* commit '74acf23a1eef75628c8fa9e2ff7ba08ed4258558': DO NOT MERGE Sanitize WifiConfigs
This commit is contained in:
Robert Greenwalt
Android Git Automerger
@ -112,6 +112,16 @@ public class LinkProperties implements Parcelable {
|
||||
return Collections.unmodifiableCollection(mLinkAddresses);
|
||||
}
|
||||
|
||||
/**
|
||||
* Replaces the LinkAddresses on this link with the given collection of addresses
|
||||
*/
|
||||
public void setLinkAddresses(Collection<LinkAddress> addresses) {
|
||||
mLinkAddresses.clear();
|
||||
for (LinkAddress address: addresses) {
|
||||
addLinkAddress(address);
|
||||
}
|
||||
}
|
||||
|
||||
public void addDns(InetAddress dns) {
|
||||
if (dns != null) mDnses.add(dns);
|
||||
}
|
||||
@ -127,6 +137,16 @@ public class LinkProperties implements Parcelable {
|
||||
return Collections.unmodifiableCollection(mRoutes);
|
||||
}
|
||||
|
||||
/**
|
||||
* Replaces the RouteInfos on this link with the given collection of RouteInfos.
|
||||
*/
|
||||
public void setRoutes(Collection<RouteInfo> routes) {
|
||||
mRoutes.clear();
|
||||
for (RouteInfo route : routes) {
|
||||
addRoute(route);
|
||||
}
|
||||
}
|
||||
|
||||
public void setHttpProxy(ProxyProperties proxy) {
|
||||
mHttpProxy = proxy;
|
||||
}
|
||||
|
||||
@ -43,6 +43,7 @@ import android.net.wifi.WpsInfo;
|
||||
import android.net.wifi.WpsResult;
|
||||
import android.net.ConnectivityManager;
|
||||
import android.net.DhcpInfo;
|
||||
import android.net.LinkProperties;
|
||||
import android.net.NetworkInfo;
|
||||
import android.net.NetworkInfo.State;
|
||||
import android.net.NetworkInfo.DetailedState;
|
||||
@ -762,6 +763,17 @@ public class WifiService extends IWifiManager.Stub {
|
||||
*/
|
||||
public int addOrUpdateNetwork(WifiConfiguration config) {
|
||||
enforceChangePermission();
|
||||
// Until we have better UI so the user knows what's up we can't support undisplayable
|
||||
// things (it's a security hole). Even when we can support it we probably need
|
||||
// to lock down who can modify what. TODO - remove this when addOrUpdateNetwork
|
||||
// restricts callers AND when the UI in settings lets users view the data AND
|
||||
// when the VPN code is immune to specific routes.
|
||||
if (config != null) {
|
||||
LinkProperties lp = config.linkProperties;
|
||||
if (lp == null || lp.equals(WifiConfiguration.stripUndisplayableConfig(lp)) == false) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
if (mWifiStateMachineChannel != null) {
|
||||
return mWifiStateMachine.syncAddOrUpdateNetwork(mWifiStateMachineChannel, config);
|
||||
} else {
|
||||
|
||||
@ -16,11 +16,16 @@
|
||||
|
||||
package android.net.wifi;
|
||||
|
||||
import android.net.LinkAddress;
|
||||
import android.net.LinkProperties;
|
||||
import android.net.RouteInfo;
|
||||
import android.os.Parcelable;
|
||||
import android.os.Parcel;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.BitSet;
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
|
||||
/**
|
||||
* A class representing a configured Wi-Fi network, including the
|
||||
@ -615,6 +620,44 @@ public class WifiConfiguration implements Parcelable {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* We don't want to use routes other than the first default and
|
||||
* correct direct-connect route, or addresses beyond the first as
|
||||
* the user can't see them in the UI and malicious apps
|
||||
* can do malicious things with them. In particular specific routes
|
||||
* circumvent VPNs of this era.
|
||||
*
|
||||
* @hide
|
||||
*/
|
||||
public static LinkProperties stripUndisplayableConfig(LinkProperties lp) {
|
||||
if (lp == null) return lp;
|
||||
|
||||
LinkProperties newLp = new LinkProperties(lp);
|
||||
Iterator<LinkAddress> i = lp.getLinkAddresses().iterator();
|
||||
RouteInfo directConnectRoute = null;
|
||||
if (i.hasNext()) {
|
||||
LinkAddress addr = i.next();
|
||||
Collection<LinkAddress> newAddresses = new ArrayList<LinkAddress>(1);
|
||||
newAddresses.add(addr);
|
||||
newLp.setLinkAddresses(newAddresses);
|
||||
directConnectRoute = new RouteInfo(addr,null);
|
||||
}
|
||||
boolean defaultAdded = false;
|
||||
Collection<RouteInfo> routes = lp.getRoutes();
|
||||
Collection<RouteInfo> newRoutes = new ArrayList<RouteInfo>(2);
|
||||
for (RouteInfo route : routes) {
|
||||
if (defaultAdded == false && route.isDefaultRoute()) {
|
||||
newRoutes.add(route);
|
||||
defaultAdded = true;
|
||||
}
|
||||
if (route.equals(directConnectRoute)) {
|
||||
newRoutes.add(route);
|
||||
}
|
||||
}
|
||||
newLp.setRoutes(newRoutes);
|
||||
return newLp;
|
||||
}
|
||||
|
||||
/** Implement the Parcelable interface {@hide} */
|
||||
public void writeToParcel(Parcel dest, int flags) {
|
||||
dest.writeInt(networkId);
|
||||
|
||||
@ -1606,9 +1606,11 @@ public class WifiStateMachine extends StateMachine {
|
||||
private void configureLinkProperties() {
|
||||
if (mWifiConfigStore.isUsingStaticIp(mLastNetworkId)) {
|
||||
mLinkProperties = mWifiConfigStore.getLinkProperties(mLastNetworkId);
|
||||
mLinkProperties = WifiConfiguration.stripUndisplayableConfig(mLinkProperties);
|
||||
} else {
|
||||
synchronized (mDhcpInfoInternal) {
|
||||
mLinkProperties = mDhcpInfoInternal.makeLinkProperties();
|
||||
mLinkProperties = WifiConfiguration.stripUndisplayableConfig(mLinkProperties);
|
||||
}
|
||||
mLinkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
|
||||
}
|
||||
@ -1816,6 +1818,7 @@ public class WifiStateMachine extends StateMachine {
|
||||
//DHCP renewal in connected state
|
||||
LinkProperties linkProperties = dhcpInfoInternal.makeLinkProperties();
|
||||
linkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
|
||||
linkProperties = WifiConfiguration.stripUndisplayableConfig(linkProperties);
|
||||
linkProperties.setInterfaceName(mInterfaceName);
|
||||
if (!linkProperties.equals(mLinkProperties)) {
|
||||
if (DBG) {
|
||||
|
||||
Reference in New Issue
Block a user