diff --git a/service/src/com/android/server/connectivity/PermissionMonitor.java b/service/src/com/android/server/connectivity/PermissionMonitor.java index 56b2e6d2d8..3b5a706bed 100755 --- a/service/src/com/android/server/connectivity/PermissionMonitor.java +++ b/service/src/com/android/server/connectivity/PermissionMonitor.java @@ -281,7 +281,14 @@ public class PermissionMonitor { @VisibleForTesting synchronized void updateUidsAllowedOnRestrictedNetworks(final Set uids) { mUidsAllowedOnRestrictedNetworks.clear(); - mUidsAllowedOnRestrictedNetworks.addAll(uids); + // This is necessary for the app id to match in isUidAllowedOnRestrictedNetworks, and will + // grant the permission to all uids associated with the app ID. This is safe even if the app + // is only installed on some users because the uid cannot match some other app – this uid is + // in effect not installed and can't be run. + // TODO (b/192431153): Change appIds back to uids. + for (int uid : uids) { + mUidsAllowedOnRestrictedNetworks.add(UserHandle.getAppId(uid)); + } } @VisibleForTesting