WifiConfigManager: Ignore masked EAP passwords

Whenever an app retrieves one of the saved network configuration using the WifiManager API's, we mask out the |preSharedKey|, |wepKeys| and |enterpriseConfig.getPassword()| fields. These apps may however pass the same network configuration (with some changes) back to the framework via WifiManager.updateNetwork() or WifiManager.connect() API's. Since the current update API does not specify which field within the WifiConfiguration is modified, framework tries to copy over all the fields sent in thus overriding the real password with the masked value sent by the app. Ideally the apps should create a new WifiConfiguration with just the fields that they want to modify and send it via WifiManager.updateNetwork(). But, since this is a very common mistake we have some protection against this in the framework for the |preSharedKey| and |wepKeys|. But, we're missing this protection for the |enterpriseConfig.getPassword()| fields. Bug: 62893342 Test: Unit tests. Test: Manual test to ensure that masked password sent from settings is ignored. Test: Regression tests. Change-Id: I163c8c44b2717364aff88cb7ca1b2faa3aa6cce9
author: Roshan Pius <rpius@google.com> 2017-06-22 13:17:16 -0700
committer: Roshan Pius <rpius@google.com> 2017-06-22 15:52:39 -0700
commit: 327bd4253115abc757ebaf5f1bddd9f5ad2253e4 (patch)
tree: 0bc8aa5bfaa5272db708df40df2021bec1e5bd29 /tests
parent: 23216ca333dc411e6ce0829f777ca29992388443 (diff)
2 files changed, 45 insertions, 0 deletions
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
index e85686fa7..9fa67a000 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
@@ -1381,6 +1381,50 @@ public class WifiConfigManagerTest {
     }
 
     /**
+     * Verifies that if the app sends back the masked passwords in an update, we ignore it.
+     */
+    @Test
+    public void testUpdateIgnoresMaskedPasswords() {
+        WifiConfiguration someRandomNetworkWithAllMaskedFields =
+                WifiConfigurationTestUtil.createEapNetwork();
+        someRandomNetworkWithAllMaskedFields.wepKeys = WifiConfigurationTestUtil.TEST_WEP_KEYS;
+        someRandomNetworkWithAllMaskedFields.preSharedKey = WifiConfigurationTestUtil.TEST_PSK;
+        someRandomNetworkWithAllMaskedFields.enterpriseConfig.setPassword(
+                WifiConfigurationTestUtil.TEST_EAP_PASSWORD);
+
+        NetworkUpdateResult result =
+                verifyAddNetworkToWifiConfigManager(someRandomNetworkWithAllMaskedFields);
+
+        // All of these passwords must be masked in this retrieved network config.
+        WifiConfiguration retrievedNetworkWithMaskedPassword =
+                mWifiConfigManager.getConfiguredNetwork(result.getNetworkId());
+        assertPasswordsMaskedInWifiConfiguration(retrievedNetworkWithMaskedPassword);
+        // Ensure that the passwords are present internally.
+        WifiConfiguration retrievedNetworkWithPassword =
+                mWifiConfigManager.getConfiguredNetworkWithPassword(result.getNetworkId());
+        assertEquals(someRandomNetworkWithAllMaskedFields.preSharedKey,
+                retrievedNetworkWithPassword.preSharedKey);
+        assertEquals(someRandomNetworkWithAllMaskedFields.wepKeys,
+                retrievedNetworkWithPassword.wepKeys);
+        assertEquals(someRandomNetworkWithAllMaskedFields.enterpriseConfig.getPassword(),
+                retrievedNetworkWithPassword.enterpriseConfig.getPassword());
+
+        // Now update the same network config using the masked config.
+        verifyUpdateNetworkToWifiConfigManager(retrievedNetworkWithMaskedPassword);
+
+        // Retrieve the network config with password and ensure that they have not been overwritten
+        // with *.
+        retrievedNetworkWithPassword =
+                mWifiConfigManager.getConfiguredNetworkWithPassword(result.getNetworkId());
+        assertEquals(someRandomNetworkWithAllMaskedFields.preSharedKey,
+                retrievedNetworkWithPassword.preSharedKey);
+        assertEquals(someRandomNetworkWithAllMaskedFields.wepKeys,
+                retrievedNetworkWithPassword.wepKeys);
+        assertEquals(someRandomNetworkWithAllMaskedFields.enterpriseConfig.getPassword(),
+                retrievedNetworkWithPassword.enterpriseConfig.getPassword());
+    }
+
+    /**
      * Verifies the ordering of network list generated using
      * {@link WifiConfigManager#retrievePnoNetworkList()}.
      */
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java
index b53732a91..f7bf5b022 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java
@@ -65,6 +65,7 @@ public class WifiConfigurationTestUtil {
     public static final String[] TEST_WEP_KEYS =
             {"\"WifiConfigurationTestUtilWep1\"", "\"WifiConfigurationTestUtilWep2\"",
                     "45342312ab", "45342312ab45342312ab34ac12"};
+    public static final String TEST_EAP_PASSWORD = "WifiConfigurationTestUtilEapPassword";
     public static final int TEST_WEP_TX_KEY_INDEX = 1;
     public static final String TEST_FQDN = "WifiConfigurationTestUtilFQDN";
     public static final String TEST_PROVIDER_FRIENDLY_NAME =
author	Roshan Pius <rpius@google.com>	2017-06-22 13:17:16 -0700
committer	Roshan Pius <rpius@google.com>	2017-06-22 15:52:39 -0700
commit	327bd4253115abc757ebaf5f1bddd9f5ad2253e4 (patch)
tree	0bc8aa5bfaa5272db708df40df2021bec1e5bd29 /tests
parent	23216ca333dc411e6ce0829f777ca29992388443 (diff)