1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #pragma once
17 
18 #ifndef PRIVACY_BUFFER_H
19 #define PRIVACY_BUFFER_H
20 
21 #include "Privacy.h"
22 
23 #include "FdBuffer.h"
24 
25 #include <android/os/IncidentReportArgs.h>
26 #include <android/util/ProtoOutputStream.h>
27 #include <stdint.h>
28 #include <utils/Errors.h>
29 
30 namespace android {
31 namespace os {
32 namespace incidentd {
33 
34 using namespace android::util;
35 
36 /**
37  * Class to wrap a file descriptor, so callers of PrivacyFilter
38  * can associate additional data with each fd for their own
39  * purposes.
40  */
41 class FilterFd : public RefBase {
42 public:
43     FilterFd(uint8_t privacyPolicy, int fd);
44     virtual ~FilterFd();
45 
getPrivacyPolicy()46     uint8_t getPrivacyPolicy() const { return mPrivacyPolicy; }
getFd()47     int getFd() { return mFd;}
48 
49     virtual void onWriteError(status_t err) = 0;
50 
51 private:
52     uint8_t mPrivacyPolicy;
53     int mFd;
54 };
55 
56 /**
57  * PrivacyFilter holds the original protobuf data and strips PII-sensitive fields
58  * for several requests, streaming them to a set of corresponding file descriptors.
59  */
60 class PrivacyFilter {
61 public:
62     /**
63      * Constructor, with the field --> privacy restrictions mapping.
64      */
65     PrivacyFilter(int sectionId, const Privacy* restrictions);
66 
67     ~PrivacyFilter();
68 
69     /**
70      * Add a target file descriptor, and the privacy policy to which
71      * it should be filtered.
72      */
73     void addFd(const sp<FilterFd>& output);
74 
75     /**
76      * Write the data, filtered according to the privacy specs, to each of the
77      * file descriptors.  Any non-NO_ERROR return codes are fatal to the whole
78      * report.  Individual write errors to streams are reported via the callbacks
79      * on the FilterFds.
80      *
81      * If maxSize is not NULL, it will be set to the maximum size buffer that
82      * was written (i.e. after filtering).
83      *
84      * The buffer is assumed to have already been filtered to bufferLevel.
85      */
86     status_t writeData(const FdBuffer& buffer, uint8_t bufferLevel, size_t* maxSize);
87 
88 private:
89     int mSectionId;
90     const Privacy* mRestrictions;
91     vector<sp<FilterFd>> mOutputs;
92 };
93 
94 status_t filter_and_write_report(int to, int from, uint8_t bufferLevel,
95         const IncidentReportArgs& args);
96 
97 }  // namespace incidentd
98 }  // namespace os
99 }  // namespace android
100 
101 #endif  // PRIVACY_BUFFER_H
102