From 4414cea13908b8230640f84ef39603d68ff9c377 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Fri, 24 Jun 2011 17:05:24 -0700
Subject: Better network stats parsing, integer tags, async.

Change NMS parsing to handle extended /proc/ stats formats by pairing
values with header keys.  Move TrafficStats to integer tags to match
kernel internals, and offer well-known tags for system services.

Async policy event dispatch from NPMS, and update tests to block for
event dispatch.  Narrow app policy to exclude apps signed with system
key, which are usually critical.

Bug: 4948913, 4903489, 4585280

Change-Id: Idb357227ccaa617906411f309371cea18d7bc519
---
 core/java/android/net/NetworkPolicyManager.java | 38 +++++++++++++++++++++++--
 core/java/android/net/TrafficStats.java         | 38 +++++++++++++++++++++++--
 2 files changed, 71 insertions(+), 5 deletions(-)

(limited to 'core')

diff --git a/core/java/android/net/NetworkPolicyManager.java b/core/java/android/net/NetworkPolicyManager.java
index 91af16d..21fad2c 100644
--- a/core/java/android/net/NetworkPolicyManager.java
+++ b/core/java/android/net/NetworkPolicyManager.java
@@ -16,14 +16,21 @@
 
 package android.net;
 
+import static android.content.pm.PackageManager.GET_SIGNATURES;
 import static android.text.format.Time.MONTH_DAY;
 
 import android.content.Context;
 import android.content.Intent;
+import android.content.pm.PackageManager;
+import android.content.pm.PackageManager.NameNotFoundException;
+import android.content.pm.Signature;
 import android.os.RemoteException;
 import android.text.format.Time;
 
+import com.google.android.collect.Sets;
+
 import java.io.PrintWriter;
+import java.util.HashSet;
 
 /**
  * Manager for creating and modifying network policy rules.
@@ -210,8 +217,35 @@ public class NetworkPolicyManager {
      * usually to protect critical system services.
      */
     public static boolean isUidValidForPolicy(Context context, int uid) {
-        return (uid >= android.os.Process.FIRST_APPLICATION_UID
-                && uid <= android.os.Process.LAST_APPLICATION_UID);
+        // first, quick-reject non-applications
+        if (uid < android.os.Process.FIRST_APPLICATION_UID
+                || uid > android.os.Process.LAST_APPLICATION_UID) {
+            return false;
+        }
+
+        final PackageManager pm = context.getPackageManager();
+        final HashSet<Signature> systemSignature;
+        try {
+            systemSignature = Sets.newHashSet(
+                    pm.getPackageInfo("android", GET_SIGNATURES).signatures);
+        } catch (NameNotFoundException e) {
+            throw new RuntimeException("problem finding system signature", e);
+        }
+
+        try {
+            // reject apps signed with system cert
+            for (String packageName : pm.getPackagesForUid(uid)) {
+                final HashSet<Signature> packageSignature = Sets.newHashSet(
+                        pm.getPackageInfo(packageName, GET_SIGNATURES).signatures);
+                if (packageSignature.containsAll(systemSignature)) {
+                    return false;
+                }
+            }
+        } catch (NameNotFoundException e) {
+        }
+
+        // nothing found above; we can apply policy to UID
+        return true;
     }
 
     /** {@hide} */
diff --git a/core/java/android/net/TrafficStats.java b/core/java/android/net/TrafficStats.java
index cb47193..040489e 100644
--- a/core/java/android/net/TrafficStats.java
+++ b/core/java/android/net/TrafficStats.java
@@ -16,7 +16,10 @@
 
 package android.net;
 
+import android.app.DownloadManager;
+import android.app.backup.BackupManager;
 import android.content.Context;
+import android.media.MediaPlayer;
 import android.os.IBinder;
 import android.os.INetworkManagementService;
 import android.os.RemoteException;
@@ -50,6 +53,27 @@ public class TrafficStats {
     public static final int UID_REMOVED = -4;
 
     /**
+     * Default tag value for {@link DownloadManager} traffic.
+     *
+     * @hide
+     */
+    public static final int TAG_SYSTEM_DOWNLOAD = 0xFFFF0001;
+
+    /**
+     * Default tag value for {@link MediaPlayer} traffic.
+     *
+     * @hide
+     */
+    public static final int TAG_SYSTEM_MEDIA = 0xFFFF0002;
+
+    /**
+     * Default tag value for {@link BackupManager} traffic.
+     *
+     * @hide
+     */
+    public static final int TAG_SYSTEM_BACKUP = 0xFFFF0003;
+
+    /**
      * Snapshot of {@link NetworkStats} when the currently active profiling
      * session started, or {@code null} if no session active.
      *
@@ -67,12 +91,20 @@ public class TrafficStats {
      * Changes only take effect during subsequent calls to
      * {@link #tagSocket(Socket)}.
      */
-    public static void setThreadStatsTag(String tag) {
+    public static void setThreadStatsTag(int tag) {
         BlockGuard.setThreadSocketStatsTag(tag);
     }
 
+    /**
+     * @deprecated unsupported, will eventually be removed
+     */
+    @Deprecated
+    public static void setThreadStatsTag(String tag) {
+        setThreadStatsTag(tag.hashCode());
+    }
+
     public static void clearThreadStatsTag() {
-        BlockGuard.setThreadSocketStatsTag(null);
+        BlockGuard.setThreadSocketStatsTag(-1);
     }
 
     /**
@@ -103,7 +135,7 @@ public class TrafficStats {
      * parameters. When finished, call {@link #untagSocket(Socket)} to remove
      * statistics parameters.
      *
-     * @see #setThreadStatsTag(String)
+     * @see #setThreadStatsTag(int)
      * @see #setThreadStatsUid(int)
      */
     public static void tagSocket(Socket socket) throws SocketException {
-- 
cgit v1.1