Clear calling identity before calling to DeviceIdleController - platform/frameworks/base

diff options

author	chiachangwang <chiachangwang@google.com>	2023-04-10 13:31:51 +0000
committer	chiachangwang <chiachangwang@google.com>	2023-04-10 13:31:51 +0000
commit	4e9fced5568558af8866e46e62ba790a39517644 (patch)
tree	b785784144fc164dd1ed81e91c1ddfff69938718 /libs/androidfw/StringPool.cpp
parent	66f740be09d846abf12521fdf392e74a5a09b50b (diff)

Clear calling identity before calling to DeviceIdleController

There are two possible ways to stop a VPN for a VpnManager apps, deleteVpnProfile() and stopVpnProfile(). Both of them will result in a VpnManagerEvent to notify that the VPN is stopped. The call stack to send a VpnManagerEvent will Call to DeviceIdleController.addPowerSaveTempWhitelistApp which requires UPDATE_DEVICE_STATS permission. Vpn calls it to allow VpnManager app to temporarily run background services to handle the event. This action is done inside the system and should not requires callers' permission. The calling identity is cleared in deleteVpnProfile() but not in stopVpnProfile(). This results in receiving a SecurityException on calling VPN apps, and crash apps without UPDATE_DEVICE_STATS permission(which is not required). Bug: 276457150 Test: atest FrameworksNetTests Change-Id: I1956cbff9374dbed91374974f3a62aeed0b75f27

Diffstat (limited to 'libs/androidfw/StringPool.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: