1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "Log.h"
18
19 #include "incidentd_util.h"
20 #include "proto_util.h"
21 #include "PrivacyFilter.h"
22 #include "WorkDirectory.h"
23
24 #include <google/protobuf/io/zero_copy_stream_impl.h>
25 #include <private/android_filesystem_config.h>
26
27 #include <iomanip>
28 #include <map>
29 #include <sstream>
30 #include <thread>
31 #include <vector>
32
33 #include <sys/stat.h>
34 #include <time.h>
35 #include <unistd.h>
36 #include <inttypes.h>
37
38 namespace android {
39 namespace os {
40 namespace incidentd {
41
42 using std::thread;
43 using google::protobuf::MessageLite;
44 using google::protobuf::RepeatedPtrField;
45 using google::protobuf::io::FileInputStream;
46 using google::protobuf::io::FileOutputStream;
47
48 /**
49 * Turn off to skip removing files for debugging.
50 */
51 static const bool DO_UNLINK = true;
52
53 /**
54 * File extension for envelope files.
55 */
56 static const string EXTENSION_ENVELOPE(".envelope");
57
58 /**
59 * File extension for data files.
60 */
61 static const string EXTENSION_DATA(".data");
62
63 /**
64 * Send these reports to dropbox.
65 */
66 const ComponentName DROPBOX_SENTINEL("android", "DROPBOX");
67
68 /** metadata field id in IncidentProto */
69 const int FIELD_ID_INCIDENT_METADATA = 2;
70
71 // Args for exec gzip
72 static const char* GZIP[] = {"/system/bin/gzip", NULL};
73
74 /**
75 * Read a protobuf from disk into the message.
76 */
read_proto(MessageLite * msg,const string & filename)77 static status_t read_proto(MessageLite* msg, const string& filename) {
78 int fd = open(filename.c_str(), O_RDONLY | O_CLOEXEC);
79 if (fd < 0) {
80 return -errno;
81 }
82
83 FileInputStream stream(fd);
84 stream.SetCloseOnDelete(fd);
85
86 if (!msg->ParseFromZeroCopyStream(&stream)) {
87 return BAD_VALUE;
88 }
89
90 return stream.GetErrno();
91 }
92
93 /**
94 * Write a protobuf to disk.
95 */
write_proto(const MessageLite & msg,const string & filename)96 static status_t write_proto(const MessageLite& msg, const string& filename) {
97 int fd = open(filename.c_str(), O_CREAT | O_TRUNC | O_RDWR | O_CLOEXEC, 0660);
98 if (fd < 0) {
99 return -errno;
100 }
101
102 FileOutputStream stream(fd);
103 stream.SetCloseOnDelete(fd);
104
105 if (!msg.SerializeToZeroCopyStream(&stream)) {
106 ALOGW("write_proto: error writing to %s", filename.c_str());
107 return BAD_VALUE;
108 }
109
110 return stream.GetErrno();
111 }
112
strip_extension(const string & filename)113 static string strip_extension(const string& filename) {
114 return filename.substr(0, filename.find('.'));
115 }
116
ends_with(const string & str,const string & ending)117 static bool ends_with(const string& str, const string& ending) {
118 if (str.length() >= ending.length()) {
119 return str.compare(str.length()-ending.length(), ending.length(), ending) == 0;
120 } else {
121 return false;
122 }
123 }
124
125 // Returns true if it was a valid timestamp.
parse_timestamp_ns(const string & id,int64_t * result)126 static bool parse_timestamp_ns(const string& id, int64_t* result) {
127 char* endptr;
128 *result = strtoll(id.c_str(), &endptr, 10);
129 return id.length() != 0 && *endptr == '\0';
130 }
131
has_section(const ReportFileProto_Report & report,int section)132 static bool has_section(const ReportFileProto_Report& report, int section) {
133 const size_t sectionCount = report.section_size();
134 for (int i = 0; i < sectionCount; i++) {
135 if (report.section(i) == section) {
136 return true;
137 }
138 }
139 return false;
140 }
141
create_directory(const char * directory)142 status_t create_directory(const char* directory) {
143 struct stat st;
144 status_t err = NO_ERROR;
145 char* dir = strdup(directory);
146
147 // Skip first slash
148 char* d = dir + 1;
149
150 // Create directories, assigning them to the system user
151 bool last = false;
152 while (!last) {
153 d = strchr(d, '/');
154 if (d != NULL) {
155 *d = '\0';
156 } else {
157 last = true;
158 }
159 if (stat(dir, &st) == 0) {
160 if (!S_ISDIR(st.st_mode)) {
161 err = ALREADY_EXISTS;
162 goto done;
163 }
164 } else {
165 ALOGE("No such directory %s, something wrong.", dir);
166 err = -1;
167 goto done;
168 }
169 if (!last) {
170 *d++ = '/';
171 }
172 }
173
174 // Ensure that the final directory is owned by the system with 0770. If it isn't
175 // we won't write into it.
176 if (stat(directory, &st) != 0) {
177 ALOGE("No incident reports today. Can't stat: %s", directory);
178 err = -errno;
179 goto done;
180 }
181 if ((st.st_mode & 0777) != 0770) {
182 ALOGE("No incident reports today. Mode is %0o on report directory %s", st.st_mode,
183 directory);
184 err = BAD_VALUE;
185 goto done;
186 }
187 if (st.st_uid != AID_INCIDENTD || st.st_gid != AID_INCIDENTD) {
188 ALOGE("No incident reports today. Owner is %d and group is %d on report directory %s",
189 st.st_uid, st.st_gid, directory);
190 err = BAD_VALUE;
191 goto done;
192 }
193
194 done:
195 free(dir);
196 return err;
197 }
198
log_envelope(const ReportFileProto & envelope)199 void log_envelope(const ReportFileProto& envelope) {
200 ALOGD("Envelope: {");
201 for (int i=0; i<envelope.report_size(); i++) {
202 ALOGD(" report {");
203 ALOGD(" pkg=%s", envelope.report(i).pkg().c_str());
204 ALOGD(" cls=%s", envelope.report(i).cls().c_str());
205 ALOGD(" share_approved=%d", envelope.report(i).share_approved());
206 ALOGD(" privacy_policy=%d", envelope.report(i).privacy_policy());
207 ALOGD(" all_sections=%d", envelope.report(i).all_sections());
208 for (int j=0; j<envelope.report(i).section_size(); j++) {
209 ALOGD(" section[%d]=%d", j, envelope.report(i).section(j));
210 }
211 ALOGD(" }");
212 }
213 ALOGD(" data_file=%s", envelope.data_file().c_str());
214 ALOGD(" privacy_policy=%d", envelope.privacy_policy());
215 ALOGD(" data_file_size=%" PRIi64, (int64_t)envelope.data_file_size());
216 ALOGD(" completed=%d", envelope.completed());
217 ALOGD("}");
218 }
219
220 // ================================================================================
221 struct WorkDirectoryEntry {
222 WorkDirectoryEntry();
223 explicit WorkDirectoryEntry(const WorkDirectoryEntry& that);
224 ~WorkDirectoryEntry();
225
226 string envelope;
227 string data;
228 int64_t timestampNs;
229 off_t size;
230 };
231
WorkDirectoryEntry()232 WorkDirectoryEntry::WorkDirectoryEntry()
233 :envelope(),
234 data(),
235 size(0) {
236 }
237
WorkDirectoryEntry(const WorkDirectoryEntry & that)238 WorkDirectoryEntry::WorkDirectoryEntry(const WorkDirectoryEntry& that)
239 :envelope(that.envelope),
240 data(that.data),
241 size(that.size) {
242 }
243
~WorkDirectoryEntry()244 WorkDirectoryEntry::~WorkDirectoryEntry() {
245 }
246
247 // ================================================================================
ReportFile(const sp<WorkDirectory> & workDirectory,int64_t timestampNs,const string & envelopeFileName,const string & dataFileName)248 ReportFile::ReportFile(const sp<WorkDirectory>& workDirectory, int64_t timestampNs,
249 const string& envelopeFileName, const string& dataFileName)
250 :mWorkDirectory(workDirectory),
251 mTimestampNs(timestampNs),
252 mEnvelopeFileName(envelopeFileName),
253 mDataFileName(dataFileName),
254 mEnvelope(),
255 mDataFd(-1),
256 mError(NO_ERROR) {
257 // might get overwritten when we read but that's ok
258 mEnvelope.set_data_file(mDataFileName);
259 }
260
~ReportFile()261 ReportFile::~ReportFile() {
262 if (mDataFd >= 0) {
263 close(mDataFd);
264 }
265 }
266
getTimestampNs() const267 int64_t ReportFile::getTimestampNs() const {
268 return mTimestampNs;
269 }
270
addReport(const IncidentReportArgs & args)271 void ReportFile::addReport(const IncidentReportArgs& args) {
272 // There is only one report per component. Merge into an existing one if necessary.
273 ReportFileProto_Report* report;
274 const int reportCount = mEnvelope.report_size();
275 int i = 0;
276 for (; i < reportCount; i++) {
277 report = mEnvelope.mutable_report(i);
278 if (report->pkg() == args.receiverPkg() && report->cls() == args.receiverCls()) {
279 if (args.getPrivacyPolicy() < report->privacy_policy()) {
280 // Lower privacy policy (less restrictive) wins.
281 report->set_privacy_policy(args.getPrivacyPolicy());
282 }
283 report->set_all_sections(report->all_sections() || args.all());
284 for (int section: args.sections()) {
285 if (!has_section(*report, section)) {
286 report->add_section(section);
287 }
288 }
289 break;
290 }
291 }
292 if (i >= reportCount) {
293 report = mEnvelope.add_report();
294 report->set_pkg(args.receiverPkg());
295 report->set_cls(args.receiverCls());
296 report->set_privacy_policy(args.getPrivacyPolicy());
297 report->set_all_sections(args.all());
298 report->set_gzip(args.gzip());
299 for (int section: args.sections()) {
300 report->add_section(section);
301 }
302 }
303
304 for (const vector<uint8_t>& header: args.headers()) {
305 report->add_header(header.data(), header.size());
306 }
307 }
308
removeReport(const string & pkg,const string & cls)309 void ReportFile::removeReport(const string& pkg, const string& cls) {
310 RepeatedPtrField<ReportFileProto_Report>* reports = mEnvelope.mutable_report();
311 const int reportCount = reports->size();
312 for (int i = 0; i < reportCount; i++) {
313 const ReportFileProto_Report& r = reports->Get(i);
314 if (r.pkg() == pkg && r.cls() == cls) {
315 reports->DeleteSubrange(i, 1);
316 return;
317 }
318 }
319 }
320
removeReports(const string & pkg)321 void ReportFile::removeReports(const string& pkg) {
322 RepeatedPtrField<ReportFileProto_Report>* reports = mEnvelope.mutable_report();
323 const int reportCount = reports->size();
324 for (int i = reportCount-1; i >= 0; i--) {
325 const ReportFileProto_Report& r = reports->Get(i);
326 if (r.pkg() == pkg) {
327 reports->DeleteSubrange(i, 1);
328 }
329 }
330 }
331
setMetadata(const IncidentMetadata & metadata)332 void ReportFile::setMetadata(const IncidentMetadata& metadata) {
333 *mEnvelope.mutable_metadata() = metadata;
334 }
335
markCompleted()336 void ReportFile::markCompleted() {
337 mEnvelope.set_completed(true);
338 }
339
markApproved(const string & pkg,const string & cls)340 status_t ReportFile::markApproved(const string& pkg, const string& cls) {
341 size_t const reportCount = mEnvelope.report_size();
342 for (int reportIndex = 0; reportIndex < reportCount; reportIndex++) {
343 ReportFileProto_Report* report = mEnvelope.mutable_report(reportIndex);
344 if (report->pkg() == pkg && report->cls() == cls) {
345 report->set_share_approved(true);
346 return NO_ERROR;
347 }
348 }
349 return NAME_NOT_FOUND;
350 }
351
setMaxPersistedPrivacyPolicy(int persistedPrivacyPolicy)352 void ReportFile::setMaxPersistedPrivacyPolicy(int persistedPrivacyPolicy) {
353 mEnvelope.set_privacy_policy(persistedPrivacyPolicy);
354 }
355
saveEnvelope()356 status_t ReportFile::saveEnvelope() {
357 return save_envelope_impl(true);
358 }
359
trySaveEnvelope()360 status_t ReportFile::trySaveEnvelope() {
361 return save_envelope_impl(false);
362 }
363
loadEnvelope()364 status_t ReportFile::loadEnvelope() {
365 return load_envelope_impl(true);
366 }
367
tryLoadEnvelope()368 status_t ReportFile::tryLoadEnvelope() {
369 return load_envelope_impl(false);
370 }
371
getEnvelope()372 const ReportFileProto& ReportFile::getEnvelope() {
373 return mEnvelope;
374 }
375
startWritingDataFile()376 status_t ReportFile::startWritingDataFile() {
377 if (mDataFd >= 0) {
378 ALOGW("ReportFile::startWritingDataFile called with the file already open: %s",
379 mDataFileName.c_str());
380 return ALREADY_EXISTS;
381 }
382 mDataFd = open(mDataFileName.c_str(), O_CREAT | O_TRUNC | O_RDWR | O_CLOEXEC, 0660);
383 if (mDataFd < 0) {
384 return -errno;
385 }
386 return NO_ERROR;
387 }
388
closeDataFile()389 void ReportFile::closeDataFile() {
390 if (mDataFd >= 0) {
391 mEnvelope.set_data_file_size(lseek(mDataFd, 0, SEEK_END));
392 close(mDataFd);
393 mDataFd = -1;
394 }
395 }
396
startFilteringData(int writeFd,const IncidentReportArgs & args)397 status_t ReportFile::startFilteringData(int writeFd, const IncidentReportArgs& args) {
398 // Open data file.
399 int dataFd = open(mDataFileName.c_str(), O_RDONLY | O_CLOEXEC);
400 if (dataFd < 0) {
401 ALOGW("Error opening incident report '%s' %s", getDataFileName().c_str(), strerror(-errno));
402 close(writeFd);
403 close(dataFd);
404 return -errno;
405 }
406
407 // Check that the size on disk is what we thought we wrote.
408 struct stat st;
409 if (fstat(dataFd, &st) != 0) {
410 ALOGW("Error running fstat incident report '%s' %s", getDataFileName().c_str(),
411 strerror(-errno));
412 close(writeFd);
413 close(dataFd);
414 return -errno;
415 }
416 if (st.st_size != mEnvelope.data_file_size()) {
417 ALOGW("File size mismatch. Envelope says %" PRIi64 " bytes but data file is %" PRIi64
418 " bytes: %s",
419 (int64_t)mEnvelope.data_file_size(), st.st_size, mDataFileName.c_str());
420 ALOGW("Removing incident report");
421 mWorkDirectory->remove(this);
422 close(writeFd);
423 close(dataFd);
424 return BAD_VALUE;
425 }
426
427 pid_t zipPid = 0;
428 if (args.gzip()) {
429 Fpipe zipPipe;
430 if (!zipPipe.init()) {
431 ALOGE("[ReportFile] Failed to setup pipe for gzip");
432 close(writeFd);
433 close(dataFd);
434 return -errno;
435 }
436 int status = 0;
437 zipPid = fork_execute_cmd((char* const*)GZIP, zipPipe.readFd().release(), writeFd, &status);
438 close(writeFd);
439 close(dataFd);
440 if (zipPid < 0 || status != 0) {
441 ALOGE("[ReportFile] Failed to fork and exec gzip");
442 return status;
443 }
444 writeFd = zipPipe.writeFd().release();
445 }
446
447 status_t err;
448
449 for (const auto& report : mEnvelope.report()) {
450 for (const auto& header : report.header()) {
451 write_header_section(writeFd,
452 reinterpret_cast<const uint8_t*>(header.c_str()), header.size());
453 }
454 }
455
456 if (mEnvelope.has_metadata()) {
457 write_section(writeFd, FIELD_ID_INCIDENT_METADATA, mEnvelope.metadata());
458 }
459
460 err = filter_and_write_report(writeFd, dataFd, mEnvelope.privacy_policy(), args);
461 if (err != NO_ERROR) {
462 ALOGW("Error writing incident report '%s' to dropbox: %s", getDataFileName().c_str(),
463 strerror(-err));
464 }
465
466 close(writeFd);
467 close(dataFd);
468 if (zipPid > 0) {
469 status_t err = wait_child(zipPid, /* timeout_ms= */ 10 * 1000);
470 if (err != 0) {
471 ALOGE("[ReportFile] abnormal child process: %s", strerror(-err));
472 }
473 return err;
474 }
475 return NO_ERROR;
476 }
477
getDataFileName() const478 string ReportFile::getDataFileName() const {
479 return mDataFileName;
480 }
481
getEnvelopeFileName() const482 string ReportFile::getEnvelopeFileName() const {
483 return mEnvelopeFileName;
484 }
485
getDataFileFd()486 int ReportFile::getDataFileFd() {
487 return mDataFd;
488 }
489
setWriteError(status_t err)490 void ReportFile::setWriteError(status_t err) {
491 mError = err;
492 }
493
getWriteError()494 status_t ReportFile::getWriteError() {
495 return mError;
496 }
497
getId()498 string ReportFile::getId() {
499 return to_string(mTimestampNs);
500 }
501
save_envelope_impl(bool cleanup)502 status_t ReportFile::save_envelope_impl(bool cleanup) {
503 status_t err;
504 err = write_proto(mEnvelope, mEnvelopeFileName);
505 if (err != NO_ERROR) {
506 // If there was an error writing the envelope, then delete the whole thing.
507 if (cleanup) {
508 mWorkDirectory->remove(this);
509 }
510 return err;
511 }
512 return NO_ERROR;
513 }
514
load_envelope_impl(bool cleanup)515 status_t ReportFile::load_envelope_impl(bool cleanup) {
516 status_t err;
517 err = read_proto(&mEnvelope, mEnvelopeFileName);
518 if (err != NO_ERROR) {
519 // If there was an error reading the envelope, then delete the whole thing.
520 if (cleanup) {
521 mWorkDirectory->remove(this);
522 }
523 return err;
524 }
525 return NO_ERROR;
526 }
527
528
529
530 // ================================================================================
531 //
532
WorkDirectory()533 WorkDirectory::WorkDirectory()
534 :mDirectory("/data/misc/incidents"),
535 mMaxFileCount(100),
536 mMaxDiskUsageBytes(400 * 1024 * 1024) { // Incident reports can take up to 400MB on disk.
537 // TODO: Should be a flag.
538 create_directory(mDirectory.c_str());
539 }
540
WorkDirectory(const string & dir,int maxFileCount,long maxDiskUsageBytes)541 WorkDirectory::WorkDirectory(const string& dir, int maxFileCount, long maxDiskUsageBytes)
542 :mDirectory(dir),
543 mMaxFileCount(maxFileCount),
544 mMaxDiskUsageBytes(maxDiskUsageBytes) {
545 create_directory(mDirectory.c_str());
546 }
547
createReportFile()548 sp<ReportFile> WorkDirectory::createReportFile() {
549 unique_lock<mutex> lock(mLock);
550 status_t err;
551
552 clean_directory_locked();
553
554 int64_t timestampNs = make_timestamp_ns_locked();
555 string envelopeFileName = make_filename(timestampNs, EXTENSION_ENVELOPE);
556 string dataFileName = make_filename(timestampNs, EXTENSION_DATA);
557
558 sp<ReportFile> result = new ReportFile(this, timestampNs, envelopeFileName, dataFileName);
559
560 err = result->trySaveEnvelope();
561 if (err != NO_ERROR) {
562 ALOGW("Can't save envelope file %s: %s", strerror(-errno), envelopeFileName.c_str());
563 return nullptr;
564 }
565
566 return result;
567 }
568
getReports(vector<sp<ReportFile>> * result,int64_t after)569 status_t WorkDirectory::getReports(vector<sp<ReportFile>>* result, int64_t after) {
570 unique_lock<mutex> lock(mLock);
571
572 const bool DBG = true;
573
574 if (DBG) {
575 ALOGD("WorkDirectory::getReports");
576 }
577
578 map<string,WorkDirectoryEntry> files;
579 get_directory_contents_locked(&files, after);
580 for (map<string,WorkDirectoryEntry>::iterator it = files.begin();
581 it != files.end(); it++) {
582 sp<ReportFile> reportFile = new ReportFile(this, it->second.timestampNs,
583 it->second.envelope, it->second.data);
584 if (DBG) {
585 ALOGD(" %s", reportFile->getId().c_str());
586 }
587 result->push_back(reportFile);
588 }
589 return NO_ERROR;
590 }
591
getReport(const string & pkg,const string & cls,const string & id,IncidentReportArgs * args)592 sp<ReportFile> WorkDirectory::getReport(const string& pkg, const string& cls, const string& id,
593 IncidentReportArgs* args) {
594 unique_lock<mutex> lock(mLock);
595
596 status_t err;
597 int64_t timestampNs;
598 if (!parse_timestamp_ns(id, ×tampNs)) {
599 return nullptr;
600 }
601
602 // Make the ReportFile object, and then see if it's valid and for pkg and cls.
603 sp<ReportFile> result = new ReportFile(this, timestampNs,
604 make_filename(timestampNs, EXTENSION_ENVELOPE),
605 make_filename(timestampNs, EXTENSION_DATA));
606
607 err = result->tryLoadEnvelope();
608 if (err != NO_ERROR) {
609 ALOGW("Can't open envelope file for report %s/%s %s", pkg.c_str(), cls.c_str(), id.c_str());
610 return nullptr;
611 }
612
613 const ReportFileProto& envelope = result->getEnvelope();
614 const size_t reportCount = envelope.report_size();
615 for (int i = 0; i < reportCount; i++) {
616 const ReportFileProto_Report& report = envelope.report(i);
617 if (report.pkg() == pkg && report.cls() == cls) {
618 if (args != nullptr) {
619 get_args_from_report(args, report);
620 }
621 return result;
622 }
623
624 }
625
626 return nullptr;
627 }
628
hasMore(int64_t after)629 bool WorkDirectory::hasMore(int64_t after) {
630 unique_lock<mutex> lock(mLock);
631
632 map<string,WorkDirectoryEntry> files;
633 get_directory_contents_locked(&files, after);
634 return files.size() > 0;
635 }
636
commit(const sp<ReportFile> & report,const string & pkg,const string & cls)637 void WorkDirectory::commit(const sp<ReportFile>& report, const string& pkg, const string& cls) {
638 status_t err;
639 ALOGI("Committing report %s for %s/%s", report->getId().c_str(), pkg.c_str(), cls.c_str());
640
641 unique_lock<mutex> lock(mLock);
642
643 // Load the envelope here inside the lock.
644 err = report->loadEnvelope();
645
646 report->removeReport(pkg, cls);
647
648 delete_files_for_report_if_necessary(report);
649 }
650
commitAll(const string & pkg)651 void WorkDirectory::commitAll(const string& pkg) {
652 status_t err;
653 ALOGI("All reports for %s", pkg.c_str());
654
655 unique_lock<mutex> lock(mLock);
656
657 map<string,WorkDirectoryEntry> files;
658 get_directory_contents_locked(&files, 0);
659
660 for (map<string,WorkDirectoryEntry>::iterator it = files.begin();
661 it != files.end(); it++) {
662 sp<ReportFile> reportFile = new ReportFile(this, it->second.timestampNs,
663 it->second.envelope, it->second.data);
664
665 err = reportFile->loadEnvelope();
666 if (err != NO_ERROR) {
667 continue;
668 }
669
670 reportFile->removeReports(pkg);
671
672 delete_files_for_report_if_necessary(reportFile);
673 }
674 }
675
remove(const sp<ReportFile> & report)676 void WorkDirectory::remove(const sp<ReportFile>& report) {
677 unique_lock<mutex> lock(mLock);
678 // Set this to false to leave files around for debugging.
679 if (DO_UNLINK) {
680 unlink(report->getDataFileName().c_str());
681 unlink(report->getEnvelopeFileName().c_str());
682 }
683 }
684
make_timestamp_ns_locked()685 int64_t WorkDirectory::make_timestamp_ns_locked() {
686 // Guarantee that we don't have duplicate timestamps.
687 // This is a little bit lame, but since reports are created on the
688 // same thread and are kinda slow we'll seldomly actually hit the
689 // condition. The bigger risk is the clock getting reset and causing
690 // a collision. In that case, we'll just make incident reporting a
691 // little bit slower. Nobody will notice if we just loop until we
692 // have a unique file name.
693 int64_t timestampNs = 0;
694 do {
695 struct timespec spec;
696 if (timestampNs > 0) {
697 spec.tv_sec = 0;
698 spec.tv_nsec = 1;
699 nanosleep(&spec, nullptr);
700 }
701 clock_gettime(CLOCK_REALTIME, &spec);
702 timestampNs = int64_t(spec.tv_sec) * 1000 + spec.tv_nsec;
703 } while (file_exists_locked(timestampNs));
704 return (timestampNs >= 0)? timestampNs : -timestampNs;
705 }
706
707 /**
708 * It is required to hold the lock here so in case someone else adds it
709 * our result is still correct for the caller.
710 */
file_exists_locked(int64_t timestampNs)711 bool WorkDirectory::file_exists_locked(int64_t timestampNs) {
712 const string filename = make_filename(timestampNs, EXTENSION_ENVELOPE);
713 struct stat st;
714 return stat(filename.c_str(), &st) == 0;
715 }
716
make_filename(int64_t timestampNs,const string & extension)717 string WorkDirectory::make_filename(int64_t timestampNs, const string& extension) {
718 // Zero pad the timestamp so it can also be alpha sorted.
719 stringstream result;
720 result << mDirectory << '/' << setfill('0') << setw(20) << timestampNs << extension;
721 return result.str();
722 }
723
get_directory_contents_locked(map<string,WorkDirectoryEntry> * files,int64_t after)724 off_t WorkDirectory::get_directory_contents_locked(map<string,WorkDirectoryEntry>* files,
725 int64_t after) {
726 DIR* dir;
727 struct dirent* entry;
728
729 if ((dir = opendir(mDirectory.c_str())) == NULL) {
730 ALOGE("Couldn't open incident directory: %s", mDirectory.c_str());
731 return -1;
732 }
733
734 string dirbase(mDirectory);
735 if (mDirectory[dirbase.size() - 1] != '/') dirbase += "/";
736
737 off_t totalSize = 0;
738
739 // Enumerate, count and add up size
740 while ((entry = readdir(dir)) != NULL) {
741 if (entry->d_name[0] == '.') {
742 continue;
743 }
744 string entryname = entry->d_name; // local to this dir
745 string filename = dirbase + entryname; // fully qualified
746
747 bool isEnvelope = ends_with(entryname, EXTENSION_ENVELOPE);
748 bool isData = ends_with(entryname, EXTENSION_DATA);
749
750 // If the file isn't one of our files, just ignore it. Otherwise,
751 // sum up the sizes.
752 if (isEnvelope || isData) {
753 string timestamp = strip_extension(entryname);
754
755 int64_t timestampNs;
756 if (!parse_timestamp_ns(timestamp, ×tampNs)) {
757 continue;
758 }
759
760 if (after == 0 || timestampNs > after) {
761 struct stat st;
762 if (stat(filename.c_str(), &st) != 0) {
763 ALOGE("Unable to stat file %s", filename.c_str());
764 continue;
765 }
766 if (!S_ISREG(st.st_mode)) {
767 continue;
768 }
769
770 WorkDirectoryEntry& entry = (*files)[timestamp];
771 if (isEnvelope) {
772 entry.envelope = filename;
773 } else if (isData) {
774 entry.data = filename;
775 }
776 entry.timestampNs = timestampNs;
777 entry.size += st.st_size;
778 totalSize += st.st_size;
779 }
780 }
781 }
782
783 closedir(dir);
784
785 // Now check if there are any data files that don't have envelope files.
786 // If there are, then just go ahead and delete them now. Don't wait for
787 // a cleaning.
788
789 if (DO_UNLINK) {
790 map<string,WorkDirectoryEntry>::iterator it = files->begin();
791 while (it != files->end()) {
792 if (it->second.envelope.length() == 0) {
793 unlink(it->second.data.c_str());
794 it = files->erase(it);
795 } else {
796 it++;
797 }
798 }
799 }
800
801 return totalSize;
802 }
803
clean_directory_locked()804 void WorkDirectory::clean_directory_locked() {
805 DIR* dir;
806 struct dirent* entry;
807 struct stat st;
808
809 // Map of filename without extension to the entries about it. Conveniently,
810 // this also keeps the list sorted by filename, which is a timestamp.
811 map<string,WorkDirectoryEntry> files;
812 off_t totalSize = get_directory_contents_locked(&files, 0);
813 if (totalSize < 0) {
814 return;
815 }
816 int totalCount = files.size();
817
818 // Count or size is less than max, then we're done.
819 if (totalSize < mMaxDiskUsageBytes && totalCount < mMaxFileCount) {
820 return;
821 }
822
823 // Remove files until we're under our limits.
824 if (DO_UNLINK) {
825 for (map<string, WorkDirectoryEntry>::const_iterator it = files.begin();
826 it != files.end() && (totalSize >= mMaxDiskUsageBytes
827 || totalCount >= mMaxFileCount);
828 it++) {
829 unlink(it->second.envelope.c_str());
830 unlink(it->second.data.c_str());
831 totalSize -= it->second.size;
832 totalCount--;
833 }
834 }
835 }
836
delete_files_for_report_if_necessary(const sp<ReportFile> & report)837 void WorkDirectory::delete_files_for_report_if_necessary(const sp<ReportFile>& report) {
838 if (report->getEnvelope().report_size() == 0) {
839 ALOGI("Report %s is finished. Deleting from storage.", report->getId().c_str());
840 if (DO_UNLINK) {
841 unlink(report->getDataFileName().c_str());
842 unlink(report->getEnvelopeFileName().c_str());
843 }
844 }
845 }
846
847 // ================================================================================
get_args_from_report(IncidentReportArgs * out,const ReportFileProto_Report & report)848 void get_args_from_report(IncidentReportArgs* out, const ReportFileProto_Report& report) {
849 out->setPrivacyPolicy(report.privacy_policy());
850 out->setAll(report.all_sections());
851 out->setReceiverPkg(report.pkg());
852 out->setReceiverCls(report.cls());
853 out->setGzip(report.gzip());
854
855 const int sectionCount = report.section_size();
856 for (int i = 0; i < sectionCount; i++) {
857 out->addSection(report.section(i));
858 }
859
860 const int headerCount = report.header_size();
861 for (int i = 0; i < headerCount; i++) {
862 const string& header = report.header(i);
863 vector<uint8_t> vec(header.begin(), header.end());
864 out->addHeader(vec);
865 }
866 }
867
868
869 } // namespace incidentd
870 } // namespace os
871 } // namespace android
872
873