Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d0fa4994 authored by Lorenzo Colitti's avatar Lorenzo Colitti
Browse files

Tighten up Binder.clearCallingIdentity() usage. 

Partial cherry-pick of ag/12771225 to avoid merge conflicts.

Test: builds
Bug: 155703208
Merged-In: I832c9d70c3dfcd8d669cf71939d97837becc973a
Change-Id: Iac7c482012639ac45658f9e32fc1b9b152b01532
parent e191d8d9

services/core/java/com/android/server/connectivity/Vpn.java

+5 −5
Original line number Diff line number Diff line
@@ -974,7 +974,7 @@ public class Vpn { 
    /** Prepare the VPN for the given package. Does not perform permission checks. */

    @GuardedBy("this")

    private void prepareInternal(String newPackage) {

        long token = Binder.clearCallingIdentity();

        final long token = Binder.clearCallingIdentity();

        try {

            // Reset the interface.

            if (mInterface != null) {
@@ -1262,7 +1262,7 @@ public class Vpn { 
        mNetworkCapabilities.setAdministratorUids(new int[] {mOwnerUID});

        mNetworkCapabilities.setUids(createUserAndRestrictedProfilesRanges(mUserId,

                mConfig.allowedApplications, mConfig.disallowedApplications));

        long token = Binder.clearCallingIdentity();

        final long token = Binder.clearCallingIdentity();

        try {

            mNetworkAgent = new NetworkAgent(mLooper, mContext, NETWORKTYPE /* logtag */,

                    mNetworkInfo, mNetworkCapabilities, lp,
@@ -1281,7 +1281,7 @@ public class Vpn { 
    }



    private boolean canHaveRestrictedProfile(int userId) {

        long token = Binder.clearCallingIdentity();

        final long token = Binder.clearCallingIdentity();

        try {

            return UserManager.get(mContext).canHaveRestrictedProfile(userId);

        } finally {
@@ -1328,7 +1328,7 @@ public class Vpn { 
        // Check if the service is properly declared.

        Intent intent = new Intent(VpnConfig.SERVICE_INTERFACE);

        intent.setClassName(mPackage, config.user);

        long token = Binder.clearCallingIdentity();

        final long token = Binder.clearCallingIdentity();

        try {

            // Restricted users are not allowed to create VPNs, they are tied to Owner

            enforceNotRestrictedUser();
@@ -2063,7 +2063,7 @@ public class Vpn { 
     */

    public void startLegacyVpn(VpnProfile profile, KeyStore keyStore, LinkProperties egress) {

        enforceControlPermission();

        long token = Binder.clearCallingIdentity();

        final long token = Binder.clearCallingIdentity();

        try {

            startLegacyVpnPrivileged(profile, keyStore, egress);

        } finally {