summaryrefslogtreecommitdiff
path: root/service
diff options
context:
space:
mode:
authorRoshan Pius <rpius@google.com>2020-03-27 20:22:57 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2020-03-27 20:22:57 +0000
commitc3aee5db2dfd24ecc3c75478cee75629724b1324 (patch)
tree27e7162f6c79eef62381be7844fa6a33d2854752 /service
parent63a0c3cc09a6cf9d6dcc7c544e15bb2aab150cbd (diff)
parent386816bb104b9139d02b6460340d6ea35ae2be18 (diff)
Merge "WifiShellCommand: Allow non root access to some commands" into rvc-dev
Diffstat (limited to 'service')
-rw-r--r--service/java/com/android/server/wifi/WifiShellCommand.java38
1 files changed, 21 insertions, 17 deletions
diff --git a/service/java/com/android/server/wifi/WifiShellCommand.java b/service/java/com/android/server/wifi/WifiShellCommand.java
index 6d7eeed4c..4a609a9e9 100644
--- a/service/java/com/android/server/wifi/WifiShellCommand.java
+++ b/service/java/com/android/server/wifi/WifiShellCommand.java
@@ -30,11 +30,13 @@ import android.net.wifi.WifiScanner;
import android.net.wifi.nl80211.WifiNl80211Manager;
import android.os.BasicShellCommandHandler;
import android.os.Binder;
+import android.os.Process;
import android.os.RemoteException;
import android.os.SystemClock;
import android.text.TextUtils;
import com.android.server.wifi.util.ApConfigUtil;
+import com.android.server.wifi.util.ArrayUtils;
import com.android.server.wifi.util.ScanResultUtil;
import java.io.PrintWriter;
@@ -60,6 +62,19 @@ import java.util.concurrent.TimeUnit;
*/
public class WifiShellCommand extends BasicShellCommandHandler {
private static String SHELL_PACKAGE_NAME = "com.android.shell";
+ // These don't require root access.
+ // However, these do perform permission checks in the corresponding WifiService methods.
+ private static final String[] NON_PRIVILEGED_COMMANDS = {
+ "connect-network",
+ "forget-network",
+ "list-scan-results",
+ "list-networks",
+ "set-verbose-logging",
+ "set-wifi-enabled",
+ "start-scan",
+ "status",
+ };
+
private final ClientModeImpl mClientModeImpl;
private final WifiLockManager mWifiLockManager;
private final WifiNetworkSuggestionsManager mWifiNetworkSuggestionsManager;
@@ -89,8 +104,12 @@ public class WifiShellCommand extends BasicShellCommandHandler {
// Explicit exclusion from root permission
// Do not require root permission to maintain backwards compatibility with
// `svc wifi [enable|disable]`.
- if (!"set-wifi-enabled".equals(cmd)) {
- checkRootPermission();
+ if (ArrayUtils.indexOf(NON_PRIVILEGED_COMMANDS, cmd) == -1) {
+ final int uid = Binder.getCallingUid();
+ if (uid != Process.ROOT_UID) {
+ throw new SecurityException(
+ "Uid " + uid + " does not have access to " + cmd + " wifi command");
+ }
}
final PrintWriter pw = getOutPrintWriter();
@@ -358,12 +377,6 @@ public class WifiShellCommand extends BasicShellCommandHandler {
return 0;
}
case "set-wifi-enabled": {
- // This command is explicitly exempted from checkRootPermission() (see beginning
- // of this method).
- // Do not require root permission to maintain backwards compatibility with
- // `svc wifi [enable|disable]`.
- // However, setWifiEnabled() does perform its own check for the
- // android.Manifest.permission.CHANGE_WIFI_STATE permission.
boolean enabled;
String nextArg = getNextArgRequired();
if ("enabled".equals(nextArg)) {
@@ -583,15 +596,6 @@ public class WifiShellCommand extends BasicShellCommandHandler {
|| Arrays.binarySearch(allowed6gFreq, apChannelMHz) >= 0;
}
- private void checkRootPermission() {
- final int uid = Binder.getCallingUid();
- if (uid == 0) {
- // Root can do anything.
- return;
- }
- throw new SecurityException("Uid " + uid + " does not have access to wifi commands");
- }
-
@Override
public void onHelp() {
final PrintWriter pw = getOutPrintWriter();