am 74acf23a: am 3c417fbf: Merge "DO NOT MERGE Sanitize WifiConfigs" into jb-mr1-dev

* commit '74acf23a1eef75628c8fa9e2ff7ba08ed4258558':
  DO NOT MERGE Sanitize WifiConfigs

core/java/android/net/LinkProperties.java

@@ -112,6 +112,16 @@ public class LinkProperties implements Parcelable {
         return Collections.unmodifiableCollection(mLinkAddresses);
     }
 
+    /**
+     * Replaces the LinkAddresses on this link with the given collection of addresses
+     */
+    public void setLinkAddresses(Collection<LinkAddress> addresses) {
+        mLinkAddresses.clear();
+        for (LinkAddress address: addresses) {
+            addLinkAddress(address);
+        }
+    }
+
     public void addDns(InetAddress dns) {
         if (dns != null) mDnses.add(dns);
     }
@@ -127,6 +137,16 @@ public class LinkProperties implements Parcelable {
         return Collections.unmodifiableCollection(mRoutes);
     }
 
+    /**
+     * Replaces the RouteInfos on this link with the given collection of RouteInfos.
+     */
+    public void setRoutes(Collection<RouteInfo> routes) {
+        mRoutes.clear();
+        for (RouteInfo route : routes) {
+            addRoute(route);
+        }
+    }
+
     public void setHttpProxy(ProxyProperties proxy) {
         mHttpProxy = proxy;
     }

services/java/com/android/server/WifiService.java

@@ -43,6 +43,7 @@ import android.net.wifi.WpsInfo;
 import android.net.wifi.WpsResult;
 import android.net.ConnectivityManager;
 import android.net.DhcpInfo;
+import android.net.LinkProperties;
 import android.net.NetworkInfo;
 import android.net.NetworkInfo.State;
 import android.net.NetworkInfo.DetailedState;
@@ -762,6 +763,17 @@ public class WifiService extends IWifiManager.Stub {
      */
     public int addOrUpdateNetwork(WifiConfiguration config) {
         enforceChangePermission();
+        // Until we have better UI so the user knows what's up we can't support undisplayable
+        // things (it's a security hole).  Even when we can support it we probably need
+        // to lock down who can modify what.  TODO - remove this when addOrUpdateNetwork
+        // restricts callers AND when the UI in settings lets users view the data AND
+        // when the VPN code is immune to specific routes.
+        if (config != null) {
+            LinkProperties lp = config.linkProperties;
+            if (lp == null || lp.equals(WifiConfiguration.stripUndisplayableConfig(lp)) == false) {
+                return -1;
+            }
+        }
         if (mWifiStateMachineChannel != null) {
             return mWifiStateMachine.syncAddOrUpdateNetwork(mWifiStateMachineChannel, config);
         } else {

wifi/java/android/net/wifi/WifiConfiguration.java

@@ -16,11 +16,16 @@
 
 package android.net.wifi;
 
+import android.net.LinkAddress;
 import android.net.LinkProperties;
+import android.net.RouteInfo;
 import android.os.Parcelable;
 import android.os.Parcel;
 
+import java.util.ArrayList;
 import java.util.BitSet;
+import java.util.Collection;
+import java.util.Iterator;
 
 /**
  * A class representing a configured Wi-Fi network, including the
@@ -615,6 +620,44 @@ public class WifiConfiguration implements Parcelable {
         }
     }
 
+    /**
+     * We don't want to use routes other than the first default and
+     * correct direct-connect route, or addresses beyond the first as
+     * the user can't see them in the UI and malicious apps
+     * can do malicious things with them.  In particular specific routes
+     * circumvent VPNs of this era.
+     *
+     * @hide
+     */
+    public static LinkProperties stripUndisplayableConfig(LinkProperties lp) {
+        if (lp == null) return lp;
+
+        LinkProperties newLp = new LinkProperties(lp);
+        Iterator<LinkAddress> i = lp.getLinkAddresses().iterator();
+        RouteInfo directConnectRoute = null;
+        if (i.hasNext()) {
+            LinkAddress addr = i.next();
+            Collection<LinkAddress> newAddresses = new ArrayList<LinkAddress>(1);
+            newAddresses.add(addr);
+            newLp.setLinkAddresses(newAddresses);
+            directConnectRoute = new RouteInfo(addr,null);
+        }
+        boolean defaultAdded = false;
+        Collection<RouteInfo> routes = lp.getRoutes();
+        Collection<RouteInfo> newRoutes = new ArrayList<RouteInfo>(2);
+        for (RouteInfo route : routes) {
+            if (defaultAdded == false && route.isDefaultRoute()) {
+                newRoutes.add(route);
+                defaultAdded = true;
+            }
+            if (route.equals(directConnectRoute)) {
+                newRoutes.add(route);
+            }
+        }
+        newLp.setRoutes(newRoutes);
+        return newLp;
+    }
+
     /** Implement the Parcelable interface {@hide} */
     public void writeToParcel(Parcel dest, int flags) {
         dest.writeInt(networkId);

wifi/java/android/net/wifi/WifiStateMachine.java

@@ -1606,9 +1606,11 @@ public class WifiStateMachine extends StateMachine {
     private void configureLinkProperties() {
         if (mWifiConfigStore.isUsingStaticIp(mLastNetworkId)) {
             mLinkProperties = mWifiConfigStore.getLinkProperties(mLastNetworkId);
+            mLinkProperties = WifiConfiguration.stripUndisplayableConfig(mLinkProperties);
         } else {
             synchronized (mDhcpInfoInternal) {
                 mLinkProperties = mDhcpInfoInternal.makeLinkProperties();
+                mLinkProperties = WifiConfiguration.stripUndisplayableConfig(mLinkProperties);
             }
             mLinkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
         }
@@ -1816,6 +1818,7 @@ public class WifiStateMachine extends StateMachine {
             //DHCP renewal in connected state
             LinkProperties linkProperties = dhcpInfoInternal.makeLinkProperties();
             linkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
+            linkProperties = WifiConfiguration.stripUndisplayableConfig(linkProperties);
             linkProperties.setInterfaceName(mInterfaceName);
             if (!linkProperties.equals(mLinkProperties)) {
                 if (DBG) {