[CLATJ#30] Not allow tagSocket() to tag with uid AID_CLAT
The process is not allowed to tag socket to AID_CLAT via tagSocket()
which would cause process data usage accounting to be bypassed.
Bug: 218407445
Test: atest BpfHandlerTest
Change-Id: Ia7b071e1065733da25e9f02f34ccd17f63653217
diff --git a/netd/BpfHandler.cpp b/netd/BpfHandler.cpp
index 3cd5e13..31a180b 100644
--- a/netd/BpfHandler.cpp
+++ b/netd/BpfHandler.cpp
@@ -134,6 +134,15 @@
return -EPERM;
}
+ // Note that tagging the socket to AID_CLAT is only implemented in JNI ClatCoordinator.
+ // The process is not allowed to tag socket to AID_CLAT via tagSocket() which would cause
+ // process data usage accounting to be bypassed. Tagging AID_CLAT is used for avoiding counting
+ // CLAT traffic data usage twice. See packages/modules/Connectivity/service/jni/
+ // com_android_server_connectivity_ClatCoordinator.cpp
+ if (chargeUid == AID_CLAT) {
+ return -EPERM;
+ }
+
uint64_t sock_cookie = getSocketCookie(sockFd);
if (sock_cookie == NONEXISTENT_COOKIE) return -errno;
UidTagValue newKey = {.uid = (uint32_t)chargeUid, .tag = tag};
diff --git a/netd/BpfHandlerTest.cpp b/netd/BpfHandlerTest.cpp
index db59c7c..925a92f 100644
--- a/netd/BpfHandlerTest.cpp
+++ b/netd/BpfHandlerTest.cpp
@@ -16,6 +16,7 @@
* BpfHandlerTest.cpp - unit tests for BpfHandler.cpp
*/
+#include <private/android_filesystem_config.h>
#include <sys/socket.h>
#include <gtest/gtest.h>
@@ -208,6 +209,12 @@
EXPECT_EQ(0, mBh.untagSocket(v6socket));
expectNoTag(sockCookie);
expectMapEmpty(mFakeCookieTagMap);
+
+ // Tag a socket to AID_CLAT other then realUid.
+ int sock = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0);
+ ASSERT_NE(-1, sock);
+ ASSERT_EQ(-EPERM, mBh.tagSocket(sock, TEST_TAG, AID_CLAT, realUid));
+ expectMapEmpty(mFakeCookieTagMap);
}
TEST_F(BpfHandlerTest, TestUntagInvalidSocket) {