From 5c5e8b347d32f7bf5bb1e6f40b1e350f1e9fb0f3 Mon Sep 17 00:00:00 2001 From: Rebecca Silberstein Date: Wed, 1 Mar 2017 16:13:08 -0800 Subject: WifiServiceImpl: protect Settings softap config Do not allow temporary softap configs to overwrite the user specified softap config. Bug: 35809698 Test: frameworks/opt/net/wifi/tests/wifitests/runtests.sh Test: frameworks/base/wifi/tests/runtests.sh Test: Wifi integration tests Change-Id: Id6bde08025cea8828e3106482c72ec04d01ff2cb --- .../com/android/server/wifi/WifiServiceImpl.java | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'service') diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java index e57e465e3..19eaf5218 100644 --- a/service/java/com/android/server/wifi/WifiServiceImpl.java +++ b/service/java/com/android/server/wifi/WifiServiceImpl.java @@ -687,22 +687,39 @@ public class WifiServiceImpl extends IWifiManager.Stub { /** * see {@link WifiManager#getWifiApConfiguration()} * @return soft access point configuration + * @throws SecurityException if the caller does not have permission to retrieve the softap + * config */ @Override public WifiConfiguration getWifiApConfiguration() { enforceAccessPermission(); - mLog.trace("getWifiApConfiguration uid=%").c(Binder.getCallingUid()).flush(); + int uid = Binder.getCallingUid(); + // only allow Settings UI to get the saved SoftApConfig + if (!mWifiPermissionsUtil.checkConfigOverridePermission(uid)) { + // random apps should not be allowed to read the user specified config + throw new SecurityException("App not allowed to read or update stored WiFi Ap config " + + "(uid = " + uid + ")"); + } + mLog.trace("getWifiApConfiguration uid=%").c(uid).flush(); return mWifiStateMachine.syncGetWifiApConfiguration(); } /** * see {@link WifiManager#setWifiApConfiguration(WifiConfiguration)} * @param wifiConfig WifiConfiguration details for soft access point + * @throws SecurityException if the caller does not have permission to write the sotap config */ @Override public void setWifiApConfiguration(WifiConfiguration wifiConfig) { enforceChangePermission(); - mLog.trace("setWifiApConfiguration uid=%").c(Binder.getCallingUid()).flush(); + int uid = Binder.getCallingUid(); + // only allow Settings UI to write the stored SoftApConfig + if (!mWifiPermissionsUtil.checkConfigOverridePermission(uid)) { + // random apps should not be allowed to read the user specified config + throw new SecurityException("App not allowed to read or update stored WiFi AP config " + + "(uid = " + uid + ")"); + } + mLog.trace("setWifiApConfiguration uid=%").c(uid).flush(); if (wifiConfig == null) return; if (isValid(wifiConfig)) { -- cgit v1.2.3