1
0
mirror of https://github.com/yurisieucuti/treble_evolution.git synced 2024-11-28 03:34:31 +00:00
treble_evolution/patches/platform_packages_apps_Settings/0003-Revert-Wi-Fi-Remove-Do-not-validate-option-in-CA-cer.patch
2024-04-24 15:13:17 +00:00

312 lines
18 KiB
Diff

From 0f4e55e82fa46fc1f406483a73bbc2cd77edada1 Mon Sep 17 00:00:00 2001
From: TogoFire <italomellopereira@gmail.com>
Date: Fri, 6 Aug 2021 08:54:07 -0300
Subject: [PATCH 3/4] Revert "[Wi-Fi] Remove 'Do not validate' option in CA
certificate spinner"
This is not a definitive fix, so revert it. WPA2-Enterprise (802.1X) or
WPA2-PSK.
[xawlw]:
- Sometimes we can't connect to some Enterprise WiFi networks because we
don't know its domain so let's revert this 'Security' feature
- Read more about it here:
https://www.xda-developers.com/android-11-break-enterprise-wifi-connection/
This reverts commit 33cde5dbeee934269f16d72e26e651d56a13733e.
This reverts commit 94b8579607c6f1201cea9d6601e88cec897b2ff6.
Signed-off-by: TogoFire <italomellopereira@gmail.com>
Signed-off-by: xawlw <abdulazizawlw@gmail.com>
Change-Id: I3cec92b74a419b5463c5e5db496863e66d034703
---
res/layout/wifi_network_config.xml | 12 +++++++
res/values/strings.xml | 4 +++
.../settings/wifi/WifiConfigController.java | 33 +++++++++++++------
.../settings/wifi/WifiConfigController2.java | 33 +++++++++++++------
4 files changed, 62 insertions(+), 20 deletions(-)
diff --git a/res/layout/wifi_network_config.xml b/res/layout/wifi_network_config.xml
index 77afedc3042..4e3962c6b94 100644
--- a/res/layout/wifi_network_config.xml
+++ b/res/layout/wifi_network_config.xml
@@ -224,6 +224,18 @@
android:entries="@array/eap_ocsp_type"/>
</LinearLayout>
+ <LinearLayout android:id="@+id/no_ca_cert_warning"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:visibility="gone"
+ style="@style/wifi_item" >
+ <TextView
+ android:layout_width="wrap_content"
+ android:layout_height="wrap_content"
+ style="@style/wifi_item_warning"
+ android:text="@string/wifi_do_not_validate_eap_server_warning" />
+ </LinearLayout>
+
<LinearLayout android:id="@+id/l_domain"
android:layout_width="match_parent"
android:layout_height="wrap_content"
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 630aeed0049..8afb851ad03 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -2134,6 +2134,10 @@
<string name="wifi_use_system_certs">Use system certificates</string>
<!-- Menu option for not providing an EAP user certificate -->
<string name="wifi_do_not_provide_eap_user_cert">Do not provide</string>
+ <!-- Menu option for not validating the EAP server -->
+ <string name="wifi_do_not_validate_eap_server">Do not validate</string>
+ <!-- Warning message displayed if user choses not to validate the EAP server -->
+ <string name="wifi_do_not_validate_eap_server_warning">No certificate specified. Your connection will not be private.</string>
<!-- Menu option for Trust On First Use[CHAR_LIMIT=64] -->
<string name="wifi_trust_on_first_use">Trust on First Use</string>
<!-- Warning message displayed if network name (ssid) is too long -->
diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java
index d2beec8dedb..4a191fc3497 100644
--- a/src/com/android/settings/wifi/WifiConfigController.java
+++ b/src/com/android/settings/wifi/WifiConfigController.java
@@ -166,6 +166,7 @@ public class WifiConfigController implements TextWatcher,
private String mMultipleCertSetString;
private String mUseSystemCertsString;
private String mDoNotProvideEapUserCertString;
+ private String mDoNotValidateEapServerString;
private Spinner mSecuritySpinner;
@VisibleForTesting Spinner mEapMethodSpinner;
@@ -272,6 +273,8 @@ public class WifiConfigController implements TextWatcher,
mUseSystemCertsString = mContext.getString(R.string.wifi_use_system_certs);
mDoNotProvideEapUserCertString =
mContext.getString(R.string.wifi_do_not_provide_eap_user_cert);
+ mDoNotValidateEapServerString =
+ mContext.getString(R.string.wifi_do_not_validate_eap_server);
mSsidScanButton = (ImageButton) mView.findViewById(R.id.ssid_scanner_button);
mIpSettingsSpinner = (Spinner) mView.findViewById(R.id.ip_settings);
@@ -544,7 +547,8 @@ public class WifiConfigController implements TextWatcher,
// Disallow submit if the user has not selected a CA certificate for an EAP network
// configuration.
enabled = false;
- } else if (mEapDomainView != null
+ } else if (!caCertSelection.equals(mDoNotValidateEapServerString)
+ && mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
// Disallow submit if the user chooses to use a certificate for EAP server
@@ -566,6 +570,7 @@ public class WifiConfigController implements TextWatcher,
}
void showWarningMessagesIfAppropriate() {
+ mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.GONE);
mView.findViewById(R.id.no_user_cert_warning).setVisibility(View.GONE);
mView.findViewById(R.id.no_domain_warning).setVisibility(View.GONE);
mView.findViewById(R.id.ssid_too_long_warning).setVisibility(View.GONE);
@@ -578,7 +583,13 @@ public class WifiConfigController implements TextWatcher,
}
if (mEapCaCertSpinner != null
&& mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
- if (mEapDomainView != null
+ String caCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
+ if (caCertSelection.equals(mDoNotValidateEapServerString)) {
+ // Display warning if user chooses not to validate the EAP server with a
+ // user-supplied CA certificate in an EAP network configuration.
+ mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.VISIBLE);
+ } else if (!caCertSelection.equals(mUnspecifiedCertString)
+ && mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
// Display warning if user chooses to use a certificate without restricting the
@@ -722,7 +733,8 @@ public class WifiConfigController implements TextWatcher,
config.enterpriseConfig.setCaCertificateAliases(null);
config.enterpriseConfig.setCaPath(null);
config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());
- if (caCert.equals(mUnspecifiedCertString)) {
+ if (caCert.equals(mUnspecifiedCertString)
+ || caCert.equals(mDoNotValidateEapServerString)) {
// ca_cert already set to null, so do nothing.
} else if (caCert.equals(mUseSystemCertsString)) {
config.enterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);
@@ -756,7 +768,8 @@ public class WifiConfigController implements TextWatcher,
}
// Only set OCSP option if there is a valid CA certificate.
- if (caCert.equals(mUnspecifiedCertString)) {
+ if (caCert.equals(mUnspecifiedCertString)
+ || caCert.equals(mDoNotValidateEapServerString)) {
config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE);
} else {
config.enterpriseConfig.setOcsp(mEapOcspSpinner.getSelectedItemPosition());
@@ -1061,7 +1074,7 @@ public class WifiConfigController implements TextWatcher,
loadCertificates(
mEapCaCertSpinner,
androidKeystoreAliasLoader.getCaCertAliases(),
- null /* noCertificateString */,
+ mDoNotValidateEapServerString /* noCertificateString */,
false /* showMultipleCerts */,
true /* showUsePreinstalledCertOption */);
loadCertificates(
@@ -1145,7 +1158,7 @@ public class WifiConfigController implements TextWatcher,
} else {
String[] caCerts = enterpriseConfig.getCaCertificateAliases();
if (caCerts == null) {
- setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
+ setSelection(mEapCaCertSpinner, mDoNotValidateEapServerString);
} else if (caCerts.length == 1) {
setSelection(mEapCaCertSpinner, caCerts[0]);
} else {
@@ -1156,7 +1169,7 @@ public class WifiConfigController implements TextWatcher,
loadCertificates(
mEapCaCertSpinner,
androidKeystoreAliasLoader.getCaCertAliases(),
- null /* noCertificateString */,
+ mDoNotValidateEapServerString /* noCertificateString */,
true /* showMultipleCerts */,
true /* showUsePreinstalledCertOption */);
setSelection(mEapCaCertSpinner, mMultipleCertSetString);
@@ -1289,7 +1302,8 @@ public class WifiConfigController implements TextWatcher,
if (mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
- if (eapCertSelection.equals(mUnspecifiedCertString)) {
+ if (eapCertSelection.equals(mDoNotValidateEapServerString)
+ || eapCertSelection.equals(mUnspecifiedCertString)) {
// Domain suffix matching is not relevant if the user hasn't chosen a CA
// certificate yet, or chooses not to validate the EAP server.
setDomainInvisible();
@@ -1550,8 +1564,7 @@ public class WifiConfigController implements TextWatcher,
}).collect(Collectors.toList()));
}
- if (!TextUtils.isEmpty(noCertificateString)
- && mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
+ if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
certs.add(noCertificateString);
}
diff --git a/src/com/android/settings/wifi/WifiConfigController2.java b/src/com/android/settings/wifi/WifiConfigController2.java
index b2353f047f7..a7e71d6d28d 100644
--- a/src/com/android/settings/wifi/WifiConfigController2.java
+++ b/src/com/android/settings/wifi/WifiConfigController2.java
@@ -175,6 +175,7 @@ public class WifiConfigController2 implements TextWatcher,
private String mUseSystemCertsString;
private String mTrustOnFirstUse;
private String mDoNotProvideEapUserCertString;
+ private String mDoNotValidateEapServerString;
@VisibleForTesting String mInstallCertsString;
private Spinner mSecuritySpinner;
@@ -285,6 +286,8 @@ public class WifiConfigController2 implements TextWatcher,
mTrustOnFirstUse = mContext.getString(R.string.wifi_trust_on_first_use);
mDoNotProvideEapUserCertString =
mContext.getString(R.string.wifi_do_not_provide_eap_user_cert);
+ mDoNotValidateEapServerString =
+ mContext.getString(R.string.wifi_do_not_validate_eap_server);
mInstallCertsString = mContext.getString(R.string.wifi_install_credentials);
mSsidScanButton = (ImageButton) mView.findViewById(R.id.ssid_scanner_button);
@@ -544,7 +547,8 @@ public class WifiConfigController2 implements TextWatcher,
// Disallow submit if the user has not selected a CA certificate for an EAP network
// configuration.
enabled = false;
- } else if (mEapDomainView != null
+ } else if (!caCertSelection.equals(mDoNotValidateEapServerString)
+ && mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
// Disallow submit if the user chooses to use a certificate for EAP server
@@ -566,6 +570,7 @@ public class WifiConfigController2 implements TextWatcher,
}
void showWarningMessagesIfAppropriate() {
+ mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.GONE);
mView.findViewById(R.id.no_user_cert_warning).setVisibility(View.GONE);
mView.findViewById(R.id.no_domain_warning).setVisibility(View.GONE);
mView.findViewById(R.id.ssid_too_long_warning).setVisibility(View.GONE);
@@ -578,7 +583,13 @@ public class WifiConfigController2 implements TextWatcher,
}
if (mEapCaCertSpinner != null
&& mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
- if (mEapDomainView != null
+ String caCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
+ if (caCertSelection.equals(mDoNotValidateEapServerString)) {
+ // Display warning if user chooses not to validate the EAP server with a
+ // user-supplied CA certificate in an EAP network configuration.
+ mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.VISIBLE);
+ } else if (!caCertSelection.equals(mUnspecifiedCertString)
+ && mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
// Display warning if user chooses to use a certificate without restricting the
@@ -735,7 +746,8 @@ public class WifiConfigController2 implements TextWatcher,
config.enterpriseConfig.setCaCertificateAliases(null);
config.enterpriseConfig.setCaPath(null);
config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());
- if (caCert.equals(mUnspecifiedCertString)) {
+ if (caCert.equals(mUnspecifiedCertString)
+ || caCert.equals(mDoNotValidateEapServerString)) {
// ca_cert already set to null, so do nothing.
} else if (mIsTrustOnFirstUseSupported && caCert.equals(mTrustOnFirstUse)) {
config.enterpriseConfig.enableTrustOnFirstUse(true);
@@ -770,7 +782,8 @@ public class WifiConfigController2 implements TextWatcher,
}
// Only set certificate option if there is a valid CA certificate.
- if (caCert.equals(mUnspecifiedCertString)) {
+ if (caCert.equals(mUnspecifiedCertString)
+ || caCert.equals(mDoNotValidateEapServerString)) {
config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE);
config.enterpriseConfig.setMinimumTlsVersion(WifiEnterpriseConfig.TLS_V1_0);
} else {
@@ -1078,7 +1091,7 @@ public class WifiConfigController2 implements TextWatcher,
loadCertificates(
mEapCaCertSpinner,
mAndroidKeystoreAliasLoader.getCaCertAliases(),
- null /* noCertificateString */,
+ mDoNotValidateEapServerString /* noCertificateString */,
false /* showMultipleCerts */,
true /* showUsePreinstalledCertOption */);
loadCertificates(
@@ -1162,7 +1175,7 @@ public class WifiConfigController2 implements TextWatcher,
&& enterpriseConfig.isTrustOnFirstUseEnabled()) {
setSelection(mEapCaCertSpinner, mTrustOnFirstUse);
} else {
- setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
+ setSelection(mEapCaCertSpinner, mDoNotValidateEapServerString);
}
} else if (caCerts.length == 1) {
setSelection(mEapCaCertSpinner, caCerts[0]);
@@ -1171,7 +1184,7 @@ public class WifiConfigController2 implements TextWatcher,
loadCertificates(
mEapCaCertSpinner,
mAndroidKeystoreAliasLoader.getCaCertAliases(),
- null /* noCertificateString */,
+ mDoNotValidateEapServerString /* noCertificateString */,
true /* showMultipleCerts */,
true /* showUsePreinstalledCertOption */);
setSelection(mEapCaCertSpinner, mMultipleCertSetString);
@@ -1313,7 +1326,8 @@ public class WifiConfigController2 implements TextWatcher,
String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
if (eapCertSelection.equals(mUnspecifiedCertString)
|| (mIsTrustOnFirstUseSupported
- && eapCertSelection.equals(mTrustOnFirstUse))) {
+ && eapCertSelection.equals(mTrustOnFirstUse))
+ || eapCertSelection.equals(mUnspecifiedCertString)) {
setMinTlsVerInvisible();
// Domain suffix matching is not relevant if the user hasn't chosen a CA
// certificate yet, or chooses not to validate the EAP server.
@@ -1583,8 +1597,7 @@ public class WifiConfigController2 implements TextWatcher,
}).collect(Collectors.toList()));
}
- if (!TextUtils.isEmpty(noCertificateString)
- && mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) {
+ if (mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) {
certs.add(noCertificateString);
}
--
2.25.1