Clear calling identity before calling to DeviceIdleController
There are two possible ways to stop a VPN for a VpnManager apps, deleteVpnProfile() and stopVpnProfile(). Both of them will result in a VpnManagerEvent to notify that the VPN is stopped. The call stack to send a VpnManagerEvent will Call to DeviceIdleController.addPowerSaveTempWhitelistApp which requires UPDATE_DEVICE_STATS permission. Vpn calls it to allow VpnManager app to temporarily run background services to handle the event. This action is done inside the system and should not requires callers' permission. The calling identity is cleared in deleteVpnProfile() but not in stopVpnProfile(). This results in receiving a SecurityException on calling VPN apps, and crash apps without UPDATE_DEVICE_STATS permission(which is not required). Bug: 276457150 Test: atest FrameworksNetTests Change-Id: I1956cbff9374dbed91374974f3a62aeed0b75f27
Loading
Please register or sign in to comment