Restore calling identity before checking permission
Using the system service identity to check the CHANGE_CONFIGURATION
permission isn't likely to catch a security violation. Changing
back to the original caller and then checking permissions is
preferred.
Fixes bug 16215650.
Change-Id: Iff08d04422bcc052a487194154f1fd0d727d38f4
diff --git a/services/core/java/com/android/server/am/ActivityStackSupervisor.java b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
index b0dfe4a..0310962 100644
--- a/services/core/java/com/android/server/am/ActivityStackSupervisor.java
+++ b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
@@ -886,6 +886,8 @@
requestCode, callingPid, callingUid, callingPackage, startFlags, options,
componentSpecified, null, container);
+ Binder.restoreCallingIdentity(origId);
+
if (stack.mConfigWillChange) {
// If the caller also wants to switch to a new configuration,
// do so now. This allows a clean switch, as we are waiting
@@ -899,8 +901,6 @@
mService.updateConfigurationLocked(config, null, false, false);
}
- Binder.restoreCallingIdentity(origId);
-
if (outResult != null) {
outResult.result = res;
if (res == ActivityManager.START_SUCCESS) {