Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Connectivity / 18a6e8cf2f871a47a5cfd46124b5e4f1fc0ac696^! / .
commit18a6e8cf2f871a47a5cfd46124b5e4f1fc0ac696[log] [tgz]
authorchiachangwang <chiachangwang@google.com>Thu Dec 01 00:22:34 2022 +0000
committerchiachangwang <chiachangwang@google.com>Thu Dec 01 00:22:34 2022 +0000
treedd6f97591d933417507b46ab5d2dfe62c13e6e40
parente9fb16acdebc85a267d4b70898f8c952a1d41f87 [diff]
Ensure calling package and UID synchronized while calling dump()

This commit clear the calling identity before accessing the
DeviceConfig in ConnectivityService#dump().

The calling package of DeviceConfig.getProperties() comes from
ActivityThread.currentApplication(). In ConnectivityService#dump(),
the caller is ConnectivityService. It's OK to access DeviceConfig
from ConnectivityService. The same scenario applies to an app with
proper permission accessing DeviceConfig from its own context.

However, if cts would like to verify design by calling
ConnectivityService#dump(), the calling uid will comes from the
binder but package name will stay as ConnectivityService which
is 'android'. This will result in a SecurityException says that
the package does not match the uid and failed the test.

Bug: 255231779
Test: atest CtsNetTestCases FrameworksNetTests
Change-Id: I257e246b1cbf3b8a93bee2c326055ced9dfde588

diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index d52f411..aa4c030 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java

@@ -249,6 +249,7 @@
 import com.android.modules.utils.BasicShellCommandHandler;
 import com.android.modules.utils.build.SdkLevel;
 import com.android.net.module.util.BaseNetdUnsolicitedEventListener;
+import com.android.net.module.util.BinderUtils;
 import com.android.net.module.util.BitUtils;
 import com.android.net.module.util.CollectionUtils;
 import com.android.net.module.util.DeviceConfigUtils;
@@ -5147,7 +5148,9 @@
             description = settingValue + " (?)";
         }
         pw.println("Avoid bad wifi setting:        " + description);
-        final Boolean configValue = mMultinetworkPolicyTracker.deviceConfigActivelyPreferBadWifi();
+
+        final Boolean configValue = BinderUtils.withCleanCallingIdentity(
+                () -> mMultinetworkPolicyTracker.deviceConfigActivelyPreferBadWifi());
         if (null == configValue) {
             description = "unset";
         } else if (configValue) {