LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Call clearCallingIdentity before notifyDnsResponse

Browse Source 
The NetworkStack only expects calls from UID 1000 (system_server) or the
Bluetooth app. onDnsEvent is triggered by Netd which has UID 0.

One alternative would be to allow UID 0 to call the NetworkStack
directly, but being more restrictive on callers sounds like a better
option.

Test: Flashed, booted, atest FrameworksNetTests
Change-Id: Id7fb30f1e25ec70fbfbc90f3c7fc95ba18c274e6
This commit is contained in:
Remi NGUYEN VAN
2019-02-04 10:25:11 +09:00
parent af8e41c434
commit 6bf8f0fbd9
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -1716,16 +1716,17 @@ public class ConnectivityService extends IConnectivityManager.Stub
// the caller thread of registerNetworkAgent. Thus, it's not allowed to register netd // the caller thread of registerNetworkAgent. Thus, it's not allowed to register netd
// event callback for certain nai. e.g. cellular. Register here to pass to // event callback for certain nai. e.g. cellular. Register here to pass to
// NetworkMonitor instead. // NetworkMonitor instead.
// TODO: Move the Dns Event to NetworkMonitor. Use Binder.clearCallingIdentity() in // TODO: Move the Dns Event to NetworkMonitor. NetdEventListenerService only allow one
// registerNetworkAgent to have NetworkMonitor created with system process as design // callback from each caller type. Need to re-factor NetdEventListenerService to allow
// expectation. Also, NetdEventListenerService only allow one callback from each // multiple NetworkMonitor registrants.
// caller type. Need to re-factor NetdEventListenerService to allow multiple
// NetworkMonitor registrants.
if (nai != null && nai.satisfies(mDefaultRequest)) { if (nai != null && nai.satisfies(mDefaultRequest)) {
final long token = Binder.clearCallingIdentity();
try { try {
nai.networkMonitor().notifyDnsResponse(returnCode); nai.networkMonitor().notifyDnsResponse(returnCode);
} catch (RemoteException e) { } catch (RemoteException e) {
e.rethrowFromSystemServer(); e.rethrowFromSystemServer();
} finally {
Binder.restoreCallingIdentity(token);
} }
} }
} }