RESTRICT AUTOMERGE: WifiServiceImpl: fix and add tethering checks
Fix checks for tethering restrictions in setWifiApEnabled
and setWifiApConfiguration. Additionally add check for primary user for
all three checks (setWifiApEnabled, get/setWifiApConfiguration).
Bug: 35765136
Test: manual test as below:
1. Download a popular free app, ES File Explorer (tested with version 4.1.7 and earlier)
2. Menu (top-left) > Network > Net Manager > Create a hotspot network
3. The operation should hang or fail
4. "adb logcat | grep WifiService" to verify change
Change-Id: I2867f8f33861a802058c84149246dbd7f2b1441e
(cherry picked from commit 38598d8d32d5fa9af2178e71916887c2d37678f5)
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java
index 740ef6e..3cad492 100644
--- a/service/java/com/android/server/wifi/WifiServiceImpl.java
+++ b/service/java/com/android/server/wifi/WifiServiceImpl.java
@@ -541,6 +541,16 @@
"ConnectivityService");
}
+ private void enforceTetheringRestriction() {
+ // check if the user has the tethering restriction
+ UserManager um = UserManager.get(mContext);
+ UserHandle userHandle = Binder.getCallingUserHandle();
+ Slog.d(TAG, "setWifiApEnabled - calling userId: " + userHandle.getIdentifier());
+ if (um.hasUserRestriction(UserManager.DISALLOW_CONFIG_TETHERING, userHandle)) {
+ throw new SecurityException("DISALLOW_CONFIG_TETHERING is enabled for this user.");
+ }
+ }
+
/**
* see {@link android.net.wifi.WifiManager#setWifiEnabled(boolean)}
* @param enable {@code true} to enable, {@code false} to disable.
@@ -591,11 +601,21 @@
* @param enabled true to enable and false to disable
*/
public void setWifiApEnabled(WifiConfiguration wifiConfig, boolean enabled) {
+ Slog.d(TAG, "setWifiApEnabled: " + enabled + " pid=" + Binder.getCallingPid()
+ + ", uid=" + Binder.getCallingUid());
enforceChangePermission();
ConnectivityManager.enforceTetherChangePermission(mContext);
- if (mUserManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_TETHERING)) {
- throw new SecurityException("DISALLOW_CONFIG_TETHERING is enabled for this user.");
+
+ // check if the user has the tethering restriction
+ enforceTetheringRestriction();
+ Slog.d(TAG, "setWifiApEnabled - passed the config_tethering check");
+
+ // now check if this is the primary user
+ if (Binder.getCallingUserHandle().getIdentifier() != UserHandle.USER_OWNER) {
+ Slog.e(TAG, "Only the device owner can enable wifi tethering");
+ return;
}
+
// null wifiConfig is a meaningful input for CMD_SET_AP
if (wifiConfig == null || isValid(wifiConfig)) {
mWifiController.obtainMessage(CMD_SET_AP, enabled ? 1 : 0, 0, wifiConfig).sendToTarget();
@@ -623,6 +643,13 @@
*/
public WifiConfiguration getWifiApConfiguration() {
enforceAccessPermission();
+ enforceTetheringRestriction();
+ // now check if this is the primary user
+ if (Binder.getCallingUserHandle().getIdentifier() != UserHandle.USER_OWNER) {
+ Slog.e(TAG, "Only the device owner can retrieve the ap config");
+ return null;
+ }
+
return mWifiStateMachine.syncGetWifiApConfiguration();
}
@@ -650,7 +677,17 @@
* @param wifiConfig WifiConfiguration details for soft access point
*/
public void setWifiApConfiguration(WifiConfiguration wifiConfig) {
+ Slog.d(TAG, "setWifiApConfiguration: " + wifiConfig);
enforceChangePermission();
+
+ enforceTetheringRestriction();
+
+ // now check if this is the primary user
+ if (Binder.getCallingUserHandle().getIdentifier() != UserHandle.USER_OWNER) {
+ Slog.e(TAG, "Only the device owner can set the ap config");
+ return;
+ }
+
if (wifiConfig == null)
return;
if (isValid(wifiConfig)) {
