LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[SP20] Check signature permission when accessing network stats provider

Browse Source 
Currently, registerNetworkStatsProvider requires the
UPDATE_DEVICE_STATS permission. This is a privileged permission
so it can be granted to preinstalled apps. Thus, apps like
GmsCore, or preinstalled apps will be able to update network stats.

This change checks for a new permission that would only allow
signature apps to declare that. Also check
MAINLINE_NETWORK_STACK permission to allow NetworkStack process
to use it.

Test: adb shell dumpsys netstats
Test: atest FrameworksNetTests
Bug: 149652079
Change-Id: Idfebd0a1988c3dcfd812d87e30f6a2034d6fbf6b
This commit is contained in:
junyulai
2020-02-24 18:16:54 +08:00
parent df2aef7c1d
commit f2b6d74356
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
core/java/android/app/usage/NetworkStatsManager.java
View File

@@ -29,6 +29,7 @@ import android.net.ConnectivityManager;
import android.net.DataUsageRequest; import android.net.DataUsageRequest;
import android.net.INetworkStatsService; import android.net.INetworkStatsService;
import android.net.NetworkIdentity; import android.net.NetworkIdentity;
import android.net.NetworkStack;
import android.net.NetworkTemplate; import android.net.NetworkTemplate;
import android.net.netstats.provider.AbstractNetworkStatsProvider; import android.net.netstats.provider.AbstractNetworkStatsProvider;
import android.net.netstats.provider.NetworkStatsProviderCallback; import android.net.netstats.provider.NetworkStatsProviderCallback;
@@ -540,7 +541,9 @@ public class NetworkStatsManager {
* @hide * @hide
*/ */
@SystemApi @SystemApi
@RequiresPermission(android.Manifest.permission.UPDATE_DEVICE_STATS) @RequiresPermission(anyOf = {
android.Manifest.permission.NETWORK_STATS_PROVIDER,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK})
@NonNull public NetworkStatsProviderCallback registerNetworkStatsProvider( @NonNull public NetworkStatsProviderCallback registerNetworkStatsProvider(
@NonNull String tag, @NonNull String tag,
@NonNull AbstractNetworkStatsProvider provider) { @NonNull AbstractNetworkStatsProvider provider) {

4
services/core/java/com/android/server/net/NetworkStatsService.java
View File

@@ -17,6 +17,7 @@
package com.android.server.net; package com.android.server.net;
import static android.Manifest.permission.ACCESS_NETWORK_STATE; import static android.Manifest.permission.ACCESS_NETWORK_STATE;
import static android.Manifest.permission.NETWORK_STATS_PROVIDER;
import static android.Manifest.permission.READ_NETWORK_USAGE_HISTORY; import static android.Manifest.permission.READ_NETWORK_USAGE_HISTORY;
import static android.Manifest.permission.UPDATE_DEVICE_STATS; import static android.Manifest.permission.UPDATE_DEVICE_STATS;
import static android.content.Intent.ACTION_SHUTDOWN; import static android.content.Intent.ACTION_SHUTDOWN;
@@ -1801,7 +1802,8 @@ public class NetworkStatsService extends INetworkStatsService.Stub {
*/ */
public @NonNull INetworkStatsProviderCallback registerNetworkStatsProvider( public @NonNull INetworkStatsProviderCallback registerNetworkStatsProvider(
@NonNull String tag, @NonNull INetworkStatsProvider provider) { @NonNull String tag, @NonNull INetworkStatsProvider provider) {
mContext.enforceCallingOrSelfPermission(UPDATE_DEVICE_STATS, TAG); enforceAnyPermissionOf(NETWORK_STATS_PROVIDER,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
Objects.requireNonNull(provider, "provider is null"); Objects.requireNonNull(provider, "provider is null");
Objects.requireNonNull(tag, "tag is null"); Objects.requireNonNull(tag, "tag is null");
try { try {