1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#pragma once
#ifndef PRIVACY_BUFFER_H
#define PRIVACY_BUFFER_H
#include "Privacy.h"
#include "FdBuffer.h"
#include <android/os/IncidentReportArgs.h>
#include <android/util/ProtoOutputStream.h>
#include <stdint.h>
#include <utils/Errors.h>
namespace android {
namespace os {
namespace incidentd {
using namespace android::util;
/**
* Class to wrap a file descriptor, so callers of PrivacyFilter
* can associate additional data with each fd for their own
* purposes.
*/
class FilterFd : public RefBase {
public:
FilterFd(uint8_t privacyPolicy, int fd);
virtual ~FilterFd();
uint8_t getPrivacyPolicy() const { return mPrivacyPolicy; }
int getFd() { return mFd;}
virtual void onWriteError(status_t err) = 0;
private:
uint8_t mPrivacyPolicy;
int mFd;
};
/**
* PrivacyFilter holds the original protobuf data and strips PII-sensitive fields
* for several requests, streaming them to a set of corresponding file descriptors.
*/
class PrivacyFilter {
public:
/**
* Constructor, with the field --> privacy restrictions mapping.
*/
PrivacyFilter(int sectionId, const Privacy* restrictions);
~PrivacyFilter();
/**
* Add a target file descriptor, and the privacy policy to which
* it should be filtered.
*/
void addFd(const sp<FilterFd>& output);
/**
* Write the data, filtered according to the privacy specs, to each of the
* file descriptors. Any non-NO_ERROR return codes are fatal to the whole
* report. Individual write errors to streams are reported via the callbacks
* on the FilterFds.
*
* If maxSize is not NULL, it will be set to the maximum size buffer that
* was written (i.e. after filtering).
*
* The buffer is assumed to have already been filtered to bufferLevel.
*/
status_t writeData(const FdBuffer& buffer, uint8_t bufferLevel, size_t* maxSize);
private:
int mSectionId;
const Privacy* mRestrictions;
vector<sp<FilterFd>> mOutputs;
};
status_t filter_and_write_report(int to, int from, uint8_t bufferLevel,
const IncidentReportArgs& args);
} // namespace incidentd
} // namespace os
} // namespace android
#endif // PRIVACY_BUFFER_H
|
