[CLATJ#30] Not allow tagSocket() to tag with uid AID_CLAT The process is not allowed to tag socket to AID_CLAT via tagSocket() which would cause process data usage accounting to be bypassed. Bug: 218407445 Test: atest BpfHandlerTest Change-Id: Ia7b071e1065733da25e9f02f34ccd17f63653217

commit: 436547e368584ae71107c02b372403fe5451d127 [log] [tgz]
author: Hungming Chen <nuccachen@google.com> Fri Feb 18 17:52:11 2022 +0800
committer: Hungming Chen <nuccachen@google.com> Fri Mar 04 17:21:23 2022 +0800
tree: 326b0549c5782f12b77b2727cfe28f1a54f3143c
parent: e250c95bb8a2b692bb43e8346fe8d2b54ff3293c [diff] [blame]
diff --git a/netd/BpfHandlerTest.cpp b/netd/BpfHandlerTest.cpp
index db59c7c..925a92f 100644
--- a/netd/BpfHandlerTest.cpp
+++ b/netd/BpfHandlerTest.cpp

@@ -16,6 +16,7 @@
  * BpfHandlerTest.cpp - unit tests for BpfHandler.cpp
  */
 
+#include <private/android_filesystem_config.h>
 #include <sys/socket.h>
 
 #include <gtest/gtest.h>
@@ -208,6 +209,12 @@
     EXPECT_EQ(0, mBh.untagSocket(v6socket));
     expectNoTag(sockCookie);
     expectMapEmpty(mFakeCookieTagMap);
+
+    // Tag a socket to AID_CLAT other then realUid.
+    int sock = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0);
+    ASSERT_NE(-1, sock);
+    ASSERT_EQ(-EPERM, mBh.tagSocket(sock, TEST_TAG, AID_CLAT, realUid));
+    expectMapEmpty(mFakeCookieTagMap);
 }
 
 TEST_F(BpfHandlerTest, TestUntagInvalidSocket) {
commit	436547e368584ae71107c02b372403fe5451d127	[log] [tgz]
author	Hungming Chen <nuccachen@google.com>	Fri Feb 18 17:52:11 2022 +0800
committer	Hungming Chen <nuccachen@google.com>	Fri Mar 04 17:21:23 2022 +0800
tree	326b0549c5782f12b77b2727cfe28f1a54f3143c
parent	e250c95bb8a2b692bb43e8346fe8d2b54ff3293c [diff] [blame]