diff options
8 files changed, 312 insertions, 57 deletions
diff --git a/services/core/java/com/android/server/connectivity/Tethering.java b/services/core/java/com/android/server/connectivity/Tethering.java index 606f68bfaa5b..804c473cb4f6 100644 --- a/services/core/java/com/android/server/connectivity/Tethering.java +++ b/services/core/java/com/android/server/connectivity/Tethering.java @@ -815,30 +815,41 @@ public class Tethering extends BaseNetworkObserver { case WifiManager.WIFI_AP_STATE_DISABLING: case WifiManager.WIFI_AP_STATE_FAILED: default: - disableWifiIpServingLocked(curState); + disableWifiIpServingLocked(ifname, curState); break; } } } } - // TODO: Pass in the interface name and, if non-empty, only turn down IP - // serving on that one interface. - private void disableWifiIpServingLocked(int apState) { - if (DBG) Log.d(TAG, "Canceling WiFi tethering request - AP_STATE=" + apState); + private void disableWifiIpServingLocked(String ifname, int apState) { + mLog.log("Canceling WiFi tethering request - AP_STATE=" + apState); + + // Regardless of whether we requested this transition, the AP has gone + // down. Don't try to tether again unless we're requested to do so. + // TODO: Remove this altogether, once Wi-Fi reliably gives us an + // interface name with every broadcast. + mWifiTetherRequested = false; + + if (!TextUtils.isEmpty(ifname)) { + final TetherState ts = mTetherStates.get(ifname); + if (ts != null) { + ts.stateMachine.unwanted(); + return; + } + } - // Tell appropriate interface state machines that they should tear - // themselves down. for (int i = 0; i < mTetherStates.size(); i++) { TetherInterfaceStateMachine tism = mTetherStates.valueAt(i).stateMachine; if (tism.interfaceType() == ConnectivityManager.TETHERING_WIFI) { - tism.sendMessage(TetherInterfaceStateMachine.CMD_TETHER_UNREQUESTED); - break; // There should be at most one of these. + tism.unwanted(); + return; } } - // Regardless of whether we requested this transition, the AP has gone - // down. Don't try to tether again unless we're requested to do so. - mWifiTetherRequested = false; + + mLog.log("Error disabling Wi-Fi IP serving; " + + (TextUtils.isEmpty(ifname) ? "no interface name specified" + : "specified interface: " + ifname)); } private void enableWifiIpServingLocked(String ifname, int wifiIpMode) { @@ -1238,9 +1249,9 @@ public class Tethering extends BaseNetworkObserver { protected void chooseUpstreamType(boolean tryCell) { updateConfiguration(); // TODO - remove? - final int upstreamType = mUpstreamNetworkMonitor.selectPreferredUpstreamType( + final NetworkState ns = mUpstreamNetworkMonitor.selectPreferredUpstreamType( mConfig.preferredUpstreamIfaceTypes); - if (upstreamType == ConnectivityManager.TYPE_NONE) { + if (ns == null) { if (tryCell) { mUpstreamNetworkMonitor.registerMobileNetworkRequest(); // We think mobile should be coming up; don't set a retry. @@ -1248,40 +1259,30 @@ public class Tethering extends BaseNetworkObserver { sendMessageDelayed(CMD_RETRY_UPSTREAM, UPSTREAM_SETTLE_TIME_MS); } } - setUpstreamByType(upstreamType); + setUpstreamByType(ns); } - protected void setUpstreamByType(int upType) { - final ConnectivityManager cm = getConnectivityManager(); - Network network = null; + protected void setUpstreamByType(NetworkState ns) { String iface = null; - if (upType != ConnectivityManager.TYPE_NONE) { - LinkProperties linkProperties = cm.getLinkProperties(upType); - if (linkProperties != null) { - // Find the interface with the default IPv4 route. It may be the - // interface described by linkProperties, or one of the interfaces - // stacked on top of it. - Log.i(TAG, "Finding IPv4 upstream interface on: " + linkProperties); - RouteInfo ipv4Default = RouteInfo.selectBestRoute( - linkProperties.getAllRoutes(), Inet4Address.ANY); - if (ipv4Default != null) { - iface = ipv4Default.getInterface(); - Log.i(TAG, "Found interface " + ipv4Default.getInterface()); - } else { - Log.i(TAG, "No IPv4 upstream interface, giving up."); - } + if (ns != null && ns.linkProperties != null) { + // Find the interface with the default IPv4 route. It may be the + // interface described by linkProperties, or one of the interfaces + // stacked on top of it. + Log.i(TAG, "Finding IPv4 upstream interface on: " + ns.linkProperties); + RouteInfo ipv4Default = RouteInfo.selectBestRoute( + ns.linkProperties.getAllRoutes(), Inet4Address.ANY); + if (ipv4Default != null) { + iface = ipv4Default.getInterface(); + Log.i(TAG, "Found interface " + ipv4Default.getInterface()); + } else { + Log.i(TAG, "No IPv4 upstream interface, giving up."); } + } - if (iface != null) { - network = cm.getNetworkForType(upType); - if (network == null) { - Log.e(TAG, "No Network for upstream type " + upType + "!"); - } - setDnsForwarders(network, linkProperties); - } + if (iface != null) { + setDnsForwarders(ns.network, ns.linkProperties); } notifyTetheredOfNewUpstreamIface(iface); - NetworkState ns = mUpstreamNetworkMonitor.lookup(network); if (ns != null && pertainsToCurrentUpstream(ns)) { // If we already have NetworkState for this network examine // it immediately, because there likely will be no second diff --git a/services/core/java/com/android/server/connectivity/tethering/TetherInterfaceStateMachine.java b/services/core/java/com/android/server/connectivity/tethering/TetherInterfaceStateMachine.java index 82b9ca07bbc0..9eb342cf5b5f 100644 --- a/services/core/java/com/android/server/connectivity/tethering/TetherInterfaceStateMachine.java +++ b/services/core/java/com/android/server/connectivity/tethering/TetherInterfaceStateMachine.java @@ -132,6 +132,8 @@ public class TetherInterfaceStateMachine extends StateMachine { public void stop() { sendMessage(CMD_INTERFACE_DOWN); } + public void unwanted() { sendMessage(CMD_TETHER_UNREQUESTED); } + // configured when we start tethering and unconfig'd on error or conclusion private boolean configureIfaceIp(boolean enabled) { if (VDBG) Log.d(TAG, "configureIfaceIp(" + enabled + ")"); diff --git a/services/core/java/com/android/server/connectivity/tethering/UpstreamNetworkMonitor.java b/services/core/java/com/android/server/connectivity/tethering/UpstreamNetworkMonitor.java index b2d50515c39d..9ebfaf7b3893 100644 --- a/services/core/java/com/android/server/connectivity/tethering/UpstreamNetworkMonitor.java +++ b/services/core/java/com/android/server/connectivity/tethering/UpstreamNetworkMonitor.java @@ -174,10 +174,6 @@ public class UpstreamNetworkMonitor { mMobileNetworkCallback = null; } - public NetworkState lookup(Network network) { - return (network != null) ? mNetworkMap.get(network) : null; - } - // So many TODOs here, but chief among them is: make this functionality an // integral part of this class such that whenever a higher priority network // becomes available and useful we (a) file a request to keep it up as @@ -185,7 +181,7 @@ public class UpstreamNetworkMonitor { // passing LinkProperties up to Tethering). // // Next TODO: return NetworkState instead of just the type. - public int selectPreferredUpstreamType(Iterable<Integer> preferredTypes) { + public NetworkState selectPreferredUpstreamType(Iterable<Integer> preferredTypes) { final TypeStatePair typeStatePair = findFirstAvailableUpstreamByType( mNetworkMap.values(), preferredTypes); @@ -210,7 +206,7 @@ public class UpstreamNetworkMonitor { break; } - return typeStatePair.type; + return typeStatePair.ns; } private void handleAvailable(int callbackType, Network network) { diff --git a/telephony/java/android/telephony/ImsiEncryptionInfo.aidl b/telephony/java/android/telephony/ImsiEncryptionInfo.aidl new file mode 100644 index 000000000000..080e30a01071 --- /dev/null +++ b/telephony/java/android/telephony/ImsiEncryptionInfo.aidl @@ -0,0 +1,19 @@ +/* +* Copyright (C) 2017 The Android Open Source Project +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +package android.telephony; + +parcelable ImsiEncryptionInfo; diff --git a/telephony/java/android/telephony/ImsiEncryptionInfo.java b/telephony/java/android/telephony/ImsiEncryptionInfo.java new file mode 100644 index 000000000000..ecb9d25f2745 --- /dev/null +++ b/telephony/java/android/telephony/ImsiEncryptionInfo.java @@ -0,0 +1,137 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package android.telephony; + +import android.os.Parcel; +import android.os.Parcelable; +import android.util.Log; + +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.X509EncodedKeySpec; + +/** + * Class to represent information sent by the carrier, which will be used to encrypt + * the IMSI + IMPI. The ecryption is being done by WLAN, and the modem. + * + * @hide + */ +public final class ImsiEncryptionInfo implements Parcelable { + + private static final String LOG_TAG = "ImsiEncryptionInfo"; + private static final boolean DBG = false; + + + private final String mcc; + private final String mnc; + private final PublicKey publicKey; + private final String keyIdentifier; + private final int keyType; + + public ImsiEncryptionInfo(String mcc, String mnc, int keyType, String keyIdentifier, + PublicKey publicKey) { + this.mcc = mcc; + this.mnc = mnc; + this.keyType = keyType; + this.publicKey = publicKey; + this.keyIdentifier = keyIdentifier; + } + + public ImsiEncryptionInfo(Parcel in) { + int length = in.readInt(); + byte b[] = new byte[length]; + in.readByteArray(b); + publicKey = makeKeyObject(b); + mcc = in.readString(); + mnc = in.readString(); + keyIdentifier = in.readString(); + keyType = in.readInt(); + + } + + public String getMnc() { + return this.mnc; + } + + public String getMcc() { + return this.mcc; + } + + public String getKeyIdentifier() { + return this.keyIdentifier; + } + + public int getKeyType() { + return this.keyType; + } + + public PublicKey getPublicKey() { + return this.publicKey; + } + + private static PublicKey makeKeyObject(byte[] publicKeyBytes) { + try { + X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(publicKeyBytes); + return KeyFactory.getInstance("RSA").generatePublic(pubKeySpec); + } catch (InvalidKeySpecException | NoSuchAlgorithmException ex) { + Log.e(LOG_TAG, "Error makeKeyObject: unable to convert into PublicKey", ex); + } + return null; + } + + /** Implement the Parcelable interface */ + @Override + public int describeContents() { + return 0; + } + + public static final Parcelable.Creator<ImsiEncryptionInfo> CREATOR = + new Parcelable.Creator<ImsiEncryptionInfo>() { + @Override + public ImsiEncryptionInfo createFromParcel(Parcel in) { + return new ImsiEncryptionInfo(in); + } + + @Override + public ImsiEncryptionInfo[] newArray(int size) { + return new ImsiEncryptionInfo[size]; + } + }; + + @Override + public void writeToParcel(Parcel dest, int flags) { + byte[] b = publicKey.getEncoded(); + dest.writeInt(b.length); + dest.writeByteArray(b); + dest.writeString(mcc); + dest.writeString(mnc); + dest.writeString(keyIdentifier); + dest.writeInt(keyType); + } + + @Override + public String toString(){ + return "[ImsiEncryptionInfo " + + "mcc=" + mcc + + "mnc=" + mnc + + "publicKey=" + publicKey + + ", keyIdentifier=" + keyIdentifier + + ", keyType=" + keyType + + "]"; + } +} diff --git a/telephony/java/android/telephony/TelephonyManager.java b/telephony/java/android/telephony/TelephonyManager.java index e81c97e5fca8..add4f03cddb1 100644 --- a/telephony/java/android/telephony/TelephonyManager.java +++ b/telephony/java/android/telephony/TelephonyManager.java @@ -142,6 +142,12 @@ public class TelephonyManager { static public final int OTASP_SIM_UNPROVISIONED = 5; + /** @hide */ + static public final int KEY_TYPE_EPDDG = 1; + + /** @hide */ + static public final int KEY_TYPE_WLAN = 2; + private final Context mContext; private final int mSubId; private SubscriptionManager mSubscriptionManager; @@ -2339,6 +2345,73 @@ public class TelephonyManager { } /** + * Returns Carrier specific information that will be used to encrypt the IMSI and IMPI. + * This includes the public key and the key identifier. For multi-sim devices, if no subId + * has been specified, we will return the value for the dafault data sim. + * Return null if it is unavailable. + * <p> + * Requires Permission: + * {@link android.Manifest.permission#READ_PHONE_STATE READ_PHONE_STATE} + * @param keyType whether the key is being used for wlan or epdg. Valid key types are + * {@link TelephonyManager#KEY_TYPE_EPDDG} or + * {@link TelephonyManager#KEY_TYPE_WLAN}. + * @return ImsiEncryptionInfo Carrier specific information that will be used to encrypt the + * IMSI and IMPI. This includes the public key and the key identifier. This information + * will be stored in the device keystore. + * @hide + */ + public ImsiEncryptionInfo getCarrierInfoForImsiEncryption(int keyType) { + try { + IPhoneSubInfo info = getSubscriberInfo(); + if (info == null) return null; + int subId = getSubId(SubscriptionManager.getDefaultDataSubscriptionId()); + if (keyType != KEY_TYPE_EPDDG && keyType != KEY_TYPE_WLAN) { + throw new IllegalArgumentException("Invalid key type"); + } + return info.getCarrierInfoForImsiEncryption(subId, keyType, + mContext.getOpPackageName()); + } catch (RemoteException ex) { + Rlog.e(TAG, "getCarrierInfoForImsiEncryption RemoteException", ex); + return null; + } catch (NullPointerException ex) { + // This could happen before phone restarts due to crashing + Rlog.e(TAG, "getCarrierInfoForImsiEncryption NullPointerException", ex); + return null; + } + } + + /** + * Sets the Carrier specific information that will be used to encrypt the IMSI and IMPI. + * This includes the public key and the key identifier. This information will be stored in the + * device keystore. + * <p> + * Requires Permission: + * {@link android.Manifest.permission#READ_PHONE_STATE READ_PHONE_STATE} + * @param imsiEncryptionInfo which includes the Key Type, the Public Key + * (java.security.PublicKey) and the Key Identifier.and the Key Identifier. + * The keyIdentifier Attribute value pair that helps a server locate + * the private key to decrypt the permanent identity. This field is + * optional and if it is present then it’s always separated from encrypted + * permanent identity with “,”. Key identifier AVP is presented in ASCII string + * with “name=value” format. + * @hide + */ + public void setCarrierInfoForImsiEncryption(ImsiEncryptionInfo imsiEncryptionInfo) { + try { + IPhoneSubInfo info = getSubscriberInfo(); + if (info == null) return; + info.setCarrierInfoForImsiEncryption(mSubId, mContext.getOpPackageName(), + imsiEncryptionInfo); + } catch (NullPointerException ex) { + // This could happen before phone restarts due to crashing + return; + } catch (RemoteException ex) { + Rlog.e(TAG, "setCarrierInfoForImsiEncryption RemoteException", ex); + return; + } + } + + /** * Returns the Group Identifier Level1 for a GSM phone. * Return null if it is unavailable. * <p> diff --git a/telephony/java/com/android/internal/telephony/IPhoneSubInfo.aidl b/telephony/java/com/android/internal/telephony/IPhoneSubInfo.aidl index 02baa3454536..dbd8867b14c9 100644 --- a/telephony/java/com/android/internal/telephony/IPhoneSubInfo.aidl +++ b/telephony/java/com/android/internal/telephony/IPhoneSubInfo.aidl @@ -16,6 +16,8 @@ package com.android.internal.telephony; +import android.telephony.ImsiEncryptionInfo; + /** * Interface used to retrieve various phone-related subscriber information. * @@ -138,6 +140,18 @@ interface IPhoneSubInfo { String getCompleteVoiceMailNumberForSubscriber(int subId); /** + * Retrieves the Carrier information used to encrypt IMSI and IMPI. + */ + ImsiEncryptionInfo getCarrierInfoForImsiEncryption(int subId, int keyType, + String callingPackage); + + /** + * Stores the Carrier information used to encrypt IMSI and IMPI. + */ + void setCarrierInfoForImsiEncryption(int subId, String callingPackage, + in ImsiEncryptionInfo imsiEncryptionInfo); + + /** * Retrieves the alpha identifier associated with the voice mail number. */ String getVoiceMailAlphaTag(String callingPackage); diff --git a/tests/net/java/com/android/server/connectivity/tethering/UpstreamNetworkMonitorTest.java b/tests/net/java/com/android/server/connectivity/tethering/UpstreamNetworkMonitorTest.java index fb6066e46e66..fb5c5778d05b 100644 --- a/tests/net/java/com/android/server/connectivity/tethering/UpstreamNetworkMonitorTest.java +++ b/tests/net/java/com/android/server/connectivity/tethering/UpstreamNetworkMonitorTest.java @@ -47,6 +47,7 @@ import android.net.IConnectivityManager; import android.net.Network; import android.net.NetworkCapabilities; import android.net.NetworkRequest; +import android.net.NetworkState; import android.net.util.SharedLog; import android.support.test.filters.SmallTest; @@ -253,31 +254,32 @@ public class UpstreamNetworkMonitorTest { mUNM.start(); // There are no networks, so there is nothing to select. - assertEquals(TYPE_NONE, mUNM.selectPreferredUpstreamType(preferredTypes)); + assertSatisfiesLegacyType(TYPE_NONE, mUNM.selectPreferredUpstreamType(preferredTypes)); final TestNetworkAgent wifiAgent = new TestNetworkAgent(mCM, TRANSPORT_WIFI); wifiAgent.fakeConnect(); // WiFi is up, we should prefer it. - assertEquals(TYPE_WIFI, mUNM.selectPreferredUpstreamType(preferredTypes)); + assertSatisfiesLegacyType(TYPE_WIFI, mUNM.selectPreferredUpstreamType(preferredTypes)); wifiAgent.fakeDisconnect(); // There are no networks, so there is nothing to select. - assertEquals(TYPE_NONE, mUNM.selectPreferredUpstreamType(preferredTypes)); + assertSatisfiesLegacyType(TYPE_NONE, mUNM.selectPreferredUpstreamType(preferredTypes)); final TestNetworkAgent cellAgent = new TestNetworkAgent(mCM, TRANSPORT_CELLULAR); cellAgent.fakeConnect(); - assertEquals(TYPE_NONE, mUNM.selectPreferredUpstreamType(preferredTypes)); + assertSatisfiesLegacyType(TYPE_NONE, mUNM.selectPreferredUpstreamType(preferredTypes)); preferredTypes.add(TYPE_MOBILE_DUN); // This is coupled with preferred types in TetheringConfiguration. mUNM.updateMobileRequiresDun(true); // DUN is available, but only use regular cell: no upstream selected. - assertEquals(TYPE_NONE, mUNM.selectPreferredUpstreamType(preferredTypes)); + assertSatisfiesLegacyType(TYPE_NONE, mUNM.selectPreferredUpstreamType(preferredTypes)); preferredTypes.remove(TYPE_MOBILE_DUN); // No WiFi, but our preferred flavour of cell is up. preferredTypes.add(TYPE_MOBILE_HIPRI); // This is coupled with preferred types in TetheringConfiguration. mUNM.updateMobileRequiresDun(false); - assertEquals(TYPE_MOBILE_HIPRI, mUNM.selectPreferredUpstreamType(preferredTypes)); + assertSatisfiesLegacyType(TYPE_MOBILE_HIPRI, + mUNM.selectPreferredUpstreamType(preferredTypes)); // Check to see we filed an explicit request. assertEquals(1, mCM.requested.size()); NetworkRequest netReq = (NetworkRequest) mCM.requested.values().toArray()[0]; @@ -286,25 +288,26 @@ public class UpstreamNetworkMonitorTest { wifiAgent.fakeConnect(); // WiFi is up, and we should prefer it over cell. - assertEquals(TYPE_WIFI, mUNM.selectPreferredUpstreamType(preferredTypes)); + assertSatisfiesLegacyType(TYPE_WIFI, mUNM.selectPreferredUpstreamType(preferredTypes)); assertEquals(0, mCM.requested.size()); preferredTypes.remove(TYPE_MOBILE_HIPRI); preferredTypes.add(TYPE_MOBILE_DUN); // This is coupled with preferred types in TetheringConfiguration. mUNM.updateMobileRequiresDun(true); - assertEquals(TYPE_WIFI, mUNM.selectPreferredUpstreamType(preferredTypes)); + assertSatisfiesLegacyType(TYPE_WIFI, mUNM.selectPreferredUpstreamType(preferredTypes)); final TestNetworkAgent dunAgent = new TestNetworkAgent(mCM, TRANSPORT_CELLULAR); dunAgent.networkCapabilities.addCapability(NET_CAPABILITY_DUN); dunAgent.fakeConnect(); // WiFi is still preferred. - assertEquals(TYPE_WIFI, mUNM.selectPreferredUpstreamType(preferredTypes)); + assertSatisfiesLegacyType(TYPE_WIFI, mUNM.selectPreferredUpstreamType(preferredTypes)); // WiFi goes down, cell and DUN are still up but only DUN is preferred. wifiAgent.fakeDisconnect(); - assertEquals(TYPE_MOBILE_DUN, mUNM.selectPreferredUpstreamType(preferredTypes)); + assertSatisfiesLegacyType(TYPE_MOBILE_DUN, + mUNM.selectPreferredUpstreamType(preferredTypes)); // Check to see we filed an explicit request. assertEquals(1, mCM.requested.size()); netReq = (NetworkRequest) mCM.requested.values().toArray()[0]; @@ -312,6 +315,16 @@ public class UpstreamNetworkMonitorTest { assertTrue(netReq.networkCapabilities.hasCapability(NET_CAPABILITY_DUN)); } + private void assertSatisfiesLegacyType(int legacyType, NetworkState ns) { + if (legacyType == TYPE_NONE) { + assertTrue(ns == null); + return; + } + + final NetworkCapabilities nc = ConnectivityManager.networkCapabilitiesForType(legacyType); + assertTrue(nc.satisfiedByNetworkCapabilities(ns.networkCapabilities)); + } + private void assertUpstreamTypeRequested(int upstreamType) throws Exception { assertEquals(1, mCM.requested.size()); assertEquals(1, mCM.legacyTypeMap.size()); |