Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Connectivity / ae04a1a842f8b1f57eddcc417e07b249b0f28fdf^1..ae04a1a842f8b1f57eddcc417e07b249b0f28fdf / .
commitae04a1a842f8b1f57eddcc417e07b249b0f28fdf[log] [tgz]
authorJunyu Lai <junyulai@google.com>Thu Mar 02 05:56:51 2023 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Thu Mar 02 05:56:51 2023 +0000
tree41702fb43c593ee8b08a6f12883ccb66eabbe908
parent9e54059c5d6a678f3944d993ea79694f6a5d8b05 [diff]
parent09330c436e578e9638c73f230eb3a239af0944bf [diff]
Merge "Clear calling identity before calling into DPM"
diff --git a/framework-t/src/android/net/NetworkStatsAccess.java b/framework-t/src/android/net/NetworkStatsAccess.java
index b64fbdb..0585756 100644
--- a/framework-t/src/android/net/NetworkStatsAccess.java
+++ b/framework-t/src/android/net/NetworkStatsAccess.java

@@ -111,17 +111,18 @@
         final DevicePolicyManager mDpm = context.getSystemService(DevicePolicyManager.class);
         final TelephonyManager tm = (TelephonyManager)
                 context.getSystemService(Context.TELEPHONY_SERVICE);
-        boolean hasCarrierPrivileges;
-        final long token = Binder.clearCallingIdentity();
+        final boolean hasCarrierPrivileges;
+        final boolean isDeviceOwner;
+        long token = Binder.clearCallingIdentity();
         try {
             hasCarrierPrivileges = tm != null
                     && tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage)
                             == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS;
+            isDeviceOwner = mDpm != null && mDpm.isDeviceOwnerApp(callingPackage);
         } finally {
             Binder.restoreCallingIdentity(token);
         }
 
-        final boolean isDeviceOwner = mDpm != null && mDpm.isDeviceOwnerApp(callingPackage);
         final int appId = UserHandle.getAppId(callingUid);
 
         final boolean isNetworkStack = context.checkPermission(
@@ -135,15 +136,20 @@
             return NetworkStatsAccess.Level.DEVICE;
         }
 
-        boolean hasAppOpsPermission = hasAppOpsPermission(context, callingUid, callingPackage);
+        final boolean hasAppOpsPermission =
+                hasAppOpsPermission(context, callingUid, callingPackage);
         if (hasAppOpsPermission || context.checkCallingOrSelfPermission(
                 READ_NETWORK_USAGE_HISTORY) == PackageManager.PERMISSION_GRANTED) {
             return NetworkStatsAccess.Level.DEVICESUMMARY;
         }
 
-        //TODO(b/169395065) Figure out if this flow makes sense in Device Owner mode.
-        boolean isProfileOwner = mDpm != null && (mDpm.isProfileOwnerApp(callingPackage)
-                || mDpm.isDeviceOwnerApp(callingPackage));
+        final boolean isProfileOwner;
+        token = Binder.clearCallingIdentity();
+        try {
+            isProfileOwner = mDpm != null && mDpm.isProfileOwnerApp(callingPackage);
+        } finally {
+            Binder.restoreCallingIdentity(token);
+        }
         if (isProfileOwner) {
             // Apps with the AppOps permission, profile owners, and apps with the privileged
             // permission can access data usage for all apps in this user/profile.