Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 340f6d4d authored by Azhara Assanova's avatar Azhara Assanova
Browse files

Final token from Binder.clearCallingIdentity() 

The result from Binder.clearCallingIdentity() should be final in order
to prevent it from being overwritten before calling
Binder.restoreCallingIdentity(), which can cause security problems when
restoring the identity.

Bug: 157626959
Test: m checkbuild
Change-Id: I45e0e29fcefc35afa70d50dabfb79ada1579eae8
parent f9b2ab02

services/backup/java/com/android/server/backup/UserBackupManagerService.java

+1 −1
Original line number Diff line number Diff line
@@ -4369,7 +4369,7 @@ public class UserBackupManagerService { 
            return OperationType.BACKUP;

        }



        long oldCallingId = Binder.clearCallingIdentity();

        final long oldCallingId = Binder.clearCallingIdentity();

        try {

            IBackupTransport transport = transportClient.connectOrThrow(

                    /* caller */ "BMS.getOperationTypeFromTransport");

services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java

+3 −3
Original line number Diff line number Diff line
@@ -787,7 +787,7 @@ public class CompanionDeviceManagerService extends SystemService implements Bind 
                        + " for " + association

                        + " - profile still present in " + otherAssociationWithDeviceProfile);

            } else {

                long identity = Binder.clearCallingIdentity();

                final long identity = Binder.clearCallingIdentity();

                try {

                    mRoleManager.removeRoleHolderAsUser(

                            association.getDeviceProfile(),
@@ -1001,7 +1001,7 @@ public class CompanionDeviceManagerService extends SystemService implements Bind 
    }



    private List<UserInfo> getAllUsers() {

        long identity = Binder.clearCallingIdentity();

        final long identity = Binder.clearCallingIdentity();

        try {

            return mUserManager.getUsers();

        } finally {
@@ -1017,7 +1017,7 @@ public class CompanionDeviceManagerService extends SystemService implements Bind 
    }



    private Set<Association> getAllAssociations() {

        long identity = Binder.clearCallingIdentity();

        final long identity = Binder.clearCallingIdentity();

        try {

            ArraySet<Association> result = new ArraySet<>();

            for (UserInfo user : mUserManager.getAliveUsers()) {

services/core/java/com/android/server/SensorPrivacyService.java

+2 −2
Original line number Diff line number Diff line
@@ -265,7 +265,7 @@ public final class SensorPrivacyService extends SystemService { 
                sensor = CAMERA;

            }



            long token = Binder.clearCallingIdentity();

            final long token = Binder.clearCallingIdentity();

            try {

                onSensorUseStarted(uid, packageName, sensor);

            } finally {
@@ -484,7 +484,7 @@ public final class SensorPrivacyService extends SystemService { 
                mIndividualEnabled.put(userId, userIndividualEnabled);



                if (!enable) {

                    long token = Binder.clearCallingIdentity();

                    final long token = Binder.clearCallingIdentity();

                    try {

                        // Remove any notifications prompting the user to disable sensory privacy

                        NotificationManager notificationManager =

services/core/java/com/android/server/StorageManagerService.java

+1 −1
Original line number Diff line number Diff line
@@ -3459,7 +3459,7 @@ class StorageManagerService extends IStorageManager.Stub 
        // We want to call the manageSpaceActivity as a SystemService and clear identity

        // of the calling App

        int originalUid = Binder.getCallingUidOrThrow();

        long token = Binder.clearCallingIdentity();

        final long token = Binder.clearCallingIdentity();



        try {

            ApplicationInfo appInfo = mIPackageManager.getApplicationInfo(packageName, 0,

services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java

+4 −4
Original line number Diff line number Diff line
@@ -262,7 +262,7 @@ public class FingerprintService extends SystemService { 
            final boolean isKeyguard = Utils.isKeyguard(getContext(), opPackageName);



            // Clear calling identity when checking LockPatternUtils for StrongAuth flags.

            long identity = Binder.clearCallingIdentity();

            final long identity1 = Binder.clearCallingIdentity();

            try {

                if (isKeyguard && Utils.isUserEncryptedOrLockdown(mLockPatternUtils, userId)) {

                    // If this happens, something in KeyguardUpdateMonitor is wrong.
@@ -272,7 +272,7 @@ public class FingerprintService extends SystemService { 
                    return;

                }

            } finally {

                Binder.restoreCallingIdentity(identity);

                Binder.restoreCallingIdentity(identity1);

            }



            final boolean restricted = getContext().checkCallingPermission(MANAGE_FINGERPRINT)
@@ -296,11 +296,11 @@ public class FingerprintService extends SystemService { 
                    provider.second.getSensorProperties(sensorId);

            if (!isKeyguard && !Utils.isSettings(getContext(), opPackageName)

                    && sensorProps != null && sensorProps.isAnyUdfpsType()) {

                identity = Binder.clearCallingIdentity();

                final long identity2 = Binder.clearCallingIdentity();

                try {

                    authenticateWithPrompt(operationId, sensorProps, userId, receiver);

                } finally {

                    Binder.restoreCallingIdentity(identity);

                    Binder.restoreCallingIdentity(identity2);

                }

            } else {

                provider.second.scheduleAuthenticate(provider.first, token, operationId, userId,