Merge "Support network slicing permission check in multi-user environment" into main am: 38f871c8e0 Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2849536 Change-Id: Ie0e57f2641fa4dd95be8e4f9b62233c97fc216bb Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: 14520f8be5ad53120540a8b2a9f07763e77de1d4 [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Thu Dec 07 13:18:17 2023 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Dec 07 13:18:17 2023 +0000
tree: 19b73e92955355a4b812b7cd7f6bd3b2981b95d1
parent: 24b91526c5f05ab107327c981cd45fdc26042dfc [diff]
parent: 38f871c8e0e89fea5a0f7def539dcb1cc16e674b [diff]
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index 5f67246..22120e9 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java

@@ -7654,7 +7654,7 @@
     }
 
     private void enforceRequestCapabilitiesDeclaration(@NonNull final String callerPackageName,
-            @NonNull final NetworkCapabilities networkCapabilities) {
+            @NonNull final NetworkCapabilities networkCapabilities, int callingUid) {
         // This check is added to fix the linter error for "current min is 30", which is not going
         // to happen because Connectivity service always run in S+.
         if (!mDeps.isAtLeastS()) {
@@ -7668,7 +7668,9 @@
                 applicationNetworkCapabilities = mSelfCertifiedCapabilityCache.get(
                         callerPackageName);
                 if (applicationNetworkCapabilities == null) {
-                    final PackageManager packageManager = mContext.getPackageManager();
+                    final PackageManager packageManager =
+                            mContext.createContextAsUser(UserHandle.getUserHandleForUid(
+                                    callingUid), 0 /* flags */).getPackageManager();
                     final PackageManager.Property networkSliceProperty = packageManager.getProperty(
                             ConstantsShim.PROPERTY_SELF_CERTIFIED_NETWORK_CAPABILITIES,
                             callerPackageName
@@ -7700,7 +7702,8 @@
             String callingPackageName, String callingAttributionTag, final int callingUid) {
         if (shouldCheckCapabilitiesDeclaration(networkCapabilities, callingUid,
                 callingPackageName)) {
-            enforceRequestCapabilitiesDeclaration(callingPackageName, networkCapabilities);
+            enforceRequestCapabilitiesDeclaration(callingPackageName, networkCapabilities,
+                    callingUid);
         }
         if (networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) == false) {
             // For T+ devices, callers with carrier privilege could request with CBS capabilities.
commit	14520f8be5ad53120540a8b2a9f07763e77de1d4	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Thu Dec 07 13:18:17 2023 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Thu Dec 07 13:18:17 2023 +0000
tree	19b73e92955355a4b812b7cd7f6bd3b2981b95d1
parent	24b91526c5f05ab107327c981cd45fdc26042dfc [diff]
parent	38f871c8e0e89fea5a0f7def539dcb1cc16e674b [diff]