Unverified Commit 25ed46d0 authored Jan 10, 2022 by Oliver Scott Committed by Michael Bestas Mar 12, 2022

Clear calling identity when setting restricted networking mode UID firewall rules

* NetworkManager setFirewallUidRule checks that the caller is system uid

* Public service entry points are already protected with MANAGE_NETWORK_POLICY permission so simply clear calling identity around NetworkPolicyManagerService setUidFirewallRule() call to resolve crash for secondary users during settings change.

Change-Id: I2fb22e77c0afa67acfbb5b9d57173df5aefb0d57

parent ae36a827

services/core/java/com/android/server/net/NetworkPolicyManagerService.java

+7 −2

Original line number	Diff line number	Diff line
		@@ -4198,8 +4198,13 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		if (mRestrictedNetworkingMode) {
		// Note: setUidFirewallRule also updates mUidFirewallRestrictedModeRules.
		// In this case, default firewall rules can also be added.
		long token = Binder.clearCallingIdentity();
		try {
		setUidFirewallRule(FIREWALL_CHAIN_RESTRICTED, uid,
		getRestrictedModeFirewallRule(newUidRule));
		} finally {
		Binder.restoreCallingIdentity(token);
		}
		}
		}