WifiBackupRestore: Backup networks from apps holding CONFIG_OVERRIDE

We currently backup only networks created by system apps. Change that to instead backup only networks created by apps holding the |CONFIG_OVERRIDE| permission. This will let us backup networks from apps like SetupWizard which holds the |CONFIG_OVERRIDE| permission. Since such apps have the permission to modify any network in the device, it doesn't matter that the |creatorUid| info is lost during the restore process. PS: See the discussion in b/29201888 for why the creatorUid cannot be preserved across restore. Bug: 38041584 Test: Unit tests Test: 'bmgr backup com.android.provider.settings' Test: 'bmgr restore <sha> com.android.provider.settings' Change-Id: I550631d11f34942e408a6e4068bcb45ce22cb8e6
author: Roshan Pius <rpius@google.com> 2017-05-26 09:41:04 -0700
committer: Roshan Pius <rpius@google.com> 2017-06-08 16:32:21 +0000
commit: 9e83c3b65710cef6e04015565974750ee67200f1 (patch)
tree: e6e4e37885487a4d94dde88354db5c8e885c7b72
parent: 04977155d75180c629a6c44b9db1fa9d2e250e76 (diff)
download: android_frameworks_opt_net_wifi-9e83c3b65710cef6e04015565974750ee67200f1.tar.gz
android_frameworks_opt_net_wifi-9e83c3b65710cef6e04015565974750ee67200f1.tar.bz2
android_frameworks_opt_net_wifi-9e83c3b65710cef6e04015565974750ee67200f1.zip
3 files changed, 32 insertions, 5 deletions
diff --git a/service/java/com/android/server/wifi/WifiBackupRestore.java b/service/java/com/android/server/wifi/WifiBackupRestore.java
index 4095d8283..60c3b488d 100644
--- a/service/java/com/android/server/wifi/WifiBackupRestore.java
+++ b/service/java/com/android/server/wifi/WifiBackupRestore.java
@@ -28,6 +28,7 @@ import android.util.Xml;
 import com.android.internal.util.FastXmlSerializer;
 import com.android.server.net.IpConfigStore;
 import com.android.server.wifi.util.NativeUtil;
+import com.android.server.wifi.util.WifiPermissionsUtil;
 import com.android.server.wifi.util.XmlUtil;
 import com.android.server.wifi.util.XmlUtil.IpConfigurationXmlUtil;
 import com.android.server.wifi.util.XmlUtil.WifiConfigurationXmlUtil;
@@ -96,6 +97,7 @@ public class WifiBackupRestore {
     private static final String WEP_KEYS_MASK_SEARCH_PATTERN = "(<.*=)(.*)(/>)";
     private static final String WEP_KEYS_MASK_REPLACE_PATTERN = "$1*$3";
 
+    private final WifiPermissionsUtil mWifiPermissionsUtil;
     /**
      * Verbose logging flag.
      */
@@ -109,6 +111,10 @@ public class WifiBackupRestore {
     private byte[] mDebugLastBackupDataRestored;
     private byte[] mDebugLastSupplicantBackupDataRestored;
 
+    public WifiBackupRestore(WifiPermissionsUtil wifiPermissionsUtil) {
+        mWifiPermissionsUtil = wifiPermissionsUtil;
+    }
+
     /**
      * Retrieve an XML byte stream representing the data that needs to be backed up from the
      * provided configurations.
@@ -163,7 +169,9 @@ public class WifiBackupRestore {
             if (configuration.isEnterprise() || configuration.isPasspoint()) {
                 continue;
             }
-            if (configuration.creatorUid >= Process.FIRST_APPLICATION_UID) {
+            if (!mWifiPermissionsUtil.checkConfigOverridePermission(configuration.creatorUid)) {
+                Log.d(TAG, "Ignoring network from an app with no config override permission: "
+                        + configuration.configKey());
                 continue;
             }
             // Write this configuration data now.
@@ -702,6 +710,8 @@ public class WifiBackupRestore {
                                 Integer.parseInt(extras.get(
                                         SupplicantStaNetworkHal.ID_STRING_KEY_CREATOR_UID));
                         if (creatorUid >= Process.FIRST_APPLICATION_UID) {
+                            Log.d(TAG, "Ignoring network from non-system app: "
+                                    + configuration.configKey());
                             return null;
                         }
                     }
diff --git a/service/java/com/android/server/wifi/WifiInjector.java b/service/java/com/android/server/wifi/WifiInjector.java
index 90e400cc1..c51778578 100644
--- a/service/java/com/android/server/wifi/WifiInjector.java
+++ b/service/java/com/android/server/wifi/WifiInjector.java
@@ -96,7 +96,7 @@ public class WifiInjector {
     private final PropertyService mPropertyService = new SystemPropertyService();
     private final BuildProperties mBuildProperties = new SystemBuildProperties();
     private final KeyStore mKeyStore = KeyStore.getInstance();
-    private final WifiBackupRestore mWifiBackupRestore = new WifiBackupRestore();
+    private final WifiBackupRestore mWifiBackupRestore;
     private final WifiMulticastLockManager mWifiMulticastLockManager;
     private final WifiConfigStore mWifiConfigStore;
     private final WifiKeyStore mWifiKeyStore;
@@ -150,6 +150,7 @@ public class WifiInjector {
                 mWifiNetworkScoreCache, NetworkScoreManager.CACHE_FILTER_NONE);
         mWifiPermissionsUtil = new WifiPermissionsUtil(mWifiPermissionsWrapper, mContext,
                 mSettingsStore, UserManager.get(mContext), mNetworkScoreManager, this);
+        mWifiBackupRestore = new WifiBackupRestore(mWifiPermissionsUtil);
         mBatteryStats = IBatteryStats.Stub.asInterface(mFrameworkFacade.getService(
                 BatteryStats.SERVICE_NAME));
         mWifiStateTracker = new WifiStateTracker(mBatteryStats);
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiBackupRestoreTest.java b/tests/wifitests/src/com/android/server/wifi/WifiBackupRestoreTest.java
index 362540517..58b8d394b 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiBackupRestoreTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiBackupRestoreTest.java
@@ -24,10 +24,13 @@ import android.os.Process;
 import android.test.suitebuilder.annotation.SmallTest;
 
 import com.android.server.net.IpConfigStore;
+import com.android.server.wifi.util.WifiPermissionsUtil;
 
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
 
 import java.io.ByteArrayOutputStream;
 import java.io.DataOutputStream;
@@ -48,11 +51,15 @@ import java.util.Random;
 @SmallTest
 public class WifiBackupRestoreTest {
 
-    private final WifiBackupRestore mWifiBackupRestore = new WifiBackupRestore();
+    @Mock WifiPermissionsUtil mWifiPermissionsUtil;
+    private WifiBackupRestore mWifiBackupRestore;
     private boolean mCheckDump = true;
 
     @Before
     public void setUp() throws Exception {
+        MockitoAnnotations.initMocks(this);
+        when(mWifiPermissionsUtil.checkConfigOverridePermission(anyInt())).thenReturn(true);
+        mWifiBackupRestore = new WifiBackupRestore(mWifiPermissionsUtil);
         // Enable verbose logging before tests to check the backup data dumps.
         mWifiBackupRestore.enableVerboseLogging(1);
     }
@@ -361,25 +368,34 @@ public class WifiBackupRestoreTest {
      */
     @Test
     public void testMultipleNetworksSystemAppBackupRestore() {
+        int systemAppUid = Process.SYSTEM_UID;
+        int nonSystemAppUid = Process.FIRST_APPLICATION_UID + 556;
+        when(mWifiPermissionsUtil.checkConfigOverridePermission(eq(systemAppUid)))
+                .thenReturn(true);
+        when(mWifiPermissionsUtil.checkConfigOverridePermission(eq(nonSystemAppUid)))
+                .thenReturn(false);
+
         List<WifiConfiguration> configurations = new ArrayList<>();
         List<WifiConfiguration> expectedConfigurations = new ArrayList<>();
 
         WifiConfiguration wepNetwork = WifiConfigurationTestUtil.createWepNetwork();
+        wepNetwork.creatorUid = systemAppUid;
         configurations.add(wepNetwork);
         expectedConfigurations.add(wepNetwork);
 
         // These should not be in |expectedConfigurations|.
         WifiConfiguration nonSystemAppWepNetwork = WifiConfigurationTestUtil.createWepNetwork();
-        nonSystemAppWepNetwork.creatorUid = Process.FIRST_APPLICATION_UID;
+        nonSystemAppWepNetwork.creatorUid = nonSystemAppUid;
         configurations.add(nonSystemAppWepNetwork);
 
         WifiConfiguration pskNetwork = WifiConfigurationTestUtil.createPskNetwork();
+        pskNetwork.creatorUid = systemAppUid;
         configurations.add(pskNetwork);
         expectedConfigurations.add(pskNetwork);
 
         // These should not be in |expectedConfigurations|.
         WifiConfiguration nonSystemAppPskNetwork = WifiConfigurationTestUtil.createPskNetwork();
-        nonSystemAppPskNetwork.creatorUid = Process.FIRST_APPLICATION_UID + 1;
+        nonSystemAppPskNetwork.creatorUid = nonSystemAppUid;
         configurations.add(nonSystemAppPskNetwork);
 
         WifiConfiguration openNetwork = WifiConfigurationTestUtil.createOpenNetwork();
author	Roshan Pius <rpius@google.com>	2017-05-26 09:41:04 -0700
committer	Roshan Pius <rpius@google.com>	2017-06-08 16:32:21 +0000
commit	9e83c3b65710cef6e04015565974750ee67200f1 (patch)
tree	e6e4e37885487a4d94dde88354db5c8e885c7b72
parent	04977155d75180c629a6c44b9db1fa9d2e250e76 (diff)
download	android_frameworks_opt_net_wifi-9e83c3b65710cef6e04015565974750ee67200f1.tar.gz android_frameworks_opt_net_wifi-9e83c3b65710cef6e04015565974750ee67200f1.tar.bz2 android_frameworks_opt_net_wifi-9e83c3b65710cef6e04015565974750ee67200f1.zip