diff options
author | Roshan Pius <rpius@google.com> | 2017-06-06 09:19:25 -0700 |
---|---|---|
committer | Roshan Pius <rpius@google.com> | 2017-06-06 16:23:17 +0000 |
commit | f1a0272c0fb3f11bc338e97481d8cb73cfe74641 (patch) | |
tree | 7839830947e2a168b48c5f5455411d00bd96f2bc | |
parent | ce59c9965c0b9de1baeb1a55903ca21b96232711 (diff) | |
download | android_frameworks_opt_net_wifi-f1a0272c0fb3f11bc338e97481d8cb73cfe74641.tar.gz android_frameworks_opt_net_wifi-f1a0272c0fb3f11bc338e97481d8cb73cfe74641.tar.bz2 android_frameworks_opt_net_wifi-f1a0272c0fb3f11bc338e97481d8cb73cfe74641.zip |
WifiBackupRestore: Change to |NETWORK_SETTINGS| permission
Use the new |NETWORK_SETTINGS| permission for all backup/restore
changes.
Bug: 62353755
Test: 'bmgr backup com.android.provider.settings'
Test: 'bmgr restore <sha> com.android.provider.settings'
Test: Unit tests
Change-Id: I5c62ed1b4cb6a6445755aaf0fd1a3b67f0a25501
-rw-r--r-- | service/java/com/android/server/wifi/WifiServiceImpl.java | 7 | ||||
-rw-r--r-- | tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java | 41 |
2 files changed, 44 insertions, 4 deletions
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java index ec05f7cec..cded722e1 100644 --- a/service/java/com/android/server/wifi/WifiServiceImpl.java +++ b/service/java/com/android/server/wifi/WifiServiceImpl.java @@ -2495,8 +2495,7 @@ public class WifiServiceImpl extends IWifiManager.Stub { */ @Override public byte[] retrieveBackupData() { - enforceReadCredentialPermission(); - enforceAccessPermission(); + enforceNetworkSettingsPermission(); mLog.trace("retrieveBackupData uid=%").c(Binder.getCallingUid()).flush(); if (mWifiStateMachineChannel == null) { Slog.e(TAG, "mWifiStateMachineChannel is not initialized"); @@ -2541,7 +2540,7 @@ public class WifiServiceImpl extends IWifiManager.Stub { */ @Override public void restoreBackupData(byte[] data) { - enforceChangePermission(); + enforceNetworkSettingsPermission(); mLog.trace("restoreBackupData uid=%").c(Binder.getCallingUid()).flush(); if (mWifiStateMachineChannel == null) { Slog.e(TAG, "mWifiStateMachineChannel is not initialized"); @@ -2563,7 +2562,7 @@ public class WifiServiceImpl extends IWifiManager.Stub { * @param ipConfigData Raw byte stream of ipconfig.txt */ public void restoreSupplicantBackupData(byte[] supplicantData, byte[] ipConfigData) { - enforceChangePermission(); + enforceNetworkSettingsPermission(); mLog.trace("restoreSupplicantBackupData uid=%").c(Binder.getCallingUid()).flush(); if (mWifiStateMachineChannel == null) { Slog.e(TAG, "mWifiStateMachineChannel is not initialized"); diff --git a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java index 7342cdb16..355db0f73 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java @@ -97,6 +97,7 @@ import org.mockito.Spy; import java.io.FileDescriptor; import java.io.PrintWriter; import java.io.StringWriter; +import java.util.List; /** * Unit tests for {@link WifiServiceImpl}. @@ -1473,4 +1474,44 @@ public class WifiServiceImplTest { verify(mWifiStateMachine).syncAddOrUpdatePasspointConfig(any(), any(PasspointConfiguration.class), anyInt()); } + + /** + * Verify that a call to {@link WifiServiceImpl#restoreBackupData(byte[])} is only allowed from + * callers with the signature only NETWORK_SETTINGS permission. + */ + @Test(expected = SecurityException.class) + public void testRestoreBackupDataNotApprovedCaller() { + doThrow(new SecurityException()).when(mContext) + .enforceCallingOrSelfPermission(eq(android.Manifest.permission.NETWORK_SETTINGS), + eq("WifiService")); + mWifiServiceImpl.restoreBackupData(null); + verify(mWifiBackupRestore, never()).retrieveConfigurationsFromBackupData(any(byte[].class)); + } + + /** + * Verify that a call to {@link WifiServiceImpl#restoreSupplicantBackupData(byte[], byte[])} is + * only allowed from callers with the signature only NETWORK_SETTINGS permission. + */ + @Test(expected = SecurityException.class) + public void testRestoreSupplicantBackupDataNotApprovedCaller() { + doThrow(new SecurityException()).when(mContext) + .enforceCallingOrSelfPermission(eq(android.Manifest.permission.NETWORK_SETTINGS), + eq("WifiService")); + mWifiServiceImpl.restoreSupplicantBackupData(null, null); + verify(mWifiBackupRestore, never()).retrieveConfigurationsFromSupplicantBackupData( + any(byte[].class), any(byte[].class)); + } + + /** + * Verify that a call to {@link WifiServiceImpl#retrieveBackupData()} is only allowed from + * callers with the signature only NETWORK_SETTINGS permission. + */ + @Test(expected = SecurityException.class) + public void testRetrieveBackupDataNotApprovedCaller() { + doThrow(new SecurityException()).when(mContext) + .enforceCallingOrSelfPermission(eq(android.Manifest.permission.NETWORK_SETTINGS), + eq("WifiService")); + mWifiServiceImpl.retrieveBackupData(); + verify(mWifiBackupRestore, never()).retrieveBackupDataFromConfigurations(any(List.class)); + } } |