am fe38ff8d: DO NOT MERGE Sanitize WifiConfigs
* commit 'fe38ff8d36c4fa2e18f4c786692eeea5ebd94e9f':
DO NOT MERGE Sanitize WifiConfigs
diff --git a/core/java/android/net/LinkProperties.java b/core/java/android/net/LinkProperties.java
index 75646fd..bf411cc 100644
--- a/core/java/android/net/LinkProperties.java
+++ b/core/java/android/net/LinkProperties.java
@@ -112,6 +112,16 @@
return Collections.unmodifiableCollection(mLinkAddresses);
}
+ /**
+ * Replaces the LinkAddresses on this link with the given collection of addresses
+ */
+ public void setLinkAddresses(Collection<LinkAddress> addresses) {
+ mLinkAddresses.clear();
+ for (LinkAddress address: addresses) {
+ addLinkAddress(address);
+ }
+ }
+
public void addDns(InetAddress dns) {
if (dns != null) mDnses.add(dns);
}
@@ -127,6 +137,16 @@
return Collections.unmodifiableCollection(mRoutes);
}
+ /**
+ * Replaces the RouteInfos on this link with the given collection of RouteInfos.
+ */
+ public void setRoutes(Collection<RouteInfo> routes) {
+ mRoutes.clear();
+ for (RouteInfo route : routes) {
+ addRoute(route);
+ }
+ }
+
public void setHttpProxy(ProxyProperties proxy) {
mHttpProxy = proxy;
}
diff --git a/services/java/com/android/server/WifiService.java b/services/java/com/android/server/WifiService.java
index 1f03d17..39c1778 100644
--- a/services/java/com/android/server/WifiService.java
+++ b/services/java/com/android/server/WifiService.java
@@ -41,6 +41,7 @@
import android.net.wifi.WpsResult;
import android.net.ConnectivityManager;
import android.net.DhcpInfo;
+import android.net.LinkProperties;
import android.net.NetworkInfo;
import android.net.NetworkInfo.State;
import android.net.NetworkInfo.DetailedState;
@@ -713,6 +714,17 @@
*/
public int addOrUpdateNetwork(WifiConfiguration config) {
enforceChangePermission();
+ // Until we have better UI so the user knows what's up we can't support undisplayable
+ // things (it's a security hole). Even when we can support it we probably need
+ // to lock down who can modify what. TODO - remove this when addOrUpdateNetwork
+ // restricts callers AND when the UI in settings lets users view the data AND
+ // when the VPN code is immune to specific routes.
+ if (config != null) {
+ LinkProperties lp = config.linkProperties;
+ if (lp == null || lp.equals(WifiConfiguration.stripUndisplayableConfig(lp)) == false) {
+ return -1;
+ }
+ }
if (mWifiStateMachineChannel != null) {
return mWifiStateMachine.syncAddOrUpdateNetwork(mWifiStateMachineChannel, config);
} else {
diff --git a/wifi/java/android/net/wifi/WifiConfiguration.java b/wifi/java/android/net/wifi/WifiConfiguration.java
index 0a846fd..f692550 100644
--- a/wifi/java/android/net/wifi/WifiConfiguration.java
+++ b/wifi/java/android/net/wifi/WifiConfiguration.java
@@ -16,11 +16,16 @@
package android.net.wifi;
+import android.net.LinkAddress;
import android.net.LinkProperties;
+import android.net.RouteInfo;
import android.os.Parcelable;
import android.os.Parcel;
+import java.util.ArrayList;
import java.util.BitSet;
+import java.util.Collection;
+import java.util.Iterator;
/**
* A class representing a configured Wi-Fi network, including the
@@ -594,6 +599,44 @@
}
}
+ /**
+ * We don't want to use routes other than the first default and
+ * correct direct-connect route, or addresses beyond the first as
+ * the user can't see them in the UI and malicious apps
+ * can do malicious things with them. In particular specific routes
+ * circumvent VPNs of this era.
+ *
+ * @hide
+ */
+ public static LinkProperties stripUndisplayableConfig(LinkProperties lp) {
+ if (lp == null) return lp;
+
+ LinkProperties newLp = new LinkProperties(lp);
+ Iterator<LinkAddress> i = lp.getLinkAddresses().iterator();
+ RouteInfo directConnectRoute = null;
+ if (i.hasNext()) {
+ LinkAddress addr = i.next();
+ Collection<LinkAddress> newAddresses = new ArrayList<LinkAddress>(1);
+ newAddresses.add(addr);
+ newLp.setLinkAddresses(newAddresses);
+ directConnectRoute = new RouteInfo(addr,null);
+ }
+ boolean defaultAdded = false;
+ Collection<RouteInfo> routes = lp.getRoutes();
+ Collection<RouteInfo> newRoutes = new ArrayList<RouteInfo>(2);
+ for (RouteInfo route : routes) {
+ if (defaultAdded == false && route.isDefaultRoute()) {
+ newRoutes.add(route);
+ defaultAdded = true;
+ }
+ if (route.equals(directConnectRoute)) {
+ newRoutes.add(route);
+ }
+ }
+ newLp.setRoutes(newRoutes);
+ return newLp;
+ }
+
/** Implement the Parcelable interface {@hide} */
public void writeToParcel(Parcel dest, int flags) {
dest.writeInt(networkId);
diff --git a/wifi/java/android/net/wifi/WifiStateMachine.java b/wifi/java/android/net/wifi/WifiStateMachine.java
index 15eb9b9..a5cb855 100644
--- a/wifi/java/android/net/wifi/WifiStateMachine.java
+++ b/wifi/java/android/net/wifi/WifiStateMachine.java
@@ -1528,9 +1528,11 @@
private void configureLinkProperties() {
if (mWifiConfigStore.isUsingStaticIp(mLastNetworkId)) {
mLinkProperties = mWifiConfigStore.getLinkProperties(mLastNetworkId);
+ mLinkProperties = WifiConfiguration.stripUndisplayableConfig(mLinkProperties);
} else {
synchronized (mDhcpInfoInternal) {
mLinkProperties = mDhcpInfoInternal.makeLinkProperties();
+ mLinkProperties = WifiConfiguration.stripUndisplayableConfig(mLinkProperties);
}
mLinkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
}
@@ -1743,6 +1745,7 @@
//DHCP renewal in connected state
LinkProperties linkProperties = dhcpInfoInternal.makeLinkProperties();
linkProperties.setHttpProxy(mWifiConfigStore.getProxyProperties(mLastNetworkId));
+ linkProperties = WifiConfiguration.stripUndisplayableConfig(linkProperties);
linkProperties.setInterfaceName(mInterfaceName);
if (!linkProperties.equals(mLinkProperties)) {
if (DBG) {