Merge "Clear caller identity before updating restrictions" into main

commit: a5d896cd29acdd881f56fa4a174e72554d7811a4 [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Tue Oct 15 22:30:40 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Oct 15 22:30:40 2024 +0000
tree: 81bf823c2e46ed0c07b21e0d138b92a54383d172
parent: cf2e1f67545760dc5c967e2ec121920b04bf4e09 [diff]
parent: 1165d39ab805a4d338e335c87a085fde13954066 [diff]
diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
index a6f4c0e..2a3be1e 100644
--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java

@@ -3100,11 +3100,16 @@
         }
 
         synchronized (mUidRulesFirstLock) {
-            final int oldPolicy = mUidPolicy.get(uid, POLICY_NONE);
-            policy |= oldPolicy;
-            if (oldPolicy != policy) {
-                setUidPolicyUncheckedUL(uid, oldPolicy, policy, true);
-                mLogger.uidPolicyChanged(uid, oldPolicy, policy);
+            final long token = Binder.clearCallingIdentity();
+            try {
+                final int oldPolicy = mUidPolicy.get(uid, POLICY_NONE);
+                policy |= oldPolicy;
+                if (oldPolicy != policy) {
+                    setUidPolicyUncheckedUL(uid, oldPolicy, policy, true);
+                    mLogger.uidPolicyChanged(uid, oldPolicy, policy);
+                }
+            } finally {
+                Binder.restoreCallingIdentity(token);
             }
         }
     }
@@ -3119,11 +3124,16 @@
         }
 
         synchronized (mUidRulesFirstLock) {
-            final int oldPolicy = mUidPolicy.get(uid, POLICY_NONE);
-            policy = oldPolicy & ~policy;
-            if (oldPolicy != policy) {
-                setUidPolicyUncheckedUL(uid, oldPolicy, policy, true);
-                mLogger.uidPolicyChanged(uid, oldPolicy, policy);
+            final long token = Binder.clearCallingIdentity();
+            try {
+                final int oldPolicy = mUidPolicy.get(uid, POLICY_NONE);
+                policy = oldPolicy & ~policy;
+                if (oldPolicy != policy) {
+                    setUidPolicyUncheckedUL(uid, oldPolicy, policy, true);
+                    mLogger.uidPolicyChanged(uid, oldPolicy, policy);
+                }
+            } finally {
+                Binder.restoreCallingIdentity(token);
             }
         }
     }
commit	a5d896cd29acdd881f56fa4a174e72554d7811a4	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Tue Oct 15 22:30:40 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Oct 15 22:30:40 2024 +0000
tree	81bf823c2e46ed0c07b21e0d138b92a54383d172
parent	cf2e1f67545760dc5c967e2ec121920b04bf4e09 [diff]
parent	1165d39ab805a4d338e335c87a085fde13954066 [diff]