From 3b906878f842373716d05f4b4d2cef02b7e25dc2 Mon Sep 17 00:00:00 2001
From: Remi NGUYEN VAN <reminv@google.com>
Date: Thu, 31 Jan 2019 08:46:36 +0900
Subject: Fix bluetooth tethering on multi-user

Bluetooth runs as UID 1001002 when on a secondary user. With this change
the NetworkStack verifies that the calling UID matches the Bluetooth app
regardless of the user.

Test: flashed, BT reverse tethering still working as primary user
      (no option to turn on as secondary user on phones)
Bug: 123655057
Change-Id: I23f9c5fa40f3bb676ac65dd8c15106c9d78309a4
---
 core/java/android/net/NetworkStack.java                               | 2 +-
 packages/NetworkStack/src/com/android/server/util/PermissionUtil.java | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/java/android/net/NetworkStack.java b/core/java/android/net/NetworkStack.java
index ac6bff029e8c..d21e674719df 100644
--- a/core/java/android/net/NetworkStack.java
+++ b/core/java/android/net/NetworkStack.java
@@ -223,7 +223,7 @@ public class NetworkStack {
     private void requestConnector(@NonNull NetworkStackCallback request) {
         // TODO: PID check.
         final int caller = Binder.getCallingUid();
-        if (caller != Process.SYSTEM_UID && caller != Process.BLUETOOTH_UID) {
+        if (caller != Process.SYSTEM_UID && !UserHandle.isSameApp(caller, Process.BLUETOOTH_UID)) {
             // Don't even attempt to obtain the connector and give a nice error message
             throw new SecurityException(
                     "Only the system server should try to bind to the network stack.");
diff --git a/packages/NetworkStack/src/com/android/server/util/PermissionUtil.java b/packages/NetworkStack/src/com/android/server/util/PermissionUtil.java
index 82bf038073c7..f6eb900c4910 100644
--- a/packages/NetworkStack/src/com/android/server/util/PermissionUtil.java
+++ b/packages/NetworkStack/src/com/android/server/util/PermissionUtil.java
@@ -19,6 +19,7 @@ package com.android.server.util;
 import static android.os.Binder.getCallingUid;
 
 import android.os.Process;
+import android.os.UserHandle;
 
 /**
  * Utility class to check calling permissions on the network stack.
@@ -32,7 +33,7 @@ public final class PermissionUtil {
     public static void checkNetworkStackCallingPermission() {
         // TODO: check that the calling PID is the system server.
         final int caller = getCallingUid();
-        if (caller != Process.SYSTEM_UID && caller != Process.BLUETOOTH_UID) {
+        if (caller != Process.SYSTEM_UID && UserHandle.getAppId(caller) != Process.BLUETOOTH_UID) {
             throw new SecurityException("Invalid caller: " + caller);
         }
     }
-- 
cgit v1.2.3-59-g8ed1b