Merge "WifiServiceImpl: Add permission check for async message handling" into oc-dr1-dev

author: TreeHugger Robot <treehugger-gerrit@google.com> 2017-07-12 19:31:44 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2017-07-12 19:31:44 +0000
commit: e8e6d8b116df0eec9ab44f2073ff3f6e80f3c008 (patch)
tree: 05aca9e93a5820e2c3408e562a7360668a6b0927 /service
parent: 94e6a40d256aa94f13b334c08cd1e60a92886da1 (diff)
parent: a082e33e3f96e2b8394ae42b89601cad3f28679c (diff)
3 files changed, 110 insertions, 36 deletions
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java
index 02773ee2e..1c0b640ad 100644
--- a/service/java/com/android/server/wifi/WifiServiceImpl.java
+++ b/service/java/com/android/server/wifi/WifiServiceImpl.java
@@ -262,55 +262,81 @@ public class WifiServiceImpl extends IWifiManager.Stub {
                     break;
                 }
                 case WifiManager.CONNECT_NETWORK: {
-                    WifiConfiguration config = (WifiConfiguration) msg.obj;
-                    int networkId = msg.arg1;
-                    Slog.d("WiFiServiceImpl ", "CONNECT "
-                            + " nid=" + Integer.toString(networkId)
-                            + " uid=" + msg.sendingUid
-                            + " name="
-                            + mContext.getPackageManager().getNameForUid(msg.sendingUid));
-                    if (config != null) {
-                        if (DBG) Slog.d(TAG, "Connect with config " + config);
-                        /* Command is forwarded to state machine */
-                        mWifiStateMachine.sendMessage(Message.obtain(msg));
-                    } else if (config == null
-                            && networkId != WifiConfiguration.INVALID_NETWORK_ID) {
-                        if (DBG) Slog.d(TAG, "Connect with networkId " + networkId);
-                        mWifiStateMachine.sendMessage(Message.obtain(msg));
-                    } else {
-                        Slog.e(TAG, "ClientHandler.handleMessage ignoring invalid msg=" + msg);
-                        replyFailed(msg, WifiManager.CONNECT_NETWORK_FAILED,
-                                WifiManager.INVALID_ARGS);
+                    if (checkChangePermissionAndReplyIfNotAuthorized(
+                            msg, WifiManager.CONNECT_NETWORK_FAILED)) {
+                        WifiConfiguration config = (WifiConfiguration) msg.obj;
+                        int networkId = msg.arg1;
+                        Slog.d(TAG, "CONNECT "
+                                + " nid=" + Integer.toString(networkId)
+                                + " uid=" + msg.sendingUid
+                                + " name="
+                                + mContext.getPackageManager().getNameForUid(msg.sendingUid));
+                        if (config != null) {
+                            if (DBG) Slog.d(TAG, "Connect with config " + config);
+                            /* Command is forwarded to state machine */
+                            mWifiStateMachine.sendMessage(Message.obtain(msg));
+                        } else if (config == null
+                                && networkId != WifiConfiguration.INVALID_NETWORK_ID) {
+                            if (DBG) Slog.d(TAG, "Connect with networkId " + networkId);
+                            mWifiStateMachine.sendMessage(Message.obtain(msg));
+                        } else {
+                            Slog.e(TAG, "ClientHandler.handleMessage ignoring invalid msg=" + msg);
+                            replyFailed(msg, WifiManager.CONNECT_NETWORK_FAILED,
+                                    WifiManager.INVALID_ARGS);
+                        }
                     }
                     break;
                 }
                 case WifiManager.SAVE_NETWORK: {
-                    WifiConfiguration config = (WifiConfiguration) msg.obj;
-                    int networkId = msg.arg1;
-                    Slog.d("WiFiServiceImpl ", "SAVE"
-                            + " nid=" + Integer.toString(networkId)
-                            + " uid=" + msg.sendingUid
-                            + " name="
-                            + mContext.getPackageManager().getNameForUid(msg.sendingUid));
-                    if (config != null) {
-                        if (DBG) Slog.d(TAG, "Save network with config " + config);
-                        /* Command is forwarded to state machine */
-                        mWifiStateMachine.sendMessage(Message.obtain(msg));
-                    } else {
-                        Slog.e(TAG, "ClientHandler.handleMessage ignoring invalid msg=" + msg);
-                        replyFailed(msg, WifiManager.SAVE_NETWORK_FAILED,
-                                WifiManager.INVALID_ARGS);
+                    if (checkChangePermissionAndReplyIfNotAuthorized(
+                            msg, WifiManager.SAVE_NETWORK_FAILED)) {
+                        WifiConfiguration config = (WifiConfiguration) msg.obj;
+                        int networkId = msg.arg1;
+                        Slog.d(TAG, "SAVE"
+                                + " nid=" + Integer.toString(networkId)
+                                + " uid=" + msg.sendingUid
+                                + " name="
+                                + mContext.getPackageManager().getNameForUid(msg.sendingUid));
+                        if (config != null) {
+                            if (DBG) Slog.d(TAG, "Save network with config " + config);
+                            /* Command is forwarded to state machine */
+                            mWifiStateMachine.sendMessage(Message.obtain(msg));
+                        } else {
+                            Slog.e(TAG, "ClientHandler.handleMessage ignoring invalid msg=" + msg);
+                            replyFailed(msg, WifiManager.SAVE_NETWORK_FAILED,
+                                    WifiManager.INVALID_ARGS);
+                        }
                     }
                     break;
                 }
                 case WifiManager.FORGET_NETWORK:
-                    mWifiStateMachine.sendMessage(Message.obtain(msg));
+                    if (checkChangePermissionAndReplyIfNotAuthorized(
+                            msg, WifiManager.FORGET_NETWORK_FAILED)) {
+                        mWifiStateMachine.sendMessage(Message.obtain(msg));
+                    }
                     break;
                 case WifiManager.START_WPS:
+                    if (checkChangePermissionAndReplyIfNotAuthorized(msg, WifiManager.WPS_FAILED)) {
+                        mWifiStateMachine.sendMessage(Message.obtain(msg));
+                    }
+                    break;
                 case WifiManager.CANCEL_WPS:
+                    if (checkChangePermissionAndReplyIfNotAuthorized(
+                            msg, WifiManager.CANCEL_WPS_FAILED)) {
+                        mWifiStateMachine.sendMessage(Message.obtain(msg));
+                    }
+                    break;
                 case WifiManager.DISABLE_NETWORK:
+                    if (checkChangePermissionAndReplyIfNotAuthorized(
+                            msg, WifiManager.DISABLE_NETWORK_FAILED)) {
+                        mWifiStateMachine.sendMessage(Message.obtain(msg));
+                    }
+                    break;
                 case WifiManager.RSSI_PKTCNT_FETCH: {
-                    mWifiStateMachine.sendMessage(Message.obtain(msg));
+                    if (checkChangePermissionAndReplyIfNotAuthorized(
+                            msg, WifiManager.RSSI_PKTCNT_FETCH_FAILED)) {
+                        mWifiStateMachine.sendMessage(Message.obtain(msg));
+                    }
                     break;
                 }
                 default: {
@@ -320,6 +346,25 @@ public class WifiServiceImpl extends IWifiManager.Stub {
             }
         }
 
+        /**
+         * Helper method to check if the sender of the message holds the
+         * {@link Manifest.permission#CHANGE_WIFI_STATE} permission, and reply with a failure if it
+         * doesn't
+         *
+         * @param msg Incoming message.
+         * @param replyWhat Param to be filled in the {@link Message#what} field of the failure
+         *                  reply.
+         * @return true if the sender holds the permission, false otherwise.
+         */
+        private boolean checkChangePermissionAndReplyIfNotAuthorized(Message msg, int replyWhat) {
+            if (!mWifiPermissionsUtil.checkChangePermission(msg.sendingUid)) {
+                Slog.e(TAG, "ClientHandler.handleMessage ignoring unauthorized msg=" + msg);
+                replyFailed(msg, replyWhat, WifiManager.NOT_AUTHORIZED);
+                return false;
+            }
+            return true;
+        }
+
         private void replyFailed(Message msg, int what, int why) {
             if (msg.replyTo == null) return;
             Message reply = Message.obtain();
diff --git a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
index 90ec060d6..95529b140 100644
--- a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
+++ b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
@@ -76,6 +76,22 @@ public class WifiPermissionsUtil {
     }
 
     /**
+     * Checks if the app has the permission to change Wi-Fi network configuration or not.
+     *
+     * @param uid uid of the app.
+     * @return true if the app does have the permission, false otherwise.
+     */
+    public boolean checkChangePermission(int uid) {
+        try {
+            int permission = mWifiPermissionsWrapper.getChangeWifiConfigPermission(uid);
+            return (permission == PackageManager.PERMISSION_GRANTED);
+        } catch (RemoteException e) {
+            mLog.err("Error checking for permission: %").r(e.getMessage()).flush();
+            return false;
+        }
+    }
+
+    /**
      * Check and enforce tether change permission.
      *
      * @param context Context object of the caller.
diff --git a/service/java/com/android/server/wifi/util/WifiPermissionsWrapper.java b/service/java/com/android/server/wifi/util/WifiPermissionsWrapper.java
index 6ca2f0291..6fde01ee8 100644
--- a/service/java/com/android/server/wifi/util/WifiPermissionsWrapper.java
+++ b/service/java/com/android/server/wifi/util/WifiPermissionsWrapper.java
@@ -16,6 +16,7 @@
 
 package com.android.server.wifi.util;
 
+import android.Manifest;
 import android.app.ActivityManager;
 import android.app.AppGlobals;
 import android.app.admin.DevicePolicyManagerInternal;
@@ -95,4 +96,16 @@ public class WifiPermissionsWrapper {
         return AppGlobals.getPackageManager().checkUidPermission(
                 android.Manifest.permission.OVERRIDE_WIFI_CONFIG, uid);
     }
+
+    /**
+     * Determines if the caller has the change wifi config permission.
+     *
+     * @param uid to check the permission for
+     * @return int representation of success or denied
+     * @throws RemoteException
+     */
+    public int getChangeWifiConfigPermission(int uid) throws RemoteException {
+        return AppGlobals.getPackageManager().checkUidPermission(
+                Manifest.permission.CHANGE_WIFI_STATE, uid);
+    }
 }
author	TreeHugger Robot <treehugger-gerrit@google.com>	2017-07-12 19:31:44 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2017-07-12 19:31:44 +0000
commit	e8e6d8b116df0eec9ab44f2073ff3f6e80f3c008 (patch)
tree	05aca9e93a5820e2c3408e562a7360668a6b0927 /service
parent	94e6a40d256aa94f13b334c08cd1e60a92886da1 (diff)
parent	a082e33e3f96e2b8394ae42b89601cad3f28679c (diff)