diff options
author | Rebecca Silberstein <silberst@google.com> | 2017-09-15 09:36:58 -0700 |
---|---|---|
committer | Rohit Yengisetty <rngy@google.com> | 2018-04-17 17:21:15 -0700 |
commit | ae6b7091153f5c674b8fb8b71742ece3c6753423 (patch) | |
tree | a94a2a1854f485870138d479fb55ecdfe95c7675 | |
parent | f7ab4052ca8464adef8e20a9cd5a2b1692b5f759 (diff) | |
download | wifi-nougat-mr1-security-release.tar.gz |
RESTRICT AUTOMERGE: WifiServiceImpl: fix and add tethering checksandroid-7.1.1_r61android-7.1.1_r60android-7.1.1_r59nougat-mr1.8-releasenougat-mr1-security-release
Fix checks for tethering restrictions in setWifiApEnabled
and setWifiApConfiguration. Additionally add check for primary user for
all three checks (setWifiApEnabled, get/setWifiApConfiguration).
Bug: 35765136
Test: manual test as below:
1. Download a popular free app, ES File Explorer (tested with version 4.1.7 and earlier)
2. Menu (top-left) > Network > Net Manager > Create a hotspot network
3. The operation should hang or fail
4. "adb logcat | grep WifiService" to verify change
Change-Id: I2867f8f33861a802058c84149246dbd7f2b1441e
(cherry picked from commit 38598d8d32d5fa9af2178e71916887c2d37678f5)
-rw-r--r-- | service/java/com/android/server/wifi/WifiServiceImpl.java | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java index 740ef6e54..3cad492f5 100644 --- a/service/java/com/android/server/wifi/WifiServiceImpl.java +++ b/service/java/com/android/server/wifi/WifiServiceImpl.java @@ -541,6 +541,16 @@ public class WifiServiceImpl extends IWifiManager.Stub { "ConnectivityService"); } + private void enforceTetheringRestriction() { + // check if the user has the tethering restriction + UserManager um = UserManager.get(mContext); + UserHandle userHandle = Binder.getCallingUserHandle(); + Slog.d(TAG, "setWifiApEnabled - calling userId: " + userHandle.getIdentifier()); + if (um.hasUserRestriction(UserManager.DISALLOW_CONFIG_TETHERING, userHandle)) { + throw new SecurityException("DISALLOW_CONFIG_TETHERING is enabled for this user."); + } + } + /** * see {@link android.net.wifi.WifiManager#setWifiEnabled(boolean)} * @param enable {@code true} to enable, {@code false} to disable. @@ -591,11 +601,21 @@ public class WifiServiceImpl extends IWifiManager.Stub { * @param enabled true to enable and false to disable */ public void setWifiApEnabled(WifiConfiguration wifiConfig, boolean enabled) { + Slog.d(TAG, "setWifiApEnabled: " + enabled + " pid=" + Binder.getCallingPid() + + ", uid=" + Binder.getCallingUid()); enforceChangePermission(); ConnectivityManager.enforceTetherChangePermission(mContext); - if (mUserManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_TETHERING)) { - throw new SecurityException("DISALLOW_CONFIG_TETHERING is enabled for this user."); + + // check if the user has the tethering restriction + enforceTetheringRestriction(); + Slog.d(TAG, "setWifiApEnabled - passed the config_tethering check"); + + // now check if this is the primary user + if (Binder.getCallingUserHandle().getIdentifier() != UserHandle.USER_OWNER) { + Slog.e(TAG, "Only the device owner can enable wifi tethering"); + return; } + // null wifiConfig is a meaningful input for CMD_SET_AP if (wifiConfig == null || isValid(wifiConfig)) { mWifiController.obtainMessage(CMD_SET_AP, enabled ? 1 : 0, 0, wifiConfig).sendToTarget(); @@ -623,6 +643,13 @@ public class WifiServiceImpl extends IWifiManager.Stub { */ public WifiConfiguration getWifiApConfiguration() { enforceAccessPermission(); + enforceTetheringRestriction(); + // now check if this is the primary user + if (Binder.getCallingUserHandle().getIdentifier() != UserHandle.USER_OWNER) { + Slog.e(TAG, "Only the device owner can retrieve the ap config"); + return null; + } + return mWifiStateMachine.syncGetWifiApConfiguration(); } @@ -650,7 +677,17 @@ public class WifiServiceImpl extends IWifiManager.Stub { * @param wifiConfig WifiConfiguration details for soft access point */ public void setWifiApConfiguration(WifiConfiguration wifiConfig) { + Slog.d(TAG, "setWifiApConfiguration: " + wifiConfig); enforceChangePermission(); + + enforceTetheringRestriction(); + + // now check if this is the primary user + if (Binder.getCallingUserHandle().getIdentifier() != UserHandle.USER_OWNER) { + Slog.e(TAG, "Only the device owner can set the ap config"); + return; + } + if (wifiConfig == null) return; if (isValid(wifiConfig)) { |