1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #pragma once
17 
18 #ifndef PRIVACY_H
19 #define PRIVACY_H
20 
21 #include <stdint.h>
22 
23 namespace android {
24 namespace os {
25 namespace incidentd {
26 
27 // This is the default value of DEST enum, sync with privacy.proto
28 const uint8_t DEST_UNSET = 255;  // DEST_UNSET is not exposed to libincident
29 const uint8_t DEST_DEFAULT_VALUE = DEST_UNSET;
30 
31 /*
32  * In order to NOT auto-generate large chuck of code by proto compiler in incidentd,
33  * privacy options's data structure are explicitly redefined here and
34  * the values are populated by incident_section_gen tool.
35  *
36  * Each proto field will have a Privacy when it is different from its parent, otherwise
37  * it uses its parent's tag. A message type will have an array of Privacy.
38  */
39 struct Privacy {
40     // The field number
41     uint32_t field_id;
42 
43     // The field type, see external/protobuf/src/google/protobuf/descriptor.h
44     uint8_t type;
45 
46     // If children is null, it is a primitive field,
47     // otherwise it is a message field which could have overridden privacy tags here.
48     // This array is NULL-terminated.
49     Privacy** children;
50 
51     // DESTINATION Enum in frameworks/base/libs/incident/proto/android/privacy.proto.
52     uint8_t dest;
53     // A list of regexp rules for stripping string fields in proto.
54     const char** patterns;
55 };
56 
57 // Encode field id used by ProtoOutputStream.
58 uint64_t encode_field_id(const Privacy* p);
59 
60 // Look up the child with given fieldId, if not found, return NULL.
61 const Privacy* lookup(const Privacy* p, uint32_t fieldId);
62 
63 /**
64  * PrivacySpec defines the request has what level of privacy authorization.
65  * For example, a device without user consent should only be able to upload AUTOMATIC fields.
66  * DEST_UNSET are treated as DEST_EXPLICIT.
67  */
68 class PrivacySpec {
69 public:
70     const uint8_t dest;
71 
PrivacySpec()72     PrivacySpec() : dest(DEST_DEFAULT_VALUE) {}
73     bool operator<(const PrivacySpec& other) const;
74 
75     // check permission of a policy, if returns true, don't strip the data.
76     bool CheckPremission(const Privacy* privacy,
77                          const uint8_t defaultDest = DEST_DEFAULT_VALUE) const;
78 
79     // if returns true, no data need to be stripped.
80     bool RequireAll() const;
81 
82     // Constructs spec using static methods below.
83     static PrivacySpec new_spec(int dest);
84 
85 private:
PrivacySpec(uint8_t dest)86     PrivacySpec(uint8_t dest) : dest(dest) {}
87 };
88 
89 }  // namespace incidentd
90 }  // namespace os
91 }  // namespace android
92 
93 #endif  // PRIVACY_H
94