Implement PII Stripper, part 2
Implement EncodedBuffer that strip pii based on given privacy request.
The reason to implement another buffer is the length-delimited field's
size could change when its submessage gets stripped. It also intends to
keep the orignal data around for other requests to consume it.
In addition, the section implementation has adapted EncodedBuffer so
write out to each request's fd could be request-specific. The next step
is allow requests to set its privacy spec.
Notice the current design set the privacy spec of dropbox to AUTOMATIC,
this behavior might change in the future.
Bug: 64687253
Test: unit tests are writtern, see README.md for how to run unit tests.
Change-Id: I7ac236b8265ba9289dc6e17a8a5bf7f67ffb6bf5
diff --git a/cmds/incidentd/src/Privacy.cpp b/cmds/incidentd/src/Privacy.cpp
new file mode 100644
index 0000000..a790efa
--- /dev/null
+++ b/cmds/incidentd/src/Privacy.cpp
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "Privacy.h"
+
+// DESTINATION enum value
+const uint8_t DEST_LOCAL = 0;
+const uint8_t DEST_EXPLICIT = 1;
+const uint8_t DEST_AUTOMATIC = 2;
+
+// type of the field, identitical to protobuf definition
+const uint8_t TYPE_STRING = 9;
+const uint8_t TYPE_MESSAGE = 11;
+
+Privacy::Privacy(uint32_t field_id, uint8_t type, uint8_t dest)
+ : field_id(field_id),
+ type(type),
+ children(NULL),
+ dest(dest),
+ patterns(NULL)
+{
+}
+
+Privacy::Privacy(uint32_t field_id, const Privacy** children)
+ : field_id(field_id),
+ type(TYPE_MESSAGE),
+ children(children),
+ dest(DEST_DEFAULT_VALUE), // this will be ignored
+ patterns(NULL)
+{
+}
+
+Privacy::Privacy(uint32_t field_id, uint8_t dest, const char** patterns)
+ : field_id(field_id),
+ type(TYPE_STRING),
+ children(NULL),
+ dest(dest),
+ patterns(patterns)
+{
+}
+
+bool
+Privacy::IsMessageType() const { return type == TYPE_MESSAGE; }
+
+bool
+Privacy::IsStringType() const { return type == TYPE_STRING; }
+
+bool
+Privacy::HasChildren() const { return children != NULL && children[0] != NULL; }
+
+const Privacy*
+Privacy::lookup(uint32_t fieldId) const
+{
+ if (children == NULL) return NULL;
+ for (int i=0; children[i] != NULL; i++) {
+ if (children[i]->field_id == fieldId) return children[i];
+ // This assumes the list's field id is in ascending order and must be true.
+ if (children[i]->field_id > fieldId) return NULL;
+ }
+ return NULL;
+}
+
+static bool allowDest(const uint8_t dest, const uint8_t policy)
+{
+ switch (policy) {
+ case DEST_LOCAL:
+ return dest == DEST_LOCAL;
+ case DEST_EXPLICIT:
+ return dest == DEST_LOCAL || dest == DEST_EXPLICIT;
+ case DEST_AUTOMATIC:
+ return true;
+ default:
+ return false;
+ }
+}
+
+bool
+PrivacySpec::CheckPremission(const Privacy* privacy) const
+{
+ uint8_t policy = privacy == NULL ? DEST_DEFAULT_VALUE : privacy->dest;
+ return allowDest(dest, policy);
+}
+
+bool
+PrivacySpec::RequireAll() const { return dest == DEST_LOCAL; }
+
+PrivacySpec get_default_dropbox_spec() { return PrivacySpec(DEST_AUTOMATIC); }
\ No newline at end of file