| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Android wifi state machine checks if the propietary
firmware can be loaded, and uses that.
Otherwise, this patch makes it so it tries to enable the
hostapd daemon anyway, which, if you have a supported wifi
dongle connected, will enable the hotspot.
If no firmware and no wifi dongle is found, the wifi
state machine will cause the Android UI to say
"Turning hotspost on..." forever until the user turns
it off, but obviously, hotspot won't work.
Signed-off-by: belgin <belginstirbu@hotmail.com>
GNUtoo: splited the commit message in paragraphs.
Tested-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this patch, if the nonfree firmware is found, the internal WiFi
is used, otherwise the WiFi state machine tries to use the external
WiFi adapter.
Because the WiFiStateMachine tries to do things with the
Bluetooth Coexistence mode, which the ath9k driver
doesn't seem to have (at least not by default),
wpa_supplicant registers enough consecutive errors
to think the driver hanged, so it stops the
connection. To work around this, I have commented
the calls to enable/disable Bluetooth Coexistence
mode in the WiFi state machine java file. A proper fix
for this would be to enable Bluetooth Coexistence
mode in the ath9k driver.
Regarding removing the multicast packet filtering
code, the same wpa_supplicant issue as above was occuring,
causing wpa_supplicant to disconnect after a few errors.
I am unsure if this affects the firewall in any way.
Signed-off-by: Belgin Stirbu <belginstirbu@hotmail.com>
Acked-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
params.ap is an array with length MAX_SIGNIFICANT_CHANGE_APS == 64
We should check that params.num_ap does not exceed this value,
otherwise this could be a stack overflow security vulnerability.
CTS test is not available because CTS test doesn't have the
privilege to access system API.
Bug: 37207928
Test: compile
Test: SafetyNet log not triggered under non-exploit conditions
Change-Id: I541bacd5448124864f28ef1671edf065cc0e35ed
(cherry picked from commit dc96644e72bbac7b579c3ac4b8c5beed1fe7f0b6)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix merge conflict into nyc-mr1-security release branches
It is the caller's responsibility for deleting configuration files.
This avoids the ConfigBuilder from deleting arbitrary files
(specified by URI) pass-in by the callers.
Bug: 33178389
Test: Verify Passpoint Configuration installation works using Shamu
CVE-2017-0490
Change-Id: I54803dc711ede98a1ec1259077522032c543dca1
(cherry picked from commit 41c42f5bb544acf8bede2d05c6325657d92bd83c)
|
|
|
|
|
|
| |
This partially reverts commit bebdc4a3ae5000ac26c16071f26557eb7d8278d8.
Change-Id: I1ad9ab51c4cfbe634fbccdc07f4910ea696ff7a1
|
|
|
|
|
|
|
|
|
|
|
| |
merge into mmr3
This resovles the merge conflict for ag/1514448/
After Android M, this function uses num_bssid instead of num_ap.
Both are prone to stack overflow attacks.
Bug: 31856351
Test: compile, unit tests, manual test
Change-Id: Ied24e6a7ee3047a5319bcca77a0f0f94889b6ca1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix merge conflict into mnc-mr2-release
params.ap is an array with length MAX_HOTLIST_APS == 128
We should check that params.num_bssid does not exceed this value,
otherwise this could be a stack overflow security vulnerability.
CTS will be added in another CL.
Bug: 31856351
Test: compile, unit tests, manual test
Test: SafetyNet log not triggered under non-exploit conditions
Test: POC executable does not crash wifi anymore.
Change-Id: I99665d529985c89d581939126743c34ae885828c
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This resovles the merge conflict for ag/1514448/
After Android M, this function uses num_bssid instead of num_ap.
Both are prone to stack overflow attacks.
CYNGNOS-3312
Bug: 31856351
Test: compile, unit tests, manual test
Change-Id: I194850a4c79ddf478d98e750f65b24e82d99ebc0
(cherry picked from commit c579cce67bbb8d0a64b58b3b89d53ae1bce330e9)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
params.ap is an array with length MAX_HOTLIST_APS == 128
We should check that params.num_bssid does not exceed this value,
otherwise this could be a stack overflow security vulnerability.
CTS will be added in another CL.
CYNGNOS-3312
Bug: 31856351
Change-Id: I807f349ceef5c2f5a46eec87515d3550f8288739
Test: compile, unit tests, manual test
Test: SafetyNet log not triggered under non-exploit conditions
Test: POC executable does not crash wifi anymore.
(cherry picked from commit d8748b8faf9c002b59e059d52d49fcc5b7ca5887)
|
|\
| |
| |
| |
| |
| |
| | |
Android 6.0.1 Release 72 (M4B30X)
# gpg: Signature made Tue 04 Oct 2016 09:47:41 AM PDT using DSA key ID 9AB10E78
# gpg: Can't check signature: public key not found
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The ANQP Element parsing code that parses untrusted data broadcasted
by APs is currently untested, and might contain errors that will
trigger exceptions that can crash the system service (e.g. null pointer
exceptions).
To contain this risk, catch all possible exceptions from the invoking
ANQP element parsing code from ANQPFactory, and throw them again
as ProtocolExceptions, which users of ANQPFactory already catch.
BUG: 30230534
Change-Id: Icaba02c0e6739d94482cf4a5e704b59f8d4105b4
(cherry picked from commit 6154eb070b9f224a8daebf0a852d61f07d2c5cf3)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix the off-by-one error in the conditionals that check
whether the Venue Group and Venue Type codes in the ANQP
element are in the "Reserved" range.
BUG: 30169673
BUG: 29464811
TEST: Manually set up AP with Hotspot 2.0 support, broadcasting
Venue Group value 0xc, and ensure that device does not
crash when in range of this AP.
Change-Id: I14adc3a919e19b67fc0f46bf09d0cffb88b5354e
(cherry picked from commit 48ee5f1e1c6e2a2dc63e9cb84c42f532c8a6847a)
|
| |
| |
| |
| |
| |
| | |
Variable "buffer" falls out of scope leaking memory.
Change-Id: Ia9ca5b1652507e64a6a53c3c7d668684c1ed327e
|
| |
| |
| |
| |
| |
| |
| | |
* This check is going to be true if not GBK, so stop spamming the
log with this.
Change-Id: Ifed4885a9e502beeab8ef3f82de789c99ea106e1
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We used to do DHCP RENEW after framework roam succeeds.
But if connected network changed, which means previous IPv4
address is not valid.
Hence reset the roam flag to do Full DHCP in such case.
Change-Id: I87352fa78f74c18f550cce36b343fec72e13a3e3
CRs-Fixed: 1021770
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
WifiNative might send empty results if it doesn't get any scan
results from WifiHAL, which results a null array. Check if the
array is null before accessing to avoid possible null pointer
access.
Change-Id: I2911e41c65df96b768c6302a70434cda47828d00
CRs-Fixed: 1037782
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Caller waits for the reply from handler when it issues a
CMD_ENABLE_NETWORK for a network id. So send a reply with FAILURE
status when an invalid id is received to unblock the caller.
Change-Id: I665611cde175cfac2cb683fbb8c184a0b3e61f2b
CRs-Fixed: 1030683
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Because the homeSP is stored by Map structure.and the key is
"homeSP.getFQDN()" value is homeSP. For the same Passpoint AP,
the homeSP.getFQDN() is always same.so once you connect the AP
with one TMO SIM,the PerProviderSubscription.conf will created
and stored which contains the special IMSI.but at this time ,
if you change to another TMO SIM(IMSI changed),the mSPs already
has the key(Same AP). Cause the PerProviderSubscription.conf never
be updated to the latest,then the device can not connect to AP
successfully.So it should not only judge whether "homeSP.getFQDN()"
existed but also the content.especially,IMSI.Because the IMSI is
the key point for verification whether valid.
CRs-fixed: 954654
Change-Id: I195e1862cdbe9049aee7f9e524a9aa50d136ded7
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When the IP address assignment on the WLAN interface changes
from STATIC to STATIC the requisite routes are not getting added
by the connectivity service. Hack this by simulating a disconnect
and a reconnect , which is when the routes shall get added
properly.
Change-Id: I7763eb4fe6cf28431e15a930706e165b501b1f76
CRs-Fixed: 1025903
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With commit 5871e49caae132f154064807a864c7601c754da7, configurations
shall be set only if modified (in addOrUpdateNetworkNative).
To check if modified, savedConfig referenced the framework cache config
(from mConfiguredNetworks), then overwrite it with existing config from
supplicant.
If the config (to be updated) referenced the same framework cache config,
configurations has been overwritten hence will not be set.
In this specific instance, framework tries to DISABLE_TLS_1_2, but this
configuration shall never be set as the corresponding configuration is
always overwritten by the one in wpa_supplicant (which does not have
this configuration set).
This change is to create new WifiConfigration for savedConfig.
Change-Id: Id2ef886d4cbba840140a39f3cb4f00f992cf9f47
CRs-Fixed: 1033747
|
|\ \
| | |
| | |
| | |
| | |
| | | |
Android 6.0.1 Release 61 (MOB30Z)
Change-Id: Ica841d345cecfd7ea1aedfa360b5c1a28f915860
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The parseMacAddress function anticipates only properly formed
MAC addresses (6 hexadecimal octets separated by ":"). This
change properly deals with situations where the string is
shorter than expected, making sure that the passed in char*
reference in parseHexByte never exceeds the end of the string.
BUG: 28164077
TEST: Added a main function:
int main(int argc, char **argv) {
unsigned char addr[6];
if (argc > 1) {
memset(addr, 0, sizeof(addr));
parseMacAddress(argv[1], addr);
printf("Result: %02x:%02x:%02x:%02x:%02x:%02x\n",
addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
}
}
Tested with "", "a" "ab" "ab:c" "abxc".
Change-Id: I0db8d0037e48b62333d475296a45b22ab0efe386
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Almost every configuration to overlay the device's p2p name sets it
to the model name. Just use that directly when the overlay is the %m
token. (empty overlay still uses the default ANDROID_ID-based ID)
Companion change to I9f6c8d0f9fe9486ce58347b46ba46f7c230910f2
Change-Id: Iaaebe078c3a6834cb2bbf88243debe51b76f7c4e
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The hotspot should be disconnected only if the IMSI changes (for GSM
devices). SubscriptionInfo#getSubscriptionId() does not return the
IMSI and returns a handle used by the framework. Switch to using the
TelephonyManager#getSubscriberId().
Ticket: CYNGNOS-877, SAMBAR-1151
Change-Id: I7a00600497a9d884dda08a9969cf7f34f9054e2b
|
| |
| |
| |
| |
| |
| |
| | |
Ticket: OSS BACON-4349, CYNGNOS-1303, CYNGNOS-877
Change-Id: I653fdf40b1419c96e8d611b18d8d899cb5629f5c
Signed-off-by: Roman Birg <roman@cyngn.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On subscription changes, we should stop tethering to not incur
charges by accident.
Ticket: CYNGNOS-877
Change-Id: I27755f28e3a537c5ef61431817f22e98bc356c5d
Signed-off-by: Roman Birg <roman@cyngn.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Link de-bounce time of 7 seconds affects the station's
handover time to a better AP,thus tearing down the VoWiFi call
(due to RTP timeout). Reduce this time to 4 seconds
Change-Id: I3aa9b7ceae917650351e041e97e699ecdfd3bb77
CRs-Fixed: 989472
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Framework stores the scan caches for each configured network in a hash
map with network id as key and never clear them. If removing a network
and then re-enabling wifi, framework will re-assigned network id for
each configured network while loading them, however, the scan caches
still keeps the obsolete network id as its key.
This change is to clear the scan caches when framework loads configured
networks, which makes sure the network id in the scan caches is up to
date.
CRs-Fixed: 999659
Change-Id: I1a6cdb2871e6f58f7aa5d233517d5983be91a7df
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Wifi gbk2utf module used weak logic to check if SSID is GBK encoded,
it has chance that SSID wrongly converted and truncated, which in
turn caused framework crash due to unhandled Exception.
This change is to add isGkbString() to check if SSID is GBK encoded,
which makes sure only SSID with GBK encoded will be converted.
Change-Id: I6cb608bfb6f0930d89a58d66114eabbf856acc9d
CRs-Fixed: 978452
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update the frequency information before broadcasting
NETWORK_STATE_CHANGED_ACTION so that it contains the
up-to-date frequency info.
Change-Id: Ie09097e6727fd6db97819c825775a0b0f702da7f
CRs-fixed: 963614
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ENABLE_NETWORK command is called from the framework because of PNO state
change, which triggers the connect.This command is only expected to
enable the network and not issue a connect because from framework the
expected sequence of operations for a connect are SET_NETWORK,
ENABLE_NETWORK and SELECT_NETWORK.
Send an explicit ENABLE_NETWORK with "no-connect" to avoid connection.
Change-Id: Ibf85875a73271ef0b8540bb0e182b66ea42d65e7
CRs-Fixed: 970896
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Auto join black list the connected BSSIDs, if driver roams away from it.
This shall result in the respective BSSID getting blacklisted for the next
strategy. Enhance this logic by un blacklisting such BSSID's if the driver
has roamed again. This goes with our logic that - driver roaming to such
BSSID again should indicate to the framework that the BSSID is the best in
the network.
Change-Id: I24bf6caeb9a9277db577d0870e6961609ebf7677
CRs-Fixed: 968421
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
getScanDetailCacheIfExist function shall return null if the configuration
is obsent in mScanDetailCaches. Due to synchronization issue in
writeKnownNetworkHistory function, it is required to add null check in all
the places.
Change-Id: Id6b7ee9601e4fe9a4d99f87222e4026d11903e2b
CRs-Fixed: 966542
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
WifiScanningService shall query the gscan results through WiFiNative's
getScanResults API, which shall return NULL, if isHalStarted fails.
Since, WiFiService and WiFiScanningService run in different contexts,
a query for the gscan results shall happen while the WiFi is
disabled(setWifiEnabled == FALSE). This would result in a NULL being
returned by getScanResults API. Hence the check.
Change-Id: Icf9e37aca568e23a26a5301434adcde6af7512ab
CRs-Fixed: 936628
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On a group removal, the devise shall not be able to detect
the peer with which the group was formed earlier, as the
supplicant shall not give the P2P_DEV_FOUND indication for
an already reported one. Hence,do a p2p_flush to have a
better user experience in finding the p2p devices.
This will get the device list entries in the framework in
sync with the suplicant peer device list.
CRs-Fixed: 962240
Change-Id: I13130f61120f7e9bd41824387364ca15535ea471
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Each saved profile has an entry in networkHistory.txt file placed
at /data/misc/wifi location whose information is later used to
autojoin when wifi is turned on. The logic to read this file skips
the logic to store the scan details of that particular wifi
configuration.Hence the parsing logic is modified to store the scan
cache for each saved wifi configuration.
CRs-Fixed: 958484
Change-Id: I6627cda3810b56b766664992676cdf1441c77fe9
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Framework checks ScanDetailCache for particular network entry based on
network id. If entry absent, it will create fresh object for
ScanDetailCache. Later if another network is added with same network id,
getScanDetailCache returns the old network entry, this leads to SSID
mismatch issues.
Hence while updating saved networks history do not create fresh object.
Change-Id: Ibcc9aa600795bd5c141b3f4c52c46cc7ea6dd963
CRs-Fixed: 956970
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If Wifi turn On fails due to failure in loading driver or supplicant
start then WifiStateMachine stays in InitialState, but WifiController
is left stuck in StaEnabledState, which in turn fails to turn on WLAN
again.
Register WifiService to receive WIFI_STATE_CHANGED_ACTION intent from
WifiStateMachine, and if wifiState is failed, inform WifiController to
transition to ApStaDisabledState.
Change-Id: I454f6d5bb7f45cc18c9fdd8a625c5b3481640c19
CRs-Fixed: 947716
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Framework shall defer the SCAN request if issued with in 10 seconds after
the last connect attempt. This logic is driven by
lastConnectAttemptTimestamp, which holds the last connection attempt's time
stamp. For a scenario where a WiFi is turned off during the connection
attempt, this variable ended up retaining the last connection time stamp
and thus, the first scan after the WiFi turn on gets deferred, if the
attempt happens with in 10 seconds, resulting in a delay to display the
scan results after the Turn ON.
Hence clear lastConnectAttemptTimestamp variable, when wifi is turned off.
Change-Id: Ib3f306ba38debd95e047cd2ef2fdadf8d9fe3367
CRs-Fixed: 955289
|
| |
| |
| |
| |
| |
| |
| |
| | |
This appears to be a merge-induced breakage. Original commit:
https://github.com/CyanogenMod/android_frameworks_opt_net_wifi/commit/75b9d88468fbfff6a486d6df41215909a2cc9a93
Change-Id: I6935de7cbbd20881f3b15dbb9f5de692e9d38a9a
Signed-off-by: Zdrowy Gosciu <ZdrowyGosciu+GITHUB@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Almost every configuration to overlay the device's AP SSID sets it
to the model name. Just use that directly when the other options are
empty, instead of copying the same string around.
Change-Id: I9f6c8d0f9fe9486ce58347b46ba46f7c230910f2
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Each update of the network configuration to the supplicant
(though not updated) results in PMKSA flush though the
configurations excluding BSSID / priority remain same.
Thus, set the credentials only when they are added for the
first time or modified by comparing with the already existing
ones
Change-Id: I2dc057c229505920e14d3505639b6a4cb39141a1
CRs-Fixed: 965963
|
| |
| |
| |
| |
| |
| |
| |
| | |
The getNetID function may return INVALID_NETWORK_ID, however
that need not stop the auto join procedure.
Change-Id: Ib3d18c1662d7204ec76b07e69d932e288ea615d5
CRs-Fixed: 934125
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
STATUS command is issued to the supplicant to get the currently connected
network status. The current code does not consider the failure scenario
(NULL check) for the obtained response and this commit handles the same.
Change-Id: I4d90386bf8d909c97cacdf5b9c80e07a679d63ee
CRs-Fixed: 930365
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There are only a few MCCs in which the MNC is expected to be 3-digit long.
However, the fallback path for REQ-IDENTITY was assuming that length
all the time, which resulted in us getting the wrong realm for the
fallback path (which is kicked in when, for example, wifi starts up
faster than mobile)
Also, SIM states are indexed by slot, not subId
Ref CYNGNOS-2768
Change-Id: I3ea01d45e62689075b62df7a169f8734d0c9f5e6
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* The AP item list is destroyed and re-created on driver load/unload.
* Check before accessing them, as the driver may be unloaded, which may
cause a null pointer dereference.
REF: CYNGNOS-2559
Change-Id: If4f7600f6156d650211a7ac85b48f95f16c761e7
|
|\|
| |
| |
| |
| | |
Ticket: RM-234
Android 6.0.1 release 30
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The max SSID watch list size for PNO supported by wlan drivers is fixed
to a certain size. wpa_supplicant sorts this SSID watch list based on
the priorities assigned to those networks. This may result in us losing
some frequently used networks from the PNO list because they have lower
priorities. This is a side effect of how we assign priorities to
network configuration as they're added.
So before we trigger PNO, re-sort the network list based on the
'numAssociation' value and assign them relative priorities. This will make
sure that the PNO SSID watch list contains all the frequent SSID's to
which we were connected to.
PS: This change has a side-effect of ignoring the configured priorities
during PNO.
BUG: 26763375
Change-Id: I2c82254b2cb83aef0dd4da9e7d9b2eb5b376bead
Cherry-picked from:
https://partner-android-review.googlesource.com/#/c/529355
|
| |
| |
| |
| |
| |
| |
| |
| | |
Need to assign the overridden WorkSource to the member
mScanWorkSource in order to properly finish the scan.
Bug:23868900
Change-Id: I7c8ca5ce40ce1238e702bcc65dcef2b94b4b64e9
|
| |
| |
| |
| |
| |
| |
| | |
Ticket: RM-234
This reverts commit e26ad459b63271548abbdeba4f8d77fcca9f88bd.
Change-Id: Ia2f700ee211c4bd54661fd1e1aa150761fff0d4a
|