Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8719f683 authored by Todd Kennedy's avatar Todd Kennedy
Browse files

DO NOT MERGE Restore calling identity before checking permission 

Using the system service identity to check the CHANGE_CONFIGURATION
permission isn't likely to catch a security violation. Changing
back to the original caller and then checking permissions is
preferred.

Cherry picked from lmp. Fixes bug 15989465.

Change-Id: Iff08d04422bcc052a487194154f1fd0d727d38f4
parent ced2f74a

services/java/com/android/server/am/ActivityStackSupervisor.java

+2 −2
Original line number Diff line number Diff line
@@ -742,6 +742,8 @@ public final class ActivityStackSupervisor { 
                    aInfo, resultTo, resultWho, requestCode, callingPid, callingUid,

                    callingPackage, startFlags, options, componentSpecified, null);



            Binder.restoreCallingIdentity(origId);



            if (stack.mConfigWillChange) {

                // If the caller also wants to switch to a new configuration,

                // do so now.  This allows a clean switch, as we are waiting
@@ -755,8 +757,6 @@ public final class ActivityStackSupervisor { 
                mService.updateConfigurationLocked(config, null, false, false);

            }



            Binder.restoreCallingIdentity(origId);



            if (outResult != null) {

                outResult.result = res;

                if (res == ActivityManager.START_SUCCESS) {