Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 28381694ab5775c70a8fc21107b6b519a66ecd32 / . / cmds / incidentd / src / PrivacyBuffer.cpp
blob: 6967e3391fb8c392391106ee33dbf6b70d832e5b [file] [log] [blame]
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
Yi Jin4e843102018-02-14 15:36:18 -0800[diff] [blame]16#define DEBUG false
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]17#include "Log.h"
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]18
19#include "PrivacyBuffer.h"
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]20#include "incidentd_util.h"
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]21
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]22#include <android-base/file.h>
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]23#include <android/util/protobuf.h>
Yi Jinbdf58942017-11-14 17:58:19 -0800[diff] [blame]24#include <cutils/log.h>
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]25
Yi Jin6cacbcb2018-03-30 14:04:52 -0700[diff] [blame]26namespace android {
27namespace os {
28namespace incidentd {
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]29
30/**
31 * Write the field to buf based on the wire type, iterator will point to next field.
32 * If skip is set to true, no data will be written to buf. Return number of bytes written.
33 */
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]34void PrivacyBuffer::writeFieldOrSkip(uint32_t fieldTag, bool skip) {
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]35 uint8_t wireType = read_wire_type(fieldTag);
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]36 size_t bytesToWrite = 0;
Yi Jinad3e6e52018-04-03 15:10:34 -0700[diff] [blame]37 uint64_t varint = 0;
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]38
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]39 switch (wireType) {
40 case WIRE_TYPE_VARINT:
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]41 varint = mData.readRawVarint();
42 if (!skip) {
43 mProto.writeRawVarint(fieldTag);
44 mProto.writeRawVarint(varint);
45 }
46 return;
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]47 case WIRE_TYPE_FIXED64:
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]48 if (!skip) mProto.writeRawVarint(fieldTag);
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]49 bytesToWrite = 8;
50 break;
51 case WIRE_TYPE_LENGTH_DELIMITED:
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]52 bytesToWrite = mData.readRawVarint();
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]53 if (!skip) mProto.writeLengthDelimitedHeader(read_field_id(fieldTag), bytesToWrite);
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]54 break;
55 case WIRE_TYPE_FIXED32:
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]56 if (!skip) mProto.writeRawVarint(fieldTag);
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]57 bytesToWrite = 4;
58 break;
59 }
60 if (skip) {
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]61 mData.rp()->move(bytesToWrite);
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]62 } else {
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]63 for (size_t i = 0; i < bytesToWrite; i++) {
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]64 mProto.writeRawByte(mData.next());
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]65 }
66 }
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]67}
68
69/**
70 * Strip next field based on its private policy and request spec, then stores data in buf.
71 * Return NO_ERROR if succeeds, otherwise BAD_VALUE is returned to indicate bad data in FdBuffer.
72 *
73 * The iterator must point to the head of a protobuf formatted field for successful operation.
74 * After exit with NO_ERROR, iterator points to the next protobuf field's head.
75 */
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]76status_t PrivacyBuffer::stripField(const Privacy* parentPolicy, const PrivacySpec& spec,
77 int depth /* use as a counter for this recusive method. */) {
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]78 if (!mData.hasNext() || parentPolicy == NULL) return BAD_VALUE;
79 uint32_t fieldTag = mData.readRawVarint();
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]80 uint32_t fieldId = read_field_id(fieldTag);
81 const Privacy* policy = lookup(parentPolicy, fieldId);
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]82
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]83 VLOG("[Depth %2d]Try to strip id %d, wiretype %d", depth, fieldId, read_wire_type(fieldTag));
Yi Jinbdf58942017-11-14 17:58:19 -0800[diff] [blame]84 if (policy == NULL || policy->children == NULL) {
Yi Jinbdf58942017-11-14 17:58:19 -0800[diff] [blame]85 bool skip = !spec.CheckPremission(policy, parentPolicy->dest);
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]86 // iterator will point to head of next field
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]87 size_t currentAt = mData.rp()->pos();
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]88 writeFieldOrSkip(fieldTag, skip);
Yi Jin8cb370f2018-04-23 13:03:14 -0700[diff] [blame]89 VLOG("[Depth %2d]Field %d %ss %zu bytes", depth, fieldId, skip ? "skip" : "write",
90 get_varint_size(fieldTag) + mData.rp()->pos() - currentAt);
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]91 return NO_ERROR;
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]92 }
93 // current field is message type and its sub-fields have extra privacy policies
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]94 uint32_t msgSize = mData.readRawVarint();
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]95 size_t start = mData.rp()->pos();
Yi Jin5ee07872018-03-05 18:18:27 -0800[diff] [blame]96 uint64_t token = mProto.start(encode_field_id(policy));
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]97 while (mData.rp()->pos() - start != msgSize) {
98 status_t err = stripField(policy, spec, depth + 1);
Mike Ma28381692018-12-04 15:46:29 -0800[diff] [blame^]99 if (err != NO_ERROR) {
100 VLOG("Bad value when stripping id %d, wiretype %d, tag %#x, depth %d, size %d, "
101 "relative pos %zu, ", fieldId, read_wire_type(fieldTag), fieldTag, depth,
102 msgSize, mData.rp()->pos() - start);
103 return err;
104 }
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]105 }
Yi Jinbe6de302017-10-24 12:30:24 -0700[diff] [blame]106 mProto.end(token);
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]107 return NO_ERROR;
108}
109
110// ================================================================================
Yi Jin86dce412018-03-07 11:36:57 -0800[diff] [blame]111PrivacyBuffer::PrivacyBuffer(const Privacy* policy, EncodedBuffer::iterator data)
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]112 : mPolicy(policy), mData(data), mProto(), mSize(0) {}
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]113
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]114PrivacyBuffer::~PrivacyBuffer() {}
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]115
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]116status_t PrivacyBuffer::strip(const PrivacySpec& spec) {
117 VLOG("Strip with spec %d", spec.dest);
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]118 // optimization when no strip happens
Yi Jinbdf58942017-11-14 17:58:19 -0800[diff] [blame]119 if (mPolicy == NULL || mPolicy->children == NULL || spec.RequireAll()) {
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]120 if (spec.CheckPremission(mPolicy)) mSize = mData.size();
121 return NO_ERROR;
122 }
123 while (mData.hasNext()) {
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]124 status_t err = stripField(mPolicy, spec, 0);
Mike Ma28381692018-12-04 15:46:29 -0800[diff] [blame^]125 if (err != NO_ERROR) return err; // Error logged in stripField.
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]126 }
Mike Ma28381692018-12-04 15:46:29 -0800[diff] [blame^]127 if (mData.bytesRead() != mData.size()) {
128 VLOG("Buffer corrupted: expect %zu bytes, read %zu bytes",
129 mData.size(), mData.bytesRead());
130 return BAD_VALUE;
131 }
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]132 mSize = mProto.size();
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]133 mData.rp()->rewind(); // rewind the read pointer back to beginning after the strip.
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]134 return NO_ERROR;
135}
136
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]137void PrivacyBuffer::clear() {
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]138 mSize = 0;
Yi Jin7f9e63b2018-02-02 16:25:11 -0800[diff] [blame]139 mProto.clear();
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]140}
141
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]142size_t PrivacyBuffer::size() const { return mSize; }
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]143
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]144status_t PrivacyBuffer::flush(int fd) {
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]145 status_t err = NO_ERROR;
Yi Jin42711a02017-10-11 18:20:24 -0700[diff] [blame]146 EncodedBuffer::iterator iter = size() == mData.size() ? mData : mProto.data();
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]147 while (iter.readBuffer() != NULL) {
Yi Jinb592e3b2018-02-01 15:17:04 -0800[diff] [blame]148 err = WriteFully(fd, iter.readBuffer(), iter.currentToRead()) ? NO_ERROR : -errno;
Yi Jinc23fad22017-09-15 17:24:59 -0700[diff] [blame]149 iter.rp()->move(iter.currentToRead());
150 if (err != NO_ERROR) return err;
151 }
152 return NO_ERROR;
153}
Yi Jin6cacbcb2018-03-30 14:04:52 -0700[diff] [blame]154
155} // namespace incidentd
156} // namespace os
157} // namespace android