From 386816bb104b9139d02b6460340d6ea35ae2be18 Mon Sep 17 00:00:00 2001 From: Roshan Pius Date: Thu, 26 Mar 2020 16:44:59 -0700 Subject: WifiShellCommand: Allow non root access to some commands Note that these commands are still invoking WifiService API methods, so the regular permission checks will kick-in. So, apps should not be able to bypass permission checks using this route. Bug: 152299953 Test: Manual test running shell commands without adb root (passed) abd shell cmd wifi list-scan-results abd shell cmd wifi start-scan abd shell cmd wifi list-networks abd shell cmd wifi connect-network open abd shell cmd wifi connect-network wpa2 abd shell cmd wifi forget-network abd shell cmd wifi status Test: Manual test running shell commands without adb root (failed) adb shell cmd set-softap-channel Change-Id: I422785a3a8954ffe95f4974ed9b66c76fa727c62 --- .../com/android/server/wifi/WifiShellCommand.java | 38 ++++++++++++---------- 1 file changed, 21 insertions(+), 17 deletions(-) (limited to 'service') diff --git a/service/java/com/android/server/wifi/WifiShellCommand.java b/service/java/com/android/server/wifi/WifiShellCommand.java index 6d7eeed4c..4a609a9e9 100644 --- a/service/java/com/android/server/wifi/WifiShellCommand.java +++ b/service/java/com/android/server/wifi/WifiShellCommand.java @@ -30,11 +30,13 @@ import android.net.wifi.WifiScanner; import android.net.wifi.nl80211.WifiNl80211Manager; import android.os.BasicShellCommandHandler; import android.os.Binder; +import android.os.Process; import android.os.RemoteException; import android.os.SystemClock; import android.text.TextUtils; import com.android.server.wifi.util.ApConfigUtil; +import com.android.server.wifi.util.ArrayUtils; import com.android.server.wifi.util.ScanResultUtil; import java.io.PrintWriter; @@ -60,6 +62,19 @@ import java.util.concurrent.TimeUnit; */ public class WifiShellCommand extends BasicShellCommandHandler { private static String SHELL_PACKAGE_NAME = "com.android.shell"; + // These don't require root access. + // However, these do perform permission checks in the corresponding WifiService methods. + private static final String[] NON_PRIVILEGED_COMMANDS = { + "connect-network", + "forget-network", + "list-scan-results", + "list-networks", + "set-verbose-logging", + "set-wifi-enabled", + "start-scan", + "status", + }; + private final ClientModeImpl mClientModeImpl; private final WifiLockManager mWifiLockManager; private final WifiNetworkSuggestionsManager mWifiNetworkSuggestionsManager; @@ -89,8 +104,12 @@ public class WifiShellCommand extends BasicShellCommandHandler { // Explicit exclusion from root permission // Do not require root permission to maintain backwards compatibility with // `svc wifi [enable|disable]`. - if (!"set-wifi-enabled".equals(cmd)) { - checkRootPermission(); + if (ArrayUtils.indexOf(NON_PRIVILEGED_COMMANDS, cmd) == -1) { + final int uid = Binder.getCallingUid(); + if (uid != Process.ROOT_UID) { + throw new SecurityException( + "Uid " + uid + " does not have access to " + cmd + " wifi command"); + } } final PrintWriter pw = getOutPrintWriter(); @@ -358,12 +377,6 @@ public class WifiShellCommand extends BasicShellCommandHandler { return 0; } case "set-wifi-enabled": { - // This command is explicitly exempted from checkRootPermission() (see beginning - // of this method). - // Do not require root permission to maintain backwards compatibility with - // `svc wifi [enable|disable]`. - // However, setWifiEnabled() does perform its own check for the - // android.Manifest.permission.CHANGE_WIFI_STATE permission. boolean enabled; String nextArg = getNextArgRequired(); if ("enabled".equals(nextArg)) { @@ -583,15 +596,6 @@ public class WifiShellCommand extends BasicShellCommandHandler { || Arrays.binarySearch(allowed6gFreq, apChannelMHz) >= 0; } - private void checkRootPermission() { - final int uid = Binder.getCallingUid(); - if (uid == 0) { - // Root can do anything. - return; - } - throw new SecurityException("Uid " + uid + " does not have access to wifi commands"); - } - @Override public void onHelp() { final PrintWriter pw = getOutPrintWriter(); -- cgit v1.2.3