diff options
9 files changed, 57 insertions, 16 deletions
diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java index 2fe3d86fc..2d0b4ed09 100644 --- a/service/java/com/android/server/wifi/WifiConfigManager.java +++ b/service/java/com/android/server/wifi/WifiConfigManager.java @@ -1340,7 +1340,7 @@ public class WifiConfigManager { // will remove the enterprise keys when provider is uninstalled. Suggestion enterprise // networks will remove the enterprise keys when suggestion is removed. if (!config.isPasspoint() && !config.fromWifiNetworkSuggestion && config.isEnterprise()) { - mWifiKeyStore.removeKeys(config.enterpriseConfig); + mWifiKeyStore.removeKeys(config.enterpriseConfig, false); } removeConnectChoiceFromAllNetworks(config.configKey()); diff --git a/service/java/com/android/server/wifi/WifiInjector.java b/service/java/com/android/server/wifi/WifiInjector.java index 26d3ad1f3..bd2050135 100644 --- a/service/java/com/android/server/wifi/WifiInjector.java +++ b/service/java/com/android/server/wifi/WifiInjector.java @@ -745,4 +745,9 @@ public class WifiInjector { public IpMemoryStore getIpMemoryStore() { return mIpMemoryStore; } + + @NonNull + public WifiKeyStore getWifiKeyStore() { + return mWifiKeyStore; + } } diff --git a/service/java/com/android/server/wifi/WifiKeyStore.java b/service/java/com/android/server/wifi/WifiKeyStore.java index c1706a20d..8e82f4720 100644 --- a/service/java/com/android/server/wifi/WifiKeyStore.java +++ b/service/java/com/android/server/wifi/WifiKeyStore.java @@ -221,10 +221,11 @@ public class WifiKeyStore { * Remove enterprise keys from the network config. * * @param config Config corresponding to the network. + * @param forceRemove remove keys regardless of the key installer. */ - public void removeKeys(WifiEnterpriseConfig config) { + public void removeKeys(WifiEnterpriseConfig config, boolean forceRemove) { // Do not remove keys that were manually installed by the user - if (config.isAppInstalledDeviceKeyAndCert()) { + if (forceRemove || config.isAppInstalledDeviceKeyAndCert()) { String client = config.getClientCertificateAlias(); // a valid client certificate is configured if (!TextUtils.isEmpty(client)) { @@ -237,7 +238,7 @@ public class WifiKeyStore { } // Do not remove CA certs that were manually installed by the user - if (config.isAppInstalledCaCert()) { + if (forceRemove || config.isAppInstalledCaCert()) { String[] aliases = config.getCaCertificateAliases(); // a valid ca certificate is configured if (aliases != null) { diff --git a/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java b/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java index 0cb844509..91a864360 100644 --- a/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java +++ b/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java @@ -661,7 +661,7 @@ public class WifiNetworkSuggestionsManager { if (!config.isEnterprise()) { continue; } - mWifiKeyStore.removeKeys(config.enterpriseConfig); + mWifiKeyStore.removeKeys(config.enterpriseConfig, false); } // Clear the scan cache. removeFromScanResultMatchInfoMap(removingSuggestions); diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java index f04755fd9..e8b523b6e 100644 --- a/service/java/com/android/server/wifi/WifiServiceImpl.java +++ b/service/java/com/android/server/wifi/WifiServiceImpl.java @@ -100,6 +100,7 @@ import android.os.WorkSource; import android.provider.Settings; import android.telephony.TelephonyManager; import android.text.TextUtils; +import android.util.EventLog; import android.util.Log; import android.util.MutableInt; import android.util.Slog; @@ -2946,7 +2947,13 @@ public class WifiServiceImpl extends BaseWifiService { List<WifiConfiguration> networks = mClientModeImpl.syncGetConfiguredNetworks( Binder.getCallingUid(), mClientModeImplChannel, Process.WIFI_UID); if (networks != null) { + EventLog.writeEvent(0x534e4554, "231985227", -1, + "Remove certs for factory reset"); for (WifiConfiguration config : networks) { + if (config.isEnterprise()) { + mWifiInjector.getWifiKeyStore().removeKeys( + config.enterpriseConfig, true); + } removeNetwork(config.networkId, packageName); } } diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java index c4ce0faad..49302f8af 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java @@ -690,7 +690,7 @@ public class WifiConfigManagerTest { verify(mWcmListener, never()).onSavedNetworkAdded(suggestionNetwork.networkId); assertTrue(mWifiConfigManager .removeNetwork(suggestionNetwork.networkId, TEST_CREATOR_UID)); - verify(mWifiKeyStore, never()).removeKeys(any()); + verify(mWifiKeyStore, never()).removeKeys(any(), eq(false)); } /** @@ -934,7 +934,7 @@ public class WifiConfigManagerTest { assertTrue(mWifiConfigManager.removeNetwork(passpointNetwork.networkId, Process.WIFI_UID)); // Verify keys are not being removed. - verify(mWifiKeyStore, never()).removeKeys(any(WifiEnterpriseConfig.class)); + verify(mWifiKeyStore, never()).removeKeys(any(WifiEnterpriseConfig.class), eq(false)); verifyNetworkRemoveBroadcast(passpointNetwork); // Ensure that the write was not invoked for Passpoint network remove. mContextConfigStoreMockOrder.verify(mWifiConfigStore, never()).write(anyBoolean()); @@ -5118,7 +5118,7 @@ public class WifiConfigManagerTest { assertTrue(mWifiConfigManager.removeNetwork(configuration.networkId, TEST_CREATOR_UID)); // Verify keys are not being removed. - verify(mWifiKeyStore, never()).removeKeys(any(WifiEnterpriseConfig.class)); + verify(mWifiKeyStore, never()).removeKeys(any(WifiEnterpriseConfig.class), eq(false)); verifyNetworkRemoveBroadcast(configuration); // Ensure that the write was not invoked for Passpoint network remove. mContextConfigStoreMockOrder.verify(mWifiConfigStore, never()).write(anyBoolean()); diff --git a/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java b/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java index 7649d1ba4..3f54c3f85 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java @@ -96,7 +96,7 @@ public class WifiKeyStoreTest { public void testRemoveKeysForAppInstalledCerts() { when(mWifiEnterpriseConfig.isAppInstalledDeviceKeyAndCert()).thenReturn(true); when(mWifiEnterpriseConfig.isAppInstalledCaCert()).thenReturn(true); - mWifiKeyStore.removeKeys(mWifiEnterpriseConfig); + mWifiKeyStore.removeKeys(mWifiEnterpriseConfig, false); // Method calls the KeyStore#delete method 4 times, user key, user cert, and 2 CA cert verify(mKeyStore).delete(Credentials.USER_PRIVATE_KEY + USER_CERT_ALIAS, Process.WIFI_UID); @@ -115,7 +115,7 @@ public class WifiKeyStoreTest { public void testRemoveKeysForMixedInstalledCerts1() { when(mWifiEnterpriseConfig.isAppInstalledDeviceKeyAndCert()).thenReturn(true); when(mWifiEnterpriseConfig.isAppInstalledCaCert()).thenReturn(false); - mWifiKeyStore.removeKeys(mWifiEnterpriseConfig); + mWifiKeyStore.removeKeys(mWifiEnterpriseConfig, false); // Method calls the KeyStore#delete method 2 times: user key and user cert verify(mKeyStore).delete(Credentials.USER_PRIVATE_KEY + USER_CERT_ALIAS, Process.WIFI_UID); @@ -131,7 +131,7 @@ public class WifiKeyStoreTest { public void testRemoveKeysForMixedInstalledCerts2() { when(mWifiEnterpriseConfig.isAppInstalledDeviceKeyAndCert()).thenReturn(false); when(mWifiEnterpriseConfig.isAppInstalledCaCert()).thenReturn(true); - mWifiKeyStore.removeKeys(mWifiEnterpriseConfig); + mWifiKeyStore.removeKeys(mWifiEnterpriseConfig, false); // Method calls the KeyStore#delete method 2 times: 2 CA certs verify(mKeyStore).delete(Credentials.CA_CERTIFICATE + USER_CA_CERT_ALIAS[0], @@ -148,7 +148,27 @@ public class WifiKeyStoreTest { public void testRemoveKeysForUserInstalledCerts() { when(mWifiEnterpriseConfig.isAppInstalledDeviceKeyAndCert()).thenReturn(false); when(mWifiEnterpriseConfig.isAppInstalledCaCert()).thenReturn(false); - mWifiKeyStore.removeKeys(mWifiEnterpriseConfig); + mWifiKeyStore.removeKeys(mWifiEnterpriseConfig, false); + verifyNoMoreInteractions(mKeyStore); + } + + /** + * Verifies that keys and certs are removed when they were not installed by the user + * when forceRemove is true. + */ + @Test + public void testForceRemoveKeysForUserInstalledCerts() throws Exception { + when(mWifiEnterpriseConfig.isAppInstalledDeviceKeyAndCert()).thenReturn(false); + when(mWifiEnterpriseConfig.isAppInstalledCaCert()).thenReturn(false); + mWifiKeyStore.removeKeys(mWifiEnterpriseConfig, true); + + // KeyStore#delete() is called three time for user cert, user key, and 2 CA cert. + verify(mKeyStore).delete(Credentials.USER_PRIVATE_KEY + USER_CERT_ALIAS, Process.WIFI_UID); + verify(mKeyStore).delete(Credentials.USER_CERTIFICATE + USER_CERT_ALIAS, Process.WIFI_UID); + verify(mKeyStore).delete(Credentials.CA_CERTIFICATE + USER_CA_CERT_ALIAS[0], + Process.WIFI_UID); + verify(mKeyStore).delete(Credentials.CA_CERTIFICATE + USER_CA_CERT_ALIAS[1], + Process.WIFI_UID); verifyNoMoreInteractions(mKeyStore); } diff --git a/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java index bb31dd1b7..71a7aaf37 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java @@ -342,7 +342,7 @@ public class WifiNetworkSuggestionsManagerTest { assertEquals(WifiManager.STATUS_NETWORK_SUGGESTIONS_SUCCESS, mWifiNetworkSuggestionsManager.remove(Arrays.asList(removingSuggestion), TEST_UID_1, TEST_PACKAGE_1)); - verify(mWifiKeyStore).removeKeys(any()); + verify(mWifiKeyStore).removeKeys(any(), eq(false)); } /** * Verify successful replace (add,remove, add) of network suggestions. diff --git a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java index c02e42612..f6f25a764 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java @@ -259,6 +259,7 @@ public class WifiServiceImplTest { @Mock WifiScoreCard mWifiScoreCard; @Mock PasspointManager mPasspointManager; @Mock IDppCallback mDppCallback; + @Mock WifiKeyStore mWifiKeyStore; @Spy FakeWifiLog mLog; @@ -399,6 +400,7 @@ public class WifiServiceImplTest { when(mContext.checkPermission(eq(android.Manifest.permission.NETWORK_MANAGED_PROVISIONING), anyInt(), anyInt())).thenReturn(PackageManager.PERMISSION_DENIED); when(mScanRequestProxy.startScan(anyInt(), anyString())).thenReturn(true); + when(mWifiInjector.getWifiKeyStore()).thenReturn(mWifiKeyStore); ArgumentCaptor<SoftApCallback> softApCallbackCaptor = ArgumentCaptor.forClass(SoftApCallback.class); @@ -3498,7 +3500,11 @@ public class WifiServiceImplTest { anyInt(), anyInt())).thenReturn(PackageManager.PERMISSION_GRANTED); when(mWifiPermissionsUtil.checkNetworkSettingsPermission(anyInt())).thenReturn(true); final String fqdn = "example.com"; - WifiConfiguration network = WifiConfigurationTestUtil.createOpenNetwork(); + WifiConfiguration openNetwork = WifiConfigurationTestUtil.createOpenNetwork(); + openNetwork.networkId = TEST_NETWORK_ID; + WifiConfiguration eapNetwork = WifiConfigurationTestUtil.createEapNetwork( + WifiEnterpriseConfig.Eap.TLS, WifiEnterpriseConfig.Phase2.NONE); + eapNetwork.networkId = TEST_NETWORK_ID + 1; PasspointConfiguration config = new PasspointConfiguration(); HomeSp homeSp = new HomeSp(); homeSp.setFqdn(fqdn); @@ -3506,13 +3512,15 @@ public class WifiServiceImplTest { mWifiServiceImpl.mClientModeImplChannel = mAsyncChannel; when(mClientModeImpl.syncGetConfiguredNetworks(anyInt(), any(), anyInt())) - .thenReturn(Arrays.asList(network)); + .thenReturn(Arrays.asList(openNetwork, eapNetwork)); when(mClientModeImpl.syncGetPasspointConfigs(any())).thenReturn(Arrays.asList(config)); mWifiServiceImpl.factoryReset(TEST_PACKAGE_NAME); mLooper.dispatchAll(); - verify(mClientModeImpl).syncRemoveNetwork(mAsyncChannel, network.networkId); + verify(mClientModeImpl).syncRemoveNetwork(mAsyncChannel, openNetwork.networkId); + verify(mClientModeImpl).syncRemoveNetwork(mAsyncChannel, eapNetwork.networkId); + verify(mWifiKeyStore).removeKeys(eapNetwork.enterpriseConfig, true); verify(mClientModeImpl).syncRemovePasspointConfig(mAsyncChannel, fqdn); verify(mWifiConfigManager).clearDeletedEphemeralNetworks(); verify(mClientModeImpl).clearNetworkRequestUserApprovedAccessPoints(); |