Tighten up Binder.clearCallingIdentity() usage. The recently added AndroidFrameworkBinderIdentity Error Prone checker examines code to ensure that any cleared identities are restored to avoid obscure security vulnerabilities. This change is a purely mechanical refactoring that adds the "final" keyword to the cleared identity to ensure that it's not accidentally modified before eventually being cleared. Here's the exact command used to generate this CL: $ find . -name "*.java" -exec sed -Ei \ 's/ (long \w+ = .+?clearCallingIdentity)/ final \1/' \ {} \; Bug: 155703208 Test: make Exempt-From-Owner-Approval: trivial refactoring Change-Id: I832c9d70c3dfcd8d669cf71939d97837becc973a

commit: f7fb8e099d3da9c5ca320947443e9de66be7259d [log] [tgz]
author: Jeff Sharkey <jsharkey@android.com> Tue Oct 06 11:18:09 2020 -0600
committer: Jeff Sharkey <jsharkey@android.com> Tue Oct 06 11:18:09 2020 -0600
tree: 1c4f9ac5ef4c082e94bda1b3207a7b79991e864c
parent: 2cb829fd8767f5b906c681b89011d0d13da7ca8c [diff]
diff --git a/apex/framework/java/android/app/StatsManager.java b/apex/framework/java/android/app/StatsManager.java
index a7d2057..41803cf 100644
--- a/apex/framework/java/android/app/StatsManager.java
+++ b/apex/framework/java/android/app/StatsManager.java

@@ -547,7 +547,7 @@
 
         @Override
         public void onPullAtom(int atomTag, IPullAtomResultReceiver resultReceiver) {
-            long token = Binder.clearCallingIdentity();
+            final long token = Binder.clearCallingIdentity();
             try {
                 mExecutor.execute(() -> {
                     List<StatsEvent> data = new ArrayList<>();
commit	f7fb8e099d3da9c5ca320947443e9de66be7259d	[log] [tgz]
author	Jeff Sharkey <jsharkey@android.com>	Tue Oct 06 11:18:09 2020 -0600
committer	Jeff Sharkey <jsharkey@android.com>	Tue Oct 06 11:18:09 2020 -0600
tree	1c4f9ac5ef4c082e94bda1b3207a7b79991e864c
parent	2cb829fd8767f5b906c681b89011d0d13da7ca8c [diff]