Commit fed40171 authored Dec 02, 2020 by Oliver Scott Committed by Sam Mortimer Dec 04, 2020

NetworkPolicyManagerService: Fix network isolation for secondary users

* NetworkManager setFirewallUidRule checks that the caller is system uid

* Public service entry points are already protected with
  MANAGE_NETWORK_POLICY permission so simply clear calling identity
  around NetworkPolicyManagerService setUidFirewallRule() call to
  resolve crash for secondary users during settings change.

Change-Id: Id598264c965aafade8e79b9eeca608711ac49028

parent 0421c4ef

services/core/java/com/android/server/net/NetworkPolicyManagerService.java

+7 −2

Original line number	Diff line number	Diff line
		@@ -4355,8 +4355,13 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		return;
		}

		final long token = Binder.clearCallingIdentity();
		try {
		setUidFirewallRule(FIREWALL_CHAIN_ISOLATED, uid,
		isIsolated ? FIREWALL_RULE_DENY : FIREWALL_RULE_DEFAULT);
		} finally {
		Binder.restoreCallingIdentity(token);
		}

		int uidRules = oldUidRules;
		if (isIsolated) {