LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Clear calling identity before calling into DPM"

Browse Source
This commit is contained in:
Junyu Lai
2023-03-02 05:56:51 +00:00
committed by Gerrit Code Review
parent 9e54059c5d 09330c436e
commit ae04a1a842
1 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
framework-t/src/android/net/NetworkStatsAccess.java
View File

@@ -111,17 +111,18 @@ public final class NetworkStatsAccess {
final DevicePolicyManager mDpm = context.getSystemService(DevicePolicyManager.class); final DevicePolicyManager mDpm = context.getSystemService(DevicePolicyManager.class);
final TelephonyManager tm = (TelephonyManager) final TelephonyManager tm = (TelephonyManager)
context.getSystemService(Context.TELEPHONY_SERVICE); context.getSystemService(Context.TELEPHONY_SERVICE);
boolean hasCarrierPrivileges; final boolean hasCarrierPrivileges;
final long token = Binder.clearCallingIdentity(); final boolean isDeviceOwner;
long token = Binder.clearCallingIdentity();
try { try {
hasCarrierPrivileges = tm != null hasCarrierPrivileges = tm != null
&& tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage) && tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage)
== TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS; == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS;
isDeviceOwner = mDpm != null && mDpm.isDeviceOwnerApp(callingPackage);
} finally { } finally {
Binder.restoreCallingIdentity(token); Binder.restoreCallingIdentity(token);
} }
final boolean isDeviceOwner = mDpm != null && mDpm.isDeviceOwnerApp(callingPackage);
final int appId = UserHandle.getAppId(callingUid); final int appId = UserHandle.getAppId(callingUid);
final boolean isNetworkStack = context.checkPermission( final boolean isNetworkStack = context.checkPermission(
@@ -135,15 +136,20 @@ public final class NetworkStatsAccess {
return NetworkStatsAccess.Level.DEVICE; return NetworkStatsAccess.Level.DEVICE;
} }
boolean hasAppOpsPermission = hasAppOpsPermission(context, callingUid, callingPackage); final boolean hasAppOpsPermission =
hasAppOpsPermission(context, callingUid, callingPackage);
if (hasAppOpsPermission || context.checkCallingOrSelfPermission( if (hasAppOpsPermission || context.checkCallingOrSelfPermission(
READ_NETWORK_USAGE_HISTORY) == PackageManager.PERMISSION_GRANTED) { READ_NETWORK_USAGE_HISTORY) == PackageManager.PERMISSION_GRANTED) {
return NetworkStatsAccess.Level.DEVICESUMMARY; return NetworkStatsAccess.Level.DEVICESUMMARY;
} }
//TODO(b/169395065) Figure out if this flow makes sense in Device Owner mode. final boolean isProfileOwner;
boolean isProfileOwner = mDpm != null && (mDpm.isProfileOwnerApp(callingPackage) token = Binder.clearCallingIdentity();
|| mDpm.isDeviceOwnerApp(callingPackage)); try {
isProfileOwner = mDpm != null && mDpm.isProfileOwnerApp(callingPackage);
} finally {
Binder.restoreCallingIdentity(token);
}
if (isProfileOwner) { if (isProfileOwner) {
// Apps with the AppOps permission, profile owners, and apps with the privileged // Apps with the AppOps permission, profile owners, and apps with the privileged
// permission can access data usage for all apps in this user/profile. // permission can access data usage for all apps in this user/profile.