Enterprise suggestion's catificate share same lifecycle as suggestion

Enterprise network suggestion's catificate will add to keystore immediately after add the suggestion, and will only remove after suggestion is removed.

Bug: 150500247
Test: atest com.android.server.wifi

Merged-In: I85fb81a98f16b6a343fb35ce31e1426e333773b0
Change-Id: Icbe49911d7ca93b03dfdf728ad88057c31aa5974

3 files changed, 40 insertions, 12 deletions

diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
index c617b9e1f..a2f10914a 100644
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
@@ -1230,12 +1230,11 @@ public class WifiConfigManager {
             return new NetworkUpdateResult(WifiConfiguration.INVALID_NETWORK_ID);
         }
 
-        // Update the keys for non-Passpoint enterprise networks.  For Passpoint, the certificates
-        // and keys are installed at the time the provider is installed.
-        if (config.enterpriseConfig != null
-                && config.enterpriseConfig.getEapMethod() != WifiEnterpriseConfig.Eap.NONE
-                && !config.isPasspoint()) {
-            if (!(mWifiKeyStore.updateNetworkKeys(newInternalConfig, existingInternalConfig))) {
+        // Update the keys for saved enterprise networks. For Passpoint, the certificates
+        // and keys are installed at the time the provider is installed. For suggestion enterprise
+        // network the certificates and keys are installed at the time the suggestion is added
+        if (!config.isPasspoint() && !config.fromWifiNetworkSuggestion && config.isEnterprise()) {
+            if (!mWifiKeyStore.updateNetworkKeys(newInternalConfig, existingInternalConfig)) {
                 return new NetworkUpdateResult(WifiConfiguration.INVALID_NETWORK_ID);
             }
         }
@@ -1372,9 +1371,10 @@ public class WifiConfigManager {
         if (mVerboseLoggingEnabled) {
             Log.v(TAG, "Removing network " + config.getPrintableSsid());
         }
-        // Remove any associated enterprise keys for non-Passpoint networks.
-        if (!config.isPasspoint() && config.enterpriseConfig != null
-                && config.enterpriseConfig.getEapMethod() != WifiEnterpriseConfig.Eap.NONE) {
+        // Remove any associated enterprise keys for saved enterprise networks. Passpoint network
+        // will remove the enterprise keys when provider is uninstalled. Suggestion enterprise
+        // networks will remove the enterprise keys when suggestion is removed.
+        if (!config.isPasspoint() && !config.fromWifiNetworkSuggestion && config.isEnterprise()) {
             mWifiKeyStore.removeKeys(config.enterpriseConfig);
         }
 
diff --git a/service/java/com/android/server/wifi/WifiInjector.java b/service/java/com/android/server/wifi/WifiInjector.java
index 339e169f6..a234d4d81 100644
--- a/service/java/com/android/server/wifi/WifiInjector.java
+++ b/service/java/com/android/server/wifi/WifiInjector.java
@@ -277,8 +277,8 @@ public class WifiInjector {
                 mWifiConfigManager, mClock, mConnectivityLocalLog, mWifiConnectivityHelper,
                 subscriptionManager);
         mWifiNetworkSuggestionsManager = new WifiNetworkSuggestionsManager(mContext,
-                new Handler(mWifiCoreHandlerThread.getLooper()), this,
-                mWifiPermissionsUtil, mWifiConfigManager, mWifiConfigStore, mWifiMetrics);
+                new Handler(mWifiCoreHandlerThread.getLooper()), this, mWifiPermissionsUtil,
+                mWifiConfigManager, mWifiConfigStore, mWifiMetrics, mWifiKeyStore);
         mNetworkSuggestionEvaluator = new NetworkSuggestionEvaluator(mWifiNetworkSuggestionsManager,
                 mWifiConfigManager, mConnectivityLocalLog);
         mScoredNetworkEvaluator = new ScoredNetworkEvaluator(context, clientModeImplLooper,
diff --git a/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java b/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
index 644eb6523..19603d8c6 100644
--- a/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
+++ b/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
@@ -108,6 +108,7 @@ public class WifiNetworkSuggestionsManager {
     private final WifiMetrics mWifiMetrics;
     private final WifiInjector mWifiInjector;
     private final FrameworkFacade mFrameworkFacade;
+    private final WifiKeyStore mWifiKeyStore;
 
     /**
      * Per app meta data to store network suggestions, status, etc for each app providing network
@@ -166,6 +167,10 @@ public class WifiNetworkSuggestionsManager {
                                              @NonNull PerAppInfo perAppInfo) {
             this.wns = wns;
             this.perAppInfo = perAppInfo;
+            this.wns.wifiConfiguration.fromWifiNetworkSuggestion = true;
+            this.wns.wifiConfiguration.ephemeral = true;
+            this.wns.wifiConfiguration.creatorName = perAppInfo.packageName;
+            this.wns.wifiConfiguration.creatorUid = wns.suggestorUid;
         }
 
         @Override
@@ -384,7 +389,8 @@ public class WifiNetworkSuggestionsManager {
                                          WifiPermissionsUtil wifiPermissionsUtil,
                                          WifiConfigManager wifiConfigManager,
                                          WifiConfigStore wifiConfigStore,
-                                         WifiMetrics wifiMetrics) {
+                                         WifiMetrics wifiMetrics,
+                                         WifiKeyStore keyStore) {
         mContext = context;
         mResources = context.getResources();
         mHandler = handler;
@@ -397,6 +403,7 @@ public class WifiNetworkSuggestionsManager {
         mWifiPermissionsUtil = wifiPermissionsUtil;
         mWifiConfigManager = wifiConfigManager;
         mWifiMetrics = wifiMetrics;
+        mWifiKeyStore = keyStore;
 
         // register the data store for serializing/deserializing data.
         wifiConfigStore.registerStoreData(
@@ -595,6 +602,19 @@ public class WifiNetworkSuggestionsManager {
             // Start tracking app-op changes from the app if they have active suggestions.
             startTrackingAppOpsChange(packageName, uid);
         }
+        Iterator<ExtendedWifiNetworkSuggestion> iterator = extNetworkSuggestions.iterator();
+        // Install enterprise network suggestion catificate.
+        while (iterator.hasNext()) {
+            WifiConfiguration config = iterator.next().wns.wifiConfiguration;
+            if (!config.isEnterprise()) {
+                continue;
+            }
+            if (!mWifiKeyStore.updateNetworkKeys(config, null)) {
+                Log.e(TAG, "Enterprise network install failure for SSID: "
+                        + config.SSID);
+                iterator.remove();
+            }
+        }
         perAppInfo.extNetworkSuggestions.addAll(extNetworkSuggestions);
         // Update the max size for this app.
         perAppInfo.maxSize = Math.max(perAppInfo.extNetworkSuggestions.size(), perAppInfo.maxSize);
@@ -634,6 +654,14 @@ public class WifiNetworkSuggestionsManager {
             // Stop tracking app-op changes from the app if they don't have active suggestions.
             stopTrackingAppOpsChange(packageName);
         }
+        // Clean the enterprise certifiacte.
+        for (ExtendedWifiNetworkSuggestion ewns : extNetworkSuggestions) {
+            WifiConfiguration config = ewns.wns.wifiConfiguration;
+            if (!config.isEnterprise()) {
+                continue;
+            }
+            mWifiKeyStore.removeKeys(config.enterpriseConfig);
+        }
         // Clear the scan cache.
         removeFromScanResultMatchInfoMap(extNetworkSuggestions);
     }