commit 10b96b3df929e849422cce52156236bcb0569f98
author Chalard Jean <jchalard@google.com> Wed Aug 14 17:53:14 2019 +0900
committer Chalard Jean <jchalard@google.com> Tue Aug 27 21:43:07 2019 +0900
tree 9f7ee926f90f6bcbf7675e896dae9913730440c3
parent 4603b57636458b89507bbc796dbb4be640115350

Correctly check permission and app identity for tethering

Have the caller pass its package name. Appops will check
that the UID belongs indeed to the package name, and that
the UID has the requisite permissions.

Also add WRITE_SETTINGS to the bluetooth process.

Bug: 134649258
Test: atest PanServiceTest
Change-Id: I6cf29c36cf6e7229abb5be4a108efb9b9600217d
(cherry picked from commit f0ae367fa83ee3b2880971af7f1325e568f56677)

src/com/android/bluetooth/pan/PanService.java

diff --git a/src/com/android/bluetooth/pan/PanService.java b/src/com/android/bluetooth/pan/PanService.java
index 8c52df7..aa5a1fd 100644
--- a/src/com/android/bluetooth/pan/PanService.java
+++ b/src/com/android/bluetooth/pan/PanService.java
@@ -27,7 +27,6 @@
 import android.net.InterfaceConfiguration;
 import android.net.LinkAddress;
 import android.net.NetworkUtils;
-import android.os.Binder;
 import android.os.Handler;
 import android.os.IBinder;
 import android.os.INetworkManagementService;
@@ -287,13 +286,14 @@
         }
 
         @Override
-        public void setBluetoothTethering(boolean value) {
+        public void setBluetoothTethering(boolean value, String pkgName) {
             PanService service = getService();
             if (service == null) {
                 return;
             }
-            Log.d(TAG, "setBluetoothTethering: " + value + ", mTetherOn: " + service.mTetherOn);
-            service.setBluetoothTethering(value);
+            Log.d(TAG, "setBluetoothTethering: " + value + ", pkgName: " + pkgName
+                    + ", mTetherOn: " + service.mTetherOn);
+            service.setBluetoothTethering(value, pkgName);
         }
 
         @Override
@@ -362,22 +362,14 @@
         return mTetherOn;
     }
 
-    void setBluetoothTethering(boolean value) {
+    void setBluetoothTethering(boolean value, final String pkgName) {
         if (DBG) {
             Log.d(TAG, "setBluetoothTethering: " + value + ", mTetherOn: " + mTetherOn);
         }
         enforceCallingOrSelfPermission(BLUETOOTH_ADMIN_PERM, "Need BLUETOOTH_ADMIN permission");
         final Context context = getBaseContext();
-        String pkgName = context.getOpPackageName();
 
-        // Clear caller identity temporarily so enforceTetherChangePermission UID checks work
-        // correctly
-        final long identityToken = Binder.clearCallingIdentity();
-        try {
-            ConnectivityManager.enforceTetherChangePermission(context, pkgName);
-        } finally {
-            Binder.restoreCallingIdentity(identityToken);
-        }
+        ConnectivityManager.enforceTetherChangePermission(context, pkgName);
 
         UserManager um = (UserManager) getSystemService(Context.USER_SERVICE);
         if (um.hasUserRestriction(UserManager.DISALLOW_CONFIG_TETHERING) && value) {