From 259414efbc207e5e8c4299f39a3c48580e3221df Mon Sep 17 00:00:00 2001
From: Sudheer Shanka <sudheersai@google.com>
Date: Tue, 5 Oct 2021 16:42:17 -0700
Subject: [PATCH] Fix an issue in NPMS blockedReasons computation logic.

If an app does not have the permission to access network
in Restricted mode, we should be removing
ALLOWED_REASON_RESTRICTED_MODE_PERMISSIONS from the uid's
allowedReasons but right now, we end up removing all the
allowedReasons except ALLOWED_REASON_RESTRICTED_MODE_PERMISSIONS
and this could result in sending wrong network state to apps.

Bug: 202213533
Test: atest tests/cts/hostside/src/com/android/cts/net/HostsideRestrictBackgroundNetworkTests.java
Change-Id: Ibcae147bf4ba84ff91ef7038ffef8c33082b82ca
---
 .../com/android/server/net/NetworkPolicyManagerService.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
index 8f81c0a505fc..9e677e0c2899 100644
--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
@@ -4053,7 +4053,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
         if (hasRestrictedModeAccess(uid)) {
             uidBlockedState.allowedReasons |= ALLOWED_REASON_RESTRICTED_MODE_PERMISSIONS;
         } else {
-            uidBlockedState.allowedReasons &= ALLOWED_REASON_RESTRICTED_MODE_PERMISSIONS;
+            uidBlockedState.allowedReasons &= ~ALLOWED_REASON_RESTRICTED_MODE_PERMISSIONS;
         }
         uidBlockedState.updateEffectiveBlockedReasons();
         if (oldEffectiveBlockedReasons != uidBlockedState.effectiveBlockedReasons) {
-- 
GitLab