Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3be093b5 authored by Tej Singh's avatar Tej Singh
Browse files

Uid Sandboxing of Pullers 

Overall flow of implementation:
1. parsing the config in MetricsManager to store the uids per atom. It
follows the mAllowedLogSources logic very closely
2. MetricsManager register itself as a PullUidProvider with the
PullerManager.
3. Metrics pass the config key when pulling (for both registering
receivers and normal pulls) , and the puller manager gets
the allowed uids from the PullUidProvider for that config.
4. PullerManager keys receivers by <atomId, configKey> so that it can
look up the uids for that atom using the PullUidProvider as well.
5. Added shell subscriber support. Hardcode a default of AID_SYSTEM for
them and also allow packages per atom. This involved adding a second
interface to Pull that simply accepts the uids, since I didnt want to
make the ShellSubscriber a PullUidProvider as well.
6. Change adb shell cmd stats pull-source to allow users to specify a
package. Default to AID_SYSTEM as well.

Notes:
The feature is flagged off right now, since configs do not pass in the
desired package. Another approach could be to hardcode in the current
mapping, but that doesn't work for OEM pulled atoms.

Test: m statsd
Test: bit statsd_test:* with useUids = false
Test: bit statsd_test:* with useUids = true
Bug: 144099783
Bug: 151978258

Change-Id: I4a7481d7402a52b9beb4ea28b102803f9e50e79f
parent 0941d63a

cmds/statsd/Android.bp

+1 −0
Original line number Diff line number Diff line
@@ -333,6 +333,7 @@ cc_test { 
        "tests/external/puller_util_test.cpp",

        "tests/external/StatsCallbackPuller_test.cpp",

        "tests/external/StatsPuller_test.cpp",

        "tests/external/StatsPullerManager_test.cpp",

        "tests/FieldValue_test.cpp",

        "tests/guardrail/StatsdStats_test.cpp",

        "tests/indexed_priority_queue_test.cpp",

cmds/statsd/src/StatsLogProcessor.cpp

+1 −0
Original line number Diff line number Diff line
@@ -536,6 +536,7 @@ void StatsLogProcessor::OnConfigUpdatedLocked( 
            new MetricsManager(key, config, mTimeBaseNs, timestampNs, mUidMap, mPullerManager,

                               mAnomalyAlarmMonitor, mPeriodicAlarmMonitor);

    if (newMetricsManager->isConfigValid()) {

        newMetricsManager->init();

        mUidMap->OnConfigUpdated(key);

        newMetricsManager->refreshTtl(timestampNs);

        mMetricsManagers[key] = newMetricsManager;

cmds/statsd/src/StatsService.cpp

+19 −4
Original line number Diff line number Diff line
@@ -385,9 +385,11 @@ void StatsService::print_cmd_help(int out) { 
    dprintf(out, "  PKG           Optional package name to print the uids of the package\n");

    dprintf(out, "\n");

    dprintf(out, "\n");

    dprintf(out, "usage: adb shell cmd stats pull-source [int] \n");

    dprintf(out, "usage: adb shell cmd stats pull-source ATOM_TAG [PACKAGE] \n");

    dprintf(out, "\n");

    dprintf(out, "  Prints the output of a pulled metrics source (int indicates source)\n");

    dprintf(out, "  Prints the output of a pulled atom\n");

    dprintf(out, "  UID           The atom to pull\n");

    dprintf(out, "  PACKAGE       The package to pull from. Default is AID_SYSTEM\n");

    dprintf(out, "\n");

    dprintf(out, "\n");

    dprintf(out, "usage: adb shell cmd stats write-to-disk \n");
@@ -806,8 +808,21 @@ status_t StatsService::cmd_log_binary_push(int out, const Vector<String8>& args) 


status_t StatsService::cmd_print_pulled_metrics(int out, const Vector<String8>& args) {

    int s = atoi(args[1].c_str());

    vector<int32_t> uids;

    if (args.size() > 2) {

        string package = string(args[2].c_str());

        auto it = UidMap::sAidToUidMapping.find(package);

        if (it != UidMap::sAidToUidMapping.end()) {

            uids.push_back(it->second);

        } else {

            set<int32_t> uids_set = mUidMap->getAppUid(package);

            uids.insert(uids.end(), uids_set.begin(), uids_set.end());

        }

    } else {

        uids.push_back(AID_SYSTEM);

    }

    vector<shared_ptr<LogEvent>> stats;

    if (mPullerManager->Pull(s, &stats)) {

    if (mPullerManager->Pull(s, uids, &stats)) {

        for (const auto& it : stats) {

            dprintf(out, "Pull from %d: %s\n", s, it->ToString().c_str());

        }

cmds/statsd/src/external/PullUidProvider.h

0 → 100644
+39 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2020 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#pragma once



#include <utils/RefBase.h>



#include "StatsPuller.h"

#include "logd/LogEvent.h"



namespace android {

namespace os {

namespace statsd {



class PullUidProvider : virtual public RefBase {

public:

    virtual ~PullUidProvider() {}



    /**

     * @param atomId The atom for which to get the uids.

     */

    virtual vector<int32_t> getPullAtomUids(int32_t atomId) = 0;

};



}  // namespace statsd

}  // namespace os

}  // namespace android

cmds/statsd/src/external/StatsPullerManager.cpp

+93 −34
Original line number Diff line number Diff line
@@ -47,27 +47,73 @@ const int64_t NO_ALARM_UPDATE = INT64_MAX; 
StatsPullerManager::StatsPullerManager()

    : kAllPullAtomInfo({

              // TrainInfo.

              {{.atomTag = util::TRAIN_INFO}, new TrainInfoPuller()},

              {{.atomTag = util::TRAIN_INFO, .uid = -1}, new TrainInfoPuller()},

      }),

      mNextPullTimeNs(NO_ALARM_UPDATE) {

}



bool StatsPullerManager::Pull(int tagId, vector<shared_ptr<LogEvent>>* data) {

    AutoMutex _l(mLock);

    return PullLocked(tagId, data);

bool StatsPullerManager::Pull(int tagId, const ConfigKey& configKey,

                              vector<shared_ptr<LogEvent>>* data, bool useUids) {

    std::lock_guard<std::mutex> _l(mLock);

    return PullLocked(tagId, configKey, data, useUids);

}



bool StatsPullerManager::PullLocked(int tagId, vector<shared_ptr<LogEvent>>* data) {

    VLOG("Initiating pulling %d", tagId);

bool StatsPullerManager::Pull(int tagId, const vector<int32_t>& uids,

                              vector<std::shared_ptr<LogEvent>>* data, bool useUids) {

    std::lock_guard<std::mutex> _l(mLock);

    return PullLocked(tagId, uids, data, useUids);

}



    if (kAllPullAtomInfo.find({.atomTag = tagId}) != kAllPullAtomInfo.end()) {

        bool ret = kAllPullAtomInfo.find({.atomTag = tagId})->second->Pull(data);

        VLOG("pulled %d items", (int)data->size());

bool StatsPullerManager::PullLocked(int tagId, const ConfigKey& configKey,

                                    vector<shared_ptr<LogEvent>>* data, bool useUids) {

    vector<int32_t> uids;

    if (useUids) {

        auto uidProviderIt = mPullUidProviders.find(configKey);

        if (uidProviderIt == mPullUidProviders.end()) {

            ALOGE("Error pulling tag %d. No pull uid provider for config key %s", tagId,

                  configKey.ToString().c_str());

            return false;

        }

        sp<PullUidProvider> pullUidProvider = uidProviderIt->second.promote();

        if (pullUidProvider == nullptr) {

            ALOGE("Error pulling tag %d, pull uid provider for config %s is gone.", tagId,

                  configKey.ToString().c_str());

            return false;

        }

        uids = pullUidProvider->getPullAtomUids(tagId);

    }

    return PullLocked(tagId, uids, data, useUids);

}



bool StatsPullerManager::PullLocked(int tagId, const vector<int32_t>& uids,

                                    vector<shared_ptr<LogEvent>>* data, bool useUids) {

    VLOG("Initiating pulling %d", tagId);

    if (useUids) {

        for (int32_t uid : uids) {

            PullerKey key = {.atomTag = tagId, .uid = uid};

            auto pullerIt = kAllPullAtomInfo.find(key);

            if (pullerIt != kAllPullAtomInfo.end()) {

                bool ret = pullerIt->second->Pull(data);

                VLOG("pulled %zu items", data->size());

                if (!ret) {

                    StatsdStats::getInstance().notePullFailed(tagId);

                }

                return ret;

            }

        }

        ALOGW("StatsPullerManager: Unknown tagId %d", tagId);

        return false;  // Return early since we don't know what to pull.

    } else {

        PullerKey key = {.atomTag = tagId, .uid = -1};

        auto pullerIt = kAllPullAtomInfo.find(key);

        if (pullerIt != kAllPullAtomInfo.end()) {

            bool ret = pullerIt->second->Pull(data);

            VLOG("pulled %zu items", data->size());

            if (!ret) {

                StatsdStats::getInstance().notePullFailed(tagId);

            }

            return ret;

        }

        ALOGW("StatsPullerManager: Unknown tagId %d", tagId);

        return false;  // Return early since we don't know what to pull.

    }
@@ -96,7 +142,7 @@ void StatsPullerManager::updateAlarmLocked() { 


void StatsPullerManager::SetStatsCompanionService(

        shared_ptr<IStatsCompanionService> statsCompanionService) {

    AutoMutex _l(mLock);

    std::lock_guard<std::mutex> _l(mLock);

    shared_ptr<IStatsCompanionService> tmpForLock = mStatsCompanionService;

    mStatsCompanionService = statsCompanionService;

    for (const auto& pulledAtom : kAllPullAtomInfo) {
@@ -107,10 +153,11 @@ void StatsPullerManager::SetStatsCompanionService( 
    }

}



void StatsPullerManager::RegisterReceiver(int tagId, wp<PullDataReceiver> receiver,

                                              int64_t nextPullTimeNs, int64_t intervalNs) {

    AutoMutex _l(mLock);

    auto& receivers = mReceivers[tagId];

void StatsPullerManager::RegisterReceiver(int tagId, const ConfigKey& configKey,

                                          wp<PullDataReceiver> receiver, int64_t nextPullTimeNs,

                                          int64_t intervalNs) {

    std::lock_guard<std::mutex> _l(mLock);

    auto& receivers = mReceivers[{.atomTag = tagId, .configKey = configKey}];

    for (auto it = receivers.begin(); it != receivers.end(); it++) {

        if (it->receiver == receiver) {

            VLOG("Receiver already registered of %d", (int)receivers.size());
@@ -142,13 +189,15 @@ void StatsPullerManager::RegisterReceiver(int tagId, wp<PullDataReceiver> receiv 
    VLOG("Puller for tagId %d registered of %d", tagId, (int)receivers.size());

}



void StatsPullerManager::UnRegisterReceiver(int tagId, wp<PullDataReceiver> receiver) {

    AutoMutex _l(mLock);

    if (mReceivers.find(tagId) == mReceivers.end()) {

void StatsPullerManager::UnRegisterReceiver(int tagId, const ConfigKey& configKey,

                                            wp<PullDataReceiver> receiver) {

    std::lock_guard<std::mutex> _l(mLock);

    auto receiversIt = mReceivers.find({.atomTag = tagId, .configKey = configKey});

    if (receiversIt == mReceivers.end()) {

        VLOG("Unknown pull code or no receivers: %d", tagId);

        return;

    }

    auto& receivers = mReceivers.find(tagId)->second;

    std::list<ReceiverInfo>& receivers = receiversIt->second;

    for (auto it = receivers.begin(); it != receivers.end(); it++) {

        if (receiver == it->receiver) {

            receivers.erase(it);
@@ -158,16 +207,26 @@ void StatsPullerManager::UnRegisterReceiver(int tagId, wp<PullDataReceiver> rece 
    }

}



void StatsPullerManager::RegisterPullUidProvider(const ConfigKey& configKey,

                                                 wp<PullUidProvider> provider) {

    std::lock_guard<std::mutex> _l(mLock);

    mPullUidProviders[configKey] = provider;

}



void StatsPullerManager::UnregisterPullUidProvider(const ConfigKey& configKey) {

    std::lock_guard<std::mutex> _l(mLock);

    mPullUidProviders.erase(configKey);

}



void StatsPullerManager::OnAlarmFired(int64_t elapsedTimeNs) {

    AutoMutex _l(mLock);

    std::lock_guard<std::mutex> _l(mLock);

    int64_t wallClockNs = getWallClockNs();



    int64_t minNextPullTimeNs = NO_ALARM_UPDATE;



    vector<pair<int, vector<ReceiverInfo*>>> needToPull =

            vector<pair<int, vector<ReceiverInfo*>>>();

    vector<pair<const ReceiverKey*, vector<ReceiverInfo*>>> needToPull;

    for (auto& pair : mReceivers) {

        vector<ReceiverInfo*> receivers = vector<ReceiverInfo*>();

        vector<ReceiverInfo*> receivers;

        if (pair.second.size() != 0) {

            for (ReceiverInfo& receiverInfo : pair.second) {

                if (receiverInfo.nextPullTimeNs <= elapsedTimeNs) {
@@ -179,17 +238,16 @@ void StatsPullerManager::OnAlarmFired(int64_t elapsedTimeNs) { 
                }

            }

            if (receivers.size() > 0) {

                needToPull.push_back(make_pair(pair.first, receivers));

                needToPull.push_back(make_pair(&pair.first, receivers));

            }

        }

    }



    for (const auto& pullInfo : needToPull) {

        vector<shared_ptr<LogEvent>> data;

        bool pullSuccess = PullLocked(pullInfo.first, &data);

        bool pullSuccess = PullLocked(pullInfo.first->atomTag, pullInfo.first->configKey, &data);

        if (pullSuccess) {

            StatsdStats::getInstance().notePullDelay(

                    pullInfo.first, getElapsedRealtimeNs() - elapsedTimeNs);

            StatsdStats::getInstance().notePullDelay(pullInfo.first->atomTag,

                                                     getElapsedRealtimeNs() - elapsedTimeNs);

        } else {

            VLOG("pull failed at %lld, will try again later", (long long)elapsedTimeNs);

        }
@@ -248,18 +306,19 @@ int StatsPullerManager::ClearPullerCacheIfNecessary(int64_t timestampNs) { 
void StatsPullerManager::RegisterPullAtomCallback(const int uid, const int32_t atomTag,

                                                  const int64_t coolDownNs, const int64_t timeoutNs,

                                                  const vector<int32_t>& additiveFields,

                                                  const shared_ptr<IPullAtomCallback>& callback) {

    AutoMutex _l(mLock);

                                                  const shared_ptr<IPullAtomCallback>& callback,

                                                  bool useUid) {

    std::lock_guard<std::mutex> _l(mLock);

    VLOG("RegisterPullerCallback: adding puller for tag %d", atomTag);

    // TODO(b/146439412): linkToDeath with the callback so that we can remove it

    // and delete the puller.

    StatsdStats::getInstance().notePullerCallbackRegistrationChanged(atomTag, /*registered=*/true);

    kAllPullAtomInfo[{.atomTag = atomTag}] =

    kAllPullAtomInfo[{.atomTag = atomTag, .uid = useUid ? uid : -1}] =

            new StatsCallbackPuller(atomTag, callback, coolDownNs, timeoutNs, additiveFields);

}



void StatsPullerManager::UnregisterPullAtomCallback(const int uid, const int32_t atomTag) {

    AutoMutex _l(mLock);

    std::lock_guard<std::mutex> _l(mLock);

    StatsdStats::getInstance().notePullerCallbackRegistrationChanged(atomTag, /*registered=*/false);

    kAllPullAtomInfo.erase({.atomTag = atomTag});

}