From ee13d6aeeee63ddbbe395ac0ba7a0edc8219041a Mon Sep 17 00:00:00 2001
From: Junyu Lai <junyulai@google.com>
Date: Fri, 19 Nov 2021 07:08:10 +0000
Subject: [PATCH] Clear calling identity when notifying alert/limit reached

When the NetworkStatsProvider reports alert/limit reached,
NetworkStatsService will relay the event to other services
such as NPMS or NMS. The identity should be cleared before
calling into other services.

Test: TH
Bug: 181106917
Change-Id: I2a7b273dc30156a84b30566319894ec3a42d4429
---
 .../com/android/server/net/NetworkStatsService.java   | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java
index 097b0711ef..f3bbe7c818 100644
--- a/services/core/java/com/android/server/net/NetworkStatsService.java
+++ b/services/core/java/com/android/server/net/NetworkStatsService.java
@@ -150,6 +150,7 @@ import com.android.internal.util.ArrayUtils;
 import com.android.internal.util.DumpUtils;
 import com.android.internal.util.FileRotator;
 import com.android.internal.util.IndentingPrintWriter;
+import com.android.net.module.util.BinderUtils;
 import com.android.server.EventLogTags;
 import com.android.server.LocalServices;
 
@@ -2104,14 +2105,18 @@ public class NetworkStatsService extends INetworkStatsService.Stub {
 
         @Override
         public void notifyAlertReached() throws RemoteException {
-            mAlertObserver.limitReached(LIMIT_GLOBAL_ALERT, null /* unused */);
+            // This binder object can only have been obtained by a process that holds
+            // NETWORK_STATS_PROVIDER. Thus, no additional permission check is required.
+            BinderUtils.withCleanCallingIdentity(() ->
+                    mAlertObserver.limitReached(LIMIT_GLOBAL_ALERT, null /* unused */));
         }
 
         @Override
         public void notifyWarningOrLimitReached() {
             Log.d(TAG, mTag + ": notifyWarningOrLimitReached");
-            LocalServices.getService(NetworkPolicyManagerInternal.class)
-                    .onStatsProviderWarningOrLimitReached(mTag);
+            BinderUtils.withCleanCallingIdentity(() ->
+                    LocalServices.getService(NetworkPolicyManagerInternal.class)
+                            .onStatsProviderWarningOrLimitReached(mTag));
         }
 
         @Override