diff options
| author | Roshan Pius <rpius@google.com> | 2018-04-27 17:29:46 -0700 |
|---|---|---|
| committer | Roshan Pius <rpius@google.com> | 2018-04-27 17:34:02 -0700 |
| commit | d47fd3791387eded068f6554c0dfdaa0ee5ceef2 (patch) | |
| tree | af360f53b8f9022ae84c8dc9e801a51b531e2d80 /service | |
| parent | 7d8f472a86f2d2dee7719c1e467d808608fcfe0a (diff) | |
WifiServiceImpl: Additional permission checks for startScan
Only allow apps to scan if they have the necessary permissions to
retrieve scan results.
Bug: 78649632
Test: Unit tests
Test: Scans from settings still works.
Change-Id: I865967d6e411f0bed19b5ec592ada5a4c230f853
Diffstat (limited to 'service')
| -rw-r--r-- | service/java/com/android/server/wifi/WifiServiceImpl.java | 32 |
1 files changed, 20 insertions, 12 deletions
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java index 4d9dbf7e7..04be38daa 100644 --- a/service/java/com/android/server/wifi/WifiServiceImpl.java +++ b/service/java/com/android/server/wifi/WifiServiceImpl.java @@ -611,6 +611,7 @@ public class WifiServiceImpl extends IWifiManager.Stub { } int callingUid = Binder.getCallingUid(); + long ident = Binder.clearCallingIdentity(); mLog.info("startScan uid=%").c(callingUid).flush(); synchronized (this) { if (mInIdleMode) { @@ -626,19 +627,26 @@ public class WifiServiceImpl extends IWifiManager.Stub { return false; } } - Mutable<Boolean> scanSuccess = new Mutable<>(); - boolean runWithScissorsSuccess = mWifiInjector.getWifiStateMachineHandler() - .runWithScissors(() -> { - scanSuccess.value = mScanRequestProxy.startScan(callingUid, packageName); - }, RUN_WITH_SCISSORS_TIMEOUT_MILLIS); - if (!runWithScissorsSuccess) { - Log.e(TAG, "Failed to post runnable to start scan"); - sendFailedScanBroadcast(); - return false; - } - if (!scanSuccess.value) { - Log.e(TAG, "Failed to start scan"); + try { + mWifiPermissionsUtil.enforceCanAccessScanResults(packageName, callingUid); + Mutable<Boolean> scanSuccess = new Mutable<>(); + boolean runWithScissorsSuccess = mWifiInjector.getWifiStateMachineHandler() + .runWithScissors(() -> { + scanSuccess.value = mScanRequestProxy.startScan(callingUid, packageName); + }, RUN_WITH_SCISSORS_TIMEOUT_MILLIS); + if (!runWithScissorsSuccess) { + Log.e(TAG, "Failed to post runnable to start scan"); + sendFailedScanBroadcast(); + return false; + } + if (!scanSuccess.value) { + Log.e(TAG, "Failed to start scan"); + return false; + } + } catch (SecurityException e) { return false; + } finally { + Binder.restoreCallingIdentity(ident); } return true; } |