From 28631ea26865a3b0493f1aa35971cbd781171500 Mon Sep 17 00:00:00 2001
From: Jeremy Klein <jlklein@google.com>
Date: Fri, 17 Mar 2017 14:30:02 -0700
Subject: [PATCH] In isTetheringSupported, call isAdmin user from system.

This avoids requiring the MANAGE_USERS permission in this function.

Bug: 32671528
Test: Manual. Also seeking unit test guidance from reviewer.
Change-Id: I841e721013b0e4b6db34d629a1e97b3cd54cd73b
---
 .../java/com/android/server/ConnectivityService.java | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 7466f54c2b..d23347fd99 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -3082,7 +3082,17 @@ public class ConnectivityService extends IConnectivityManager.Stub
         boolean tetherEnabledInSettings = (Settings.Global.getInt(mContext.getContentResolver(),
                 Settings.Global.TETHER_SUPPORTED, defaultVal) != 0)
                 && !mUserManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_TETHERING);
-        return tetherEnabledInSettings && mUserManager.isAdminUser() &&
+
+        // Elevate to system UID to avoid caller requiring MANAGE_USERS permission.
+        boolean adminUser = false;
+        final long token = Binder.clearCallingIdentity();
+        try {
+            adminUser = mUserManager.isAdminUser();
+        } finally {
+            Binder.restoreCallingIdentity(token);
+        }
+
+        return tetherEnabledInSettings && adminUser &&
                mTethering.hasTetherableConfiguration();
     }