summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoshan Pius <rpius@google.com>2017-06-06 09:19:25 -0700
committerRoshan Pius <rpius@google.com>2017-06-06 16:23:17 +0000
commitf1a0272c0fb3f11bc338e97481d8cb73cfe74641 (patch)
tree7839830947e2a168b48c5f5455411d00bd96f2bc
parentce59c9965c0b9de1baeb1a55903ca21b96232711 (diff)
downloadandroid_frameworks_opt_net_wifi-f1a0272c0fb3f11bc338e97481d8cb73cfe74641.tar.gz
android_frameworks_opt_net_wifi-f1a0272c0fb3f11bc338e97481d8cb73cfe74641.tar.bz2
android_frameworks_opt_net_wifi-f1a0272c0fb3f11bc338e97481d8cb73cfe74641.zip
WifiBackupRestore: Change to |NETWORK_SETTINGS| permission
Use the new |NETWORK_SETTINGS| permission for all backup/restore changes. Bug: 62353755 Test: 'bmgr backup com.android.provider.settings' Test: 'bmgr restore <sha> com.android.provider.settings' Test: Unit tests Change-Id: I5c62ed1b4cb6a6445755aaf0fd1a3b67f0a25501
-rw-r--r--service/java/com/android/server/wifi/WifiServiceImpl.java7
-rw-r--r--tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java41
2 files changed, 44 insertions, 4 deletions
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java
index ec05f7cec..cded722e1 100644
--- a/service/java/com/android/server/wifi/WifiServiceImpl.java
+++ b/service/java/com/android/server/wifi/WifiServiceImpl.java
@@ -2495,8 +2495,7 @@ public class WifiServiceImpl extends IWifiManager.Stub {
*/
@Override
public byte[] retrieveBackupData() {
- enforceReadCredentialPermission();
- enforceAccessPermission();
+ enforceNetworkSettingsPermission();
mLog.trace("retrieveBackupData uid=%").c(Binder.getCallingUid()).flush();
if (mWifiStateMachineChannel == null) {
Slog.e(TAG, "mWifiStateMachineChannel is not initialized");
@@ -2541,7 +2540,7 @@ public class WifiServiceImpl extends IWifiManager.Stub {
*/
@Override
public void restoreBackupData(byte[] data) {
- enforceChangePermission();
+ enforceNetworkSettingsPermission();
mLog.trace("restoreBackupData uid=%").c(Binder.getCallingUid()).flush();
if (mWifiStateMachineChannel == null) {
Slog.e(TAG, "mWifiStateMachineChannel is not initialized");
@@ -2563,7 +2562,7 @@ public class WifiServiceImpl extends IWifiManager.Stub {
* @param ipConfigData Raw byte stream of ipconfig.txt
*/
public void restoreSupplicantBackupData(byte[] supplicantData, byte[] ipConfigData) {
- enforceChangePermission();
+ enforceNetworkSettingsPermission();
mLog.trace("restoreSupplicantBackupData uid=%").c(Binder.getCallingUid()).flush();
if (mWifiStateMachineChannel == null) {
Slog.e(TAG, "mWifiStateMachineChannel is not initialized");
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
index 7342cdb16..355db0f73 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
@@ -97,6 +97,7 @@ import org.mockito.Spy;
import java.io.FileDescriptor;
import java.io.PrintWriter;
import java.io.StringWriter;
+import java.util.List;
/**
* Unit tests for {@link WifiServiceImpl}.
@@ -1473,4 +1474,44 @@ public class WifiServiceImplTest {
verify(mWifiStateMachine).syncAddOrUpdatePasspointConfig(any(),
any(PasspointConfiguration.class), anyInt());
}
+
+ /**
+ * Verify that a call to {@link WifiServiceImpl#restoreBackupData(byte[])} is only allowed from
+ * callers with the signature only NETWORK_SETTINGS permission.
+ */
+ @Test(expected = SecurityException.class)
+ public void testRestoreBackupDataNotApprovedCaller() {
+ doThrow(new SecurityException()).when(mContext)
+ .enforceCallingOrSelfPermission(eq(android.Manifest.permission.NETWORK_SETTINGS),
+ eq("WifiService"));
+ mWifiServiceImpl.restoreBackupData(null);
+ verify(mWifiBackupRestore, never()).retrieveConfigurationsFromBackupData(any(byte[].class));
+ }
+
+ /**
+ * Verify that a call to {@link WifiServiceImpl#restoreSupplicantBackupData(byte[], byte[])} is
+ * only allowed from callers with the signature only NETWORK_SETTINGS permission.
+ */
+ @Test(expected = SecurityException.class)
+ public void testRestoreSupplicantBackupDataNotApprovedCaller() {
+ doThrow(new SecurityException()).when(mContext)
+ .enforceCallingOrSelfPermission(eq(android.Manifest.permission.NETWORK_SETTINGS),
+ eq("WifiService"));
+ mWifiServiceImpl.restoreSupplicantBackupData(null, null);
+ verify(mWifiBackupRestore, never()).retrieveConfigurationsFromSupplicantBackupData(
+ any(byte[].class), any(byte[].class));
+ }
+
+ /**
+ * Verify that a call to {@link WifiServiceImpl#retrieveBackupData()} is only allowed from
+ * callers with the signature only NETWORK_SETTINGS permission.
+ */
+ @Test(expected = SecurityException.class)
+ public void testRetrieveBackupDataNotApprovedCaller() {
+ doThrow(new SecurityException()).when(mContext)
+ .enforceCallingOrSelfPermission(eq(android.Manifest.permission.NETWORK_SETTINGS),
+ eq("WifiService"));
+ mWifiServiceImpl.retrieveBackupData();
+ verify(mWifiBackupRestore, never()).retrieveBackupDataFromConfigurations(any(List.class));
+ }
}