PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Relax WiFi cert installation restrictions in HSUM mode

Browse Source 
The Settings app runs under the current user, which previously lacked
the necessary permissions to install client certificates in HSUM mode.

This change allows any admin user to install these certificates.

Bug: b/370013519
Flag: EXEMPT bugfix
Test: manually installed and removed client certificate for WiFi
Change-Id: I57a7364c76a0adb7ed4112e48fb20070ab9d7bff
This commit is contained in:
Andreea Costinas
2024-10-24 12:48:38 +00:00
parent e7ba339a6e
commit 25d8e56c53
2 changed files with 11 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/com/android/settings/UserCredentialsSettings.java
View File

@@ -291,23 +291,23 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
// Certificates can be installed into SYSTEM_UID or WIFI_UID through CertInstaller.
final int myUserId = UserHandle.myUserId();
final int systemUid = UserHandle.getUid(myUserId, Process.SYSTEM_UID);
final int wifiUid = UserHandle.getUid(myUserId, Process.WIFI_UID);
try {
KeyStore processKeystore = KeyStore.getInstance(KEYSTORE_PROVIDER);
processKeystore.load(null);
KeyStore wifiKeystore = null;
if (myUserId == 0) {
wifiKeystore = KeyStore.getInstance(KEYSTORE_PROVIDER);
wifiKeystore.load(new AndroidKeyStoreLoadStoreParameter(
KeyProperties.NAMESPACE_WIFI));
}
List<Credential> credentials = new ArrayList<>();
credentials.addAll(getCredentialsForUid(processKeystore, systemUid).values());
if (wifiKeystore != null) {
credentials.addAll(getCredentialsForUid(wifiKeystore, wifiUid).values());
UserManager userManager = getContext().getSystemService(UserManager.class);
if (userManager.isAdminUser()) {
wifiKeystore = KeyStore.getInstance(KEYSTORE_PROVIDER);
wifiKeystore.load(
new AndroidKeyStoreLoadStoreParameter(KeyProperties.NAMESPACE_WIFI));
credentials.addAll(
getCredentialsForUid(wifiKeystore, Process.WIFI_UID).values());
}
return credentials;
} catch (Exception e) {
throw new RuntimeException("Failed to load credentials from Keystore.", e);