1 /*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #define DEBUG false
17 #include "Log.h"
18
19 #include "PrivacyBuffer.h"
20 #include "incidentd_util.h"
21
22 #include <android-base/file.h>
23 #include <android/util/protobuf.h>
24 #include <cutils/log.h>
25
26 namespace android {
27 namespace os {
28 namespace incidentd {
29
30 /**
31 * Write the field to buf based on the wire type, iterator will point to next field.
32 * If skip is set to true, no data will be written to buf. Return number of bytes written.
33 */
writeFieldOrSkip(uint32_t fieldTag,bool skip)34 void PrivacyBuffer::writeFieldOrSkip(uint32_t fieldTag, bool skip) {
35 uint8_t wireType = read_wire_type(fieldTag);
36 size_t bytesToWrite = 0;
37 uint64_t varint = 0;
38
39 switch (wireType) {
40 case WIRE_TYPE_VARINT:
41 varint = mData.readRawVarint();
42 if (!skip) {
43 mProto.writeRawVarint(fieldTag);
44 mProto.writeRawVarint(varint);
45 }
46 return;
47 case WIRE_TYPE_FIXED64:
48 if (!skip) mProto.writeRawVarint(fieldTag);
49 bytesToWrite = 8;
50 break;
51 case WIRE_TYPE_LENGTH_DELIMITED:
52 bytesToWrite = mData.readRawVarint();
53 if (!skip) mProto.writeLengthDelimitedHeader(read_field_id(fieldTag), bytesToWrite);
54 break;
55 case WIRE_TYPE_FIXED32:
56 if (!skip) mProto.writeRawVarint(fieldTag);
57 bytesToWrite = 4;
58 break;
59 }
60 if (skip) {
61 mData.rp()->move(bytesToWrite);
62 } else {
63 for (size_t i = 0; i < bytesToWrite; i++) {
64 mProto.writeRawByte(mData.next());
65 }
66 }
67 }
68
69 /**
70 * Strip next field based on its private policy and request spec, then stores data in buf.
71 * Return NO_ERROR if succeeds, otherwise BAD_VALUE is returned to indicate bad data in FdBuffer.
72 *
73 * The iterator must point to the head of a protobuf formatted field for successful operation.
74 * After exit with NO_ERROR, iterator points to the next protobuf field's head.
75 */
stripField(const Privacy * parentPolicy,const PrivacySpec & spec,int depth)76 status_t PrivacyBuffer::stripField(const Privacy* parentPolicy, const PrivacySpec& spec,
77 int depth /* use as a counter for this recusive method. */) {
78 if (!mData.hasNext() || parentPolicy == NULL) return BAD_VALUE;
79 uint32_t fieldTag = mData.readRawVarint();
80 uint32_t fieldId = read_field_id(fieldTag);
81 const Privacy* policy = lookup(parentPolicy, fieldId);
82
83 VLOG("[Depth %2d]Try to strip id %d, wiretype %d", depth, fieldId, read_wire_type(fieldTag));
84 if (policy == NULL || policy->children == NULL) {
85 bool skip = !spec.CheckPremission(policy, parentPolicy->dest);
86 // iterator will point to head of next field
87 size_t currentAt = mData.rp()->pos();
88 writeFieldOrSkip(fieldTag, skip);
89 VLOG("[Depth %2d]Field %d %ss %d bytes", depth, fieldId, skip ? "skip" : "write",
90 (int)(get_varint_size(fieldTag) + mData.rp()->pos() - currentAt));
91 return NO_ERROR;
92 }
93 // current field is message type and its sub-fields have extra privacy policies
94 uint32_t msgSize = mData.readRawVarint();
95 size_t start = mData.rp()->pos();
96 uint64_t token = mProto.start(encode_field_id(policy));
97 while (mData.rp()->pos() - start != msgSize) {
98 status_t err = stripField(policy, spec, depth + 1);
99 if (err != NO_ERROR) return err;
100 }
101 mProto.end(token);
102 return NO_ERROR;
103 }
104
105 // ================================================================================
PrivacyBuffer(const Privacy * policy,EncodedBuffer::iterator data)106 PrivacyBuffer::PrivacyBuffer(const Privacy* policy, EncodedBuffer::iterator data)
107 : mPolicy(policy), mData(data), mProto(), mSize(0) {}
108
~PrivacyBuffer()109 PrivacyBuffer::~PrivacyBuffer() {}
110
strip(const PrivacySpec & spec)111 status_t PrivacyBuffer::strip(const PrivacySpec& spec) {
112 VLOG("Strip with spec %d", spec.dest);
113 // optimization when no strip happens
114 if (mPolicy == NULL || mPolicy->children == NULL || spec.RequireAll()) {
115 if (spec.CheckPremission(mPolicy)) mSize = mData.size();
116 return NO_ERROR;
117 }
118 while (mData.hasNext()) {
119 status_t err = stripField(mPolicy, spec, 0);
120 if (err != NO_ERROR) return err;
121 }
122 if (mData.bytesRead() != mData.size()) return BAD_VALUE;
123 mSize = mProto.size();
124 mData.rp()->rewind(); // rewind the read pointer back to beginning after the strip.
125 return NO_ERROR;
126 }
127
clear()128 void PrivacyBuffer::clear() {
129 mSize = 0;
130 mProto.clear();
131 }
132
size() const133 size_t PrivacyBuffer::size() const { return mSize; }
134
flush(int fd)135 status_t PrivacyBuffer::flush(int fd) {
136 status_t err = NO_ERROR;
137 EncodedBuffer::iterator iter = size() == mData.size() ? mData : mProto.data();
138 while (iter.readBuffer() != NULL) {
139 err = WriteFully(fd, iter.readBuffer(), iter.currentToRead()) ? NO_ERROR : -errno;
140 iter.rp()->move(iter.currentToRead());
141 if (err != NO_ERROR) return err;
142 }
143 return NO_ERROR;
144 }
145
146 } // namespace incidentd
147 } // namespace os
148 } // namespace android
149