[SP20] Check signature permission when accessing network stats provider

Currently, registerNetworkStatsProvider requires the UPDATE_DEVICE_STATS permission. This is a privileged permission so it can be granted to preinstalled apps. Thus, apps like GmsCore, or preinstalled apps will be able to update network stats. This change checks for a new permission that would only allow signature apps to declare that. Also check MAINLINE_NETWORK_STACK permission to allow NetworkStack process to use it. Test: adb shell dumpsys netstats Test: atest FrameworksNetTests Bug: 149652079 Change-Id: Iaecbf10a7610461bd52e315659006c7332c416e6 Merged-In: Iaecbf10a7610461bd52e315659006c7332c416e6 Merged-In: Idfebd0a1988c3dcfd812d87e30f6a2034d6fbf6b (cherry picked from commit e9e8d8f9ff096c1723eba1d74b17bb7cade7f23b)
2020-03-12 09:46:48 +00:00
parent 050c7de093
commit f62907d9ca
2 changed files with 7 additions and 2 deletions
--- a/core/java/android/app/usage/NetworkStatsManager.java
+++ b/core/java/android/app/usage/NetworkStatsManager.java
@@ -29,6 +29,7 @@ import android.net.ConnectivityManager;
 import android.net.DataUsageRequest;
 import android.net.INetworkStatsService;
 import android.net.NetworkIdentity;
+import android.net.NetworkStack;
 import android.net.NetworkTemplate;
 import android.net.netstats.provider.AbstractNetworkStatsProvider;
 import android.net.netstats.provider.NetworkStatsProviderCallback;
@@ -540,7 +541,9 @@ public class NetworkStatsManager {
     * @hide
     */
    @SystemApi
-    @RequiresPermission(android.Manifest.permission.UPDATE_DEVICE_STATS)
+    @RequiresPermission(anyOf = {
+            android.Manifest.permission.NETWORK_STATS_PROVIDER,
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK})
    @NonNull public NetworkStatsProviderCallback registerNetworkStatsProvider(
            @NonNull String tag,
            @NonNull AbstractNetworkStatsProvider provider) {
--- a/services/core/java/com/android/server/net/NetworkStatsService.java
+++ b/services/core/java/com/android/server/net/NetworkStatsService.java
@@ -17,6 +17,7 @@
 package com.android.server.net;

 import static android.Manifest.permission.ACCESS_NETWORK_STATE;
+import static android.Manifest.permission.NETWORK_STATS_PROVIDER;
 import static android.Manifest.permission.READ_NETWORK_USAGE_HISTORY;
 import static android.Manifest.permission.UPDATE_DEVICE_STATS;
 import static android.content.Intent.ACTION_SHUTDOWN;
@@ -1828,7 +1829,8 @@ public class NetworkStatsService extends INetworkStatsService.Stub {
     */
    public @NonNull INetworkStatsProviderCallback registerNetworkStatsProvider(
            @NonNull String tag, @NonNull INetworkStatsProvider provider) {
-        mContext.enforceCallingOrSelfPermission(UPDATE_DEVICE_STATS, TAG);
+        enforceAnyPermissionOf(NETWORK_STATS_PROVIDER,
+                NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
        Objects.requireNonNull(provider, "provider is null");
        Objects.requireNonNull(tag, "tag is null");
        try {