diff options
| -rw-r--r-- | service/java/com/android/server/wifi/WifiServiceImpl.java | 7 | ||||
| -rw-r--r-- | tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java | 41 |
2 files changed, 44 insertions, 4 deletions
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java index d32a579ac..7711e91c5 100644 --- a/service/java/com/android/server/wifi/WifiServiceImpl.java +++ b/service/java/com/android/server/wifi/WifiServiceImpl.java @@ -2511,8 +2511,7 @@ public class WifiServiceImpl extends IWifiManager.Stub { */ @Override public byte[] retrieveBackupData() { - enforceReadCredentialPermission(); - enforceAccessPermission(); + enforceNetworkSettingsPermission(); mLog.trace("retrieveBackupData uid=%").c(Binder.getCallingUid()).flush(); if (mWifiStateMachineChannel == null) { Slog.e(TAG, "mWifiStateMachineChannel is not initialized"); @@ -2557,7 +2556,7 @@ public class WifiServiceImpl extends IWifiManager.Stub { */ @Override public void restoreBackupData(byte[] data) { - enforceChangePermission(); + enforceNetworkSettingsPermission(); mLog.trace("restoreBackupData uid=%").c(Binder.getCallingUid()).flush(); if (mWifiStateMachineChannel == null) { Slog.e(TAG, "mWifiStateMachineChannel is not initialized"); @@ -2579,7 +2578,7 @@ public class WifiServiceImpl extends IWifiManager.Stub { * @param ipConfigData Raw byte stream of ipconfig.txt */ public void restoreSupplicantBackupData(byte[] supplicantData, byte[] ipConfigData) { - enforceChangePermission(); + enforceNetworkSettingsPermission(); mLog.trace("restoreSupplicantBackupData uid=%").c(Binder.getCallingUid()).flush(); if (mWifiStateMachineChannel == null) { Slog.e(TAG, "mWifiStateMachineChannel is not initialized"); diff --git a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java index 562143335..45ffa8c04 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java @@ -97,6 +97,7 @@ import org.mockito.Spy; import java.io.FileDescriptor; import java.io.PrintWriter; import java.io.StringWriter; +import java.util.List; /** * Unit tests for {@link WifiServiceImpl}. @@ -1503,4 +1504,44 @@ public class WifiServiceImplTest { verify(mWifiStateMachine).syncAddOrUpdatePasspointConfig(any(), any(PasspointConfiguration.class), anyInt()); } + + /** + * Verify that a call to {@link WifiServiceImpl#restoreBackupData(byte[])} is only allowed from + * callers with the signature only NETWORK_SETTINGS permission. + */ + @Test(expected = SecurityException.class) + public void testRestoreBackupDataNotApprovedCaller() { + doThrow(new SecurityException()).when(mContext) + .enforceCallingOrSelfPermission(eq(android.Manifest.permission.NETWORK_SETTINGS), + eq("WifiService")); + mWifiServiceImpl.restoreBackupData(null); + verify(mWifiBackupRestore, never()).retrieveConfigurationsFromBackupData(any(byte[].class)); + } + + /** + * Verify that a call to {@link WifiServiceImpl#restoreSupplicantBackupData(byte[], byte[])} is + * only allowed from callers with the signature only NETWORK_SETTINGS permission. + */ + @Test(expected = SecurityException.class) + public void testRestoreSupplicantBackupDataNotApprovedCaller() { + doThrow(new SecurityException()).when(mContext) + .enforceCallingOrSelfPermission(eq(android.Manifest.permission.NETWORK_SETTINGS), + eq("WifiService")); + mWifiServiceImpl.restoreSupplicantBackupData(null, null); + verify(mWifiBackupRestore, never()).retrieveConfigurationsFromSupplicantBackupData( + any(byte[].class), any(byte[].class)); + } + + /** + * Verify that a call to {@link WifiServiceImpl#retrieveBackupData()} is only allowed from + * callers with the signature only NETWORK_SETTINGS permission. + */ + @Test(expected = SecurityException.class) + public void testRetrieveBackupDataNotApprovedCaller() { + doThrow(new SecurityException()).when(mContext) + .enforceCallingOrSelfPermission(eq(android.Manifest.permission.NETWORK_SETTINGS), + eq("WifiService")); + mWifiServiceImpl.retrieveBackupData(); + verify(mWifiBackupRestore, never()).retrieveBackupDataFromConfigurations(any(List.class)); + } } |