diff options
| author | Treehugger Robot <treehugger-gerrit@google.com> | 2021-05-21 02:42:59 +0000 |
|---|---|---|
| committer | Chiachang Wang <chiachangwang@google.com> | 2021-05-21 08:01:37 +0000 |
| commit | 094e13af5d615d64b8c5a9c0b7f396c3808cb8ff (patch) | |
| tree | 5fc3a31e129b4dcf71ee0c5158f87002680bb927 | |
| parent | ec84515c4cb21249a71ae2029eae0e112034ef37 (diff) | |
Use CS identity to update setting while performing factory reset
When apps try to call factoryReset to do networking reset, it
will result in updating the setting in SettingsProvider.
ContentProvider will verify if the package name of the caller
that initiated the request being processed on the current thread.
The package should belong to the calling UID. The setting update
started from the ConnectivityService context, so the package will
be android but the calling UID will be the calling app. It will
cause a SecurityException. The behavior is fine previously as its
known caller(Settings) shares system UID. But it will be a
problem for other callers, such as CTS. Thus, clear the identity
since the necessary permission check should be examined at the
top of the method. The following actions should be fine to be
proceed from the system itself. Also replace the user restriction
check via hasUserRestrictionForUser with the UserHandle created
from the calling uid to ensure it's verified with correct user.
Bug: 186061922
Test: Factory reset from Settings
Merged-In: If2dd69f702a1eafff331f9e71f6b92aeadfb715d
Change-Id: If2dd69f702a1eafff331f9e71f6b92aeadfb715d
(cherry picked from commit 0b1b84179f10804a55561c0d6e0751efecf2c77a)
| -rw-r--r-- | packages/Connectivity/service/src/com/android/server/ConnectivityService.java | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/packages/Connectivity/service/src/com/android/server/ConnectivityService.java b/packages/Connectivity/service/src/com/android/server/ConnectivityService.java index 6027a996838f..29a485680667 100644 --- a/packages/Connectivity/service/src/com/android/server/ConnectivityService.java +++ b/packages/Connectivity/service/src/com/android/server/ConnectivityService.java @@ -8655,28 +8655,32 @@ public class ConnectivityService extends IConnectivityManager.Stub public void factoryReset() { enforceSettingsPermission(); - if (mUserManager.hasUserRestriction(UserManager.DISALLOW_NETWORK_RESET)) { - return; - } - + final int uid = mDeps.getCallingUid(); final long token = Binder.clearCallingIdentity(); try { + if (mUserManager.hasUserRestrictionForUser(UserManager.DISALLOW_NETWORK_RESET, + UserHandle.getUserHandleForUid(uid))) { + return; + } + final IpMemoryStore ipMemoryStore = IpMemoryStore.getMemoryStore(mContext); ipMemoryStore.factoryReset(); - } finally { - Binder.restoreCallingIdentity(token); - } - // Turn airplane mode off - setAirplaneMode(false); + // Turn airplane mode off + setAirplaneMode(false); - // restore private DNS settings to default mode (opportunistic) - if (!mUserManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_PRIVATE_DNS)) { - ConnectivitySettingsManager.setPrivateDnsMode(mContext, PRIVATE_DNS_MODE_OPPORTUNISTIC); - } + // restore private DNS settings to default mode (opportunistic) + if (!mUserManager.hasUserRestrictionForUser(UserManager.DISALLOW_CONFIG_PRIVATE_DNS, + UserHandle.getUserHandleForUid(uid))) { + ConnectivitySettingsManager.setPrivateDnsMode(mContext, + PRIVATE_DNS_MODE_OPPORTUNISTIC); + } - Settings.Global.putString(mContext.getContentResolver(), - ConnectivitySettingsManager.NETWORK_AVOID_BAD_WIFI, null); + Settings.Global.putString(mContext.getContentResolver(), + ConnectivitySettingsManager.NETWORK_AVOID_BAD_WIFI, null); + } finally { + Binder.restoreCallingIdentity(token); + } } @Override |