Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Enforce permission on native puller API" into rvc-dev am: 591bb7b1fe

Browse Source 
Change-Id: I74128eae2dc38de85b78e81705c8ec8018034c4d
This commit is contained in:
TreeHugger Robot
2020-03-19 21:35:56 +00:00
committed by Automerger Merge Worker
parent 2d2e7ea435 591bb7b1fe
commit af0f4cbc0c
4 changed files with 27 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
apex/statsd/aidl/android/os/IStatsd.aidl
View File

@@ -190,10 +190,12 @@ interface IStatsd {
long timeoutMillis,in int[] additiveFields, long timeoutMillis,in int[] additiveFields,
IPullAtomCallback pullerCallback); IPullAtomCallback pullerCallback);
/** /**
* Registers a puller callback function that, when invoked, pulls the data * Registers a puller callback function that, when invoked, pulls the data
* for the specified atom tag. * for the specified atom tag.
*/ *
* Enforces the REGISTER_STATS_PULL_ATOM permission.
*/
oneway void registerNativePullAtomCallback(int atomTag, long coolDownNs, long timeoutNs, oneway void registerNativePullAtomCallback(int atomTag, long coolDownNs, long timeoutNs,
in int[] additiveFields, IPullAtomCallback pullerCallback); in int[] additiveFields, IPullAtomCallback pullerCallback);
@@ -203,7 +205,9 @@ interface IStatsd {
oneway void unregisterPullAtomCallback(int uid, int atomTag); oneway void unregisterPullAtomCallback(int uid, int atomTag);
/** /**
* Unregisters any pullAtomCallback for the given atom. * Unregisters any pullAtomCallback for the given atom + caller.
*
* Enforces the REGISTER_STATS_PULL_ATOM permission.
*/ */
oneway void unregisterNativePullAtomCallback(int atomTag); oneway void unregisterNativePullAtomCallback(int atomTag);

1
apex/statsd/tests/libstatspull/AndroidManifest.xml
View File

@@ -21,6 +21,7 @@
<uses-permission android:name="android.permission.DUMP" /> <uses-permission android:name="android.permission.DUMP" />
<uses-permission android:name="android.permission.PACKAGE_USAGE_STATS" /> <uses-permission android:name="android.permission.PACKAGE_USAGE_STATS" />
<uses-permission android:name="android.permission.REGISTER_STATS_PULL_ATOM" />
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner" <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="com.android.internal.os.statsd.libstats" android:targetPackage="com.android.internal.os.statsd.libstats"

17
cmds/statsd/src/StatsService.cpp
View File

@@ -53,6 +53,8 @@ namespace statsd {
constexpr const char* kPermissionDump = "android.permission.DUMP"; constexpr const char* kPermissionDump = "android.permission.DUMP";
constexpr const char* kPermissionRegisterPullAtom = "android.permission.REGISTER_STATS_PULL_ATOM";
#define STATS_SERVICE_DIR "/data/misc/stats-service" #define STATS_SERVICE_DIR "/data/misc/stats-service"
// for StatsDataDumpProto // for StatsDataDumpProto
@@ -60,7 +62,7 @@ const int FIELD_ID_REPORTS_LIST = 1;
static Status exception(int32_t code, const std::string& msg) { static Status exception(int32_t code, const std::string& msg) {
ALOGE("%s (%d)", msg.c_str(), code); ALOGE("%s (%d)", msg.c_str(), code);
return ::ndk::ScopedAStatus(AStatus_fromExceptionCodeWithMessage(code, msg.c_str())); return Status::fromExceptionCodeWithMessage(code, msg.c_str());
} }
static bool checkPermission(const char* permission) { static bool checkPermission(const char* permission) {
@@ -1210,7 +1212,12 @@ Status StatsService::registerPullAtomCallback(int32_t uid, int32_t atomTag, int6
Status StatsService::registerNativePullAtomCallback(int32_t atomTag, int64_t coolDownNs, Status StatsService::registerNativePullAtomCallback(int32_t atomTag, int64_t coolDownNs,
int64_t timeoutNs, const std::vector<int32_t>& additiveFields, int64_t timeoutNs, const std::vector<int32_t>& additiveFields,
const shared_ptr<IPullAtomCallback>& pullerCallback) { const shared_ptr<IPullAtomCallback>& pullerCallback) {
if (!checkPermission(kPermissionRegisterPullAtom)) {
return exception(
EX_SECURITY,
StringPrintf("Uid %d does not have the %s permission when registering atom %d",
AIBinder_getCallingUid(), kPermissionRegisterPullAtom, atomTag));
}
VLOG("StatsService::registerNativePullAtomCallback called."); VLOG("StatsService::registerNativePullAtomCallback called.");
int32_t uid = AIBinder_getCallingUid(); int32_t uid = AIBinder_getCallingUid();
mPullerManager->RegisterPullAtomCallback(uid, atomTag, coolDownNs, timeoutNs, additiveFields, mPullerManager->RegisterPullAtomCallback(uid, atomTag, coolDownNs, timeoutNs, additiveFields,
@@ -1226,6 +1233,12 @@ Status StatsService::unregisterPullAtomCallback(int32_t uid, int32_t atomTag) {
} }
Status StatsService::unregisterNativePullAtomCallback(int32_t atomTag) { Status StatsService::unregisterNativePullAtomCallback(int32_t atomTag) {
if (!checkPermission(kPermissionRegisterPullAtom)) {
return exception(
EX_SECURITY,
StringPrintf("Uid %d does not have the %s permission when unregistering atom %d",
AIBinder_getCallingUid(), kPermissionRegisterPullAtom, atomTag));
}
VLOG("StatsService::unregisterNativePullAtomCallback called."); VLOG("StatsService::unregisterNativePullAtomCallback called.");
int32_t uid = AIBinder_getCallingUid(); int32_t uid = AIBinder_getCallingUid();
mPullerManager->UnregisterPullAtomCallback(uid, atomTag); mPullerManager->UnregisterPullAtomCallback(uid, atomTag);

2
data/etc/platform.xml
View File

@@ -190,6 +190,8 @@
<assign-permission name="android.permission.STATSCOMPANION" uid="statsd" /> <assign-permission name="android.permission.STATSCOMPANION" uid="statsd" />
<assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="statsd" /> <assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="statsd" />
<assign-permission name="android.permission.REGISTER_STATS_PULL_ATOM" uid="gpu_service" />
<split-permission name="android.permission.ACCESS_FINE_LOCATION"> <split-permission name="android.permission.ACCESS_FINE_LOCATION">
<new-permission name="android.permission.ACCESS_COARSE_LOCATION" /> <new-permission name="android.permission.ACCESS_COARSE_LOCATION" />
</split-permission> </split-permission>