Enforce permission check in getUidStats function

The NetworkStatsService.getUidStats() currently doesn't have any permission check to make sure unpriviledged apps cannot read the stats of a different uid. It will protentially have security problem since apps with ACCESS_NETWORK_STATS permission can directly calling into NetworkStatsService and bypass the check in TrafficStats. Move the uid check from TrafficStats to NetworkStatsService to fix the problem. Bug: 129151407 Test: atest AppSecurityTests#testAppFailAccessPrivateData_full Test: atest AppSecurityTests#testAppFailAccessPrivateData_instant Test: atest android.app.usage.cts.NetworkUsageStatsTest Test: atest NetworkStatsBinderTest Change-Id: Iae85676cfe5f114da69ec278afc2c904bc907234
author: Chenbo Feng <fengc@google.com> 2019-06-17 16:22:28 -0700
committer: junyulai <junyulai@google.com> 2020-04-27 18:38:56 +0800
commit: 78cd384e864f47bbb4dac8342beab937bb863735 (patch)
tree: daaf1ef1ed9b9b05f7c9a14a72f6e448e6910475 /core/java/android
parent: cde07e5dc539f56ee14c08d213c4c0cd8ea93005 (diff)
1 files changed, 16 insertions, 44 deletions
diff --git a/core/java/android/net/TrafficStats.java b/core/java/android/net/TrafficStats.java
index 8108cf08d5c3..e7bba69dbb84 100644
--- a/core/java/android/net/TrafficStats.java
+++ b/core/java/android/net/TrafficStats.java
@@ -775,17 +775,10 @@ public class TrafficStats {
      * @see android.content.pm.ApplicationInfo#uid
      */
     public static long getUidTxBytes(int uid) {
-        // This isn't actually enforcing any security; it just returns the
-        // unsupported value. The real filtering is done at the kernel level.
-        final int callingUid = android.os.Process.myUid();
-        if (callingUid == android.os.Process.SYSTEM_UID || callingUid == uid) {
-            try {
-                return getStatsService().getUidStats(uid, TYPE_TX_BYTES);
-            } catch (RemoteException e) {
-                throw e.rethrowFromSystemServer();
-            }
-        } else {
-            return UNSUPPORTED;
+        try {
+            return getStatsService().getUidStats(uid, TYPE_TX_BYTES);
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
         }
     }
 
@@ -808,17 +801,10 @@ public class TrafficStats {
      * @see android.content.pm.ApplicationInfo#uid
      */
     public static long getUidRxBytes(int uid) {
-        // This isn't actually enforcing any security; it just returns the
-        // unsupported value. The real filtering is done at the kernel level.
-        final int callingUid = android.os.Process.myUid();
-        if (callingUid == android.os.Process.SYSTEM_UID || callingUid == uid) {
-            try {
-                return getStatsService().getUidStats(uid, TYPE_RX_BYTES);
-            } catch (RemoteException e) {
-                throw e.rethrowFromSystemServer();
-            }
-        } else {
-            return UNSUPPORTED;
+        try {
+            return getStatsService().getUidStats(uid, TYPE_RX_BYTES);
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
         }
     }
 
@@ -841,17 +827,10 @@ public class TrafficStats {
      * @see android.content.pm.ApplicationInfo#uid
      */
     public static long getUidTxPackets(int uid) {
-        // This isn't actually enforcing any security; it just returns the
-        // unsupported value. The real filtering is done at the kernel level.
-        final int callingUid = android.os.Process.myUid();
-        if (callingUid == android.os.Process.SYSTEM_UID || callingUid == uid) {
-            try {
-                return getStatsService().getUidStats(uid, TYPE_TX_PACKETS);
-            } catch (RemoteException e) {
-                throw e.rethrowFromSystemServer();
-            }
-        } else {
-            return UNSUPPORTED;
+        try {
+            return getStatsService().getUidStats(uid, TYPE_TX_PACKETS);
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
         }
     }
 
@@ -874,17 +853,10 @@ public class TrafficStats {
      * @see android.content.pm.ApplicationInfo#uid
      */
     public static long getUidRxPackets(int uid) {
-        // This isn't actually enforcing any security; it just returns the
-        // unsupported value. The real filtering is done at the kernel level.
-        final int callingUid = android.os.Process.myUid();
-        if (callingUid == android.os.Process.SYSTEM_UID || callingUid == uid) {
-            try {
-                return getStatsService().getUidStats(uid, TYPE_RX_PACKETS);
-            } catch (RemoteException e) {
-                throw e.rethrowFromSystemServer();
-            }
-        } else {
-            return UNSUPPORTED;
+        try {
+            return getStatsService().getUidStats(uid, TYPE_RX_PACKETS);
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
         }
     }
author	Chenbo Feng <fengc@google.com>	2019-06-17 16:22:28 -0700
committer	junyulai <junyulai@google.com>	2020-04-27 18:38:56 +0800
commit	78cd384e864f47bbb4dac8342beab937bb863735 (patch)
tree	daaf1ef1ed9b9b05f7c9a14a72f6e448e6910475 /core/java/android
parent	cde07e5dc539f56ee14c08d213c4c0cd8ea93005 (diff)