Limit access to the device's fixed 802.11 MAC address.

MAC addresses are device identifiers that persist across factory data reset, and which third party apps should not be allowed to access for the user's privacy. This change prevents access to the (non-randomized, physical) 802.11 MAC of the device through WifiP2pManager, by replacing it with the anonymized MAC (02:00:00:00:00:00) whenever it is sent to an app in userspace. If the requesting app holds the LOCAL_MAC_ADDRESS permission, the address is not erased. Bug: 132055766 Test: atest tests/wifitests/src/com/android/server/wifi/p2p Test: Call WifiP2pManager#requestDeviceInfo() / register a listener for the WIFI_P2P_THIS_DEVICE_CHANGED_ACTION from an app, observe that MAC address for own device is 02:00:00:00:00:00. Test: Run the Wi-Fi Direct demo at https://android.googlesource.com/platform/development/+/master/samples/WiFiDirectDemo, observe that discovery and connection still works. Change-Id: I5580764eb96874051045fec8b2cef0709291f50d
author: Bram Bonné <brambonne@google.com> 2019-04-15 10:36:30 +0200
committer: Bram Bonné <brambonne@google.com> 2019-05-06 13:55:37 +0000
commit: 6192d528888183b233f78977d2c974bbfb971d5f (patch)
tree: ea5da76d2688673b6cd1f940a47e2f733c562eba /tests
parent: 63dec560c331910d929f618add9e913601f2e675 (diff)
1 files changed, 46 insertions, 2 deletions
diff --git a/tests/wifitests/src/com/android/server/wifi/p2p/WifiP2pServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/p2p/WifiP2pServiceImplTest.java
index 742cdbbaa..24f021a95 100644
--- a/tests/wifitests/src/com/android/server/wifi/p2p/WifiP2pServiceImplTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/p2p/WifiP2pServiceImplTest.java
@@ -103,6 +103,7 @@ public class WifiP2pServiceImplTest {
     private static final long STATE_CHANGE_WAITING_TIME = 1000;
     private static final String thisDeviceMac = "11:22:33:44:55:66";
     private static final String thisDeviceName = "thisDeviceName";
+    private static final String ANONYMIZED_DEVICE_ADDRESS = "02:00:00:00:00:00";
 
     private ArgumentCaptor<HalDeviceManager.InterfaceAvailableForRequestListener>
             mAvailListenerCaptor = ArgumentCaptor.forClass(
@@ -652,7 +653,7 @@ public class WifiP2pServiceImplTest {
         assertEquals(WifiP2pManager.WIFI_P2P_THIS_DEVICE_CHANGED_ACTION, intent.getAction());
         assertEquals(Intent.FLAG_RECEIVER_REGISTERED_ONLY_BEFORE_BOOT, intent.getFlags());
         assertEquals(mTestThisDevice.deviceName, device.deviceName);
-        assertEquals(mTestThisDevice.deviceAddress, device.deviceAddress);
+        assertEquals(ANONYMIZED_DEVICE_ADDRESS, device.deviceAddress);
         assertEquals(mTestThisDevice.primaryDeviceType, device.primaryDeviceType);
         assertEquals(mTestThisDevice.secondaryDeviceType, device.secondaryDeviceType);
         assertEquals(mTestThisDevice.wpsConfigMethodsSupported, device.wpsConfigMethodsSupported);
@@ -1432,8 +1433,10 @@ public class WifiP2pServiceImplTest {
      */
     @Test
     public void testRequestGroupInfoSuccess() throws Exception {
+        mTestWifiP2pGroup.setOwner(mTestThisDevice);
         forceP2pEnabled(mClient1);
         sendGroupStartedMsg(mTestWifiP2pGroup);
+        when(mWifiPermissionsUtil.checkLocalMacAddressPermission(anyInt())).thenReturn(false);
         when(mWifiPermissionsUtil.checkCanAccessWifiDirect(anyString(), anyInt())).thenReturn(true);
         sendChannelInfoUpdateMsg("testPkg1", mClient1, mClientMessenger);
         sendRequestGroupInfoMsg(mClientMessenger);
@@ -1441,6 +1444,27 @@ public class WifiP2pServiceImplTest {
         assertEquals(WifiP2pManager.RESPONSE_GROUP_INFO, mMessageCaptor.getValue().what);
         WifiP2pGroup wifiP2pGroup = (WifiP2pGroup) mMessageCaptor.getValue().obj;
         assertEquals(mTestWifiP2pGroup.getNetworkName(), wifiP2pGroup.getNetworkName());
+        // Ensure that our own MAC address is anonymized if we're the group owner.
+        assertEquals(ANONYMIZED_DEVICE_ADDRESS, wifiP2pGroup.getOwner().deviceAddress);
+    }
+
+    /**
+     * Verify WifiP2pManager.RESPONSE_GROUP_INFO does not anonymize this device's MAC address when
+     * requested by an app with the LOCAL_MAC_ADDRESS permission.
+     */
+    @Test
+    public void testRequestGroupInfoIncludesMacForNetworkSettingsApp() throws Exception {
+        mTestWifiP2pGroup.setOwner(mTestThisDevice);
+        forceP2pEnabled(mClient1);
+        sendGroupStartedMsg(mTestWifiP2pGroup);
+        when(mWifiPermissionsUtil.checkLocalMacAddressPermission(anyInt())).thenReturn(true);
+        when(mWifiPermissionsUtil.checkCanAccessWifiDirect(anyString(), anyInt())).thenReturn(true);
+        sendChannelInfoUpdateMsg("testPkg1", mClient1, mClientMessenger);
+        sendRequestGroupInfoMsg(mClientMessenger);
+        verify(mClientHandler).sendMessage(mMessageCaptor.capture());
+        assertEquals(WifiP2pManager.RESPONSE_GROUP_INFO, mMessageCaptor.getValue().what);
+        WifiP2pGroup wifiP2pGroup = (WifiP2pGroup) mMessageCaptor.getValue().obj;
+        assertEquals(thisDeviceMac, wifiP2pGroup.getOwner().deviceAddress);
     }
 
     /**
@@ -2030,7 +2054,7 @@ public class WifiP2pServiceImplTest {
         verify(mClientHandler).sendMessage(mMessageCaptor.capture());
         assertEquals(WifiP2pManager.RESPONSE_DEVICE_INFO, mMessageCaptor.getValue().what);
         WifiP2pDevice wifiP2pDevice = (WifiP2pDevice) mMessageCaptor.getValue().obj;
-        assertEquals(thisDeviceMac, wifiP2pDevice.deviceAddress);
+        assertEquals(ANONYMIZED_DEVICE_ADDRESS, wifiP2pDevice.deviceAddress);
         assertEquals(thisDeviceName, wifiP2pDevice.deviceName);
     }
 
@@ -2051,6 +2075,24 @@ public class WifiP2pServiceImplTest {
     }
 
     /**
+     * Verify WifiP2pManager.RESPONSE_DEVICE_INFO returns an object with the actual device MAC when
+     * the caller holds the LOCAL_MAC_ADDRESS permission.
+     */
+    @Test
+    public void testRequestDeviceInfoReturnsActualMacForNetworkSettingsApp() throws Exception {
+        forceP2pEnabled(mClient1);
+        when(mWifiPermissionsUtil.checkLocalMacAddressPermission(anyInt())).thenReturn(true);
+        when(mWifiPermissionsUtil.checkCanAccessWifiDirect(anyString(), anyInt())).thenReturn(true);
+        sendChannelInfoUpdateMsg("testPkg1", mClient1, mClientMessenger);
+        sendSimpleMsg(mClientMessenger, WifiP2pManager.REQUEST_DEVICE_INFO);
+        verify(mClientHandler).sendMessage(mMessageCaptor.capture());
+        assertEquals(WifiP2pManager.RESPONSE_DEVICE_INFO, mMessageCaptor.getValue().what);
+        WifiP2pDevice wifiP2pDevice = (WifiP2pDevice) mMessageCaptor.getValue().obj;
+        assertEquals(thisDeviceMac, wifiP2pDevice.deviceAddress);
+        assertEquals(thisDeviceName, wifiP2pDevice.deviceName);
+    }
+
+    /**
      * Verify the caller sends WifiP2pManager.STOP_DISCOVERY.
      */
     @Test
@@ -3196,6 +3238,8 @@ public class WifiP2pServiceImplTest {
      */
     @Test
     public void testRequestPersistentGroupInfoSuccess() throws Exception {
+        // Ensure our own MAC address is not anonymized in the result
+        when(mWifiPermissionsUtil.checkLocalMacAddressPermission(anyInt())).thenReturn(true);
         forceP2pEnabled(mClient1);
 
         sendSimpleMsg(mClientMessenger, WifiP2pManager.REQUEST_PERSISTENT_GROUP_INFO);
author	Bram Bonné <brambonne@google.com>	2019-04-15 10:36:30 +0200
committer	Bram Bonné <brambonne@google.com>	2019-05-06 13:55:37 +0000
commit	6192d528888183b233f78977d2c974bbfb971d5f (patch)
tree	ea5da76d2688673b6cd1f940a47e2f733c562eba /tests
parent	63dec560c331910d929f618add9e913601f2e675 (diff)