[Suggestion] Check foreground user for API call

Also, squashes the follow up commit to create a single CL for
backporting:
=======
PasspointManager: Don't allow bg user to modify passpoint profiles
Also, add safety net logging for this bug.
=======

Bug: 174749461
Test: atest com.android.server.wifi
Change-Id: Ifc79ffeb04a7be99a9c60d9414b72e88275c0514
Merged-In: Ifc79ffeb04a7be99a9c60d9414b72e88275c0514
(cherry picked from commit e799efba85cbe52044a067869af71d9c15b573bb)
(cherry picked from commit 23685b8604571ec623e539f4f9c66db65c9dde81)

3 files changed, 29 insertions, 7 deletions

diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
index 0f48af9cc..f5ad049dd 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
@@ -227,6 +227,7 @@ public class WifiConfigManagerTest {
         when(mWifiInjector.getMacAddressUtil()).thenReturn(mMacAddressUtil);
         when(mMacAddressUtil.calculatePersistentMacForConfiguration(any(), any()))
                 .thenReturn(TEST_RANDOMIZED_MAC);
+        when(mWifiPermissionsUtil.doesUidBelongToCurrentUser(anyInt())).thenReturn(true);
 
         createWifiConfigManager();
         mWifiConfigManager.setOnSavedNetworkUpdateListener(mWcmListener);
@@ -3020,6 +3021,8 @@ public class WifiConfigManagerTest {
         setupStoreDataForUserRead(user2Networks, new HashMap<>());
         // Now switch the user to user 2 and ensure that user 1's private network has been removed.
         when(mUserManager.isUserUnlockingOrUnlocked(user2)).thenReturn(true);
+        when(mWifiPermissionsUtil.doesUidBelongToCurrentUser(user1Network.creatorUid))
+                .thenReturn(false);
         Set<Integer> removedNetworks = mWifiConfigManager.handleUserSwitch(user2);
         verify(mWifiConfigStore).switchUserStoresAndRead(any(List.class));
         assertTrue((removedNetworks.size() == 1) && (removedNetworks.contains(user1NetworkId)));
@@ -3099,7 +3102,7 @@ public class WifiConfigManagerTest {
     public void testHandleUserSwitchPushesOtherPrivateNetworksToSharedStore() throws Exception {
         int user1 = TEST_DEFAULT_USER;
         int user2 = TEST_DEFAULT_USER + 1;
-        setupUserProfiles(user2);
+        setupUserProfiles(user1);
 
         int appId = 674;
 
@@ -3131,6 +3134,8 @@ public class WifiConfigManagerTest {
             }
         };
         setupStoreDataForUserRead(userNetworks, new HashMap<>());
+        when(mWifiPermissionsUtil.doesUidBelongToCurrentUser(user2Network.creatorUid))
+                .thenReturn(false);
         mWifiConfigManager.handleUserUnlock(user1);
         verify(mWifiConfigStore).switchUserStoresAndRead(any(List.class));
         // Capture the written data for the user 1 and ensure that it corresponds to what was
@@ -3145,6 +3150,10 @@ public class WifiConfigManagerTest {
         // Now switch the user to user2 and ensure that user 2's private network has been moved to
         // the user store.
         when(mUserManager.isUserUnlockingOrUnlocked(user2)).thenReturn(true);
+        when(mWifiPermissionsUtil.doesUidBelongToCurrentUser(user1Network.creatorUid))
+                .thenReturn(true).thenReturn(false);
+        when(mWifiPermissionsUtil.doesUidBelongToCurrentUser(user2Network.creatorUid))
+                .thenReturn(false).thenReturn(true);
         mWifiConfigManager.handleUserSwitch(user2);
         // Set the expected network list before comparing. user1Network should be in shared data.
         // Note: In the real world, user1Network will no longer be visible now because it should
@@ -3209,6 +3218,8 @@ public class WifiConfigManagerTest {
         // Unlock the owner of the legacy Passpoint configuration, verify it is removed from
         // the configured networks (migrated to PasspointManager).
         setupStoreDataForUserRead(new ArrayList<WifiConfiguration>(), new HashMap<>());
+        when(mWifiPermissionsUtil.doesUidBelongToCurrentUser(passpointConfig.creatorUid))
+                .thenReturn(false);
         mWifiConfigManager.handleUserUnlock(user1);
         verify(mWifiConfigStore).switchUserStoresAndRead(any(List.class));
         Pair<List<WifiConfiguration>, List<WifiConfiguration>> writtenNetworkList =
@@ -3336,7 +3347,8 @@ public class WifiConfigManagerTest {
 
         // Ensure that we have 2 networks in the database before the stop.
         assertEquals(2, mWifiConfigManager.getConfiguredNetworks().size());
-
+        when(mWifiPermissionsUtil.doesUidBelongToCurrentUser(user1Network.creatorUid))
+                .thenReturn(false);
         mWifiConfigManager.handleUserStop(user1);
 
         // Ensure that we only have 1 shared network in the database after the stop.
@@ -3537,6 +3549,8 @@ public class WifiConfigManagerTest {
 
         int creatorUid = UserHandle.getUid(user2, 674);
 
+        when(mWifiPermissionsUtil.doesUidBelongToCurrentUser(creatorUid)).thenReturn(false);
+
         // Create a network for user2 try adding it. This should be rejected.
         final WifiConfiguration user2Network = WifiConfigurationTestUtil.createPskNetwork();
         NetworkUpdateResult result = addNetworkToWifiConfigManager(user2Network, creatorUid);
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java
index dabdfd569..ed5bb39ab 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java
@@ -51,6 +51,7 @@ import android.net.wifi.WifiNetworkSuggestion;
 import android.net.wifi.WifiScanner;
 import android.os.Handler;
 import android.os.UserHandle;
+import android.os.UserManager;
 import android.os.test.TestLooper;
 import android.test.suitebuilder.annotation.SmallTest;
 
@@ -103,6 +104,7 @@ public class WifiNetworkSuggestionsManagerTest {
     private @Mock ClientModeImpl mClientModeImpl;
     private @Mock WifiMetrics mWifiMetrics;
     private @Mock WifiKeyStore mWifiKeyStore;
+    private @Mock UserManager mUserManager;
     private TestLooper mLooper;
     private ArgumentCaptor<AppOpsManager.OnOpChangedListener> mAppOpChangedListenerCaptor =
             ArgumentCaptor.forClass(AppOpsManager.OnOpChangedListener.class);
@@ -135,6 +137,7 @@ public class WifiNetworkSuggestionsManagerTest {
         when(mContext.getSystemService(Context.NOTIFICATION_SERVICE))
                 .thenReturn(mNotificationManger);
         when(mContext.getPackageManager()).thenReturn(mPackageManager);
+        when(mWifiPermissionsUtil.doesUidBelongToCurrentUser(anyInt())).thenReturn(true);
 
         // setup resource strings for notification.
         when(mResources.getString(eq(R.string.wifi_suggestion_title), anyString()))
@@ -860,6 +863,7 @@ public class WifiNetworkSuggestionsManagerTest {
                 mWifiNetworkSuggestionsManager.add(networkSuggestionList, TEST_UID_1,
                         TEST_PACKAGE_1));
         mWifiNetworkSuggestionsManager.setHasUserApprovedForApp(true, TEST_PACKAGE_1);
+        mInorder.verify(mWifiPermissionsUtil).doesUidBelongToCurrentUser(eq(TEST_UID_1));
 
         // Simulate connecting to the network.
         mWifiNetworkSuggestionsManager.handleConnectionAttemptEnded(
diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointManagerTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointManagerTest.java
index c7d6604eb..618f1c3d5 100644
--- a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointManagerTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointManagerTest.java
@@ -93,6 +93,7 @@ import com.android.server.wifi.hotspot2.anqp.OsuProviderInfo;
 import com.android.server.wifi.hotspot2.anqp.eap.EAPMethod;
 import com.android.server.wifi.util.InformationElementUtil;
 import com.android.server.wifi.util.InformationElementUtil.RoamingConsortium;
+import com.android.server.wifi.util.WifiPermissionsUtil;
 
 import org.junit.Before;
 import org.junit.Test;
@@ -176,6 +177,7 @@ public class PasspointManagerTest {
     @Mock TelephonyManager mTelephonyManager;
     @Mock TelephonyManager mDataTelephonyManager;
     @Mock SubscriptionManager mSubscriptionManager;
+    @Mock WifiPermissionsUtil mWifiPermissionsUtil;
 
     Handler mHandler;
     TestLooper mLooper;
@@ -202,11 +204,13 @@ public class PasspointManagerTest {
                 .thenReturn(mPasspointProvisioner);
         when(mContext.getSystemService(Context.APP_OPS_SERVICE)).thenReturn(mAppOpsManager);
         when(mWifiInjector.getClientModeImpl()).thenReturn(mClientModeImpl);
+        when(mWifiPermissionsUtil.doesUidBelongToCurrentUser(anyInt())).thenReturn(true);
         mLooper = new TestLooper();
         mHandler = new Handler(mLooper.getLooper());
         mManager = new PasspointManager(mContext, mWifiInjector, mHandler, mWifiNative,
                 mWifiKeyStore, mClock, mSimAccessor, mObjectFactory, mWifiConfigManager,
-                mWifiConfigStore, mWifiMetrics, mTelephonyManager, mSubscriptionManager);
+                mWifiConfigStore, mWifiMetrics, mTelephonyManager, mSubscriptionManager,
+                mWifiPermissionsUtil);
         ArgumentCaptor<PasspointEventHandler.Callbacks> callbacks =
                 ArgumentCaptor.forClass(PasspointEventHandler.Callbacks.class);
         verify(mObjectFactory).makePasspointEventHandler(any(WifiNative.class),
@@ -1519,7 +1523,7 @@ public class PasspointManagerTest {
         PasspointManager passpointManager = new PasspointManager(mContext, mWifiInjector,
                 mHandler, mWifiNative, mWifiKeyStore, mClock, mSimAccessor, mObjectFactory,
                 mWifiConfigManager, mWifiConfigStore, mWifiMetrics, mTelephonyManager,
-                mSubscriptionManager);
+                mSubscriptionManager, mWifiPermissionsUtil);
 
         assertNull(passpointManager.createEphemeralPasspointConfigForCarrier(
                 EAPConstants.EAP_TLS));
@@ -1537,7 +1541,7 @@ public class PasspointManagerTest {
         PasspointManager passpointManager = new PasspointManager(mContext, mWifiInjector,
                 mHandler, mWifiNative, mWifiKeyStore, mClock, mSimAccessor, mObjectFactory,
                 mWifiConfigManager, mWifiConfigStore, mWifiMetrics, mTelephonyManager,
-                mSubscriptionManager);
+                mSubscriptionManager, mWifiPermissionsUtil);
 
         PasspointConfiguration result =
                 passpointManager.createEphemeralPasspointConfigForCarrier(
@@ -1638,7 +1642,7 @@ public class PasspointManagerTest {
             PasspointManager passpointManager = new PasspointManager(mContext, mWifiInjector,
                     mHandler, mWifiNative, mWifiKeyStore, mClock, mSimAccessor, mObjectFactory,
                     mWifiConfigManager, mWifiConfigStore, mWifiMetrics, mTelephonyManager,
-                    mSubscriptionManager);
+                    mSubscriptionManager, mWifiPermissionsUtil);
             assertEquals(EAPConstants.EAP_AKA,
                     passpointManager.findEapMethodFromNAIRealmMatchedWithCarrier(scanDetails));
         } finally {
@@ -1667,7 +1671,7 @@ public class PasspointManagerTest {
             PasspointManager passpointManager = new PasspointManager(mContext, mWifiInjector,
                     mHandler, mWifiNative, mWifiKeyStore, mClock, mSimAccessor, mObjectFactory,
                     mWifiConfigManager, mWifiConfigStore, mWifiMetrics, mTelephonyManager,
-                    mSubscriptionManager);
+                    mSubscriptionManager, mWifiPermissionsUtil);
 
             assertEquals(-1,
                     passpointManager.findEapMethodFromNAIRealmMatchedWithCarrier(scanDetails));