summaryrefslogtreecommitdiffstats
path: root/service/java/com/android/server/wifi/WifiConfigStore.java
diff options
context:
space:
mode:
authorRich Cannings <richc@google.com>2019-01-30 15:43:27 -0800
committerRich Cannings <richc@google.com>2019-01-31 09:40:24 -0800
commita82390c522f267794f50628041ce614ad6688aae (patch)
tree22fdc0b50e43b55df82098be79f3928ea72155e8 /service/java/com/android/server/wifi/WifiConfigStore.java
parent8acaa7d3c6165f8527600414a8b70821f082aa70 (diff)
downloadandroid_frameworks_opt_net_wifi-a82390c522f267794f50628041ce614ad6688aae.tar.gz
android_frameworks_opt_net_wifi-a82390c522f267794f50628041ce614ad6688aae.tar.bz2
android_frameworks_opt_net_wifi-a82390c522f267794f50628041ce614ad6688aae.zip
Add data integrity checking for wifi passwords
Bug: 117994255 Test: DataIntegrityCheckerTests tests good integrity, bad integrity, and instances when the intefrity data is unavailable. In addition, existing tests pass. Change-Id: I00a6b30c2172b4e1b11178e0ade9f6861b79fc0c
Diffstat (limited to 'service/java/com/android/server/wifi/WifiConfigStore.java')
-rw-r--r--service/java/com/android/server/wifi/WifiConfigStore.java35
1 files changed, 30 insertions, 5 deletions
diff --git a/service/java/com/android/server/wifi/WifiConfigStore.java b/service/java/com/android/server/wifi/WifiConfigStore.java
index 82f2e4ca4..d7335534e 100644
--- a/service/java/com/android/server/wifi/WifiConfigStore.java
+++ b/service/java/com/android/server/wifi/WifiConfigStore.java
@@ -33,6 +33,7 @@ import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.os.AtomicFile;
import com.android.internal.util.FastXmlSerializer;
import com.android.internal.util.Preconditions;
+import com.android.server.wifi.util.DataIntegrityChecker;
import com.android.server.wifi.util.XmlUtil;
import org.xmlpull.v1.XmlPullParser;
@@ -50,6 +51,7 @@ import java.io.PrintWriter;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.nio.charset.StandardCharsets;
+import java.security.DigestException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
@@ -608,9 +610,10 @@ public class WifiConfigStore {
/**
* Class to encapsulate all file writes. This is a wrapper over {@link AtomicFile} to write/read
- * raw data from the persistent file. This class provides helper methods to read/write the
- * entire file into a byte array.
- * This helps to separate out the processing/parsing from the actual file writing.
+ * raw data from the persistent file with integrity. This class provides helper methods to
+ * read/write the entire file into a byte array.
+ * This helps to separate out the processing, parsing, and integrity checking from the actual
+ * file writing.
*/
public static class StoreFile {
/**
@@ -630,6 +633,10 @@ public class WifiConfigStore {
*/
private String mFileName;
/**
+ * The integrity file storing integrity checking data for the store file.
+ */
+ private DataIntegrityChecker mDataIntegrityChecker;
+ /**
* {@link StoreFileId} Type of store file.
*/
private @StoreFileId int mFileId;
@@ -637,6 +644,7 @@ public class WifiConfigStore {
public StoreFile(File file, @StoreFileId int fileId) {
mAtomicFile = new AtomicFile(file);
mFileName = mAtomicFile.getBaseFile().getAbsolutePath();
+ mDataIntegrityChecker = new DataIntegrityChecker(mFileName);
mFileId = fileId;
}
@@ -652,16 +660,31 @@ public class WifiConfigStore {
/**
* Read the entire raw data from the store file and return in a byte array.
*
- * @return raw data read from the file or null if the file is not found.
+ * @return raw data read from the file or null if the file is not found or the data has
+ * been altered.
* @throws IOException if an error occurs. The input stream is always closed by the method
* even when an exception is encountered.
*/
public byte[] readRawData() throws IOException {
+ byte[] bytes = null;
try {
- return mAtomicFile.readFully();
+ bytes = mAtomicFile.readFully();
+ // Check that the file has not been altered since last writeBufferedRawData()
+ if (!mDataIntegrityChecker.isOk(bytes)) {
+ Log.e(TAG, "Data integrity problem with file: " + mFileName);
+ return null;
+ }
} catch (FileNotFoundException e) {
return null;
+ } catch (DigestException e) {
+ // When integrity checking is introduced. The existing data will have no related
+ // integrity file for validation. Thus, we will assume the existing data is correct
+ // and immediately create the integrity file.
+ Log.i(TAG, "isOK() had no integrity data to check; thus vacuously "
+ + "true. Running update now.");
+ mDataIntegrityChecker.update(bytes);
}
+ return bytes;
}
/**
@@ -696,6 +719,8 @@ public class WifiConfigStore {
}
throw e;
}
+ // There was a legitimate change and update the integrity checker.
+ mDataIntegrityChecker.update(mWriteData);
// Reset the pending write data after write.
mWriteData = null;
}