[Suggestion] Check foreground user for API callHEAD q10.0

Also, squashes the follow up commit to create a single CL for backporting: ======= PasspointManager: Don't allow bg user to modify passpoint profiles Also, add safety net logging for this bug. ======= Bug: 174749461 Test: atest com.android.server.wifi Change-Id: Ifc79ffeb04a7be99a9c60d9414b72e88275c0514 Merged-In: Ifc79ffeb04a7be99a9c60d9414b72e88275c0514 (cherry picked from commit e799efba85cbe52044a067869af71d9c15b573bb) (cherry picked from commit 23685b8604571ec623e539f4f9c66db65c9dde81) (cherry picked from commit 95673e85133c78773870fb5161bb300b7f2ee51e)
author: Nate Jiang <qiangjiang@google.com> 2020-12-03 14:31:30 -0800
committer: mosimchah <mosimchah@gmail.com> 2021-03-04 18:56:02 -0500
commit: d683bd717017644f520a9365a9f56c837b6c284c (patch)
tree: 4932148b62a9c4e4941ae6e6c8f8529e9d471081 /service/java/com/android/server/wifi/util
parent: 07ee233512c631e2a434bb371c9bd8c8158adaf6 (diff)
1 files changed, 29 insertions, 0 deletions
diff --git a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
index b1ceaf37a..ca93b71c0 100644
--- a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
+++ b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java
@@ -29,6 +29,7 @@ import android.os.RemoteException;
 import android.os.UserHandle;
 import android.os.UserManager;
 import android.util.Slog;
+import android.util.EventLog;
 
 import com.android.internal.annotations.GuardedBy;
 import com.android.server.wifi.WifiInjector;
@@ -517,4 +518,32 @@ public class WifiPermissionsUtil {
         }
         return mode == AppOpsManager.MODE_ALLOWED;
     }
+
+    /**
+     * Check if the given UID belongs to the current foreground user. This is
+     * used to prevent apps running in background users from modifying network
+     * configurations.
+     * <p>
+     * UIDs belonging to system internals (such as SystemUI) are always allowed,
+     * since they always run as {@link UserHandle#USER_SYSTEM}.
+     *
+     * @param uid uid of the app.
+     * @return true if the given UID belongs to the current foreground user,
+     *         otherwise false.
+     */
+    public boolean doesUidBelongToCurrentUser(int uid) {
+        if (uid == android.os.Process.SYSTEM_UID
+                // UIDs with the NETWORK_SETTINGS permission are always allowed since they are
+                // acting on behalf of the user.
+                || checkNetworkSettingsPermission(uid)) {
+            return true;
+        }
+        boolean isCurrentProfile = isCurrentProfile(uid);
+        if (!isCurrentProfile) {
+            // Fix for b/174749461
+            EventLog.writeEvent(0x534e4554, "174749461", -1,
+                    "Non foreground user trying to modify wifi configuration");
+        }
+        return isCurrentProfile;
+    }
 }
author	Nate Jiang <qiangjiang@google.com>	2020-12-03 14:31:30 -0800
committer	mosimchah <mosimchah@gmail.com>	2021-03-04 18:56:02 -0500
commit	d683bd717017644f520a9365a9f56c837b6c284c (patch)
tree	4932148b62a9c4e4941ae6e6c8f8529e9d471081 /service/java/com/android/server/wifi/util
parent	07ee233512c631e2a434bb371c9bd8c8158adaf6 (diff)