Fetch DISALLOW_CONFIG_VPN for the current user.

The code did not specify the user in which to fetch the value
of the restriction DISALLOW_CONFIG_VPN. Since it was called
from the vpn service which lives in user 0, it would always fetch
the value for user 0.

BUG: 18902920

Change-Id: I89419976a8edcaa86ac8e545c64d10818cd42ddd

diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index a07591c..ac55292 100644 (file)
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -488,7 +488,8 @@ public class Vpn {
         try {
             // Restricted users are not allowed to create VPNs, they are tied to Owner
             UserInfo user = mgr.getUserInfo(mUserHandle);
-            if (user.isRestricted() || mgr.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN)) {
+            if (user.isRestricted() || mgr.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN,
+                    new UserHandle(mUserHandle))) {
                 throw new SecurityException("Restricted users cannot establish VPNs");
             }
 
@@ -896,7 +897,8 @@ public class Vpn {
         }
         UserManager mgr = UserManager.get(mContext);
         UserInfo user = mgr.getUserInfo(mUserHandle);
-        if (user.isRestricted() || mgr.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN)) {
+        if (user.isRestricted() || mgr.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN,
+                    new UserHandle(mUserHandle))) {
             throw new SecurityException("Restricted users cannot establish VPNs");
         }