From 9b31c45731eb015cc3aba50735a3f0db3c43138f Mon Sep 17 00:00:00 2001 From: Treehugger Robot Date: Fri, 21 May 2021 02:42:59 +0000 Subject: [PATCH] Use CS identity to update setting while performing factory reset When apps try to call factoryReset to do networking reset, it will result in updating the setting in SettingsProvider. ContentProvider will verify if the package name of the caller that initiated the request being processed on the current thread. The package should belong to the calling UID. The setting update started from the ConnectivityService context, so the package will be android but the calling UID will be the calling app. It will cause a SecurityException. The behavior is fine previously as its known caller(Settings) shares system UID. But it will be a problem for other callers, such as CTS. Thus, clear the identity since the necessary permission check should be examined at the top of the method. The following actions should be fine to be proceed from the system itself. Also replace the user restriction check via hasUserRestrictionForUser with the UserHandle created from the calling uid to ensure it's verified with correct user. Bug: 186061922 Test: Factory reset from Settings Merged-In: If2dd69f702a1eafff331f9e71f6b92aeadfb715d Change-Id: If2dd69f702a1eafff331f9e71f6b92aeadfb715d (cherry picked from commit 0b1b84179f10804a55561c0d6e0751efecf2c77a) --- .../android/server/ConnectivityService.java | 34 +++++++++++-------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java index 6027a99683..29a4856806 100644 --- a/service/src/com/android/server/ConnectivityService.java +++ b/service/src/com/android/server/ConnectivityService.java @@ -8655,28 +8655,32 @@ public class ConnectivityService extends IConnectivityManager.Stub public void factoryReset() { enforceSettingsPermission(); - if (mUserManager.hasUserRestriction(UserManager.DISALLOW_NETWORK_RESET)) { - return; - } - + final int uid = mDeps.getCallingUid(); final long token = Binder.clearCallingIdentity(); try { + if (mUserManager.hasUserRestrictionForUser(UserManager.DISALLOW_NETWORK_RESET, + UserHandle.getUserHandleForUid(uid))) { + return; + } + final IpMemoryStore ipMemoryStore = IpMemoryStore.getMemoryStore(mContext); ipMemoryStore.factoryReset(); + + // Turn airplane mode off + setAirplaneMode(false); + + // restore private DNS settings to default mode (opportunistic) + if (!mUserManager.hasUserRestrictionForUser(UserManager.DISALLOW_CONFIG_PRIVATE_DNS, + UserHandle.getUserHandleForUid(uid))) { + ConnectivitySettingsManager.setPrivateDnsMode(mContext, + PRIVATE_DNS_MODE_OPPORTUNISTIC); + } + + Settings.Global.putString(mContext.getContentResolver(), + ConnectivitySettingsManager.NETWORK_AVOID_BAD_WIFI, null); } finally { Binder.restoreCallingIdentity(token); } - - // Turn airplane mode off - setAirplaneMode(false); - - // restore private DNS settings to default mode (opportunistic) - if (!mUserManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_PRIVATE_DNS)) { - ConnectivitySettingsManager.setPrivateDnsMode(mContext, PRIVATE_DNS_MODE_OPPORTUNISTIC); - } - - Settings.Global.putString(mContext.getContentResolver(), - ConnectivitySettingsManager.NETWORK_AVOID_BAD_WIFI, null); } @Override