Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Connectivity / 4c7deee85929e86bbdf8d58efbf66adcd4bd6f7b^! / .
commit4c7deee85929e86bbdf8d58efbf66adcd4bd6f7b[log] [tgz]
authorYuyang Huang <yuyanghuang@google.com>Tue Nov 28 15:29:00 2023 +0900
committerYuyang Huang <yuyanghuang@google.com>Tue Nov 28 16:54:49 2023 +0900
tree089a94fe728941cb94548f81e347b438bf80ce70
parent5db208971729f481739d2bb53bb62d0792226d15 [diff]
Support network slicing permission check in multi-user environment

In multi-user environment, the App might not be installed by system user.
As a result, the ConnectivityService should use the packageManager from
the user's context to be able to read the property correctly.

Bug: 300274339
Test: TH
Change-Id: I5398c95562bcaf5752270b52f38cca1f02698ba1

diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index 8f29078..d688cd4 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java

@@ -7649,7 +7649,7 @@
     }
 
     private void enforceRequestCapabilitiesDeclaration(@NonNull final String callerPackageName,
-            @NonNull final NetworkCapabilities networkCapabilities) {
+            @NonNull final NetworkCapabilities networkCapabilities, int callingUid) {
         // This check is added to fix the linter error for "current min is 30", which is not going
         // to happen because Connectivity service always run in S+.
         if (!mDeps.isAtLeastS()) {
@@ -7663,7 +7663,9 @@
                 applicationNetworkCapabilities = mSelfCertifiedCapabilityCache.get(
                         callerPackageName);
                 if (applicationNetworkCapabilities == null) {
-                    final PackageManager packageManager = mContext.getPackageManager();
+                    final PackageManager packageManager =
+                            mContext.createContextAsUser(UserHandle.getUserHandleForUid(
+                                    callingUid), 0 /* flags */).getPackageManager();
                     final PackageManager.Property networkSliceProperty = packageManager.getProperty(
                             ConstantsShim.PROPERTY_SELF_CERTIFIED_NETWORK_CAPABILITIES,
                             callerPackageName
@@ -7695,7 +7697,8 @@
             String callingPackageName, String callingAttributionTag, final int callingUid) {
         if (shouldCheckCapabilitiesDeclaration(networkCapabilities, callingUid,
                 callingPackageName)) {
-            enforceRequestCapabilitiesDeclaration(callingPackageName, networkCapabilities);
+            enforceRequestCapabilitiesDeclaration(callingPackageName, networkCapabilities,
+                    callingUid);
         }
         if (networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) == false) {
             // For T+ devices, callers with carrier privilege could request with CBS capabilities.