Clear caller identity before updating restrictions
Fix Android 15 regression in which apps with MANAGE_NETWORK_POLICY are
not able to manipulate policies unless they are also AID_SYSTEM.
Bug: b/371004144
Issue: calyxos#2733
Issue: calyxos#2701
Test: Manual: Install test APK from linked bug to userdebug build.
Try changing toggles. Should not crash.
Change-Id: I0536ec7ab412ea6102092d44c0c938a986cf2c9d
diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
index a6f4c0e..2a3be1e 100644
--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
@@ -3100,11 +3100,16 @@
}
synchronized (mUidRulesFirstLock) {
- final int oldPolicy = mUidPolicy.get(uid, POLICY_NONE);
- policy |= oldPolicy;
- if (oldPolicy != policy) {
- setUidPolicyUncheckedUL(uid, oldPolicy, policy, true);
- mLogger.uidPolicyChanged(uid, oldPolicy, policy);
+ final long token = Binder.clearCallingIdentity();
+ try {
+ final int oldPolicy = mUidPolicy.get(uid, POLICY_NONE);
+ policy |= oldPolicy;
+ if (oldPolicy != policy) {
+ setUidPolicyUncheckedUL(uid, oldPolicy, policy, true);
+ mLogger.uidPolicyChanged(uid, oldPolicy, policy);
+ }
+ } finally {
+ Binder.restoreCallingIdentity(token);
}
}
}
@@ -3119,11 +3124,16 @@
}
synchronized (mUidRulesFirstLock) {
- final int oldPolicy = mUidPolicy.get(uid, POLICY_NONE);
- policy = oldPolicy & ~policy;
- if (oldPolicy != policy) {
- setUidPolicyUncheckedUL(uid, oldPolicy, policy, true);
- mLogger.uidPolicyChanged(uid, oldPolicy, policy);
+ final long token = Binder.clearCallingIdentity();
+ try {
+ final int oldPolicy = mUidPolicy.get(uid, POLICY_NONE);
+ policy = oldPolicy & ~policy;
+ if (oldPolicy != policy) {
+ setUidPolicyUncheckedUL(uid, oldPolicy, policy, true);
+ mLogger.uidPolicyChanged(uid, oldPolicy, policy);
+ }
+ } finally {
+ Binder.restoreCallingIdentity(token);
}
}
}