WifiScanningServiceImpl: Hide requests from app-ops if flag set

If the newly added |hideFromAppOps| flag is set for scan requests, don't invoke |AppOpsManager.noteOp()| method to log the request in app-ops. Instead use |AppOpsManager.checkOp()| method to just ensure that the app has the necessary permission to perform the operation, but not log it. Also, renamed the existing |checkAppOpAllowed()| method to |noteAppOpAllowed| in WifiPermissionsUtil to better reflect the underlying call. The new |checkAppOpAllowed()| helper method will instead invoke |AppOpsManager.checkOp|. Bug: 119833663 Test: ./frameworks/opt/net/wifi/tests/wifitests/runtests.sh Change-Id: I3942513d17c23362ba7f2c5ca67bc9e3b5046ab5
author: Roshan Pius <rpius@google.com> 2019-02-19 13:41:32 -0800
committer: Roshan Pius <rpius@google.com> 2019-02-26 21:52:27 -0800
commit: 3a5a6e997ca32114a96aeefc456f13abd437ed29 (patch)
tree: dac63eddda50d2b1aa604563359781ca9cccceca /tests/wifitests/src/com/android/server/wifi/scanner
parent: 4a438d6ba908f04d4b5ee03c53300fd95c72b8e1 (diff)
download: android_frameworks_opt_net_wifi-3a5a6e997ca32114a96aeefc456f13abd437ed29.tar.gz
android_frameworks_opt_net_wifi-3a5a6e997ca32114a96aeefc456f13abd437ed29.tar.bz2
android_frameworks_opt_net_wifi-3a5a6e997ca32114a96aeefc456f13abd437ed29.zip
1 files changed, 102 insertions, 4 deletions
diff --git a/tests/wifitests/src/com/android/server/wifi/scanner/WifiScanningServiceTest.java b/tests/wifitests/src/com/android/server/wifi/scanner/WifiScanningServiceTest.java
index aa8b46f89..356b50f49 100644
--- a/tests/wifitests/src/com/android/server/wifi/scanner/WifiScanningServiceTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/scanner/WifiScanningServiceTest.java
@@ -39,6 +39,7 @@ import static org.mockito.Mockito.anyBoolean;
 import static org.mockito.Mockito.anyInt;
 import static org.mockito.Mockito.anyString;
 import static org.mockito.Mockito.argThat;
+import static org.mockito.Mockito.doNothing;
 import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.eq;
 import static org.mockito.Mockito.inOrder;
@@ -2542,7 +2543,7 @@ public class WifiScanningServiceTest {
         // Location permission or mode check fail.
         doThrow(new SecurityException()).when(mWifiPermissionsUtil)
                 .enforceCanAccessScanResultsForWifiScanner(any(), eq(Binder.getCallingUid()),
-                        eq(false));
+                        eq(false), eq(false));
 
         Handler handler = mock(Handler.class);
         BidirectionalAsyncChannel controlChannel = connectChannel(handler);
@@ -2610,7 +2611,7 @@ public class WifiScanningServiceTest {
 
         // Verify the permission check params (ignoreLocationSettings == true).
         verify(mWifiPermissionsUtil).enforceCanAccessScanResultsForWifiScanner(
-                eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(true));
+                eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(true), eq(false));
 
         // send single scan request (ignoreLocationSettings == false).
         scanSettings.ignoreLocationSettings = false;
@@ -2623,7 +2624,7 @@ public class WifiScanningServiceTest {
 
         // Verify the permission check params (ignoreLocationSettings == true).
         verify(mWifiPermissionsUtil).enforceCanAccessScanResultsForWifiScanner(
-                eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false));
+                eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false), eq(false));
 
         // send background scan request (ignoreLocationSettings == true).
         scanSettings.ignoreLocationSettings = true;
@@ -2636,6 +2637,103 @@ public class WifiScanningServiceTest {
         // Verify the permission check params (ignoreLocationSettings == false), the field
         // is ignored for any requests other than single scan.
         verify(mWifiPermissionsUtil).enforceCanAccessScanResultsForWifiScanner(
-                eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false));
+                eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false), eq(false));
+    }
+
+    /**
+     * Verifies that we hide from app-ops when the single scan request settings sets
+     * {@link WifiScanner.ScanSettings#hideFromAppOps}
+     */
+    @Test
+    public void verifyHideFromAppOpsFromNonPrivilegedAppsForSingleScan() throws Exception {
+        // Start service & initialize it.
+        startServiceAndLoadDriver();
+
+        Handler handler = mock(Handler.class);
+        BidirectionalAsyncChannel controlChannel = connectChannel(handler);
+
+        // Client doesn't have NETWORK_STACK permission.
+        doThrow(new SecurityException()).when(mContext).enforcePermission(
+                eq(Manifest.permission.NETWORK_STACK), anyInt(), eq(Binder.getCallingUid()), any());
+
+        Bundle bundle = new Bundle();
+        bundle.putString(WifiScanner.REQUEST_PACKAGE_NAME_KEY, TEST_PACKAGE_NAME);
+        WifiScanner.ScanSettings scanSettings = new WifiScanner.ScanSettings();
+
+        // send single scan request (hideFromAppOps == true).
+        scanSettings.hideFromAppOps = true;
+        bundle.putParcelable(WifiScanner.SCAN_PARAMS_SCAN_SETTINGS_KEY, scanSettings);
+        Message message = Message.obtain();
+        message.what = WifiScanner.CMD_START_SINGLE_SCAN;
+        message.obj = bundle;
+        controlChannel.sendMessage(message);
+        mLooper.dispatchAll();
+
+        // Verify the permission check params (hideFromAppOps == true).
+        verify(mWifiPermissionsUtil).enforceCanAccessScanResultsForWifiScanner(
+                eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false), eq(true));
+
+        // send single scan request (hideFromAppOps == false).
+        scanSettings.hideFromAppOps = false;
+        bundle.putParcelable(WifiScanner.SCAN_PARAMS_SCAN_SETTINGS_KEY, scanSettings);
+        message = Message.obtain();
+        message.what = WifiScanner.CMD_START_SINGLE_SCAN;
+        message.obj = bundle;
+        controlChannel.sendMessage(message);
+        mLooper.dispatchAll();
+
+        // Verify the permission check params (hideFromAppOps == false).
+        verify(mWifiPermissionsUtil).enforceCanAccessScanResultsForWifiScanner(
+                eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false), eq(false));
+
+        // send background scan request (hideFromAppOps == true).
+        scanSettings.hideFromAppOps = true;
+        bundle.putParcelable(WifiScanner.SCAN_PARAMS_SCAN_SETTINGS_KEY, scanSettings);
+        message = Message.obtain();
+        message.what = WifiScanner.CMD_START_BACKGROUND_SCAN;
+        controlChannel.sendMessage(message);
+        mLooper.dispatchAll();
+
+        // Verify the permission check params (hideFromAppOps == false), the field
+        // is ignored for any requests other than single scan.
+        verify(mWifiPermissionsUtil).enforceCanAccessScanResultsForWifiScanner(
+                eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false), eq(false));
+    }
+
+    /**
+     * Verifies that we don't invoke {@link WifiPermissionsUtil#
+     * enforceCanAccessScanResultsForWifiScanner(String, int, boolean, boolean)} for requests
+     * from privileged clients (i.e wifi service).
+     */
+    @Test
+    public void verifyLocationPermissionCheckIsSkippedFromPrivilegedClientsForSingleScan()
+            throws Exception {
+        // Start service & initialize it.
+        startServiceAndLoadDriver();
+
+        Handler handler = mock(Handler.class);
+        BidirectionalAsyncChannel controlChannel = connectChannel(handler);
+
+        // Client does have NETWORK_STACK permission.
+        doNothing().when(mContext).enforcePermission(
+                eq(Manifest.permission.NETWORK_STACK), anyInt(), eq(Binder.getCallingUid()), any());
+
+        Bundle bundle = new Bundle();
+        bundle.putString(WifiScanner.REQUEST_PACKAGE_NAME_KEY, TEST_PACKAGE_NAME);
+        WifiScanner.ScanSettings scanSettings = new WifiScanner.ScanSettings();
+
+        // send single scan request (hideFromAppOps == true, ignoreLocationSettings = true).
+        scanSettings.hideFromAppOps = true;
+        scanSettings.ignoreLocationSettings = true;
+        bundle.putParcelable(WifiScanner.SCAN_PARAMS_SCAN_SETTINGS_KEY, scanSettings);
+        Message message = Message.obtain();
+        message.what = WifiScanner.CMD_START_SINGLE_SCAN;
+        message.obj = bundle;
+        controlChannel.sendMessage(message);
+        mLooper.dispatchAll();
+
+        // Verify that we didn't invoke the location permission check.
+        verify(mWifiPermissionsUtil, never()).enforceCanAccessScanResultsForWifiScanner(
+                eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), anyBoolean(), anyBoolean());
     }
 }
author	Roshan Pius <rpius@google.com>	2019-02-19 13:41:32 -0800
committer	Roshan Pius <rpius@google.com>	2019-02-26 21:52:27 -0800
commit	3a5a6e997ca32114a96aeefc456f13abd437ed29 (patch)
tree	dac63eddda50d2b1aa604563359781ca9cccceca /tests/wifitests/src/com/android/server/wifi/scanner
parent	4a438d6ba908f04d4b5ee03c53300fd95c72b8e1 (diff)
download	android_frameworks_opt_net_wifi-3a5a6e997ca32114a96aeefc456f13abd437ed29.tar.gz android_frameworks_opt_net_wifi-3a5a6e997ca32114a96aeefc456f13abd437ed29.tar.bz2 android_frameworks_opt_net_wifi-3a5a6e997ca32114a96aeefc456f13abd437ed29.zip