Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1165d39a authored by Tommy Webb's avatar Tommy Webb Committed by t-m-w
Browse files

Clear caller identity before updating restrictions 

Fix Android 15 regression in which apps with MANAGE_NETWORK_POLICY are
not able to manipulate policies unless they are also AID_SYSTEM.

Bug: b/371004144
Issue: calyxos#2733
Issue: calyxos#2701
Test: Manual: Install test APK from linked bug to userdebug build.
Try changing toggles. Should not crash.
Change-Id: I0536ec7ab412ea6102092d44c0c938a986cf2c9d
parent ac2f03ec

services/core/java/com/android/server/net/NetworkPolicyManagerService.java

+20 −10
Original line number Diff line number Diff line
@@ -3100,12 +3100,17 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { 
        }



        synchronized (mUidRulesFirstLock) {

            final long token = Binder.clearCallingIdentity();

            try {

                final int oldPolicy = mUidPolicy.get(uid, POLICY_NONE);

                policy |= oldPolicy;

                if (oldPolicy != policy) {

                    setUidPolicyUncheckedUL(uid, oldPolicy, policy, true);

                    mLogger.uidPolicyChanged(uid, oldPolicy, policy);

                }

            } finally {

                Binder.restoreCallingIdentity(token);

            }

        }

    }
@@ -3119,12 +3124,17 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { 
        }



        synchronized (mUidRulesFirstLock) {

            final long token = Binder.clearCallingIdentity();

            try {

                final int oldPolicy = mUidPolicy.get(uid, POLICY_NONE);

                policy = oldPolicy & ~policy;

                if (oldPolicy != policy) {

                    setUidPolicyUncheckedUL(uid, oldPolicy, policy, true);

                    mLogger.uidPolicyChanged(uid, oldPolicy, policy);

                }

            } finally {

                Binder.restoreCallingIdentity(token);

            }

        }

    }