diff options
author | Zhatab Saifi <zsaifi@amazon.com> | 2023-12-19 14:33:58 +0530 |
---|---|---|
committer | Zhatab Saifi <zsaifi@amazon.com> | 2024-01-04 11:56:20 +0000 |
commit | 40c47da2001fcc0c22b59dff28d222d19ae609b0 (patch) | |
tree | 0f75b8a158f4671615c0467c102c9f6152eea8bf | |
parent | b1e5977ca64bc8a916709bc36c1b547639bf4509 (diff) | |
download | netd-40c47da2001fcc0c22b59dff28d222d19ae609b0.tar.gz |
Fix IPV4/6 privacy leak
SockDiag is emitting IPV4/6 address in log lines. Android Privacy Best
Practices are to not log any PII information in the logs. Remove the
IPV4/6 address on user build.
Change-Id: I8b82af73a60813be230a73002cee01831320884b
-rw-r--r-- | server/SockDiag.cpp | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/server/SockDiag.cpp b/server/SockDiag.cpp index 49ca8d71..ef3a840b 100644 --- a/server/SockDiag.cpp +++ b/server/SockDiag.cpp @@ -55,6 +55,8 @@ using netdutils::Stopwatch; namespace net { namespace { +static const bool isUser = (android::base::GetProperty("ro.build.type", "") == "user"); + int getAdbPort() { return android::base::GetIntProperty("service.adb.tcp.port", 0); } @@ -335,18 +337,20 @@ int SockDiag::destroySockets(const char* addrstr, int ifindex) { if (!strchr(addrstr, ':')) { // inet_ntop never returns something like ::ffff:192.0.2.1 if (int ret = destroySockets(IPPROTO_TCP, AF_INET, addrstr, ifindex)) { - ALOGE("Failed to destroy IPv4 sockets on %s: %s", where.c_str(), strerror(-ret)); + ALOGE("Failed to destroy IPv4 sockets on %s: %s", + (isUser ? "[hidden: user build]" : where.c_str()), strerror(-ret)); return ret; } } if (int ret = destroySockets(IPPROTO_TCP, AF_INET6, addrstr, ifindex)) { - ALOGE("Failed to destroy IPv6 sockets on %s: %s", where.c_str(), strerror(-ret)); + ALOGE("Failed to destroy IPv6 sockets on %s: %s", + (isUser ? "[hidden: user build]" : where.c_str()), strerror(-ret)); return ret; } if (mSocketsDestroyed > 0) { - ALOGI("Destroyed %d sockets on %s in %" PRId64 "us", mSocketsDestroyed, where.c_str(), - s.timeTakenUs()); + ALOGI("Destroyed %d sockets on %s in %" PRId64 "us", mSocketsDestroyed, + (isUser ? "[hidden: user build]" : where.c_str()), s.timeTakenUs()); } return mSocketsDestroyed; |