From 5ab1d831e0967072b79a85d24d0be518e0dffe52 Mon Sep 17 00:00:00 2001
From: Nate Myren <ntmyren@google.com>
Date: Thu, 11 Jan 2024 11:44:43 -0800
Subject: Clear calling identity when checking if NLS is trusted

This method is sometimes called on binder threads, and checks privileged
APIs

Fixes: 319601292
Test: CallExtrasTest#testCsPutIntExtra
Change-Id: I8ac8aa3ad26d487cb7183626a6c88a564a5a7c4c
---
 .../com/android/server/notification/NotificationManagerService.java    | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index 7aa7b7e1bfc1..13ff46a2675e 100755
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -12103,6 +12103,7 @@ public class NotificationManagerService extends SystemService {
                 return true;
             }
 
+            long token = Binder.clearCallingIdentity();
             try {
                 if (mPackageManager.checkUidPermission(RECEIVE_SENSITIVE_NOTIFICATIONS, uid)
                         == PERMISSION_GRANTED || mPackageManagerInternal.isPlatformSigned(pkg)) {
@@ -12129,6 +12130,8 @@ public class NotificationManagerService extends SystemService {
                 }
             } catch (RemoteException e) {
                 Slog.e(TAG, "Failed to check trusted status of listener", e);
+            } finally {
+                Binder.restoreCallingIdentity(token);
             }
             return false;
         }
-- 
cgit v1.2.3-59-g8ed1b