From dfdf77373982a9b3da32784b3705ef713f4fd2c8 Mon Sep 17 00:00:00 2001
From: lesl <lesl@google.com>
Date: Mon, 22 Jun 2020 12:51:42 +0800
Subject: wifi:  Use overlay to control reset SAP configration during restoring

The AOSP setting(UI) doesn't support several SAP configration.
ex: Channel selection, hidden network option, autoShutDown timer
selection etc...

Once those UI depends features config are restored from cloud.
It will causes User use wrong config and it can't modify anymore.

Bug: 159572880
Bug: 159325231
Test: atest FrameworksWifiTests
Change-Id: I7a6bf855fbb08a4808af5f166e5354f4bf67e4cd
---
 .../com/android/server/wifi/WifiApConfigStore.java | 77 +++++++++++++-----
 service/res/values/config.xml                      | 15 +++-
 service/res/values/overlayable.xml                 |  4 +
 .../android/server/wifi/WifiApConfigStoreTest.java | 94 +++++++++++++++++++---
 4 files changed, 157 insertions(+), 33 deletions(-)

diff --git a/service/java/com/android/server/wifi/WifiApConfigStore.java b/service/java/com/android/server/wifi/WifiApConfigStore.java
index 961cbbd3b..eb2b11245 100644
--- a/service/java/com/android/server/wifi/WifiApConfigStore.java
+++ b/service/java/com/android/server/wifi/WifiApConfigStore.java
@@ -153,10 +153,13 @@ public class WifiApConfigStore {
 
     /**
      * Returns SoftApConfiguration in which some parameters might be reset to supported default
-     * config.
+     * config since it depends on UI or HW.
      *
-     * MaxNumberOfClients and setClientControlByUserEnabled will need HAL support client force
-     * disconnect. Reset to default when device doesn't support it.
+     * MaxNumberOfClients and isClientControlByUserEnabled will need HAL support client force
+     * disconnect, and Band setting (5g/6g) need HW support.
+     *
+     * HiddenSsid, Channel, ShutdownTimeoutMillis and AutoShutdownEnabled are features
+     * which need UI(Setting) support.
      *
      * SAE/SAE-Transition need hardware support, reset to secured WPA2 security type when device
      * doesn't support it.
@@ -164,15 +167,20 @@ public class WifiApConfigStore {
     public SoftApConfiguration resetToDefaultForUnsupportedConfig(
             @NonNull SoftApConfiguration config) {
         SoftApConfiguration.Builder configBuilder = new SoftApConfiguration.Builder(config);
-        if (!ApConfigUtil.isClientForceDisconnectSupported(mContext)) {
-            configBuilder.setMaxNumberOfClients(0);
+        if ((!ApConfigUtil.isClientForceDisconnectSupported(mContext)
+                || mContext.getResources().getBoolean(
+                R.bool.config_wifiSoftapResetUserControlConfig))
+                && config.isClientControlByUserEnabled()) {
             configBuilder.setClientControlByUserEnabled(false);
-            if (config.getMaxNumberOfClients() != 0) {
-                Log.e(TAG, "Reset MaxNumberOfClients to 0 due to device doesn't support");
-            }
-            if (config.isClientControlByUserEnabled()) {
-                Log.e(TAG, "Reset ClientControlByUser to false due to device doesn't support");
-            }
+            Log.i(TAG, "Reset ClientControlByUser to false due to device doesn't support");
+        }
+
+        if ((!ApConfigUtil.isClientForceDisconnectSupported(mContext)
+                || mContext.getResources().getBoolean(
+                R.bool.config_wifiSoftapResetMaxClientSettingConfig))
+                && config.getMaxNumberOfClients() != 0) {
+            configBuilder.setMaxNumberOfClients(0);
+            Log.i(TAG, "Reset MaxNumberOfClients to 0 due to device doesn't support");
         }
 
         if (!ApConfigUtil.isWpa3SaeSupported(mContext) && (config.getSecurityType()
@@ -181,18 +189,51 @@ public class WifiApConfigStore {
                 == SoftApConfiguration.SECURITY_TYPE_WPA3_SAE_TRANSITION)) {
             configBuilder.setPassphrase(generatePassword(),
                     SoftApConfiguration.SECURITY_TYPE_WPA2_PSK);
-            Log.e(TAG, "Device doesn't support WPA3-SAE, reset config to WPA2");
+            Log.i(TAG, "Device doesn't support WPA3-SAE, reset config to WPA2");
         }
 
-        if (mContext.getResources().getBoolean(R.bool.config_wifiSoftapResetChannelConfig)) {
+        if (mContext.getResources().getBoolean(R.bool.config_wifiSoftapResetChannelConfig)
+                && config.getChannel() != 0) {
             // The device might not support customize channel or forced channel might not
             // work in some countries. Need to reset it.
-            if (config.getChannel() != 0) {
-                // Add 2.4G by default
-                configBuilder.setBand(SoftApConfiguration.BAND_2GHZ | config.getBand());
-                Log.i(TAG, "Reset SAP channel configuration");
-            }
+            // Add 2.4G by default
+            configBuilder.setBand(config.getBand() | SoftApConfiguration.BAND_2GHZ);
+            Log.i(TAG, "Reset SAP channel configuration");
+        }
+
+        int newBand = config.getBand();
+        if (!mContext.getResources().getBoolean(R.bool.config_wifi6ghzSupport)
+                && (newBand & SoftApConfiguration.BAND_6GHZ) != 0) {
+            newBand &= ~SoftApConfiguration.BAND_6GHZ;
+            Log.i(TAG, "Device doesn't support 6g, remove 6G band from band setting");
         }
+
+        if (!mContext.getResources().getBoolean(R.bool.config_wifi5ghzSupport)
+                && (newBand & SoftApConfiguration.BAND_5GHZ) != 0) {
+            newBand &= ~SoftApConfiguration.BAND_5GHZ;
+            Log.i(TAG, "Device doesn't support 5g, remove 5G band from band setting");
+        }
+
+        if (newBand != config.getBand()) {
+            // Always added 2.4G by default when reset the band.
+            Log.i(TAG, "Reset band from " + config.getBand() + " to "
+                    + (newBand | SoftApConfiguration.BAND_2GHZ));
+            configBuilder.setBand(newBand | SoftApConfiguration.BAND_2GHZ);
+        }
+
+        if (mContext.getResources().getBoolean(R.bool.config_wifiSoftapResetHiddenConfig)
+                && config.isHiddenSsid()) {
+            configBuilder.setHiddenSsid(false);
+            Log.i(TAG, "Reset SAP Hidden Network configuration");
+        }
+
+        if (mContext.getResources().getBoolean(
+                R.bool.config_wifiSoftapResetAutoShutdownTimerConfig)
+                && config.getShutdownTimeoutMillis() != 0) {
+            configBuilder.setShutdownTimeoutMillis(0);
+            Log.i(TAG, "Reset SAP auto shutdown configuration");
+        }
+
         mWifiMetrics.noteSoftApConfigReset(config, configBuilder.build());
         return configBuilder.build();
     }
diff --git a/service/res/values/config.xml b/service/res/values/config.xml
index 7e35eed19..4ea23adc0 100644
--- a/service/res/values/config.xml
+++ b/service/res/values/config.xml
@@ -133,13 +133,24 @@
          are no connected devices. -->
     <integer translatable="false" name="config_wifiFrameworkSoftApShutDownTimeoutMilliseconds">600000</integer>
 
-
     <!-- Integer indicating maximum hardware supported client number of soft ap -->
     <integer translatable="false" name="config_wifiHardwareSoftapMaxClientCount">16</integer>
 
-    <!-- boolean indicating whether reset channel configuration or not during cloud configuration restore -->
+    <!-- boolean indicating whether or not to reset channel configuration during cloud configuration restore -->
     <bool translatable="false" name ="config_wifiSoftapResetChannelConfig">true</bool>
 
+    <!-- boolean indicating whether or not to reset hiddenSsid configuration during cloud configuration restore -->
+    <bool translatable="false" name ="config_wifiSoftapResetHiddenConfig">true</bool>
+
+    <!-- boolean indicating whether or not to reset user control configuration during cloud configuration restore -->
+    <bool translatable="false" name ="config_wifiSoftapResetUserControlConfig">true</bool>
+
+    <!-- boolean indicating whether or not to reset auto shotdown configuration during cloud configuration restore -->
+    <bool translatable="false" name ="config_wifiSoftapResetAutoShutdownTimerConfig">true</bool>
+
+    <!-- boolean indicating whether or not to reset max client setting configuration during cloud configuration restore -->
+    <bool translatable="false" name ="config_wifiSoftapResetMaxClientSettingConfig">true</bool>
+
     <!-- List of allowed channels in 2GHz band for softap. If the device doesn't want to restrict
          channels this should be empty. Values is a comma separated channel string and/or channel
          range string like '1-6,11'. -->
diff --git a/service/res/values/overlayable.xml b/service/res/values/overlayable.xml
index bf96fde62..b02eb9e77 100644
--- a/service/res/values/overlayable.xml
+++ b/service/res/values/overlayable.xml
@@ -58,6 +58,10 @@
           <item type="integer" name="config_wifiFrameworkScoreGoodRssiThreshold6ghz" />
           <item type="integer" name="config_wifiFrameworkSoftApShutDownTimeoutMilliseconds" />
           <item type="bool" name="config_wifiSoftapResetChannelConfig" />
+          <item type="bool" name="config_wifiSoftapResetHiddenConfig" />
+          <item type="bool" name="config_wifiSoftapResetUserControlConfig" />
+          <item type="bool" name="config_wifiSoftapResetAutoShutdownTimerConfig" />
+          <item type="bool" name="config_wifiSoftapResetMaxClientSettingConfig" />
           <item type="string"  name="config_wifiSoftap2gChannelList" />
           <item type="string"  name="config_wifiSoftap5gChannelList" />
           <item type="string"  name="config_wifiSoftap6gChannelList" />
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiApConfigStoreTest.java b/tests/wifitests/src/com/android/server/wifi/WifiApConfigStoreTest.java
index bc646c1eb..d19a4f002 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiApConfigStoreTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiApConfigStoreTest.java
@@ -659,24 +659,92 @@ public class WifiApConfigStoreTest extends WifiBaseTest {
 
     @Test
     public void testResetToDefaultForUnsupportedConfig() throws Exception {
-        mResources.setBoolean(R.bool.config_wifiSofapClientForceDisconnectSupported, false);
-        mResources.setBoolean(R.bool.config_wifi_softap_sae_supported, false);
-        mResources.setBoolean(R.bool.config_wifiSoftapResetChannelConfig, true);
-        SoftApConfiguration sae_config = new SoftApConfiguration.Builder()
-                .setPassphrase("secretsecret", SoftApConfiguration.SECURITY_TYPE_WPA3_SAE)
-                .setMaxNumberOfClients(10)
-                .setClientControlByUserEnabled(true)
-                .setChannel(149, SoftApConfiguration.BAND_5GHZ)
-                .build();
+        mResources.setBoolean(R.bool.config_wifiSofapClientForceDisconnectSupported, true);
+        mResources.setBoolean(R.bool.config_wifi_softap_sae_supported, true);
+        mResources.setBoolean(R.bool.config_wifi6ghzSupport, true);
+        mResources.setBoolean(R.bool.config_wifi5ghzSupport, true);
+
+        // Test all of the features support and all of the reset config are false.
+        String testPassphrase = "secretsecret";
+        SoftApConfiguration.Builder configBuilder = new SoftApConfiguration.Builder();
+        configBuilder.setPassphrase(testPassphrase, SoftApConfiguration.SECURITY_TYPE_WPA3_SAE);
         WifiApConfigStore store = createWifiApConfigStore();
+        SoftApConfiguration resetedConfig = store.resetToDefaultForUnsupportedConfig(
+                configBuilder.build());
+        assertEquals(resetedConfig, configBuilder.build());
 
-        SoftApConfiguration resetedConfig = store.resetToDefaultForUnsupportedConfig(sae_config);
-        assertEquals(resetedConfig.getMaxNumberOfClients(), 0);
-        assertFalse(resetedConfig.isClientControlByUserEnabled());
+        verify(mWifiMetrics).noteSoftApConfigReset(configBuilder.build(), resetedConfig);
+
+        // Test SAE not support case.
+        mResources.setBoolean(R.bool.config_wifi_softap_sae_supported, false);
+        resetedConfig = store.resetToDefaultForUnsupportedConfig(configBuilder.build());
+        assertEquals(resetedConfig.getSecurityType(), SoftApConfiguration.SECURITY_TYPE_WPA2_PSK);
+        // Test force channel
+        configBuilder.setChannel(149, SoftApConfiguration.BAND_5GHZ);
+        mResources.setBoolean(
+                R.bool.config_wifiSoftapResetChannelConfig, true);
+        resetedConfig = store.resetToDefaultForUnsupportedConfig(configBuilder.build());
         assertEquals(resetedConfig.getChannel(), 0);
         assertEquals(resetedConfig.getBand(),
                 SoftApConfiguration.BAND_2GHZ | SoftApConfiguration.BAND_5GHZ);
-        verify(mWifiMetrics).noteSoftApConfigReset(sae_config, resetedConfig);
+
+        // Test forced channel band doesn't support.
+        mResources.setBoolean(R.bool.config_wifi5ghzSupport, false);
+        resetedConfig = store.resetToDefaultForUnsupportedConfig(configBuilder.build());
+        assertEquals(resetedConfig.getChannel(), 0);
+        assertEquals(resetedConfig.getBand(),
+                SoftApConfiguration.BAND_2GHZ);
+
+        // Test band not support with auto channel
+        configBuilder.setBand(SoftApConfiguration.BAND_5GHZ);
+        resetedConfig = store.resetToDefaultForUnsupportedConfig(configBuilder.build());
+        assertEquals(resetedConfig.getBand(), SoftApConfiguration.BAND_2GHZ);
+
+        // Test reset hidden network
+        mResources.setBoolean(
+                R.bool.config_wifiSoftapResetHiddenConfig, true);
+        configBuilder.setHiddenSsid(true);
+        resetedConfig = store.resetToDefaultForUnsupportedConfig(configBuilder.build());
+        assertFalse(resetedConfig.isHiddenSsid());
+
+        // Test auto shutdown timer
+        mResources.setBoolean(
+                R.bool.config_wifiSoftapResetAutoShutdownTimerConfig, true);
+        configBuilder.setShutdownTimeoutMillis(8888);
+        resetedConfig = store.resetToDefaultForUnsupportedConfig(configBuilder.build());
+        assertEquals(resetedConfig.getShutdownTimeoutMillis(), 0);
+
+        // Test max client setting when force client disconnect doesn't support
+        mResources.setBoolean(R.bool.config_wifiSofapClientForceDisconnectSupported, false);
+        configBuilder.setMaxNumberOfClients(10);
+        resetedConfig = store.resetToDefaultForUnsupportedConfig(configBuilder.build());
+        assertEquals(resetedConfig.getMaxNumberOfClients(), 0);
+
+        // Test client control setting when force client disconnect doesn't support
+        mResources.setBoolean(R.bool.config_wifiSofapClientForceDisconnectSupported, false);
+        ArrayList<MacAddress> blockedClientList = new ArrayList<>();
+        blockedClientList.add(MacAddress.fromString("11:22:33:44:55:66"));
+        configBuilder.setBlockedClientList(blockedClientList);
+
+        configBuilder.setClientControlByUserEnabled(true);
+        resetedConfig = store.resetToDefaultForUnsupportedConfig(configBuilder.build());
+        assertFalse(resetedConfig.isClientControlByUserEnabled());
+        // The blocked list still keep
+        assertEquals(resetedConfig.getBlockedClientList(), blockedClientList);
+
+        // Test max client setting when reset enabled but force client disconnect supported
+        mResources.setBoolean(R.bool.config_wifiSofapClientForceDisconnectSupported, true);
+        mResources.setBoolean(
+                R.bool.config_wifiSoftapResetMaxClientSettingConfig, true);
+        assertEquals(resetedConfig.getMaxNumberOfClients(), 0);
+
+        // Test client control setting when reset enabled but force client disconnect supported
+        mResources.setBoolean(R.bool.config_wifiSofapClientForceDisconnectSupported, true);
+        mResources.setBoolean(
+                R.bool.config_wifiSoftapResetUserControlConfig, true);
+        resetedConfig = store.resetToDefaultForUnsupportedConfig(configBuilder.build());
+        assertFalse(resetedConfig.isClientControlByUserEnabled());
+        assertEquals(resetedConfig.getBlockedClientList(), blockedClientList);
     }
 
     /**
-- 
cgit v1.2.3


From e81be4c68c3d0bd693dc42220a95f61aa01ba559 Mon Sep 17 00:00:00 2001
From: lesl <lesl@google.com>
Date: Mon, 22 Jun 2020 16:22:44 +0800
Subject: wifi: Support blocked list when ClientControlEnabled is false

Control whether framework should disconnect a new/unknown client(MAC)
initially or not based on the ClientControlEnabled flag.

ClientControlEnabled (false) -> New/unknown Clients will be allowed
to connect initially i.e. framework will not blindly disconnect a new client.
Framework will instead only provide a callback notification
about new client connection.

Clients would be disconnected only after user action
i.e. user decides to adds the new client to Blocklist
This avoids unnecessarily client disconnect in the case user
chooses *not* to add client to Blocklist.

ClientControlEnabled (true) -> New/unknown Clients will *not* be allowed
to connect initially until user approval
i.e. framework will disconnect the new client and provide callback
notification about new client connection.
Clients would be allowed (next attempt) only after user/setting
approves the new client to be added to "allow list".

Impact:
No impact for ClientControlEnabled is enable.
No impact for non-supported client control feature device because it
will check overlay config: OFTAP_FEATURE_CLIENT_FORCE_DISCONNECT,
i.e. No impact with Pixel.

Bug: 159582750
Test: atest FrameworksWifiTests
Change-Id: I1c8fdbcdbacfb1bca418584bf7480192dc0a9951
---
 .../com/android/server/wifi/SoftApManager.java     | 44 +++++------
 .../com/android/server/wifi/WifiApConfigStore.java |  5 +-
 .../com/android/server/wifi/util/ApConfigUtil.java |  3 +-
 .../com/android/server/wifi/SoftApManagerTest.java | 86 ++++++++++++++++++++++
 .../android/server/wifi/WifiApConfigStoreTest.java | 21 +++++-
 5 files changed, 133 insertions(+), 26 deletions(-)

diff --git a/service/java/com/android/server/wifi/SoftApManager.java b/service/java/com/android/server/wifi/SoftApManager.java
index f9720477b..ffbb388cc 100644
--- a/service/java/com/android/server/wifi/SoftApManager.java
+++ b/service/java/com/android/server/wifi/SoftApManager.java
@@ -469,12 +469,17 @@ public class SoftApManager implements ActiveModeManager {
             return true;
         }
 
+        if (mBlockedClientList.contains(newClient.getMacAddress())) {
+            Log.d(TAG, "Force disconnect for client: " + newClient + "in blocked list");
+            mWifiNative.forceClientDisconnect(
+                    mApInterfaceName, newClient.getMacAddress(),
+                    WifiManager.SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
+            return false;
+        }
         if (config.isClientControlByUserEnabled()
                 && !mAllowedClientList.contains(newClient.getMacAddress())) {
-            if (!mBlockedClientList.contains(newClient.getMacAddress())) {
-                mSoftApCallback.onBlockedClientConnecting(newClient,
-                        WifiManager.SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
-            }
+            mSoftApCallback.onBlockedClientConnecting(newClient,
+                    WifiManager.SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
             Log.d(TAG, "Force disconnect for unauthorized client: " + newClient);
             mWifiNative.forceClientDisconnect(
                     mApInterfaceName, newClient.getMacAddress(),
@@ -667,25 +672,22 @@ public class SoftApManager implements ActiveModeManager {
                 }
                 int targetDisconnectClientNumber = mConnectedClients.size() - finalMaxClientCount;
                 List<WifiClient> allowedConnectedList = new ArrayList<>();
-                if (mApConfig.getSoftApConfiguration().isClientControlByUserEnabled()) {
-                    // Check allow list first
-                    Iterator<WifiClient> iterator = mConnectedClients.iterator();
-                    while (iterator.hasNext()) {
-                        WifiClient client = iterator.next();
-                        if (mAllowedClientList.contains(client.getMacAddress())) {
-                            allowedConnectedList.add(client);
-                        } else {
-                            Log.d(TAG, "Force disconnect for not allowed client: " + client);
-                            mWifiNative.forceClientDisconnect(
-                                    mApInterfaceName, client.getMacAddress(),
-                                    WifiManager
-                                    .SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
-                            targetDisconnectClientNumber--;
-                        }
+                Iterator<WifiClient> iterator = mConnectedClients.iterator();
+                while (iterator.hasNext()) {
+                    WifiClient client = iterator.next();
+                    if (mBlockedClientList.contains(client.getMacAddress())
+                              || (mApConfig.getSoftApConfiguration().isClientControlByUserEnabled()
+                              && !mAllowedClientList.contains(client.getMacAddress()))) {
+                        Log.d(TAG, "Force disconnect for not allowed client: " + client);
+                        mWifiNative.forceClientDisconnect(
+                                mApInterfaceName, client.getMacAddress(),
+                                WifiManager.SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
+                        targetDisconnectClientNumber--;
+                    } else {
+                        allowedConnectedList.add(client);
                     }
-                } else {
-                    allowedConnectedList = new ArrayList<>(mConnectedClients);
                 }
+
                 if (targetDisconnectClientNumber > 0) {
                     Iterator<WifiClient> allowedClientIterator = allowedConnectedList.iterator();
                     while (allowedClientIterator.hasNext()) {
diff --git a/service/java/com/android/server/wifi/WifiApConfigStore.java b/service/java/com/android/server/wifi/WifiApConfigStore.java
index eb2b11245..3de99711b 100644
--- a/service/java/com/android/server/wifi/WifiApConfigStore.java
+++ b/service/java/com/android/server/wifi/WifiApConfigStore.java
@@ -33,6 +33,7 @@ import com.android.wifi.resources.R;
 
 import java.nio.charset.StandardCharsets;
 import java.security.SecureRandom;
+import java.util.ArrayList;
 import java.util.Random;
 
 import javax.annotation.Nullable;
@@ -170,8 +171,10 @@ public class WifiApConfigStore {
         if ((!ApConfigUtil.isClientForceDisconnectSupported(mContext)
                 || mContext.getResources().getBoolean(
                 R.bool.config_wifiSoftapResetUserControlConfig))
-                && config.isClientControlByUserEnabled()) {
+                && (config.isClientControlByUserEnabled()
+                || config.getBlockedClientList().size() != 0)) {
             configBuilder.setClientControlByUserEnabled(false);
+            configBuilder.setBlockedClientList(new ArrayList<>());
             Log.i(TAG, "Reset ClientControlByUser to false due to device doesn't support");
         }
 
diff --git a/service/java/com/android/server/wifi/util/ApConfigUtil.java b/service/java/com/android/server/wifi/util/ApConfigUtil.java
index b385369a7..39d0df5f5 100644
--- a/service/java/com/android/server/wifi/util/ApConfigUtil.java
+++ b/service/java/com/android/server/wifi/util/ApConfigUtil.java
@@ -529,7 +529,8 @@ public class ApConfigUtil {
             SoftApCapability capability) {
         if (!capability.areFeaturesSupported(
                 SoftApCapability.SOFTAP_FEATURE_CLIENT_FORCE_DISCONNECT)
-                && (config.getMaxNumberOfClients() != 0 || config.isClientControlByUserEnabled())) {
+                && (config.getMaxNumberOfClients() != 0 || config.isClientControlByUserEnabled()
+                || config.getBlockedClientList().size() != 0)) {
             Log.d(TAG, "Error, Client control requires HAL support");
             return false;
         }
diff --git a/tests/wifitests/src/com/android/server/wifi/SoftApManagerTest.java b/tests/wifitests/src/com/android/server/wifi/SoftApManagerTest.java
index 99cd2db82..ddd8fe515 100644
--- a/tests/wifitests/src/com/android/server/wifi/SoftApManagerTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/SoftApManagerTest.java
@@ -1189,6 +1189,92 @@ public class SoftApManagerTest extends WifiBaseTest {
         verify(mAlarmManager.getAlarmManager()).cancel(any(WakeupMessage.class));
     }
 
+    @Test
+    public void testClientConnectFailureWhenClientInBlcokedListAndClientAuthorizationDisabled()
+            throws Exception {
+        ArrayList<MacAddress> blockedClientList = new ArrayList<>();
+        mTestSoftApCapability.setMaxSupportedClients(10);
+        Builder configBuilder = new SoftApConfiguration.Builder();
+        configBuilder.setBand(SoftApConfiguration.BAND_2GHZ);
+        configBuilder.setSsid(TEST_SSID);
+        configBuilder.setClientControlByUserEnabled(false);
+        // Client in blocked list
+        blockedClientList.add(TEST_MAC_ADDRESS);
+        configBuilder.setBlockedClientList(blockedClientList);
+        SoftApModeConfiguration apConfig =
+                new SoftApModeConfiguration(WifiManager.IFACE_IP_MODE_TETHERED,
+                configBuilder.build(), mTestSoftApCapability);
+        startSoftApAndVerifyEnabled(apConfig);
+
+        verify(mCallback).onConnectedClientsChanged(new ArrayList<>());
+
+        mSoftApListenerCaptor.getValue().onConnectedClientsChanged(
+                TEST_NATIVE_CLIENT, true);
+        mLooper.dispatchAll();
+
+        // Client is not allow verify
+        verify(mWifiNative).forceClientDisconnect(
+                        TEST_INTERFACE_NAME, TEST_MAC_ADDRESS,
+                        WifiManager.SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
+        verify(mWifiMetrics, never()).addSoftApNumAssociatedStationsChangedEvent(
+                1, apConfig.getTargetMode());
+        verify(mCallback, never()).onConnectedClientsChanged(
+                Mockito.argThat((List<WifiClient> clients) ->
+                        clients.contains(TEST_CONNECTED_CLIENT))
+        );
+
+    }
+
+    @Test
+    public void testClientDisconnectWhenClientInBlcokedLisUpdatedtAndClientAuthorizationDisabled()
+            throws Exception {
+        ArrayList<MacAddress> blockedClientList = new ArrayList<>();
+        mTestSoftApCapability.setMaxSupportedClients(10);
+        Builder configBuilder = new SoftApConfiguration.Builder();
+        configBuilder.setBand(SoftApConfiguration.BAND_2GHZ);
+        configBuilder.setSsid(TEST_SSID);
+        configBuilder.setClientControlByUserEnabled(false);
+        SoftApModeConfiguration apConfig =
+                new SoftApModeConfiguration(WifiManager.IFACE_IP_MODE_TETHERED,
+                configBuilder.build(), mTestSoftApCapability);
+        startSoftApAndVerifyEnabled(apConfig);
+
+        verify(mCallback).onConnectedClientsChanged(new ArrayList<>());
+
+        mSoftApListenerCaptor.getValue().onConnectedClientsChanged(
+                TEST_NATIVE_CLIENT, true);
+        mLooper.dispatchAll();
+
+        // Client connected check
+        verify(mWifiNative, never()).forceClientDisconnect(
+                        TEST_INTERFACE_NAME, TEST_MAC_ADDRESS,
+                        WifiManager.SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
+        verify(mWifiMetrics).addSoftApNumAssociatedStationsChangedEvent(
+                1, apConfig.getTargetMode());
+        verify(mCallback, times(2)).onConnectedClientsChanged(
+                Mockito.argThat((List<WifiClient> clients) ->
+                        clients.contains(TEST_CONNECTED_CLIENT))
+        );
+
+        reset(mCallback);
+        reset(mWifiNative);
+        // Update configuration
+        blockedClientList.add(TEST_MAC_ADDRESS);
+        configBuilder.setBlockedClientList(blockedClientList);
+        mSoftApManager.updateConfiguration(configBuilder.build());
+        mLooper.dispatchAll();
+        // Client difconnected
+        verify(mWifiNative).forceClientDisconnect(
+                        TEST_INTERFACE_NAME, TEST_MAC_ADDRESS,
+                        WifiManager.SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
+        // The callback should not trigger in configuration update case.
+        verify(mCallback, never()).onBlockedClientConnecting(TEST_CONNECTED_CLIENT,
+                WifiManager.SAP_CLIENT_BLOCK_REASON_CODE_BLOCKED_BY_USER);
+
+    }
+
+
+
     @Test
     public void testForceClientDisconnectInvokeBecauseClientAuthorizationEnabled()
             throws Exception {
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiApConfigStoreTest.java b/tests/wifitests/src/com/android/server/wifi/WifiApConfigStoreTest.java
index d19a4f002..90e01719f 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiApConfigStoreTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiApConfigStoreTest.java
@@ -723,14 +723,19 @@ public class WifiApConfigStoreTest extends WifiBaseTest {
         // Test client control setting when force client disconnect doesn't support
         mResources.setBoolean(R.bool.config_wifiSofapClientForceDisconnectSupported, false);
         ArrayList<MacAddress> blockedClientList = new ArrayList<>();
+        ArrayList<MacAddress> allowedClientList = new ArrayList<>();
         blockedClientList.add(MacAddress.fromString("11:22:33:44:55:66"));
+        allowedClientList.add(MacAddress.fromString("aa:bb:cc:dd:ee:ff"));
         configBuilder.setBlockedClientList(blockedClientList);
+        configBuilder.setAllowedClientList(allowedClientList);
 
         configBuilder.setClientControlByUserEnabled(true);
         resetedConfig = store.resetToDefaultForUnsupportedConfig(configBuilder.build());
         assertFalse(resetedConfig.isClientControlByUserEnabled());
-        // The blocked list still keep
-        assertEquals(resetedConfig.getBlockedClientList(), blockedClientList);
+        // The blocked list will be clean
+        assertEquals(resetedConfig.getBlockedClientList().size(), 0);
+        // The allowed list will be keep
+        assertEquals(resetedConfig.getAllowedClientList(), allowedClientList);
 
         // Test max client setting when reset enabled but force client disconnect supported
         mResources.setBoolean(R.bool.config_wifiSofapClientForceDisconnectSupported, true);
@@ -744,7 +749,17 @@ public class WifiApConfigStoreTest extends WifiBaseTest {
                 R.bool.config_wifiSoftapResetUserControlConfig, true);
         resetedConfig = store.resetToDefaultForUnsupportedConfig(configBuilder.build());
         assertFalse(resetedConfig.isClientControlByUserEnabled());
-        assertEquals(resetedConfig.getBlockedClientList(), blockedClientList);
+        assertEquals(resetedConfig.getBlockedClientList().size(), 0);
+        assertEquals(resetedConfig.getAllowedClientList(), allowedClientList);
+
+        // Test blocked list setting will be reset even if client control disabled
+        mResources.setBoolean(
+                R.bool.config_wifiSoftapResetUserControlConfig, true);
+        configBuilder.setClientControlByUserEnabled(false);
+        resetedConfig = store.resetToDefaultForUnsupportedConfig(configBuilder.build());
+        assertFalse(resetedConfig.isClientControlByUserEnabled());
+        assertEquals(resetedConfig.getBlockedClientList().size(), 0);
+        assertEquals(resetedConfig.getAllowedClientList(), allowedClientList);
     }
 
     /**
-- 
cgit v1.2.3


From 8dfba0e35b584fe4a1a1fad1110168009d4dbef1 Mon Sep 17 00:00:00 2001
From: arangelov <arangelov@google.com>
Date: Tue, 23 Jun 2020 13:40:04 +0100
Subject: Allow NETWORK_MANAGED_PROVISIONING to modify proxy settings.

Bug: 159606385
Test: manual
Test: atest WifiConfigManagerTest
Change-Id: I9bf6c900bf68aa18cb775929a6ac36d3c066cc33
---
 .../com/android/server/wifi/WifiConfigManager.java |  4 ++-
 .../android/server/wifi/WifiConfigManagerTest.java | 36 ++++++++++++++++++++--
 2 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
index 6b88f7165..1529c6560 100644
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
@@ -3252,9 +3252,11 @@ public class WifiConfigManager {
                 mWifiPermissionsUtil.checkNetworkSettingsPermission(uid);
         final boolean hasNetworkSetupWizardPermission =
                 mWifiPermissionsUtil.checkNetworkSetupWizardPermission(uid);
+        final boolean hasNetworkManagedProvisioningPermission =
+                mWifiPermissionsUtil.checkNetworkManagedProvisioningPermission(uid);
         // If |uid| corresponds to the device owner, allow all modifications.
         if (isProfileOwner || isDeviceOwner || hasNetworkSettingsPermission
-                || hasNetworkSetupWizardPermission) {
+                || hasNetworkSetupWizardPermission || hasNetworkManagedProvisioningPermission) {
             return true;
         }
         if (mVerboseLoggingEnabled) {
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
index dcd0fa8c5..0559c6385 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
@@ -4006,6 +4006,33 @@ public class WifiConfigManagerTest extends WifiBaseTest {
                 true, // assertSuccess
                 WifiConfiguration.INVALID_NETWORK_ID); // Update networkID
     }
+
+    /**
+     * Verifies that adding a network with a PAC or STATIC proxy, while having the
+     * {@link android.Manifest.permission#NETWORK_MANAGED_PROVISIONING} permission is successful
+     */
+    @Test
+    public void testAddNetworkWithProxyWithNetworkManagedPermission() {
+        verifyAddOrUpdateNetworkWithProxySettingsAndPermissions(
+                false, // withNetworkSettings
+                false, // withNetworkSetupWizard
+                true, // withNetworkManagedProvisioning
+                false, // withProfileOwnerPolicy
+                false, // withDeviceOwnerPolicy
+                WifiConfigurationTestUtil.createDHCPIpConfigurationWithPacProxy(),
+                true, // assertSuccess
+                WifiConfiguration.INVALID_NETWORK_ID); // Update networkID
+        verifyAddOrUpdateNetworkWithProxySettingsAndPermissions(
+                false,  // withNetworkSettings
+                false, // withNetworkSetupWizard
+                true, // withNetworkManagedProvisioning
+                false, // withProfileOwnerPolicy
+                false, // withDeviceOwnerPolicy
+                WifiConfigurationTestUtil.createDHCPIpConfigurationWithStaticProxy(),
+                true, // assertSuccess
+                WifiConfiguration.INVALID_NETWORK_ID); // Update networkID
+    }
+
     /**
      * Verifies that updating a network (that has no proxy) and adding a PAC or STATIC proxy fails
      * without being able to override configs, or holding Device or Profile owner policies.
@@ -4055,7 +4082,7 @@ public class WifiConfigManagerTest extends WifiBaseTest {
         verifyAddOrUpdateNetworkWithProxySettingsAndPermissions(
                 false, // withNetworkSettings
                 true, // withNetworkSetupWizard
-                false, // withProfileOwnerPolicy
+                false, false, // withProfileOwnerPolicy
                 false, // withDeviceOwnerPolicy
                 WifiConfigurationTestUtil.createDHCPIpConfigurationWithPacProxy(),
                 true, // assertSuccess
@@ -4636,13 +4663,14 @@ public class WifiConfigManagerTest extends WifiBaseTest {
             boolean assertSuccess,
             int networkId) {
         return verifyAddOrUpdateNetworkWithProxySettingsAndPermissions(withNetworkSettings,
-                false, withProfileOwnerPolicy, withDeviceOwnerPolicy, ipConfiguration,
+                false, false, withProfileOwnerPolicy, withDeviceOwnerPolicy, ipConfiguration,
                 assertSuccess, networkId);
     }
 
     private NetworkUpdateResult verifyAddOrUpdateNetworkWithProxySettingsAndPermissions(
             boolean withNetworkSettings,
             boolean withNetworkSetupWizard,
+            boolean withNetworkManagedProvisioning,
             boolean withProfileOwnerPolicy,
             boolean withDeviceOwnerPolicy,
             IpConfiguration ipConfiguration,
@@ -4663,7 +4691,9 @@ public class WifiConfigManagerTest extends WifiBaseTest {
                 .thenReturn(withNetworkSettings);
         when(mWifiPermissionsUtil.checkNetworkSetupWizardPermission(anyInt()))
                 .thenReturn(withNetworkSetupWizard);
-        int uid = withNetworkSettings || withNetworkSetupWizard
+        when(mWifiPermissionsUtil.checkNetworkManagedProvisioningPermission(anyInt()))
+                .thenReturn(withNetworkManagedProvisioning);
+        int uid = withNetworkSettings || withNetworkSetupWizard || withNetworkManagedProvisioning
                 ? TEST_CREATOR_UID
                 : TEST_NO_PERM_UID;
         NetworkUpdateResult result = addNetworkToWifiConfigManager(network, uid);
-- 
cgit v1.2.3


From 6f9d732a12ca5dd84fafcf5fdb510b878bffe237 Mon Sep 17 00:00:00 2001
From: Jimmy Chen <jimmycmchen@google.com>
Date: Tue, 23 Jun 2020 16:19:55 +0800
Subject: p2p: when location mode is off, send restricted broadcast to the
 settings only

Bug: 159368772
Test: atest FrameworksWifiTests
Change-Id: Iae35daed6ede28a79064d41c499aeb8e02212ee6
---
 .../java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java b/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java
index 56cdba83d..61e6c16bc 100644
--- a/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java
+++ b/service/java/com/android/server/wifi/p2p/WifiP2pServiceImpl.java
@@ -158,6 +158,12 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
             android.Manifest.permission.ACCESS_WIFI_STATE
     };
 
+    private static final String[] RECEIVER_PERMISSIONS_FOR_BROADCAST_LOCATION_OFF = {
+            android.Manifest.permission.NETWORK_SETTINGS,
+            android.Manifest.permission.ACCESS_FINE_LOCATION,
+            android.Manifest.permission.ACCESS_WIFI_STATE
+    };
+
     // Maximum number of bytes allowed for a network name, i.e. SSID.
     private static final int MAX_NETWORK_NAME_BYTES = 32;
     // Minimum number of bytes for a network name, i.e. DIRECT-xy.
@@ -3085,8 +3091,12 @@ public class WifiP2pServiceImpl extends IWifiP2pManager.Stub {
 
         private void sendBroadcastMultiplePermissions(Intent intent) {
             Context context = mContext.createContextAsUser(UserHandle.ALL, 0);
+            String[] permissions = RECEIVER_PERMISSIONS_FOR_BROADCAST;
+            if (!mWifiPermissionsUtil.isLocationModeEnabled()) {
+                permissions = RECEIVER_PERMISSIONS_FOR_BROADCAST_LOCATION_OFF;
+            }
             context.sendBroadcastWithMultiplePermissions(
-                    intent, RECEIVER_PERMISSIONS_FOR_BROADCAST);
+                    intent, permissions);
         }
 
         private void sendThisDeviceChangedBroadcast() {
-- 
cgit v1.2.3