Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / c6a1d93b4ff9f4b525fe77fa807eb7da26bb2445^! / .
commitc6a1d93b4ff9f4b525fe77fa807eb7da26bb2445[log] [tgz]
authorAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Sun Mar 08 23:50:02 2020 +0000
committerRubin Xu <rubinxu@google.com>Mon Mar 09 10:22:39 2020 +0000
tree58a02eb18c5f74f3c4154cd703bd76bb7804cd3f
parent5580360ba832eebd7f7f63817d818987b5cb72c4 [diff]
Clear binder identity before calling PackageManager API

With the introduction of app enumeration restriction in R,
PackageManager will restrict package visiblity if the caller
is not privileged. This caused regression in existing system
server code where binder identity is not cleared prior to
making PackageManager calls.

Bug: 150398249
Test: com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpn
Change-Id: I8744965389883870c569a1b70e75715aafeb7848
Merged-In: I611eb5768bfb73f01c63e6ab02d90f1178f8ec37
(cherry picked from commit f57597c6ef0283997340bf6524b48f14dae44112)

diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index 968528c..7c3cab1 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java

@@ -951,18 +951,18 @@
                 || isVpnServicePreConsented(context, packageName);
     }
 
-    private int getAppUid(String app, int userHandle) {
+    private int getAppUid(final String app, final int userHandle) {
         if (VpnConfig.LEGACY_VPN.equals(app)) {
             return Process.myUid();
         }
         PackageManager pm = mContext.getPackageManager();
-        int result;
-        try {
-            result = pm.getPackageUidAsUser(app, userHandle);
-        } catch (NameNotFoundException e) {
-            result = -1;
-        }
-        return result;
+        return Binder.withCleanCallingIdentity(() -> {
+            try {
+                return pm.getPackageUidAsUser(app, userHandle);
+            } catch (NameNotFoundException e) {
+                return -1;
+            }
+        });
     }
 
     private boolean doesPackageTargetAtLeastQ(String packageName) {