From 173acb9dedc177e5e45090c813b9f7cda7e467ce Mon Sep 17 00:00:00 2001
From: Etan Cohen <etancohen@google.com>
Date: Wed, 3 May 2017 09:11:44 -0700
Subject: [WLAN] Change libcld80211 (vendor-specific) library inclusion

The libcld80211 library is vendor-specific - remove from dependency
list. Add as a dependency only for specific vendor.

(cherry-pick of commit 8faa7c29aa606352db7509ab490e12c3d4c965c5)

Bug: 37901207
Test: builds and runs
Merged-In: I0430c105d613705d88cbe978366e4f3598e953d1
Change-Id: I0430c105d613705d88cbe978366e4f3598e953d1
---
 libwifi_hal/Android.mk | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libwifi_hal/Android.mk b/libwifi_hal/Android.mk
index b06171f1d..1179a091d 100644
--- a/libwifi_hal/Android.mk
+++ b/libwifi_hal/Android.mk
@@ -86,10 +86,12 @@ include $(BUILD_STATIC_LIBRARY)
 # Pick a vendor provided HAL implementation library.
 # ============================================================
 LIB_WIFI_HAL := libwifi-hal-fallback
+VENDOR_LOCAL_SHARED_LIBRARIES :=
 ifeq ($(BOARD_WLAN_DEVICE), bcmdhd)
   LIB_WIFI_HAL := libwifi-hal-bcm
 else ifeq ($(BOARD_WLAN_DEVICE), qcwcn)
   LIB_WIFI_HAL := libwifi-hal-qcom
+  VENDOR_LOCAL_SHARED_LIBRARIES := libcld80211
 else ifeq ($(BOARD_WLAN_DEVICE), mrvl)
   # this is commented because none of the nexus devices
   # that sport Marvell's wifi have support for HAL
@@ -116,7 +118,7 @@ LOCAL_SHARED_LIBRARIES := \
     liblog \
     libnl \
     libutils \
-    libcld80211
+    $(VENDOR_LOCAL_SHARED_LIBRARIES)
 LOCAL_SRC_FILES := \
     driver_tool.cpp \
     hal_tool.cpp
-- 
cgit v1.2.3


From 327bd4253115abc757ebaf5f1bddd9f5ad2253e4 Mon Sep 17 00:00:00 2001
From: Roshan Pius <rpius@google.com>
Date: Thu, 22 Jun 2017 13:17:16 -0700
Subject: WifiConfigManager: Ignore masked EAP passwords

Whenever an app retrieves one of the saved network configuration using
the WifiManager API's, we mask out the |preSharedKey|, |wepKeys| and
|enterpriseConfig.getPassword()| fields. These apps may however pass the
same network configuration (with some changes) back to the
framework via WifiManager.updateNetwork() or WifiManager.connect() API's.
Since the current update API does not specify which field within the
WifiConfiguration is modified, framework tries to copy over all the
fields sent in thus overriding the real password with the masked value
sent by the app.

Ideally the apps should create a new WifiConfiguration with just the
fields that they want to modify and send it via
WifiManager.updateNetwork().  But, since this is a very common mistake
we have some protection against this in the framework for the
|preSharedKey| and |wepKeys|. But, we're missing this protection for the
|enterpriseConfig.getPassword()| fields.

Bug: 62893342
Test: Unit tests.
Test: Manual test to ensure that masked password sent from settings is
ignored.
Test: Regression tests.

Change-Id: I163c8c44b2717364aff88cb7ca1b2faa3aa6cce9
---
 .../com/android/server/wifi/WifiConfigManager.java |  4 +-
 .../android/server/wifi/WifiConfigManagerTest.java | 44 ++++++++++++++++++++++
 .../server/wifi/WifiConfigurationTestUtil.java     |  1 +
 3 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
index 4b2bb1c49..25a5a20ad 100644
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
@@ -820,8 +820,8 @@ public class WifiConfigManager {
 
         // Copy over the |WifiEnterpriseConfig| parameters if set.
         if (externalConfig.enterpriseConfig != null) {
-            internalConfig.enterpriseConfig =
-                    new WifiEnterpriseConfig(externalConfig.enterpriseConfig);
+            internalConfig.enterpriseConfig.copyFromExternal(
+                    externalConfig.enterpriseConfig, PASSWORD_MASK);
         }
     }
 
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
index e85686fa7..9fa67a000 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
@@ -1380,6 +1380,50 @@ public class WifiConfigManagerTest {
         verifyUpdateNetworkWithCredentialChangeHasEverConnectedFalse(eapNetwork);
     }
 
+    /**
+     * Verifies that if the app sends back the masked passwords in an update, we ignore it.
+     */
+    @Test
+    public void testUpdateIgnoresMaskedPasswords() {
+        WifiConfiguration someRandomNetworkWithAllMaskedFields =
+                WifiConfigurationTestUtil.createEapNetwork();
+        someRandomNetworkWithAllMaskedFields.wepKeys = WifiConfigurationTestUtil.TEST_WEP_KEYS;
+        someRandomNetworkWithAllMaskedFields.preSharedKey = WifiConfigurationTestUtil.TEST_PSK;
+        someRandomNetworkWithAllMaskedFields.enterpriseConfig.setPassword(
+                WifiConfigurationTestUtil.TEST_EAP_PASSWORD);
+
+        NetworkUpdateResult result =
+                verifyAddNetworkToWifiConfigManager(someRandomNetworkWithAllMaskedFields);
+
+        // All of these passwords must be masked in this retrieved network config.
+        WifiConfiguration retrievedNetworkWithMaskedPassword =
+                mWifiConfigManager.getConfiguredNetwork(result.getNetworkId());
+        assertPasswordsMaskedInWifiConfiguration(retrievedNetworkWithMaskedPassword);
+        // Ensure that the passwords are present internally.
+        WifiConfiguration retrievedNetworkWithPassword =
+                mWifiConfigManager.getConfiguredNetworkWithPassword(result.getNetworkId());
+        assertEquals(someRandomNetworkWithAllMaskedFields.preSharedKey,
+                retrievedNetworkWithPassword.preSharedKey);
+        assertEquals(someRandomNetworkWithAllMaskedFields.wepKeys,
+                retrievedNetworkWithPassword.wepKeys);
+        assertEquals(someRandomNetworkWithAllMaskedFields.enterpriseConfig.getPassword(),
+                retrievedNetworkWithPassword.enterpriseConfig.getPassword());
+
+        // Now update the same network config using the masked config.
+        verifyUpdateNetworkToWifiConfigManager(retrievedNetworkWithMaskedPassword);
+
+        // Retrieve the network config with password and ensure that they have not been overwritten
+        // with *.
+        retrievedNetworkWithPassword =
+                mWifiConfigManager.getConfiguredNetworkWithPassword(result.getNetworkId());
+        assertEquals(someRandomNetworkWithAllMaskedFields.preSharedKey,
+                retrievedNetworkWithPassword.preSharedKey);
+        assertEquals(someRandomNetworkWithAllMaskedFields.wepKeys,
+                retrievedNetworkWithPassword.wepKeys);
+        assertEquals(someRandomNetworkWithAllMaskedFields.enterpriseConfig.getPassword(),
+                retrievedNetworkWithPassword.enterpriseConfig.getPassword());
+    }
+
     /**
      * Verifies the ordering of network list generated using
      * {@link WifiConfigManager#retrievePnoNetworkList()}.
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java
index b53732a91..f7bf5b022 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java
@@ -65,6 +65,7 @@ public class WifiConfigurationTestUtil {
     public static final String[] TEST_WEP_KEYS =
             {"\"WifiConfigurationTestUtilWep1\"", "\"WifiConfigurationTestUtilWep2\"",
                     "45342312ab", "45342312ab45342312ab34ac12"};
+    public static final String TEST_EAP_PASSWORD = "WifiConfigurationTestUtilEapPassword";
     public static final int TEST_WEP_TX_KEY_INDEX = 1;
     public static final String TEST_FQDN = "WifiConfigurationTestUtilFQDN";
     public static final String TEST_PROVIDER_FRIENDLY_NAME =
-- 
cgit v1.2.3