NETWORK_SETTINGS permission required on Android 10

[fmkaiser]

On the recently released Android 10 (Google Pixel 3a), profile install fails with the following in logcat:

09-10 15:48:25.484 1435 2945 I WifiService: addOrUpdateNetwork uid=10231
09-10 15:48:25.485 1435 2945 I addOrUpdateNetwork: uid = 10231 SSID "eduroam" nid=-1
09-10 15:48:25.485 1435 2500 E WifiConfigManager: UID 10231 does not have permission to modify MAC randomization Settings "eduroam"WPA_EAP. Must have NETWORK_SETTINGS or NETWORK_SETUP_WIZARD.
09-10 15:48:25.486 1435 2500 E WifiConfigManager: Failed to add/update network eduroam

Adding the NETWORK_SETTINGS permission to AndroidManifest.xml seems to fix the problem (but :

<uses-permission android:name="android.permission.NETWORK_SETTINGS" />

However I'm not really an Android developer, so there might be a better solution.

Is there a timeline in general for Android 10 support in CAT? Do you need help testing?

[restena-sw]

Hello, and thanks for investigating this on your own already. That is very helpful indeed. So, you probably compiled fresh from sources to be able to inject the new permission. Wow.

I did some desk research and have to say I'm a bit baffled by this. The parts of Android API documentation that mention NETWORK_SETTINGS only mention it in combination with throttling of network scans. The profile installation itself does not use that.

Then again the error message you got is fairly explicit (but we are not changing MAC address randomisation settings AFAICT?)

And then, I tried to look up the real extent of what Android.permissions.NETWORK_SETTINGS does and found: nothing.

Browsing API 29 https://developer.android.com/reference/android/Manifest.permission does not speak of this permission at all; neither is it a permission group as in https://developer.android.com/reference/android/Manifest.permission_group

Do you have any pointers to documentation of that permission?

[GarethAyres]

Hi,

Ive created a android virtual device with android 10 (api28) and i cant reproduce this yet.

The logs you show above do not reference any of the eduroamCAT classes. I am wondering if some other code/app was updating the eduroam profile?

Gareth

[fmkaiser]

This is a strange one for sure. The problem was initially reported to us by a user and I then was able to reproduce it on my recently updated Pixel 3a.

I can't find the full logs anymore, but I am pretty sure that the WifiConfigManager errors were logged immediately after trying to install the profile via CAT and uid=10231 belonged to the CAT app.

However I cannot reproduce the problem anymore either and we have not got any more reports from our users.

Maybe it was a bug on Google's side that was fixed already with one of the latest updates?

[jafar-jabr]

• Android 10
• buildToolsVersion= "30.0.1"

2020-08-28 20:38:43.091 4340-6024/? E/WifiService: 10050 has no permission about LOCAL_MAC_ADDRESS 2020-08-28 20:38:43.094 4340-6024/? E/WifiService: 10050 has no permission about LOCAL_MAC_ADDRESS 2020-08-28 20:38:43.098 4340-5951/? E/WifiService: 10050 has no permission about LOCAL_MAC_ADDRESS 2020-08-28 20:38:43.101 4340-5951/? E/WifiService: 10050 has no permission about LOCAL_MAC_ADDRESS 2020-08-28 20:38:43.107 4340-6024/? E/WifiService: 10050 has no permission about LOCAL_MAC_ADDRESS 2020-08-28 20:38:43.113 5020-5020/? E/Zygote: isWhitelistProcess - Process is Whitelisted 2020-08-28 20:38:43.115 5020-5020/? E/Zygote: accessInfo : 1 2020-08-28 20:38:43.128 5020-5020/? E/.filterprovide: Not starting debugger since process cannot load the jdwp agent. 2020-08-28 20:38:43.145 4340-5951/? E/WifiService: 10050 has no permission about LOCAL_MAC_ADDRESS 2020-08-28 20:38:43.159 3826-4033/? E/Netd: getNetworkForDns: getNetId from enterpriseCtrl is netid 0 2020-08-28 20:38:43.182 4676-4676/? E/LixCacheManager: [main] Get failed for: voyager.infra.android.crash-reporter java.io.IOException: com.linkedin.data.lite.DataReaderException: Cache miss for: voyager.infra.android.crash-reporter at com.linkedin.android.lixclient.LixDiskCache.get(LixDiskCache.java:146) at com.linkedin.android.lixclient.LixCacheManager.get(LixCacheManager.java:96) at com.linkedin.android.lixclient.LixManagerImpl.getTreatmentWithOptionalTracking(LixManagerImpl.java:219) at com.linkedin.android.lixclient.LixManagerImpl.getTreatment(LixManagerImpl.java:195) at com.linkedin.android.infra.performance.PersistentLixStorage.registerWithLixManager(PersistentLixStorage.java:106) at com.linkedin.android.infra.modules.LixModule$Fakeable.authenticatedLixManager(LixModule.java:68) at com.linkedin.android.infra.modules.LixModule_Fakeable_AuthenticatedLixManagerFactory.authenticatedLixManager(LixModule_Fakeable_AuthenticatedLixManagerFactory.java:80) at com.linkedin.android.infra.components.DaggerInfraApplicationDependencies.lixManager(DaggerInfraApplicationDependencies.java:901) at com.linkedin.android.infra.components.DaggerApplicationComponent.injectFlagshipApplication(DaggerApplicationComponent.java:24204) at com.linkedin.android.infra.components.DaggerApplicationComponent.inject(DaggerApplicationComponent.java:24185) at com.linkedin.android.app.FlagshipApplication.onCreate(FlagshipApplication.java:251) at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1190) at android.app.ActivityThread.handleBindApplication(ActivityThread.java:6993) at android.app.ActivityThread.access$1300(ActivityThread.java:270) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2051) at android.os.Handler.dispatchMessage(Handler.java:107) at android.os.Looper.loop(Looper.java:237) at android.app.ActivityThread.main(ActivityThread.java:7948) at java.lang.reflect.Method.invoke(NativeMethod) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1075) Caused by: com.linkedin.data.lite.DataReaderException: Cache miss for: voyager.infra.android.crash-reporter

[JamesFromIT]

Hi @jafar-jabr,

I've had a look at the LOCAL_MAC_ADDRESS permission and couldn't find much on it. It's mostly mentioned in the documentation for the WifiP2pManager but I can't see anything that uses that class in the code.

However, I did come across this page which mentions needing that permission to access the factory MAC address.

Perhaps this has something to do with the new default MAC Randomization settings in Android 10?

[jafar-jabr]

Hi @jafar-jabr,

I've had a look at the LOCAL_MAC_ADDRESS permission and couldn't find much on it. It's mostly mentioned in the documentation for the WifiP2pManager but I can't see anything that uses that class in the code.

However, I did come across this page which mentions needing that permission to access the factory MAC address.

Perhaps this has something to do with the new default MAC Randomization settings in Android 10?

Never mind, it was from sdkBuildTools 30.0.1 I did downgrade it to 29.0.3 and the exception disappeared.