Require location permission to access wifi SSID, BSSID
BSSID/SSID can be used to deduce location, so require the same
location permissions for access to these WifiInfo fields
requested using WifiManager.getConnectionInfo() as for
WifiManager.getScanResults().
If the application does not have a location permission,
the returned object will have a BSSID of 02:00:00:00:00:00
and <unknown ssid>.
Bug: 36770596
Test: New unit tests
Change-Id: Iab5ae21719206260f4993631ee78714019a925fa
diff --git a/service/java/com/android/server/wifi/WifiStateMachine.java b/service/java/com/android/server/wifi/WifiStateMachine.java
index eec0996..30d2f54 100644
--- a/service/java/com/android/server/wifi/WifiStateMachine.java
+++ b/service/java/com/android/server/wifi/WifiStateMachine.java
@@ -31,6 +31,7 @@
import android.Manifest;
import android.app.ActivityManager;
+import android.app.AppGlobals;
import android.app.PendingIntent;
import android.bluetooth.BluetoothAdapter;
import android.content.BroadcastReceiver;
@@ -82,6 +83,7 @@
import android.net.wifi.p2p.IWifiP2pManager;
import android.os.BatteryStats;
import android.os.Binder;
+import android.os.Build;
import android.os.Bundle;
import android.os.IBinder;
import android.os.INetworkManagementService;
@@ -364,7 +366,7 @@
private final Object mDhcpResultsLock = new Object();
private DhcpResults mDhcpResults;
- // NOTE: Do not return to clients - use #getWiFiInfoForUid(int)
+ // NOTE: Do not return to clients - see syncRequestConnectionInfo()
private final WifiInfo mWifiInfo;
private NetworkInfo mNetworkInfo;
private final NetworkCapabilities mDfltNetworkCapabilities;
@@ -1761,7 +1763,35 @@
* @return a {@link WifiInfo} object containing information about the current connection
*/
public WifiInfo syncRequestConnectionInfo() {
- return getWiFiInfoForUid(Binder.getCallingUid());
+ int uid = Binder.getCallingUid();
+ if (uid == Process.myUid()) return mWifiInfo;
+ boolean hideBssidAndSsid = true;
+ WifiInfo result = new WifiInfo(mWifiInfo);
+ result.setMacAddress(WifiInfo.DEFAULT_MAC_ADDRESS);
+
+ IPackageManager packageManager = AppGlobals.getPackageManager();
+
+ try {
+ if (packageManager.checkUidPermission(Manifest.permission.LOCAL_MAC_ADDRESS,
+ uid) == PackageManager.PERMISSION_GRANTED) {
+ result.setMacAddress(mWifiInfo.getMacAddress());
+ }
+ if (mWifiPermissionsUtil.canAccessScanResults(
+ packageManager.getNameForUid(uid),
+ uid,
+ Build.VERSION_CODES.O)) {
+ hideBssidAndSsid = false;
+ }
+ } catch (RemoteException e) {
+ Log.e(TAG, "Error checking receiver permission", e);
+ } catch (SecurityException e) {
+ Log.e(TAG, "Security exception checking receiver permission", e);
+ }
+ if (hideBssidAndSsid) {
+ result.setBSSID(WifiInfo.DEFAULT_MAC_ADDRESS);
+ result.setSSID(WifiSsid.createFromHex(null));
+ }
+ return result;
}
public WifiInfo getWifiInfo() {
@@ -3144,29 +3174,6 @@
mContext.sendStickyBroadcastAsUser(intent, UserHandle.ALL);
}
- private WifiInfo getWiFiInfoForUid(int uid) {
- if (Binder.getCallingUid() == Process.myUid()) {
- return mWifiInfo;
- }
-
- WifiInfo result = new WifiInfo(mWifiInfo);
- result.setMacAddress(WifiInfo.DEFAULT_MAC_ADDRESS);
-
- IBinder binder = mFacade.getService("package");
- IPackageManager packageManager = IPackageManager.Stub.asInterface(binder);
-
- try {
- if (packageManager.checkUidPermission(Manifest.permission.LOCAL_MAC_ADDRESS,
- uid) == PackageManager.PERMISSION_GRANTED) {
- result.setMacAddress(mWifiInfo.getMacAddress());
- }
- } catch (RemoteException e) {
- Log.e(TAG, "Error checking receiver permission", e);
- }
-
- return result;
- }
-
private void sendLinkConfigurationChangedBroadcast() {
Intent intent = new Intent(WifiManager.LINK_CONFIGURATION_CHANGED_ACTION);
intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY_BEFORE_BOOT);
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiStateMachineTest.java b/tests/wifitests/src/com/android/server/wifi/WifiStateMachineTest.java
index 8d578b3d..a444e93 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiStateMachineTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiStateMachineTest.java
@@ -30,6 +30,7 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
@@ -75,6 +76,7 @@
import android.os.Message;
import android.os.Messenger;
import android.os.PowerManager;
+import android.os.Process;
import android.os.RemoteException;
import android.os.UserHandle;
import android.os.UserManager;
@@ -98,6 +100,7 @@
import com.android.server.wifi.hotspot2.NetworkDetail;
import com.android.server.wifi.hotspot2.PasspointManager;
import com.android.server.wifi.p2p.WifiP2pServiceImpl;
+import com.android.server.wifi.util.WifiPermissionsUtil;
import org.junit.After;
import org.junit.Before;
@@ -336,6 +339,7 @@
@Mock IClientInterface mClientInterface;
@Mock IBinder mApInterfaceBinder;
@Mock IBinder mClientInterfaceBinder;
+ @Mock IBinder mPackageManagerBinder;
@Mock WifiConfigManager mWifiConfigManager;
@Mock WifiNative mWifiNative;
@Mock WifiConnectivityManager mWifiConnectivityManager;
@@ -343,6 +347,7 @@
@Mock WifiStateTracker mWifiStateTracker;
@Mock PasspointManager mPasspointManager;
@Mock SelfRecovery mSelfRecovery;
+ @Mock WifiPermissionsUtil mWifiPermissionsUtil;
@Mock IpManager mIpManager;
@Mock TelephonyManager mTelephonyManager;
@Mock WrongPasswordNotifier mWrongPasswordNotifier;
@@ -387,6 +392,7 @@
when(mWifiInjector.getWifiMonitor()).thenReturn(mWifiMonitor);
when(mWifiInjector.getWifiNative()).thenReturn(mWifiNative);
when(mWifiInjector.getSelfRecovery()).thenReturn(mSelfRecovery);
+ when(mWifiInjector.getWifiPermissionsUtil()).thenReturn(mWifiPermissionsUtil);
when(mWifiInjector.makeTelephonyManager()).thenReturn(mTelephonyManager);
when(mWifiInjector.getClock()).thenReturn(mClock);
@@ -1785,6 +1791,112 @@
}
/**
+ * Test that the process uid has full wifiInfo access
+ */
+ @Test
+ public void testConnectedIdsAreVisibleFromOwnUid() throws Exception {
+ assertEquals(Process.myUid(), Binder.getCallingUid());
+ WifiInfo wifiInfo = mWsm.getWifiInfo();
+ connect();
+ WifiInfo connectionInfo = mWsm.syncRequestConnectionInfo();
+ assertEquals(wifiInfo, connectionInfo);
+ }
+
+ /**
+ * Test that connected SSID and BSSID are not exposed to an app that does not have the
+ * appropriate permissions.
+ */
+ @Test
+ public void testConnectedIdsAreHiddenFromRandomApp() throws Exception {
+ int actualUid = Binder.getCallingUid();
+ int fakeUid = Process.myUid() + 100000;
+ assertNotEquals(actualUid, fakeUid);
+ BinderUtil.setUid(fakeUid);
+ try {
+ WifiInfo wifiInfo = mWsm.getWifiInfo();
+
+ // Get into a connected state, with known BSSID and SSID
+ connect();
+ assertEquals(sBSSID, wifiInfo.getBSSID());
+ assertEquals(sWifiSsid, wifiInfo.getWifiSsid());
+
+ when(mWifiPermissionsUtil.canAccessScanResults(anyString(), eq(fakeUid), anyInt()))
+ .thenReturn(false);
+
+ WifiInfo connectionInfo = mWsm.syncRequestConnectionInfo();
+
+ assertNotEquals(wifiInfo, connectionInfo);
+ assertEquals(WifiSsid.NONE, connectionInfo.getSSID());
+ assertEquals(WifiInfo.DEFAULT_MAC_ADDRESS, connectionInfo.getBSSID());
+ } finally {
+ BinderUtil.setUid(actualUid);
+ }
+ }
+
+ /**
+ * Test that connected SSID and BSSID are not exposed to an app that does not have the
+ * appropriate permissions, when canAccessScanResults raises a SecurityException.
+ */
+ @Test
+ public void testConnectedIdsAreHiddenOnSecurityException() throws Exception {
+ int actualUid = Binder.getCallingUid();
+ int fakeUid = Process.myUid() + 100000;
+ assertNotEquals(actualUid, fakeUid);
+ BinderUtil.setUid(fakeUid);
+ try {
+ WifiInfo wifiInfo = mWsm.getWifiInfo();
+
+ // Get into a connected state, with known BSSID and SSID
+ connect();
+ assertEquals(sBSSID, wifiInfo.getBSSID());
+ assertEquals(sWifiSsid, wifiInfo.getWifiSsid());
+
+ when(mWifiPermissionsUtil.canAccessScanResults(anyString(), eq(fakeUid), anyInt()))
+ .thenThrow(new SecurityException());
+
+ WifiInfo connectionInfo = mWsm.syncRequestConnectionInfo();
+
+ assertNotEquals(wifiInfo, connectionInfo);
+ assertEquals(WifiSsid.NONE, connectionInfo.getSSID());
+ assertEquals(WifiInfo.DEFAULT_MAC_ADDRESS, connectionInfo.getBSSID());
+ } finally {
+ BinderUtil.setUid(actualUid);
+ }
+ }
+
+ /**
+ * Test that connected SSID and BSSID are exposed to an app that does have the
+ * appropriate permissions.
+ */
+ @Test
+ public void testConnectedIdsAreVisibleFromPermittedApp() throws Exception {
+ int actualUid = Binder.getCallingUid();
+ int fakeUid = Process.myUid() + 100000;
+ BinderUtil.setUid(fakeUid);
+ try {
+ WifiInfo wifiInfo = mWsm.getWifiInfo();
+
+ // Get into a connected state, with known BSSID and SSID
+ connect();
+ assertEquals(sBSSID, wifiInfo.getBSSID());
+ assertEquals(sWifiSsid, wifiInfo.getWifiSsid());
+
+ when(mWifiPermissionsUtil.canAccessScanResults(anyString(), eq(fakeUid), anyInt()))
+ .thenReturn(true);
+
+ WifiInfo connectionInfo = mWsm.syncRequestConnectionInfo();
+
+ assertNotEquals(wifiInfo, connectionInfo);
+ assertEquals(wifiInfo.getSSID(), connectionInfo.getSSID());
+ assertEquals(wifiInfo.getBSSID(), connectionInfo.getBSSID());
+ // Access to our MAC address uses a different permission, make sure it is not granted
+ assertEquals(WifiInfo.DEFAULT_MAC_ADDRESS, connectionInfo.getMacAddress());
+ } finally {
+ BinderUtil.setUid(actualUid);
+ }
+ }
+
+ /**
* Adds the network without putting WifiStateMachine into ConnectMode.
*/
@Test
