LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge changes from topic "statsaccess"

Browse Source 
* changes:
  Check MAINLINE_NETWORK_STACK as well to make GTS can access proper stats
  Move checkAnyPermissionOf to PermissionUtils
This commit is contained in:
Junyu Lai
2023-04-14 09:54:49 +00:00
committed by Gerrit Code Review
parent 86179beedb e68c42b888
commit 9d25241337
3 changed files with 24 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
framework-t/src/android/net/NetworkStatsAccess.java
View File

@@ -17,7 +17,6 @@
package android.net; package android.net;
import static android.Manifest.permission.READ_NETWORK_USAGE_HISTORY; import static android.Manifest.permission.READ_NETWORK_USAGE_HISTORY;
import static android.content.pm.PackageManager.PERMISSION_GRANTED;
import static android.net.NetworkStats.UID_ALL; import static android.net.NetworkStats.UID_ALL;
import static android.net.TrafficStats.UID_REMOVED; import static android.net.TrafficStats.UID_REMOVED;
import static android.net.TrafficStats.UID_TETHERING; import static android.net.TrafficStats.UID_TETHERING;
@@ -33,6 +32,8 @@ import android.os.Process;
import android.os.UserHandle; import android.os.UserHandle;
import android.telephony.TelephonyManager; import android.telephony.TelephonyManager;
import com.android.net.module.util.PermissionUtils;
import java.lang.annotation.Retention; import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy; import java.lang.annotation.RetentionPolicy;
@@ -100,6 +101,7 @@ public final class NetworkStatsAccess {
* <li>Device owners. * <li>Device owners.
* <li>Carrier-privileged applications. * <li>Carrier-privileged applications.
* <li>The system UID. * <li>The system UID.
* <li>NetworkStack application.
* </ul> * </ul>
*/ */
int DEVICE = 3; int DEVICE = 3;
@@ -125,9 +127,9 @@ public final class NetworkStatsAccess {
final int appId = UserHandle.getAppId(callingUid); final int appId = UserHandle.getAppId(callingUid);
final boolean isNetworkStack = context.checkPermission( final boolean isNetworkStack = PermissionUtils.checkAnyPermissionOf(
android.Manifest.permission.NETWORK_STACK, callingPid, callingUid) context, callingPid, callingUid, android.Manifest.permission.NETWORK_STACK,
== PERMISSION_GRANTED; NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
if (hasCarrierPrivileges || isDeviceOwner if (hasCarrierPrivileges || isDeviceOwner
|| appId == Process.SYSTEM_UID || isNetworkStack) { || appId == Process.SYSTEM_UID || isNetworkStack) {

21
service/src/com/android/server/ConnectivityService.java
View File

@@ -98,6 +98,7 @@ import static android.system.OsConstants.IPPROTO_UDP;
import static com.android.net.module.util.DeviceConfigUtils.TETHERING_MODULE_NAME; import static com.android.net.module.util.DeviceConfigUtils.TETHERING_MODULE_NAME;
import static com.android.net.module.util.NetworkMonitorUtils.isPrivateDnsValidationRequired; import static com.android.net.module.util.NetworkMonitorUtils.isPrivateDnsValidationRequired;
import static com.android.net.module.util.PermissionUtils.checkAnyPermissionOf;
import static com.android.net.module.util.PermissionUtils.enforceAnyPermissionOf; import static com.android.net.module.util.PermissionUtils.enforceAnyPermissionOf;
import static com.android.net.module.util.PermissionUtils.enforceNetworkStackPermission; import static com.android.net.module.util.PermissionUtils.enforceNetworkStackPermission;
import static com.android.net.module.util.PermissionUtils.enforceNetworkStackPermissionOr; import static com.android.net.module.util.PermissionUtils.enforceNetworkStackPermissionOr;
@@ -2324,11 +2325,12 @@ public class ConnectivityService extends IConnectivityManager.Stub
if (newNc.getNetworkSpecifier() != null) { if (newNc.getNetworkSpecifier() != null) {
newNc.setNetworkSpecifier(newNc.getNetworkSpecifier().redact()); newNc.setNetworkSpecifier(newNc.getNetworkSpecifier().redact());
} }
if (!checkAnyPermissionOf(callerPid, callerUid, android.Manifest.permission.NETWORK_STACK, if (!checkAnyPermissionOf(mContext, callerPid, callerUid,
android.Manifest.permission.NETWORK_STACK,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK)) { NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK)) {
newNc.setAdministratorUids(new int[0]); newNc.setAdministratorUids(new int[0]);
} }
if (!checkAnyPermissionOf( if (!checkAnyPermissionOf(mContext,
callerPid, callerUid, android.Manifest.permission.NETWORK_FACTORY)) { callerPid, callerUid, android.Manifest.permission.NETWORK_FACTORY)) {
newNc.setAllowedUids(new ArraySet<>()); newNc.setAllowedUids(new ArraySet<>());
newNc.setSubscriptionIds(Collections.emptySet()); newNc.setSubscriptionIds(Collections.emptySet());
@@ -2837,15 +2839,6 @@ public class ConnectivityService extends IConnectivityManager.Stub
setUidBlockedReasons(uid, blockedReasons); setUidBlockedReasons(uid, blockedReasons);
} }
private boolean checkAnyPermissionOf(int pid, int uid, String... permissions) {
for (String permission : permissions) {
if (mContext.checkPermission(permission, pid, uid) == PERMISSION_GRANTED) {
return true;
}
}
return false;
}
private void enforceInternetPermission() { private void enforceInternetPermission() {
mContext.enforceCallingOrSelfPermission( mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.INTERNET, android.Manifest.permission.INTERNET,
@@ -3004,13 +2997,13 @@ public class ConnectivityService extends IConnectivityManager.Stub
} }
private boolean checkNetworkStackPermission(int pid, int uid) { private boolean checkNetworkStackPermission(int pid, int uid) {
return checkAnyPermissionOf(pid, uid, return checkAnyPermissionOf(mContext, pid, uid,
android.Manifest.permission.NETWORK_STACK, android.Manifest.permission.NETWORK_STACK,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK); NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
} }
private boolean checkNetworkSignalStrengthWakeupPermission(int pid, int uid) { private boolean checkNetworkSignalStrengthWakeupPermission(int pid, int uid) {
return checkAnyPermissionOf(pid, uid, return checkAnyPermissionOf(mContext, pid, uid,
android.Manifest.permission.NETWORK_SIGNAL_STRENGTH_WAKEUP, android.Manifest.permission.NETWORK_SIGNAL_STRENGTH_WAKEUP,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
android.Manifest.permission.NETWORK_SETTINGS); android.Manifest.permission.NETWORK_SETTINGS);
@@ -5008,7 +5001,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
} }
private RequestInfoPerUidCounter getRequestCounter(NetworkRequestInfo nri) { private RequestInfoPerUidCounter getRequestCounter(NetworkRequestInfo nri) {
return checkAnyPermissionOf( return checkAnyPermissionOf(mContext,
nri.mPid, nri.mUid, NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK) nri.mPid, nri.mUid, NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK)
? mSystemNetworkRequestCounter : mNetworkRequestCounter; ? mSystemNetworkRequestCounter : mNetworkRequestCounter;
} }

11
tests/unit/java/android/net/NetworkStatsAccessTest.java
View File

@@ -78,6 +78,7 @@ public class NetworkStatsAccessTest {
setHasAppOpsPermission(AppOpsManager.MODE_DEFAULT, false); setHasAppOpsPermission(AppOpsManager.MODE_DEFAULT, false);
setHasReadHistoryPermission(false); setHasReadHistoryPermission(false);
setHasNetworkStackPermission(false); setHasNetworkStackPermission(false);
setHasMainlineNetworkStackPermission(false);
} }
@After @After
@@ -154,6 +155,10 @@ public class NetworkStatsAccessTest {
setHasNetworkStackPermission(false); setHasNetworkStackPermission(false);
assertEquals(NetworkStatsAccess.Level.DEFAULT, assertEquals(NetworkStatsAccess.Level.DEFAULT,
NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG)); NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG));
setHasMainlineNetworkStackPermission(true);
assertEquals(NetworkStatsAccess.Level.DEVICE,
NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG));
} }
private void setHasCarrierPrivileges(boolean hasPrivileges) { private void setHasCarrierPrivileges(boolean hasPrivileges) {
@@ -189,4 +194,10 @@ public class NetworkStatsAccessTest {
TEST_PID, TEST_UID)).thenReturn(hasPermission ? PackageManager.PERMISSION_GRANTED TEST_PID, TEST_UID)).thenReturn(hasPermission ? PackageManager.PERMISSION_GRANTED
: PackageManager.PERMISSION_DENIED); : PackageManager.PERMISSION_DENIED);
} }
private void setHasMainlineNetworkStackPermission(boolean hasPermission) {
when(mContext.checkPermission(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
TEST_PID, TEST_UID)).thenReturn(hasPermission ? PackageManager.PERMISSION_GRANTED
: PackageManager.PERMISSION_DENIED);
}
} }