diff options
author | Roshan Pius <rpius@google.com> | 2020-03-27 20:22:57 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2020-03-27 20:22:57 +0000 |
commit | c3aee5db2dfd24ecc3c75478cee75629724b1324 (patch) | |
tree | 27e7162f6c79eef62381be7844fa6a33d2854752 /service | |
parent | 63a0c3cc09a6cf9d6dcc7c544e15bb2aab150cbd (diff) | |
parent | 386816bb104b9139d02b6460340d6ea35ae2be18 (diff) |
Merge "WifiShellCommand: Allow non root access to some commands" into rvc-dev
Diffstat (limited to 'service')
-rw-r--r-- | service/java/com/android/server/wifi/WifiShellCommand.java | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/service/java/com/android/server/wifi/WifiShellCommand.java b/service/java/com/android/server/wifi/WifiShellCommand.java index 6d7eeed4c..4a609a9e9 100644 --- a/service/java/com/android/server/wifi/WifiShellCommand.java +++ b/service/java/com/android/server/wifi/WifiShellCommand.java @@ -30,11 +30,13 @@ import android.net.wifi.WifiScanner; import android.net.wifi.nl80211.WifiNl80211Manager; import android.os.BasicShellCommandHandler; import android.os.Binder; +import android.os.Process; import android.os.RemoteException; import android.os.SystemClock; import android.text.TextUtils; import com.android.server.wifi.util.ApConfigUtil; +import com.android.server.wifi.util.ArrayUtils; import com.android.server.wifi.util.ScanResultUtil; import java.io.PrintWriter; @@ -60,6 +62,19 @@ import java.util.concurrent.TimeUnit; */ public class WifiShellCommand extends BasicShellCommandHandler { private static String SHELL_PACKAGE_NAME = "com.android.shell"; + // These don't require root access. + // However, these do perform permission checks in the corresponding WifiService methods. + private static final String[] NON_PRIVILEGED_COMMANDS = { + "connect-network", + "forget-network", + "list-scan-results", + "list-networks", + "set-verbose-logging", + "set-wifi-enabled", + "start-scan", + "status", + }; + private final ClientModeImpl mClientModeImpl; private final WifiLockManager mWifiLockManager; private final WifiNetworkSuggestionsManager mWifiNetworkSuggestionsManager; @@ -89,8 +104,12 @@ public class WifiShellCommand extends BasicShellCommandHandler { // Explicit exclusion from root permission // Do not require root permission to maintain backwards compatibility with // `svc wifi [enable|disable]`. - if (!"set-wifi-enabled".equals(cmd)) { - checkRootPermission(); + if (ArrayUtils.indexOf(NON_PRIVILEGED_COMMANDS, cmd) == -1) { + final int uid = Binder.getCallingUid(); + if (uid != Process.ROOT_UID) { + throw new SecurityException( + "Uid " + uid + " does not have access to " + cmd + " wifi command"); + } } final PrintWriter pw = getOutPrintWriter(); @@ -358,12 +377,6 @@ public class WifiShellCommand extends BasicShellCommandHandler { return 0; } case "set-wifi-enabled": { - // This command is explicitly exempted from checkRootPermission() (see beginning - // of this method). - // Do not require root permission to maintain backwards compatibility with - // `svc wifi [enable|disable]`. - // However, setWifiEnabled() does perform its own check for the - // android.Manifest.permission.CHANGE_WIFI_STATE permission. boolean enabled; String nextArg = getNextArgRequired(); if ("enabled".equals(nextArg)) { @@ -583,15 +596,6 @@ public class WifiShellCommand extends BasicShellCommandHandler { || Arrays.binarySearch(allowed6gFreq, apChannelMHz) >= 0; } - private void checkRootPermission() { - final int uid = Binder.getCallingUid(); - if (uid == 0) { - // Root can do anything. - return; - } - throw new SecurityException("Uid " + uid + " does not have access to wifi commands"); - } - @Override public void onHelp() { final PrintWriter pw = getOutPrintWriter(); |