diff options
author | David Su <dysu@google.com> | 2019-05-28 14:12:56 -0700 |
---|---|---|
committer | David Su <dysu@google.com> | 2019-05-29 16:22:31 -0700 |
commit | 84641ba60a4c3518e6b60cf7d44a09fc1e5b5f69 (patch) | |
tree | 368857d8979c685d2e8e1a32629178f1a256f401 | |
parent | 8fcc04c02b7dec0f6fa806944a21ed7a2074ca2b (diff) | |
download | android_frameworks_opt_net_wifi-84641ba60a4c3518e6b60cf7d44a09fc1e5b5f69.tar.gz android_frameworks_opt_net_wifi-84641ba60a4c3518e6b60cf7d44a09fc1e5b5f69.tar.bz2 android_frameworks_opt_net_wifi-84641ba60a4c3518e6b60cf7d44a09fc1e5b5f69.zip |
Fixed code setting anonymous_identity to anonymous@<realm>
Need to set anonymous@<realm> in enterprise config before
saving WifiConfiguration to WifiConfigManager.
Bug: 133431451
Test: frameworks/opt/net/wifi/tests/wifitests/runtests.sh
Test: Manual
Change-Id: I2dcf85e6fdabd98fc15dc946ddf30a3d95297016
6 files changed, 32 insertions, 23 deletions
diff --git a/service/java/com/android/server/wifi/CarrierNetworkEvaluator.java b/service/java/com/android/server/wifi/CarrierNetworkEvaluator.java index f042e796c..8bd024bf5 100644 --- a/service/java/com/android/server/wifi/CarrierNetworkEvaluator.java +++ b/service/java/com/android/server/wifi/CarrierNetworkEvaluator.java @@ -121,6 +121,9 @@ public class CarrierNetworkEvaluator implements NetworkEvaluator { config.enterpriseConfig = new WifiEnterpriseConfig(); } config.enterpriseConfig.setEapMethod(eapType); + // Send anonymous@realm as EAP-IDENTITY response. + config.enterpriseConfig.setAnonymousIdentity( + TelephonyUtil.getAnonymousIdentityWith3GppRealm(getTelephonyManager())); // Check if we already have a network with the same credentials in WifiConfigManager // database. If yes, we should check if the network is currently blacklisted. @@ -158,10 +161,6 @@ public class CarrierNetworkEvaluator implements NetworkEvaluator { WifiConfiguration.NetworkSelectionStatus nss = null; if (config != null) { nss = config.getNetworkSelectionStatus(); - - // Send anonymous@realm as EAP-IDENTITY response. - config.enterpriseConfig.setAnonymousIdentity( - TelephonyUtil.getAnonymousIdentityWith3GppRealm(getTelephonyManager())); } if (nss == null) { mLocalLog.log(TAG + ": null network selection status for: " + config); diff --git a/service/java/com/android/server/wifi/ClientModeImpl.java b/service/java/com/android/server/wifi/ClientModeImpl.java index 2b39ea164..f181cd295 100644 --- a/service/java/com/android/server/wifi/ClientModeImpl.java +++ b/service/java/com/android/server/wifi/ClientModeImpl.java @@ -4433,25 +4433,15 @@ public class ClientModeImpl extends StateMachine { // We need to get the updated pseudonym from supplicant for EAP-SIM/AKA/AKA' if (config.enterpriseConfig != null && TelephonyUtil.isSimEapMethod( - config.enterpriseConfig.getEapMethod())) { + config.enterpriseConfig.getEapMethod()) + && !TelephonyUtil.isAnonymousAtRealmIdentity( + config.enterpriseConfig.getAnonymousIdentity())) { String anonymousIdentity = mWifiNative.getEapAnonymousIdentity(mInterfaceName); - if (anonymousIdentity != null) { - config.enterpriseConfig.setAnonymousIdentity(anonymousIdentity); - } else { - CarrierNetworkConfig carrierNetworkConfig = - mWifiInjector.getCarrierNetworkConfig(); - if (carrierNetworkConfig.isCarrierEncryptionInfoAvailable()) { - // Send anonymous@realm as EAP-IDENTITY response. - config.enterpriseConfig.setAnonymousIdentity( - TelephonyUtil.getAnonymousIdentityWith3GppRealm( - getTelephonyManager())); - } else { - Log.d(TAG, "Failed to get updated anonymous identity" - + " from supplicant, reset it in WifiConfiguration."); - config.enterpriseConfig.setAnonymousIdentity(null); - } + if (mVerboseLoggingEnabled) { + log("EAP Pseudonym: " + anonymousIdentity); } + config.enterpriseConfig.setAnonymousIdentity(anonymousIdentity); mWifiConfigManager.addOrUpdateNetwork(config, Process.WIFI_UID); } sendNetworkStateChangeBroadcast(mLastBssid); diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java index c48601010..1d287f02d 100644 --- a/service/java/com/android/server/wifi/WifiConfigManager.java +++ b/service/java/com/android/server/wifi/WifiConfigManager.java @@ -2806,7 +2806,10 @@ public class WifiConfigManager { } else { // reset identity as well: supplicant will ask us for it config.enterpriseConfig.setIdentity(""); - config.enterpriseConfig.setAnonymousIdentity(""); + if (!TelephonyUtil.isAnonymousAtRealmIdentity( + config.enterpriseConfig.getAnonymousIdentity())) { + config.enterpriseConfig.setAnonymousIdentity(""); + } } } } diff --git a/service/java/com/android/server/wifi/util/TelephonyUtil.java b/service/java/com/android/server/wifi/util/TelephonyUtil.java index 16d75e38f..4af40ddf2 100644 --- a/service/java/com/android/server/wifi/util/TelephonyUtil.java +++ b/service/java/com/android/server/wifi/util/TelephonyUtil.java @@ -333,6 +333,14 @@ public class TelephonyUtil { } /** + * Returns true if {@code identity} contains an anonymous@realm identity, false otherwise. + */ + public static boolean isAnonymousAtRealmIdentity(String identity) { + if (identity == null) return false; + return identity.startsWith(TelephonyUtil.ANONYMOUS_IDENTITY + "@"); + } + + /** * Checks if the EAP outer method is SIM related. * * @param eapMethod WifiEnterpriseConfig Eap method. diff --git a/tests/wifitests/src/com/android/server/wifi/CarrierNetworkEvaluatorTest.java b/tests/wifitests/src/com/android/server/wifi/CarrierNetworkEvaluatorTest.java index 963156dc8..57a40dc8f 100644 --- a/tests/wifitests/src/com/android/server/wifi/CarrierNetworkEvaluatorTest.java +++ b/tests/wifitests/src/com/android/server/wifi/CarrierNetworkEvaluatorTest.java @@ -17,7 +17,6 @@ package com.android.server.wifi; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import static org.mockito.ArgumentMatchers.any; @@ -117,6 +116,8 @@ public class CarrierNetworkEvaluatorTest { Integer networkId = mConfigs.get(config.configKey()); if (networkId == null) return null; + when(mWifiConfigManager.getConfiguredNetwork(networkId)).thenReturn(config); + NetworkUpdateResult networkUpdateResult = mock(NetworkUpdateResult.class); when(networkUpdateResult.isSuccess()).thenReturn(true); when(networkUpdateResult.getNetworkId()).thenReturn(networkId); @@ -250,7 +251,8 @@ public class CarrierNetworkEvaluatorTest { assertTrue(config2.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WPA_EAP)); WifiConfiguration config3 = mWifiConfigCaptor.getAllValues().get(2); assertEquals(CARRIER_SAVED_SSID, config3.SSID); - assertFalse(config3.isEphemeral()); + // all configs returned by CarrierNetworkEvaluator are ephemeral. + assertTrue(config3.isEphemeral()); assertTrue(config3.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WPA_EAP)); WifiConfiguration config4 = mWifiConfigCaptor.getAllValues().get(3); assertEquals(CARRIER_SAVED_EPH_SSID, config4.SSID); diff --git a/tests/wifitests/src/com/android/server/wifi/ClientModeImplTest.java b/tests/wifitests/src/com/android/server/wifi/ClientModeImplTest.java index 1837acb7d..597ccae7b 100644 --- a/tests/wifitests/src/com/android/server/wifi/ClientModeImplTest.java +++ b/tests/wifitests/src/com/android/server/wifi/ClientModeImplTest.java @@ -1024,6 +1024,9 @@ public class ClientModeImplTest { when(mDataTelephonyManager.getSimState()).thenReturn(TelephonyManager.SIM_STATE_READY); String expectedAnonymousIdentity = TelephonyUtil.getAnonymousIdentityWith3GppRealm( mTelephonyManager); + // we are using anonymous@<realm> as our anonymous identity before connection + mConnectedNetwork.enterpriseConfig.setAnonymousIdentity(expectedAnonymousIdentity); + triggerConnect(); when(mCarrierNetworkConfig.isCarrierEncryptionInfoAvailable()).thenReturn(true); @@ -1038,6 +1041,10 @@ public class ClientModeImplTest { mCmi.sendMessage(WifiMonitor.NETWORK_CONNECTION_EVENT, 0, 0, sBSSID); mLooper.dispatchAll(); + // verify that WifiNative#getEapAnonymousIdentity() was never called since we are using + // encrypted IMSI full authentication and not using pseudonym identity. + verify(mWifiNative, never()).getEapAnonymousIdentity(any()); + // check that the anonymous identity remains anonymous@<realm> for subsequent connections. assertEquals(expectedAnonymousIdentity, mConnectedNetwork.enterpriseConfig.getAnonymousIdentity()); } |