Clear calling identity before binding instant app resolver

EphemeralResolverConnection always bind the instant app resolver installed
in user 0. It can be a problem if PMS is calling
EphemeralResolverConnection in a binder call from other users.
In which case, we are binding service in user 0 from other users and
security exception is thrown.

This fix assume it is WAI we always bind instant app resolver in user 0.

Fix: 38257043

Test: reboot, launch a work profile app that start an ACTION_VIEW intent
with http link. No crash observed.

Change-Id: Ic4e451b67ef127f05c3e594254b310da690a2324

diff --git a/services/core/java/com/android/server/pm/EphemeralResolverConnection.java b/services/core/java/com/android/server/pm/EphemeralResolverConnection.java
index aa780cc..1de3936 100644 (file)
--- a/services/core/java/com/android/server/pm/EphemeralResolverConnection.java
+++ b/services/core/java/com/android/server/pm/EphemeralResolverConnection.java
@@ -23,6 +23,7 @@ import android.content.Context;
 import android.content.Intent;
 import android.content.ServiceConnection;
 import android.content.pm.InstantAppResolveInfo;
+import android.os.Binder;
 import android.os.Build;
 import android.os.Bundle;
 import android.os.Handler;
@@ -140,7 +141,12 @@ final class EphemeralResolverConnection implements DeathRecipient {
             if (mRemoteInstance != null) {
                 return mRemoteInstance;
             }
-            bindLocked(token);
+            long binderToken = Binder.clearCallingIdentity();
+            try {
+                bindLocked(token);
+            } finally {
+                Binder.restoreCallingIdentity(binderToken);
+            }
             return mRemoteInstance;
         }
     }