Restrict state event logging
Restrict state event logging to AID_* and Mainline module uids.
Bug: 145706772
Test: statsd_test
Change-Id: I5dc244bd1c6c55dc0213c6e236aea93d759b675f
diff --git a/cmds/statsd/src/state/StateManager.cpp b/cmds/statsd/src/state/StateManager.cpp
index 5514b446..c29afeb 100644
--- a/cmds/statsd/src/state/StateManager.cpp
+++ b/cmds/statsd/src/state/StateManager.cpp
@@ -19,10 +19,18 @@
#include "StateManager.h"
+#include <private/android_filesystem_config.h>
+
namespace android {
namespace os {
namespace statsd {
+StateManager::StateManager()
+ : mAllowedPkg({
+ "com.android.systemui",
+ }) {
+}
+
StateManager& StateManager::getInstance() {
static StateManager sStateManager;
return sStateManager;
@@ -33,8 +41,14 @@
}
void StateManager::onLogEvent(const LogEvent& event) {
- if (mStateTrackers.find(event.GetTagId()) != mStateTrackers.end()) {
- mStateTrackers[event.GetTagId()]->onLogEvent(event);
+ // Only process state events from uids in AID_* and packages that are whitelisted in
+ // mAllowedPkg.
+ // Whitelisted AIDs are AID_ROOT and all AIDs in [1000, 2000)
+ if (event.GetUid() == AID_ROOT || (event.GetUid() >= 1000 && event.GetUid() < 2000) ||
+ mAllowedLogSources.find(event.GetUid()) != mAllowedLogSources.end()) {
+ if (mStateTrackers.find(event.GetTagId()) != mStateTrackers.end()) {
+ mStateTrackers[event.GetTagId()]->onLogEvent(event);
+ }
}
}
@@ -79,6 +93,20 @@
return false;
}
+void StateManager::updateLogSources(const sp<UidMap>& uidMap) {
+ mAllowedLogSources.clear();
+ for (const auto& pkg : mAllowedPkg) {
+ auto uids = uidMap->getAppUid(pkg);
+ mAllowedLogSources.insert(uids.begin(), uids.end());
+ }
+}
+
+void StateManager::notifyAppChanged(const string& apk, const sp<UidMap>& uidMap) {
+ if (mAllowedPkg.find(apk) != mAllowedPkg.end()) {
+ updateLogSources(uidMap);
+ }
+}
+
} // namespace statsd
} // namespace os
} // namespace android
diff --git a/cmds/statsd/src/state/StateManager.h b/cmds/statsd/src/state/StateManager.h
index 577a0f5..18c404c 100644
--- a/cmds/statsd/src/state/StateManager.h
+++ b/cmds/statsd/src/state/StateManager.h
@@ -18,7 +18,12 @@
#include <inttypes.h>
#include <utils/RefBase.h>
+#include <set>
+#include <string>
+#include <unordered_map>
+
#include "HashableDimensionKey.h"
+#include "packages/UidMap.h"
#include "state/StateListener.h"
#include "state/StateTracker.h"
@@ -32,7 +37,7 @@
*/
class StateManager : public virtual RefBase {
public:
- StateManager(){};
+ StateManager();
~StateManager(){};
@@ -62,6 +67,11 @@
bool getStateValue(const int32_t atomId, const HashableDimensionKey& queryKey,
FieldValue* output) const;
+ // Updates mAllowedLogSources with the latest uids for the packages that are allowed to log.
+ void updateLogSources(const sp<UidMap>& uidMap);
+
+ void notifyAppChanged(const string& apk, const sp<UidMap>& uidMap);
+
inline int getStateTrackersCount() const {
return mStateTrackers.size();
}
@@ -79,6 +89,13 @@
// Maps state atom ids to StateTrackers
std::unordered_map<int32_t, sp<StateTracker>> mStateTrackers;
+
+ // The package names that can log state events.
+ const std::set<std::string> mAllowedPkg;
+
+ // The combined uid sources (after translating pkg name to uid).
+ // State events from uids that are not in the list will be ignored to avoid state pollution.
+ std::set<int32_t> mAllowedLogSources;
};
} // namespace statsd