.
b) Added a bypass for apps with NETWORK_SETTINGS & NETWORK_SETUP_WIZARD
permissions.

Bug: 110264588
Test: frameworks/opt/net/wifi/tests/wifitests/runtests.sh
Test: manually verified device connects to wifi after starting
Test: manually verified Settings displays scan results (regardless of
whether location is on or off)
Change-Id: I2e5fa52689ec65c2ca85a32be10c179f9b9ee91b

1 files changed, 16 insertions, 16 deletions

diff --git a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
index cf43eb36f..1a85c28ae 100644
--- a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
+++ b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
@@ -173,27 +173,28 @@ public class WifiPermissionsUtil {
      */
     public void enforceCanAccessScanResults(String pkgName, int uid) throws SecurityException {
         mAppOps.checkPackage(uid, pkgName);
+
+        // Apps with NETWORK_SETTINGS & NETWORK_SETUP_WIZARD are granted a bypass.
+        if (checkNetworkSettingsPermission(uid) || checkNetworkSetupWizardPermission(uid)) {
+            return;
+        }
+
+        // Location mode must be enabled
+        if (!isLocationModeEnabled()) {
+            // Location mode is disabled, scan results cannot be returned
+            throw new SecurityException("Location mode is disabled for the device");
+        }
+
         // Check if the calling Uid has CAN_READ_PEER_MAC_ADDRESS permission.
         boolean canCallingUidAccessLocation = checkCallerHasPeersMacAddressPermission(uid);
-        // LocationAccess by App: Location Mode must be enabled and caller must have
+        // LocationAccess by App: caller must have
         // Coarse Location permission to have access to location information.
-        boolean canAppPackageUseLocation = isLocationModeEnabled(pkgName)
-                        && checkCallersLocationPermission(pkgName, uid);
-        // "Connectivity" apps can access scan results if they have both the location permission and
-        // (ACCESS_WIFI_STATE or CHANGE_WIFI_STATE), if wifi is enabled and location is off.
-        // While subtle, the requirement of having wifi enabled is enforced by the lack of private
-        // information when wifi is toggled off and we will not enter Scan mode if Location is
-        // toggled off.
-        boolean appTypeConnectivity = checkCallersLocationPermission(pkgName, uid)
-                && (checkChangePermission(uid) || checkWifiAccessPermission(uid));
+        boolean canAppPackageUseLocation = checkCallersLocationPermission(pkgName, uid);
 
         // If neither caller or app has location access, there is no need to check
         // any other permissions. Deny access to scan results.
         if (!canCallingUidAccessLocation && !canAppPackageUseLocation) {
-            // also check if it is a connectivity app
-            if (!appTypeConnectivity) {
-                throw new SecurityException("UID " + uid + " has no location permission");
-            }
+            throw new SecurityException("UID " + uid + " has no location permission");
         }
         // Check if Wifi Scan request is an operation allowed for this App.
         if (!isScanAllowedbyApps(pkgName, uid)) {
@@ -273,8 +274,7 @@ public class WifiPermissionsUtil {
         return mAppOps.noteOp(op, uid, pkgName) == AppOpsManager.MODE_ALLOWED;
     }
 
-    private boolean isLocationModeEnabled(String pkgName) {
-        // Location mode check on applications that are later than version.
+    private boolean isLocationModeEnabled() {
         return (mSettingsStore.getLocationModeSetting(mContext)
                  != Settings.Secure.LOCATION_MODE_OFF);
     }