1 files changed, 14 insertions, 1 deletions

diff --git a/service/java/com/android/server/wifi/hotspot2/PasspointManager.java b/service/java/com/android/server/wifi/hotspot2/PasspointManager.java
index 4fce55674..0666943c3 100644
--- a/service/java/com/android/server/wifi/hotspot2/PasspointManager.java
+++ b/service/java/com/android/server/wifi/hotspot2/PasspointManager.java
@@ -59,6 +59,7 @@ import com.android.server.wifi.hotspot2.anqp.NAIRealmElement;
 import com.android.server.wifi.hotspot2.anqp.OsuProviderInfo;
 import com.android.server.wifi.util.InformationElementUtil;
 import com.android.server.wifi.util.TelephonyUtil;
+import com.android.server.wifi.util.WifiPermissionsUtil;
 
 import java.io.PrintWriter;
 import java.security.cert.X509Certificate;
@@ -117,6 +118,8 @@ public class PasspointManager {
     private final TelephonyManager mTelephonyManager;
     private final AppOpsManager mAppOps;
     private final SubscriptionManager mSubscriptionManager;
+    private final WifiPermissionsUtil mWifiPermissionsUtil;
+
 
     /**
      * Map of package name of an app to the app ops changed listener for the app.
@@ -298,7 +301,8 @@ public class PasspointManager {
             PasspointObjectFactory objectFactory, WifiConfigManager wifiConfigManager,
             WifiConfigStore wifiConfigStore,
             WifiMetrics wifiMetrics,
-            TelephonyManager telephonyManager, SubscriptionManager subscriptionManager) {
+            TelephonyManager telephonyManager, SubscriptionManager subscriptionManager,
+            WifiPermissionsUtil wifiPermissionsUtil) {
         mPasspointEventHandler = objectFactory.makePasspointEventHandler(wifiNative,
                 new CallbackHandler(context));
         mWifiInjector = wifiInjector;
@@ -323,6 +327,7 @@ public class PasspointManager {
                 this, wifiMetrics);
         mAppOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
         sPasspointManager = this;
+        mWifiPermissionsUtil = wifiPermissionsUtil;
     }
 
     /**
@@ -365,6 +370,10 @@ public class PasspointManager {
             Log.e(TAG, "Invalid configuration");
             return false;
         }
+        if (!mWifiPermissionsUtil.doesUidBelongToCurrentUser(uid)) {
+            Log.e(TAG, "UID " + uid + " not visible to the current user");
+            return false;
+        }
 
         // For Hotspot 2.0 Release 1, the CA Certificate must be trusted by one of the pre-loaded
         // public CAs in the system key store on the device.  Since the provisioning method
@@ -642,6 +651,10 @@ public class PasspointManager {
                     + provider.getCreatorUid());
             return false;
         }
+        if (!mWifiPermissionsUtil.doesUidBelongToCurrentUser(callingUid)) {
+            Log.e(TAG, "UID " + callingUid + " not visible to the current user");
+            return false;
+        }
         provider.uninstallCertsAndKeys();
         packageName = provider.getPackageName();
         mProviders.remove(fqdn);