summaryrefslogtreecommitdiff
path: root/wifi
diff options
context:
space:
mode:
Diffstat (limited to 'wifi')
-rw-r--r--wifi/jarjar-rules.txt3
-rw-r--r--wifi/java/android/net/wifi/SoftApCapability.java8
-rw-r--r--wifi/java/android/net/wifi/SoftApConfiguration.java38
-rw-r--r--wifi/java/android/net/wifi/WifiEnterpriseConfig.java45
-rw-r--r--wifi/java/android/net/wifi/WifiInfo.java3
-rw-r--r--wifi/java/android/net/wifi/WifiManager.java7
-rw-r--r--wifi/java/android/net/wifi/nl80211/WifiNl80211Manager.java10
-rw-r--r--wifi/tests/src/android/net/wifi/WifiEnterpriseConfigTest.java7
8 files changed, 93 insertions, 28 deletions
diff --git a/wifi/jarjar-rules.txt b/wifi/jarjar-rules.txt
index f0555e6ec93e..e253ae25659e 100644
--- a/wifi/jarjar-rules.txt
+++ b/wifi/jarjar-rules.txt
@@ -114,7 +114,6 @@ rule fi.iki.elonen.** com.android.wifi.x.@0
## used by both framework-wifi and service-wifi ##
rule android.content.pm.BaseParceledListSlice* com.android.wifi.x.@0
rule android.content.pm.ParceledListSlice* com.android.wifi.x.@0
-rule android.net.shared.Inet4AddressUtils* com.android.wifi.x.@0
rule android.net.util.MacAddressUtils* com.android.wifi.x.@0
rule android.net.util.nsd.DnsSdTxtRecord* com.android.wifi.x.@0
rule android.os.HandlerExecutor* com.android.wifi.x.@0
@@ -123,3 +122,5 @@ rule com.android.internal.util.AsyncChannel* com.android.wifi.x.@0
rule com.android.internal.util.AsyncService* com.android.wifi.x.@0
rule com.android.internal.util.Preconditions* com.android.wifi.x.@0
rule com.android.internal.util.Protocol* com.android.wifi.x.@0
+
+rule com.android.net.module.util.** com.android.wifi.x.@0
diff --git a/wifi/java/android/net/wifi/SoftApCapability.java b/wifi/java/android/net/wifi/SoftApCapability.java
index 18b26db1b020..dcb57ecc933f 100644
--- a/wifi/java/android/net/wifi/SoftApCapability.java
+++ b/wifi/java/android/net/wifi/SoftApCapability.java
@@ -102,7 +102,9 @@ public final class SoftApCapability implements Parcelable {
/**
* Returns true when all of the queried features are supported, otherwise false.
*
- * @param features One or combination of the features from {@link @HotspotFeatures}
+ * @param features One or combination of the following features:
+ * {@link #SOFTAP_FEATURE_ACS_OFFLOAD}, {@link #SOFTAP_FEATURE_CLIENT_FORCE_DISCONNECT} or
+ * {@link #SOFTAP_FEATURE_WPA3_SAE}.
*/
public boolean areFeaturesSupported(@HotspotFeatures long features) {
return (mSupportedFeatures & features) == features;
@@ -122,7 +124,9 @@ public final class SoftApCapability implements Parcelable {
* Constructor with combination of the feature.
* Zero to no supported feature.
*
- * @param features One or combination of the features from {@link @HotspotFeatures}.
+ * @param features One or combination of the following features:
+ * {@link #SOFTAP_FEATURE_ACS_OFFLOAD}, {@link #SOFTAP_FEATURE_CLIENT_FORCE_DISCONNECT} or
+ * {@link #SOFTAP_FEATURE_WPA3_SAE}.
* @hide
*/
public SoftApCapability(@HotspotFeatures long features) {
diff --git a/wifi/java/android/net/wifi/SoftApConfiguration.java b/wifi/java/android/net/wifi/SoftApConfiguration.java
index 457e0db9dc54..2bcd4f4241a6 100644
--- a/wifi/java/android/net/wifi/SoftApConfiguration.java
+++ b/wifi/java/android/net/wifi/SoftApConfiguration.java
@@ -165,7 +165,8 @@ public final class SoftApConfiguration implements Parcelable {
/**
* The operating band of the AP.
- * One of the band types from {@link @BandType}.
+ * One or combination of the following band type:
+ * {@link #BAND_2GHZ}, {@link #BAND_5GHZ}, {@link #BAND_6GHZ}.
*/
private final @BandType int mBand;
@@ -181,7 +182,11 @@ public final class SoftApConfiguration implements Parcelable {
/**
* The operating security type of the AP.
- * One of the security types from {@link @SecurityType}
+ * One of the following security types:
+ * {@link #SECURITY_TYPE_OPEN},
+ * {@link #SECURITY_TYPE_WPA2_PSK},
+ * {@link #SECURITY_TYPE_WPA3_SAE_TRANSITION},
+ * {@link #SECURITY_TYPE_WPA3_SAE}
*/
private final @SecurityType int mSecurityType;
@@ -393,8 +398,12 @@ public final class SoftApConfiguration implements Parcelable {
}
/**
- * Returns {@link BandType} set to be the band for the AP.
- * {@link Builder#setBand(@BandType int)}.
+ * Returns band type set to be the band for the AP.
+ *
+ * One or combination of the following band type:
+ * {@link #BAND_2GHZ}, {@link #BAND_5GHZ}, {@link #BAND_6GHZ}.
+ *
+ * {@link Builder#setBand(int)}.
*
* @hide
*/
@@ -679,15 +688,19 @@ public final class SoftApConfiguration implements Parcelable {
/**
* Specifies that this AP should use specific security type with the given ASCII passphrase.
*
- * @param securityType one of the security types from {@link @SecurityType}.
- * @param passphrase The passphrase to use for sepcific {@link @SecurityType} configuration
- * or null with {@link @SecurityType#SECURITY_TYPE_OPEN}.
+ * @param securityType One of the following security types:
+ * {@link #SECURITY_TYPE_OPEN},
+ * {@link #SECURITY_TYPE_WPA2_PSK},
+ * {@link #SECURITY_TYPE_WPA3_SAE_TRANSITION},
+ * {@link #SECURITY_TYPE_WPA3_SAE}.
+ * @param passphrase The passphrase to use for sepcific {@code securityType} configuration
+ * or null with {@link #SECURITY_TYPE_OPEN}.
*
* @return Builder for chaining.
* @throws IllegalArgumentException when the passphrase length is invalid and
- * {@code securityType} is not {@link @SecurityType#SECURITY_TYPE_OPEN}
+ * {@code securityType} is not {@link #SECURITY_TYPE_OPEN}
* or non-null passphrase and {@code securityType} is
- * {@link @SecurityType#SECURITY_TYPE_OPEN}.
+ * {@link #SECURITY_TYPE_OPEN}.
*/
@NonNull
public Builder setPassphrase(@Nullable String passphrase, @SecurityType int securityType) {
@@ -735,9 +748,10 @@ public final class SoftApConfiguration implements Parcelable {
/**
* Specifies the band for the AP.
* <p>
- * <li>If not set, defaults to BAND_2GHZ {@link @BandType}.</li>
+ * <li>If not set, defaults to {@link #BAND_2GHZ}.</li>
*
- * @param band One or combination of the band types from {@link @BandType}.
+ * @param band One or combination of the following band type:
+ * {@link #BAND_2GHZ}, {@link #BAND_5GHZ}, {@link #BAND_6GHZ}.
* @return Builder for chaining.
*/
@NonNull
@@ -758,7 +772,7 @@ public final class SoftApConfiguration implements Parcelable {
* <p>
* The default for the channel is a the special value 0 to have the framework
* auto-select a valid channel from the band configured with
- * {@link #setBand(@BandType int)}.
+ * {@link #setBand(int)}.
*
* The channel auto selection will offload to driver when
* {@link SoftApCapability#areFeaturesSupported(
diff --git a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
index 7b86b084baab..d35ce3c7a42c 100644
--- a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
+++ b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
@@ -769,6 +769,10 @@ public class WifiEnterpriseConfig implements Parcelable {
* certificate when the config is saved and removing the certificate when
* the config is removed.
*
+ * Note: If no certificate is set for an Enterprise configuration, either by not calling this
+ * API (or the {@link #setCaCertificates(X509Certificate[])}, or by calling it with null, then
+ * the server certificate validation is skipped - which means that the connection is not secure.
+ *
* @param cert X.509 CA certificate
* @throws IllegalArgumentException if not a CA certificate
*/
@@ -808,6 +812,11 @@ public class WifiEnterpriseConfig implements Parcelable {
* certificates when the config is saved and removing the certificates when
* the config is removed.
*
+ * Note: If no certificates are set for an Enterprise configuration, either by not calling this
+ * API (or the {@link #setCaCertificate(X509Certificate)}, or by calling it with null, then the
+ * server certificate validation is skipped - which means that the
+ * connection is not secure.
+ *
* @param certs X.509 CA certificates
* @throws IllegalArgumentException if any of the provided certificates is
* not a CA certificate
@@ -859,6 +868,13 @@ public class WifiEnterpriseConfig implements Parcelable {
* like /etc/ssl/certs. If configured, these certificates are added to the
* list of trusted CAs. ca_cert may also be included in that case, but it is
* not required.
+ *
+ * Note: If no certificate path is set for an Enterprise configuration, either by not calling
+ * this API, or by calling it with null, and no certificate is set by
+ * {@link #setCaCertificate(X509Certificate)} or {@link #setCaCertificates(X509Certificate[])},
+ * then the server certificate validation is skipped - which means that the connection is not
+ * secure.
+ *
* @param path The path for CA certificate files, or empty string to clear.
* @hide
*/
@@ -868,7 +884,7 @@ public class WifiEnterpriseConfig implements Parcelable {
}
/**
- * Get the domain_suffix_match value. See setDomSuffixMatch.
+ * Get the ca_path directive from wpa_supplicant.
* @return The path for CA certificate files, or an empty string if unset.
* @hide
*/
@@ -1061,6 +1077,12 @@ public class WifiEnterpriseConfig implements Parcelable {
/**
* Set alternate subject match. This is the substring to be matched against the
* alternate subject of the authentication server certificate.
+ *
+ * Note: If no alternate subject is set for an Enterprise configuration, either by not calling
+ * this API, or by calling it with null, or not setting domain suffix match using the
+ * {@link #setDomainSuffixMatch(String)}, then the server certificate validation is incomplete -
+ * which means that the connection is not secure.
+ *
* @param altSubjectMatch substring to be matched, for example
* DNS:server.example.com;EMAIL:server@example.com
*/
@@ -1095,6 +1117,12 @@ public class WifiEnterpriseConfig implements Parcelable {
* ORed ogether.
* <p>For example, domain_suffix_match=example.com would match test.example.com but would not
* match test-example.com.
+ *
+ * Note: If no domain suffix is set for an Enterprise configuration, either by not calling this
+ * API, or by calling it with null, or not setting alternate subject match using the
+ * {@link #setAltSubjectMatch(String)}, then the server certificate
+ * validation is incomplete - which means that the connection is not secure.
+ *
* @param domain The domain value
*/
public void setDomainSuffixMatch(String domain) {
@@ -1397,10 +1425,19 @@ public class WifiEnterpriseConfig implements Parcelable {
if (mEapMethod != Eap.PEAP && mEapMethod != Eap.TLS && mEapMethod != Eap.TTLS) {
return false;
}
- if (!mIsAppInstalledCaCert && TextUtils.isEmpty(getCaPath())) {
+ if (TextUtils.isEmpty(getAltSubjectMatch())
+ && TextUtils.isEmpty(getDomainSuffixMatch())) {
+ // Both subject and domain match are not set, it's insecure.
return true;
}
- return TextUtils.isEmpty(getAltSubjectMatch()) && TextUtils.isEmpty(
- getDomainSuffixMatch());
+ if (mIsAppInstalledCaCert) {
+ // CA certificate is installed by App, it's secure.
+ return false;
+ }
+ if (getCaCertificateAliases() != null) {
+ // CA certificate alias from keyStore is set, it's secure.
+ return false;
+ }
+ return TextUtils.isEmpty(getCaPath());
}
}
diff --git a/wifi/java/android/net/wifi/WifiInfo.java b/wifi/java/android/net/wifi/WifiInfo.java
index b841921355e9..53883674e058 100644
--- a/wifi/java/android/net/wifi/WifiInfo.java
+++ b/wifi/java/android/net/wifi/WifiInfo.java
@@ -22,12 +22,13 @@ import android.annotation.Nullable;
import android.annotation.SystemApi;
import android.compat.annotation.UnsupportedAppUsage;
import android.net.NetworkInfo.DetailedState;
-import android.net.shared.Inet4AddressUtils;
import android.os.Build;
import android.os.Parcel;
import android.os.Parcelable;
import android.text.TextUtils;
+import com.android.net.module.util.Inet4AddressUtils;
+
import java.net.Inet4Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
diff --git a/wifi/java/android/net/wifi/WifiManager.java b/wifi/java/android/net/wifi/WifiManager.java
index c1e9ba0fe640..fb6af5b550b0 100644
--- a/wifi/java/android/net/wifi/WifiManager.java
+++ b/wifi/java/android/net/wifi/WifiManager.java
@@ -1903,9 +1903,10 @@ public class WifiManager {
* for a detailed explanation of the parameters.
* When the device decides to connect to one of the provided network suggestions, platform sends
* a directed broadcast {@link #ACTION_WIFI_NETWORK_SUGGESTION_POST_CONNECTION} to the app if
- * the network was created with {@link WifiNetworkSuggestion.Builder
- * #setIsAppInteractionRequired()} flag set and the app holds
- * {@link android.Manifest.permission#ACCESS_FINE_LOCATION ACCESS_FINE_LOCATION} permission.
+ * the network was created with
+ * {@link WifiNetworkSuggestion.Builder#setIsAppInteractionRequired(boolean)} flag set and the
+ * app holds {@link android.Manifest.permission#ACCESS_FINE_LOCATION ACCESS_FINE_LOCATION}
+ * permission.
*<p>
* NOTE:
* <li> These networks are just a suggestion to the platform. The platform will ultimately
diff --git a/wifi/java/android/net/wifi/nl80211/WifiNl80211Manager.java b/wifi/java/android/net/wifi/nl80211/WifiNl80211Manager.java
index 3215246a9c1f..4116234c4c8d 100644
--- a/wifi/java/android/net/wifi/nl80211/WifiNl80211Manager.java
+++ b/wifi/java/android/net/wifi/nl80211/WifiNl80211Manager.java
@@ -1039,11 +1039,11 @@ public class WifiNl80211Manager {
* The result depends on the on the country code that has been set.
*
* @param band as specified by one of the WifiScanner.WIFI_BAND_* constants.
- * The following bands are supported {@link @WifiScanner.WifiBandBasic}:
- * WifiScanner.WIFI_BAND_24_GHZ
- * WifiScanner.WIFI_BAND_5_GHZ
- * WifiScanner.WIFI_BAND_5_GHZ_DFS_ONLY
- * WifiScanner.WIFI_BAND_6_GHZ
+ * The following bands are supported:
+ * {@link WifiScanner#WIFI_BAND_24_GHZ},
+ * {@link WifiScanner#WIFI_BAND_5_GHZ},
+ * {@link WifiScanner#WIFI_BAND_5_GHZ_DFS_ONLY},
+ * {@link WifiScanner#WIFI_BAND_6_GHZ}
* @return frequencies vector of valid frequencies (MHz), or an empty array for error.
* @throws IllegalArgumentException if band is not recognized.
*/
diff --git a/wifi/tests/src/android/net/wifi/WifiEnterpriseConfigTest.java b/wifi/tests/src/android/net/wifi/WifiEnterpriseConfigTest.java
index 268645c85cae..62485ecb6f7b 100644
--- a/wifi/tests/src/android/net/wifi/WifiEnterpriseConfigTest.java
+++ b/wifi/tests/src/android/net/wifi/WifiEnterpriseConfigTest.java
@@ -565,6 +565,13 @@ public class WifiEnterpriseConfigTest {
secureConfig.setCaCertificate(FakeKeys.CA_CERT0);
secureConfig.setDomainSuffixMatch(TEST_DOMAIN_SUFFIX_MATCH);
assertFalse(secureConfig.isInsecure());
+
+ WifiEnterpriseConfig secureConfigWithCaAlias = new WifiEnterpriseConfig();
+ secureConfigWithCaAlias.setEapMethod(Eap.PEAP);
+ secureConfigWithCaAlias.setPhase2Method(Phase2.MSCHAPV2);
+ secureConfigWithCaAlias.setCaCertificateAliases(new String[]{"alias1", "alisa2"});
+ secureConfigWithCaAlias.setDomainSuffixMatch(TEST_DOMAIN_SUFFIX_MATCH);
+ assertFalse(secureConfigWithCaAlias.isInsecure());
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 04:30:52 +0000