commit 2e0196f10caaba981ec595d4c67a820eb802f74b
author Jimmy Chen <jimmycmchen@google.com> Thu Sep 22 13:50:09 2022 +0800
committer Jimmy Chen <jimmycmchen@google.com> Fri Sep 23 14:48:22 2022 +0000
tree 0306a756f0c0d4a86ab4b06bb2efb3c4f5c46595
parent fc0b0f136656a46c8f94b88f581b880eb10396b8

[DO NOT MERGE] passpoint: validate decorated identity prefix

Bug: 246539931
Test: atest FrameworksWifiTests
      insatll PoC to verify the issue does not happen
Change-Id: I59144c43d2ee9590c8d973e24877e56aaf395b33
(cherry picked from commit df9d477011d9e64857dea3658cba1fc25e5d18cc)

framework/java/android/net/wifi/hotspot2/PasspointConfiguration.java

diff --git a/framework/java/android/net/wifi/hotspot2/PasspointConfiguration.java b/framework/java/android/net/wifi/hotspot2/PasspointConfiguration.java
index 375c9fb..239f406 100644
--- a/framework/java/android/net/wifi/hotspot2/PasspointConfiguration.java
+++ b/framework/java/android/net/wifi/hotspot2/PasspointConfiguration.java
@@ -37,6 +37,7 @@
 import android.telephony.SubscriptionManager;
 import android.telephony.TelephonyManager;
 import android.text.TextUtils;
+import android.util.EventLog;
 import android.util.Log;
 
 import androidx.annotation.RequiresApi;
@@ -952,6 +953,13 @@
         if (mPolicy != null && !mPolicy.validate()) {
             return false;
         }
+        // Optional: DecoratedIdentityPrefix
+        if (!TextUtils.isEmpty(mDecoratedIdentityPrefix)
+                && !mDecoratedIdentityPrefix.endsWith("!")) {
+            EventLog.writeEvent(0x534e4554, "246539931", -1,
+                    "Invalid decorated identity prefix");
+            return false;
+        }
 
         if (mTrustRootCertList != null) {
             for (Map.Entry<String, byte[]> entry : mTrustRootCertList.entrySet()) {