am 868d4c34: am 95023066: DO NOT MERGE Sanitize WifiConfigs
* commit '868d4c341034de6e2ebb6c1a247488b00d17c78d': DO NOT MERGE Sanitize WifiConfigs
This commit is contained in:
Robert Greenwalt
Android Git Automerger
@ -144,6 +144,16 @@ public class LinkProperties implements Parcelable {
|
||||
return Collections.unmodifiableCollection(mLinkAddresses);
|
||||
}
|
||||
|
||||
/**
|
||||
* Replaces the LinkAddresses on this link with the given collection of addresses
|
||||
*/
|
||||
public void setLinkAddresses(Collection<LinkAddress> addresses) {
|
||||
mLinkAddresses.clear();
|
||||
for (LinkAddress address: addresses) {
|
||||
addLinkAddress(address);
|
||||
}
|
||||
}
|
||||
|
||||
public void addDns(InetAddress dns) {
|
||||
if (dns != null) mDnses.add(dns);
|
||||
}
|
||||
@ -198,6 +208,16 @@ public class LinkProperties implements Parcelable {
|
||||
return routes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Replaces the RouteInfos on this link with the given collection of RouteInfos.
|
||||
*/
|
||||
public void setRoutes(Collection<RouteInfo> routes) {
|
||||
mRoutes.clear();
|
||||
for (RouteInfo route : routes) {
|
||||
addRoute(route);
|
||||
}
|
||||
}
|
||||
|
||||
public void setHttpProxy(ProxyProperties proxy) {
|
||||
mHttpProxy = proxy;
|
||||
}
|
||||
|
||||
@ -35,6 +35,7 @@ import android.net.wifi.WifiWatchdogStateMachine;
|
||||
import android.net.DhcpInfo;
|
||||
import android.net.DhcpResults;
|
||||
import android.net.LinkAddress;
|
||||
import android.net.LinkProperties;
|
||||
import android.net.NetworkUtils;
|
||||
import android.net.RouteInfo;
|
||||
import android.os.Binder;
|
||||
@ -470,6 +471,17 @@ public final class WifiService extends IWifiManager.Stub {
|
||||
*/
|
||||
public int addOrUpdateNetwork(WifiConfiguration config) {
|
||||
enforceChangePermission();
|
||||
// Until we have better UI so the user knows what's up we can't support undisplayable
|
||||
// things (it's a security hole). Even when we can support it we probably need
|
||||
// to lock down who can modify what. TODO - remove this when addOrUpdateNetwork
|
||||
// restricts callers AND when the UI in settings lets users view the data AND
|
||||
// when the VPN code is immune to specific routes.
|
||||
if (config != null) {
|
||||
LinkProperties lp = config.linkProperties;
|
||||
if (lp == null || lp.equals(WifiConfiguration.stripUndisplayableConfig(lp)) == false) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
if (mWifiStateMachineChannel != null) {
|
||||
return mWifiStateMachine.syncAddOrUpdateNetwork(mWifiStateMachineChannel, config);
|
||||
} else {
|
||||
|
||||
@ -16,12 +16,17 @@
|
||||
|
||||
package android.net.wifi;
|
||||
|
||||
import android.net.LinkAddress;
|
||||
import android.net.LinkProperties;
|
||||
import android.net.RouteInfo;
|
||||
import android.os.Parcelable;
|
||||
import android.os.Parcel;
|
||||
import android.text.TextUtils;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.BitSet;
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
|
||||
/**
|
||||
* A class representing a configured Wi-Fi network, including the
|
||||
@ -581,6 +586,44 @@ public class WifiConfiguration implements Parcelable {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* We don't want to use routes other than the first default and
|
||||
* correct direct-connect route, or addresses beyond the first as
|
||||
* the user can't see them in the UI and malicious apps
|
||||
* can do malicious things with them. In particular specific routes
|
||||
* circumvent VPNs of this era.
|
||||
*
|
||||
* @hide
|
||||
*/
|
||||
public static LinkProperties stripUndisplayableConfig(LinkProperties lp) {
|
||||
if (lp == null) return lp;
|
||||
|
||||
LinkProperties newLp = new LinkProperties(lp);
|
||||
Iterator<LinkAddress> i = lp.getLinkAddresses().iterator();
|
||||
RouteInfo directConnectRoute = null;
|
||||
if (i.hasNext()) {
|
||||
LinkAddress addr = i.next();
|
||||
Collection<LinkAddress> newAddresses = new ArrayList<LinkAddress>(1);
|
||||
newAddresses.add(addr);
|
||||
newLp.setLinkAddresses(newAddresses);
|
||||
directConnectRoute = new RouteInfo(addr,null);
|
||||
}
|
||||
boolean defaultAdded = false;
|
||||
Collection<RouteInfo> routes = lp.getRoutes();
|
||||
Collection<RouteInfo> newRoutes = new ArrayList<RouteInfo>(2);
|
||||
for (RouteInfo route : routes) {
|
||||
if (defaultAdded == false && route.isDefaultRoute()) {
|
||||
newRoutes.add(route);
|
||||
defaultAdded = true;
|
||||
}
|
||||
if (route.equals(directConnectRoute)) {
|
||||
newRoutes.add(route);
|
||||
}
|
||||
}
|
||||
newLp.setRoutes(newRoutes);
|
||||
return newLp;
|
||||
}
|
||||
|
||||
/** Implement the Parcelable interface {@hide} */
|
||||
public void writeToParcel(Parcel dest, int flags) {
|
||||
dest.writeInt(networkId);
|
||||
|
||||
@ -1587,10 +1587,12 @@ public class WifiStateMachine extends StateMachine {
|
||||
private void configureLinkProperties() {
|
||||
if (mWifiConfigStore.isUsingStaticIp(mLastNetworkId)) {
|
||||
mLinkProperties = mWifiConfigStore.getLinkProperties(mLastNetworkId);
|
||||
mLinkProperties = WifiConfiguration.stripUndisplayableConfig(mLinkProperties);
|
||||
} else {
|
||||
synchronized (mDhcpResultsLock) {
|
||||
if ((mDhcpResults != null) && (mDhcpResults.linkProperties != null)) {
|
||||
mLinkProperties = mDhcpResults.linkProperties;
|
||||
mLinkProperties = WifiConfiguration.stripUndisplayableConfig(
|
||||
mDhcpResults.linkProperties);
|
||||
}
|
||||
}
|
||||
mLinkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
|
||||
@ -1831,6 +1833,7 @@ public class WifiStateMachine extends StateMachine {
|
||||
if (getNetworkDetailedState() == DetailedState.CONNECTED) {
|
||||
//DHCP renewal in connected state
|
||||
linkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
|
||||
linkProperties = WifiConfiguration.stripUndisplayableConfig(linkProperties);
|
||||
if (!linkProperties.equals(mLinkProperties)) {
|
||||
if (DBG) {
|
||||
log("Link configuration changed for netId: " + mLastNetworkId
|
||||
|
||||
Reference in New Issue
Block a user