am fe38ff8d: DO NOT MERGE Sanitize WifiConfigs

* commit 'fe38ff8d36c4fa2e18f4c786692eeea5ebd94e9f':
  DO NOT MERGE Sanitize WifiConfigs
diff --git a/core/java/android/net/LinkProperties.java b/core/java/android/net/LinkProperties.java
index 75646fd..bf411cc 100644
--- a/core/java/android/net/LinkProperties.java
+++ b/core/java/android/net/LinkProperties.java
@@ -112,6 +112,16 @@
         return Collections.unmodifiableCollection(mLinkAddresses);
     }
 
+    /**
+     * Replaces the LinkAddresses on this link with the given collection of addresses
+     */
+    public void setLinkAddresses(Collection<LinkAddress> addresses) {
+        mLinkAddresses.clear();
+        for (LinkAddress address: addresses) {
+            addLinkAddress(address);
+        }
+    }
+
     public void addDns(InetAddress dns) {
         if (dns != null) mDnses.add(dns);
     }
@@ -127,6 +137,16 @@
         return Collections.unmodifiableCollection(mRoutes);
     }
 
+    /**
+     * Replaces the RouteInfos on this link with the given collection of RouteInfos.
+     */
+    public void setRoutes(Collection<RouteInfo> routes) {
+        mRoutes.clear();
+        for (RouteInfo route : routes) {
+            addRoute(route);
+        }
+    }
+
     public void setHttpProxy(ProxyProperties proxy) {
         mHttpProxy = proxy;
     }
diff --git a/services/java/com/android/server/WifiService.java b/services/java/com/android/server/WifiService.java
index 1f03d17..39c1778 100644
--- a/services/java/com/android/server/WifiService.java
+++ b/services/java/com/android/server/WifiService.java
@@ -41,6 +41,7 @@
 import android.net.wifi.WpsResult;
 import android.net.ConnectivityManager;
 import android.net.DhcpInfo;
+import android.net.LinkProperties;
 import android.net.NetworkInfo;
 import android.net.NetworkInfo.State;
 import android.net.NetworkInfo.DetailedState;
@@ -713,6 +714,17 @@
      */
     public int addOrUpdateNetwork(WifiConfiguration config) {
         enforceChangePermission();
+        // Until we have better UI so the user knows what's up we can't support undisplayable
+        // things (it's a security hole).  Even when we can support it we probably need
+        // to lock down who can modify what.  TODO - remove this when addOrUpdateNetwork
+        // restricts callers AND when the UI in settings lets users view the data AND
+        // when the VPN code is immune to specific routes.
+        if (config != null) {
+            LinkProperties lp = config.linkProperties;
+            if (lp == null || lp.equals(WifiConfiguration.stripUndisplayableConfig(lp)) == false) {
+                return -1;
+            }
+        }
         if (mWifiStateMachineChannel != null) {
             return mWifiStateMachine.syncAddOrUpdateNetwork(mWifiStateMachineChannel, config);
         } else {
diff --git a/wifi/java/android/net/wifi/WifiConfiguration.java b/wifi/java/android/net/wifi/WifiConfiguration.java
index 0a846fd..f692550 100644
--- a/wifi/java/android/net/wifi/WifiConfiguration.java
+++ b/wifi/java/android/net/wifi/WifiConfiguration.java
@@ -16,11 +16,16 @@
 
 package android.net.wifi;
 
+import android.net.LinkAddress;
 import android.net.LinkProperties;
+import android.net.RouteInfo;
 import android.os.Parcelable;
 import android.os.Parcel;
 
+import java.util.ArrayList;
 import java.util.BitSet;
+import java.util.Collection;
+import java.util.Iterator;
 
 /**
  * A class representing a configured Wi-Fi network, including the
@@ -594,6 +599,44 @@
         }
     }
 
+    /**
+     * We don't want to use routes other than the first default and
+     * correct direct-connect route, or addresses beyond the first as
+     * the user can't see them in the UI and malicious apps
+     * can do malicious things with them.  In particular specific routes
+     * circumvent VPNs of this era.
+     *
+     * @hide
+     */
+    public static LinkProperties stripUndisplayableConfig(LinkProperties lp) {
+        if (lp == null) return lp;
+
+        LinkProperties newLp = new LinkProperties(lp);
+        Iterator<LinkAddress> i = lp.getLinkAddresses().iterator();
+        RouteInfo directConnectRoute = null;
+        if (i.hasNext()) {
+            LinkAddress addr = i.next();
+            Collection<LinkAddress> newAddresses = new ArrayList<LinkAddress>(1);
+            newAddresses.add(addr);
+            newLp.setLinkAddresses(newAddresses);
+            directConnectRoute = new RouteInfo(addr,null);
+        }
+        boolean defaultAdded = false;
+        Collection<RouteInfo> routes = lp.getRoutes();
+        Collection<RouteInfo> newRoutes = new ArrayList<RouteInfo>(2);
+        for (RouteInfo route : routes) {
+            if (defaultAdded == false && route.isDefaultRoute()) {
+                newRoutes.add(route);
+                defaultAdded = true;
+            }
+            if (route.equals(directConnectRoute)) {
+                newRoutes.add(route);
+            }
+        }
+        newLp.setRoutes(newRoutes);
+        return newLp;
+    }
+
     /** Implement the Parcelable interface {@hide} */
     public void writeToParcel(Parcel dest, int flags) {
         dest.writeInt(networkId);
diff --git a/wifi/java/android/net/wifi/WifiStateMachine.java b/wifi/java/android/net/wifi/WifiStateMachine.java
index 15eb9b9..a5cb855 100644
--- a/wifi/java/android/net/wifi/WifiStateMachine.java
+++ b/wifi/java/android/net/wifi/WifiStateMachine.java
@@ -1528,9 +1528,11 @@
     private void configureLinkProperties() {
         if (mWifiConfigStore.isUsingStaticIp(mLastNetworkId)) {
             mLinkProperties = mWifiConfigStore.getLinkProperties(mLastNetworkId);
+            mLinkProperties = WifiConfiguration.stripUndisplayableConfig(mLinkProperties);
         } else {
             synchronized (mDhcpInfoInternal) {
                 mLinkProperties = mDhcpInfoInternal.makeLinkProperties();
+                mLinkProperties = WifiConfiguration.stripUndisplayableConfig(mLinkProperties);
             }
             mLinkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
         }
@@ -1743,6 +1745,7 @@
             //DHCP renewal in connected state
             LinkProperties linkProperties = dhcpInfoInternal.makeLinkProperties();
             linkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
+            linkProperties = WifiConfiguration.stripUndisplayableConfig(linkProperties);
             linkProperties.setInterfaceName(mInterfaceName);
             if (!linkProperties.equals(mLinkProperties)) {
                 if (DBG) {