diff options
Diffstat (limited to 'service/java/com/android/server/wifi/util/WifiPermissionsUtil.java')
-rw-r--r-- | service/java/com/android/server/wifi/util/WifiPermissionsUtil.java | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java index 63197ea6d..ebe7ea481 100644 --- a/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java +++ b/service/java/com/android/server/wifi/util/WifiPermissionsUtil.java @@ -30,6 +30,7 @@ import android.os.Build; import android.os.UserHandle; import android.os.UserManager; import android.provider.Settings; +import android.util.EventLog; import android.util.Log; import com.android.internal.annotations.GuardedBy; @@ -589,4 +590,32 @@ public class WifiPermissionsUtil { if (devicePolicyManager == null) return false; return devicePolicyManager.isProfileOwnerApp(packageName); } + + /** + * Check if the given UID belongs to the current foreground user. This is + * used to prevent apps running in background users from modifying network + * configurations. + * <p> + * UIDs belonging to system internals (such as SystemUI) are always allowed, + * since they always run as {@link UserHandle#USER_SYSTEM}. + * + * @param uid uid of the app. + * @return true if the given UID belongs to the current foreground user, + * otherwise false. + */ + public boolean doesUidBelongToCurrentUser(int uid) { + if (uid == android.os.Process.SYSTEM_UID + // UIDs with the NETWORK_SETTINGS permission are always allowed since they are + // acting on behalf of the user. + || checkNetworkSettingsPermission(uid)) { + return true; + } + boolean isCurrentProfile = isCurrentProfile(uid); + if (!isCurrentProfile) { + // Fix for b/174749461 + EventLog.writeEvent(0x534e4554, "174749461", -1, + "Non foreground user trying to modify wifi configuration"); + } + return isCurrentProfile; + } } |