* commit '74acf23a1eef75628c8fa9e2ff7ba08ed4258558': DO NOT MERGE Sanitize WifiConfigs
This commit is contained in:
@ -112,6 +112,16 @@ public class LinkProperties implements Parcelable {
|
|||||||
return Collections.unmodifiableCollection(mLinkAddresses);
|
return Collections.unmodifiableCollection(mLinkAddresses);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Replaces the LinkAddresses on this link with the given collection of addresses
|
||||||
|
*/
|
||||||
|
public void setLinkAddresses(Collection<LinkAddress> addresses) {
|
||||||
|
mLinkAddresses.clear();
|
||||||
|
for (LinkAddress address: addresses) {
|
||||||
|
addLinkAddress(address);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public void addDns(InetAddress dns) {
|
public void addDns(InetAddress dns) {
|
||||||
if (dns != null) mDnses.add(dns);
|
if (dns != null) mDnses.add(dns);
|
||||||
}
|
}
|
||||||
@ -127,6 +137,16 @@ public class LinkProperties implements Parcelable {
|
|||||||
return Collections.unmodifiableCollection(mRoutes);
|
return Collections.unmodifiableCollection(mRoutes);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Replaces the RouteInfos on this link with the given collection of RouteInfos.
|
||||||
|
*/
|
||||||
|
public void setRoutes(Collection<RouteInfo> routes) {
|
||||||
|
mRoutes.clear();
|
||||||
|
for (RouteInfo route : routes) {
|
||||||
|
addRoute(route);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public void setHttpProxy(ProxyProperties proxy) {
|
public void setHttpProxy(ProxyProperties proxy) {
|
||||||
mHttpProxy = proxy;
|
mHttpProxy = proxy;
|
||||||
}
|
}
|
||||||
|
@ -43,6 +43,7 @@ import android.net.wifi.WpsInfo;
|
|||||||
import android.net.wifi.WpsResult;
|
import android.net.wifi.WpsResult;
|
||||||
import android.net.ConnectivityManager;
|
import android.net.ConnectivityManager;
|
||||||
import android.net.DhcpInfo;
|
import android.net.DhcpInfo;
|
||||||
|
import android.net.LinkProperties;
|
||||||
import android.net.NetworkInfo;
|
import android.net.NetworkInfo;
|
||||||
import android.net.NetworkInfo.State;
|
import android.net.NetworkInfo.State;
|
||||||
import android.net.NetworkInfo.DetailedState;
|
import android.net.NetworkInfo.DetailedState;
|
||||||
@ -762,6 +763,17 @@ public class WifiService extends IWifiManager.Stub {
|
|||||||
*/
|
*/
|
||||||
public int addOrUpdateNetwork(WifiConfiguration config) {
|
public int addOrUpdateNetwork(WifiConfiguration config) {
|
||||||
enforceChangePermission();
|
enforceChangePermission();
|
||||||
|
// Until we have better UI so the user knows what's up we can't support undisplayable
|
||||||
|
// things (it's a security hole). Even when we can support it we probably need
|
||||||
|
// to lock down who can modify what. TODO - remove this when addOrUpdateNetwork
|
||||||
|
// restricts callers AND when the UI in settings lets users view the data AND
|
||||||
|
// when the VPN code is immune to specific routes.
|
||||||
|
if (config != null) {
|
||||||
|
LinkProperties lp = config.linkProperties;
|
||||||
|
if (lp == null || lp.equals(WifiConfiguration.stripUndisplayableConfig(lp)) == false) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
if (mWifiStateMachineChannel != null) {
|
if (mWifiStateMachineChannel != null) {
|
||||||
return mWifiStateMachine.syncAddOrUpdateNetwork(mWifiStateMachineChannel, config);
|
return mWifiStateMachine.syncAddOrUpdateNetwork(mWifiStateMachineChannel, config);
|
||||||
} else {
|
} else {
|
||||||
|
@ -16,11 +16,16 @@
|
|||||||
|
|
||||||
package android.net.wifi;
|
package android.net.wifi;
|
||||||
|
|
||||||
|
import android.net.LinkAddress;
|
||||||
import android.net.LinkProperties;
|
import android.net.LinkProperties;
|
||||||
|
import android.net.RouteInfo;
|
||||||
import android.os.Parcelable;
|
import android.os.Parcelable;
|
||||||
import android.os.Parcel;
|
import android.os.Parcel;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.BitSet;
|
import java.util.BitSet;
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.Iterator;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A class representing a configured Wi-Fi network, including the
|
* A class representing a configured Wi-Fi network, including the
|
||||||
@ -615,6 +620,44 @@ public class WifiConfiguration implements Parcelable {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* We don't want to use routes other than the first default and
|
||||||
|
* correct direct-connect route, or addresses beyond the first as
|
||||||
|
* the user can't see them in the UI and malicious apps
|
||||||
|
* can do malicious things with them. In particular specific routes
|
||||||
|
* circumvent VPNs of this era.
|
||||||
|
*
|
||||||
|
* @hide
|
||||||
|
*/
|
||||||
|
public static LinkProperties stripUndisplayableConfig(LinkProperties lp) {
|
||||||
|
if (lp == null) return lp;
|
||||||
|
|
||||||
|
LinkProperties newLp = new LinkProperties(lp);
|
||||||
|
Iterator<LinkAddress> i = lp.getLinkAddresses().iterator();
|
||||||
|
RouteInfo directConnectRoute = null;
|
||||||
|
if (i.hasNext()) {
|
||||||
|
LinkAddress addr = i.next();
|
||||||
|
Collection<LinkAddress> newAddresses = new ArrayList<LinkAddress>(1);
|
||||||
|
newAddresses.add(addr);
|
||||||
|
newLp.setLinkAddresses(newAddresses);
|
||||||
|
directConnectRoute = new RouteInfo(addr,null);
|
||||||
|
}
|
||||||
|
boolean defaultAdded = false;
|
||||||
|
Collection<RouteInfo> routes = lp.getRoutes();
|
||||||
|
Collection<RouteInfo> newRoutes = new ArrayList<RouteInfo>(2);
|
||||||
|
for (RouteInfo route : routes) {
|
||||||
|
if (defaultAdded == false && route.isDefaultRoute()) {
|
||||||
|
newRoutes.add(route);
|
||||||
|
defaultAdded = true;
|
||||||
|
}
|
||||||
|
if (route.equals(directConnectRoute)) {
|
||||||
|
newRoutes.add(route);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
newLp.setRoutes(newRoutes);
|
||||||
|
return newLp;
|
||||||
|
}
|
||||||
|
|
||||||
/** Implement the Parcelable interface {@hide} */
|
/** Implement the Parcelable interface {@hide} */
|
||||||
public void writeToParcel(Parcel dest, int flags) {
|
public void writeToParcel(Parcel dest, int flags) {
|
||||||
dest.writeInt(networkId);
|
dest.writeInt(networkId);
|
||||||
|
@ -1606,9 +1606,11 @@ public class WifiStateMachine extends StateMachine {
|
|||||||
private void configureLinkProperties() {
|
private void configureLinkProperties() {
|
||||||
if (mWifiConfigStore.isUsingStaticIp(mLastNetworkId)) {
|
if (mWifiConfigStore.isUsingStaticIp(mLastNetworkId)) {
|
||||||
mLinkProperties = mWifiConfigStore.getLinkProperties(mLastNetworkId);
|
mLinkProperties = mWifiConfigStore.getLinkProperties(mLastNetworkId);
|
||||||
|
mLinkProperties = WifiConfiguration.stripUndisplayableConfig(mLinkProperties);
|
||||||
} else {
|
} else {
|
||||||
synchronized (mDhcpInfoInternal) {
|
synchronized (mDhcpInfoInternal) {
|
||||||
mLinkProperties = mDhcpInfoInternal.makeLinkProperties();
|
mLinkProperties = mDhcpInfoInternal.makeLinkProperties();
|
||||||
|
mLinkProperties = WifiConfiguration.stripUndisplayableConfig(mLinkProperties);
|
||||||
}
|
}
|
||||||
mLinkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
|
mLinkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
|
||||||
}
|
}
|
||||||
@ -1816,6 +1818,7 @@ public class WifiStateMachine extends StateMachine {
|
|||||||
//DHCP renewal in connected state
|
//DHCP renewal in connected state
|
||||||
LinkProperties linkProperties = dhcpInfoInternal.makeLinkProperties();
|
LinkProperties linkProperties = dhcpInfoInternal.makeLinkProperties();
|
||||||
linkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
|
linkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
|
||||||
|
linkProperties = WifiConfiguration.stripUndisplayableConfig(linkProperties);
|
||||||
linkProperties.setInterfaceName(mInterfaceName);
|
linkProperties.setInterfaceName(mInterfaceName);
|
||||||
if (!linkProperties.equals(mLinkProperties)) {
|
if (!linkProperties.equals(mLinkProperties)) {
|
||||||
if (DBG) {
|
if (DBG) {
|
||||||
|
Reference in New Issue
Block a user