Prevent restricted user from adding network through camera
When DISALLOW_CONFIG_WIFI or DISALLOW_ADD_WIFI_CONFIG user restriction
is set, prevent the user from using a camera to add a network (e.g. by scanning a QR code) via the camera app
Bug: 221859734
Test: atest com.android.server.wifi
Change-Id: I2bf5e4f76a3854883540beceaf5e25b097aa3c9c
(cherry picked from commit 737e26535baeb007b9034f581b4616699b05725f)
Merged-In: I2bf5e4f76a3854883540beceaf5e25b097aa3c9c
diff --git a/service/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java b/service/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
index 019e689..1d5eaaf 100644
--- a/service/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
+++ b/service/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
@@ -6311,6 +6311,64 @@
}
/**
+ * Verify that add or update networks is not allowed for camera app when
+ * DISALLOW_CONFIG_WIFI user restriction is set.
+ */
+ @Test
+ public void testAddOrUpdateNetworkIsNotAllowedForCameraDisallowConfigWifi() throws Exception {
+ doReturn(AppOpsManager.MODE_ALLOWED).when(mAppOpsManager)
+ .noteOp(AppOpsManager.OPSTR_CHANGE_WIFI_STATE, Process.myUid(), TEST_PACKAGE_NAME);
+ when(mWifiPermissionsUtil.isSystem(anyString(), anyInt())).thenReturn(true);
+ when(mWifiPermissionsUtil.checkCameraPermission(Binder.getCallingUid())).thenReturn(true);
+ when(mWifiPermissionsUtil.isAdmin(Binder.getCallingUid(), TEST_PACKAGE_NAME))
+ .thenReturn(false);
+ when(mWifiConfigManager.addOrUpdateNetwork(any(), anyInt(), any(), eq(false))).thenReturn(
+ new NetworkUpdateResult(0));
+ when(mUserManager.hasUserRestrictionForUser(eq(UserManager.DISALLOW_CONFIG_WIFI),
+ any())).thenReturn(true);
+
+ WifiConfiguration config = WifiConfigurationTestUtil.createOpenNetwork();
+ mLooper.startAutoDispatch();
+ assertEquals(-1,
+ mWifiServiceImpl.addOrUpdateNetwork(config, TEST_PACKAGE_NAME, mAttribution));
+ mLooper.stopAutoDispatchAndIgnoreExceptions();
+
+ verifyCheckChangePermission(TEST_PACKAGE_NAME);
+ verify(mWifiConfigManager, never()).addOrUpdateNetwork(any(), anyInt(), any(), eq(false));
+ verify(mWifiMetrics, never()).incrementNumAddOrUpdateNetworkCalls();
+ }
+
+ /**
+ * Verify that add or update networks is not allowed for camera app when
+ * DISALLOW_ADD_WIFI_CONFIG user restriction is set.
+ */
+ @Test
+ public void testAddOrUpdateNetworkIsNotAllowedForCameraDisallowAddWifiConfig()
+ throws Exception {
+ assumeTrue(SdkLevel.isAtLeastT());
+ doReturn(AppOpsManager.MODE_ALLOWED).when(mAppOpsManager)
+ .noteOp(AppOpsManager.OPSTR_CHANGE_WIFI_STATE, Process.myUid(), TEST_PACKAGE_NAME);
+ when(mWifiPermissionsUtil.isSystem(anyString(), anyInt())).thenReturn(true);
+ when(mWifiPermissionsUtil.checkCameraPermission(Binder.getCallingUid())).thenReturn(true);
+ when(mWifiPermissionsUtil.isAdmin(Binder.getCallingUid(), TEST_PACKAGE_NAME))
+ .thenReturn(false);
+ when(mWifiConfigManager.addOrUpdateNetwork(any(), anyInt(), any(), eq(false))).thenReturn(
+ new NetworkUpdateResult(0));
+ when(mUserManager.hasUserRestrictionForUser(eq(UserManager.DISALLOW_ADD_WIFI_CONFIG),
+ any())).thenReturn(true);
+
+ WifiConfiguration config = WifiConfigurationTestUtil.createOpenNetwork();
+ mLooper.startAutoDispatch();
+ assertEquals(-1,
+ mWifiServiceImpl.addOrUpdateNetwork(config, TEST_PACKAGE_NAME, mAttribution));
+ mLooper.stopAutoDispatchAndIgnoreExceptions();
+
+ verifyCheckChangePermission(TEST_PACKAGE_NAME);
+ verify(mWifiConfigManager, never()).addOrUpdateNetwork(any(), anyInt(), any(), eq(false));
+ verify(mWifiMetrics, never()).incrementNumAddOrUpdateNetworkCalls();
+ }
+
+ /**
* Verify that add or update networks is allowed for settings app.
*/
@Test
