commit c602b402379616852deeff457376f5cb551cf0dc
author junyulai <junyulai@google.com> Tue Apr 30 14:42:05 2019 +0800
committer Chalard Jean <jchalard@google.com> Mon May 13 15:53:02 2019 +0900
tree a45d769f87e815c8ebdb2af97bb2dc154e7ce133
parent ec4eb8f4486c5385210df1b2d8d44c6b90f21bde

Limit unprivileged keepalives per uid

Public APIs for creating unprivileged NATT socket keepalive
might allow users to exhaust resource if malicious apps try
to create keepalives with fd which is not created by
IpSecService through binder call. Thus, this change add
customizable limitation per uid to prevent resource exhaustion
attack.

Bug: 129371366
Bug: 132307230
Test: atest FrameworksNetTests

Clean cherry-pick of aosp/954040
Merged-In: Ibcb91105e46f7e898b8aa7c2babc3344ef2c6257
Merged-In: Ia667386c1a8949839871a6949d79552d9c8b88f0

Change-Id: I92f6d977b6dfde4e1bf74df6b60c9a0b9e8eec40

services/core/java/com/android/server/connectivity/KeepaliveTracker.java

diff --git a/services/core/java/com/android/server/connectivity/KeepaliveTracker.java b/services/core/java/com/android/server/connectivity/KeepaliveTracker.java
index 1e3e6a5..4437926 100644
--- a/services/core/java/com/android/server/connectivity/KeepaliveTracker.java
+++ b/services/core/java/com/android/server/connectivity/KeepaliveTracker.java
@@ -104,6 +104,10 @@
     // the number of remaining keepalive slots is less than or equal to the threshold.
     private final int mReservedPrivilegedSlots;
 
+    // Allowed unprivileged keepalive slots per uid. Caller's permission will be enforced if
+    // the number of remaining keepalive slots is less than or equal to the threshold.
+    private final int mAllowedUnprivilegedSlotsForUid;
+
     public KeepaliveTracker(Context context, Handler handler) {
         mConnectivityServiceHandler = handler;
         mTcpController = new TcpKeepaliveController(handler);
@@ -111,6 +115,8 @@
         mSupportedKeepalives = KeepaliveUtils.getSupportedKeepalives(mContext);
         mReservedPrivilegedSlots = mContext.getResources().getInteger(
                 R.integer.config_reservedPrivilegedKeepaliveSlots);
+        mAllowedUnprivilegedSlotsForUid = mContext.getResources().getInteger(
+                R.integer.config_allowedUnprivilegedKeepalivePerUid);
     }
 
     /**
@@ -275,6 +281,18 @@
                 return ERROR_INSUFFICIENT_RESOURCES;
             }
 
+            // Count unprivileged keepalives for the same uid across networks.
+            int unprivilegedCountSameUid = 0;
+            for (final HashMap<Integer, KeepaliveInfo> kaForNetwork : mKeepalives.values()) {
+                for (final KeepaliveInfo ki : kaForNetwork.values()) {
+                    if (ki.mUid == mUid) {
+                        unprivilegedCountSameUid++;
+                    }
+                }
+            }
+            if (unprivilegedCountSameUid > mAllowedUnprivilegedSlotsForUid) {
+                return ERROR_INSUFFICIENT_RESOURCES;
+            }
             return SUCCESS;
         }
 
@@ -674,6 +692,7 @@
     public void dump(IndentingPrintWriter pw) {
         pw.println("Supported Socket keepalives: " + Arrays.toString(mSupportedKeepalives));
         pw.println("Reserved Privileged keepalives: " + mReservedPrivilegedSlots);
+        pw.println("Allowed Unprivileged keepalives per uid: " + mAllowedUnprivilegedSlotsForUid);
         pw.println("Socket keepalives:");
         pw.increaseIndent();
         for (NetworkAgentInfo nai : mKeepalives.keySet()) {