Call clearCallingIdentity before notifyDnsResponse
The NetworkStack only expects calls from UID 1000 (system_server) or the
Bluetooth app. onDnsEvent is triggered by Netd which has UID 0.
One alternative would be to allow UID 0 to call the NetworkStack
directly, but being more restrictive on callers sounds like a better
option.
Test: Flashed, booted, atest FrameworksNetTests
Change-Id: Id7fb30f1e25ec70fbfbc90f3c7fc95ba18c274e6
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 08e4903..89587b1 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -1716,16 +1716,17 @@
// the caller thread of registerNetworkAgent. Thus, it's not allowed to register netd
// event callback for certain nai. e.g. cellular. Register here to pass to
// NetworkMonitor instead.
- // TODO: Move the Dns Event to NetworkMonitor. Use Binder.clearCallingIdentity() in
- // registerNetworkAgent to have NetworkMonitor created with system process as design
- // expectation. Also, NetdEventListenerService only allow one callback from each
- // caller type. Need to re-factor NetdEventListenerService to allow multiple
- // NetworkMonitor registrants.
+ // TODO: Move the Dns Event to NetworkMonitor. NetdEventListenerService only allow one
+ // callback from each caller type. Need to re-factor NetdEventListenerService to allow
+ // multiple NetworkMonitor registrants.
if (nai != null && nai.satisfies(mDefaultRequest)) {
+ final long token = Binder.clearCallingIdentity();
try {
nai.networkMonitor().notifyDnsResponse(returnCode);
} catch (RemoteException e) {
e.rethrowFromSystemServer();
+ } finally {
+ Binder.restoreCallingIdentity(token);
}
}
}