commit 1fb74318cf4398c1af4d4b97cd6e00fee6761d0e
author Jeff Sharkey <jsharkey@android.com> Wed Nov 29 11:18:23 2017 -0700
committer Benedict Wong <benedictwong@google.com> Mon Dec 18 19:44:40 2017 +0000
tree a98087c6911c593dc3ce990dbdb8b3d60f10ffd4
parent 816f0ebaab84c91ad78597041104aa2b3164d317

[CHERRY-PICK] API for apps to tag sockets with their own UID.

This enables app A to create a socket, pass it to app B, and have
app B accept blame for the traffic performed on that socket.

Also adds helpful public APIs for tagging raw FileDescriptor sockets
instead of making developers go through shady SocketImpl wrappers.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AppSecurityTests#testAppFailAccessPrivateData
Bug: 63932076
Change-Id: I08925c843974675fc82e4080cec2eaab9ab7cd41
Merged-In: I08925c843974675fc82e4080cec2eaab9ab7cd41
(cherry picked from commit 4e164f9e94e3756fa848c0e23ca0757693682a1c)

core/java/android/net/TrafficStats.java

diff --git a/core/java/android/net/TrafficStats.java b/core/java/android/net/TrafficStats.java
index c339856..954e59c 100644
--- a/core/java/android/net/TrafficStats.java
+++ b/core/java/android/net/TrafficStats.java
@@ -17,6 +17,7 @@
 package android.net;
 
 import android.annotation.RequiresPermission;
+import android.annotation.SuppressLint;
 import android.annotation.SystemApi;
 import android.app.DownloadManager;
 import android.app.backup.BackupManager;
@@ -30,6 +31,8 @@
 
 import dalvik.system.SocketTagger;
 
+import java.io.FileDescriptor;
+import java.io.IOException;
 import java.net.DatagramSocket;
 import java.net.Socket;
 import java.net.SocketException;
@@ -264,14 +267,25 @@
     }
 
     /**
+     * Set specific UID to use when accounting {@link Socket} traffic
+     * originating from the current thread as the calling UID. Designed for use
+     * when another application is performing operations on your behalf.
+     * <p>
+     * Changes only take effect during subsequent calls to
+     * {@link #tagSocket(Socket)}.
+     */
+    public static void setThreadStatsUidSelf() {
+        setThreadStatsUid(android.os.Process.myUid());
+    }
+
+    /**
      * Clear any active UID set to account {@link Socket} traffic originating
      * from the current thread.
      *
      * @see #setThreadStatsUid(int)
-     * @hide
      */
     @SystemApi
-    @RequiresPermission(android.Manifest.permission.UPDATE_DEVICE_STATS)
+    @SuppressLint("Doclava125")
     public static void clearThreadStatsUid() {
         NetworkManagementSocketTagger.setThreadSocketStatsUid(-1);
     }
@@ -316,6 +330,27 @@
     }
 
     /**
+     * Tag the given {@link FileDescriptor} socket with any statistics
+     * parameters active for the current thread. Subsequent calls always replace
+     * any existing parameters. When finished, call
+     * {@link #untagFileDescriptor(FileDescriptor)} to remove statistics
+     * parameters.
+     *
+     * @see #setThreadStatsTag(int)
+     */
+    public static void tagFileDescriptor(FileDescriptor fd) throws IOException {
+        SocketTagger.get().tag(fd);
+    }
+
+    /**
+     * Remove any statistics parameters from the given {@link FileDescriptor}
+     * socket.
+     */
+    public static void untagFileDescriptor(FileDescriptor fd) throws IOException {
+        SocketTagger.get().untag(fd);
+    }
+
+    /**
      * Start profiling data usage for current UID. Only one profiling session
      * can be active at a time.
      *