feat: Disable domain validation on Enterprise networks

ponces · Oct 12, 2023 · 1243864 · 1243864
1 parent 8b4d934
commit 1243864
Show file tree

Hide file tree

Showing 7 changed files with 190 additions and 325 deletions.
diff --git a/...phh_treble/0003-Import-vendor-gapps.patch → ...phh_treble/0001-Import-vendor-gapps.patch b/...phh_treble/0003-Import-vendor-gapps.patch → ...phh_treble/0001-Import-vendor-gapps.patch
@@ -1,7 +1,7 @@
-From 35e411820e4af4b2695e0e492b447855b703c162 Mon Sep 17 00:00:00 2001
+From c79c4dc8738af985576b708d0f146fd342c527af Mon Sep 17 00:00:00 2001
 From: Alberto Ponces <[email protected]>
 Date: Tue, 21 Feb 2023 22:51:12 +0000
-Subject: [PATCH 3/4] Import vendor/gapps
+Subject: [PATCH 1/5] Import vendor/gapps
 
 ---
  generate.sh | 2 +-

diff --git a/...h_treble/0001-Rework-securize-tweak.patch → ...h_treble/0002-Rework-securize-tweak.patch b/...h_treble/0001-Rework-securize-tweak.patch → ...h_treble/0002-Rework-securize-tweak.patch
@@ -1,15 +1,15 @@
-From 2975460eef8a8f76ca1598b68cbc23d1d0f67a2c Mon Sep 17 00:00:00 2001
+From ba12a8041804ea46005d6d23225aff1f96e28135 Mon Sep 17 00:00:00 2001
 From: Alberto Ponces <[email protected]>
 Date: Wed, 25 Dec 2019 12:34:05 +0200
-Subject: [PATCH 1/4] Rework securize tweak
+Subject: [PATCH 2/5] Rework securize tweak
 
 ---
  base.mk      |  1 -
  rw-system.sh | 49 ++++++++++++++++++++++++++++++-------------------
  2 files changed, 30 insertions(+), 20 deletions(-)
 
 diff --git a/base.mk b/base.mk
-index b9298a2..32a797f 100644
+index a096d0b..d6c34d3 100644
 --- a/base.mk
 +++ b/base.mk
 @@ -180,7 +180,6 @@ PRODUCT_PACKAGES += \
@@ -21,10 +21,10 @@ index b9298a2..32a797f 100644
 
  PRODUCT_COPY_FILES += \
 diff --git a/rw-system.sh b/rw-system.sh
-index 9a90a29..f178bd1 100644
+index 8cc3241..1b69198 100644
 --- a/rw-system.sh
 +++ b/rw-system.sh
-@@ -739,32 +739,59 @@ copyprop() {
+@@ -742,32 +742,59 @@ copyprop() {
          resetprop_phh "$1" "$(getprop "$2")"
      fi
  }
@@ -87,7 +87,7 @@ index 9a90a29..f178bd1 100644
      (getprop ro.vendor.build.security_patch; getprop ro.keymaster.xxx.security_patch) |sort |tail -n 1 |while read v;do
          [ -n "$v" ] && resetprop_phh ro.build.version.security_patch "$v"
      done
-@@ -783,22 +810,6 @@ if [ -f /system/phh/secure ] || [ -f /metadata/phh/secure ];then
+@@ -786,22 +813,6 @@ if [ -f /system/phh/secure ] || [ -f /metadata/phh/secure ];then
 
      resetprop_phh ro.adb.secure 1
 

diff --git a/...or-customization-and-set-Google-San.patch → ...or-customization-and-set-Google-San.patch b/...or-customization-and-set-Google-San.patch → ...or-customization-and-set-Google-San.patch
@@ -1,7 +1,7 @@
-From e92322790c9cc820e0f7985a85abf0ee375b8032 Mon Sep 17 00:00:00 2001
+From 0e9961bddc54911d0464d9ed5dc8c17c3e4650e0 Mon Sep 17 00:00:00 2001
 From: Alberto Ponces <[email protected]>
 Date: Wed, 22 Feb 2023 14:43:58 +0000
-Subject: [PATCH 2/4] fonts: Add fonts for customization and set Google Sans as
+Subject: [PATCH 3/5] fonts: Add fonts for customization and set Google Sans as
  default font
 
 ---

diff --git a/...ersonal/device_phh_treble/0004-WifiOverlay-Disable-domain-validation-on-Enterprise-.patch b/...ersonal/device_phh_treble/0004-WifiOverlay-Disable-domain-validation-on-Enterprise-.patch
@@ -0,0 +1,89 @@
+From 13ce93569ae27bf947f61b3abf01b930f9dae5df Mon Sep 17 00:00:00 2001
+From: Alberto Ponces <[email protected]>
+Date: Thu, 12 Oct 2023 17:00:26 +0000
+Subject: [PATCH 4/5] WifiOverlay: Disable domain validation on Enterprise
+ networks
+
+---
+ base.mk                                       |  3 +++
+ rro_overlays/WifiOverlay/Android.bp           |  6 +++++
+ rro_overlays/WifiOverlay/AndroidManifest.xml  | 26 +++++++++++++++++++
+ .../WifiOverlay/res/values/config.xml         |  6 +++++
+ 4 files changed, 41 insertions(+)
+ create mode 100644 rro_overlays/WifiOverlay/Android.bp
+ create mode 100644 rro_overlays/WifiOverlay/AndroidManifest.xml
+ create mode 100644 rro_overlays/WifiOverlay/res/values/config.xml
+
+diff --git a/base.mk b/base.mk
+index d6c34d3..1e176b5 100644
+--- a/base.mk
++++ b/base.mk
+@@ -156,6 +156,9 @@ SELINUX_IGNORE_NEVERALLOWS := true
+ PRODUCT_PACKAGES += \
+     NoCutoutOverlay
+
++PRODUCT_PACKAGES += \
++    WifiOverlay
++
+ PRODUCT_PACKAGES += \
+     lightsctl \
+     lightsctl-aidl \
+diff --git a/rro_overlays/WifiOverlay/Android.bp b/rro_overlays/WifiOverlay/Android.bp
+new file mode 100644
+index 0000000..c2089a1
+--- /dev/null
++++ b/rro_overlays/WifiOverlay/Android.bp
+@@ -0,0 +1,6 @@
++runtime_resource_overlay {
++    name: "WifiOverlay",
++    theme: "WifiOverlay",
++    sdk_version: "current",
++    product_specific: true
++}
+diff --git a/rro_overlays/WifiOverlay/AndroidManifest.xml b/rro_overlays/WifiOverlay/AndroidManifest.xml
+new file mode 100644
+index 0000000..f01dffc
+--- /dev/null
++++ b/rro_overlays/WifiOverlay/AndroidManifest.xml
+@@ -0,0 +1,26 @@
++<?xml version="1.0" encoding="utf-8"?>
++<!-- Copyright (C) 2019 The Android Open Source Project
++
++     Licensed under the Apache License, Version 2.0 (the "License");
++     you may not use this file except in compliance with the License.
++     You may obtain a copy of the License at
++
++          http://www.apache.org/licenses/LICENSE-2.0
++
++     Unless required by applicable law or agreed to in writing, software
++     distributed under the License is distributed on an "AS IS" BASIS,
++     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++     See the License for the specific language governing permissions and
++     limitations under the License.
++-->
++<manifest xmlns:android="http://schemas.android.com/apk/res/android"
++    package="com.android.wifi.resources.treble"
++    android:versionCode="1"
++    android:versionName="1.0">
++    <application android:hasCode="false" />
++    <overlay
++        android:targetPackage="com.android.wifi.resources"
++        android:targetName="WifiCustomization"
++        android:isStatic="true"
++        android:priority="0"/>
++</manifest>
+diff --git a/rro_overlays/WifiOverlay/res/values/config.xml b/rro_overlays/WifiOverlay/res/values/config.xml
+new file mode 100644
+index 0000000..39974be
+--- /dev/null
++++ b/rro_overlays/WifiOverlay/res/values/config.xml
+@@ -0,0 +1,6 @@
++<?xml version="1.0" encoding="utf-8"?>
++<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
++    <!-- Whether to allow Settings or SUW to create insecure Enterprise networks where server
++         certificate is not validated, by not specifying a Root CA certificate and/or server domain name -->
++    <bool translatable="false" name="config_wifiAllowInsecureEnterpriseConfigurationsForSettingsAndSUW">true</bool>
++</resources>
+-- 
+2.34.1
+
diff --git a/...e-Override-media-volume-steps-to-25.patch → ...e-Override-media-volume-steps-to-25.patch b/...e-Override-media-volume-steps-to-25.patch → ...e-Override-media-volume-steps-to-25.patch
@@ -1,15 +1,15 @@
-From 3b0f0c247c6d7522af15869ca01f94c5b476b7fb Mon Sep 17 00:00:00 2001
+From bc7b5f9d7ab6cecf44513515f5b2982cf098806a Mon Sep 17 00:00:00 2001
 From: Alberto Ponces <[email protected]>
 Date: Sat, 7 Oct 2023 21:41:53 +0000
-Subject: [PATCH 4/4] Revert "treble: Override media volume steps to 25"
+Subject: [PATCH 5/5] Revert "treble: Override media volume steps to 25"
 
 This reverts commit a5d5328f43b8d05a67dda385c66d7952a107d0e4.
 ---
  rw-system.sh | 2 ++
  1 file changed, 2 insertions(+)
 
 diff --git a/rw-system.sh b/rw-system.sh
-index fcabb01..557ce81 100644
+index 1b69198..3cf0571 100644
 --- a/rw-system.sh
 +++ b/rw-system.sh
 @@ -1026,6 +1026,8 @@ fi
@@ -21,6 +21,6 @@ index fcabb01..557ce81 100644
  fi
 
  if [ "$board" = universal8825 ];then
---
+-- 
 2.34.1
 
diff --git a/...rm_packages_apps_Settings/0001-Revert-Wi-Fi-Check-if-domain-field-is-not-empty-when.patch b/...rm_packages_apps_Settings/0001-Revert-Wi-Fi-Check-if-domain-field-is-not-empty-when.patch
@@ -0,0 +1,87 @@
+From e4dfa33f48a26ff8aad08ae712a73511fbc551f9 Mon Sep 17 00:00:00 2001
+From: Alberto Ponces <[email protected]>
+Date: Wed, 11 Oct 2023 17:18:16 +0000
+Subject: [PATCH] Revert "[Wi-Fi] Check if domain field is not empty when users
+ choose a ca certificate"
+
+Change-Id: I8f71fe85cd035fd241386500136830cfdbe981dd
+---
+ .../settings/wifi/WifiConfigController.java        | 14 +++++++++-----
+ .../settings/wifi/WifiConfigController2.java       | 14 +++++++++-----
+ 2 files changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java
+index 8f0a983d1f..0aa0314a1b 100644
+--- a/src/com/android/settings/wifi/WifiConfigController.java
++++ b/src/com/android/settings/wifi/WifiConfigController.java
+@@ -544,10 +544,11 @@ public class WifiConfigController implements TextWatcher,
+                 // Disallow submit if the user has not selected a CA certificate for an EAP network
+                 // configuration.
+                 enabled = false;
+-            } else if (mEapDomainView != null
++            } else if (caCertSelection.equals(mUseSystemCertsString)
++                    && mEapDomainView != null
+                     && mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
+                     && TextUtils.isEmpty(mEapDomainView.getText().toString())) {
+-                // Disallow submit if the user chooses to use a certificate for EAP server
++                // Disallow submit if the user chooses to use a system certificate for EAP server
+                 // validation, but does not provide a domain.
+                 enabled = false;
+             }
+@@ -578,11 +579,14 @@ public class WifiConfigController implements TextWatcher,
+         }
+         if (mEapCaCertSpinner != null
+                 && mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
+-            if (mEapDomainView != null
++            String caCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
++            if (caCertSelection.equals(mUseSystemCertsString)
++                    && mEapDomainView != null
+                     && mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
+                     && TextUtils.isEmpty(mEapDomainView.getText().toString())) {
+-                // Display warning if user chooses to use a certificate without restricting the
+-                // server domain that these certificates can be used to validate.
++                // Display warning if user chooses to use pre-installed public CA certificates
++                // without restricting the server domain that these certificates can be used to
++                // validate.
+                 mView.findViewById(R.id.no_domain_warning).setVisibility(View.VISIBLE);
+             }
+         }
+diff --git a/src/com/android/settings/wifi/WifiConfigController2.java b/src/com/android/settings/wifi/WifiConfigController2.java
+index f92b58fbd1..11d301e85e 100644
+--- a/src/com/android/settings/wifi/WifiConfigController2.java
++++ b/src/com/android/settings/wifi/WifiConfigController2.java
+@@ -532,10 +532,11 @@ public class WifiConfigController2 implements TextWatcher,
+                 // Disallow submit if the user has not selected a CA certificate for an EAP network
+                 // configuration.
+                 enabled = false;
+-            } else if (mEapDomainView != null
++            } else if (caCertSelection.equals(mUseSystemCertsString)
++                    && mEapDomainView != null
+                     && mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
+                     && TextUtils.isEmpty(mEapDomainView.getText().toString())) {
+-                // Disallow submit if the user chooses to use a certificate for EAP server
++                // Disallow submit if the user chooses to use a system certificate for EAP server
+                 // validation, but does not provide a domain.
+                 enabled = false;
+             }
+@@ -566,11 +567,14 @@ public class WifiConfigController2 implements TextWatcher,
+         }
+         if (mEapCaCertSpinner != null
+                 && mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
+-            if (mEapDomainView != null
++            String caCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
++            if (caCertSelection.equals(mUseSystemCertsString)
++                    && mEapDomainView != null
+                     && mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
+                     && TextUtils.isEmpty(mEapDomainView.getText().toString())) {
+-                // Display warning if user chooses to use a certificate without restricting the
+-                // server domain that these certificates can be used to validate.
++                // Display warning if user chooses to use pre-installed public CA certificates
++                // without restricting the server domain that these certificates can be used to
++                // validate.
+                 mView.findViewById(R.id.no_domain_warning).setVisibility(View.VISIBLE);
+             }
+         }
+-- 
+2.34.1
+