diff options
6 files changed, 498 insertions, 22 deletions
diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java index b59a75e1f..55e681ab0 100644 --- a/service/java/com/android/server/wifi/WifiConfigManager.java +++ b/service/java/com/android/server/wifi/WifiConfigManager.java @@ -50,6 +50,7 @@ import com.android.server.LocalServices; import com.android.server.wifi.WifiConfigStoreLegacy.WifiConfigStoreDataLegacy; import com.android.server.wifi.util.ScanResultUtil; import com.android.server.wifi.util.TelephonyUtil; +import com.android.server.wifi.util.WifiPermissionsWrapper; import org.xmlpull.v1.XmlPullParserException; @@ -216,6 +217,7 @@ public class WifiConfigManager { private final WifiKeyStore mWifiKeyStore; private final WifiConfigStore mWifiConfigStore; private final WifiConfigStoreLegacy mWifiConfigStoreLegacy; + private final WifiPermissionsWrapper mWifiPermissionsWrapper; /** * Local log used for debugging any WifiConfigManager issues. */ @@ -285,7 +287,8 @@ public class WifiConfigManager { WifiConfigManager( Context context, FrameworkFacade facade, Clock clock, UserManager userManager, TelephonyManager telephonyManager, WifiKeyStore wifiKeyStore, - WifiConfigStore wifiConfigStore, WifiConfigStoreLegacy wifiConfigStoreLegacy) { + WifiConfigStore wifiConfigStore, WifiConfigStoreLegacy wifiConfigStoreLegacy, + WifiPermissionsWrapper wifiPermissionsWrapper) { mContext = context; mFacade = facade; mClock = clock; @@ -295,6 +298,7 @@ public class WifiConfigManager { mWifiKeyStore = wifiKeyStore; mWifiConfigStore = wifiConfigStore; mWifiConfigStoreLegacy = wifiConfigStoreLegacy; + mWifiPermissionsWrapper = wifiPermissionsWrapper; mConfiguredNetworks = new ConfigurationMap(userManager); mScanDetailCaches = new HashMap<>(16, 0.75f); @@ -899,6 +903,15 @@ public class WifiConfigManager { existingInternalConfig, config, uid); } + // Only add networks with proxy settings if the user has permission to + if (WifiConfigurationUtil.hasProxyChanged(existingInternalConfig, newInternalConfig) + && !canModifyProxySettings(uid)) { + Log.e(TAG, "UID " + uid + " does not have permission to modify proxy Settings " + + config.configKey() + ". Must have OVERRIDE_WIFI_CONFIG," + + " or be device or profile owner."); + return new NetworkUpdateResult(WifiConfiguration.INVALID_NETWORK_ID); + } + // Update the keys for non-Passpoint enterprise networks. For Passpoint, the certificates // and keys are installed at the time the provider is installed. if (config.enterpriseConfig != null @@ -2618,4 +2631,28 @@ public class WifiConfigManager { pw.println("WifiConfigManager - Next network ID to be allocated " + mNextNetworkId); pw.println("WifiConfigManager - Last selected network ID " + mLastSelectedNetworkId); } + + /** + * Returns true if the given uid has permission to add, update or remove proxy settings + */ + private boolean canModifyProxySettings(int uid) { + final DevicePolicyManagerInternal dpmi = + mWifiPermissionsWrapper.getDevicePolicyManagerInternal(); + final boolean isUidProfileOwner = dpmi != null && dpmi.isActiveAdminWithPolicy(uid, + DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); + final boolean isUidDeviceOwner = dpmi != null && dpmi.isActiveAdminWithPolicy(uid, + DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); + final boolean hasConfigOverridePermission = checkConfigOverridePermission(uid); + // If |uid| corresponds to the device owner, allow all modifications. + if (isUidDeviceOwner || isUidProfileOwner || hasConfigOverridePermission) { + return true; + } + if (mVerboseLoggingEnabled) { + Log.v(TAG, "UID: " + uid + " cannot modify WifiConfiguration proxy settings." + + " ConfigOverride=" + hasConfigOverridePermission + + " DeviceOwner=" + isUidDeviceOwner + + " ProfileOwner=" + isUidProfileOwner); + } + return false; + } } diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java index 29ff8fb5d..67f1faded 100644 --- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java +++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java @@ -18,7 +18,6 @@ package com.android.server.wifi; import android.content.pm.UserInfo; import android.net.IpConfiguration; -import android.net.ProxyInfo; import android.net.wifi.WifiConfiguration; import android.net.wifi.WifiEnterpriseConfig; import android.net.wifi.WifiScanner; @@ -139,23 +138,18 @@ public class WifiConfigurationUtil { * * @param existingConfig Existing WifiConfiguration object corresponding to the network. * @param newConfig New WifiConfiguration object corresponding to the network. - * @return true if proxy parameters have changed, false otherwise. + * @return true if proxy parameters have changed, false if no existing config and proxy settings + * are NONE, false otherwise. */ public static boolean hasProxyChanged(WifiConfiguration existingConfig, WifiConfiguration newConfig) { - if (existingConfig.getProxySettings() != newConfig.getProxySettings()) { - return true; + if (existingConfig == null) { + return newConfig.getProxySettings() != IpConfiguration.ProxySettings.NONE; } - if (newConfig.getProxySettings() == IpConfiguration.ProxySettings.PAC) { - ProxyInfo existingHttpProxy = existingConfig.getHttpProxy(); - ProxyInfo newHttpProxy = newConfig.getHttpProxy(); - if (existingHttpProxy != null) { - return !existingHttpProxy.equals(newHttpProxy); - } else { - return (newHttpProxy != null); - } + if (newConfig.getProxySettings() != existingConfig.getProxySettings()) { + return true; } - return false; + return !Objects.equals(existingConfig.getHttpProxy(), newConfig.getHttpProxy()); } /** diff --git a/service/java/com/android/server/wifi/WifiInjector.java b/service/java/com/android/server/wifi/WifiInjector.java index 902cc644a..1aa5ce837 100644 --- a/service/java/com/android/server/wifi/WifiInjector.java +++ b/service/java/com/android/server/wifi/WifiInjector.java @@ -121,6 +121,10 @@ public class WifiInjector { mContext = context; mUseRealLogger = mContext.getResources().getBoolean( R.bool.config_wifi_enable_wifi_firmware_debugging); + mSettingsStore = new WifiSettingsStore(mContext); + mWifiPermissionsWrapper = new WifiPermissionsWrapper(mContext); + mWifiPermissionsUtil = new WifiPermissionsUtil(mWifiPermissionsWrapper, mContext, + mSettingsStore, UserManager.get(mContext), new NetworkScorerAppManager(mContext)); // Now create and start handler threads mWifiServiceHandlerThread = new HandlerThread("WifiService"); @@ -156,7 +160,7 @@ public class WifiInjector { // Config Manager mWifiConfigManager = new WifiConfigManager(mContext, mFrameworkFacade, mClock, UserManager.get(mContext), TelephonyManager.from(mContext), - mWifiKeyStore, mWifiConfigStore, mWifiConfigStoreLegacy); + mWifiKeyStore, mWifiConfigStore, mWifiConfigStoreLegacy, mWifiPermissionsWrapper); mNetworkScoreManager = (NetworkScoreManager) mContext.getSystemService(Context.NETWORK_SCORE_SERVICE); mWifiNetworkScoreCache = new WifiNetworkScoreCache(mContext); @@ -178,7 +182,6 @@ public class WifiInjector { mWifiStateMachine = new WifiStateMachine(mContext, mFrameworkFacade, mWifiStateMachineHandlerThread.getLooper(), UserManager.get(mContext), this, mBackupManagerProxy, mCountryCode, mWifiNative); - mSettingsStore = new WifiSettingsStore(mContext); mCertManager = new WifiCertManager(mContext); mLockManager = new WifiLockManager(mContext, BatteryStatsService.getService()); mWifiController = new WifiController(mContext, mWifiStateMachine, mSettingsStore, @@ -186,9 +189,6 @@ public class WifiInjector { mWifiLastResortWatchdog = new WifiLastResortWatchdog(mWifiController, mWifiMetrics); mWifiMulticastLockManager = new WifiMulticastLockManager(mWifiStateMachine, BatteryStatsService.getService()); - mWifiPermissionsWrapper = new WifiPermissionsWrapper(mContext); - mWifiPermissionsUtil = new WifiPermissionsUtil(mWifiPermissionsWrapper, mContext, - mSettingsStore, UserManager.get(mContext), new NetworkScorerAppManager(mContext)); } /** diff --git a/service/java/com/android/server/wifi/util/WifiPermissionsWrapper.java b/service/java/com/android/server/wifi/util/WifiPermissionsWrapper.java index be10aefa4..72c439d47 100644 --- a/service/java/com/android/server/wifi/util/WifiPermissionsWrapper.java +++ b/service/java/com/android/server/wifi/util/WifiPermissionsWrapper.java @@ -17,9 +17,12 @@ package com.android.server.wifi.util; import android.app.ActivityManager; +import android.app.admin.DevicePolicyManagerInternal; import android.content.Context; import android.os.UserHandle; +import com.android.server.LocalServices; + import java.util.List; /** @@ -71,4 +74,11 @@ public class WifiPermissionsWrapper { public int getUidPermission(String permissionType, int uid) { return ActivityManager.checkUidPermission(permissionType, uid); } + + /** + * Gets the local service {link@ DevicePolicyManagerInternal}, can be null + */ + public DevicePolicyManagerInternal getDevicePolicyManagerInternal() { + return LocalServices.getService(DevicePolicyManagerInternal.class); + } } diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java index 752cbed4e..b289ed897 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java @@ -19,6 +19,8 @@ package com.android.server.wifi; import static org.junit.Assert.*; import static org.mockito.Mockito.*; +import android.app.admin.DeviceAdminInfo; +import android.app.admin.DevicePolicyManagerInternal; import android.app.test.MockAnswerUtil.AnswerWithArguments; import android.content.Context; import android.content.Intent; @@ -41,6 +43,7 @@ import android.text.TextUtils; import com.android.internal.R; import com.android.server.wifi.WifiConfigStoreLegacy.WifiConfigStoreDataLegacy; +import com.android.server.wifi.util.WifiPermissionsWrapper; import org.junit.After; import org.junit.Before; @@ -70,14 +73,24 @@ public class WifiConfigManagerTest { private static final long TEST_WALLCLOCK_UPDATE_TIME_MILLIS = 75455637; private static final long TEST_ELAPSED_UPDATE_NETWORK_SELECTION_TIME_MILLIS = 29457631; private static final int TEST_CREATOR_UID = WifiConfigurationTestUtil.TEST_UID; + private static final int TEST_NO_PERM_UID = 7; private static final int TEST_UPDATE_UID = 4; private static final int TEST_SYSUI_UID = 56; private static final int TEST_DEFAULT_USER = UserHandle.USER_SYSTEM; private static final int TEST_MAX_NUM_ACTIVE_CHANNELS_FOR_PARTIAL_SCAN = 5; private static final Integer[] TEST_FREQ_LIST = {2400, 2450, 5150, 5175, 5650}; - private static final String TEST_CREATOR_NAME = "com.wificonfigmanagerNew.creator"; - private static final String TEST_UPDATE_NAME = "com.wificonfigmanagerNew.update"; + private static final String TEST_CREATOR_NAME = "com.wificonfigmanager.creator"; + private static final String TEST_UPDATE_NAME = "com.wificonfigmanager.update"; + private static final String TEST_NO_PERM_NAME = "com.wificonfigmanager.noperm"; private static final String TEST_DEFAULT_GW_MAC_ADDRESS = "0f:67:ad:ef:09:34"; + private static final String TEST_STATIC_PROXY_HOST_1 = "192.168.48.1"; + private static final int TEST_STATIC_PROXY_PORT_1 = 8000; + private static final String TEST_STATIC_PROXY_EXCLUSION_LIST_1 = ""; + private static final String TEST_PAC_PROXY_LOCATION_1 = "http://bleh"; + private static final String TEST_STATIC_PROXY_HOST_2 = "192.168.1.1"; + private static final int TEST_STATIC_PROXY_PORT_2 = 3000; + private static final String TEST_STATIC_PROXY_EXCLUSION_LIST_2 = ""; + private static final String TEST_PAC_PROXY_LOCATION_2 = "http://blah"; @Mock private Context mContext; @Mock private FrameworkFacade mFrameworkFacade; @@ -88,6 +101,8 @@ public class WifiConfigManagerTest { @Mock private WifiConfigStore mWifiConfigStore; @Mock private WifiConfigStoreLegacy mWifiConfigStoreLegacy; @Mock private PackageManager mPackageManager; + @Mock private DevicePolicyManagerInternal mDevicePolicyManagerInternal; + @Mock private WifiPermissionsWrapper mWifiPermissionsWrapper; private MockResources mResources; private InOrder mContextConfigStoreMockOrder; @@ -125,6 +140,8 @@ public class WifiConfigManagerTest { return TEST_UPDATE_NAME; } else if (uid == TEST_SYSUI_UID) { return WifiConfigManager.SYSUI_PACKAGE_NAME; + } else if (uid == TEST_NO_PERM_UID) { + return TEST_NO_PERM_NAME; } fail("Unexpected UID: " + uid); return ""; @@ -157,6 +174,10 @@ public class WifiConfigManagerTest { when(mWifiConfigStore.areStoresPresent()).thenReturn(true); + when(mDevicePolicyManagerInternal.isActiveAdminWithPolicy(anyInt(), anyInt())) + .thenReturn(false); + when(mWifiPermissionsWrapper.getDevicePolicyManagerInternal()) + .thenReturn(mDevicePolicyManagerInternal); createWifiConfigManager(); } @@ -387,6 +408,11 @@ public class WifiConfigManagerTest { // are not set. verifyUpdateNetworkToWifiConfigManagerWithoutIpChange(openNetwork); + // Configure mock DevicePolicyManager to give Profile Owner permission so that we can modify + // proxy settings on a configuration + when(mDevicePolicyManagerInternal.isActiveAdminWithPolicy(anyInt(), + eq(DeviceAdminInfo.USES_POLICY_PROFILE_OWNER))).thenReturn(true); + // Change the IpConfiguration now and ensure that the IP configuration flags are set now. assertAndSetNetworkIpConfiguration( openNetwork, @@ -468,6 +494,11 @@ public class WifiConfigManagerTest { wepNetwork, WifiConfigurationTestUtil.createStaticIpConfigurationWithPacProxy()); + // Configure mock DevicePolicyManager to give Profile Owner permission so that we can modify + // proxy settings on a configuration + when(mDevicePolicyManagerInternal.isActiveAdminWithPolicy(anyInt(), + eq(DeviceAdminInfo.USES_POLICY_PROFILE_OWNER))).thenReturn(true); + verifyUpdateNetworkToWifiConfigManagerWithoutIpChange(openNetwork); verifyUpdateNetworkToWifiConfigManagerWithoutIpChange(pskNetwork); verifyUpdateNetworkToWifiConfigManagerWithIpChange(wepNetwork); @@ -2549,11 +2580,395 @@ public class WifiConfigManagerTest { networks, retrievedNetworks); } + /** + * Verifies that adding a network with a proxy, without having permission OVERRIDE_WIFI_CONFIG, + * holding device policy, or profile owner policy fails. + */ + @Test + public void testAddNetworkWithProxyFails() { + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + WifiConfigurationTestUtil.createDHCPIpConfigurationWithPacProxy(), + false, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + WifiConfigurationTestUtil.createDHCPIpConfigurationWithStaticProxy(), + false, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + } + + /** + * Verifies that adding a network with a PAC or STATIC proxy with permission + * OVERRIDE_WIFI_CONFIG is successful + */ + @Test + public void testAddNetworkWithProxyWithConfOverride() { + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + true, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + WifiConfigurationTestUtil.createDHCPIpConfigurationWithPacProxy(), + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + true, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + WifiConfigurationTestUtil.createDHCPIpConfigurationWithStaticProxy(), + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + } + + /** + * Verifies that adding a network with a PAC or STATIC proxy, while holding policy + * {@link DeviceAdminInfo.USES_POLICY_PROFILE_OWNER} is successful + */ + @Test + public void testAddNetworkWithProxyAsProfileOwner() { + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + true, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + WifiConfigurationTestUtil.createDHCPIpConfigurationWithPacProxy(), + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + true, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + WifiConfigurationTestUtil.createDHCPIpConfigurationWithStaticProxy(), + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + } + /** + * Verifies that adding a network with a PAC or STATIC proxy, while holding policy + * {@link DeviceAdminInfo.USES_POLICY_DEVICE_OWNER} is successful + */ + @Test + public void testAddNetworkWithProxyAsDeviceOwner() { + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + true, // withDeviceOwnerPolicy + WifiConfigurationTestUtil.createDHCPIpConfigurationWithPacProxy(), + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + true, // withDeviceOwnerPolicy + WifiConfigurationTestUtil.createDHCPIpConfigurationWithStaticProxy(), + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + } + /** + * Verifies that updating a network (that has no proxy) and adding a PAC or STATIC proxy fails + * without being able to override configs, or holding Device or Profile owner policies. + */ + @Test + public void testUpdateNetworkAddProxyFails() { + WifiConfiguration network = WifiConfigurationTestUtil.createOpenHiddenNetwork(); + NetworkUpdateResult result = verifyAddNetworkToWifiConfigManager(network); + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + WifiConfigurationTestUtil.createDHCPIpConfigurationWithPacProxy(), + false, // assertSuccess + result.getNetworkId()); // Update networkID + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + WifiConfigurationTestUtil.createDHCPIpConfigurationWithStaticProxy(), + false, // assertSuccess + result.getNetworkId()); // Update networkID + } + /** + * Verifies that updating a network and adding a proxy is successful in the cases where app can + * override configs, holds policy {@link DeviceAdminInfo.USES_POLICY_PROFILE_OWNER}, + * and holds policy {@link DeviceAdminInfo.USES_POLICY_DEVICE_OWNER}, and that it fails + * otherwise. + */ + @Test + public void testUpdateNetworkAddProxyWithPermissionAndSystem() { + // Testing updating network with uid permission OVERRIDE_WIFI_CONFIG + WifiConfiguration network = WifiConfigurationTestUtil.createOpenHiddenNetwork(); + NetworkUpdateResult result = + mWifiConfigManager.addOrUpdateNetwork(network, TEST_CREATOR_UID); + assertTrue(result.getNetworkId() != WifiConfiguration.INVALID_NETWORK_ID); + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + true, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + WifiConfigurationTestUtil.createDHCPIpConfigurationWithPacProxy(), + true, // assertSuccess + result.getNetworkId()); // Update networkID + + // Testing updating network with proxy while holding Profile Owner policy + network = WifiConfigurationTestUtil.createOpenHiddenNetwork(); + result = mWifiConfigManager.addOrUpdateNetwork(network, TEST_NO_PERM_UID); + assertTrue(result.getNetworkId() != WifiConfiguration.INVALID_NETWORK_ID); + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + true, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + WifiConfigurationTestUtil.createDHCPIpConfigurationWithPacProxy(), + true, // assertSuccess + result.getNetworkId()); // Update networkID + + // Testing updating network with proxy while holding Device Owner Policy + network = WifiConfigurationTestUtil.createOpenHiddenNetwork(); + result = mWifiConfigManager.addOrUpdateNetwork(network, TEST_NO_PERM_UID); + assertTrue(result.getNetworkId() != WifiConfiguration.INVALID_NETWORK_ID); + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + true, // withDeviceOwnerPolicy + WifiConfigurationTestUtil.createDHCPIpConfigurationWithPacProxy(), + true, // assertSuccess + result.getNetworkId()); // Update networkID + } + + /** + * Verifies that updating a network that has a proxy without changing the proxy, can succeed + * without proxy specific permissions. + */ + @Test + public void testUpdateNetworkUnchangedProxy() { + IpConfiguration ipConf = WifiConfigurationTestUtil.createDHCPIpConfigurationWithPacProxy(); + // First create a WifiConfiguration with proxy + NetworkUpdateResult result = verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + true, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf, + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + // Update the network while using the same ipConf, and no proxy specific permissions + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf, + true, // assertSuccess + result.getNetworkId()); // Update networkID + } + + /** + * Verifies that updating a network with a different proxy succeeds in the cases where app can + * override configs, holds policy {@link DeviceAdminInfo.USES_POLICY_PROFILE_OWNER}, + * and holds policy {@link DeviceAdminInfo.USES_POLICY_DEVICE_OWNER}, and that it fails + * otherwise. + */ + @Test + public void testUpdateNetworkDifferentProxy() { + // Create two proxy configurations of the same type, but different values + IpConfiguration ipConf1 = + WifiConfigurationTestUtil.createDHCPIpConfigurationWithSpecificProxy( + WifiConfigurationTestUtil.STATIC_PROXY_SETTING, + TEST_STATIC_PROXY_HOST_1, + TEST_STATIC_PROXY_PORT_1, + TEST_STATIC_PROXY_EXCLUSION_LIST_1, + TEST_PAC_PROXY_LOCATION_1); + IpConfiguration ipConf2 = + WifiConfigurationTestUtil.createDHCPIpConfigurationWithSpecificProxy( + WifiConfigurationTestUtil.STATIC_PROXY_SETTING, + TEST_STATIC_PROXY_HOST_2, + TEST_STATIC_PROXY_PORT_2, + TEST_STATIC_PROXY_EXCLUSION_LIST_2, + TEST_PAC_PROXY_LOCATION_2); + + // Update with Conf Override + NetworkUpdateResult result = verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + true, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf1, + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + true, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf2, + true, // assertSuccess + result.getNetworkId()); // Update networkID + + // Update as Device Owner + result = verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + true, // withDeviceOwnerPolicy + ipConf1, + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + true, // withDeviceOwnerPolicy + ipConf2, + true, // assertSuccess + result.getNetworkId()); // Update networkID + + // Update as Profile Owner + result = verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + true, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf1, + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + true, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf2, + true, // assertSuccess + result.getNetworkId()); // Update networkID + + // Update with no permissions (should fail) + result = verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + true, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf1, + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf2, + false, // assertSuccess + result.getNetworkId()); // Update networkID + } + /** + * Verifies that updating a network removing its proxy succeeds in the cases where app can + * override configs, holds policy {@link DeviceAdminInfo.USES_POLICY_PROFILE_OWNER}, + * and holds policy {@link DeviceAdminInfo.USES_POLICY_DEVICE_OWNER}, and that it fails + * otherwise. + */ + @Test + public void testUpdateNetworkRemoveProxy() { + // Create two different IP configurations, one with a proxy and another without. + IpConfiguration ipConf1 = + WifiConfigurationTestUtil.createDHCPIpConfigurationWithSpecificProxy( + WifiConfigurationTestUtil.STATIC_PROXY_SETTING, + TEST_STATIC_PROXY_HOST_1, + TEST_STATIC_PROXY_PORT_1, + TEST_STATIC_PROXY_EXCLUSION_LIST_1, + TEST_PAC_PROXY_LOCATION_1); + IpConfiguration ipConf2 = + WifiConfigurationTestUtil.createDHCPIpConfigurationWithSpecificProxy( + WifiConfigurationTestUtil.NONE_PROXY_SETTING, + TEST_STATIC_PROXY_HOST_2, + TEST_STATIC_PROXY_PORT_2, + TEST_STATIC_PROXY_EXCLUSION_LIST_2, + TEST_PAC_PROXY_LOCATION_2); + + // Update with Conf Override + NetworkUpdateResult result = verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + true, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf1, + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + true, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf2, + true, // assertSuccess + result.getNetworkId()); // Update networkID + + // Update as Device Owner + result = verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + true, // withDeviceOwnerPolicy + ipConf1, + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + true, // withDeviceOwnerPolicy + ipConf2, + true, // assertSuccess + result.getNetworkId()); // Update networkID + + // Update as Profile Owner + result = verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + true, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf1, + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + true, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf2, + true, // assertSuccess + result.getNetworkId()); // Update networkID + + // Update with no permissions (should fail) + result = verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + true, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf1, + true, // assertSuccess + WifiConfiguration.INVALID_NETWORK_ID); // Update networkID + verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + false, // withConfOverride + false, // withProfileOwnerPolicy + false, // withDeviceOwnerPolicy + ipConf2, + false, // assertSuccess + result.getNetworkId()); // Update networkID + } + + private NetworkUpdateResult verifyAddOrUpdateNetworkWithProxySettingsAndPermissions( + boolean withConfOverride, + boolean withProfileOwnerPolicy, + boolean withDeviceOwnerPolicy, + IpConfiguration ipConfiguration, + boolean assertSuccess, + int networkId) { + WifiConfiguration network; + if (networkId == WifiConfiguration.INVALID_NETWORK_ID) { + network = WifiConfigurationTestUtil.createOpenHiddenNetwork(); + } else { + network = mWifiConfigManager.getConfiguredNetwork(networkId); + } + network.setIpConfiguration(ipConfiguration); + when(mDevicePolicyManagerInternal.isActiveAdminWithPolicy(anyInt(), + eq(DeviceAdminInfo.USES_POLICY_PROFILE_OWNER))) + .thenReturn(withProfileOwnerPolicy); + when(mDevicePolicyManagerInternal.isActiveAdminWithPolicy(anyInt(), + eq(DeviceAdminInfo.USES_POLICY_DEVICE_OWNER))) + .thenReturn(withDeviceOwnerPolicy); + int uid = withConfOverride ? TEST_CREATOR_UID : TEST_NO_PERM_UID; + NetworkUpdateResult result = mWifiConfigManager.addOrUpdateNetwork(network, uid); + assertEquals(assertSuccess, result.getNetworkId() != WifiConfiguration.INVALID_NETWORK_ID); + return result; + } + private void createWifiConfigManager() { mWifiConfigManager = new WifiConfigManager( mContext, mFrameworkFacade, mClock, mUserManager, mTelephonyManager, - mWifiKeyStore, mWifiConfigStore, mWifiConfigStoreLegacy); + mWifiKeyStore, mWifiConfigStore, mWifiConfigStoreLegacy, + mWifiPermissionsWrapper); mWifiConfigManager.enableVerboseLogging(1); } diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java index 1db6aa99f..c0ad6f61b 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java @@ -333,6 +333,26 @@ public class WifiConfigurationTestUtil { TEST_PAC_PROXY_LOCATION); } + /** + * Creates an IP configuration with specific parameters. + * @param proxySetting Must be one of {@link WifiConfigurationTestUtil#STATIC_PROXY_SETTING}, + * {@link WifiConfigurationTestUtil#PAC_PROXY_SETTING}, + * {@link WifiConfigurationTestUtil#NONE_PROXY_SETTING} + */ + public static IpConfiguration createDHCPIpConfigurationWithSpecificProxy( + int proxySetting, + String staticProxyHost, + int staticProxyPort, + String staticProxyExclusionList, + String pacProxyLocation) { + return generateIpConfig( + DHCP_IP_ASSIGNMENT, proxySetting, + TEST_STATIC_IP_LINK_ADDRESS, TEST_STATIC_IP_LINK_PREFIX_LENGTH, + TEST_STATIC_IP_GATEWAY_ADDRESS, TEST_STATIC_IP_DNS_SERVER_ADDRESSES, + staticProxyHost, staticProxyPort, staticProxyExclusionList, + pacProxyLocation); + } + // TODO: These enterprise configurations may need more parameters set. public static WifiEnterpriseConfig createPEAPWifiEnterpriseConfigWithGTCPhase2() { WifiEnterpriseConfig config = new WifiEnterpriseConfig(); |