wifi: Support blocked list when ClientControlEnabled is false

Control whether framework should disconnect a new/unknown client(MAC)
initially or not based on the ClientControlEnabled flag.

ClientControlEnabled (false) -> New/unknown Clients will be allowed
to connect initially i.e. framework will not blindly disconnect a new client.
Framework will instead only provide a callback notification
about new client connection.

Clients would be disconnected only after user action
i.e. user decides to adds the new client to Blocklist
This avoids unnecessarily client disconnect in the case user
chooses *not* to add client to Blocklist.

ClientControlEnabled (true) -> New/unknown Clients will *not* be allowed
to connect initially until user approval
i.e. framework will disconnect the new client and provide callback
notification about new client connection.
Clients would be allowed (next attempt) only after user/setting
approves the new client to be added to "allow list".

Impact:
No impact for ClientControlEnabled is enable.
No impact for non-supported client control feature device because it
will check overlay config: OFTAP_FEATURE_CLIENT_FORCE_DISCONNECT,
i.e. No impact with Pixel.

Bug: 159582750
Test: atest FrameworksWifiTests
Change-Id: I1c8fdbcdbacfb1bca418584bf7480192dc0a9951

3 files changed, 29 insertions, 23 deletions

diff --git a/service/java/com/android/server/wifi/SoftApManager.java b/service/java/com/android/server/wifi/SoftApManager.java
index f9720477b..ffbb388cc 100644
--- a/service/java/com/android/server/wifi/SoftApManager.java
+++ b/service/java/com/android/server/wifi/SoftApManager.java
@@ -469,12 +469,17 @@ public class SoftApManager implements ActiveModeManager {
             return true;
         }
 
+        if (mBlockedClientList.contains(newClient.getMacAddress())) {
+            Log.d(TAG, "Force disconnect for client: " + newClient + "in blocked list");
+            mWifiNative.forceClientDisconnect(
+                    mApInterfaceName, newClient.getMacAddress(),
+                    WifiManager.SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
+            return false;
+        }
         if (config.isClientControlByUserEnabled()
                 && !mAllowedClientList.contains(newClient.getMacAddress())) {
-            if (!mBlockedClientList.contains(newClient.getMacAddress())) {
-                mSoftApCallback.onBlockedClientConnecting(newClient,
-                        WifiManager.SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
-            }
+            mSoftApCallback.onBlockedClientConnecting(newClient,
+                    WifiManager.SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
             Log.d(TAG, "Force disconnect for unauthorized client: " + newClient);
             mWifiNative.forceClientDisconnect(
                     mApInterfaceName, newClient.getMacAddress(),
@@ -667,25 +672,22 @@ public class SoftApManager implements ActiveModeManager {
                 }
                 int targetDisconnectClientNumber = mConnectedClients.size() - finalMaxClientCount;
                 List<WifiClient> allowedConnectedList = new ArrayList<>();
-                if (mApConfig.getSoftApConfiguration().isClientControlByUserEnabled()) {
-                    // Check allow list first
-                    Iterator<WifiClient> iterator = mConnectedClients.iterator();
-                    while (iterator.hasNext()) {
-                        WifiClient client = iterator.next();
-                        if (mAllowedClientList.contains(client.getMacAddress())) {
-                            allowedConnectedList.add(client);
-                        } else {
-                            Log.d(TAG, "Force disconnect for not allowed client: " + client);
-                            mWifiNative.forceClientDisconnect(
-                                    mApInterfaceName, client.getMacAddress(),
-                                    WifiManager
-                                    .SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
-                            targetDisconnectClientNumber--;
-                        }
+                Iterator<WifiClient> iterator = mConnectedClients.iterator();
+                while (iterator.hasNext()) {
+                    WifiClient client = iterator.next();
+                    if (mBlockedClientList.contains(client.getMacAddress())
+                              || (mApConfig.getSoftApConfiguration().isClientControlByUserEnabled()
+                              && !mAllowedClientList.contains(client.getMacAddress()))) {
+                        Log.d(TAG, "Force disconnect for not allowed client: " + client);
+                        mWifiNative.forceClientDisconnect(
+                                mApInterfaceName, client.getMacAddress(),
+                                WifiManager.SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
+                        targetDisconnectClientNumber--;
+                    } else {
+                        allowedConnectedList.add(client);
                     }
-                } else {
-                    allowedConnectedList = new ArrayList<>(mConnectedClients);
                 }
+
                 if (targetDisconnectClientNumber > 0) {
                     Iterator<WifiClient> allowedClientIterator = allowedConnectedList.iterator();
                     while (allowedClientIterator.hasNext()) {
diff --git a/service/java/com/android/server/wifi/WifiApConfigStore.java b/service/java/com/android/server/wifi/WifiApConfigStore.java
index eb2b11245..3de99711b 100644
--- a/service/java/com/android/server/wifi/WifiApConfigStore.java
+++ b/service/java/com/android/server/wifi/WifiApConfigStore.java
@@ -33,6 +33,7 @@ import com.android.wifi.resources.R;
 
 import java.nio.charset.StandardCharsets;
 import java.security.SecureRandom;
+import java.util.ArrayList;
 import java.util.Random;
 
 import javax.annotation.Nullable;
@@ -170,8 +171,10 @@ public class WifiApConfigStore {
         if ((!ApConfigUtil.isClientForceDisconnectSupported(mContext)
                 || mContext.getResources().getBoolean(
                 R.bool.config_wifiSoftapResetUserControlConfig))
-                && config.isClientControlByUserEnabled()) {
+                && (config.isClientControlByUserEnabled()
+                || config.getBlockedClientList().size() != 0)) {
             configBuilder.setClientControlByUserEnabled(false);
+            configBuilder.setBlockedClientList(new ArrayList<>());
             Log.i(TAG, "Reset ClientControlByUser to false due to device doesn't support");
         }
 
diff --git a/service/java/com/android/server/wifi/util/ApConfigUtil.java b/service/java/com/android/server/wifi/util/ApConfigUtil.java
index b385369a7..39d0df5f5 100644
--- a/service/java/com/android/server/wifi/util/ApConfigUtil.java
+++ b/service/java/com/android/server/wifi/util/ApConfigUtil.java
@@ -529,7 +529,8 @@ public class ApConfigUtil {
             SoftApCapability capability) {
         if (!capability.areFeaturesSupported(
                 SoftApCapability.SOFTAP_FEATURE_CLIENT_FORCE_DISCONNECT)
-                && (config.getMaxNumberOfClients() != 0 || config.isClientControlByUserEnabled())) {
+                && (config.getMaxNumberOfClients() != 0 || config.isClientControlByUserEnabled()
+                || config.getBlockedClientList().size() != 0)) {
             Log.d(TAG, "Error, Client control requires HAL support");
             return false;
         }