Fixed code setting anonymous_identity to anonymous@<realm>

Need to set anonymous@<realm> in enterprise config before
saving WifiConfiguration to WifiConfigManager.

Bug: 133431451
Test: frameworks/opt/net/wifi/tests/wifitests/runtests.sh
Test: Manual

Change-Id: I2dcf85e6fdabd98fc15dc946ddf30a3d95297016

6 files changed, 32 insertions, 23 deletions

diff --git a/service/java/com/android/server/wifi/CarrierNetworkEvaluator.java b/service/java/com/android/server/wifi/CarrierNetworkEvaluator.java
index f042e796c..8bd024bf5 100644
--- a/service/java/com/android/server/wifi/CarrierNetworkEvaluator.java
+++ b/service/java/com/android/server/wifi/CarrierNetworkEvaluator.java
@@ -121,6 +121,9 @@ public class CarrierNetworkEvaluator implements NetworkEvaluator {
                 config.enterpriseConfig = new WifiEnterpriseConfig();
             }
             config.enterpriseConfig.setEapMethod(eapType);
+            // Send anonymous@realm as EAP-IDENTITY response.
+            config.enterpriseConfig.setAnonymousIdentity(
+                    TelephonyUtil.getAnonymousIdentityWith3GppRealm(getTelephonyManager()));
 
             // Check if we already have a network with the same credentials in WifiConfigManager
             // database. If yes, we should check if the network is currently blacklisted.
@@ -158,10 +161,6 @@ public class CarrierNetworkEvaluator implements NetworkEvaluator {
             WifiConfiguration.NetworkSelectionStatus nss = null;
             if (config != null) {
                 nss = config.getNetworkSelectionStatus();
-
-                // Send anonymous@realm as EAP-IDENTITY response.
-                config.enterpriseConfig.setAnonymousIdentity(
-                        TelephonyUtil.getAnonymousIdentityWith3GppRealm(getTelephonyManager()));
             }
             if (nss == null) {
                 mLocalLog.log(TAG + ": null network selection status for: " + config);
diff --git a/service/java/com/android/server/wifi/ClientModeImpl.java b/service/java/com/android/server/wifi/ClientModeImpl.java
index 2b39ea164..f181cd295 100644
--- a/service/java/com/android/server/wifi/ClientModeImpl.java
+++ b/service/java/com/android/server/wifi/ClientModeImpl.java
@@ -4433,25 +4433,15 @@ public class ClientModeImpl extends StateMachine {
                         // We need to get the updated pseudonym from supplicant for EAP-SIM/AKA/AKA'
                         if (config.enterpriseConfig != null
                                 && TelephonyUtil.isSimEapMethod(
-                                        config.enterpriseConfig.getEapMethod())) {
+                                        config.enterpriseConfig.getEapMethod())
+                                && !TelephonyUtil.isAnonymousAtRealmIdentity(
+                                        config.enterpriseConfig.getAnonymousIdentity())) {
                             String anonymousIdentity =
                                     mWifiNative.getEapAnonymousIdentity(mInterfaceName);
-                            if (anonymousIdentity != null) {
-                                config.enterpriseConfig.setAnonymousIdentity(anonymousIdentity);
-                            } else {
-                                CarrierNetworkConfig carrierNetworkConfig =
-                                        mWifiInjector.getCarrierNetworkConfig();
-                                if (carrierNetworkConfig.isCarrierEncryptionInfoAvailable()) {
-                                    // Send anonymous@realm as EAP-IDENTITY response.
-                                    config.enterpriseConfig.setAnonymousIdentity(
-                                            TelephonyUtil.getAnonymousIdentityWith3GppRealm(
-                                                    getTelephonyManager()));
-                                } else {
-                                    Log.d(TAG, "Failed to get updated anonymous identity"
-                                            + " from supplicant, reset it in WifiConfiguration.");
-                                    config.enterpriseConfig.setAnonymousIdentity(null);
-                                }
+                            if (mVerboseLoggingEnabled) {
+                                log("EAP Pseudonym: " + anonymousIdentity);
                             }
+                            config.enterpriseConfig.setAnonymousIdentity(anonymousIdentity);
                             mWifiConfigManager.addOrUpdateNetwork(config, Process.WIFI_UID);
                         }
                         sendNetworkStateChangeBroadcast(mLastBssid);
diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
index c48601010..1d287f02d 100644
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
@@ -2806,7 +2806,10 @@ public class WifiConfigManager {
             } else {
                 // reset identity as well: supplicant will ask us for it
                 config.enterpriseConfig.setIdentity("");
-                config.enterpriseConfig.setAnonymousIdentity("");
+                if (!TelephonyUtil.isAnonymousAtRealmIdentity(
+                        config.enterpriseConfig.getAnonymousIdentity())) {
+                    config.enterpriseConfig.setAnonymousIdentity("");
+                }
             }
         }
     }
diff --git a/service/java/com/android/server/wifi/util/TelephonyUtil.java b/service/java/com/android/server/wifi/util/TelephonyUtil.java
index 16d75e38f..4af40ddf2 100644
--- a/service/java/com/android/server/wifi/util/TelephonyUtil.java
+++ b/service/java/com/android/server/wifi/util/TelephonyUtil.java
@@ -333,6 +333,14 @@ public class TelephonyUtil {
     }
 
     /**
+     * Returns true if {@code identity} contains an anonymous@realm identity, false otherwise.
+     */
+    public static boolean isAnonymousAtRealmIdentity(String identity) {
+        if (identity == null) return false;
+        return identity.startsWith(TelephonyUtil.ANONYMOUS_IDENTITY + "@");
+    }
+
+    /**
      * Checks if the EAP outer method is SIM related.
      *
      * @param eapMethod WifiEnterpriseConfig Eap method.
diff --git a/tests/wifitests/src/com/android/server/wifi/CarrierNetworkEvaluatorTest.java b/tests/wifitests/src/com/android/server/wifi/CarrierNetworkEvaluatorTest.java
index 963156dc8..57a40dc8f 100644
--- a/tests/wifitests/src/com/android/server/wifi/CarrierNetworkEvaluatorTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/CarrierNetworkEvaluatorTest.java
@@ -17,7 +17,6 @@
 package com.android.server.wifi;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
@@ -117,6 +116,8 @@ public class CarrierNetworkEvaluatorTest {
             Integer networkId = mConfigs.get(config.configKey());
             if (networkId == null) return null;
 
+            when(mWifiConfigManager.getConfiguredNetwork(networkId)).thenReturn(config);
+
             NetworkUpdateResult networkUpdateResult = mock(NetworkUpdateResult.class);
             when(networkUpdateResult.isSuccess()).thenReturn(true);
             when(networkUpdateResult.getNetworkId()).thenReturn(networkId);
@@ -250,7 +251,8 @@ public class CarrierNetworkEvaluatorTest {
         assertTrue(config2.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WPA_EAP));
         WifiConfiguration config3 = mWifiConfigCaptor.getAllValues().get(2);
         assertEquals(CARRIER_SAVED_SSID, config3.SSID);
-        assertFalse(config3.isEphemeral());
+        // all configs returned by CarrierNetworkEvaluator are ephemeral.
+        assertTrue(config3.isEphemeral());
         assertTrue(config3.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WPA_EAP));
         WifiConfiguration config4 = mWifiConfigCaptor.getAllValues().get(3);
         assertEquals(CARRIER_SAVED_EPH_SSID, config4.SSID);
diff --git a/tests/wifitests/src/com/android/server/wifi/ClientModeImplTest.java b/tests/wifitests/src/com/android/server/wifi/ClientModeImplTest.java
index 1837acb7d..597ccae7b 100644
--- a/tests/wifitests/src/com/android/server/wifi/ClientModeImplTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/ClientModeImplTest.java
@@ -1024,6 +1024,9 @@ public class ClientModeImplTest {
         when(mDataTelephonyManager.getSimState()).thenReturn(TelephonyManager.SIM_STATE_READY);
         String expectedAnonymousIdentity = TelephonyUtil.getAnonymousIdentityWith3GppRealm(
                 mTelephonyManager);
+        // we are using anonymous@<realm> as our anonymous identity before connection
+        mConnectedNetwork.enterpriseConfig.setAnonymousIdentity(expectedAnonymousIdentity);
+
         triggerConnect();
 
         when(mCarrierNetworkConfig.isCarrierEncryptionInfoAvailable()).thenReturn(true);
@@ -1038,6 +1041,10 @@ public class ClientModeImplTest {
         mCmi.sendMessage(WifiMonitor.NETWORK_CONNECTION_EVENT, 0, 0, sBSSID);
         mLooper.dispatchAll();
 
+        // verify that WifiNative#getEapAnonymousIdentity() was never called since we are using
+        // encrypted IMSI full authentication and not using pseudonym identity.
+        verify(mWifiNative, never()).getEapAnonymousIdentity(any());
+        // check that the anonymous identity remains anonymous@<realm> for subsequent connections.
         assertEquals(expectedAnonymousIdentity,
                 mConnectedNetwork.enterpriseConfig.getAnonymousIdentity());
     }