From 18a6e8cf2f871a47a5cfd46124b5e4f1fc0ac696 Mon Sep 17 00:00:00 2001
From: chiachangwang <chiachangwang@google.com>
Date: Thu, 1 Dec 2022 00:22:34 +0000
Subject: [PATCH] Ensure calling package and UID synchronized while calling
 dump()

This commit clear the calling identity before accessing the
DeviceConfig in ConnectivityService#dump().

The calling package of DeviceConfig.getProperties() comes from
ActivityThread.currentApplication(). In ConnectivityService#dump(),
the caller is ConnectivityService. It's OK to access DeviceConfig
from ConnectivityService. The same scenario applies to an app with
proper permission accessing DeviceConfig from its own context.

However, if cts would like to verify design by calling
ConnectivityService#dump(), the calling uid will comes from the
binder but package name will stay as ConnectivityService which
is 'android'. This will result in a SecurityException says that
the package does not match the uid and failed the test.

Bug: 255231779
Test: atest CtsNetTestCases FrameworksNetTests
Change-Id: I257e246b1cbf3b8a93bee2c326055ced9dfde588
---
 service/src/com/android/server/ConnectivityService.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index d52f411025..aa4c0307f6 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -249,6 +249,7 @@ import com.android.internal.util.MessageUtils;
 import com.android.modules.utils.BasicShellCommandHandler;
 import com.android.modules.utils.build.SdkLevel;
 import com.android.net.module.util.BaseNetdUnsolicitedEventListener;
+import com.android.net.module.util.BinderUtils;
 import com.android.net.module.util.BitUtils;
 import com.android.net.module.util.CollectionUtils;
 import com.android.net.module.util.DeviceConfigUtils;
@@ -5147,7 +5148,9 @@ public class ConnectivityService extends IConnectivityManager.Stub
             description = settingValue + " (?)";
         }
         pw.println("Avoid bad wifi setting:        " + description);
-        final Boolean configValue = mMultinetworkPolicyTracker.deviceConfigActivelyPreferBadWifi();
+
+        final Boolean configValue = BinderUtils.withCleanCallingIdentity(
+                () -> mMultinetworkPolicyTracker.deviceConfigActivelyPreferBadWifi());
         if (null == configValue) {
             description = "unset";
         } else if (configValue) {