From cdd9dbff03f7c7712f68d80f67390a4f03001158 Mon Sep 17 00:00:00 2001
From: Nate Jiang <qiangjiang@google.com>
Date: Wed, 3 Jun 2020 15:14:14 -0700
Subject: [Suggestion] block insecure Enterprise suggestion

Block adding and connecting to insecure Enterprise suggestion.
Bug: 157822251
Test: atest com.android.server.wifi

Change-Id: Ic0741df81a5b50b4e9f98e17d95262946a659118
---
 .../java/com/android/server/wifi/NetworkSuggestionNominator.java    | 5 +++++
 .../java/com/android/server/wifi/WifiNetworkSuggestionsManager.java | 6 ++++++
 2 files changed, 11 insertions(+)

(limited to 'service')

diff --git a/service/java/com/android/server/wifi/NetworkSuggestionNominator.java b/service/java/com/android/server/wifi/NetworkSuggestionNominator.java
index fbc1f5fdb..b174be5e0 100644
--- a/service/java/com/android/server/wifi/NetworkSuggestionNominator.java
+++ b/service/java/com/android/server/wifi/NetworkSuggestionNominator.java
@@ -145,6 +145,11 @@ public class NetworkSuggestionNominator implements WifiNetworkSelector.NetworkNo
             }
             Set<ExtendedWifiNetworkSuggestion> autojoinEnableSuggestions = new HashSet<>();
             for (ExtendedWifiNetworkSuggestion ewns : matchingExtNetworkSuggestions) {
+                // Ignore insecure enterprise config.
+                if (ewns.wns.wifiConfiguration.isEnterprise()
+                        && ewns.wns.wifiConfiguration.enterpriseConfig.isInsecure()) {
+                    continue;
+                }
                 // If untrusted network is not allowed, ignore untrusted suggestion.
                 WifiConfiguration config = ewns.wns.wifiConfiguration;
                 if (!untrustedNetworkAllowed && !config.trusted) {
diff --git a/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java b/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
index 5d5a7d782..464ced0ad 100644
--- a/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
+++ b/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
@@ -993,6 +993,12 @@ public class WifiNetworkSuggestionsManager {
                         WifiConfigurationUtil.VALIDATE_FOR_ADD)) {
                     return false;
                 }
+                if (wns.wifiConfiguration.isEnterprise()
+                        && wns.wifiConfiguration.enterpriseConfig.isInsecure()) {
+                    Log.e(TAG, "Insecure enterprise suggestion is invalid.");
+                    return false;
+                }
+
             } else {
                 if (!wns.passpointConfiguration.validate()) {
                     return false;
-- 
cgit v1.2.3