1 /*
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "src/tracing/core/packet_stream_validator.h"
18 
19 #include <inttypes.h>
20 #include <stddef.h>
21 
22 #include "perfetto/base/logging.h"
23 #include "perfetto/protozero/proto_utils.h"
24 #include "perfetto/trace/trusted_packet.pb.h"
25 
26 namespace perfetto {
27 
28 // static
Validate(const Slices & slices)29 bool PacketStreamValidator::Validate(const Slices& slices) {
30   SlicedProtobufInputStream stream(&slices);
31   size_t size = 0;
32   for (const Slice& slice : slices)
33     size += slice.size;
34 
35   protos::TrustedPacket packet;
36   if (!packet.ParseFromBoundedZeroCopyStream(&stream, static_cast<int>(size)))
37     return false;
38 
39   // Only the service is allowed to fill in these fields:
40 
41   if (packet.optional_trusted_uid_case() !=
42       protos::TrustedPacket::OPTIONAL_TRUSTED_UID_NOT_SET) {
43     return false;
44   }
45 
46   if (packet.optional_trusted_packet_sequence_id_case() !=
47       protos::TrustedPacket::OPTIONAL_TRUSTED_PACKET_SEQUENCE_ID_NOT_SET) {
48     return false;
49   }
50 
51   if (packet.has_trace_config())
52     return false;
53 
54   if (packet.has_trace_stats())
55     return false;
56 
57   if (!packet.synchronization_marker().empty())
58     return false;
59 
60   // We are deliberately not checking for clock_snapshot for the moment. It's
61   // unclear if we want to allow producers to snapshot their clocks. Ideally we
62   // want a security model where producers can only snapshot their own clocks
63   // and not system ones. However, right now, there isn't a compelling need to
64   // be so prescriptive.
65 
66   return true;
67 }
68 
69 }  // namespace perfetto
70