Restrict state event logging
Restrict state event logging to AID_* and Mainline module uids.
Bug: 145706772
Test: statsd_test
Change-Id: I5dc244bd1c6c55dc0213c6e236aea93d759b675f
diff --git a/cmds/statsd/src/StatsLogProcessor.cpp b/cmds/statsd/src/StatsLogProcessor.cpp
index 60e259b..095dd1e 100644
--- a/cmds/statsd/src/StatsLogProcessor.cpp
+++ b/cmds/statsd/src/StatsLogProcessor.cpp
@@ -101,6 +101,7 @@
mLargestTimestampSeen(0),
mLastTimestampSeen(0) {
mPullerManager->ForceClearPullerCache();
+ StateManager::getInstance().updateLogSources(uidMap);
}
StatsLogProcessor::~StatsLogProcessor() {
@@ -419,6 +420,9 @@
// The field numbers need to be currently updated by hand with atoms.proto
if (atomId == android::os::statsd::util::ISOLATED_UID_CHANGED) {
onIsolatedUidChangedEventLocked(*event);
+ } else {
+ // Map the isolated uid to host uid if necessary.
+ mapIsolatedUidToHostUidIfNecessaryLocked(event);
}
StateManager::getInstance().onLogEvent(*event);
@@ -433,12 +437,6 @@
mLastPullerCacheClearTimeSec = curTimeSec;
}
-
- if (atomId != android::os::statsd::util::ISOLATED_UID_CHANGED) {
- // Map the isolated uid to host uid if necessary.
- mapIsolatedUidToHostUidIfNecessaryLocked(event);
- }
-
std::unordered_set<int> uidsWithActiveConfigsChanged;
std::unordered_map<int, std::vector<int64_t>> activeConfigsPerUid;
// pass the event to metrics managers.
@@ -1054,6 +1052,7 @@
const int uid, const int64_t version) {
std::lock_guard<std::mutex> lock(mMetricsMutex);
VLOG("Received app upgrade");
+ StateManager::getInstance().notifyAppChanged(apk, mUidMap);
for (const auto& it : mMetricsManagers) {
it.second->notifyAppUpgrade(eventTimeNs, apk, uid, version);
}
@@ -1063,6 +1062,7 @@
const int uid) {
std::lock_guard<std::mutex> lock(mMetricsMutex);
VLOG("Received app removed");
+ StateManager::getInstance().notifyAppChanged(apk, mUidMap);
for (const auto& it : mMetricsManagers) {
it.second->notifyAppRemoved(eventTimeNs, apk, uid);
}
@@ -1071,6 +1071,7 @@
void StatsLogProcessor::onUidMapReceived(const int64_t& eventTimeNs) {
std::lock_guard<std::mutex> lock(mMetricsMutex);
VLOG("Received uid map");
+ StateManager::getInstance().updateLogSources(mUidMap);
for (const auto& it : mMetricsManagers) {
it.second->onUidMapReceived(eventTimeNs);
}
diff --git a/cmds/statsd/src/state/StateManager.cpp b/cmds/statsd/src/state/StateManager.cpp
index 5514b446..c29afeb 100644
--- a/cmds/statsd/src/state/StateManager.cpp
+++ b/cmds/statsd/src/state/StateManager.cpp
@@ -19,10 +19,18 @@
#include "StateManager.h"
+#include <private/android_filesystem_config.h>
+
namespace android {
namespace os {
namespace statsd {
+StateManager::StateManager()
+ : mAllowedPkg({
+ "com.android.systemui",
+ }) {
+}
+
StateManager& StateManager::getInstance() {
static StateManager sStateManager;
return sStateManager;
@@ -33,8 +41,14 @@
}
void StateManager::onLogEvent(const LogEvent& event) {
- if (mStateTrackers.find(event.GetTagId()) != mStateTrackers.end()) {
- mStateTrackers[event.GetTagId()]->onLogEvent(event);
+ // Only process state events from uids in AID_* and packages that are whitelisted in
+ // mAllowedPkg.
+ // Whitelisted AIDs are AID_ROOT and all AIDs in [1000, 2000)
+ if (event.GetUid() == AID_ROOT || (event.GetUid() >= 1000 && event.GetUid() < 2000) ||
+ mAllowedLogSources.find(event.GetUid()) != mAllowedLogSources.end()) {
+ if (mStateTrackers.find(event.GetTagId()) != mStateTrackers.end()) {
+ mStateTrackers[event.GetTagId()]->onLogEvent(event);
+ }
}
}
@@ -79,6 +93,20 @@
return false;
}
+void StateManager::updateLogSources(const sp<UidMap>& uidMap) {
+ mAllowedLogSources.clear();
+ for (const auto& pkg : mAllowedPkg) {
+ auto uids = uidMap->getAppUid(pkg);
+ mAllowedLogSources.insert(uids.begin(), uids.end());
+ }
+}
+
+void StateManager::notifyAppChanged(const string& apk, const sp<UidMap>& uidMap) {
+ if (mAllowedPkg.find(apk) != mAllowedPkg.end()) {
+ updateLogSources(uidMap);
+ }
+}
+
} // namespace statsd
} // namespace os
} // namespace android
diff --git a/cmds/statsd/src/state/StateManager.h b/cmds/statsd/src/state/StateManager.h
index 577a0f5..18c404c 100644
--- a/cmds/statsd/src/state/StateManager.h
+++ b/cmds/statsd/src/state/StateManager.h
@@ -18,7 +18,12 @@
#include <inttypes.h>
#include <utils/RefBase.h>
+#include <set>
+#include <string>
+#include <unordered_map>
+
#include "HashableDimensionKey.h"
+#include "packages/UidMap.h"
#include "state/StateListener.h"
#include "state/StateTracker.h"
@@ -32,7 +37,7 @@
*/
class StateManager : public virtual RefBase {
public:
- StateManager(){};
+ StateManager();
~StateManager(){};
@@ -62,6 +67,11 @@
bool getStateValue(const int32_t atomId, const HashableDimensionKey& queryKey,
FieldValue* output) const;
+ // Updates mAllowedLogSources with the latest uids for the packages that are allowed to log.
+ void updateLogSources(const sp<UidMap>& uidMap);
+
+ void notifyAppChanged(const string& apk, const sp<UidMap>& uidMap);
+
inline int getStateTrackersCount() const {
return mStateTrackers.size();
}
@@ -79,6 +89,13 @@
// Maps state atom ids to StateTrackers
std::unordered_map<int32_t, sp<StateTracker>> mStateTrackers;
+
+ // The package names that can log state events.
+ const std::set<std::string> mAllowedPkg;
+
+ // The combined uid sources (after translating pkg name to uid).
+ // State events from uids that are not in the list will be ignored to avoid state pollution.
+ std::set<int32_t> mAllowedLogSources;
};
} // namespace statsd