WifiConfigManager: Ignore masked EAP passwords
Whenever an app retrieves one of the saved network configuration using
the WifiManager API's, we mask out the |preSharedKey|, |wepKeys| and
|enterpriseConfig.getPassword()| fields. These apps may however pass the
same network configuration (with some changes) back to the
framework via WifiManager.updateNetwork() or WifiManager.connect() API's.
Since the current update API does not specify which field within the
WifiConfiguration is modified, framework tries to copy over all the
fields sent in thus overriding the real password with the masked value
sent by the app.
Ideally the apps should create a new WifiConfiguration with just the
fields that they want to modify and send it via
WifiManager.updateNetwork(). But, since this is a very common mistake
we have some protection against this in the framework for the
|preSharedKey| and |wepKeys|. But, we're missing this protection for the
|enterpriseConfig.getPassword()| fields.
Bug: 62893342
Test: Unit tests.
Test: Manual test to ensure that masked password sent from settings is
ignored.
Test: Regression tests.
Change-Id: I163c8c44b2717364aff88cb7ca1b2faa3aa6cce9
3 files changed
