From 56b2395f396741bf667c085d69fc8689df15b0f8 Mon Sep 17 00:00:00 2001 From: Etan Cohen Date: Mon, 3 Apr 2017 17:44:10 -0700 Subject: [AWARE] Add UID checking to WifiAware network specifier Wifi Aware networks are tied to a specific session - which is tied to a specific UID. Change verifies that a network requestor is only using session contexts which are owned by the same UID. Bug: 36053921 Test: integration (sl4a) tests Change-Id: Ife235e3d3f509d3425614ef1392c20f2b127c88f --- .../android/server/wifi/aware/WifiAwareDataPathStateManager.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'service') diff --git a/service/java/com/android/server/wifi/aware/WifiAwareDataPathStateManager.java b/service/java/com/android/server/wifi/aware/WifiAwareDataPathStateManager.java index 14d855e00..723828d7f 100644 --- a/service/java/com/android/server/wifi/aware/WifiAwareDataPathStateManager.java +++ b/service/java/com/android/server/wifi/aware/WifiAwareDataPathStateManager.java @@ -592,8 +592,6 @@ public class WifiAwareDataPathStateManager { return true; } - // TODO: validate that the client ID actually comes from the correct process and is - // not faked? nnri = AwareNetworkRequestInformation.processNetworkSpecifier(networkSpecifier, mMgr); if (nnri == null) { Log.e(TAG, "WifiAwareNetworkFactory.acceptRequest: request=" + request @@ -903,6 +901,13 @@ public class WifiAwareDataPathStateManager { } } + // validate UID + if (ns.requestorUid != uid) { + Log.e(TAG, "processNetworkSpecifier: networkSpecifier=" + ns.toString() + + " -- UID mismatch to clientId's uid=" + uid); + return null; + } + // create container and populate AwareNetworkRequestInformation nnri = new AwareNetworkRequestInformation(); nnri.state = (ns.role == WifiAwareManager.WIFI_AWARE_DATA_PATH_ROLE_INITIATOR) -- cgit v1.2.3