| /* |
| * Copyright (C) 2017 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| #pragma once |
| |
| #ifndef PRIVACY_BUFFER_H |
| #define PRIVACY_BUFFER_H |
| |
| #include "Privacy.h" |
| |
| #include "FdBuffer.h" |
| |
| #include <android/os/IncidentReportArgs.h> |
| #include <android/util/ProtoOutputStream.h> |
| #include <stdint.h> |
| #include <utils/Errors.h> |
| |
| namespace android { |
| namespace os { |
| namespace incidentd { |
| |
| using namespace android::util; |
| |
| /** |
| * Class to wrap a file descriptor, so callers of PrivacyFilter |
| * can associate additional data with each fd for their own |
| * purposes. |
| */ |
| class FilterFd : public RefBase { |
| public: |
| FilterFd(uint8_t privacyPolicy, int fd); |
| virtual ~FilterFd(); |
| |
| uint8_t getPrivacyPolicy() const { return mPrivacyPolicy; } |
| int getFd() { return mFd;} |
| |
| virtual void onWriteError(status_t err) = 0; |
| |
| private: |
| uint8_t mPrivacyPolicy; |
| int mFd; |
| }; |
| |
| /** |
| * PrivacyFilter holds the original protobuf data and strips PII-sensitive fields |
| * for several requests, streaming them to a set of corresponding file descriptors. |
| */ |
| class PrivacyFilter { |
| public: |
| /** |
| * Constructor, with the field --> privacy restrictions mapping. |
| */ |
| PrivacyFilter(int sectionId, const Privacy* restrictions); |
| |
| ~PrivacyFilter(); |
| |
| /** |
| * Add a target file descriptor, and the privacy policy to which |
| * it should be filtered. |
| */ |
| void addFd(const sp<FilterFd>& output); |
| |
| /** |
| * Write the data, filtered according to the privacy specs, to each of the |
| * file descriptors. Any non-NO_ERROR return codes are fatal to the whole |
| * report. Individual write errors to streams are reported via the callbacks |
| * on the FilterFds. |
| * |
| * If maxSize is not NULL, it will be set to the maximum size buffer that |
| * was written (i.e. after filtering). |
| * |
| * The buffer is assumed to have already been filtered to bufferLevel. |
| */ |
| status_t writeData(const FdBuffer& buffer, uint8_t bufferLevel, size_t* maxSize); |
| |
| private: |
| int mSectionId; |
| const Privacy* mRestrictions; |
| vector<sp<FilterFd>> mOutputs; |
| }; |
| |
| status_t filter_and_write_report(int to, int from, uint8_t bufferLevel, |
| const IncidentReportArgs& args); |
| |
| } // namespace incidentd |
| } // namespace os |
| } // namespace android |
| |
| #endif // PRIVACY_BUFFER_H |