From 6bf8f0fbd93d65c07d3237765dd7a5e13f6da96a Mon Sep 17 00:00:00 2001
From: Remi NGUYEN VAN <reminv@google.com>
Date: Mon, 4 Feb 2019 10:25:11 +0900
Subject: [PATCH] Call clearCallingIdentity before notifyDnsResponse

The NetworkStack only expects calls from UID 1000 (system_server) or the
Bluetooth app. onDnsEvent is triggered by Netd which has UID 0.

One alternative would be to allow UID 0 to call the NetworkStack
directly, but being more restrictive on callers sounds like a better
option.

Test: Flashed, booted, atest FrameworksNetTests
Change-Id: Id7fb30f1e25ec70fbfbc90f3c7fc95ba18c274e6
---
 .../java/com/android/server/ConnectivityService.java  | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 08e49034aa..89587b18df 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -1716,16 +1716,17 @@ public class ConnectivityService extends IConnectivityManager.Stub
             // the caller thread of registerNetworkAgent. Thus, it's not allowed to register netd
             // event callback for certain nai. e.g. cellular. Register here to pass to
             // NetworkMonitor instead.
-            // TODO: Move the Dns Event to NetworkMonitor. Use Binder.clearCallingIdentity() in
-            // registerNetworkAgent to have NetworkMonitor created with system process as design
-            // expectation. Also, NetdEventListenerService only allow one callback from each
-            // caller type. Need to re-factor NetdEventListenerService to allow multiple
-            // NetworkMonitor registrants.
+            // TODO: Move the Dns Event to NetworkMonitor. NetdEventListenerService only allow one
+            // callback from each caller type. Need to re-factor NetdEventListenerService to allow
+            // multiple NetworkMonitor registrants.
             if (nai != null && nai.satisfies(mDefaultRequest)) {
+                final long token = Binder.clearCallingIdentity();
                 try {
                     nai.networkMonitor().notifyDnsResponse(returnCode);
                 } catch (RemoteException e) {
                     e.rethrowFromSystemServer();
+                } finally {
+                    Binder.restoreCallingIdentity(token);
                 }
             }
         }