diff options
| author | Roshan Pius <rpius@google.com> | 2017-06-08 20:41:18 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2017-06-08 20:41:20 +0000 |
| commit | 95bad763cff555fcf37442d5d3129f777bb0b978 (patch) | |
| tree | 270ead1e4604fe41199bd9b2fdf1869147b54579 | |
| parent | 04977155d75180c629a6c44b9db1fa9d2e250e76 (diff) | |
| parent | f1a0272c0fb3f11bc338e97481d8cb73cfe74641 (diff) | |
| download | android_frameworks_opt_net_wifi-95bad763cff555fcf37442d5d3129f777bb0b978.tar.gz android_frameworks_opt_net_wifi-95bad763cff555fcf37442d5d3129f777bb0b978.tar.bz2 android_frameworks_opt_net_wifi-95bad763cff555fcf37442d5d3129f777bb0b978.zip | |
Merge "WifiBackupRestore: Change to |NETWORK_SETTINGS| permission" into oc-dev
| -rw-r--r-- | service/java/com/android/server/wifi/WifiServiceImpl.java | 7 | ||||
| -rw-r--r-- | tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java | 41 |
2 files changed, 44 insertions, 4 deletions
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java index d32a579ac..7711e91c5 100644 --- a/service/java/com/android/server/wifi/WifiServiceImpl.java +++ b/service/java/com/android/server/wifi/WifiServiceImpl.java @@ -2511,8 +2511,7 @@ public class WifiServiceImpl extends IWifiManager.Stub { */ @Override public byte[] retrieveBackupData() { - enforceReadCredentialPermission(); - enforceAccessPermission(); + enforceNetworkSettingsPermission(); mLog.trace("retrieveBackupData uid=%").c(Binder.getCallingUid()).flush(); if (mWifiStateMachineChannel == null) { Slog.e(TAG, "mWifiStateMachineChannel is not initialized"); @@ -2557,7 +2556,7 @@ public class WifiServiceImpl extends IWifiManager.Stub { */ @Override public void restoreBackupData(byte[] data) { - enforceChangePermission(); + enforceNetworkSettingsPermission(); mLog.trace("restoreBackupData uid=%").c(Binder.getCallingUid()).flush(); if (mWifiStateMachineChannel == null) { Slog.e(TAG, "mWifiStateMachineChannel is not initialized"); @@ -2579,7 +2578,7 @@ public class WifiServiceImpl extends IWifiManager.Stub { * @param ipConfigData Raw byte stream of ipconfig.txt */ public void restoreSupplicantBackupData(byte[] supplicantData, byte[] ipConfigData) { - enforceChangePermission(); + enforceNetworkSettingsPermission(); mLog.trace("restoreSupplicantBackupData uid=%").c(Binder.getCallingUid()).flush(); if (mWifiStateMachineChannel == null) { Slog.e(TAG, "mWifiStateMachineChannel is not initialized"); diff --git a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java index 562143335..45ffa8c04 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java @@ -97,6 +97,7 @@ import org.mockito.Spy; import java.io.FileDescriptor; import java.io.PrintWriter; import java.io.StringWriter; +import java.util.List; /** * Unit tests for {@link WifiServiceImpl}. @@ -1503,4 +1504,44 @@ public class WifiServiceImplTest { verify(mWifiStateMachine).syncAddOrUpdatePasspointConfig(any(), any(PasspointConfiguration.class), anyInt()); } + + /** + * Verify that a call to {@link WifiServiceImpl#restoreBackupData(byte[])} is only allowed from + * callers with the signature only NETWORK_SETTINGS permission. + */ + @Test(expected = SecurityException.class) + public void testRestoreBackupDataNotApprovedCaller() { + doThrow(new SecurityException()).when(mContext) + .enforceCallingOrSelfPermission(eq(android.Manifest.permission.NETWORK_SETTINGS), + eq("WifiService")); + mWifiServiceImpl.restoreBackupData(null); + verify(mWifiBackupRestore, never()).retrieveConfigurationsFromBackupData(any(byte[].class)); + } + + /** + * Verify that a call to {@link WifiServiceImpl#restoreSupplicantBackupData(byte[], byte[])} is + * only allowed from callers with the signature only NETWORK_SETTINGS permission. + */ + @Test(expected = SecurityException.class) + public void testRestoreSupplicantBackupDataNotApprovedCaller() { + doThrow(new SecurityException()).when(mContext) + .enforceCallingOrSelfPermission(eq(android.Manifest.permission.NETWORK_SETTINGS), + eq("WifiService")); + mWifiServiceImpl.restoreSupplicantBackupData(null, null); + verify(mWifiBackupRestore, never()).retrieveConfigurationsFromSupplicantBackupData( + any(byte[].class), any(byte[].class)); + } + + /** + * Verify that a call to {@link WifiServiceImpl#retrieveBackupData()} is only allowed from + * callers with the signature only NETWORK_SETTINGS permission. + */ + @Test(expected = SecurityException.class) + public void testRetrieveBackupDataNotApprovedCaller() { + doThrow(new SecurityException()).when(mContext) + .enforceCallingOrSelfPermission(eq(android.Manifest.permission.NETWORK_SETTINGS), + eq("WifiService")); + mWifiServiceImpl.retrieveBackupData(); + verify(mWifiBackupRestore, never()).retrieveBackupDataFromConfigurations(any(List.class)); + } } |