[CLATJ#30] Not allow tagSocket() to tag with uid AID_CLAT The process is not allowed to tag socket to AID_CLAT via tagSocket() which would cause process data usage accounting to be bypassed. Bug: 218407445 Test: atest BpfHandlerTest Change-Id: Ia7b071e1065733da25e9f02f34ccd17f63653217

commit: 436547e368584ae71107c02b372403fe5451d127 [log] [tgz]
author: Hungming Chen <nuccachen@google.com> Fri Feb 18 17:52:11 2022 +0800
committer: Hungming Chen <nuccachen@google.com> Fri Mar 04 17:21:23 2022 +0800
tree: 326b0549c5782f12b77b2727cfe28f1a54f3143c
parent: e250c95bb8a2b692bb43e8346fe8d2b54ff3293c [diff] [blame]
diff --git a/netd/BpfHandler.cpp b/netd/BpfHandler.cpp
index 3cd5e13..31a180b 100644
--- a/netd/BpfHandler.cpp
+++ b/netd/BpfHandler.cpp

@@ -134,6 +134,15 @@
         return -EPERM;
     }
 
+    // Note that tagging the socket to AID_CLAT is only implemented in JNI ClatCoordinator.
+    // The process is not allowed to tag socket to AID_CLAT via tagSocket() which would cause
+    // process data usage accounting to be bypassed. Tagging AID_CLAT is used for avoiding counting
+    // CLAT traffic data usage twice. See packages/modules/Connectivity/service/jni/
+    // com_android_server_connectivity_ClatCoordinator.cpp
+    if (chargeUid == AID_CLAT) {
+        return -EPERM;
+    }
+
     uint64_t sock_cookie = getSocketCookie(sockFd);
     if (sock_cookie == NONEXISTENT_COOKIE) return -errno;
     UidTagValue newKey = {.uid = (uint32_t)chargeUid, .tag = tag};
commit	436547e368584ae71107c02b372403fe5451d127	[log] [tgz]
author	Hungming Chen <nuccachen@google.com>	Fri Feb 18 17:52:11 2022 +0800
committer	Hungming Chen <nuccachen@google.com>	Fri Mar 04 17:21:23 2022 +0800
tree	326b0549c5782f12b77b2727cfe28f1a54f3143c
parent	e250c95bb8a2b692bb43e8346fe8d2b54ff3293c [diff] [blame]