Clear calling identity before binding instant app resolver
EphemeralResolverConnection always bind the instant app resolver installed
in user 0. It can be a problem if PMS is calling
EphemeralResolverConnection in a binder call from other users.
In which case, we are binding service in user 0 from other users and
security exception is thrown.
This fix assume it is WAI we always bind instant app resolver in user 0.
Fix: 38257043
Test: reboot, launch a work profile app that start an ACTION_VIEW intent
with http link. No crash observed.
Change-Id: Ic4e451b67ef127f05c3e594254b310da690a2324
diff --git a/services/core/java/com/android/server/pm/EphemeralResolverConnection.java b/services/core/java/com/android/server/pm/EphemeralResolverConnection.java
index aa780cc..1de3936 100644
--- a/services/core/java/com/android/server/pm/EphemeralResolverConnection.java
+++ b/services/core/java/com/android/server/pm/EphemeralResolverConnection.java
@@ -23,6 +23,7 @@
import android.content.Intent;
import android.content.ServiceConnection;
import android.content.pm.InstantAppResolveInfo;
+import android.os.Binder;
import android.os.Build;
import android.os.Bundle;
import android.os.Handler;
@@ -140,7 +141,12 @@
if (mRemoteInstance != null) {
return mRemoteInstance;
}
- bindLocked(token);
+ long binderToken = Binder.clearCallingIdentity();
+ try {
+ bindLocked(token);
+ } finally {
+ Binder.restoreCallingIdentity(binderToken);
+ }
return mRemoteInstance;
}
}