Clear calling identity in callback.

In SubscriptionManager, when onSubscriptionsChanged is called when opportunistic subscriptions change, clear calling identity. Otherwise mExecutor is executed with phone process identity which can be a security issue. Test: build Bug: 117794788 Change-Id: I766cdc89f0421265cab00dc40d53f355deb7b92b Merged-In: I766cdc89f0421265cab00dc40d53f355deb7b92b
2018-10-16 18:18:51 -07:00
parent 4d73d87d83
commit b2129eb6b1
1 changed files with 8 additions and 2 deletions
--- a/telephony/java/android/telephony/SubscriptionManager.java
+++ b/telephony/java/android/telephony/SubscriptionManager.java
@@ -43,6 +43,7 @@ import android.database.ContentObserver;
 import android.net.INetworkPolicyManager;
 import android.net.NetworkCapabilities;
 import android.net.Uri;
+import android.os.Binder;
 import android.os.Build;
 import android.os.Handler;
 import android.os.Looper;
@@ -850,8 +851,13 @@ public class SubscriptionManager {
        IOnSubscriptionsChangedListener callback = new IOnSubscriptionsChangedListener.Stub() {
            @Override
            public void onSubscriptionsChanged() {
-                if (DBG) log("onOpportunisticSubscriptionsChanged callback received.");
-                mExecutor.execute(() -> onOpportunisticSubscriptionsChanged());
+                final long identity = Binder.clearCallingIdentity();
+                try {
+                    if (DBG) log("onOpportunisticSubscriptionsChanged callback received.");
+                    mExecutor.execute(() -> onOpportunisticSubscriptionsChanged());
+                } finally {
+                    Binder.restoreCallingIdentity(identity);
+                }
            }
        };